Bump cairosvg from 0.5 to 2.5.1 in /chrome/common/extensions/docs/server2/test_data/github_file_system/test_owner/repo/unzipped_repo

[dependabot[bot]]

Bumps cairosvg from 0.5 to 2.5.1.

Release notes

Sourced from cairosvg's releases.

2.5.1

WARNING: this is a security update.

When processing SVG files, CairoSVG was using two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS).

If an attacker provided a malicious SVG, it could make CairoSVG get stuck processing the file for a very long time.

Other bug fixes:

• Fix marker positions for unclosed paths
• Follow hint when only output_width or output_height is set
• Handle opacity on raster images
• Don’t crash when use tags reference unknown tags
• Take care of the next letter when A/a is replaced by l
• Fix misalignment in node.vertices

2.5.0

• Drop support of Python 3.5, add support of Python 3.9.
• Add EPS export
• Add background-color, negate-colors, and invert-images options
• Improve support for font weights
• Fix opacity of patterns and gradients
• Support auto-start-reverse value for orient
• Draw images contained in defs
• Add Exif transposition support
• Handle dominant-baseline
• Support transform-origin

2.4.2

• Fix race condition in tests
• Fix scale for images with no viewBox

2.4.1

• Fix the --scale parameter
• Allow href attributes with no namespace
• Fix the tree root detection

2.4.0

• Fix aspect and position when resizing root SVG tag
• Follow aspect and position hints when using forced output size

2.3.1

• Fix relative paths on Windows

2.3.0

• Drop Python 3.4 support
• Make text selectable on generated PDF files
• Don't inherit dx and dy attributes
• Fix support of alignment-baseline="hanging"
• Fix backslashes in docstrings and comments

... (truncated)

Changelog

Sourced from cairosvg's changelog.

Version 2.5.1 released on 2021-01-06

WARNING: this is a security update.

When processing SVG files, CairoSVG was using two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS).

If an attacker provided a malicious SVG, it could make CairoSVG get stuck processing the file for a very long time.

Other bug fixes:

• Fix marker positions for unclosed paths
• Follow hint when only output_width or output_height is set
• Handle opacity on raster images
• Don’t crash when use tags reference unknown tags
• Take care of the next letter when A/a is replaced by l
• Fix misalignment in node.vertices

Version 2.5.0 released on 2020-10-29

• Drop support of Python 3.5, add support of Python 3.9.
• Add EPS export
• Add background-color, negate-colors, and invert-images options
• Improve support for font weights
• Fix opacity of patterns and gradients
• Support auto-start-reverse value for orient
• Draw images contained in defs
• Add Exif transposition support
• Handle dominant-baseline
• Support transform-origin

Version 2.4.2 released on 2019-09-10

• Fix race condition in tests
• Fix scale for images with no viewBox

Version 2.4.1 released on 2019-08-21

• Fix the --scale parameter
• Allow href attributes with no namespace
• Fix the tree root detection

... (truncated)

Commits

• 44c5d42 Version 2.5.1
• cfc9175 Merge pull request from GHSA-hq37-853p-g5cf
• 063185b Don’t use overlapping groups for regular expressions
• 9c4a982 Take care of the next letter when A/a is replaced by l
• f0edc6e Don’t crash when use tags reference unknown tags
• 73349a7 Handle opacity on raster images
• dcfbca4 Merge pull request #254 from yig/master
• 1d61bfd Merge branch 'master' into master
• 83c0b83 Follow hint when only output_width or output_height is set
• 6b4f2ba Fix angle for absolute vertical lines
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Samsung/Castanets/network/alerts).