Sourced from werkzeug's releases.

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/werkzeug/milestone/26?closed=1

This release contains security fixes for:

• https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
• https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q

2.2.2

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-2
• Milestone: https://github.com/pallets/werkzeug/milestone/25?closed=1

2.2.1

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-1
• Milestone: https://github.com/pallets/werkzeug/milestone/24?closed=1

2.2.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.2.x branch is now the supported bugfix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-0
• Milestone: https://github.com/pallets/werkzeug/milestone/20?closed=1

2.1.2

This is a fix release for the 2.1.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-2
• Milestone: https://github.com/pallets/werkzeug/milestone/22?closed=1

2.1.1

This is a fix release for the 2.1.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-1
• Milestone: https://github.com/pallets/werkzeug/milestone/19?closed=1

2.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.1.x branch is now the supported bugfix branch, the 2.0.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-0
• Milestone: https://github.com/pallets/werkzeug/milestone/16?closed=1

2.0.3

• Changes: https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-3
• Milestone: https://github.com/pallets/werkzeug/milestone/18?closed=1

... (truncated)

Sourced from werkzeug's changelog.

Version 2.2.3

Released 2023-02-14

• Ensure that URL rules using path converters will redirect with strict slashes when the trailing slash is missing. :issue:2533
• Type signature for get_json specifies that return type is not optional when silent=False. :issue:2508
• parse_content_range_header returns None for a value like bytes */-1 where the length is invalid, instead of raising an AssertionError. :issue:2531
• Address remaining ResourceWarning related to the socket used by run_simple. Remove prepare_socket, which now happens when creating the server. :issue:2421
• Update pre-existing headers for multipart/form-data requests with the test client. :issue:2549
• Fix handling of header extended parameters such that they are no longer quoted. :issue:2529
• LimitedStream.read works correctly when wrapping a stream that may not return the requested size in one read call. :issue:2558
• A cookie header that starts with = is treated as an empty key and discarded, rather than stripping the leading ==.
• Specify a maximum number of multipart parts, default 1000, after which a RequestEntityTooLarge exception is raised on parsing. This mitigates a DoS attack where a larger number of form/file parts would result in disproportionate resource use.

Version 2.2.2

Released 2022-08-08

• Fix router to restore the 2.1 strict_slashes == False behaviour whereby leaf-requests match branch rules and vice versa. :pr:2489
• Fix router to identify invalid rules rather than hang parsing them, and to correctly parse / within converter arguments. :pr:2489
• Update subpackage imports in :mod:werkzeug.routing to use the import as syntax for explicitly re-exporting public attributes. :pr:2493
• Parsing of some invalid header characters is more robust. :pr:2494
• When starting the development server, a warning not to use it in a production deployment is always shown. :issue:2480
• LocalProxy.__wrapped__ is always set to the wrapped object when the proxy is unbound, fixing an issue in doctest that would cause it to fail. :issue:2485
• Address one ResourceWarning related to the socket used by run_simple. :issue:2421

... (truncated)

• 22a254f release version 2.2.3
• 517cac5 Merge pull request from GHSA-xg9f-g7g7-2323
• babc8d9 rewrite docs about request data limits
• 09449ee clean up docs
• fe899d0 limit the maximum number of multipart form parts
• cf275f4 Merge pull request from GHSA-px8h-6qxv-m22q
• 8c2b4b8 don't strip leading = when parsing cookie
• 7c7ce5c [pre-commit.ci] pre-commit autoupdate (#2585)
• 19ae03e [pre-commit.ci] auto fixes from pre-commit.com hooks
• a83d3b8 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Sourced from ipython's releases.

See https://pypi.org/project/ipython/

We do not use GitHub release anymore. Please see PyPI https://pypi.org/project/ipython/

7.9.0

No release notes provided.

7.8.0

No release notes provided.

7.7.0

No release notes provided.

7.6.1

No release notes provided.

7.6.0

No release notes provided.

7.5.0

No release notes provided.

