akari-bot icon indicating copy to clipboard operation
akari-bot copied to clipboard

Published 20 hours ago verified publisher icon Teahouse-Studios

Update dependency pillow to v10.3.0 [SECURITY]

Open renovate[bot] opened this issue 10 months ago • 0 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
pillow (changelog) ==10.2.0 -> ==10.3.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-28219

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

Release Notes

python-pillow/Pillow (pillow)

v10.3.0

Compare Source

  • CVE-2024-28219: Use strncpy to avoid buffer overflow #​7928 [radarhere, hugovk]

  • Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #​7927 [radarhere, hugovk]

  • Raise ValueError if seeking to greater than offset-sized integer in TIFF #​7883 [radarhere]

  • Add --report argument to __main__.py to omit supported formats #​7818 [nulano, radarhere, hugovk]

  • Added RGB to I;16, I;16L, I;16B and I;16N conversion #​7918, #​7920 [radarhere]

  • Fix editable installation with custom build backend and configuration options #​7658 [nulano, radarhere]

  • Fix putdata() for I;16N on big-endian #​7209 [Yay295, hugovk, radarhere]

  • Determine MPO size from markers, not EXIF data #​7884 [radarhere]

  • Improved conversion from RGB to RGBa, LA and La #​7888 [radarhere]

  • Support FITS images with GZIP_1 compression #​7894 [radarhere]

  • Use I;16 mode for 9-bit JPEG 2000 images #​7900 [scaramallion, radarhere]

  • Raise ValueError if kmeans is negative #​7891 [radarhere]

  • Remove TIFF tag OSUBFILETYPE when saving using libtiff #​7893 [radarhere]

  • Raise ValueError for negative values when loading P1-P3 PPM images #​7882 [radarhere]

  • Added reading of JPEG2000 palettes #​7870 [radarhere]

  • Added alpha_quality argument when saving WebP images #​7872 [radarhere]

  • Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #​7881 [radarhere]

  • Stop reading EPS image at EOF marker #​7753 [radarhere]

  • PSD layer co-ordinates may be negative #​7706 [radarhere]

  • Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #​7791 [radarhere]

  • When saving GIF frame that restores to background color, do not fill identical pixels #​7788 [radarhere]

  • Fixed reading PNG iCCP compression method #​7823 [radarhere]

  • Allow writing IFDRational to UNDEFINED tag #​7840 [radarhere]

  • Fix logged tag name when loading Exif data #​7842 [radarhere]

  • Use maximum frame size in IHDR chunk when saving APNG images #​7821 [radarhere]

  • Prevent opening P TGA images without a palette #​7797 [radarhere]

  • Use palette when loading ICO images #​7798 [radarhere]

  • Use consistent arguments for load_read and load_seek #​7713 [radarhere]

  • Turn off nullability warnings for macOS SDK #​7827 [radarhere]

  • Fix shift-sign issue in Convert.c #​7838 [r-barnes, radarhere]

  • Open 16-bit grayscale PNGs as I;16 #​7849 [radarhere]

  • Handle truncated chunks at the end of PNG images #​7709 [lajiyuan, radarhere]

  • Match mask size to pasted image size in GifImagePlugin #​7779 [radarhere]

  • Release GIL while calling WebPAnimDecoderGetNext #​7782 [evanmiller, radarhere]

  • Fixed reading FLI/FLC images with a prefix chunk #​7804 [twolife]

  • Update wl-paste handling and return None for some errors in grabclipboard() on Linux #​7745 [nik012003, radarhere]

  • Remove execute bit from setup.py #​7760 [hugovk]

  • Do not support using test-image-results to upload images after test failures #​7739 [radarhere]

  • Changed ImageMath.ops to be static #​7721 [radarhere]

  • Fix APNG info after seeking backwards more than twice #​7701 [esoma, radarhere]

  • Deprecate ImageCms constants and versions() function #​7702 [nulano, radarhere]

  • Added PerspectiveTransform #​7699 [radarhere]

  • Add support for reading and writing grayscale PFM images #​7696 [nulano, hugovk]

  • Add LCMS2 flags to ImageCms #​7676 [nulano, radarhere, hugovk]

  • Rename x64 to AMD64 in winbuild #​7693 [nulano]

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Apr 03 '24 16:04 renovate[bot]