Bump the pip group across 1 directories with 2 updates #5

dependabot · 2024-02-17T00:54:00Z

Bumps the pip group with 2 updates in the /src/frontend directory: cryptography and pillow.

Updates cryptography from 41.0.7 to 42.0.2

Changelog

Sourced from cryptography's changelog.

42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in ``sign`` and ``verify`` methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`, ``X25519PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`, ``X448PrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`, and ``DHPrivateKey`` :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`. .. _v42-0-1:

42.0.1 - 2024-01-24

Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22


* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.7.
* **BACKWARDS INCOMPATIBLE:** Loading a PKCS7 with no content field using
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
  or
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
  will now raise a ``ValueError`` rather than return an empty list.
* Parsing SSH certificates no longer permits malformed critical options with
  values, as documented in the 41.0.2 release notes.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0.
* Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0.
* We now publish both ``py37`` and ``py39`` ``abi3`` wheels. This should
  resolve some errors relating to initializing a module multiple times per
  process.
* Support :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` for
  X.509 certificate signing requests and certificate revocation lists with the
  keyword-only argument ``rsa_padding`` on the ``sign`` methods for
  :class:`~cryptography.x509.CertificateSigningRequestBuilder` and
  :class:`~cryptography.x509.CertificateRevocationListBuilder`.
* Added support for obtaining X.509 certificate signing request signature
  algorithm parameters (including PSS) via
</tr></table>

... (truncated)

Commits

2202123 changelog and version bump 42.0.2 (#10268)
f7032bd bump openssl in CI (#10298) (#10299)
002e886 Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)
92fa9f2 support bytes-like consistently across our asym sign/verify APIs (#10260) (#1...
6478f7e explicitly support bytes-like for signature/data in RSA sign/verify (#10259) ...
4bb8596 fix the release script (#10233) (#10254)
337437d 42.0.1 bump (#10252)
56255de allow SPKI RSA keys to be parsed even if they have an incorrect delimiter (#1...
12f038b fixes #10237 -- correct EC sign parameter name (#10239) (#10240)
4e64baf 42.0.0 version bump (#10232)
Additional commits viewable in compare view

Updates pillow from 9.4.0 to 10.2.0

Release notes

Sourced from pillow's releases.

10.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Changes

Add keep_rgb option when saving JPEG to prevent conversion of RGB colorspace #7553 [@bgilbert]

Trim negative glyph offsets in ImageFont.getmask() #7672 [@nulano]

Removed unnecessary "pragma: no cover" #7668 [@radarhere]

Trim glyph size in ImageFont.getmask() #7669 [@radarhere]

Fix loading IPTC images and update test #7667 [@nulano]

Allow uncompressed TIFF images to be saved in chunks #7650 [@radarhere]

Concatenate multiple JPEG EXIF markers #7496 [@radarhere]

Changed IPTC tile tuple to match other plugins #7661 [@radarhere]

Do not assign new fp attribute when exiting context manager #7566 [@radarhere]

Support arbitrary masks for uncompressed RGB DDS images #7589 [@radarhere]

Support setting ROWSPERSTRIP tag #7654 [@radarhere]

Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask() #7662 [@radarhere]

Optimise ImageColor using functools.lru_cache #7657 [@hugovk]

Restricted environment keys for ImageMath.eval() #7655 [@radarhere]

Optimise ImageMode.getmode using functools.lru_cache #7641 [@hugovk]

Added trusted PyPI publishing #7616 [@radarhere]

Compile FriBiDi for Windows ARM64 #7629 [@nulano]

Fix incorrect color blending for overlapping glyphs #7497 [@ZachNagengast]

Add .git-blame-ignore-revs file #7528 [@akx]

Attempt memory mapping when tile args is a string #7565 [@radarhere]

Fill identical pixels with transparency in subsequent frames when saving GIF #7568 [@radarhere]

Removed unnecessary string length check #7560 [@radarhere]

Determine mask mode in Python instead of C #7548 [@radarhere]

Corrected duration when combining multiple GIF frames into single frame #7521 [@radarhere]

Handle disposing GIF background from outside palette #7515 [@radarhere]

Seek past the data when skipping a PSD layer #7483 [@radarhere]

ImageMath: Inline isinstance check #7623 [@hugovk]

Update actions/upload-artifact action to v4 #7619 [@radarhere]

