Sourced from weasyprint's releases.

v54.1

Features

• #1547: Handle break-inside: avoid on tr tags

Bug fixes

• #1540, #1239: Handle absolute children in running elements
• #1538: Handle invalid values in text-align
• #1536: Handle absolute flex boxes

v54.0

This version also includes the changes from unstable v54.0b1.

Bug fixes

• #1531 Always use absolute paths to get hrefs in SVG
• #1523 Fix many rendering problems of broken tables
• e1aee70 Fix support of fonts with SVG emojis

Read more on CourtBouillon’s blog.

v54.0b1

This version is experimental, don't use it in production. If you find bugs, please report them!

Dependencies

• html5lib 1.1+ is now needed.

New features

• #1509: Support footnotes, with financial support from Code & Co.
• #36: Handle parallel flows for floats, absolutes, table-cells
• #1389: Support text-align-last and text-align-all properties
• #1434: Draw SVG and PNG emojis
• #1520: Support overflow-wrap: anywhere
• #1435: Add environment variable to set DLL folder on Windows

Performance

• #1439: Cache SVG use tags
• #1481: Encode non-JPEG images as PNGs instead of JPEG2000s

Bug fixes

• #137: Don’t use text-transform text for content-based uses
• #1443: Don’t serialize and parse again inline SVG files
• #607: Correctly handle whitespaces in bookmark labels
• #1094: Fix column height with column-span content
• #1473: Fix absolutely positioned boxes in duplicated pages

... (truncated)

Sourced from weasyprint's changelog.

Version 54.1

Released on 2022-01-31.

Features:

• [#1547](https://github.com/Kozea/WeasyPrint/issues/1547) <https://github.com/Kozea/WeasyPrint/issues/1547>_: Handle break-inside: avoid on tr tags

Bug fixes:

• [#1540](https://github.com/Kozea/WeasyPrint/issues/1540) <https://github.com/Kozea/WeasyPrint/issues/1540>, [#1239](https://github.com/Kozea/WeasyPrint/issues/1239) <https://github.com/Kozea/WeasyPrint/issues/1239>: Handle absolute children in running elements
• [#1538](https://github.com/Kozea/WeasyPrint/issues/1538) <https://github.com/Kozea/WeasyPrint/issues/1538>_: Handle invalid values in text-align
• [#1536](https://github.com/Kozea/WeasyPrint/issues/1536) <https://github.com/Kozea/WeasyPrint/issues/1536>_: Handle absolute flex boxes

Contirbutors:

• Guillaume Ayoub
• Lucie Anglade

Backers and sponsors:

• H-Net: Humanities and Social Sciences Online
• Grip Angebotssoftware
• Manuel Barkhau
• SimonSoft
• Menutech
• KontextWork
• Crisp BV
• Maykin Media
• René Fritz
• Simon Sapin
• NCC Group
• Nathalie Gutton
• Andreas Zettl
• Tom Pohl
• Spacinov
• Des images et des mots
• Moritz Mahringer
• Florian Demmer
• Yanal-Yvez Fargialla
• Gábor
• Piotr Horzycki

... (truncated)

• 7882ff1 Version 54.1
• 563ee6f Handle break-inside: avoid in tr
• 8b0f147 Handle more cases of margin-break use cases
• 4f43434 Avoid infinite loops with td with break-inside: avoid
• 0ae65b8 Layout positioned boxes in page margins
• cd8a463 Related to #1540.
• f8c9747 Don’t crash when running elements aren’t ParentBoxes
• 608de69 Fix #1538.
• 72d05e3 Don’t crash with absolute flex boxes
• a1ff9d4 Version 54.0
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from jinja2's releases.

3.0.1

• Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-1

3.0.0

New major versions of all the core Pallets libraries, including Jinja 3.0, have been released! :tada:

• Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/
• Read the full list of changes: https://jinja.palletsprojects.com/changes/#version-3-0-0
• Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048
• Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

3.0.0rc2

Fixes an issue with the deprecated Markup subclass, #1401.

• Changes: https://jinja.palletsprojects.com/en/master/changes/#version-3-0-0

3.0.0rc1

• Changes: https://jinja.palletsprojects.com/en/master/changes/#version-3-0-0

Sourced from jinja2's changelog.

