Warren - Stock Price Predictor

Last update: Jan 3, 2023

Overview

Warren - Stock Price Predictor

Stock market prediction is the act of trying to determine the future value of a company stock or other financial instrument traded on an exchange. The successful prediction of a stock's future price could yield significant profit. The efficient-market hypothesis suggests that stock prices reflect all currently available information and any price changes that are not based on newly revealed information thus are inherently unpredictable. Others disagree and those with this viewpoint possess myriad methods and technologies which purportedly allow them to gain future price information.

We make use of Facebook's Time Series forcasting algorithm Prophet to predict stock market price of US based companies in real time using multi-variate, single step forecasting strategy.

Getting Started

Download or clone project from github:

$ git clone https://github.com/nityansuman/warren.git

Create a project environment (Anaconda recommended):

$ conda create --name envname python
$ conda activate envname

Install prerequisites:

$ pip install -r REQUIREMENTS.txt

Run project:

$ cd warren
$ python runserver.py

Model Validation Analysis

Facebook (Stock: FB) Validation

Microsoft (Stock: MSFT) Validation

Google (Stock: GOOGL) Validation

Support

If you like the work I do, show your appreciation by 'FORK', 'STAR' and 'SHARE'.

Comments

New complementary tool

My name is Luis, I'm a big-data machine-learning developer, I'm a fan of your work, and I usually check your updates.

I was afraid that my savings would be eaten by inflation. I have created a powerful tool that based on past technical patterns (volatility, moving averages, statistics, trends, candlesticks, support and resistance, stock index indicators). All the ones you know (RSI, MACD, STOCH, Bolinger Bands, SMA, DEMARK, Japanese candlesticks, ichimoku, fibonacci, williansR, balance of power, murrey math, etc) and more than 200 others.

The tool creates prediction models of correct trading points (buy signal and sell signal, every stock is good traded in time and direction). For this I have used big data tools like pandas python, stock market libraries like: tablib, TAcharts ,pandas_ta... For data collection and calculation. And powerful machine-learning libraries such as: Sklearn.RandomForest , Sklearn.GradientBoosting, XGBoost, Google TensorFlow and Google TensorFlow LSTM.

With the models trained with the selection of the best technical indicators, the tool is able to predict trading points (where to buy, where to sell) and send real-time alerts to Telegram or Mail. The points are calculated based on the learning of the correct trading points of the last 2 years (including the change to bear market after the rate hike).

I think it could be useful to you, to improve, I would like to share it with you, and if you are interested in improving and collaborating I am also willing, and if not file it in the box.

opened by Leci37 3

Getting errors during installing requirements

Collecting tensorflow>=2.3.1 (from -r REQUIREMENTS.txt (line 17))
  Could not find a version that satisfies the requirement tensorflow>=2.3.1 (from -r REQUIREMENTS.txt (line 17)) (from versions: 0.12.1, 1.0.0, 1.0.1, 1.1.0rc0, 1.1.0rc1, 1.1.0rc2, 1.1.0, 1.2.0rc0, 1.2.0rc1, 1.2.0rc2, 1.2.0, 1.2.1, 1.3.0rc0, 1.3.0rc1, 1.3.0rc2, 1.3.0, 1.4.0rc0, 1.4.0rc1, 1.4.0, 1.4.1, 1.5.0rc0, 1.5.0rc1, 1.5.0, 1.5.1, 1.6.0rc0, 1.6.0rc1, 1.6.0, 1.7.0rc0, 1.7.0rc1, 1.7.0, 1.7.1, 1.8.0rc0, 1.8.0rc1, 1.8.0, 1.9.0rc0, 1.9.0rc1, 1.9.0rc2, 1.9.0, 1.10.0rc0, 1.10.0rc1, 1.10.0, 1.10.1, 1.11.0rc0, 1.11.0rc1, 1.11.0rc2, 1.11.0, 1.12.0rc0, 1.12.0rc1, 1.12.0rc2, 1.12.0, 1.12.2, 1.12.3, 1.13.0rc0, 1.13.0rc1, 1.13.0rc2, 1.13.1, 1.13.2, 1.14.0rc0, 1.14.0rc1, 1.14.0, 2.0.0a0, 2.0.0b0, 2.0.0b1)
No matching distribution found for tensorflow>=2.3.1 (from -r REQUIREMENTS.txt (line 17))
root@localhost:~/warren#

opened by fellowgeek 2

Requitements

When I try to install the requirements through pip install -r REQUIREMENTS.txt I get an error note: This error originates from a subprocess, and is likely not a problem with pip. error: subprocess-exited-with-error

× pip subprocess to install build dependencies did not run successfully. │ exit code: 1

Any idea what can have gone wrong?

opened by Gitbchri 1
Bump numpy from 1.19.1 to 1.21.0
Bumps numpy from 1.19.1 to 1.21.0.

