Bump the pip group across 12 directories with 5 updates

[dependabot]

Bumps the pip group with 2 updates in the /genai/aws-gen-ai-kr/10_advanced_question_answering directory: sagemaker and langchain.
Bumps the pip group with 1 update in the /genai/aws-gen-ai-kr/30_fine_tune/01-instruction-tuning-peft-qlora/src directory: transformers.
Bumps the pip group with 3 updates in the /genai/genai-app-demo/01-prompt-engineering-demo directory: langchain, requests and pillow.
Bumps the pip group with 2 updates in the /genai/genai-app-demo/01-prompt-engineering-demo/frontUI directory: requests and pillow.
Bumps the pip group with 2 updates in the /genai/genai-app-demo/01-prompt-engineering-demo/sample_source/containers/identification directory: langchain and pillow.
Bumps the pip group with 2 updates in the /genai/genai-app-demo/01-prompt-engineering-demo/sample_source/containers/image_gen directory: langchain and pillow.
Bumps the pip group with 2 updates in the /genai/genai-app-demo/01-prompt-engineering-demo/sample_source/containers/image_replace directory: langchain and pillow.
Bumps the pip group with 2 updates in the /genai/genai-app-demo/01-prompt-engineering-demo/sample_source/containers/image_variation directory: langchain and pillow.
Bumps the pip group with 2 updates in the /genai/genai-app-demo/01-prompt-engineering-demo/sample_source/containers/product_block directory: langchain and pillow.
Bumps the pip group with 1 update in the /genai/jumpstart/text_to_text/flan_t5_xl_with_LoRA directory: transformers.
Bumps the pip group with 1 update in the /sagemaker/recommendation/Neural-Collaborative-Filtering-On-SageMaker/3_MLOps/5_sm_serving_codepipeline/codecommit directory: sagemaker.
Bumps the pip group with 1 update in the /sagemaker/sm-kornlp/multiclass-classification/lab_2_serving/src directory: transformers.

Updates sagemaker from 2.199.0 to 2.218.0

Release notes

Sourced from sagemaker's releases.

v2.218.0

Features

• set default allow_pickle param to False

Bug Fixes and Other Changes

• properly close files in lineage queries and tests

v2.217.0

Features

• support session tag chaining for training job

Bug Fixes and Other Changes

• Add Triton v24.03 URI
• mainline alt config parsing
• Fix tox installs
• Add PT 2.2 Graviton Inference DLC

v2.216.1

Bug Fixes and Other Changes

• add DXB and CGK to Jumpstart regions
• chore(deps): bump apache-airflow from 2.8.4 to 2.9.0 in /requirements/extras
• bump djl-inference 0.27.0 neuronx sdk to 2.18.1
• chore: release TGI 2.0.0

v2.216.0

Features

• TGI 1.4.5
• optimum 0.0.21
• Add TF 2.14 Graviton Inference support
• JumpStart alternative config parsing

Bug Fixes and Other Changes

• Add back serialization for automatic speech recognition
• bump apache-airflow version to 2.8.4
• Add supported task types to schema builder omission
• remove trailing slash when uploading to S3 with dataset_builder.to_csv_file
• Update Collaborator Check workflow to check for users which are part of collaborator team
• forward network_isolation parameter to Estimators when False
• Flaky slow test
• Revert "Test SM PySDK Variations"

v2.215.0

Features

... (truncated)

Changelog

Sourced from sagemaker's changelog.

v2.218.0 (2024-05-01)

Features

• set default allow_pickle param to False

Bug Fixes and Other Changes

• properly close files in lineage queries and tests

v2.217.0 (2024-04-24)

Features

• support session tag chaining for training job

Bug Fixes and Other Changes

• Add Triton v24.03 URI
• mainline alt config parsing
• Fix tox installs
• Add PT 2.2 Graviton Inference DLC

v2.216.1 (2024-04-22)

Bug Fixes and Other Changes

• add DXB and CGK to Jumpstart regions
• chore(deps): bump apache-airflow from 2.8.4 to 2.9.0 in /requirements/extras
• bump djl-inference 0.27.0 neuronx sdk to 2.18.1
• chore: release TGI 2.0.0

v2.216.0 (2024-04-17)

Features

• optimum 0.0.21
• Add TF 2.14 Graviton Inference support
• JumpStart alternative config parsing
• TGI 1.4.5

