Closed Bug 1728906 Opened 1 year ago Closed 11 months ago

[wpt-sync] Sync PR 30316 - Bump pillow from 8.3.1 to 8.3.2 in /tools

Categories

(Testing :: web-platform-tests, task, P4)

task

Tracking

(firefox94 fixed)

RESOLVED FIXED
94 Branch
Tracking Status
firefox94 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 30316 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/30316
Details from upstream follow.

b'dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>' wrote:

Bump pillow from 8.3.1 to 8.3.2 in /tools

Bumps pillow from 8.3.1 to 8.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p>
<blockquote>
<h2>8.3.2</h2>
<p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html</a></p>
<h2>Security</h2>
<ul>
<li>
<p>CVE-2021-23437 Raise ValueError if color specifier is too long
[hugovk, radarhere]</p>
</li>
<li>
<p>Fix 6-byte OOB read in FliDecode
[wiredfool]</p>
</li>
</ul>
<h2>Python 3.10 wheels</h2>
<ul>
<li>Add support for Python 3.10 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5569">#5569</a>, <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5570">#5570</a>
[hugovk, radarhere]</li>
</ul>
<h2>Fixed regressions</h2>
<ul>
<li>
<p>Ensure TIFF <code>RowsPerStrip</code> is multiple of 8 for JPEG compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5588">#5588</a>
[kmilos, radarhere]</p>
</li>
<li>
<p>Updates for <code>ImagePalette</code> channel order <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5599">#5599</a>
[radarhere]</p>
</li>
<li>
<p>Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5651">#5651</a>
[nulano]</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst">pillow's changelog</a>.</em></p>
<blockquote>
<h2>8.3.2 (2021-09-02)</h2>
<ul>
<li>
<p>CVE-2021-23437 Raise ValueError if color specifier is too long
[hugovk, radarhere]</p>
</li>
<li>
<p>Fix 6-byte OOB read in FliDecode
[wiredfool]</p>
</li>
<li>
<p>Add support for Python 3.10 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5569">#5569</a>, <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5570">#5570</a>
[hugovk, radarhere]</p>
</li>
<li>
<p>Ensure TIFF <code>RowsPerStrip</code> is multiple of 8 for JPEG compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5588">#5588</a>
[kmilos, radarhere]</p>
</li>
<li>
<p>Updates for <code>ImagePalette</code> channel order <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5599">#5599</a>
[radarhere]</p>
</li>
<li>
<p>Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5651">#5651</a>
[nulano]</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/python-pillow/Pillow/commit/8013f130a5077b238a4346b73e149432b180a8ea"><code>8013f13</code></a> 8.3.2 version bump</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/23c7ca82f09df6ba1047d2d96714eb825f0d7948"><code>23c7ca8</code></a> Update CHANGES.rst</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/8450366be331762ae327036e3c6658c517b05638"><code>8450366</code></a> Update release notes</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/a0afe89990f5ba40a019afc2f22e1b656f8cfd03"><code>a0afe89</code></a> Update test case</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"><code>9e08eb8</code></a> Raise ValueError if color specifier is too long</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/bd5cf7db87c6abf7c3510a50170851af5538249f"><code>bd5cf7d</code></a> FLI tests for Oss-fuzz crash.</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/94a0cf1b14f09626c7403af83fa9fef0dfc9bb47"><code>94a0cf1</code></a> Fix 6-byte OOB read in FliDecode</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/cece64f4be10ab28b12a83a3555af579dad343a5"><code>cece64f</code></a> Add 8.3.2 (2021-09-02) [CI skip]</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/e42238637651f191c2fc6e3f4024348c126e0ccc"><code>e422386</code></a> Add release notes for Pillow 8.3.2</li>
<li><a href="https://github.com/python-pillow/Pillow/commit/08dcbb873217874eee0830fc5aaa1f231c5af4fa"><code>08dcbb8</code></a> Pillow 8.3.2 supports Python 3.10 [ci skip]</li>
<li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/8.3.1...8.3.2">compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Test result changes from PR not available.
Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/21601a6d55de
[wpt PR 30316] - Bump pillow from 8.3.1 to 8.3.2 in /tools, a=testonly
Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → 94 Branch
You need to log in before you can comment on or make changes to this bug.