Release notes

Sourced from numpy's releases.

v1.21.0

NumPy 1.21.0 Release Notes

The NumPy 1.21.0 release highlights are

continued SIMD work covering more functions and platforms,

initial work on the new dtype infrastructure and casting,

universal2 wheels for Python 3.8 and Python 3.9 on Mac,

improved documentation,

improved annotations,

new PCG64DXSM bitgenerator for random numbers.

In addition there are the usual large number of bug fixes and other improvements.

The Python versions supported for this release are 3.7-3.9. Official support for Python 3.10 will be added when it is released.

:warning: Warning: there are unresolved problems compiling NumPy 1.21.0 with gcc-11.1 .

Optimization level -O3 results in many wrong warnings when running the tests.

On some hardware NumPy will hang in an infinite loop.

New functions

Add PCG64DXSM BitGenerator

Uses of the PCG64 BitGenerator in a massively-parallel context have been shown to have statistical weaknesses that were not apparent at the first release in numpy 1.17. Most users will never observe this weakness and are safe to continue to use PCG64. We have introduced a new PCG64DXSM BitGenerator that will eventually become the new default BitGenerator implementation used by default_rng in future releases. PCG64DXSM solves the statistical weakness while preserving the performance and the features of PCG64.

See upgrading-pcg64 for more details.

(gh-18906)

Expired deprecations

The shape argument numpy.unravel_index cannot be passed as dims keyword argument anymore. (Was deprecated in NumPy 1.16.)

... (truncated)

Commits

b235f9e Merge pull request #19283 from charris/prepare-1.21.0-release

34aebc2 MAINT: Update 1.21.0-notes.rst

493b64b MAINT: Update 1.21.0-changelog.rst

07d7e72 MAINT: Remove accidentally created directory.

032fca5 Merge pull request #19280 from charris/backport-19277

7d25b81 BUG: Fix refcount leak in ResultType

fa5754e BUG: Add missing DECREF in new path

61127bb Merge pull request #19268 from charris/backport-19264

143d45f Merge pull request #19269 from charris/backport-19228

d80e473 BUG: Removed typing for == and != in dtypes

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1

error installing requirements on Mac

Last login: Sat Jul 24 21:51:34 on ttys002
(base) erfan@Erfans-Mac-mini ~ % cd Projects/warren
(base) erfan@Erfans-Mac-mini warren % mc

