Simple web app example serving a PyTorch model using streamlit and FastAPI

Last update: Jan 6, 2023

Overview

streamlit-fastapi-model-serving

Simple example of usage of streamlit and FastAPI for ML model serving described on this blogpost and PyConES 2020 video.

When developing simple APIs that serve machine learning models, it can be useful to have both a backend (with API documentation) for other applications to call and a frontend for users to experiment with the functionality.

In this example, we serve an image semantic segmentation model using FastAPI for the backend service and streamlit for the frontend service. docker-compose orchestrates the two services and allows communication between them.

To run the example in a machine running Docker and docker-compose, run:

docker-compose build
docker-compose up

To visit the FastAPI documentation of the resulting service, visit http://localhost:8000 with a web browser.
To visit the streamlit UI, visit http://localhost:8501.

Logs can be inspected via:

docker-compose logs

Deployment

To deploy the app, one option is deployment on Heroku (with Dockhero). To do so:

rename docker-compose.yml to dockhero-compose.yml
create an app (we refer to its name as <my-app>) on a Heroku account
install locally the Heroku CLI, and enable the Dockhero plugin with heroku plugins:install dockhero
add to the app the DockHero add-on (and with a plan allowing enough RAM to run the model!)
in a command line enter heroku dh:compose up -d --app <my-app> to deploy the app
to find the address of the app on the web, enter heroku dh:open --app <my-app>
to visualize the api, visit the address adding port 8000/docs, e.g. http://dockhero-<named-assigned-to-my-app>-12345.dockhero.io:8000/docs(not https)
visit the address adding :8501 to visit the streamlit interface
logs are accessible via heroku logs -p dockhero --app <my-app>

Debugging

To modify and debug the app, development in containers can be useful (and kind of fun!).

Comments

after deployment on ubuntu the Streamlit page always shows "Please Wait"

I use ubuntu virtual machine 18.04 to deploy your program.

I use following steps to finish this.

sudo apt install docker.io
sudo apt install docker-compose
systemctl start docker
git clone the project code and enter the directory
sudo docker-compose build
sudo docker-compose up

then the streamlit page always display "Please Wait", when I refresh the page, the terminal logs a problem I search for a long time but I can not resolve. Thanks for your work and waiting for your reply.

