Closed dependabot[bot] closed 3 years ago
What os this? Is tgc designer being updated? Does it work instantly on 2k21 now or is this something else something new?
tor. 18. mar. 2021, 23:10 skrev dependabot[bot] @.***>:
Bumps pillow https://github.com/python-pillow/Pillow from 6.2.0 to 8.1.1. Release notes
Sourced from pillow's releases https://github.com/python-pillow/Pillow/releases.
8.1.1
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html 8.1.0
https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html Changes
- Fix TIFF OOB Write error #5175 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5175 [@radarhere https://github.com/radarhere]
- Fix for Buffer Read Overrun in PCX Decoding #5174 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5174 [@radarhere https://github.com/radarhere]
- Fix for SGI Decode buffer overrun #5173 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5173 [@radarhere https://github.com/radarhere]
- Fix OOB Read when saving GIF of xsize=1 #5149 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5149 [@wiredfool https://github.com/wiredfool]
- Add support for PySide6 #5161 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5161 [@hugovk https://github.com/hugovk]
- Moved QApplication into one test #5167 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5167 [@radarhere https://github.com/radarhere]
- Use disposal settings from previous frame in APNG #5126 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5126 [@radarhere https://github.com/radarhere]
- Revert "skip wheels on 3.10-dev due to wheel#354" #5163 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5163 [@radarhere https://github.com/radarhere]
- Better _binary module use #5156 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5156 [@radarhere https://github.com/radarhere]
- Added exception explaining that repr_png saves to PNG #5139 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5139 [@radarhere https://github.com/radarhere]
- Use previous disposal method in GIF load_end #5125 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5125 [@radarhere https://github.com/radarhere]
- Do not catch a ValueError only to raise another #5090 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5090 [@radarhere https://github.com/radarhere]
- Allow putpalette to accept 1024 integers to include alpha values
5089
https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5089 [@radarhere https://github.com/radarhere]
- Fix OOB Read when writing TIFF with custom Metadata #5148 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5148 [@wiredfool https://github.com/wiredfool]
- Removed unused variable #5140 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5140 [@radarhere https://github.com/radarhere]
- Fix dereferencing of potential null pointers #5111 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5111 [@cgohlke https://github.com/cgohlke]
- Fixed warnings assigning to "unsigned char " from "char " #5127 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5127 [@radarhere https://github.com/radarhere]
- Add append_images support for ICO #4568 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4568 [@ziplantil https://github.com/ziplantil]
- Fixed comparison warnings #5122 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5122 [@radarhere https://github.com/radarhere]
- Block TIFFTAG_SUBIFD #5120 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5120 [@radarhere https://github.com/radarhere]
- Fix dereferencing potential null pointer #5108 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5108 [@cgohlke https://github.com/cgohlke]
- Replaced PyErr_NoMemory with ImagingError_MemoryError #5113 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5113 [@radarhere https://github.com/radarhere]
- Remove duplicate code #5109 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5109 [@cgohlke https://github.com/cgohlke]
- Moved warning to end of execution #4965 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4965 [@radarhere https://github.com/radarhere]
- Removed unused fromstring and tostring C methods #5026 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5026 [@radarhere https://github.com/radarhere]
- init() if one of the formats is unrecognised #5037 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5037 [@radarhere https://github.com/radarhere]
Dependencies
- Updated libtiff to 4.2.0 #5153 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5153 [@radarhere https://github.com/radarhere]
- Updated openjpeg to 2.4.0 #5151 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5151 [@radarhere https://github.com/radarhere]
- Updated harfbuzz to 2.7.4 #5138 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5138 [@radarhere https://github.com/radarhere]
- Updated harfbuzz to 2.7.3 #5128 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5128 [@radarhere https://github.com/radarhere]
- Updated libraqm to 0.7.1 #5070 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5070 [@radarhere https://github.com/radarhere]
- Updated libimagequant to 2.13.1 #5065 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5065 [@radarhere https://github.com/radarhere]
- Update FriBiDi to 1.0.10 #5064 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5064 [@nulano https://github.com/nulano]
- Updated libraqm to 0.7.1 #5063 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5063 [@radarhere https://github.com/radarhere]
- Updated libjpeg-turbo to 2.0.6 #5044 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5044 [@radarhere https://github.com/radarhere]
Deprecations
... (truncated) Changelog
Sourced from pillow's changelog https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst.