(base) erfan@Erfans-Mac-mini warren % pip3 install -r REQUIREMENTS.txt
Collecting fbprophet==0.6
  Using cached fbprophet-0.6.tar.gz (54 kB)
Requirement already satisfied: Flask==1.1.2 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from -r REQUIREMENTS.txt (line 2)) (1.1.2)
Collecting matplotlib==3.3.1
  Downloading matplotlib-3.3.1-cp38-cp38-macosx_10_9_x86_64.whl (8.5 MB)
     |████████████████████████████████| 8.5 MB 2.4 MB/s
Collecting numpy==1.19.1
  Downloading numpy-1.19.1-cp38-cp38-macosx_10_9_x86_64.whl (15.3 MB)
     |████████████████████████████████| 15.3 MB 63.8 MB/s
Collecting pandas==1.1.0
  Downloading pandas-1.1.0-cp38-cp38-macosx_10_9_x86_64.whl (10.6 MB)
     |████████████████████████████████| 10.6 MB 3.2 MB/s
Collecting yfinance==0.1.54
  Using cached yfinance-0.1.54.tar.gz (19 kB)
Requirement already satisfied: Pillow==8.2.0 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from -r REQUIREMENTS.txt (line 7)) (8.2.0)
Collecting plotly==4.9.0
  Using cached plotly-4.9.0-py2.py3-none-any.whl (12.9 MB)
Collecting protobuf==3.13.0
  Downloading protobuf-3.13.0-cp38-cp38-macosx_10_9_x86_64.whl (1.3 MB)
     |████████████████████████████████| 1.3 MB 17.6 MB/s
Collecting requests==2.24.0
  Using cached requests-2.24.0-py2.py3-none-any.whl (61 kB)
Collecting rsa==4.7
  Using cached rsa-4.7-py3-none-any.whl (34 kB)
Collecting scipy==1.4.1
  Downloading scipy-1.4.1-cp38-cp38-macosx_10_9_x86_64.whl (28.8 MB)
     |████████████████████████████████| 28.8 MB 4.8 MB/s
Collecting setuptools-git==1.2
  Downloading setuptools_git-1.2-py2.py3-none-any.whl (10 kB)
Collecting SQLAlchemy==1.3.18
  Downloading SQLAlchemy-1.3.18-cp38-cp38-macosx_10_14_x86_64.whl (1.2 MB)
     |████████████████████████████████| 1.2 MB 6.7 MB/s
Collecting tensorboard==2.3.0
  Downloading tensorboard-2.3.0-py3-none-any.whl (6.8 MB)
     |████████████████████████████████| 6.8 MB 6.8 MB/s
Collecting tensorboard-plugin-wit==1.7.0
  Downloading tensorboard_plugin_wit-1.7.0-py3-none-any.whl (779 kB)
     |████████████████████████████████| 779 kB 97.7 MB/s
Collecting tensorflow>=2.3.1
  Downloading tensorflow-2.5.0-cp38-cp38-macosx_10_11_x86_64.whl (195.7 MB)
     |████████████████████████████████| 195.7 MB 241 kB/s
Collecting tensorflow-estimator==2.3.0
  Downloading tensorflow_estimator-2.3.0-py2.py3-none-any.whl (459 kB)
     |████████████████████████████████| 459 kB 11.1 MB/s
Collecting urllib3==1.26.5
  Downloading urllib3-1.26.5-py2.py3-none-any.whl (138 kB)
     |████████████████████████████████| 138 kB 13.9 MB/s
Requirement already satisfied: Cython>=0.22 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from fbprophet==0.6->-r REQUIREMENTS.txt (line 1)) (0.29.23)
Collecting cmdstanpy==0.4
  Downloading cmdstanpy-0.4.0-py3-none-any.whl (22 kB)
Collecting pystan>=2.14
  Downloading pystan-3.2.0-py3-none-any.whl (13 kB)
Collecting LunarCalendar>=0.0.9
  Downloading LunarCalendar-0.0.9-py2.py3-none-any.whl (18 kB)
Collecting convertdate>=2.1.2
  Downloading convertdate-2.3.2-py3-none-any.whl (47 kB)
     |████████████████████████████████| 47 kB 13.2 MB/s
Collecting holidays>=0.9.5
  Downloading holidays-0.11.2-py3-none-any.whl (142 kB)
     |████████████████████████████████| 142 kB 60.5 MB/s
Requirement already satisfied: python-dateutil>=2.8.0 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from fbprophet==0.6->-r REQUIREMENTS.txt (line 1)) (2.8.1)
Requirement already satisfied: Jinja2>=2.10.1 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from Flask==1.1.2->-r REQUIREMENTS.txt (line 2)) (2.11.3)
Requirement already satisfied: itsdangerous>=0.24 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from Flask==1.1.2->-r REQUIREMENTS.txt (line 2)) (1.1.0)
Requirement already satisfied: click>=5.1 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from Flask==1.1.2->-r REQUIREMENTS.txt (line 2)) (7.1.2)
Requirement already satisfied: Werkzeug>=0.15 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from Flask==1.1.2->-r REQUIREMENTS.txt (line 2)) (1.0.1)
Requirement already satisfied: kiwisolver>=1.0.1 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from matplotlib==3.3.1->-r REQUIREMENTS.txt (line 3)) (1.3.1)
Requirement already satisfied: pyparsing!=2.0.4,!=2.1.2,!=2.1.6,>=2.0.3 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from matplotlib==3.3.1->-r REQUIREMENTS.txt (line 3)) (2.4.7)
Requirement already satisfied: certifi>=2020.06.20 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from matplotlib==3.3.1->-r REQUIREMENTS.txt (line 3)) (2020.12.5)
Requirement already satisfied: cycler>=0.10 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from matplotlib==3.3.1->-r REQUIREMENTS.txt (line 3)) (0.10.0)
Requirement already satisfied: pytz>=2017.2 in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from pandas==1.1.0->-r REQUIREMENTS.txt (line 5)) (2021.1)
Collecting retrying>=1.3.3
  Downloading retrying-1.3.3.tar.gz (10 kB)
Requirement already satisfied: six in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from plotly==4.9.0->-r REQUIREMENTS.txt (line 8)) (1.15.0)
Requirement already satisfied: setuptools in /Users/erfan/opt/anaconda3/lib/python3.8/site-packages (from protobuf==3.13.0->-r REQUIREMENTS.txt (line 9)) (52.0.0.post20210125)
INFO: pip is looking at multiple versions of protobuf to determine which version is compatible with other requirements. This could take a while.
INFO: pip is looking at multiple versions of plotly to determine which version is compatible with other requirements. This could take a while.
INFO: pip is looking at multiple versions of pillow to determine which version is compatible with other requirements. This could take a while.
INFO: pip is looking at multiple versions of pandas to determine which version is compatible with other requirements. This could take a while.
INFO: pip is looking at multiple versions of numpy to determine which version is compatible with other requirements. This could take a while.
INFO: pip is looking at multiple versions of <Python from Requires-Python> to determine which version is compatible with other requirements. This could take a while.
INFO: pip is looking at multiple versions of matplotlib to determine which version is compatible with other requirements. This could take a while.
INFO: pip is looking at multiple versions of flask to determine which version is compatible with other requirements. This could take a while.
INFO: pip is looking at multiple versions of fbprophet to determine which version is compatible with other requirements. This could take a while.
ERROR: Cannot install -r REQUIREMENTS.txt (line 10) and urllib3==1.26.5 because these package versions have conflicting dependencies.

