Bump the pip group across 3 directories with 2 updates #59

dependabot · 2024-10-25T23:53:25Z

Bumps the pip group with 1 update in the /templates/web/python_flask directory: werkzeug.
Bumps the pip group with 1 update in the /workers/keyword-lambda-python directory: pillow.
Bumps the pip group with 1 update in the /workers/tesseract-lambda-python directory: pillow.

Updates werkzeug from 3.0.1 to 3.0.6

Release notes

Sourced from werkzeug's releases.

3.0.6

This is the Werkzeug 3.0.6 security fix release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.6/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-6

Fix how max_form_memory_size is applied when parsing large non-file fields. GHSA-q34m-jh98-gwm2

safe_join catches certain paths on Windows that were not caught by ntpath.isabs on Python < 3.11. GHSA-f9vj-2wh5-fj8j

3.0.5

This is the Werkzeug 3.0.5 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.5/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-5 Milestone: https://github.com/pallets/werkzeug/milestone/37?closed=1

The Watchdog reloader ignores file closed no write events. #2945

Logging works with client addresses containing an IPv6 scope. #2952

Ignore invalid authorization parameters. #2955

Improve type annotation fore SharedDataMiddleware. #2958

Compatibility with Python 3.13 when generating debugger pin and the current UID does not have an associated name. #2957

3.0.4

This is the Werkzeug 3.0.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.4/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-4 Milestone: https://github.com/pallets/werkzeug/milestone/36?closed=1

Restore behavior where parsing multipart/x-www-form-urlencoded data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. #2930

Improve parse_options_header performance when parsing unterminated quoted string values. #2904

Debugger pin auth is synchronized across threads/processes when tracking failed entries. #2916

Dev server handles unexpected SSLEOFError due to issue in Python < 3.13. #2926

Debugger pin auth works when the URL already contains a query string. #2918

3.0.3

This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.3/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1

Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985

Make reloader more robust when "" is in sys.path. #2823

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 3.0.6

Released 2024-10-25

Fix how max_form_memory_size is applied when parsing large non-file fields. :ghsa:q34m-jh98-gwm2

safe_join catches certain paths on Windows that were not caught by ntpath.isabs on Python < 3.11. :ghsa:f9vj-2wh5-fj8j

Version 3.0.5

Released 2024-10-24

The Watchdog reloader ignores file closed no write events. :issue:2945

Logging works with client addresses containing an IPv6 scope :issue:2952

Ignore invalid authorization parameters. :issue:2955

Improve type annotation fore SharedDataMiddleware. :issue:2958

Compatibility with Python 3.13 when generating debugger pin and the current UID does not have an associated name. :issue:2957

Version 3.0.4

Released 2024-08-21

Restore behavior where parsing multipart/x-www-form-urlencoded data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. :issue:2930

Improve parse_options_header performance when parsing unterminated quoted string values. :issue:2904

Debugger pin auth is synchronized across threads/processes when tracking failed entries. :issue:2916

Dev server handles unexpected SSLEOFError due to issue in Python < 3.13. :issue:2926

Debugger pin auth works when the URL already contains a query string. :issue:2918

Version 3.0.3

Released 2024-05-05

Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger

... (truncated)

Commits

5eaefc3 release version 3.0.6
2767bcb Merge commit from fork
87cc78a catch special absolute path on Windows Python < 3.11
50cfeeb Merge commit from fork
8760275 apply max_form_memory_size another level up in the parser
8d6a12e start version 3.0.6
a7b121a release version 3.0.5 (#2961)
9caf72a release version 3.0.5
e28a245 catch OSError from getpass.getuser (#2960)
e6b4cce catch OSError from getpass.getuser
Additional commits viewable in compare view

Updates pillow from 10.4.0 to 11.0.0

Release notes

Sourced from pillow's releases.

11.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/11.0.0.html

Changes

Do not create core image in TIFF seek() #8392 [@radarhere]

Removed custom build_openjpeg #8365 [@radarhere]

Support writing LONG8 offsets in AppendingTiffWriter #8417 [@radarhere]

Use ImageFile.MAXBLOCK when saving TIFF images #8461 [@radarhere]

Always raise warnings for deprecated feature checks #8459 [@radarhere]

Do not close provided file handles with libtiff when saving #8458 [@radarhere]

Revert "Skip QEMU-emulated wheels on workflow dispatch event" #8455 [@radarhere]

Support ImageFilter.BuiltinFilter for I;16* images #8438 [@radarhere]

[pre-commit.ci] pre-commit autoupdate #8448 [@pre-commit-ci]

Use ImagingCore.ptr instead of ImagingCore.id #8341 [@homm]

Simplified code #8445 [@radarhere]

Removed unused code #8447 [@radarhere]

Updated EPS mode when opening images without transparency #8281 [@Yay295]