streamlit    | Exception in thread ScriptRunner.scriptThread:
streamlit    | Traceback (most recent call last):
streamlit    |   File "/usr/local/lib/python3.7/threading.py", line 926, in _bootstrap_inner
streamlit    |     self.run()
streamlit    |   File "/usr/local/lib/python3.7/threading.py", line 870, in run
streamlit    |     self._target(*self._args, **self._kwargs)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/script_runner.py", line 172, in _process_request_queue
streamlit    |     self._run_script(data)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/script_runner.py", line 272, in _run_script
streamlit    |     self.on_event.send(ScriptRunnerEvent.SCRIPT_STARTED)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/blinker/base.py", line 267, in send
streamlit    |     for receiver in self.receivers_for(sender)]
streamlit    |   File "/usr/local/lib/python3.7/site-packages/blinker/base.py", line 267, in <listcomp>
streamlit    |     for receiver in self.receivers_for(sender)]
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 285, in _on_scriptrunner_event
streamlit    |     self._enqueue_new_report_message()
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 383, in _enqueue_new_report_message
streamlit    |     _populate_user_info_msg(imsg.user_info)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 706, in _populate_user_info_msg
streamlit    |     msg.installation_id = Installation.instance().installation_id
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 129, in instance
streamlit    |     cls._instance = Installation()
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 133, in __init__
streamlit    |     self.installation_id_v1 = str(uuid.uuid5(uuid.NAMESPACE_DNS, _get_machine_id()))
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 49, in _get_machine_id
streamlit    |     subprocess.run(["sudo", "dbus-uuidgen", "--ensure"])
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 488, in run
streamlit    |     with Popen(*popenargs, **kwargs) as process:
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 800, in __init__
streamlit    |     restore_signals, start_new_session)
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 1551, in _execute_child
streamlit    |     raise child_exception_type(errno_num, err_msg, err_filename)
streamlit    | FileNotFoundError: [Errno 2] No such file or directory: 'sudo': 'sudo'
streamlit    | 
streamlit    | Exception in thread ScriptRunner.scriptThread:
streamlit    | Traceback (most recent call last):
streamlit    |   File "/usr/local/lib/python3.7/threading.py", line 926, in _bootstrap_inner
streamlit    |     self.run()
streamlit    |   File "/usr/local/lib/python3.7/threading.py", line 870, in run
streamlit    |     self._target(*self._args, **self._kwargs)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/script_runner.py", line 172, in _process_request_queue
streamlit    |     self._run_script(data)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/script_runner.py", line 272, in _run_script
streamlit    |     self.on_event.send(ScriptRunnerEvent.SCRIPT_STARTED)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/blinker/base.py", line 267, in send
streamlit    |     for receiver in self.receivers_for(sender)]
streamlit    |   File "/usr/local/lib/python3.7/site-packages/blinker/base.py", line 267, in <listcomp>
streamlit    |     for receiver in self.receivers_for(sender)]
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 285, in _on_scriptrunner_event
streamlit    |     self._enqueue_new_report_message()
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 383, in _enqueue_new_report_message
streamlit    |     _populate_user_info_msg(imsg.user_info)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 706, in _populate_user_info_msg
streamlit    |     msg.installation_id = Installation.instance().installation_id
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 129, in instance
streamlit    |     cls._instance = Installation()
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 133, in __init__
streamlit    |     self.installation_id_v1 = str(uuid.uuid5(uuid.NAMESPACE_DNS, _get_machine_id()))
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 49, in _get_machine_id
streamlit    |     subprocess.run(["sudo", "dbus-uuidgen", "--ensure"])
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 488, in run
streamlit    |     with Popen(*popenargs, **kwargs) as process:
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 800, in __init__
streamlit    |     restore_signals, start_new_session)
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 1551, in _execute_child
streamlit    |     raise child_exception_type(errno_num, err_msg, err_filename)
streamlit    | FileNotFoundError: [Errno 2] No such file or directory: 'sudo': 'sudo'
streamlit    | 
streamlit    | Exception in thread ScriptRunner.scriptThread:
streamlit    | Traceback (most recent call last):
streamlit    |   File "/usr/local/lib/python3.7/threading.py", line 926, in _bootstrap_inner
streamlit    |     self.run()
streamlit    |   File "/usr/local/lib/python3.7/threading.py", line 870, in run
streamlit    |     self._target(*self._args, **self._kwargs)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/script_runner.py", line 172, in _process_request_queue
streamlit    |     self._run_script(data)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/script_runner.py", line 272, in _run_script
streamlit    |     self.on_event.send(ScriptRunnerEvent.SCRIPT_STARTED)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/blinker/base.py", line 267, in send
streamlit    |     for receiver in self.receivers_for(sender)]
streamlit    |   File "/usr/local/lib/python3.7/site-packages/blinker/base.py", line 267, in <listcomp>
streamlit    |     for receiver in self.receivers_for(sender)]
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 285, in _on_scriptrunner_event
streamlit    |     self._enqueue_new_report_message()
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 383, in _enqueue_new_report_message
streamlit    |     _populate_user_info_msg(imsg.user_info)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 706, in _populate_user_info_msg
streamlit    |     msg.installation_id = Installation.instance().installation_id
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 129, in instance
streamlit    |     cls._instance = Installation()
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 133, in __init__
streamlit    |     self.installation_id_v1 = str(uuid.uuid5(uuid.NAMESPACE_DNS, _get_machine_id()))
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 49, in _get_machine_id
streamlit    |     subprocess.run(["sudo", "dbus-uuidgen", "--ensure"])
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 488, in run
streamlit    |     with Popen(*popenargs, **kwargs) as process:
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 800, in __init__
streamlit    |     restore_signals, start_new_session)
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 1551, in _execute_child
streamlit    |     raise child_exception_type(errno_num, err_msg, err_filename)
streamlit    | FileNotFoundError: [Errno 2] No such file or directory: 'sudo': 'sudo'
streamlit    | 
streamlit    | Exception in thread ScriptRunner.scriptThread:
streamlit    | Traceback (most recent call last):
streamlit    |   File "/usr/local/lib/python3.7/threading.py", line 926, in _bootstrap_inner
streamlit    |     self.run()
streamlit    |   File "/usr/local/lib/python3.7/threading.py", line 870, in run
streamlit    |     self._target(*self._args, **self._kwargs)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/script_runner.py", line 172, in _process_request_queue
streamlit    |     self._run_script(data)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/script_runner.py", line 272, in _run_script
streamlit    |     self.on_event.send(ScriptRunnerEvent.SCRIPT_STARTED)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/blinker/base.py", line 267, in send
streamlit    |     for receiver in self.receivers_for(sender)]
streamlit    |   File "/usr/local/lib/python3.7/site-packages/blinker/base.py", line 267, in <listcomp>
streamlit    |     for receiver in self.receivers_for(sender)]
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 285, in _on_scriptrunner_event
streamlit    |     self._enqueue_new_report_message()
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 383, in _enqueue_new_report_message
streamlit    |     _populate_user_info_msg(imsg.user_info)
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/report_session.py", line 706, in _populate_user_info_msg
streamlit    |     msg.installation_id = Installation.instance().installation_id
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 129, in instance
streamlit    |     cls._instance = Installation()
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 133, in __init__
streamlit    |     self.installation_id_v1 = str(uuid.uuid5(uuid.NAMESPACE_DNS, _get_machine_id()))
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/metrics_util.py", line 49, in _get_machine_id
streamlit    |     subprocess.run(["sudo", "dbus-uuidgen", "--ensure"])
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 488, in run
streamlit    |     with Popen(*popenargs, **kwargs) as process:
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 800, in __init__
streamlit    |     restore_signals, start_new_session)
streamlit    |   File "/usr/local/lib/python3.7/subprocess.py", line 1551, in _execute_child
streamlit    |     raise child_exception_type(errno_num, err_msg, err_filename)
streamlit    | FileNotFoundError: [Errno 2] No such file or directory: 'sudo': 'sudo'

bug

opened by Presiton 4

fastapi exited with code 137

Hi Davide I am unfamiliar with FastAPI, but it looks very powerful! On running docker-compose up and uploading an image via the UI I get an error:

ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response'))
Traceback:

File "/usr/local/lib/python3.7/site-packages/streamlit/ScriptRunner.py", line 322, in _run_script
    exec(code, module.__dict__)
File "/streamlit/ui.py", line 37, in <module>
    segments = process(image, url + endpoint)
File "/streamlit/ui.py", line 30, in process
    timeout=8000,
File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 119, in post
    return request('post', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 498, in send
    raise ConnectionError(err, request=request)

And in the logs:

MacBook-Pro:streamlit-fastapi-model-serving robin$ docker-compose up
Starting fastapi ... done
Starting streamlit ... done
Attaching to fastapi, streamlit
streamlit    | 
streamlit    |   You can now view your Streamlit app in your browser.
streamlit    | 
streamlit    |   Network URL: http://172.18.0.3:8501
streamlit    |   External URL: http://2.26.108.101:8501
streamlit    | 
fastapi      | Using cache found in /root/.cache/torch/hub/pytorch_vision_v0.6.0
fastapi      | INFO:     Started server process [1]
fastapi      | INFO:     Waiting for application startup.
fastapi      | INFO:     Application startup complete.
fastapi      | INFO:     Uvicorn running on http://0.0.0.0:8000 (Press CTRL+C to quit)
fastapi exited with code 137

Have confirmed api is on 8000. Possibly I need to assign more memory to the container? Cheers

enhancement

opened by robmarkcole 4

Do not store a temporary file

Great article and tutorial @davidefiocco!

Just a tiny detail but I'm pretty sure you can just send the binary data from the image using https://pillow.readthedocs.io/en/latest/reference/Image.html#PIL.Image.Image.tobytes and a raw starlette.Response

Would love to read more about those subjects in the future!
enhancement

opened by julien-c 3

streamlit exited with code 1 due to TypeError in python3.7/site-packages/google/protobuf/descriptor.py

Thanks for the example of how to tie up FastAPI and streamlit in docker.

On two of my machines streamlit exited with code 1, as mentioned in the title. The full trace is pasted below. The solution I found was to upgrade the packages in streamlit/requirements.txt to their most recent versions:

-- original requirements.txt ---

streamlit==1.9.0 
requests==2.24.0
requests-toolbelt==0.9.1

-- modified requirements.txt ---

streamlit==1.10.0 
requests==2.28.1
requests-toolbelt==0.9.1

--- Screen output---

~/Downloads/streamlit-fastapi$ docker-compose up
Creating network "streamlit-fastapi_deploy_network" with driver "bridge"
Creating fastapi ... done
Creating streamlit ... done
Attaching to fastapi, streamlit
streamlit    | Traceback (most recent call last):
streamlit    |   File "/usr/local/bin/streamlit", line 5, in <module>
streamlit    |     from streamlit.cli import main
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/__init__.py", line 48, in <module>
streamlit    |     from streamlit.proto.RootContainer_pb2 import RootContainer
streamlit    |   File "/usr/local/lib/python3.7/site-packages/streamlit/proto/RootContainer_pb2.py", line 37, in <module>
streamlit    |     create_key=_descriptor._internal_create_key),
streamlit    |   File "/usr/local/lib/python3.7/site-packages/google/protobuf/descriptor.py", line 755, in __new__
streamlit    |     _message.Message._CheckCalledFromGeneratedFile()
streamlit    | TypeError: Descriptors cannot not be created directly.
streamlit    | If this call came from a _pb2.py file, your generated code is out of date and must be regenerated with protoc >= 3.19.0.
streamlit    | If you cannot immediately regenerate your protos, some other possible workarounds are:
streamlit    |  1. Downgrade the protobuf package to 3.20.x or lower.
streamlit    |  2. Set PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python (but this will use pure-Python parsing and will be much slower).
streamlit    | 
streamlit    | More information: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
streamlit exited with code 1
fastapi      | Downloading: "https://github.com/pytorch/vision/archive/v0.6.0.zip" to /root/.cache/torch/hub/v0.6.0.zip
fastapi      | Downloading: "https://download.pytorch.org/models/resnet101-5d3b4d8f.pth" to /root/.cache/torch/hub/checkpoints/resnet101-5d3b4d8f.pth
100.0%i      | 
fastapi      | Downloading: "https://download.pytorch.org/models/deeplabv3_resnet101_coco-586e9e4e.pth" to /root/.cache/torch/hub/checkpoints/deeplabv3_resnet101_coco-586e9e4e.pth
100.0%i      | 
fastapi      | INFO:     Started server process [1]
fastapi      | INFO:     Waiting for application startup.
fastapi      | INFO:     Application startup complete.
fastapi      | INFO:     Uvicorn running on http://0.0.0.0:8000 (Press CTRL+C to quit)
fastapi      | INFO:     172.19.0.1:51794 - "GET / HTTP/1.1" 404 Not Found