The conflict is caused by:
    The user requested urllib3==1.26.5
    requests 2.24.0 depends on urllib3!=1.25.0, !=1.25.1, <1.26 and >=1.21.1

To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict

ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/user_guide/#fixing-conflicting-dependencies
(base) erfan@Erfans-Mac-mini warren %

opened by fellowgeek 1

Bump pillow from 8.1.1 to 8.2.0
Bumps pillow from 8.1.1 to 8.2.0.

Release notes

Sourced from pillow's releases.

8.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html

Changes

Security fixes for 8.2.0 #5377 [@hugovk]

Move getxmp() to JpegImageFile #5376 [@radarhere]

Added getxmp() method #5144 [@UrielMaD]

Compile LibTIFF with CMake on Windows #5359 [@nulano]

Add ImageShow support for GraphicsMagick #5349 [@latosha-maltba]

Tiff crash fixes in TiffDecode.c #5372 [@wiredfool]

Remove redundant check (addition to #5364) #5366 [@kkopachev]

Do not load transparent pixels from subsequent GIF frames #5333 [@radarhere]

Use LZW encoding when saving GIF images #5291 [@raygard]

Set all transparent colors to be equal in quantize() #5282 [@radarhere]

Allow PixelAccess to use Python int when parsing x and y #5206 [@radarhere]

Removed Image._MODEINFO #5316 [@radarhere]

Add preserve_tone option to autocontrast #5350 [@elejke]

Only import numpy when necessary #5323 [@radarhere]

Fixed linear_gradient and radial_gradient I and F modes #5274 [@radarhere]

Add support for reading TIFFs with PlanarConfiguration=2 #5364 [@wiredfool]

More OSS-Fuzz support #5328 [@wiredfool]

Do not premultiply alpha when resizing with Image.NEAREST resampling #5304 [@nulano]

Use quantization method attributes #5353 [@radarhere]

Dynamically link FriBiDi instead of Raqm #5062 [@nulano]

Removed build_distance_tables return value #5363 [@radarhere]

Allow fewer PNG palette entries than the bit depth maximum when saving #5330 [@radarhere]

Use duration from info dictionary when saving WebP #5338 [@radarhere]

Improved efficiency when creating GIF disposal images #5326 [@radarhere]

Stop flattening EXIF IFD into getexif() #4947 [@radarhere]

Replaced tiff_deflate with tiff_adobe_deflate compression when saving TIFF images #5343 [@radarhere]

Save ICC profile from TIFF encoderinfo #5321 [@radarhere]

Moved RGB fix inside ImageQt class #5268 [@radarhere]

Fix -Wformat error in TiffDecode #5305 [@lukegb]

Allow alpha_composite destination to be negative #5313 [@radarhere]

Ensure file is closed if it is opened by ImageQt.ImageQt #5260 [@radarhere]

Added ImageDraw rounded_rectangle method #5208 [@radarhere]

Added IPythonViewer #5289 [@radarhere]

Only draw each rectangle outline pixel once #5183 [@radarhere]

Use mmap instead of built-in Win32 mapper #5224 [@radarhere]

Handle PCX images with an odd stride #5214 [@radarhere]

Only read different sizes for "Large Thumbnail" MPO frames #5168 [@radarhere]

Dependencies

Updated harfbuzz to 2.8.0 #5334 [@radarhere]

Deprecations

... (truncated)

Changelog

Sourced from pillow's changelog.

