faustomorales
commented
3 years ago @dependabot merge
On Fri, Nov 13, 2020 at 11:05 PM dependabot[bot] notifications@github.com wrote:
This automated pull request fixes a security vulnerability https://github.com/faustomorales/keras-ocr/network/alert/Pipfile/Pillow/open (moderate severity).
Learn more about Dependabot security updates https://docs.github.com/github/managing-security-vulnerabilities/configuring-dependabot-security-updates.
Bumps pillow https://github.com/python-pillow/Pillow from 6.2.2 to 7.1.0. Release notes
Sourced from pillow's releases https://github.com/python-pillow/Pillow/releases.
7.1.0
https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html 7.0.0
https://pillow.readthedocs.io/en/stable/releasenotes/7.0.0.html
Changelog
Sourced from pillow's changelog https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst.
7.1.0 (2020-04-01)
-
Fix multiple OOB reads in FLI decoding #4503 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4503 [wiredfool]
Fix buffer overflow in SGI-RLE decoding #4504 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4504 [wiredfool, hugovk]
Fix bounds overflow in JPEG 2000 decoding #4505 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4505 [wiredfool]
Fix bounds overflow in PCX decoding #4506 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4506 [wiredfool]
Fix 2 buffer overflows in TIFF decoding #4507 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4507 [wiredfool]
Add APNG support #4243 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4243 [pmrowla, radarhere, hugovk]
ImageGrab.grab() for Linux with XCB #4260 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4260 [nulano, radarhere]
Added three new channel operations #4230 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4230 [dwastberg, radarhere]
Prevent masking of Image reduce method in Jpeg2KImagePlugin #4474 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4474 [radarhere, homm]
Added reading of earlier ImageMagick PNG EXIF data #4471 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4471 [radarhere]
Fixed endian handling for I;16 getextrema #4457 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4457 [radarhere]
Release buffer if function returns prematurely #4381 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4381 [radarhere]
Add JPEG comment to info dictionary #4455 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4455 [radarhere]
Fix size calculation of Image.thumbnail() #4404 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4404 [orlnub123]
Fixed stroke on FreeType < 2.9 #4401 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4401 [radarhere]
If present, only use alpha channel for bounding box #4454 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4454 [radarhere]
... (truncated) Commits
- f0fe60a https://github.com/python-pillow/Pillow/commit/f0fe60ae9f930faeda2f0c22f602bed1f8a0f1c7 7.1.0 version bump
- 46f4a34 https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb Merge pull request #4507 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4507 from hugovk/fix_tiff
- ff60894 https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4 Merge pull request #4505 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4505 from hugovk/jpeg2k_overflow
- 2ef59fd https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d Merge pull request #4504 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4504 from hugovk/sgi_fixes
- 0da1eca https://github.com/python-pillow/Pillow/commit/0da1eca7cfcea4ea67692ecec8dfd16837242da2 Merge pull request #4503 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4503 from hugovk/fix_fli_6.2.x
- f260acc https://github.com/python-pillow/Pillow/commit/f260acc30a2c14800db4feacad80924488ec88bf Merge pull request #4506 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4506 from hugovk/fix_pcx
- 9650ac4 https://github.com/python-pillow/Pillow/commit/9650ac4e6761b67e012d59b8b30d07f0d2794f1f Merge pull request #4502 https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4502 from hugovk/3907-release-notes
- 2092801 https://github.com/python-pillow/Pillow/commit/2092801e71f008fa3d50cec7afc3ab50a11a14dc Format with Black
- c00fdc7 https://github.com/python-pillow/Pillow/commit/c00fdc7e30675e5d4d85b8acd206a827da62a0fd Fix typos
- 6e7c0ce https://github.com/python-pillow/Pillow/commit/6e7c0ced684842eb560043790c45dfab560eddf2 Tests for tiff crashes
- Additional commits viewable in compare view https://github.com/python-pillow/Pillow/compare/6.2.2...7.1.0
[image: Dependabot compatibility score] https://docs.github.com/en/github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
- @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
- @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
- @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page https://github.com/faustomorales/keras-ocr/network/alerts.
You can view, comment on, or merge this pull request online at:
https://github.com/faustomorales/keras-ocr/pull/135 Commit Summary
- Bump pillow from 6.2.2 to 7.1.0
File Changes
Patch Links:
- https://github.com/faustomorales/keras-ocr/pull/135.patch
- https://github.com/faustomorales/keras-ocr/pull/135.diff
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/faustomorales/keras-ocr/pull/135, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACKIZ2MIUQHPHX6ZYY3I4JDSPYFZ5ANCNFSM4TVKOMWQ .
Bumps pillow from 6.2.2 to 7.1.0.
Release notes
Sourced from pillow's releases.
Changelog
Sourced from pillow's changelog.
... (truncated)
Commits
f0fe60a7.1.0 version bump46f4a34Merge pull request #4507 from hugovk/fix_tiffff60894Merge pull request #4505 from hugovk/jpeg2k_overflow2ef59fdMerge pull request #4504 from hugovk/sgi_fixes0da1ecaMerge pull request #4503 from hugovk/fix_fli_6.2.xf260accMerge pull request #4506 from hugovk/fix_pcx9650ac4Merge pull request #4502 from hugovk/3907-release-notes2092801Format with Blackc00fdc7Fix typos6e7c0ceTests for tiff crashesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/faustomorales/keras-ocr/network/alerts).