Modern problems require modern solutions
byt3bl33d3r, updated
🕥
2022-11-22 03:48:10
MemeGenerator
Issues
Bump pillow from 6.0.0 to 9.3.0
opened on 2022-11-22 03:48:06 by dependabot[bot]Bumps pillow from 6.0.0 to 9.3.0.
Release notes
Sourced from pillow's releases.
9.3.0
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html
Changes
- Initialize libtiff buffer when saving #6699 [
@radarhere]- Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [
@wiredfool]- Inline fname2char to fix memory leak #6329 [
@nulano]- Fix memory leaks related to text features #6330 [
@nulano]- Use double quotes for version check on old CPython on Windows #6695 [
@hugovk]- GHA: replace deprecated set-output command with GITHUB_OUTPUT file #6697 [
@nulano]- Remove backup implementation of Round for Windows platforms #6693 [
@cgohlke]- Upload fribidi.dll to GitHub Actions #6532 [
@nulano]- Fixed set_variation_by_name offset #6445 [
@radarhere]- Windows build improvements #6562 [
@nulano]- Fix malloc in _imagingft.c:font_setvaraxes #6690 [
@cgohlke]- Only use ASCII characters in C source file #6691 [
@cgohlke]- Release Python GIL when converting images using matrix operations #6418 [
@hmaarrfk]- Added ExifTags enums #6630 [
@radarhere]- Do not modify previous frame when calculating delta in PNG #6683 [
@radarhere]- Added support for reading BMP images with RLE4 compression #6674 [
@npjg]- Decode JPEG compressed BLP1 data in original mode #6678 [
@radarhere]- pylint warnings #6659 [
@marksmayo]- Added GPS TIFF tag info #6661 [
@radarhere]- Added conversion between RGB/RGBA/RGBX and LAB #6647 [
@radarhere]- Do not attempt normalization if mode is already normal #6644 [
@radarhere]- Fixed seeking to an L frame in a GIF #6576 [
@radarhere]- Consider all frames when selecting mode for PNG save_all #6610 [
@radarhere]- Don't reassign crc on ChunkStream close #6627 [
@radarhere]- Raise a warning if NumPy failed to raise an error during conversion #6594 [
@radarhere]- Only read a maximum of 100 bytes at a time in IMT header #6623 [
@radarhere]- Show all frames in ImageShow #6611 [
@radarhere]- Allow FLI palette chunk to not be first #6626 [
@radarhere]- If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode #6592 [
@radarhere]- Round box position to integer when pasting embedded color #6517 [
@radarhere]- Removed EXIF prefix when saving WebP #6582 [
@radarhere]- Pad IM palette to 768 bytes when saving #6579 [
@radarhere]- Added DDS BC6H reading #6449 [
@ShadelessFox]- Added support for opening WhiteIsZero 16-bit integer TIFF images #6642 [
@JayWiz]- Raise an error when allocating translucent color to RGB palette #6654 [
@jsbueno]- Moved mode check outside of loops #6650 [
@radarhere]- Added reading of TIFF child images #6569 [
@radarhere]- Improved ImageOps palette handling #6596 [
@PososikTeam]- Defer parsing of palette into colors #6567 [
@radarhere]- Apply transparency to P images in ImageTk.PhotoImage #6559 [
@radarhere]- Use rounding in ImageOps contain() and pad() #6522 [
@bibinhashley]- Fixed GIF remapping to palette with duplicate entries #6548 [
@radarhere]- Allow remap_palette() to return an image with less than 256 palette entries #6543 [
@radarhere]- Corrected BMP and TGA palette size when saving #6500 [
@radarhere]
... (truncated)
Changelog
Sourced from pillow's changelog.
9.3.0 (2022-10-29)
Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]
Initialize libtiff buffer when saving #6699 [radarhere]
Inline fname2char to fix memory leak #6329 [nulano]
Fix memory leaks related to text features #6330 [nulano]
Use double quotes for version check on old CPython on Windows #6695 [hugovk]
Remove backup implementation of Round for Windows platforms #6693 [cgohlke]
Fixed set_variation_by_name offset #6445 [radarhere]
Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]
Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]
Added ExifTags enums #6630 [radarhere]
Do not modify previous frame when calculating delta in PNG #6683 [radarhere]
Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]
Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]
Added GPS TIFF tag info #6661 [radarhere]
Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]
Do not attempt normalization if mode is already normal #6644 [radarhere]
... (truncated)
Commits
d594f4cUpdate CHANGES.rst [ci skip]909dc649.3.0 version bump1a51ce7Merge pull request #6699 from hugovk/security-libtiff_buffer2444cddMerge pull request #6700 from hugovk/security-samples_per_pixel-sec744f455Added release notes0846bfaAdd to release notes799a6a0Fix linting00b25fdHide UserWarning in logs05b175eTighter test case13f2c5aPrevent DOS with large SAMPLESPERPIXEL in Tiff IFD- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/byt3bl33d3r/MemeGenerator/network/alerts).