opened by slowglow 1

Bump pillow from 8.3.2 to 9.0.0 in /fastapi
Bumps pillow from 8.3.2 to 9.0.0.

Release notes

Sourced from pillow's releases.

9.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html

Changes

Restrict builtins for ImageMath.eval() #5923 [@radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [@radarhere]

Fixed ImagePath.Path array handling #5920 [@radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [@radarhere]

Removed redundant part of condition #5915 [@radarhere]

Explicitly enable strip chopping for large uncompressed TIFFs #5517 [@kmilos]

Use the Windows method to get TCL functions on Cygwin #5807 [@DWesl]

Changed error type to allow for incremental WebP parsing #5404 [@radarhere]

Improved I;16 operations on big endian #5901 [@radarhere]

Ensure that BMP pixel data offset does not ignore palette #5899 [@radarhere]

Limit quantized palette to number of colors #5879 [@radarhere]

Use latin1 encoding to decode bytes #5870 [@radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [@radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [@radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [@radarhere]

Added rounding when converting P and PA #5824 [@radarhere]

Improved putdata() documentation and data handling #5910 [@radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [@radarhere]

Image.NONE is only used for resampling and dithers #5908 [@radarhere]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [@radarhere]

Add Tidelift alignment action and badge #5763 [@aclark4life]

Replaced further direct invocations of setup.py #5906 [@radarhere]

Added ImageShow support for xdg-open #5897 [@m-shinder]

Fixed typo #5902 [@radarhere]

Switched from deprecated "setup.py install" to "pip install ." #5896 [@radarhere]

Support 16-bit grayscale ImageQt conversion #5856 [@cmbruns]

Fixed raising OSError in _safe_read when size is greater than SAFEBLOCK #5872 [@radarhere]

Convert subsequent GIF frames to RGB or RGBA #5857 [@radarhere]

WebP: Fix memory leak during decoding on failure #5798 [@ilai-deutel]

Do not prematurely return in ImageFile when saving to stdout #5665 [@infmagic2047]

Added support for top right and bottom right TGA orientations #5829 [@radarhere]

Corrected ICNS file length in header #5845 [@radarhere]

Block tile TIFF tags when saving #5839 [@radarhere]

Added line width argument to ImageDraw polygon #5694 [@radarhere]

Do not redeclare class each time when converting to NumPy #5844 [@radarhere]

Only prevent repeated polygon pixels when drawing with transparency #5835 [@radarhere]

Fix pushes_fd method signature #5833 [@hoodmane]

Add support for pickling TrueType fonts #5826 [@hugovk]

Only prefer command line tools SDK on macOS over default MacOSX SDK #5828 [@radarhere]

Fix compilation on 64-bit Termux #5793 [@landfillbaby]

Replace 'setup.py sdist' with '-m build --sdist' #5785 [@hugovk]

Use declarative package configuration #5784 [@hugovk]

Use title for display in ImageShow #5788 [@radarhere]

Fix for PyQt6 #5775 [@hugovk]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.0.0 (2022-01-02)

Restrict builtins for ImageMath.eval(). CVE-2022-22817 #5923 [radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [radarhere]

Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 #5920 [radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [radarhere]

Improved I;16 operations on big endian #5901 [radarhere]

Limit quantized palette to number of colors #5879 [radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [radarhere]

Added rounding when converting P and PA #5824 [radarhere]

Improved putdata() documentation and data handling #5910 [radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [hugovk]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [radarhere]

Added ImageShow support for xdg-open #5897 [m-shinder, radarhere]

Support 16-bit grayscale ImageQt conversion #5856 [cmbruns, radarhere]

Convert subsequent GIF frames to RGB or RGBA #5857 [radarhere]

... (truncated)

Commits

82541b6 9.0.0 version bump

cae5ac4 Merge pull request #5924 from radarhere/cves

ed4cf78 CVEs TBD

d7f60d1 Merge pull request #5923 from radarhere/imagemath_eval

8531b01 Restrict builtins for ImageMath.eval

1efb1d9 Merge pull request #5922 from radarhere/releasenotes

f6c7871 Added release notes for #5919, #5920 and #5921

032d2dc Update CHANGES.rst [ci skip]

baae9ec Merge pull request #5921 from radarhere/jpeg_eoi

1059eb5 If appended EOI did not work, do not keep trying

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump pillow from 7.1.2 to 8.1.1 in /fastapi
Bumps pillow from 7.1.2 to 8.1.1.