Bug Fixes and Other Changes

• chore(deps): bump black from 22.3.0 to 24.3.0 in /requirements/extras
• Add back serialization for automatic speech recognition
• bump apache-airflow version to 2.8.4
• remove trailing slash when uploading to S3 with dataset_builder.to_csv_file
• Update Collaborator Check workflow to check for users which are part of collaborator team
• forward network_isolation parameter to Estimators when False
• Flaky slow test

... (truncated)

Commits

• 15094ee prepare release v2.218.0
• b17d332 Fix:invalid component error with new metadata (#4634)
• 72e0c97 feature: set default allow_pickle param to False (#4557)
• 2a52478 fix: properly close files in lineage queries and tests (#4587)
• ed390dd update development version to v2.217.1.dev0
• 8984d92 prepare release v2.217.0
• fe32d79 feature: support session tag chaining for training job (#4596)
• 30c9bf6 Add Triton v24.03 URI (#4605)
• c4ac480 fix: mainline alt config parsing (#4602)
• f026f02 Fix tox installs (#4603)
• Additional commits viewable in compare view

Updates langchain from 0.0.348 to 0.1.0

Release notes

Sourced from langchain's releases.

langchain-milvus==0.1.0

Release langchain-milvus==0.1.0

Initial release

milvus: fix core dep (#22239) milvus: New langchain_milvus package and new milvus features (#21077)

langchain-exa==0.1.0

Release langchain-exa==0.1.0

Package-specific release note generation coming soon.

langchain-qdrant==0.1.0

Release langchain-qdrant==0.1.0

Package-specific release note generation coming soon.

langchain-nomic==0.1.0

Release langchain-nomic==0.1.0

Package-specific release note generation coming soon.

langchain-azure-dynamic-sessions==0.1.0

Release langchain-azure-dynamic-sessions==0.1.0

Package-specific release note generation coming soon.

langchain-azure-dynamic-sessions==0.1.0rc0

Release langchain-azure-dynamic-sessions==0.1.0rc0

Package-specific release note generation coming soon.

Commits

• f5c3107 airbyte[patch]: airbyte-cdk compatible pydantic versions (#21738)
• 3d33b89 ibm[patch]: release 0.1.7 (#21737)
• e41d801 openai[patch]: fix embedding float precision issue (#21736)
• 38c297a upstage: Support batch input in embedding request. (#21730)
• c5a981e docs: Update Pinecone example notebook with embedded widget (#21719)
• 0aea7f4 docs: fix installation link (#21728)
• 15be439 Harrison/move flashrank rerank (#21448)
• c6c2649 move installation (#21711)
• aca98fd multiple: releases with relaxed core dep (#21724)
• af28451 openai[patch]: Release 0.1.7, bump tiktoken 0.7.0 (#21723)
• Additional commits viewable in compare view

Updates transformers from 4.36.2 to 4.38.0

Release notes

Sourced from transformers's releases.

v4.38: Gemma, Depth Anything, Stable LM; Static Cache, HF Quantizer, AQLM

New model additions

💎 Gemma 💎

Gemma is a new opensource Language Model series from Google AI that comes with a 2B and 7B variant. The release comes with the pre-trained and instruction fine-tuned versions and you can use them via AutoModelForCausalLM, GemmaForCausalLM or pipeline interface!

Read more about it in the Gemma release blogpost: https://hf.co/blog/gemma

from transformers import AutoTokenizer, AutoModelForCausalLM
tokenizer = AutoTokenizer.from_pretrained("google/gemma-2b")
model = AutoModelForCausalLM.from_pretrained("google/gemma-2b", device_map="auto", torch_dtype=torch.float16)
input_text = "Write me a poem about Machine Learning."
input_ids = tokenizer(input_text, return_tensors="pt").to("cuda")
outputs = model.generate(**input_ids)

You can use the model with Flash Attention, SDPA, Static cache and quantization API for further optimizations !

• Flash Attention 2

from transformers import AutoTokenizer, AutoModelForCausalLM
tokenizer = AutoTokenizer.from_pretrained("google/gemma-2b")
model = AutoModelForCausalLM.from_pretrained(
"google/gemma-2b", device_map="auto", torch_dtype=torch.float16, attn_implementation="flash_attention_2"
)
input_text = "Write me a poem about Machine Learning."
input_ids = tokenizer(input_text, return_tensors="pt").to("cuda")
outputs = model.generate(**input_ids)

• bitsandbytes-4bit

from transformers import AutoTokenizer, AutoModelForCausalLM
tokenizer = AutoTokenizer.from_pretrained("google/gemma-2b")
model = AutoModelForCausalLM.from_pretrained(
"google/gemma-2b", device_map="auto", load_in_4bit=True
)
</tr></table>