8.2.0 (2021-04-01)

Added getxmp() method #5144 [UrielMaD, radarhere]

Add ImageShow support for GraphicsMagick #5349 [latosha-maltba, radarhere]

Do not load transparent pixels from subsequent GIF frames #5333 [zewt, radarhere]

Use LZW encoding when saving GIF images #5291 [raygard]

Set all transparent colors to be equal in quantize() #5282 [radarhere]

Allow PixelAccess to use Python int when parsing x and y #5206 [radarhere]

Removed Image._MODEINFO #5316 [radarhere]

Add preserve_tone option to autocontrast #5350 [elejke, radarhere]

Fixed linear_gradient and radial_gradient I and F modes #5274 [radarhere]

Add support for reading TIFFs with PlanarConfiguration=2 #5364 [kkopachev, wiredfool, nulano]

Deprecated categories #5351 [radarhere]

Do not premultiply alpha when resizing with Image.NEAREST resampling #5304 [nulano]

Dynamically link FriBiDi instead of Raqm #5062 [nulano]

Allow fewer PNG palette entries than the bit depth maximum when saving #5330 [radarhere]

Use duration from info dictionary when saving WebP #5338 [radarhere]

Stop flattening EXIF IFD into getexif() #4947 [radarhere, kkopachev]

... (truncated)

Commits

e0e353c 8.2.0 version bump

ee635be Merge pull request #5377 from hugovk/security-and-release-notes

694c84f Fix typo [ci skip]

8febdad Review, typos and lint

fea4196 Reorder, roughly alphabetic

496245a Fix BLP DOS -- CVE-2021-28678

22e9bee Fix DOS in PSDImagePlugin -- CVE-2021-28675

ba65f0b Fix Memory DOS in ImageFont

bb6c11f Fix FLI DOS -- CVE-2021-28676

5a5e6db Fix EPS DOS on _open -- CVE-2021-28677

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump pillow from 9.0.1 to 9.3.0
Bumps pillow from 9.0.1 to 9.3.0.

Release notes

Sourced from pillow's releases.

9.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

Changes

Initialize libtiff buffer when saving #6699 [@radarhere]

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [@wiredfool]

Inline fname2char to fix memory leak #6329 [@nulano]

Fix memory leaks related to text features #6330 [@nulano]

Use double quotes for version check on old CPython on Windows #6695 [@hugovk]

GHA: replace deprecated set-output command with GITHUB_OUTPUT file #6697 [@nulano]

Remove backup implementation of Round for Windows platforms #6693 [@cgohlke]

Upload fribidi.dll to GitHub Actions #6532 [@nulano]

Fixed set_variation_by_name offset #6445 [@radarhere]

Windows build improvements #6562 [@nulano]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [@cgohlke]

Only use ASCII characters in C source file #6691 [@cgohlke]

Release Python GIL when converting images using matrix operations #6418 [@hmaarrfk]

Added ExifTags enums #6630 [@radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [@radarhere]

Added support for reading BMP images with RLE4 compression #6674 [@npjg]

Decode JPEG compressed BLP1 data in original mode #6678 [@radarhere]

pylint warnings #6659 [@marksmayo]

Added GPS TIFF tag info #6661 [@radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [@radarhere]

Do not attempt normalization if mode is already normal #6644 [@radarhere]

Fixed seeking to an L frame in a GIF #6576 [@radarhere]

Consider all frames when selecting mode for PNG save_all #6610 [@radarhere]

Don't reassign crc on ChunkStream close #6627 [@radarhere]

Raise a warning if NumPy failed to raise an error during conversion #6594 [@radarhere]

Only read a maximum of 100 bytes at a time in IMT header #6623 [@radarhere]

Show all frames in ImageShow #6611 [@radarhere]

Allow FLI palette chunk to not be first #6626 [@radarhere]