Use transparency when combining P frames from APNGs #8443 [@radarhere]

Generate and upload attestations to PyPI #8441 [@hugovk]

Do not convert images unnecessarily in ImageEnhance #8431 [@radarhere]

Raise an error if path is compacted during mapping #8416 [@radarhere]

Support all resampling filters when resizing I;16* images #8422 [@radarhere]

Free memory on early return #8413 [@radarhere]

Cast int before potentially exceeding INT_MAX #8402 [@radarhere]

Prevent division by zero #8408 [@radarhere]

Check image value before use #8400 [@radarhere]

Use ruff check #8423 [@radarhere]

Change harfbuzz versions in wheels #8421 [@radarhere]

Use Capsule for WebP saving #8386 [@homm]

Fixed writing multiple StripOffsets to TIFF #8317 [@Yay295]

Updated macOS deployment target for PyPy on Intel to 10.15 #8414 [@radarhere]

Fix dereference before checking for NULL in ImagingTransformAffine #8398 [@PavlNekrasov]

Use transposed size after opening for TIFF images #8390 [@radarhere]

Improve ImageFont error messages #8338 [@yngvem]

Mention MAX_TEXT_CHUNK limit in PNG error message #8391 [@radarhere]

Cast Dib handle to int #8385 [@radarhere]

Updated macOS deployment target for Python >= 3.12 on Intel to 10.13 #8379 [@radarhere]

Removed unused ImagePath variable #8377 [@radarhere]

Change macos-14 to macos-latest #8376 [@radarhere]

Accept float stroke widths #8369 [@radarhere]

Remove comments #8370 [@radarhere]

Removed libffi-dev #8368 [@radarhere]

Improved handling of RGBA palettes when saving GIF images #8366 [@radarhere]

Support converting more modes to LAB by converting to RGBA first #8358 [@radarhere]

Optimize getbbox() and getextrema() routines #8194 [@homm]

Removed unused TiffImagePlugin IFD_LEGACY_API #8355 [@radarhere]

Handle duplicate EXIF header #8350 [@zakajd]

Use (void) for empty function parameters #8002 [@Yay295]

Return early from BoxBlur if either width or height is zero #8347 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

11.0.0 (2024-10-15)

Update licence to MIT-CMU #8460 [hugovk]

Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

Do not close provided file handles with libtiff when saving #8458 [radarhere]

Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

Use transparency when combining P frames from APNGs #8443 [radarhere]

Support all resampling filters when resizing I;16* images #8422 [radarhere]

Free memory on early return #8413 [radarhere]

Cast int before potentially exceeding INT_MAX #8402 [radarhere]

Check image value before use #8400 [radarhere]

Improved copying imagequant libraries #8420 [radarhere]

Use Capsule for WebP saving #8386 [homm, radarhere]

Fixed writing multiple StripOffsets to TIFF #8317 [Yay295, radarhere]

... (truncated)

Commits

204aae6 11.0.0 version bump
f2cc87b Update CHANGES.rst [ci skip]
c855e8e Merge pull request #8464 from radarhere/imagemath_type_hint
dc37515 Merge pull request #8463 from hugovk/update-3.13-date
c3d81d6 Update Python 3.13 release date
a60610c Added type hints
a5c58f2 Merge pull request #8460 from hugovk/mit-cmu
e74994e Update licence to MIT-CMU
b5e1115 Update CHANGES.rst [ci skip]
686b5e2 Merge pull request #8392 from radarhere/tiff_seek
Additional commits viewable in compare view

Updates pillow from 10.4.0 to 11.0.0

Release notes

Sourced from pillow's releases.

11.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/11.0.0.html

Changes

Do not create core image in TIFF seek() #8392 [@radarhere]

Removed custom build_openjpeg #8365 [@radarhere]

Support writing LONG8 offsets in AppendingTiffWriter #8417 [@radarhere]

Use ImageFile.MAXBLOCK when saving TIFF images #8461 [@radarhere]

Always raise warnings for deprecated feature checks #8459 [@radarhere]

Do not close provided file handles with libtiff when saving #8458 [@radarhere]

Revert "Skip QEMU-emulated wheels on workflow dispatch event" #8455 [@radarhere]

Support ImageFilter.BuiltinFilter for I;16* images #8438 [@radarhere]

[pre-commit.ci] pre-commit autoupdate #8448 [@pre-commit-ci]

Use ImagingCore.ptr instead of ImagingCore.id #8341 [@homm]

Simplified code #8445 [@radarhere]

Removed unused code #8447 [@radarhere]

Updated EPS mode when opening images without transparency #8281 [@Yay295]

Use transparency when combining P frames from APNGs #8443 [@radarhere]

Generate and upload attestations to PyPI #8441 [@hugovk]

Do not convert images unnecessarily in ImageEnhance #8431 [@radarhere]