Import plugins relative to the module #7576 [@deliangyang]

Translate encoder error codes to strings; deprecate ImageFile.raise_oserror() #7609 [@bgilbert]

Updated readthedocs to latest version of Python #7611 [@radarhere]

Support reading BC4U and DX10 BC1 images #6486 [@REDxEYE]

Optimize ImageStat.Stat.extrema #7593 [@florath]

Handle pathlib.Path in FreeTypeFont #7578 [@radarhere]

Use list comprehensions to create transformed lists #7597 [@hugovk]

Added support for reading DX10 BC4 DDS images #7603 [@sambvfx]

Optimized ImageStat.Stat.count #7599 [@florath]

Moved error from truetype() to FreeTypeFont #7587 [@radarhere]

Correct PDF palette size when saving #7555 [@radarhere]

Fixed closing file pointer with olefile 0.47 #7594 [@radarhere]

ruff: Minor optimizations of list comprehensions, x in set, etc. #7524 [@cclauss]

Build Windows wheels using cibuildwheel #7580 [@nulano]

Raise ValueError when TrueType font size is zero or less #7584 [@akx]

Install cibuildwheel from requirements file #7581 [@hugovk]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.2.0 (2024-01-02)

Add keep_rgb option when saving JPEG to prevent conversion of RGB colorspace #7553 [bgilbert, radarhere]

Trim glyph size in ImageFont.getmask() #7669, #7672 [radarhere, nulano]

Deprecate IptcImagePlugin helpers #7664 [nulano, hugovk, radarhere]

Allow uncompressed TIFF images to be saved in chunks #7650 [radarhere]

Concatenate multiple JPEG EXIF markers #7496 [radarhere]

Changed IPTC tile tuple to match other plugins #7661 [radarhere]

Do not assign new fp attribute when exiting context manager #7566 [radarhere]

Support arbitrary masks for uncompressed RGB DDS images #7589 [radarhere, akx]

Support setting ROWSPERSTRIP tag #7654 [radarhere]

Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask() #7662 [radarhere]

Optimise ImageColor using functools.lru_cache #7657 [hugovk]

Restricted environment keys for ImageMath.eval() #7655 [wiredfool, radarhere]

Optimise ImageMode.getmode using functools.lru_cache #7641 [hugovk, radarhere]

Fix incorrect color blending for overlapping glyphs #7497 [ZachNagengast, nulano, radarhere]

Attempt memory mapping when tile args is a string #7565 [radarhere]

Fill identical pixels with transparency in subsequent frames when saving GIF #7568 [radarhere]

... (truncated)

Commits

6956d0b 10.2.0 version bump
31c8dac Merge pull request #7675 from python-pillow/pre-commit-ci-update-config
40a3f91 Merge pull request #7674 from nulano/url-example
cb41b0c [pre-commit.ci] pre-commit autoupdate
de62b25 fix image url in "Reading from URL" example
7c526a6 Update CHANGES.rst [ci skip]
d93a5ad Merge pull request #7553 from bgilbert/jpeg-rgb
aed764f Update CHANGES.rst [ci skip]
f8df530 Merge pull request #7672 from nulano/imagefont-negative-crop
24e9485 Merge pull request #7671 from radarhere/imagetransform
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 2 updates in the /src/frontend directory: [cryptography](https://github.com/pyca/cryptography) and [pillow](https://github.com/python-pillow/Pillow). Updates `cryptography` from 41.0.7 to 42.0.2 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@41.0.7...42.0.2) Updates `pillow` from 9.4.0 to 10.2.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@9.4.0...10.2.0) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production dependency-group: pip-security-group - dependency-name: pillow dependency-type: direct:production dependency-group: pip-security-group ... Signed-off-by: dependabot[bot] <support@github.com>

for more information, see https://pre-commit.ci

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 17, 2024

[pre-commit.ci] auto fixes from pre-commit.com hooks

810ad94

for more information, see https://pre-commit.ci

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 1 directories with 2 updates #5

Bump the pip group across 1 directories with 2 updates #5

dependabot bot commented on behalf of github Feb 17, 2024

Bump the pip group across 1 directories with 2 updates #5

Are you sure you want to change the base?

Bump the pip group across 1 directories with 2 updates #5

Conversation

dependabot bot commented on behalf of github Feb 17, 2024

10.2.0

Changes

10.2.0 (2024-01-02)