Release notes

Sourced from pillow's releases.

8.1.1

https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html

8.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html

Changes

Fix TIFF OOB Write error #5175 [@radarhere]

Fix for Buffer Read Overrun in PCX Decoding #5174 [@radarhere]

Fix for SGI Decode buffer overrun #5173 [@radarhere]

Fix OOB Read when saving GIF of xsize=1 #5149 [@wiredfool]

Add support for PySide6 #5161 [@hugovk]

Moved QApplication into one test #5167 [@radarhere]

Use disposal settings from previous frame in APNG #5126 [@radarhere]

Revert "skip wheels on 3.10-dev due to wheel#354" #5163 [@radarhere]

Better _binary module use #5156 [@radarhere]

Added exception explaining that repr_png saves to PNG #5139 [@radarhere]

Use previous disposal method in GIF load_end #5125 [@radarhere]

Do not catch a ValueError only to raise another #5090 [@radarhere]

Allow putpalette to accept 1024 integers to include alpha values #5089 [@radarhere]

Fix OOB Read when writing TIFF with custom Metadata #5148 [@wiredfool]

Removed unused variable #5140 [@radarhere]

Fix dereferencing of potential null pointers #5111 [@cgohlke]

Fixed warnings assigning to "unsigned char *" from "char *" #5127 [@radarhere]

Add append_images support for ICO #4568 [@ziplantil]

Fixed comparison warnings #5122 [@radarhere]

Block TIFFTAG_SUBIFD #5120 [@radarhere]

Fix dereferencing potential null pointer #5108 [@cgohlke]

Replaced PyErr_NoMemory with ImagingError_MemoryError #5113 [@radarhere]

Remove duplicate code #5109 [@cgohlke]

Moved warning to end of execution #4965 [@radarhere]

Removed unused fromstring and tostring C methods #5026 [@radarhere]

init() if one of the formats is unrecognised #5037 [@radarhere]

Dependencies

Updated libtiff to 4.2.0 #5153 [@radarhere]

Updated openjpeg to 2.4.0 #5151 [@radarhere]

Updated harfbuzz to 2.7.4 #5138 [@radarhere]

Updated harfbuzz to 2.7.3 #5128 [@radarhere]

Updated libraqm to 0.7.1 #5070 [@radarhere]

Updated libimagequant to 2.13.1 #5065 [@radarhere]

Update FriBiDi to 1.0.10 #5064 [@nulano]

Updated libraqm to 0.7.1 #5063 [@radarhere]

Updated libjpeg-turbo to 2.0.6 #5044 [@radarhere]

Deprecations

... (truncated)

Changelog

Sourced from pillow's changelog.

8.1.1 (2021-03-01)

Use more specific regex chars to prevent ReDoS. CVE-2021-25292 [hugovk]

Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291 [wiredfool]

Fix negative size read in TiffDecode.c. CVE-2021-25290 [wiredfool]

Fix OOB read in SgiRleDecode.c. CVE-2021-25293 [wiredfool]

Incorrect error code checking in TiffDecode.c. CVE-2021-25289 [wiredfool]

PyModule_AddObject fix for Python 3.10 #5194 [radarhere]

8.1.0 (2021-01-02)

Fix TIFF OOB Write error. CVE-2020-35654 #5175 [wiredfool]

Fix for Read Overflow in PCX Decoding. CVE-2020-35653 #5174 [wiredfool, radarhere]

Fix for SGI Decode buffer overrun. CVE-2020-35655 #5173 [wiredfool, radarhere]

Fix OOB Read when saving GIF of xsize=1 #5149 [wiredfool]

Makefile updates #5159 [wiredfool, radarhere]

Add support for PySide6 #5161 [hugovk]

Use disposal settings from previous frame in APNG #5126 [radarhere]

Added exception explaining that repr_png saves to PNG #5139 [radarhere]

Use previous disposal method in GIF load_end #5125 [radarhere]

... (truncated)

Commits

741d874 8.1.1 version bump

179cd1c Added 8.1.1 release notes to index

7d29665 Update CHANGES.rst [ci skip]

d25036f Credits

973a4c3 Release notes for 8.1.1

521dab9 Use more specific regex chars to prevent ReDoS

8b8076b Fix for CVE-2021-25291

e25be1e Fix negative size read in TiffDecode.c

f891baa Fix OOB read in SgiRleDecode.c

cbfdde7 Incorrect error code checking in TiffDecode.c

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
url is hardcoded to http://fastapi:8000 but how to handle not using docker compose?
The current approach of hardcoding http://fastapi:8000 requires the use of docker compose, but how do we also handle the case that users are running the containers seperately? A situation where this occurs might be if you want to run the pytorch model on a dedicate GPU machine, and have this resource shared by multiple services (e.g.a web UI, some analytics tools). One option I used here is to pass the machine IP in via an environment variable like:

environment: - DEEPSTACK_IP=deepstack

Anyway I raise this in the hope you have an even better suggestion. It would be great to identify the optimum solutions and share this back with the community :-)
opened by robmarkcole 1
Fix issues when running streamlit

