search

engnadeau / pybotics

The Python Toolbox for Robotics
https://pybotics.readthedocs.io/
MIT License
338 stars 61 forks source link

chore(deps): update dependency pillow to v10.2.0 [security] - autoclosed #924

Closed renovate[bot] closed 9 months ago

renovate[bot] commented 9 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Pillow (changelog) 10.0.1 -> 10.2.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

Release Notes

python-pillow/Pillow (Pillow) ### [`v10.2.0`](https://togithub.com/python-pillow/Pillow/blob/HEAD/CHANGES.rst#1020-2024-01-02) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/10.1.0...10.2.0) - Add `keep_rgb` option when saving JPEG to prevent conversion of RGB colorspace [#​7553](https://togithub.com/python-pillow/Pillow/issues/7553) \[bgilbert, radarhere] - Trim glyph size in ImageFont.getmask() [#​7669](https://togithub.com/python-pillow/Pillow/issues/7669), [#​7672](https://togithub.com/python-pillow/Pillow/issues/7672) \[radarhere, nulano] - Deprecate IptcImagePlugin helpers [#​7664](https://togithub.com/python-pillow/Pillow/issues/7664) \[nulano, hugovk, radarhere] - Allow uncompressed TIFF images to be saved in chunks [#​7650](https://togithub.com/python-pillow/Pillow/issues/7650) \[radarhere] - Concatenate multiple JPEG EXIF markers [#​7496](https://togithub.com/python-pillow/Pillow/issues/7496) \[radarhere] - Changed IPTC tile tuple to match other plugins [#​7661](https://togithub.com/python-pillow/Pillow/issues/7661) \[radarhere] - Do not assign new fp attribute when exiting context manager [#​7566](https://togithub.com/python-pillow/Pillow/issues/7566) \[radarhere] - Support arbitrary masks for uncompressed RGB DDS images [#​7589](https://togithub.com/python-pillow/Pillow/issues/7589) \[radarhere, akx] - Support setting ROWSPERSTRIP tag [#​7654](https://togithub.com/python-pillow/Pillow/issues/7654) \[radarhere] - Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask() [#​7662](https://togithub.com/python-pillow/Pillow/issues/7662) \[radarhere] - Optimise `ImageColor` using `functools.lru_cache` [#​7657](https://togithub.com/python-pillow/Pillow/issues/7657) \[hugovk] - Restricted environment keys for ImageMath.eval() [#​7655](https://togithub.com/python-pillow/Pillow/issues/7655) \[wiredfool, radarhere] - Optimise `ImageMode.getmode` using `functools.lru_cache` [#​7641](https://togithub.com/python-pillow/Pillow/issues/7641) \[hugovk, radarhere] - Fix incorrect color blending for overlapping glyphs [#​7497](https://togithub.com/python-pillow/Pillow/issues/7497) \[ZachNagengast, nulano, radarhere] - Attempt memory mapping when tile args is a string [#​7565](https://togithub.com/python-pillow/Pillow/issues/7565) \[radarhere] - Fill identical pixels with transparency in subsequent frames when saving GIF [#​7568](https://togithub.com/python-pillow/Pillow/issues/7568) \[radarhere] - Corrected duration when combining multiple GIF frames into single frame [#​7521](https://togithub.com/python-pillow/Pillow/issues/7521) \[radarhere] - Handle disposing GIF background from outside palette [#​7515](https://togithub.com/python-pillow/Pillow/issues/7515) \[radarhere] - Seek past the data when skipping a PSD layer [#​7483](https://togithub.com/python-pillow/Pillow/issues/7483) \[radarhere] - Import plugins relative to the module [#​7576](https://togithub.com/python-pillow/Pillow/issues/7576) \[deliangyang, jaxx0n] - Translate encoder error codes to strings; deprecate `ImageFile.raise_oserror()` [#​7609](https://togithub.com/python-pillow/Pillow/issues/7609) \[bgilbert, radarhere] - Support reading BC4U and DX10 BC1 images [#​6486](https://togithub.com/python-pillow/Pillow/issues/6486) \[REDxEYE, radarhere, hugovk] - Optimize ImageStat.Stat.extrema [#​7593](https://togithub.com/python-pillow/Pillow/issues/7593) \[florath, radarhere] - Handle pathlib.Path in FreeTypeFont [#​7578](https://togithub.com/python-pillow/Pillow/issues/7578) \[radarhere, hugovk, nulano] - Added support for reading DX10 BC4 DDS images [#​7603](https://togithub.com/python-pillow/Pillow/issues/7603) \[sambvfx, radarhere] - Optimized ImageStat.Stat.count [#​7599](https://togithub.com/python-pillow/Pillow/issues/7599) \[florath] - Correct PDF palette size when saving [#​7555](https://togithub.com/python-pillow/Pillow/issues/7555) \[radarhere] - Fixed closing file pointer with olefile 0.47 [#​7594](https://togithub.com/python-pillow/Pillow/issues/7594) \[radarhere] - Raise ValueError when TrueType font size is not greater than zero [#​7584](https://togithub.com/python-pillow/Pillow/issues/7584), [#​7587](https://togithub.com/python-pillow/Pillow/issues/7587) \[akx, radarhere] - If absent, do not try to close fp when closing image [#​7557](https://togithub.com/python-pillow/Pillow/issues/7557) \[RaphaelVRossi, radarhere] - Allow configuring JPEG restart marker interval on save [#​7488](https://togithub.com/python-pillow/Pillow/issues/7488) \[bgilbert, radarhere] - Decrement reference count for PyObject [#​7549](https://togithub.com/python-pillow/Pillow/issues/7549) \[radarhere] - Implement `streamtype=1` option for tables-only JPEG encoding [#​7491](https://togithub.com/python-pillow/Pillow/issues/7491) \[bgilbert, radarhere] - If save_all PNG only has one frame, do not create animated image [#​7522](https://togithub.com/python-pillow/Pillow/issues/7522) \[radarhere] - Fixed frombytes() for images with a zero dimension [#​7493](https://togithub.com/python-pillow/Pillow/issues/7493) \[radarhere] ### [`v10.1.0`](https://togithub.com/python-pillow/Pillow/blob/HEAD/CHANGES.rst#1010-2023-10-15) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/10.0.1...10.1.0) - Added TrueType default font to allow for different sizes [#​7354](https://togithub.com/python-pillow/Pillow/issues/7354) \[radarhere] - Fixed invalid argument warning [#​7442](https://togithub.com/python-pillow/Pillow/issues/7442) \[radarhere] - Added ImageOps cover method [#​7412](https://togithub.com/python-pillow/Pillow/issues/7412) \[radarhere, hugovk] - Catch struct.error from truncated EXIF when reading JPEG DPI [#​7458](https://togithub.com/python-pillow/Pillow/issues/7458) \[radarhere] - Consider default image when selecting mode for PNG save_all [#​7437](https://togithub.com/python-pillow/Pillow/issues/7437) \[radarhere] - Support BGR;15, BGR;16 and BGR;24 access, unpacking and putdata [#​7303](https://togithub.com/python-pillow/Pillow/issues/7303) \[radarhere] - Added CMYK to RGB unpacker [#​7310](https://togithub.com/python-pillow/Pillow/issues/7310) \[radarhere] - Improved flexibility of XMP parsing [#​7274](https://togithub.com/python-pillow/Pillow/issues/7274) \[radarhere] - Support reading 8-bit YCbCr TIFF images [#​7415](https://togithub.com/python-pillow/Pillow/issues/7415) \[radarhere] - Allow saving I;16B images as PNG [#​7302](https://togithub.com/python-pillow/Pillow/issues/7302) \[radarhere] - Corrected drawing I;16 points and writing I;16 text [#​7257](https://togithub.com/python-pillow/Pillow/issues/7257) \[radarhere] - Set blue channel to 128 for BC5S [#​7413](https://togithub.com/python-pillow/Pillow/issues/7413) \[radarhere] - Increase flexibility when reading IPTC fields [#​7319](https://togithub.com/python-pillow/Pillow/issues/7319) \[radarhere] - Set C palette to be empty by default [#​7289](https://togithub.com/python-pillow/Pillow/issues/7289) \[radarhere] - Added gs_binary to control Ghostscript use on all platforms [#​7392](https://togithub.com/python-pillow/Pillow/issues/7392) \[radarhere] - Read bounding box information from the trailer of EPS files if specified [#​7382](https://togithub.com/python-pillow/Pillow/issues/7382) \[nopperl, radarhere] - Added reading 8-bit color DDS images [#​7426](https://togithub.com/python-pillow/Pillow/issues/7426) \[radarhere] - Added has_transparency_data [#​7420](https://togithub.com/python-pillow/Pillow/issues/7420) \[radarhere, hugovk] - Fixed bug when reading BC5S DDS images [#​7401](https://togithub.com/python-pillow/Pillow/issues/7401) \[radarhere] - Prevent TIFF orientation from being applied more than once [#​7383](https://togithub.com/python-pillow/Pillow/issues/7383) \[radarhere] - Use previous pixel alpha for QOI_OP_RGB [#​7357](https://togithub.com/python-pillow/Pillow/issues/7357) \[radarhere] - Added BC5U reading [#​7358](https://togithub.com/python-pillow/Pillow/issues/7358) \[radarhere] - Allow getpixel() to accept a list [#​7355](https://togithub.com/python-pillow/Pillow/issues/7355) \[radarhere, homm] - Allow GaussianBlur and BoxBlur to accept a sequence of x and y radii [#​7336](https://togithub.com/python-pillow/Pillow/issues/7336) \[radarhere] - Expand JPEG buffer size when saving optimized or progressive [#​7345](https://togithub.com/python-pillow/Pillow/issues/7345) \[radarhere] - Added session type check for Linux in ImageGrab.grabclipboard() [#​7332](https://togithub.com/python-pillow/Pillow/issues/7332) \[TheNooB2706, radarhere, hugovk] - Allow "loop=None" when saving GIF images [#​7329](https://togithub.com/python-pillow/Pillow/issues/7329) \[radarhere] - Fixed transparency when saving P mode images to PDF [#​7323](https://togithub.com/python-pillow/Pillow/issues/7323) \[radarhere] - Added saving LA images as PDFs [#​7299](https://togithub.com/python-pillow/Pillow/issues/7299) \[radarhere] - Set SMaskInData to 1 for PDFs with alpha [#​7316](https://togithub.com/python-pillow/Pillow/issues/7316), [#​7317](https://togithub.com/python-pillow/Pillow/issues/7317) \[radarhere] - Changed Image mode property to be read-only by default [#​7307](https://togithub.com/python-pillow/Pillow/issues/7307) \[radarhere] - Silence exceptions in *repr_jpeg* and *repr_png* [#​7266](https://togithub.com/python-pillow/Pillow/issues/7266) \[mtreinish, radarhere] - Do not use transparency when saving GIF if it has been removed when normalizing mode [#​7284](https://togithub.com/python-pillow/Pillow/issues/7284) \[radarhere] - Fix missing symbols when libtiff depends on libjpeg [#​7270](https://togithub.com/python-pillow/Pillow/issues/7270) \[heitbaum]

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.