7.4.0

No release notes provided.

7.3.0

No release notes provided.

• 15ea1ed release 8.10.0
• 560ad10 DOC: Update what's new for 8.10 (#13939)
• 7557ade DOC: Update what's new for 8.10
• 385d693 Merge pull request from GHSA-29gw-9793-fvw7
• e548ee2 Swallow potential exceptions from showtraceback() (#13934)
• 0694b08 MAINT: mock slowest test. (#13885)
• 8655912 MAINT: mock slowest test.
• a011765 Isolate the attack tests with setUp and tearDown methods
• c7a9470 Add some regression tests for this change
• fd34cf5 Swallow potential exceptions from showtraceback()
• Additional commits viewable in compare view

Sourced from cryptography's changelog.

39.0.1 - 2023-02-07

* **SECURITY ISSUE** - Fixed a bug where ``Cipher.update_into`` accepted Python
  buffer protocol objects, but allowed immutable buffers. **CVE-2023-23931**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.8.
.. _v39-0-0:
39.0.0 - 2023-01-01

• BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.1.0 has been removed. Users on older version of OpenSSL will need to upgrade.
• BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.5. The new minimum LibreSSL version is 3.5.0. Going forward our policy is to support versions of LibreSSL that are available in versions of OpenBSD that are still receiving security support.
• BACKWARDS INCOMPATIBLE: Removed the encode_point and from_encoded_point methods on :class:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers, which had been deprecated for several years. :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes and :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point should be used instead.
• BACKWARDS INCOMPATIBLE: Support for using MD5 or SHA1 in :class:~cryptography.x509.CertificateBuilder, other X.509 builders, and PKCS7 has been removed.
• BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.10 and 10.11, macOS users must upgrade to 10.12 or newer.
• ANNOUNCEMENT: The next version of cryptography (40.0) will change the way we link OpenSSL. This will only impact users who build cryptography from source (i.e., not from a wheel), and specify their own version of OpenSSL. For those users, the CFLAGS, LDFLAGS, INCLUDE, LIB, and CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS environment variables will no longer be respected. Instead, users will need to configure their builds as documented here_.
• Added support for :ref:disabling the legacy provider in OpenSSL 3.0.x<legacy-provider>.
• Added support for disabling RSA key validation checks when loading RSA keys via :func:~cryptography.hazmat.primitives.serialization.load_pem_private_key, :func:~cryptography.hazmat.primitives.serialization.load_der_private_key, and :meth:~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers.private_key. This speeds up key loading but is :term:unsafe if you are loading potentially attacker supplied keys.
• Significantly improved performance for :class:~cryptography.hazmat.primitives.ciphers.aead.ChaCha20Poly1305

... (truncated)

• d6951dc changelog + security fix backport (#8231)
• 138da90 workaround scapy bug in downstream tests (#8218) (#8228)
• 69527bc bookworm is py311 now (#8200)
• 111deef backport main branch CI to 39.0.x (#8153)
• 338a65a 39.0.0 version bump (#7954)
• 84a3cd7 automatically download and upload circleci wheels (#7949)
• 525c0b3 Type annotate release.py (#7951)
• 46d2a94 Use the latest 3.10 release when wheel building (#7953)
• f150dc1 fix CI to work with ubuntu 22.04 (#7950)
• 8867724 fix README for python3 (#7947)
• Additional commits viewable in compare view

• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

Sourced from pillow's releases.

9.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

Changes

• Initialize libtiff buffer when saving #6699 [@​radarhere]
• Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [@​wiredfool]
• Inline fname2char to fix memory leak #6329 [@​nulano]
• Fix memory leaks related to text features #6330 [@​nulano]
• Use double quotes for version check on old CPython on Windows #6695 [@​hugovk]
• GHA: replace deprecated set-output command with GITHUB_OUTPUT file #6697 [@​nulano]
• Remove backup implementation of Round for Windows platforms #6693 [@​cgohlke]
• Upload fribidi.dll to GitHub Actions #6532 [@​nulano]
• Fixed set_variation_by_name offset #6445 [@​radarhere]
• Windows build improvements #6562 [@​nulano]
• Fix malloc in _imagingft.c:font_setvaraxes #6690 [@​cgohlke]
• Only use ASCII characters in C source file #6691 [@​cgohlke]
• Release Python GIL when converting images using matrix operations #6418 [@​hmaarrfk]
• Added ExifTags enums #6630 [@​radarhere]
• Do not modify previous frame when calculating delta in PNG #6683 [@​radarhere]
• Added support for reading BMP images with RLE4 compression #6674 [@​npjg]
• Decode JPEG compressed BLP1 data in original mode #6678 [@​radarhere]
• pylint warnings #6659 [@​marksmayo]
• Added GPS TIFF tag info #6661 [@​radarhere]
• Added conversion between RGB/RGBA/RGBX and LAB #6647 [@​radarhere]
• Do not attempt normalization if mode is already normal #6644 [@​radarhere]
• Fixed seeking to an L frame in a GIF #6576 [@​radarhere]
• Consider all frames when selecting mode for PNG save_all #6610 [@​radarhere]
• Don't reassign crc on ChunkStream close #6627 [@​radarhere]
• Raise a warning if NumPy failed to raise an error during conversion #6594 [@​radarhere]
• Only read a maximum of 100 bytes at a time in IMT header #6623 [@​radarhere]
• Show all frames in ImageShow #6611 [@​radarhere]
• Allow FLI palette chunk to not be first #6626 [@​radarhere]
• If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode #6592 [@​radarhere]
• Round box position to integer when pasting embedded color #6517 [@​radarhere]
• Removed EXIF prefix when saving WebP #6582 [@​radarhere]
• Pad IM palette to 768 bytes when saving #6579 [@​radarhere]
• Added DDS BC6H reading #6449 [@​ShadelessFox]
• Added support for opening WhiteIsZero 16-bit integer TIFF images #6642 [@​JayWiz]
• Raise an error when allocating translucent color to RGB palette #6654 [@​jsbueno]
• Moved mode check outside of loops #6650 [@​radarhere]
• Added reading of TIFF child images #6569 [@​radarhere]
• Improved ImageOps palette handling #6596 [@​PososikTeam]
• Defer parsing of palette into colors #6567 [@​radarhere]
• Apply transparency to P images in ImageTk.PhotoImage #6559 [@​radarhere]
• Use rounding in ImageOps contain() and pad() #6522 [@​bibinhashley]
• Fixed GIF remapping to palette with duplicate entries #6548 [@​radarhere]
• Allow remap_palette() to return an image with less than 256 palette entries #6543 [@​radarhere]
• Corrected BMP and TGA palette size when saving #6500 [@​radarhere]

... (truncated)

Sourced from pillow's changelog.

9.3.0 (2022-10-29)

• Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

• Initialize libtiff buffer when saving #6699 [radarhere]

• Inline fname2char to fix memory leak #6329 [nulano]

• Fix memory leaks related to text features #6330 [nulano]

• Use double quotes for version check on old CPython on Windows #6695 [hugovk]

• Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

• Fixed set_variation_by_name offset #6445 [radarhere]

• Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

• Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

• Added ExifTags enums #6630 [radarhere]

• Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

• Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

• Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

• Added GPS TIFF tag info #6661 [radarhere]

• Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

• Do not attempt normalization if mode is already normal #6644 [radarhere]

... (truncated)

• d594f4c Update CHANGES.rst [ci skip]
• 909dc64 9.3.0 version bump
• 1a51ce7 Merge pull request #6699 from hugovk/security-libtiff_buffer
• 2444cdd Merge pull request #6700 from hugovk/security-samples_per_pixel-sec
• 744f455 Added release notes
• 0846bfa Add to release notes
• 799a6a0 Fix linting
• 00b25fd Hide UserWarning in logs
• 05b175e Tighter test case
• 13f2c5a Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD
• Additional commits viewable in compare view