mirror of
https://github.com/Outer-Wilds-New-Horizons/new-horizons.git
synced 2025-12-11 20:15:44 +01:00
e4450e1129
Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.1.1 to 9.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>9.3.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html</a></p> <h2>Changes</h2> <ul> <li>Initialize libtiff buffer when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699">#6699</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Limit SAMPLESPERPIXEL to avoid runtime DOS <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700">#6700</a> [<a href="https://github.com/wiredfool"><code>@wiredfool</code></a>]</li> <li>Inline fname2char to fix memory leak <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329">#6329</a> [<a href="https://github.com/nulano"><code>@nulano</code></a>]</li> <li>Fix memory leaks related to text features <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330">#6330</a> [<a href="https://github.com/nulano"><code>@nulano</code></a>]</li> <li>Use double quotes for version check on old CPython on Windows <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695">#6695</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>GHA: replace deprecated set-output command with GITHUB_OUTPUT file <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6697">#6697</a> [<a href="https://github.com/nulano"><code>@nulano</code></a>]</li> <li>Remove backup implementation of Round for Windows platforms <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693">#6693</a> [<a href="https://github.com/cgohlke"><code>@cgohlke</code></a>]</li> <li>Upload fribidi.dll to GitHub Actions <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6532">#6532</a> [<a href="https://github.com/nulano"><code>@nulano</code></a>]</li> <li>Fixed set_variation_by_name offset <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445">#6445</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Windows build improvements <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6562">#6562</a> [<a href="https://github.com/nulano"><code>@nulano</code></a>]</li> <li>Fix malloc in _imagingft.c:font_setvaraxes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690">#6690</a> [<a href="https://github.com/cgohlke"><code>@cgohlke</code></a>]</li> <li>Only use ASCII characters in C source file <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6691">#6691</a> [<a href="https://github.com/cgohlke"><code>@cgohlke</code></a>]</li> <li>Release Python GIL when converting images using matrix operations <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418">#6418</a> [<a href="https://github.com/hmaarrfk"><code>@hmaarrfk</code></a>]</li> <li>Added ExifTags enums <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630">#6630</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Do not modify previous frame when calculating delta in PNG <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683">#6683</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Added support for reading BMP images with RLE4 compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674">#6674</a> [<a href="https://github.com/npjg"><code>@npjg</code></a>]</li> <li>Decode JPEG compressed BLP1 data in original mode <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678">#6678</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>pylint warnings <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6659">#6659</a> [<a href="https://github.com/marksmayo"><code>@marksmayo</code></a>]</li> <li>Added GPS TIFF tag info <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661">#6661</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Added conversion between RGB/RGBA/RGBX and LAB <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647">#6647</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Do not attempt normalization if mode is already normal <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644">#6644</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Fixed seeking to an L frame in a GIF <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6576">#6576</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Consider all frames when selecting mode for PNG save_all <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6610">#6610</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Don't reassign crc on ChunkStream close <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6627">#6627</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Raise a warning if NumPy failed to raise an error during conversion <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6594">#6594</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Only read a maximum of 100 bytes at a time in IMT header <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6623">#6623</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Show all frames in ImageShow <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6611">#6611</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Allow FLI palette chunk to not be first <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6626">#6626</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6592">#6592</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Round box position to integer when pasting embedded color <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6517">#6517</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Removed EXIF prefix when saving WebP <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6582">#6582</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Pad IM palette to 768 bytes when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6579">#6579</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Added