It looks like bumping up streamlit requirements may solve https://github.com/davidefiocco/streamlit-fastapi-model-serving/issues/21 as older versions may be impacted by this problem: https://stackoverflow.com/questions/61871050/filenotfounderror-errno-2-no-such-file-or-directory-sudo-sudo

I tested this locally and it seems a viable fix.

opened by davidefiocco 0
Bump pillow from 8.3.2 to 9.0.1 in /fastapi
Bumps pillow from 8.3.2 to 9.0.1.

Release notes

Sourced from pillow's releases.

9.0.1

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html

Changes

In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [@radarhere, @hugovk]

Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

9.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html

Changes

Restrict builtins for ImageMath.eval() #5923 [@radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [@radarhere]

Fixed ImagePath.Path array handling #5920 [@radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [@radarhere]

Removed redundant part of condition #5915 [@radarhere]

Explicitly enable strip chopping for large uncompressed TIFFs #5517 [@kmilos]

Use the Windows method to get TCL functions on Cygwin #5807 [@DWesl]

Changed error type to allow for incremental WebP parsing #5404 [@radarhere]

Improved I;16 operations on big endian #5901 [@radarhere]

Ensure that BMP pixel data offset does not ignore palette #5899 [@radarhere]

Limit quantized palette to number of colors #5879 [@radarhere]

Use latin1 encoding to decode bytes #5870 [@radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [@radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [@radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [@radarhere]

Added rounding when converting P and PA #5824 [@radarhere]

Improved putdata() documentation and data handling #5910 [@radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [@radarhere]

Image.NONE is only used for resampling and dithers #5908 [@radarhere]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [@radarhere]

Add Tidelift alignment action and badge #5763 [@aclark4life]

Replaced further direct invocations of setup.py #5906 [@radarhere]

Added ImageShow support for xdg-open #5897 [@m-shinder]

Fixed typo #5902 [@radarhere]

Switched from deprecated "setup.py install" to "pip install ." #5896 [@radarhere]

Support 16-bit grayscale ImageQt conversion #5856 [@cmbruns]

Fixed raising OSError in _safe_read when size is greater than SAFEBLOCK #5872 [@radarhere]

Convert subsequent GIF frames to RGB or RGBA #5857 [@radarhere]

WebP: Fix memory leak during decoding on failure #5798 [@ilai-deutel]

Do not prematurely return in ImageFile when saving to stdout #5665 [@infmagic2047]

Added support for top right and bottom right TGA orientations #5829 [@radarhere]

Corrected ICNS file length in header #5845 [@radarhere]

Block tile TIFF tags when saving #5839 [@radarhere]

Added line width argument to ImageDraw polygon #5694 [@radarhere]

Do not redeclare class each time when converting to NumPy #5844 [@radarhere]

Only prevent repeated polygon pixels when drawing with transparency #5835 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.0.1 (2022-02-03)

In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [radarhere, hugovk]

Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

9.0.0 (2022-01-02)

Restrict builtins for ImageMath.eval(). CVE-2022-22817 #5923 [radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [radarhere]

Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 #5920 [radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [radarhere]

Improved I;16 operations on big endian #5901 [radarhere]

Limit quantized palette to number of colors #5879 [radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [radarhere]

Added rounding when converting P and PA #5824 [radarhere]

Improved putdata() documentation and data handling #5910 [radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [hugovk]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [radarhere]

... (truncated)

Commits

6deac9e 9.0.1 version bump

c04d812 Update CHANGES.rst [ci skip]

4fabec3 Added release notes for 9.0.1

02affaa Added delay after opening image with xdg-open

ca0b585 Updated formatting

427221e In show_file, use os.remove to remove temporary images

c930be0 Restrict builtins within lambdas for ImageMath.eval

75b69dd Dont need to pin for GHA

cd938a7 Autolink CWE numbers with sphinx-issues

2e9c461 Add CVE IDs

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump pillow from 8.2.0 to 8.3.2 in /fastapi
Bumps pillow from 8.2.0 to 8.3.2.

Release notes

Sourced from pillow's releases.