If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode #6592 [@radarhere]

Round box position to integer when pasting embedded color #6517 [@radarhere]

Removed EXIF prefix when saving WebP #6582 [@radarhere]

Pad IM palette to 768 bytes when saving #6579 [@radarhere]

Added DDS BC6H reading #6449 [@ShadelessFox]

Added support for opening WhiteIsZero 16-bit integer TIFF images #6642 [@JayWiz]

Raise an error when allocating translucent color to RGB palette #6654 [@jsbueno]

Moved mode check outside of loops #6650 [@radarhere]

Added reading of TIFF child images #6569 [@radarhere]

Improved ImageOps palette handling #6596 [@PososikTeam]

Defer parsing of palette into colors #6567 [@radarhere]

Apply transparency to P images in ImageTk.PhotoImage #6559 [@radarhere]

Use rounding in ImageOps contain() and pad() #6522 [@bibinhashley]

Fixed GIF remapping to palette with duplicate entries #6548 [@radarhere]

Allow remap_palette() to return an image with less than 256 palette entries #6543 [@radarhere]

Corrected BMP and TGA palette size when saving #6500 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.3.0 (2022-10-29)

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

Initialize libtiff buffer when saving #6699 [radarhere]

Inline fname2char to fix memory leak #6329 [nulano]

Fix memory leaks related to text features #6330 [nulano]

Use double quotes for version check on old CPython on Windows #6695 [hugovk]

Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

Fixed set_variation_by_name offset #6445 [radarhere]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

Added ExifTags enums #6630 [radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

Added GPS TIFF tag info #6661 [radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

Do not attempt normalization if mode is already normal #6644 [radarhere]

... (truncated)

Commits

d594f4c Update CHANGES.rst [ci skip]

909dc64 9.3.0 version bump

1a51ce7 Merge pull request #6699 from hugovk/security-libtiff_buffer

2444cdd Merge pull request #6700 from hugovk/security-samples_per_pixel-sec

744f455 Added release notes

0846bfa Add to release notes

799a6a0 Fix linting

00b25fd Hide UserWarning in logs

05b175e Tighter test case

13f2c5a Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump protobuf from 3.15.0 to 3.18.3
Bumps protobuf from 3.15.0 to 3.18.3.

Release notes

Sourced from protobuf's releases.

Protocol Buffers v3.18.3

C++

Reduce memory consumption of MessageSet parsing

This release addresses a Security Advisory for C++ and Python users

Protocol Buffers v3.16.1

Java

Improve performance characteristics of UnknownFieldSet parsing (#9371)

Protocol Buffers v3.18.2

Java

Improve performance characteristics of UnknownFieldSet parsing (#9371)

Protocol Buffers v3.18.1

Python

Update setup.py to reflect that we now require at least Python 3.5 (#8989)

Performance fix for DynamicMessage: force GetRaw() to be inlined (#9023)

Ruby

Update ruby_generator.cc to allow proto2 imports in proto3 (#9003)

Protocol Buffers v3.18.0

C++

Fix warnings raised by clang 11 (#8664)

Make StringPiece constructible from std::string_view (#8707)

Add missing capability attributes for LLVM 12 (#8714)

Stop using std::iterator (deprecated in C++17). (#8741)

Move field_access_listener from libprotobuf-lite to libprotobuf (#8775)

Fix #7047 Safely handle setlocale (#8735)

Remove deprecated version of SetTotalBytesLimit() (#8794)

Support arena allocation of google::protobuf::AnyMetadata (#8758)

Fix undefined symbol error around SharedCtor() (#8827)

Fix default value of enum(int) in json_util with proto2 (#8835)

Better Smaller ByteSizeLong

Introduce event filters for inject_field_listener_events

Reduce memory usage of DescriptorPool

For lazy fields copy serialized form when allowed.

Re-introduce the InlinedStringField class

v2 access listener

Reduce padding in the proto's ExtensionRegistry map.

GetExtension performance optimizations

Make tracker a static variable rather than call static functions

Support extensions in field access listener

Annotate MergeFrom for field access listener

Fix incomplete types for field access listener

Add map_entry/new_map_entry to SpecificField in MessageDifferencer. They record the map items which are different in MessageDifferencer's reporter.

Reduce binary size due to fieldless proto messages

TextFormat: ParseInfoTree supports getting field end location in addition to start.