Version 3.0.1

Released 2021-05-18

• Update MarkupSafe dependency to >= 2.0. :pr:1418
• Mark top-level names as exported so type checking understands imports in user projects. :issue:1426
• Fix some types that weren't available in Python 3.6.0. :issue:1433
• The deprecation warning for unneeded autoescape and with_ extensions shows more relevant context. :issue:1429
• Fixed calling deprecated jinja2.Markup without an argument. Use markupsafe.Markup instead. :issue:1438
• Calling sync render for an async template uses asyncio.run on Python >= 3.7. This fixes a deprecation that Python 3.10 introduces. :issue:1443

Version 3.0.0

Released 2021-05-11

• Drop support for Python 2.7 and 3.5.
• Bump MarkupSafe dependency to >=1.1.
• Bump Babel optional dependency to >=2.1.
• Remove code that was marked deprecated.
• Add type hinting. :pr:1412
• Use :pep:451 API to load templates with :class:~loaders.PackageLoader. :issue:1168
• Fix a bug that caused imported macros to not have access to the current template's globals. :issue:688
• Add ability to ignore trim_blocks using +%}. :issue:1036
• Fix a bug that caused custom async-only filters to fail with constant input. :issue:1279
• Fix UndefinedError incorrectly being thrown on an undefined variable instead of Undefined being returned on NativeEnvironment on Python 3.10. :issue:1335
• Blocks can be marked as required. They must be overridden at some point, but not necessarily by the direct child. :issue:1147
• Deprecate the autoescape and with extensions, they are built-in to the compiler. :issue:1203
• The urlize filter recognizes mailto: links and takes extra_schemes (or env.policies["urlize.extra_schemes"]) to recognize other schemes. It tries to balance parentheses within a URL instead of ignoring trailing characters. The parsing in general has been updated to be more efficient and match more cases. URLs without a scheme are linked as https:// instead of http://. :issue:522, 827, 1172, :pr:1195
• Filters that get attributes, such as map and groupby, can

... (truncated)

• 3b3e16f Merge pull request #1445 from pallets/release-3.0.1
• 4d23bfb release version 3.0.1
• 77674b9 Merge pull request #1444 from pallets/event-loop
• 7d0b7ac use asyncio.run
• 94a6423 Merge pull request #1442 from dannysepler/use-pathlib-in-places
• 06c646d Use pathlib in some test places
• 9f5db9a Merge pull request #1440 from pallets/deprecated-markup
• f562a4f fix deprecated Markup subclass
• fb564a8 Merge pull request #1436 from pallets/deprecated-extensions
• b4d31e7 show context for deprecated extensions
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• f4b19fd Make new version
• 9407fdc Merge pull request #331 from rubendibattista/lineno-attr-error
• 4dba2ff Merge pull request #333 from mattst88/python-3.9-ast-changes
• 46a3403 Handle AST.expr in static object analysis
• 02284e4 Handle AST.expr in _Subscript()
• a63ae26 Fix test expectations for Python 3.9 AST changes
• 5fbce2b Test for Python 3.9 as well
• 0aec7ea Merge pull request #332 from climbus/master
• d6126a8 create_generate with goal_resource param
• 1876b3e Merge pull request #330 from rubendibattista/relative-imports
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 95d2a4c Prepare for 0.8 release.
• 75b24ef Merged changes from bpo-33796 and bpo-33805. (#140)
• 5eee0b0 Fixed "sort order" -> "insertion order".
• abf5b54 Merge branch 'issue-146-add-requires-3.6'
• 44724c4 Require python 3.6 only.
• fdb959c Format with black.
• ae712dd Make pypi shield link to project's pypi page (#137)
• d4c87c6 Fix URL for test_dataclasses.py.
• b2fc54c Removed PEP. It should only be referenced from the PEP repo.
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from kaleido's releases.

v0.2.1.post1

Adds arm32 support, no changes to other architectures so they aren't published with this tag.

• cc1cc99 Arm32 architecture (#82)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from pillow's releases.

