chore(deps): bump the pip group across 3 directories with 14 updates

[dependabot]

Bumps the pip group with 2 updates in the / directory: black and hail.
Bumps the pip group with 11 updates in the /data-pipeline directory:

Package	From	To
black	23.9.1	24.3.0
hail	0.2.124	0.2.127
tqdm	4.66.1	4.66.3
azure-identity	1.14.0	1.16.1
cryptography	41.0.4	42.0.4
idna	3.4	3.7
jinja2	3.1.2	3.1.4
pillow	10.0.1	10.3.0
requests	2.31.0	2.32.2
tornado	6.3.3	6.4.1
urllib3	1.26.16	1.26.19

Bumps the pip group with 4 updates in the /deploy/dockerfiles/blog directory: idna, jinja2, urllib3 and gunicorn.

Updates black from 22.3.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

• 552baf8 Prepare release 24.3.0 (#4279)
• f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
• 7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
• 1abcffc Use regex where we ignore case on windows (#4252)
• 719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
• e5510af update plugin url for Thonny (#4259)
• 6af7d11 Fix AST safety check false negative (#4270)
• f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
• e4bfedb fix: Don't move comments while splitting delimiters (#4248)
• d0287e1 Make trailing comma logic more concise (#4202)
• Additional commits viewable in compare view

Updates hail from 0.2.127 to 0.2.131

Release notes

Sourced from hail's releases.

0.2.131

Hail version 0.2.131

Change log

0.2.130

Hail version 0.2.130

Change log

0.2.129

Hail version 0.2.129

Change log

0.2.128

Hail version 0.2.128

Change log

Commits

• 11d9b2f [release] v0.2.131 (#14569)
• d9d85d5 [vds/combiner] Stop dropping GT in reference data during gvcf import (#14560)
• 208d69b [qob] Always send the git revision from the python service backend instead of...
• cb4bb0d [infra] Update GCP DB terraform to reflect backup region change (#14568)
• 6f4a551 Metadata server updates: scopes endpoint and allow omission of trailing slash...
• f7c6d62 [query] Add more transient error handling (#14516)
• dd9d5b4 [dataproc] bumps version of notebook (#14563)
• 80d7106 [internal-gateway] Fix bootstrap invocation (#14561)
• d63c91e [pip] Resolve security vulns in pymysql and requests (#14558)
• 9822e7d [compiler] simplify PruneDeadFields (#14509)
• Additional commits viewable in compare view

Updates black from 23.9.1 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

• 552baf8 Prepare release 24.3.0 (#4279)
• f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
• 7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
• 1abcffc Use regex where we ignore case on windows (#4252)
• 719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
• e5510af update plugin url for Thonny (#4259)
• 6af7d11 Fix AST safety check false negative (#4270)
• f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
• e4bfedb fix: Don't move comments while splitting delimiters (#4248)
• d0287e1 Make trailing comma logic more concise (#4202)
• Additional commits viewable in compare view

Updates hail from 0.2.124 to 0.2.127

Release notes

Sourced from hail's releases.

0.2.131

Hail version 0.2.131

Change log

0.2.130

Hail version 0.2.130

Change log

0.2.129

Hail version 0.2.129

Change log

0.2.128

Hail version 0.2.128

Change log

Commits

• 11d9b2f [release] v0.2.131 (#14569)
• d9d85d5 [vds/combiner] Stop dropping GT in reference data during gvcf import (#14560)
• 208d69b [qob] Always send the git revision from the python service backend instead of...
• cb4bb0d [infra] Update GCP DB terraform to reflect backup region change (#14568)
• 6f4a551 Metadata server updates: scopes endpoint and allow omission of trailing slash...
• f7c6d62 [query] Add more transient error handling (#14516)
• dd9d5b4 [dataproc] bumps version of notebook (#14563)
• 80d7106 [internal-gateway] Fix bootstrap invocation (#14561)
• d63c91e [pip] Resolve security vulns in pymysql and requests (#14558)
• 9822e7d [compiler] simplify PruneDeadFields (#14509)
• Additional commits viewable in compare view