... (truncated)

Commits

a902b39 No-op whitespace change

ae62acd Updating version.json and repo version numbers to: 18.3

f43ac49 Merge pull request #10542 from deannagarcia/3.18.x

9efdf55 Add missing includes

d1635e1 Apply patch

5b37c91 Update version.json with "lts": true (#10534)

c39d622 Merge pull request #10529 from protocolbuffers/deannagarcia-patch-5

f77d3b6 Update version.json

8178b06 Merge pull request #10503 from deannagarcia/3.18.x

24ca839 Add version file

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump numpy from 1.21.0 to 1.22.0
Bumps numpy from 1.21.0 to 1.22.0.

Release notes

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.

A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.

NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.

New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.

A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

Commits

4adc87d Merge pull request #20685 from charris/prepare-for-1.22.0-release

fd66547 REL: Prepare for the NumPy 1.22.0 release.

125304b wip

c283859 Merge pull request #20682 from charris/backport-20416

5399c03 Merge pull request #20681 from charris/backport-20954

f9c45f8 Merge pull request #20680 from charris/backport-20663

794b36f Update armccompiler.py

d93b14e Update test_public_api.py

7662c07 Update init.py

311ab52 Update armccompiler.py

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump pillow from 9.0.0 to 9.0.1
Bumps pillow from 9.0.0 to 9.0.1.

Release notes

Sourced from pillow's releases.

9.0.1

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html

Changes

In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [@radarhere, @hugovk]

Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

Changelog

Sourced from pillow's changelog.

9.0.1 (2022-02-03)

In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [radarhere, hugovk]

Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

Commits

6deac9e 9.0.1 version bump

c04d812 Update CHANGES.rst [ci skip]

4fabec3 Added release notes for 9.0.1

02affaa Added delay after opening image with xdg-open

ca0b585 Updated formatting

427221e In show_file, use os.remove to remove temporary images

c930be0 Restrict builtins within lambdas for ImageMath.eval

75b69dd Dont need to pin for GHA

cd938a7 Autolink CWE numbers with sphinx-issues

2e9c461 Add CVE IDs

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump protobuf from 3.13.0 to 3.15.0
Bumps protobuf from 3.13.0 to 3.15.0.

Release notes

Sourced from protobuf's releases.

Protocol Buffers v3.15.0

Protocol Compiler

Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag.

C++

MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields

Use init_seg in MSVC to push initialization to an earlier phase.

Runtime no longer triggers -Wsign-compare warnings.

Fixed -Wtautological-constant-out-of-range-compare warning.

DynamicCastToGenerated works for nullptr input for even if RTTI is disabled

Arena is refactored and optimized.

Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests.

Change the signature of Any::PackFrom() to return false on error.

Add fast reflection getter API for strings.

Constant initialize the global message instances

Avoid potential for missed wakeup in UnknownFieldSet

Now Proto3 Oneof fields have "has" methods for checking their presence in C++.

Bugfix for NVCC

Return early in _InternalSerialize for empty maps.

Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter.

Fixed protocolbuffers/protobuf#8129

Ensure that null char symbol, package and file names do not result in a crash.

Constant initialize the global message instances

Pretty print 'max' instead of numeric values in reserved ranges.

Removed remaining instances of std::is_pod, which is deprecated in C++20.

Changes to reduce code size for unknown field handling by making uncommon cases out of line.

Fix std::is_pod deprecated in C++20 (#7180)

Fix some -Wunused-parameter warnings (#8053)

Fix detecting file as directory on zOS issue #8051 (#8052)

Don't include sys/param.h for _BYTE_ORDER (#8106)

remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)

Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)

Fix for compiler warning issue#8145 (#8160)

fix: support deprecated enums for GCC < 6 (#8164)

Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)

Python

Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer.

MessageFactory.CreateProtoype can be overridden to customize class creation.

... (truncated)

Commits

ae50d9b Update protobuf version

8260126 Update protobuf version

c741c46 Resovled issue in the .pb.cc files

eef2764 Resolved an issue where NO_DESTROY and CONSTINIT were in incorrect order

0040102 Updated collect_all_artifacts.sh for Ubuntu Xenial

26cb6a7 Delete root-owned files in Kokoro builds

1e924ef Update port_def.inc

9a80cf1 Update coded_stream.h

a97c4f4 Merge pull request #8276 from haberman/php-warning

44cd75d Merge pull request #8282 from haberman/changelog

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0