8.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html

Changes

• Security fixes for 8.2.0 #5377 [@​hugovk]
• Move getxmp() to JpegImageFile #5376 [@​radarhere]
• Added getxmp() method #5144 [@​UrielMaD]
• Compile LibTIFF with CMake on Windows #5359 [@​nulano]
• Add ImageShow support for GraphicsMagick #5349 [@​latosha-maltba]
• Tiff crash fixes in TiffDecode.c #5372 [@​wiredfool]
• Remove redundant check (addition to #5364) #5366 [@​kkopachev]
• Do not load transparent pixels from subsequent GIF frames #5333 [@​radarhere]
• Use LZW encoding when saving GIF images #5291 [@​raygard]
• Set all transparent colors to be equal in quantize() #5282 [@​radarhere]
• Allow PixelAccess to use Python int when parsing x and y #5206 [@​radarhere]
• Removed Image._MODEINFO #5316 [@​radarhere]
• Add preserve_tone option to autocontrast #5350 [@​elejke]
• Only import numpy when necessary #5323 [@​radarhere]
• Fixed linear_gradient and radial_gradient I and F modes #5274 [@​radarhere]
• Add support for reading TIFFs with PlanarConfiguration=2 #5364 [@​wiredfool]
• More OSS-Fuzz support #5328 [@​wiredfool]
• Do not premultiply alpha when resizing with Image.NEAREST resampling #5304 [@​nulano]
• Use quantization method attributes #5353 [@​radarhere]
• Dynamically link FriBiDi instead of Raqm #5062 [@​nulano]
• Removed build_distance_tables return value #5363 [@​radarhere]
• Allow fewer PNG palette entries than the bit depth maximum when saving #5330 [@​radarhere]
• Use duration from info dictionary when saving WebP #5338 [@​radarhere]
• Improved efficiency when creating GIF disposal images #5326 [@​radarhere]
• Stop flattening EXIF IFD into getexif() #4947 [@​radarhere]
• Replaced tiff_deflate with tiff_adobe_deflate compression when saving TIFF images #5343 [@​radarhere]
• Save ICC profile from TIFF encoderinfo #5321 [@​radarhere]
• Moved RGB fix inside ImageQt class #5268 [@​radarhere]
• Fix -Wformat error in TiffDecode #5305 [@​lukegb]
• Allow alpha_composite destination to be negative #5313 [@​radarhere]
• Ensure file is closed if it is opened by ImageQt.ImageQt #5260 [@​radarhere]
• Added ImageDraw rounded_rectangle method #5208 [@​radarhere]
• Added IPythonViewer #5289 [@​radarhere]
• Only draw each rectangle outline pixel once #5183 [@​radarhere]
• Use mmap instead of built-in Win32 mapper #5224 [@​radarhere]
• Handle PCX images with an odd stride #5214 [@​radarhere]
• Only read different sizes for "Large Thumbnail" MPO frames #5168 [@​radarhere]

Dependencies

• Updated harfbuzz to 2.8.0 #5334 [@​radarhere]

Deprecations

... (truncated)

Sourced from pillow's changelog.

8.2.0 (2021-04-01)

• Added getxmp() method #5144 [UrielMaD, radarhere]

• Add ImageShow support for GraphicsMagick #5349 [latosha-maltba, radarhere]

• Do not load transparent pixels from subsequent GIF frames #5333 [zewt, radarhere]

• Use LZW encoding when saving GIF images #5291 [raygard]

• Set all transparent colors to be equal in quantize() #5282 [radarhere]

• Allow PixelAccess to use Python int when parsing x and y #5206 [radarhere]

• Removed Image._MODEINFO #5316 [radarhere]

• Add preserve_tone option to autocontrast #5350 [elejke, radarhere]

• Fixed linear_gradient and radial_gradient I and F modes #5274 [radarhere]

• Add support for reading TIFFs with PlanarConfiguration=2 #5364 [kkopachev, wiredfool, nulano]

• Deprecated categories #5351 [radarhere]

• Do not premultiply alpha when resizing with Image.NEAREST resampling #5304 [nulano]

• Dynamically link FriBiDi instead of Raqm #5062 [nulano]

• Allow fewer PNG palette entries than the bit depth maximum when saving #5330 [radarhere]

• Use duration from info dictionary when saving WebP #5338 [radarhere]

• Stop flattening EXIF IFD into getexif() #4947 [radarhere, kkopachev]

... (truncated)

• e0e353c 8.2.0 version bump
• ee635be Merge pull request #5377 from hugovk/security-and-release-notes
• 694c84f Fix typo [ci skip]
• 8febdad Review, typos and lint
• fea4196 Reorder, roughly alphabetic
• 496245a Fix BLP DOS -- CVE-2021-28678
• 22e9bee Fix DOS in PSDImagePlugin -- CVE-2021-28675
• ba65f0b Fix Memory DOS in ImageFont
• bb6c11f Fix FLI DOS -- CVE-2021-28676
• 5a5e6db Fix EPS DOS on _open -- CVE-2021-28677
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from pillow's releases.

8.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html

Changes

• Security fixes for 8.2.0 #5377 [@hugovk]
• Move getxmp() to JpegImageFile #5376 [@radarhere]
• Added getxmp() method #5144 [@UrielMaD]
• Compile LibTIFF with CMake on Windows #5359 [@nulano]
• Add ImageShow support for GraphicsMagick #5349 [@latosha-maltba]
• Tiff crash fixes in TiffDecode.c #5372 [@wiredfool]
• Remove redundant check (addition to #5364) #5366 [@kkopachev]
• Do not load transparent pixels from subsequent GIF frames #5333 [@radarhere]
• Use LZW encoding when saving GIF images #5291 [@raygard]
• Set all transparent colors to be equal in quantize() #5282 [@radarhere]
• Allow PixelAccess to use Python int when parsing x and y #5206 [@radarhere]
• Removed Image._MODEINFO #5316 [@radarhere]
• Add preserve_tone option to autocontrast #5350 [@elejke]
• Only import numpy when necessary #5323 [@radarhere]
• Fixed linear_gradient and radial_gradient I and F modes #5274 [@radarhere]
• Add support for reading TIFFs with PlanarConfiguration=2 #5364 [@wiredfool]
• More OSS-Fuzz support #5328 [@wiredfool]
• Do not premultiply alpha when resizing with Image.NEAREST resampling #5304 [@nulano]
• Use quantization method attributes #5353 [@radarhere]
• Dynamically link FriBiDi instead of Raqm #5062 [@nulano]
• Removed build_distance_tables return value #5363 [@radarhere]
• Allow fewer PNG palette entries than the bit depth maximum when saving #5330 [@radarhere]
• Use duration from info dictionary when saving WebP #5338 [@radarhere]
• Improved efficiency when creating GIF disposal images #5326 [@radarhere]
• Stop flattening EXIF IFD into getexif() #4947 [@radarhere]
• Replaced tiff_deflate with tiff_adobe_deflate compression when saving TIFF images #5343 [@radarhere]
• Save ICC profile from TIFF encoderinfo #5321 [@radarhere]
• Moved RGB fix inside ImageQt class #5268 [@radarhere]
• Fix -Wformat error in TiffDecode #5305 [@lukegb]
• Allow alpha_composite destination to be negative #5313 [@radarhere]
• Ensure file is closed if it is opened by ImageQt.ImageQt #5260 [@radarhere]
• Added ImageDraw rounded_rectangle method #5208 [@radarhere]
• Added IPythonViewer #5289 [@radarhere]
• Only draw each rectangle outline pixel once #5183 [@radarhere]
• Use mmap instead of built-in Win32 mapper #5224 [@radarhere]
• Handle PCX images with an odd stride #5214 [@radarhere]
• Only read different sizes for "Large Thumbnail" MPO frames #5168 [@radarhere]

Dependencies

• Updated harfbuzz to 2.8.0 #5334 [@radarhere]

Deprecations

... (truncated)

Sourced from pillow's changelog.

8.2.0 (2021-04-01)

• Added getxmp() method #5144 [UrielMaD, radarhere]
• Add ImageShow support for GraphicsMagick #5349 [latosha-maltba, radarhere]
• Do not load transparent pixels from subsequent GIF frames #5333 [zewt, radarhere]
• Use LZW encoding when saving GIF images #5291 [raygard]
• Set all transparent colors to be equal in quantize() #5282 [radarhere]
• Allow PixelAccess to use Python __int__ when parsing x and y #5206 [radarhere]
• Removed Image._MODEINFO #5316 [radarhere]
• Add preserve_tone option to autocontrast #5350 [elejke, radarhere]
• Fixed linear_gradient and radial_gradient I and F modes #5274 [radarhere]
• Add support for reading TIFFs with PlanarConfiguration=2 #5364 [kkopachev, wiredfool, nulano]
• Deprecated categories #5351 [radarhere]
• Do not premultiply alpha when resizing with Image.NEAREST resampling #5304 [nulano]
• Dynamically link FriBiDi instead of Raqm #5062 [nulano]
• Allow fewer PNG palette entries than the bit depth maximum when saving #5330 [radarhere]
• Use duration from info dictionary when saving WebP #5338 [radarhere]
• Stop flattening EXIF IFD into getexif() #4947 [radarhere, kkopachev]
• Replaced tiff_deflate with tiff_adobe_deflate compression when saving TIFF images #5343 [radarhere]
• Save ICC profile from TIFF encoderinfo #5321 [radarhere]
• Moved RGB fix inside ImageQt class #5268 [radarhere]
• Allow alpha_composite destination to be negative #5313 [radarhere]
• Ensure file is closed if it is opened by ImageQt.ImageQt #5260 [radarhere]
• Added ImageDraw rounded_rectangle method #5208 [radarhere]
• Added IPythonViewer #5289 [radarhere, Kipkurui-mutai]
• Only draw each rectangle outline pixel once #5183 [radarhere]
• Use mmap instead of built-in Win32 mapper #5224 [radarhere, cgohlke]
• Handle PCX images with an odd stride #5214 [radarhere]
• Only read different sizes for "Large Thumbnail" MPO frames #5168 [radarhere]
• Added PyQt6 support #5258 [radarhere]
• Changed Image.open formats parameter to be case-insensitive #5250 [Piolie, radarhere]
• Deprecate Tk/Tcl 8.4, to be removed in Pillow 10 (2023-01-02) #5216 [radarhere]
• Added tk version to pilinfo #5226 [radarhere, nulano]
• Support for ignoring tests when running valgrind #5150 [wiredfool, radarhere, hugovk]
• OSS-Fuzz support #5189 [wiredfool, radarhere]