8.3.2

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html

Security

CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]

Fix 6-byte OOB read in FliDecode [wiredfool]

Python 3.10 wheels

Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]

Fixed regressions

Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression #5588 [kmilos, radarhere]

Updates for ImagePalette channel order #5599 [radarhere]

Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano]

8.3.1

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html

Changes

Catch OSError when checking if fp is sys.stdout #5585 [@radarhere]

Handle removing orientation from alternate types of EXIF data #5584 [@radarhere]

Make Image.array take optional dtype argument #5572 [@t-vi]

8.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html

Changes

Use snprintf instead of sprintf #5567 [@radarhere]

Limit TIFF strip size when saving with LibTIFF #5514 [@kmilos]

Allow ICNS save on all operating systems #4526 [@newpanjing]

De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [@gofr]

Do not use background or transparency index for new color #5564 [@radarhere]

Simplified code #5315 [@radarhere]

Replaced xml.etree.ElementTree #5565 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

8.3.2 (2021-09-02)

CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]

Fix 6-byte OOB read in FliDecode [wiredfool]

Add support for Python 3.10 #5569, #5570 [hugovk, radarhere]

Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression #5588 [kmilos, radarhere]

Updates for ImagePalette channel order #5599 [radarhere]

Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano]

8.3.1 (2021-07-06)

Catch OSError when checking if fp is sys.stdout #5585 [radarhere]

Handle removing orientation from alternate types of EXIF data #5584 [radarhere]

Make Image.array take optional dtype argument #5572 [t-vi, radarhere]

8.3.0 (2021-07-01)

Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere]

Limit TIFF strip size when saving with LibTIFF #5514 [kmilos]

Allow ICNS save on all operating systems #4526 [baletu, radarhere, newpanjing, hugovk]

De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [gofr, radarhere]

Replaced xml.etree.ElementTree #5565 [radarhere]

... (truncated)

Commits

8013f13 8.3.2 version bump

23c7ca8 Update CHANGES.rst

8450366 Update release notes

a0afe89 Update test case

9e08eb8 Raise ValueError if color specifier is too long

bd5cf7d FLI tests for Oss-fuzz crash.

94a0cf1 Fix 6-byte OOB read in FliDecode

cece64f Add 8.3.2 (2021-09-02) [CI skip]

e422386 Add release notes for Pillow 8.3.2

08dcbb8 Pillow 8.3.2 supports Python 3.10 [ci skip]

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump fastapi from 0.60.1 to 0.65.2 in /fastapi
Bumps fastapi from 0.60.1 to 0.65.2.

Release notes

Sourced from fastapi's releases.

0.65.2

Security fixes

🔒 Check Content-Type request header before assuming JSON. Initial PR #2118 by @patrickkwang.

This change fixes a CSRF security vulnerability when using cookies for authentication in path operations with JSON payloads sent by browsers.

In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json).

So, a request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted.

But requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. So, the browser would execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application.

See CVE-2021-32677 for more details.

Thanks to Dima Boger for the security report! 🙇🔒

Internal

🔧 Update sponsors badge, course bundle. PR #3340 by @tiangolo.

🔧 Add new gold sponsor Jina 🎉. PR #3291 by @tiangolo.

🔧 Add new banner sponsor badge for FastAPI courses bundle. PR #3288 by @tiangolo.

👷 Upgrade Issue Manager GitHub Action. PR #3236 by @tiangolo.

0.65.1

Security fixes

📌 Upgrade pydantic pin, to handle security vulnerability CVE-2021-29510. PR #3213 by @tiangolo.

0.65.0

Breaking Changes - Upgrade

⬆️ Upgrade Starlette to 0.14.2, including internal UJSONResponse migrated from Starlette. This includes several bug fixes and features from Starlette. PR #2335 by @hanneskuettner.

Translations

🌐 Initialize new language Polish for translations. PR #3170 by @neternefer.

Internal

👷 Add GitHub Action cache to speed up CI installs. PR #3204 by @tiangolo.

⬆️ Upgrade setup-python GitHub Action to v2. PR #3203 by @tiangolo.

🐛 Fix docs script to generate a new translation language with overrides boilerplate. PR #3202 by @tiangolo.

✨ Add new Deta banner badge with new sponsorship tier 🙇. PR #3194 by @tiangolo.

👥 Update FastAPI People. PR #3189 by @github-actions[bot].

🔊 Update FastAPI People to allow better debugging. PR #3188 by @tiangolo.

0.64.0

Features

... (truncated)

Commits

4d91f97 🔖 Release version 0.65.2

aabe2c7 📝 Update release notes

377234a 🔒 Create Security Policy

38b7858 📝 Update release notes

fa7e3c9 🐛 Check Content-Type request header before assuming JSON (#2118)

90120dd 📝 Update release notes

3677254 🔧 Update sponsors badge, course bundle (#3340)

40bb0c5 📝 Update release notes

60918d2 🔧 Add new gold sponsor Jina 🎉 (#3291)

3afce2c 📝 Update release notes

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump pillow from 9.0.1 to 9.3.0 in /fastapi
Bumps pillow from 9.0.1 to 9.3.0.

Release notes

Sourced from pillow's releases.