DDS BC6H reading <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6449">#6449</a> [<a href="https://github.com/ShadelessFox"><code>@ShadelessFox</code></a>]</li> <li>Added support for opening WhiteIsZero 16-bit integer TIFF images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6642">#6642</a> [<a href="https://github.com/JayWiz"><code>@JayWiz</code></a>]</li> <li>Raise an error when allocating translucent color to RGB palette <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6654">#6654</a> [<a href="https://github.com/jsbueno"><code>@jsbueno</code></a>]</li> <li>Moved mode check outside of loops <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6650">#6650</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Added reading of TIFF child images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6569">#6569</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Improved ImageOps palette handling <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6596">#6596</a> [<a href="https://github.com/PososikTeam"><code>@PososikTeam</code></a>]</li> <li>Defer parsing of palette into colors <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6567">#6567</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Apply transparency to P images in ImageTk.PhotoImage <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6559">#6559</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Use rounding in ImageOps contain() and pad() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6522">#6522</a> [<a href="https://github.com/bibinhashley"><code>@bibinhashley</code></a>]</li> <li>Fixed GIF remapping to palette with duplicate entries <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6548">#6548</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Allow remap_palette() to return an image with less than 256 palette entries <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6543">#6543</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Corrected BMP and TGA palette size when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6500">#6500</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst">pillow's changelog</a>.</em></p> <blockquote> <h2>9.3.0 (2022-10-29)</h2> <ul> <li> <p>Limit SAMPLESPERPIXEL to avoid runtime DOS <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700">#6700</a> [wiredfool]</p> </li> <li> <p>Initialize libtiff buffer when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699">#6699</a> [radarhere]</p> </li> <li> <p>Inline fname2char to fix memory leak <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329">#6329</a> [nulano]</p> </li> <li> <p>Fix memory leaks related to text features <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330">#6330</a> [nulano]</p> </li> <li> <p>Use double quotes for version check on old CPython on Windows <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695">#6695</a> [hugovk]</p> </li> <li> <p>Remove backup implementation of Round for Windows platforms <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693">#6693</a> [cgohlke]</p> </li> <li> <p>Fixed set_variation_by_name offset <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445">#6445</a> [radarhere]</p> </li> <li> <p>Fix malloc in _imagingft.c:font_setvaraxes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690">#6690</a> [cgohlke]</p> </li> <li> <p>Release Python GIL when converting images using matrix operations <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418">#6418</a> [hmaarrfk]</p> </li> <li> <p>Added ExifTags enums <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630">#6630</a> [radarhere]</p> </li> <li> <p>Do not modify previous frame when calculating delta in PNG <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683">#6683</a> [radarhere]</p> </li> <li> <p>Added support for reading BMP images with RLE4 compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674">#6674</a> [npjg, radarhere]</p> </li> <li> <p>Decode JPEG compressed BLP1 data in original mode <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678">#6678</a> [radarhere]</p> </li> <li> <p>Added GPS TIFF tag info <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661">#6661</a> [radarhere]</p> </li> <li> <p>Added conversion between RGB/RGBA/RGBX and LAB <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647">#6647</a> [radarhere]</p> </li> <li> <p>Do not attempt normalization if mode is already normal <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644">#6644</a> [radarhere]</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="d594f4cb8d"><code>d594f4c</code></a> Update CHANGES.rst [ci skip]</li> <li><a href="909dc64ed5"><code>909dc64</code></a> 9.3.0 version bump</li> <li><a href="1a51ce7b95"><code>1a51ce7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699">#6699</a> from hugovk/security-libtiff_buffer</li> <li><a href="2444cddab2"><code>2444cdd</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700">#6700</a> from hugovk/security-samples_per_pixel-sec</li> <li><a href="744f455830"><code>744f455</code></a> Added release notes</li> <li><a href="0846bfae48"><code>0846bfa</code></a> Add to release notes</li> <li><a href="799a6a0105"><code>799a6a0</code></a> Fix linting</li> <li><a href="00b25fd3ac"><code>00b25fd</code></a> Hide UserWarning in logs</li> <li><a href="05b175ef88"><code>05b175e</code></a> Tighter test case</li> <li><a href="13f2c5ae14"><code>13f2c5a</code></a> Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD</li> <li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/9.1.1...9.3.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Outer-Wilds-New-Horizons/new-horizons/network/alerts). </details>