Updates tqdm from 4.66.1 to 4.66.3

Release notes

Sourced from tqdm's releases.

tqdm v4.66.3 stable

• cli: eval safety (fixes CVE-2024-34062, GHSA-g7vv-2v7x-gj9p)

tqdm v4.66.2 stable

• pandas: add DataFrame.progress_map (#1549)
• notebook: fix HTML padding (#1506)
• keras: fix resuming training when verbose>=2 (#1508)
• fix format_num negative fractions missing leading zero (#1548)
• fix Python 3.12 DeprecationWarning on import (#1519)
• linting: use f-strings (#1549)
• update tests (#1549)
  • fix pandas warnings
  • fix asv (airspeed-velocity/asv#1323)
  • fix macos notebook docstring indentation
• CI: bump actions (#1549)

Commits

• 4e613f8 Merge pull request from GHSA-g7vv-2v7x-gj9p
• b53348c cli: eval safety
• cc372d0 bump version, merge pull request #1549 from tqdm/devel
• e9f0c05 use PyPI trusted publishing
• 7323d5b slight makefile clean
• 5306125 tests: bump pre-commit
• 4a6fd4f fix datetime.utcfromtimestamp py3.12 warning (#1519)
• 6f13759 tests: fix macos notebook indentation
• 3abcd2a tests: fix asv
• a4d15c8 tests: fix pandas warnings
• Additional commits viewable in compare view

Updates aiohttp from 3.8.5 to 3.9.5

Release notes

Sourced from aiohttp's releases.

3.9.5

Bug fixes

• Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

  Related issues and pull requests on GitHub: #8253.

• Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

  Related issues and pull requests on GitHub: #8332.

• Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: #8335.

---

3.9.4

Bug fixes

• The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

  Related issues and pull requests on GitHub: #8089.

• Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.5 (2024-04-16)

Bug fixes

• Fixed "Unclosed client session" when initialization of :py:class:~aiohttp.ClientSession fails -- by :user:NewGlad.

  Related issues and pull requests on GitHub: :issue:8253.

• Fixed regression (from :pr:8280) with adding Content-Disposition to the form-data part after appending to writer -- by :user:Dreamsorcerer/:user:Olegt0rr.

  Related issues and pull requests on GitHub: :issue:8332.

• Added default Content-Disposition in multipart/form-data responses to avoid broken form-data responses -- by :user:Dreamsorcerer.

  Related issues and pull requests on GitHub: :issue:8335.

---

3.9.4 (2024-04-11)

Bug fixes

• The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

  Related issues and pull requests on GitHub: :issue:8089.

... (truncated)

Commits

• b844d42 Release v3.9.5 (#8340)
• 0415a4c Patchback/backports/3.9/5fd29467fb63efdfae1ace280cec36b1f8139567/pr 8290 (#8311)
• f21c6f2 [PR #8335/5a6949da backport][3.9] Add Content-Disposition automatically (#8336)
• 7eecdff [PR #8332/482e6cdf backport][3.9] Add set_content_disposition test (#8333)
• 82fbe64 [PR #8324/4a8fd08b backport][3.9] Add missing changelogs (#8330)
• 01df7ec Bump version
• 7917ae2 Merge 3.1
• b3397c7 Release v3.9.4 (#8201)
• a7e240a [PR #8320/9ba9a4e5 backport][3.9] Fix Python parser to mark responses without...
• 2833552 Escape filenames and paths in HTML when generating index pages (#8317) (#8319)
• Additional commits viewable in compare view

Updates azure-identity from 1.14.0 to 1.16.1

Release notes

Sourced from azure-identity's releases.

azure-identity_1.16.1

1.16.1 (2024-06-11)