Bump nbconvert from 5.4.1 to 6.5.1
opened on 2022-08-23 17:51:46 by dependabot[bot]Bumps nbconvert from 5.4.1 to 6.5.1.
Release notes
Sourced from nbconvert's releases.
Release 6.5.1
No release notes provided.
6.5.0
What's Changed
- Drop dependency on testpath. by
@anntzerin jupyter/nbconvert#1723- Adopt pre-commit by
@blink1073in jupyter/nbconvert#1744- Add pytest settings and handle warnings by
@blink1073in jupyter/nbconvert#1745- Apply Autoformatters by
@blink1073in jupyter/nbconvert#1746- Add git-blame-ignore-revs by
@blink1073in jupyter/nbconvert#1748- Update flake8 config by
@blink1073in jupyter/nbconvert#1749- support bleach 5, add packaging and tinycss2 dependencies by
@bollwyvlin jupyter/nbconvert#1755- [pre-commit.ci] pre-commit autoupdate by
@pre-commit-ciin jupyter/nbconvert#1752- update cli example by
@leahecolein jupyter/nbconvert#1753- Clean up pre-commit by
@blink1073in jupyter/nbconvert#1757- Clean up workflows by
@blink1073in jupyter/nbconvert#1750New Contributors
@pre-commit-cimade their first contribution in jupyter/nbconvert#1752Full Changelog: https://github.com/jupyter/nbconvert/compare/6.4.5...6.5
6.4.3
What's Changed
- Add section to
customizingshowing how to use template inheritance by@stefanvin jupyter/nbconvert#1719- Remove ipython genutils by
@rgs258in jupyter/nbconvert#1727- Update changelog for 6.4.3 by
@blink1073in jupyter/nbconvert#1728New Contributors
@stefanvmade their first contribution in jupyter/nbconvert#1719@rgs258made their first contribution in jupyter/nbconvert#1727Full Changelog: https://github.com/jupyter/nbconvert/compare/6.4.2...6.4.3
6.4.0
What's Changed
- Optionally speed up validation by
@gwincr11in jupyter/nbconvert#1672- Adding missing div compared to JupyterLab DOM structure by
@SylvainCorlayin jupyter/nbconvert#1678- Allow passing extra args to code highlighter by
@yuvipandain jupyter/nbconvert#1683- Prevent page breaks in outputs when printing by
@SylvainCorlayin jupyter/nbconvert#1679- Add collapsers to template by
@SylvainCorlayin jupyter/nbconvert#1689- Fix recent pandoc latex tables by adding calc and array (#1536, #1566) by
@cgevansin jupyter/nbconvert#1686- Add an invalid notebook error by
@gwincr11in jupyter/nbconvert#1675- Fix typos in execute.py by
@TylerAnderson22in jupyter/nbconvert#1692- Modernize latex greek math handling (partially fixes #1673) by
@cgevansin jupyter/nbconvert#1687- Fix use of deprecated API and update test matrix by
@blink1073in jupyter/nbconvert#1696- Update nbconvert_library.ipynb by
@letterphilein jupyter/nbconvert#1695- Changelog for 6.4 by
@blink1073in jupyter/nbconvert#1697New Contributors
... (truncated)
Commits
7471b75Release 6.5.1c1943e0Fix pre-commit8685e93Fix tests0abf290Run black and prettier418d545Run test on 6.x branchbef65d7Convert input to string prior to escape HTML0818628Check input type before escapingb206470GHSL-2021-1017, GHSL-2021-1020, GHSL-2021-1021a03cbb8GHSL-2021-1026, GHSL-2021-102548fe71eGHSL-2021-1024- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/byt3bl33d3r/MemeGenerator/network/alerts).
Bump mistune from 0.8.4 to 2.0.3
opened on 2022-07-29 22:57:05 by dependabot[bot]Bumps mistune from 0.8.4 to 2.0.3.
Release notes
Sourced from mistune's releases.