9.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

Changes

Initialize libtiff buffer when saving #6699 [@radarhere]

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [@wiredfool]

Inline fname2char to fix memory leak #6329 [@nulano]

Fix memory leaks related to text features #6330 [@nulano]

Use double quotes for version check on old CPython on Windows #6695 [@hugovk]

GHA: replace deprecated set-output command with GITHUB_OUTPUT file #6697 [@nulano]

Remove backup implementation of Round for Windows platforms #6693 [@cgohlke]

Upload fribidi.dll to GitHub Actions #6532 [@nulano]

Fixed set_variation_by_name offset #6445 [@radarhere]

Windows build improvements #6562 [@nulano]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [@cgohlke]

Only use ASCII characters in C source file #6691 [@cgohlke]

Release Python GIL when converting images using matrix operations #6418 [@hmaarrfk]

Added ExifTags enums #6630 [@radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [@radarhere]

Added support for reading BMP images with RLE4 compression #6674 [@npjg]

Decode JPEG compressed BLP1 data in original mode #6678 [@radarhere]

pylint warnings #6659 [@marksmayo]

Added GPS TIFF tag info #6661 [@radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [@radarhere]

Do not attempt normalization if mode is already normal #6644 [@radarhere]

Fixed seeking to an L frame in a GIF #6576 [@radarhere]

Consider all frames when selecting mode for PNG save_all #6610 [@radarhere]

Don't reassign crc on ChunkStream close #6627 [@radarhere]

Raise a warning if NumPy failed to raise an error during conversion #6594 [@radarhere]

Only read a maximum of 100 bytes at a time in IMT header #6623 [@radarhere]

Show all frames in ImageShow #6611 [@radarhere]

Allow FLI palette chunk to not be first #6626 [@radarhere]

If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode #6592 [@radarhere]

Round box position to integer when pasting embedded color #6517 [@radarhere]

Removed EXIF prefix when saving WebP #6582 [@radarhere]

Pad IM palette to 768 bytes when saving #6579 [@radarhere]

Added DDS BC6H reading #6449 [@ShadelessFox]

Added support for opening WhiteIsZero 16-bit integer TIFF images #6642 [@JayWiz]

Raise an error when allocating translucent color to RGB palette #6654 [@jsbueno]

Moved mode check outside of loops #6650 [@radarhere]

Added reading of TIFF child images #6569 [@radarhere]

Improved ImageOps palette handling #6596 [@PososikTeam]

Defer parsing of palette into colors #6567 [@radarhere]

Apply transparency to P images in ImageTk.PhotoImage #6559 [@radarhere]

Use rounding in ImageOps contain() and pad() #6522 [@bibinhashley]

Fixed GIF remapping to palette with duplicate entries #6548 [@radarhere]

Allow remap_palette() to return an image with less than 256 palette entries #6543 [@radarhere]

Corrected BMP and TGA palette size when saving #6500 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.3.0 (2022-10-29)

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

Initialize libtiff buffer when saving #6699 [radarhere]

Inline fname2char to fix memory leak #6329 [nulano]

Fix memory leaks related to text features #6330 [nulano]

Use double quotes for version check on old CPython on Windows #6695 [hugovk]

Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

Fixed set_variation_by_name offset #6445 [radarhere]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

Added ExifTags enums #6630 [radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

Added GPS TIFF tag info #6661 [radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

Do not attempt normalization if mode is already normal #6644 [radarhere]

... (truncated)

Commits

d594f4c Update CHANGES.rst [ci skip]

909dc64 9.3.0 version bump

1a51ce7 Merge pull request #6699 from hugovk/security-libtiff_buffer

2444cdd Merge pull request #6700 from hugovk/security-samples_per_pixel-sec

744f455 Added release notes

0846bfa Add to release notes

799a6a0 Fix linting

00b25fd Hide UserWarning in logs

05b175e Tighter test case

13f2c5a Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump streamlit from 1.10.0 to 1.11.1 in /streamlit
Bumps streamlit from 1.10.0 to 1.11.1.

Commits

b6429b6 Fix linting

f4b2051 Up version to 1.11.1

80d9979 Ignore component requests outside of the component root

4a04eef Replace legacy app URLs in docs with custom subdomains (#4959)

27c29ac Up version to 1.11.0

03babac Test that GitRepo can handle import failures (#4942)

4c39606 Fix table overflow styling (#4934)

26de600 Fix issue with wrongly applied colors with Pandas styler (#4940)

ad4547f Fix widgets overwrites from short to long-hand props (#4935)

3809637 Add gap param to st.columns (#4887)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Streamlit requests may fail if FastAPI backend hasn't initialized yet

As the app is started with docker-compose up, the streamlit service is likely the fastest to come online (the fastapi service needs to do the PyTorch model load). If the user visits the streamlit page and fires a call, the result may be

because the fastapi service is not responding yet.

The user should just wait a bit and then results should be returned OK, but it would be better to implement some sort of healthcheck so that streamlit requests can be handled more gracefully.
bug help wanted

opened by davidefiocco 2