From 969d1e0fdffc41dc1fa71555db0d8baa3fa31246 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Nov 2022 23:05:35 +0200
Subject: [PATCH] Bump pillow from 9.0.1 to 9.3.0 in /cvat/requirements (#5340)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.0.1 to
9.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/releases">pillow's
releases</a>.</em></p>
<blockquote>
<h2>9.3.0</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html</a></p>
<h2>Changes</h2>
<ul>
<li>Initialize libtiff buffer when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699">#6699</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Limit SAMPLESPERPIXEL to avoid runtime DOS <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700">#6700</a>
[<a
href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li>
<li>Inline fname2char to fix memory leak <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329">#6329</a>
[<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li>
<li>Fix memory leaks related to text features <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330">#6330</a>
[<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li>
<li>Use double quotes for version check on old CPython on Windows <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695">#6695</a>
[<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li>
<li>GHA: replace deprecated set-output command with GITHUB_OUTPUT file
<a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6697">#6697</a>
[<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li>
<li>Remove backup implementation of Round for Windows platforms <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693">#6693</a>
[<a href="https://github.com/cgohlke"><code>@​cgohlke</code></a>]</li>
<li>Upload fribidi.dll to GitHub Actions <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6532">#6532</a>
[<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li>
<li>Fixed set_variation_by_name offset <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445">#6445</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Windows build improvements <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6562">#6562</a>
[<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li>
<li>Fix malloc in _imagingft.c:font_setvaraxes <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690">#6690</a>
[<a href="https://github.com/cgohlke"><code>@​cgohlke</code></a>]</li>
<li>Only use ASCII characters in C source file <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6691">#6691</a>
[<a href="https://github.com/cgohlke"><code>@​cgohlke</code></a>]</li>
<li>Release Python GIL when converting images using matrix operations <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418">#6418</a>
[<a href="https://github.com/hmaarrfk"><code>@​hmaarrfk</code></a>]</li>
<li>Added ExifTags enums <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630">#6630</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Do not modify previous frame when calculating delta in PNG <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683">#6683</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Added support for reading BMP images with RLE4 compression <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674">#6674</a>
[<a href="https://github.com/npjg"><code>@​npjg</code></a>]</li>
<li>Decode JPEG compressed BLP1 data in original mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678">#6678</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>pylint warnings <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6659">#6659</a>
[<a
href="https://github.com/marksmayo"><code>@​marksmayo</code></a>]</li>
<li>Added GPS TIFF tag info <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661">#6661</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Added conversion between RGB/RGBA/RGBX and LAB <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647">#6647</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Do not attempt normalization if mode is already normal <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644">#6644</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Fixed seeking to an L frame in a GIF <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6576">#6576</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Consider all frames when selecting mode for PNG save_all <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6610">#6610</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Don't reassign crc on ChunkStream close <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6627">#6627</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Raise a warning if NumPy failed to raise an error during conversion
<a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6594">#6594</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Only read a maximum of 100 bytes at a time in IMT header <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6623">#6623</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Show all frames in ImageShow <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6611">#6611</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Allow FLI palette chunk to not be first <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6626">#6626</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>If first GIF frame has transparency for RGB_ALWAYS loading strategy,
use RGBA mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6592">#6592</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Round box position to integer when pasting embedded color <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6517">#6517</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Removed EXIF prefix when saving WebP <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6582">#6582</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Pad IM palette to 768 bytes when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6579">#6579</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Added DDS BC6H reading <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6449">#6449</a>
[<a
href="https://github.com/ShadelessFox"><code>@​ShadelessFox</code></a>]</li>
<li>Added support for opening WhiteIsZero 16-bit integer TIFF images <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6642">#6642</a>
[<a href="https://github.com/JayWiz"><code>@​JayWiz</code></a>]</li>
<li>Raise an error when allocating translucent color to RGB palette <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6654">#6654</a>
[<a href="https://github.com/jsbueno"><code>@​jsbueno</code></a>]</li>
<li>Moved mode check outside of loops <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6650">#6650</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Added reading of TIFF child images <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6569">#6569</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Improved ImageOps palette handling <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6596">#6596</a>
[<a
href="https://github.com/PososikTeam"><code>@​PososikTeam</code></a>]</li>
<li>Defer parsing of palette into colors <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6567">#6567</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Apply transparency to P images in ImageTk.PhotoImage <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6559">#6559</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Use rounding in ImageOps contain() and pad() <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6522">#6522</a>
[<a
href="https://github.com/bibinhashley"><code>@​bibinhashley</code></a>]</li>
<li>Fixed GIF remapping to palette with duplicate entries <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6548">#6548</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Allow remap_palette() to return an image with less than 256 palette
entries <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6543">#6543</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
<li>Corrected BMP and TGA palette size when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6500">#6500</a>
[<a
href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst">pillow's
changelog</a>.</em></p>
<blockquote>
<h2>9.3.0 (2022-10-29)</h2>
<ul>
<li>
<p>Limit SAMPLESPERPIXEL to avoid runtime DOS <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700">#6700</a>
[wiredfool]</p>
</li>
<li>
<p>Initialize libtiff buffer when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699">#6699</a>
[radarhere]</p>
</li>
<li>
<p>Inline fname2char to fix memory leak <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329">#6329</a>
[nulano]</p>
</li>
<li>
<p>Fix memory leaks related to text features <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330">#6330</a>
[nulano]</p>
</li>
<li>
<p>Use double quotes for version check on old CPython on Windows <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695">#6695</a>
[hugovk]</p>
</li>
<li>
<p>Remove backup implementation of Round for Windows platforms <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693">#6693</a>
[cgohlke]</p>
</li>
<li>
<p>Fixed set_variation_by_name offset <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445">#6445</a>
[radarhere]</p>
</li>
<li>
<p>Fix malloc in _imagingft.c:font_setvaraxes <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690">#6690</a>
[cgohlke]</p>
</li>
<li>
<p>Release Python GIL when converting images using matrix operations <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418">#6418</a>
[hmaarrfk]</p>
</li>
<li>
<p>Added ExifTags enums <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630">#6630</a>
[radarhere]</p>
</li>
<li>
<p>Do not modify previous frame when calculating delta in PNG <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683">#6683</a>
[radarhere]</p>
</li>
<li>
<p>Added support for reading BMP images with RLE4 compression <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674">#6674</a>
[npjg, radarhere]</p>
</li>
<li>
<p>Decode JPEG compressed BLP1 data in original mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678">#6678</a>
[radarhere]</p>
</li>
<li>
<p>Added GPS TIFF tag info <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661">#6661</a>
[radarhere]</p>
</li>
<li>
<p>Added conversion between RGB/RGBA/RGBX and LAB <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647">#6647</a>
[radarhere]</p>
</li>
<li>
<p>Do not attempt normalization if mode is already normal <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644">#6644</a>
[radarhere]</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/python-pillow/Pillow/commit/d594f4cb8dc47fb0c69ae58d9fff86faae4515bd"><code>d594f4c</code></a>
Update CHANGES.rst [ci skip]</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/909dc64ed5f676169aa3d9b0c26f132a06321b83"><code>909dc64</code></a>
9.3.0 version bump</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/1a51ce7b955c65c8f2c6bc7772735b197b8a6aa3"><code>1a51ce7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699">#6699</a>
from hugovk/security-libtiff_buffer</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3"><code>2444cdd</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700">#6700</a>
from hugovk/security-samples_per_pixel-sec</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/744f455830871d61a8de0a5e629d4c2e33817cbb"><code>744f455</code></a>
Added release notes</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/0846bfae48513f2f51ca8547ed3b8954fa501fda"><code>0846bfa</code></a>
Add to release notes</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/799a6a01052cea3f417a571d7c64cd14acc18c64"><code>799a6a0</code></a>
Fix linting</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/00b25fd3ac3648bc28eff5d4c4d816e605e3f05f"><code>00b25fd</code></a>
Hide UserWarning in logs</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/05b175ef88c22f5c416bc9b8d5b897dea1abbf2c"><code>05b175e</code></a>
Tighter test case</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/13f2c5ae14901c89c38f898496102afd9daeaf6d"><code>13f2c5a</code></a>
Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD</li>
<li>Additional commits viewable in <a
href="https://github.com/python-pillow/Pillow/compare/9.0.1...9.3.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pillow&package-manager=pip&previous-version=9.0.1&new-version=9.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/opencv/cvat/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 cvat/requirements/base.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
index ef0b8f34..7a274325 100644
--- a/cvat/requirements/base.txt
+++ b/cvat/requirements/base.txt
@@ -6,7 +6,7 @@ django-auth-ldap==2.2.0
 django-compressor==2.4
 django-rq==2.3.2
 EasyProcess==0.3
-Pillow==9.0.1
+Pillow==9.3.0
 numpy==1.22.0
 python-ldap==3.4.0
 pytz==2020.1