... (truncated)

Commits

• 08ab54a [ gemma] Adds support for Gemma 💎 (#29167)
• 2de9314 [Maskformer] safely get backbone config (#29166)
• 476957b 🚨 Llama: update rope scaling to match static cache changes (#29143)
• 7a4bec6 Release: 4.38.0
• ee3af60 Add support for fine-tuning CLIP-like models using contrastive-image-text exa...
• 0996a10 Revert low cpu mem tie weights (#29135)
• 15cfe38 [Core tokenization] add_dummy_prefix_space option to help with latest is...
• efdd436 FIX [PEFT / Trainer ] Handle better peft + quantized compiled models (#29...
• 5e95dca [cuda kernels] only compile them when initializing (#29133)
• a7755d2 Generate: unset GenerationConfig parameters do not raise warning (#29119)
• Additional commits viewable in compare view

Updates langchain from 0.1.12 to 0.2.2

Release notes

Sourced from langchain's releases.

langchain-milvus==0.1.0

Release langchain-milvus==0.1.0

Initial release

milvus: fix core dep (#22239) milvus: New langchain_milvus package and new milvus features (#21077)

langchain-exa==0.1.0

Release langchain-exa==0.1.0

Package-specific release note generation coming soon.

langchain-qdrant==0.1.0

Release langchain-qdrant==0.1.0

Package-specific release note generation coming soon.

langchain-nomic==0.1.0

Release langchain-nomic==0.1.0

Package-specific release note generation coming soon.

langchain-azure-dynamic-sessions==0.1.0

Release langchain-azure-dynamic-sessions==0.1.0

Package-specific release note generation coming soon.

langchain-azure-dynamic-sessions==0.1.0rc0

Release langchain-azure-dynamic-sessions==0.1.0rc0

Package-specific release note generation coming soon.

Commits

• f5c3107 airbyte[patch]: airbyte-cdk compatible pydantic versions (#21738)
• 3d33b89 ibm[patch]: release 0.1.7 (#21737)
• e41d801 openai[patch]: fix embedding float precision issue (#21736)
• 38c297a upstage: Support batch input in embedding request. (#21730)
• c5a981e docs: Update Pinecone example notebook with embedded widget (#21719)
• 0aea7f4 docs: fix installation link (#21728)
• 15be439 Harrison/move flashrank rerank (#21448)
• c6c2649 move installation (#21711)
• aca98fd multiple: releases with relaxed core dep (#21724)
• af28451 openai[patch]: Release 0.1.7, bump tiktoken 0.7.0 (#21723)
• Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits

• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• 970e8ce v2.32.1
• d6ebc4a v2.32.0
• 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
• 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
• 555b870 Allow character detection dependencies to be optional in post-packaging steps
• d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
• Additional commits viewable in compare view

Updates pillow from 10.2.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package name for Tidelift #7810 [@​radarhere]
• Removed unused code #7744 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

• Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

• Determine MPO size from markers, not EXIF data #7884 [radarhere]

• Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

• Support FITS images with GZIP_1 compression #7894 [radarhere]

• Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

• Raise ValueError if kmeans is negative #7891 [radarhere]

• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

• Added reading of JPEG2000 palettes #7870 [radarhere]

• Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

• 5c89d88 10.3.0 version bump
• 63cbfcf Update CHANGES.rst [ci skip]
• 2776126 Merge pull request #7928 from python-pillow/lcms
• aeb51cb Merge branch 'main' into lcms
• 5beb0b6 Update CHANGES.rst [ci skip]
• cac6ffa Merge pull request #7927 from python-pillow/imagemath
• f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
• facf3af Added release notes
• 2a93aba Use strncpy to avoid buffer overflow
• a670597 Update CHANGES.rst [ci skip]
• Additional commits viewable in compare view

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

• To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

  A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

• Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

• Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

• verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
• Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

• Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
• Fixed deserialization bug in JSONDecodeError. (#6629)
• Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits

• 88dce9d v2.32.2
• c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
• 92075b3 Add deprecation warning
• aa1461b Move _get_connection to get_connection_with_tls_context
• 970e8ce v2.32.1
• d6ebc4a v2.32.0
• 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
• 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
• 555b870 Allow character detection dependencies to be optional in post-packaging steps
• d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
• Additional commits viewable in compare view

Updates pillow from 10.2.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package name for Tidelift #7810 [@​radarhere]
• Removed unused code #7744 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.