Raise an error if path is compacted during mapping #8416 [@radarhere]

Support all resampling filters when resizing I;16* images #8422 [@radarhere]

Free memory on early return #8413 [@radarhere]

Cast int before potentially exceeding INT_MAX #8402 [@radarhere]

Prevent division by zero #8408 [@radarhere]

Check image value before use #8400 [@radarhere]

Use ruff check #8423 [@radarhere]

Change harfbuzz versions in wheels #8421 [@radarhere]

Use Capsule for WebP saving #8386 [@homm]

Fixed writing multiple StripOffsets to TIFF #8317 [@Yay295]

Updated macOS deployment target for PyPy on Intel to 10.15 #8414 [@radarhere]

Fix dereference before checking for NULL in ImagingTransformAffine #8398 [@PavlNekrasov]

Use transposed size after opening for TIFF images #8390 [@radarhere]

Improve ImageFont error messages #8338 [@yngvem]

Mention MAX_TEXT_CHUNK limit in PNG error message #8391 [@radarhere]

Cast Dib handle to int #8385 [@radarhere]

Updated macOS deployment target for Python >= 3.12 on Intel to 10.13 #8379 [@radarhere]

Removed unused ImagePath variable #8377 [@radarhere]

Change macos-14 to macos-latest #8376 [@radarhere]

Accept float stroke widths #8369 [@radarhere]

Remove comments #8370 [@radarhere]

Removed libffi-dev #8368 [@radarhere]

Improved handling of RGBA palettes when saving GIF images #8366 [@radarhere]

Support converting more modes to LAB by converting to RGBA first #8358 [@radarhere]

Optimize getbbox() and getextrema() routines #8194 [@homm]

Removed unused TiffImagePlugin IFD_LEGACY_API #8355 [@radarhere]

Handle duplicate EXIF header #8350 [@zakajd]

Use (void) for empty function parameters #8002 [@Yay295]

Return early from BoxBlur if either width or height is zero #8347 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

11.0.0 (2024-10-15)

Update licence to MIT-CMU #8460 [hugovk]

Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

Do not close provided file handles with libtiff when saving #8458 [radarhere]

Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

Use transparency when combining P frames from APNGs #8443 [radarhere]

Support all resampling filters when resizing I;16* images #8422 [radarhere]

Free memory on early return #8413 [radarhere]

Cast int before potentially exceeding INT_MAX #8402 [radarhere]

Check image value before use #8400 [radarhere]

Improved copying imagequant libraries #8420 [radarhere]

Use Capsule for WebP saving #8386 [homm, radarhere]

Fixed writing multiple StripOffsets to TIFF #8317 [Yay295, radarhere]

... (truncated)

Commits

204aae6 11.0.0 version bump
f2cc87b Update CHANGES.rst [ci skip]
c855e8e Merge pull request #8464 from radarhere/imagemath_type_hint
dc37515 Merge pull request #8463 from hugovk/update-3.13-date
c3d81d6 Update Python 3.13 release date
a60610c Added type hints
a5c58f2 Merge pull request #8460 from hugovk/mit-cmu
e74994e Update licence to MIT-CMU
b5e1115 Update CHANGES.rst [ci skip]
686b5e2 Merge pull request #8392 from radarhere/tiff_seek
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 1 update in the /templates/web/python_flask directory: [werkzeug](https://github.com/pallets/werkzeug). Bumps the pip group with 1 update in the /workers/keyword-lambda-python directory: [pillow](https://github.com/python-pillow/Pillow). Bumps the pip group with 1 update in the /workers/tesseract-lambda-python directory: [pillow](https://github.com/python-pillow/Pillow). Updates `werkzeug` from 3.0.1 to 3.0.6 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@3.0.1...3.0.6) Updates `pillow` from 10.4.0 to 11.0.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.4.0...11.0.0) Updates `pillow` from 10.4.0 to 11.0.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.4.0...11.0.0) --- updated-dependencies: - dependency-name: werkzeug dependency-type: indirect dependency-group: pip - dependency-name: pillow dependency-type: direct:production dependency-group: pip - dependency-name: pillow dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested review from jkennedyvz and jrozner as code owners October 25, 2024 23:53

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 3 directories with 2 updates #59

Bump the pip group across 3 directories with 2 updates #59

dependabot bot commented on behalf of github Oct 25, 2024

Bump the pip group across 3 directories with 2 updates #59

Are you sure you want to change the base?

Bump the pip group across 3 directories with 2 updates #59

Conversation

dependabot bot commented on behalf of github Oct 25, 2024

3.0.6

3.0.5

3.0.4

3.0.3

Version 3.0.6

Version 3.0.5

Version 3.0.4

Version 3.0.3

11.0.0

Changes

11.0.0 (2024-10-15)

11.0.0

Changes

11.0.0 (2024-10-15)