8.1.2 (2021-03-06)

• Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins [wiredfool]

8.1.1 (2021-03-01)

• Use more specific regex chars to prevent ReDoS. CVE-2021-25292 [hugovk]
• Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291 [wiredfool]
• Fix negative size read in TiffDecode.c. CVE-2021-25290 [wiredfool]
• Fix OOB read in SgiRleDecode.c. CVE-2021-25293 [wiredfool]
• Incorrect error code checking in TiffDecode.c. CVE-2021-25289 [wiredfool]

... (truncated)

• e0e353c 8.2.0 version bump
• ee635be Merge pull request #5377 from hugovk/security-and-release-notes
• 694c84f Fix typo [ci skip]
• 8febdad Review, typos and lint
• fea4196 Reorder, roughly alphabetic
• 496245a Fix BLP DOS -- CVE-2021-28678
• 22e9bee Fix DOS in PSDImagePlugin -- CVE-2021-28675
• ba65f0b Fix Memory DOS in ImageFont
• bb6c11f Fix FLI DOS -- CVE-2021-28676
• 5a5e6db Fix EPS DOS on _open -- CVE-2021-28677
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

• defe53f Bump version to 0.902
• 5edeeab Remove misleading list of default locations (#10614)
• 12cf0bf Don't suggest incompatible stub packages (#10610)
• 8f51fbf Fix confusion between stubs for google.protobuf and google.cloud (#10609)
• fee4e8c Don't suggest installing types-pycrypto (#10603)
• ffc18df Bump version to 0.901
• 32d6b58 [mypyc] Fix evaluation of iterable in list comprehension twice
• b68993c Bump version to 0.900
• be5aed7 Make ignore_missing_imports work for libs which had bundled stubs (#10582)
• e056774 Restrict the number of errors shown when there are missing stubs (#10579)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 95d2a4c Prepare for 0.8 release.
• 75b24ef Merged changes from bpo-33796 and bpo-33805. (#140)
• 5eee0b0 Fixed "sort order" -> "insertion order".
• abf5b54 Merge branch 'issue-146-add-requires-3.6'
• 44724c4 Require python 3.6 only.
• fdb959c Format with black.
• ae712dd Make pypi shield link to project's pypi page (#137)
• d4c87c6 Fix URL for test_dataclasses.py.
• b2fc54c Removed PEP. It should only be referenced from the PEP repo.
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from jedi's changelog.

0.18.0 (2020-12-25) +++++++++++++++++++

• Dropped Python 2 and Python 3.5
• Using pathlib.Path() as an output instead of str in most places:
  • Project.path
  • Script.path
  • Definition.module_path
  • Refactoring.get_renames
  • Refactoring.get_changed_files
• Functions with @property now return property instead of function in Name().type
• Started using annotations
• Better support for the walrus operator
• Project attributes are now read accessible
• Removed all deprecations

This is likely going to be the last minor release before 1.0.

• 4b5b2e7 Prepare release of 0.18.0
• b89f944 Merge pull request #1684 from davidhalter/relative-import
• ce6ddb9 Merge pull request #1711 from davidhalter/deprecations
• fe60b5c Fix flake8 issues in sith.py
• fa2d03a Mention removal of deprecations in CHANGELOG
• 1b16ca0 Add sith.py to the files to be ignored by pytest
• f9cec89 Merge branch 'master' into deprecations
• bc4f6ed Merge branch 'master' into relative-import
• fd435a7 Check if string_names is None before returning string_names (#1708)
• ce0ed4b Improve a comment
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)