8.1.1 (2021-03-01)
-
Use more specific regex chars to prevent ReDoS. CVE-2021-25292 [hugovk]
Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291 [wiredfool]
Fix negative size read in TiffDecode.c. CVE-2021-25290 [wiredfool]
Fix OOB read in SgiRleDecode.c. CVE-2021-25293 [wiredfool]
Incorrect error code checking in TiffDecode.c. CVE-2021-25289 [wiredfool]
PyModule_AddObject fix for Python 3.10 #5194 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5194 [radarhere]
8.1.0 (2021-01-02)
-
Fix TIFF OOB Write error. CVE-2020-35654 https://github.com/advisories/GHSA-vqcj-wrf2-7v73 #5175 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5175 [wiredfool]
Fix for Read Overflow in PCX Decoding. CVE-2020-35653 https://github.com/advisories/GHSA-f5g8-5qq7-938w #5174 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5174 [wiredfool, radarhere]
Fix for SGI Decode buffer overrun. CVE-2020-35655 https://github.com/advisories/GHSA-hf64-x4gq-p99h #5173 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5173 [wiredfool, radarhere]
Fix OOB Read when saving GIF of xsize=1 #5149 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5149 [wiredfool]
Makefile updates #5159 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5159 [wiredfool, radarhere]
Add support for PySide6 #5161 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5161 [hugovk]
Use disposal settings from previous frame in APNG #5126 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5126 [radarhere]
Added exception explaining that repr_png saves to PNG #5139 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5139 [radarhere]
Use previous disposal method in GIF load_end #5125 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5125 [radarhere]
... (truncated) Commits
- 741d874 https://github.com/python-pillow/Pillow/commit/741d8744a54bedbc49f16922c61a06fcb3681f53 8.1.1 version bump
- 179cd1c https://github.com/python-pillow/Pillow/commit/179cd1c8f94aabc47e9e522e01683ea9aadbd3a5 Added 8.1.1 release notes to index
- 7d29665 https://github.com/python-pillow/Pillow/commit/7d296653da045e18b379c991797f933e054a7476 Update CHANGES.rst [ci skip]
- d25036f https://github.com/python-pillow/Pillow/commit/d25036fca7c8658b698492088361453bb20073e2 Credits
- 973a4c3 https://github.com/python-pillow/Pillow/commit/973a4c333ab6d603e82f6eb2aa6f39d1cfcecccb Release notes for 8.1.1
- 521dab9 https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee Use more specific regex chars to prevent ReDoS
- 8b8076b https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61 Fix for CVE-2021-25291
- e25be1e https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9 Fix negative size read in TiffDecode.c
- f891baa https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5 Fix OOB read in SgiRleDecode.c
- cbfdde7 https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299 Incorrect error code checking in TiffDecode.c
- Additional commits viewable in compare view https://github.com/python-pillow/Pillow/compare/6.2.0...8.1.1
[image: Dependabot compatibility score] https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page https://github.com/chadrockey/TGC-Designer-Tools/network/alerts.
You can view, comment on, or merge this pull request online at:
https://github.com/chadrockey/TGC-Designer-Tools/pull/72 Commit Summary
- Bump pillow from 6.2.0 to 8.1.1
File Changes
- M requirements.txt https://github.com/chadrockey/TGC-Designer-Tools/pull/72/files#diff-4d7c51b1efe9043e44439a949dfd92e5827321b34082903477fd04876edb7552 (2)
Patch Links:
- https://github.com/chadrockey/TGC-Designer-Tools/pull/72.patch
- https://github.com/chadrockey/TGC-Designer-Tools/pull/72.diff
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/chadrockey/TGC-Designer-Tools/pull/72, or unsubscribe https://github.com/notifications/unsubscribe-auth/AP3ZN5K5RG7TR3QZJ3C6N7DTEJ24HANCNFSM4ZNPSJGQ .
Superseded by #77.
Bumps pillow from 6.2.0 to 8.1.1.
Release notes
Sourced from pillow's releases.
... (truncated)
Changelog
Sourced from pillow's changelog.
... (truncated)
Commits
741d874
8.1.1 version bump179cd1c
Added 8.1.1 release notes to index7d29665
Update CHANGES.rst [ci skip]d25036f
Credits973a4c3
Release notes for 8.1.1521dab9
Use more specific regex chars to prevent ReDoS8b8076b
Fix for CVE-2021-25291e25be1e
Fix negative size read in TiffDecode.cf891baa
Fix OOB read in SgiRleDecode.ccbfdde7
Incorrect error code checking in TiffDecode.cDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/chadrockey/TGC-Designer-Tools/network/alerts).