Version 2.0.2
Fix
escape_urlvia lepture/mistune#295Version 2.0.1
Fix XSS for image link syntax.
Version 2.0.0
First release of Mistune v2.
Version 2.0.0 RC1
In this release, we have a Security Fix for harmful links.
Version 2.0.0 Alpha 1
This is the first release of v2. An alpha version for users to have a preview of the new mistune.
Changelog
Sourced from mistune's changelog.
Changelog
Here is the full history of mistune v2.
Version 2.0.4
Released on Jul 15, 2022
- Fix
urlplugin in<a>tag- Fix
*formattingVersion 2.0.3
Released on Jun 27, 2022
- Fix
tableplugin- Security fix for CVE-2022-34749
Version 2.0.2
Released on Jan 14, 2022Fix
escape_urlVersion 2.0.1
Released on Dec 30, 2021
XSS fix for image link syntax.
Version 2.0.0
Released on Dec 5, 2021This is the first non-alpha release of mistune v2.
Version 2.0.0rc1
Released on Feb 16, 2021
Version 2.0.0a6
</tr></table>
... (truncated)
Commits
3f422f1Version bump 2.0.3a6d4321Fix asteris emphasis regex CVE-2022-347495638e46Merge pull request #307 from jieter/patch-10eba471Fix typo in guide.rst61e9337Fix table plugin76dec68Add documentation for renderer heading when TOC enabled799cd11Version bump 2.0.2babb0cfMerge pull request #295 from dairiki/bug.escape_urlfc2cd53Make mistune.util.escape_url less aggressive3e8d352Version bump 2.0.1- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/byt3bl33d3r/MemeGenerator/network/alerts).
Bump notebook from 5.7.8 to 6.4.12
opened on 2022-06-16 23:29:53 by dependabot[bot]Bumps notebook from 5.7.8 to 6.4.12.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/byt3bl33d3r/MemeGenerator/network/alerts).
Bump ipython from 7.4.0 to 7.16.3
opened on 2022-01-21 19:57:19 by dependabot[bot]Bumps ipython from 7.4.0 to 7.16.3.
Commits
d43c7c7release 7.16.35fa1e40Merge pull request from GHSA-pq7m-3gw7-gq5x8df8971back to dev9f477b7release 7.16.2138f266bring back release helper from master branch5aa3634Merge pull request #13341 from meeseeksmachine/auto-backport-of-pr-13335-on-7...bcae8e0Backport PR #13335: What's new 7.16.28fcdcd3Pin Jedi to <0.17.2.2486838release 7.16.120bdc6ffix conda build- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/byt3bl33d3r/MemeGenerator/network/alerts).
Bump pygments from 2.3.1 to 2.7.4
opened on 2021-03-29 19:25:52 by dependabot[bot]Bumps pygments from 2.3.1 to 2.7.4.
Release notes
Sourced from pygments's releases.
2.7.4
Updated lexers:
Fix infinite loop in SML lexer (#1625)
Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)
Limit recursion with nesting Ruby heredocs (#1638)
Fix a few inefficient regexes for guessing lexers
Fix the raw token lexer handling of Unicode (#1616)
Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!
Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)
Fix incorrect MATLAB example (#1582)
Thanks to Google's OSS-Fuzz project for finding many of these bugs.
2.7.3
... (truncated)
Changelog
Sourced from pygments's changelog.
Version 2.7.4
(released January 12, 2021)
Updated lexers:
Fix infinite loop in SML lexer (#1625)
Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)
Limit recursion with nesting Ruby heredocs (#1638)
Fix a few inefficient regexes for guessing lexers
Fix the raw token lexer handling of Unicode (#1616)
Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!
Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)
Fix incorrect MATLAB example (#1582)
Thanks to Google's OSS-Fuzz project for finding many of these bugs.
Version 2.7.3
(released December 6, 2020)
... (truncated)
Commits
4d555d0Bump version to 2.7.4.fc3b05dUpdate CHANGES.ad21935Revert "Added dracula theme style (#1636)"e411506Prepare for 2.7.4 release.275e34ddoc: remove Perl 6 ref2e7e8c4Fix several exponential/cubic complexity regexes found by Ben Caller/Doyenseceb39c43xquery: fix pop from empty stack2738778fix coding style in test_analyzer_lexer02e0f09Added 'ERROR STOP' to fortran.py keywords. (#1665)c83fe48support added for css variables (#1633)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/byt3bl33d3r/MemeGenerator/network/alerts).