Bugs Fixed

• Managed identity bug fixes

Commits

• 6a07fc9 [Identity] Fix device code tests (#35846)
• e16a704 [Identity] Add Azure Arc key validation checks
• 95c5f2a Update release dates (#35091)
• c58bfa7 [Identity] Adjust IMDS retry backoff (#35070)
• 6680ffc [Identity] Update broker docs (#35032)
• 1ade699 [Identity] Update live test config (#35019)
• 66efa24 Update Authorization Code client_secret kwarg usage (#34862)
• 6f79b4d Fix WAM default account code sample (#35007)
• 4348985 Update default broker account sample (#35003)
• 0527e86 [skip ci] Delete azure-devtools and deps/references
• Additional commits viewable in compare view

Updates cryptography from 41.0.4 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.
.. _v42-0-3:
42.0.3 - 2024-02-15

• Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
.. _v42-0-1:
42.0.1 - 2024-01-24

• Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
• Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22

</tr></table> 

... (truncated)

Commits

• fe18470 Bump for 42.0.4 release (#10445)
• aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
• 7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
• df314bb backport actions m1 switch to 42.0.x (#10415)
• c49a7a5 changelog and version bump for 42.0.3 (#10396)
• 396bcf6 fix provider loading take two (#10390) (#10395)
• 0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
• 2202123 changelog and version bump 42.0.2 (#10268)
• f7032bd bump openssl in CI (#10298) (#10299)
• 002e886 Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)
• Additional commits viewable in compare view

Updates idna from 3.4 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

• Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

• Update to Unicode 15.1.0
• String codec name is now "idna2008" as overriding the system codec "idna" was not working.
• Fix typing error for codec encoding
• "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
• Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
• Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

• Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3
• Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

• Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
• xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
• Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Updates orjson from 3.9.7 to 3.10.5

Release notes

Sourced from orjson's releases.

3.10.5

Changed

• Improve performance.

3.10.4

Changed

• Improve performance.

3.10.3

Changed

• manylinux amd64 builds include runtime-detected AVX-512 str implementation.
• Tests now compatible with numpy v2.

3.10.2

Fixed

• Fix crash serializing str introduced in 3.10.1.

Changed

• Improve performance.
• Drop support for arm7.

3.10.1

Fixed

• Serializing numpy.ndarray with non-native endianness raises orjson.JSONEncodeError.

Changed

• Improve performance of serializing.

3.10.0

Changed

• Support serializing numpy.float16 (numpy.half).
• sdist uses metadata 2.3 instead of 2.1.
• Improve Windows PyPI builds.

3.9.15

Fixed

• Implement recursion limit of 1024 on orjson.loads().
• Use byte-exact read on str formatting SIMD path to avoid crash.

... (truncated)

Changelog

Sourced from orjson's changelog.

3.10.5 - 2024-06-13

Changed

• Improve performance.

3.10.4 - 2024-06-10

Changed

• Improve performance.

3.10.3 - 2024-05-03

Changed

• manylinux amd64 builds include runtime-detected AVX-512 str implementation.
• Tests now compatible with numpy v2.

3.10.2 - 2024-05-01

Fixed

• Fix crash serializing str introduced in 3.10.1.

Changed

• Improve performance.
• Drop support for arm7.

3.10.1 - 2024-04-15

Fixed

• Serializing numpy.ndarray with non-native endianness raises orjson.JSONEncodeError.

Changed

• Improve performance of serializing.

3.10.0 - 2024-03-27

Changed

... (truncated)

Commits

• 7b081e1 3.10.5
• 6b626c9 dict, list full impl
• 05fd9e1 str escape u8 instead of u64
• 7f212b8 3.10.4
• c96351f cargo update, misc
• ac8d90e Module specifies Py_MOD_GIL_USED
• d55b261 unwinding
• f0b4559 Fix tzcnt intrinsic inlining
• 0020647 Fix check-cfg, pin static analysis
• 3c1f2a4 3.10.3
• Additional commits viewable in compare view

Updates pillow from 10.0.1 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package n...

  Description has been truncated

[sjahl]

@dependabot squash and merge