Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump pillow from 9.5.0 to 10.0.1 #5657

Merged
merged 9 commits into from
Nov 6, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 4, 2023

Bumps pillow from 9.5.0 to 10.0.1.

Release notes

Sourced from pillow's releases.

10.0.1

https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Changes

10.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.0.0.html

Changes

... (truncated)

Changelog

Sourced from pillow's changelog.

10.0.1 (2023-09-15)

  • Updated libwebp to 1.3.2 #7395 [radarhere]

  • Updated zlib to 1.3 #7344 [radarhere]

10.0.0 (2023-07-01)

  • Fixed deallocating mask images #7246 [radarhere]

  • Added ImageFont.MAX_STRING_LENGTH #7244 [radarhere, hugovk]

  • Fix Windows build with pyproject.toml #7230 [hugovk, nulano, radarhere]

  • Do not close provided file handles with libtiff #7199 [radarhere]

  • Convert to HSV if mode is HSV in getcolor() #7226 [radarhere]

  • Added alpha_only argument to getbbox() #7123 [radarhere. hugovk]

  • Prioritise speed in repr_png #7242 [radarhere]

  • Do not use CFFI access by default on PyPy #7236 [radarhere]

  • Limit size even if one dimension is zero in decompression bomb check #7235 [radarhere]

  • Use --config-settings instead of deprecated --global-option #7171 [radarhere]

  • Better C integer definitions #6645 [Yay295, hugovk]

  • Fixed finding dependencies on Cygwin #7175 [radarhere]

  • Changed grabclipboard() to use PNG instead of JPG compression on macOS #7219 [abey79, radarhere]

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.5.0 to 10.0.1.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@9.5.0...10.0.1)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from SchrodingersGat as a code owner October 4, 2023 01:33
@dependabot dependabot bot added dependency Relates to a project dependency python Pull requests that update Python code labels Oct 4, 2023
@netlify
Copy link

netlify bot commented Oct 4, 2023

Deploy Preview for inventree-web-pui-preview canceled.

Name Link
🔨 Latest commit c77b398
🔍 Latest deploy log https://app.netlify.com/sites/inventree-web-pui-preview/deploys/65496bb729d25e000864ca9f

@SchrodingersGat
Copy link
Member

SchrodingersGat commented Oct 4, 2023

To merge this, we will need to un-pin django-stdimage - which may require further investigation as we have a note from 2022-06-29 that django-stdimage > 6.0 breaks serialization of tasks in django-q

Ref: #3273

@matmair
Copy link
Member

matmair commented Oct 4, 2023

@SchrodingersGat are you tackeling this or should we create an issue?

@SchrodingersGat
Copy link
Member

I'll try to integrate a fix into this PR

@SchrodingersGat SchrodingersGat added this to the 0.13.0 milestone Oct 18, 2023
- Return True if the task runs or was offloaded
- Improved warning information
- Check return value of offload_task
- Check log output
…illow-10.0.1

# Conflicts:
#	InvenTree/InvenTree/tasks.py
#	InvenTree/InvenTree/tests.py
@SchrodingersGat
Copy link
Member

Will likely require codingjoe/django-stdimage#324 before this passes

@SchrodingersGat SchrodingersGat removed this from the 0.13.0 milestone Nov 3, 2023
@SchrodingersGat
Copy link
Member

Removing from 0.13.0 milestone for now, still waiting for the changes to django-stdimage

@SchrodingersGat SchrodingersGat added this to the 0.13.0 milestone Nov 6, 2023
@SchrodingersGat SchrodingersGat added the security Relates to a security issue label Nov 6, 2023
@SchrodingersGat SchrodingersGat merged commit 26b2e90 into master Nov 6, 2023
37 of 39 checks passed
@SchrodingersGat SchrodingersGat deleted the dependabot/pip/pillow-10.0.1 branch November 6, 2023 23:08
@@ -37,7 +37,7 @@ drf-spectacular # DRF API documentation
feedparser # RSS newsfeed parser
gunicorn # Gunicorn web server
pdf2image # PDF to image conversion
pillow==9.5.0 # Image manipulation # FIXED 2023-07-04 as we require PIL.Image.ANTIALIAS
pillow # Image manipulation

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SchrodingersGat Unfortunately this line change breaks the inventree-brother-plugin due to brother_ql needing a fix seen in pklaus/brother_ql#143. Any suggestions on how to get this back to working?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@atanisoft we are using a fork of brother_ql - https://github.com/matmair/brother_ql-inventree so we can just update that

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would be great if that could be updated, can a new version be pushed for both to pick up that fix?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New version is released, 1.1 includes the fix and seems to work

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, after shutting down and starting up the docker containers it seems to have fixed it with the newer version.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@atanisoft good to hear! And @matmair thanks for the quick fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependency Relates to a project dependency python Pull requests that update Python code security Relates to a security issue
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants