673ecefbc3
Remove old CLI tests from unit test docs ( #5415 )
3 years ago
3e1ccc8602
Fix exception when run export for an empty task ( #5396 )
...
Fix https://github.com/opencv/cvat/issues/5245
The PR contains a simple fix. Just return BAD REQUEST if somebody tries
to export a task without data. It doesn't make sense. But a more complex
fix will require changing a massive amount of code. It doesn't make any
sense to support such a weird scenario.
3 years ago
c0bf27c5ee
[Documentation] links on readme.md page fixed ( #5406 )
3 years ago
772f0cd117
Adjusted initial camera position, enabled 'Reset zoom' option for 3D canvas ( #5395 )
3 years ago
01fec6fb72
Fix chart not being upgradable ( #5371 )
3 years ago
6f6db4d554
Helm: fix secrets for non-default release name ( #5403 )
3 years ago
0943de9d6f
Update test guide with SDK/CLI info ( #5402 )
...
Follow up for #5394
The existing text wont work in a clean repo. This PR adds missing info.
3 years ago
f405c4acac
Fix missing source tag in project annotations ( #5408 )
3 years ago
785edcb272
Allow dragging 3D canvas in IDLE mode ( #5385 )
3 years ago
00228ab7bb
Fix several issues with testing system ( #5394 )
...
Fix https://github.com/opencv/cvat/issues/5214
1. Stable names for containers (_ vs -)
2. Improve documentation
3 years ago
19b2643e69
Allowed to upload `.xml` and `.json` annotation files from UI ( #5386 )
...
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues ).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md )
guide. -->
<!-- Provide a general summary of your changes in the Title above -->
### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
Resolved #5274
+ Fixed typo in tests
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [x] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md )
file
- [ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation )
accordingly
- [x] I have added tests to cover my changes
- [x] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword ))
- [x] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning ),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning ),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning )
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning ))
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE ) that covers the
project.
Feel free to contact the maintainers if that's a concern.
3 years ago
d8c5051933
Update s3fs mount command ( #5390 )
3 years ago
e0e9e27c3a
Update docs about k8s deployment ( #5388 )
3 years ago
6f09c777f2
Fixed FBRS runtime dimension error on images with alpha channel ( #5384 )
3 years ago
ca83d3c925
Fix attaching manifest file with custom name ( #5377 )
...
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues ).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md )
guide. -->
<!-- Provide a general summary of your changes in the Title above -->
### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
Closes #5361
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
Updated existing cypress test
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [x] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md )
file
~~- [ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation )
accordingly~~
- [x] I have added tests to cover my changes
- [x] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword ))
- [x] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning ),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning ),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning )
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning ))
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE ) that covers the
project.
Feel free to contact the maintainers if that's a concern.
Co-authored-by: Nikita Manovich <nikita@cvat.ai>
3 years ago
2c63b6c7eb
Bump dependency versions to fix compatibility with Python 3.10 ( #5380 )
...
* rq 1.5.1 uses `collections.Iterable` (long deprecated and deleted in
Python 3.10). 1.5.2 fixes this issue. To avoid potential regressions,
don't bump the version further.
* av 8.0.2 was built with old Cython, which generates C code
incompatible with Python 3.10. The newest version is av 10.0.0, but that
drops support for FFmpeg<4.3, which would make it unbuildable using the
default Ubuntu 20.04 FFmpeg packages. To avoid that problem, use the
previous version, 9.2.0.
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues ).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md )
guide. -->
<!-- Provide a general summary of your changes in the Title above -->
### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
This makes it possible to run CVAT on Python 3.10.
Fixes #5262 .
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
I'm relying on CI.
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- ~~[ ] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md )
file~~
- ~~[ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation )
accordingly~~
- ~~[ ] I have added tests to cover my changes~~
- [x] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword ))
- ~~[ ] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning ),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning ),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning )
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning ))~~
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE ) that covers the
project.
Feel free to contact the maintainers if that's a concern.
3 years ago
bfa00b12de
Added missing migration for shape type == Mask ( #5376 )
...
PR https://github.com/opencv/cvat/pull/4543 didn't add a new migration.
The migration wasn't critical. At least it was not led to any problems.
3 years ago
38193ff792
SDK: add a utility function for atomically writing a file ( #5372 )
3 years ago
460df331e4
Implemented propagate backward ( #5355 )
...
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues ).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md )
guide. -->
<!-- Provide a general summary of your changes in the Title above -->
### Motivation and context
Resolved #2998
<img width="428" alt="image"
src="https://user-images.githubusercontent.com/40690378/203806586-1367477b-cfff-46f1-947b-d0292cd6f02e.png ">
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [x] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md )
file
- [ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation )
accordingly
- [x] I have added tests to cover my changes
- [x] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword ))
- [x] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning ),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning ),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning )
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning ))
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE ) that covers the
project.
Feel free to contact the maintainers if that's a concern.
3 years ago
2ecd8c7b0c
Test webhooks sender: wait for delivery response ( #5365 )
3 years ago
0a16cfce5b
SDK: add a high-level method to download task data chunks ( #5356 )
3 years ago
85b5547541
Make the server proxy's properties visible to static analysis ( #5345 )
...
Currently, all properties of the server proxy object are created using
`Object.defineProperties` in the constructor, which means that IDEs like
VS Code can't analyze the file's static structure to determine what
properties there are and what types they have. Consequently, things like
autocomplete and go-to-definition don't work.
Fix that by removing the `ServerProxy` class altogether and exporting an
anonymous object with all properties defined statically.
3 years ago
968b575ac3
Videos link updated, contacts updated ( #5357 )
...
Link to the old videos removed as there were changes made in CVAT
interface and now these videos are a bit confusing Links to playlists of
the updated videos were added with the description what these videos
contact Contacts sections updated
General proofreading
3 years ago
279f01b53b
Fix: Can't dump annotations with objects type is track from several jobs ( #5250 )
3 years ago
dde9f610df
[Documentation] Broken links fixed ( #5348 )
3 years ago
90ca4018a0
Added cypress test to create a task with only bounding boxes ( #5346 )
3 years ago
0786d05f6b
Bump pillow from 9.0.1 to 9.3.0 in /tests/python ( #5341 )
3 years ago
8705e2366c
Added force logout on CVAT app start if token is missing ( #5331 )
3 years ago
08dd27d993
Fix missed token with using social account authentication ( #5344 )
3 years ago
bc079c3129
Bump tensorflow from 2.8.1 to 2.9.3 in /cvat/requirements ( #5338 )
...
Bumps [tensorflow](https://github.com/tensorflow/tensorflow ) from 2.8.1
to 2.9.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tensorflow/tensorflow/releases ">tensorflow's
releases</a>.</em></p>
<blockquote>
<h2>TensorFlow 2.9.3</h2>
<h1>Release 2.9.3</h1>
<p>This release introduces several vulnerability fixes:</p>
<ul>
<li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887 ">CVE-2022-41887</a>)</li>
<li>Fixes a heap OOB failure in
<code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing
validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880 ">CVE-2022-41880</a>)</li>
<li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884 ">CVE-2022-41884</a>)</li>
<li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885 ">CVE-2022-41885</a>)</li>
<li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886 ">CVE-2022-41886</a>)</li>
<li>Fixes an FPE in
<code>tf.image.generate_bounding_box_proposals</code> on GPU (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888 ">CVE-2022-41888</a>)</li>
<li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid
attributes (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889 ">CVE-2022-41889</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890 ">CVE-2022-41890</a>)</li>
<li>Fixes a segfault in <code>TensorListConcat</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891 ">CVE-2022-41891</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893 ">CVE-2022-41893</a>)</li>
<li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894 ">CVE-2022-41894</a>)</li>
<li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895 ">CVE-2022-41895</a>)</li>
<li>Fixes a crash in <code>Mfcc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896 ">CVE-2022-41896</a>)</li>
<li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897 ">CVE-2022-41897</a>)</li>
<li>Fixes a <code>CHECK</code> fail in
<code>SparseFillEmptyRowsGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898 ">CVE-2022-41898</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899 ">CVE-2022-41899</a>)</li>
<li>Fixes a heap OOB in <code>FractionalAvgPool</code> and
<code>FractionalMaxPool</code>(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900 ">CVE-2022-41900</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901 ">CVE-2022-41901</a>)</li>
<li>Fixes an OOB write in grappler (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902 ">CVE-2022-41902</a>)</li>
<li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907 ">CVE-2022-41907</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908 ">CVE-2022-41908</a>)</li>
<li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909 ">CVE-2022-41909</a>)</li>
<li>Fixes a invalid char to bool conversion in printing a tensor (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911 ">CVE-2022-41911</a>)</li>
<li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910 ">CVE-2022-41910</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via
missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code>
and <code>TensorListScatterV2</code> in eager mode (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
</ul>
<h2>TensorFlow 2.9.2</h2>
<h1>Release 2.9.2</h1>
<p>This releases introduces several vulnerability fixes:</p>
<ul>
<li>Fixes a <code>CHECK</code> failure in tf.reshape caused by overflows
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35934 ">CVE-2022-35934</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code>
caused by missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
<li>Fixes an OOB read in <code>Gather_nd</code> op in TF Lite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35937 ">CVE-2022-35937</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>TensorListReserve</code>
caused by missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35960 ">CVE-2022-35960</a>)</li>
<li>Fixes an OOB write in <code>Scatter_nd</code> op in TF Lite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35939 ">CVE-2022-35939</a>)</li>
<li>Fixes an integer overflow in <code>RaggedRangeOp</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35940 ">CVE-2022-35940</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>AvgPoolOp</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35941 ">CVE-2022-35941</a>)</li>
<li>Fixes a <code>CHECK</code> failures in <code>UnbatchGradOp</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35952 ">CVE-2022-35952</a>)</li>
<li>Fixes a segfault TFLite converter on per-channel quantized
transposed convolutions (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36027 ">CVE-2022-36027</a>)</li>
<li>Fixes a <code>CHECK</code> failures in <code>AvgPool3DGrad</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35959 ">CVE-2022-35959</a>)</li>
<li>Fixes a <code>CHECK</code> failures in
<code>FractionalAvgPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35963 ">CVE-2022-35963</a>)</li>
<li>Fixes a segfault in <code>BlockLSTMGradV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35964 ">CVE-2022-35964</a>)</li>
<li>Fixes a segfault in <code>LowerBound</code> and
<code>UpperBound</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35965 ">CVE-2022-35965</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md ">tensorflow's
changelog</a>.</em></p>
<blockquote>
<h1>Release 2.9.3</h1>
<p>This release introduces several vulnerability fixes:</p>
<ul>
<li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887 ">CVE-2022-41887</a>)</li>
<li>Fixes a heap OOB failure in
<code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing
validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880 ">CVE-2022-41880</a>)</li>
<li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884 ">CVE-2022-41884</a>)</li>
<li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885 ">CVE-2022-41885</a>)</li>
<li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886 ">CVE-2022-41886</a>)</li>
<li>Fixes an FPE in
<code>tf.image.generate_bounding_box_proposals</code> on GPU (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888 ">CVE-2022-41888</a>)</li>
<li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid
attributes (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889 ">CVE-2022-41889</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890 ">CVE-2022-41890</a>)</li>
<li>Fixes a segfault in <code>TensorListConcat</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891 ">CVE-2022-41891</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893 ">CVE-2022-41893</a>)</li>
<li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894 ">CVE-2022-41894</a>)</li>
<li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895 ">CVE-2022-41895</a>)</li>
<li>Fixes a crash in <code>Mfcc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896 ">CVE-2022-41896</a>)</li>
<li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897 ">CVE-2022-41897</a>)</li>
<li>Fixes a <code>CHECK</code> fail in
<code>SparseFillEmptyRowsGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898 ">CVE-2022-41898</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899 ">CVE-2022-41899</a>)</li>
<li>Fixes a heap OOB in <code>FractionalAvgPool</code> and
<code>FractionalMaxPool</code>(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900 ">CVE-2022-41900</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901 ">CVE-2022-41901</a>)</li>
<li>Fixes an OOB write in grappler (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902 ">CVE-2022-41902</a>)</li>
<li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907 ">CVE-2022-41907</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908 ">CVE-2022-41908</a>)</li>
<li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909 ">CVE-2022-41909</a>)</li>
<li>Fixes a invalid char to bool conversion in printing a tensor (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911 ">CVE-2022-41911</a>)</li>
<li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910 ">CVE-2022-41910</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via
missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code>
and <code>TensorListScatterV2</code> in eager mode (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
</ul>
<h1>Release 2.8.4</h1>
<p>This release introduces several vulnerability fixes:</p>
<ul>
<li>Fixes a heap OOB failure in
<code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing
validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880 ">CVE-2022-41880</a>)</li>
<li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884 ">CVE-2022-41884</a>)</li>
<li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885 ">CVE-2022-41885</a>)</li>
<li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886 ">CVE-2022-41886</a>)</li>
<li>Fixes an FPE in
<code>tf.image.generate_bounding_box_proposals</code> on GPU (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888 ">CVE-2022-41888</a>)</li>
<li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid
attributes (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889 ">CVE-2022-41889</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890 ">CVE-2022-41890</a>)</li>
<li>Fixes a segfault in <code>TensorListConcat</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891 ">CVE-2022-41891</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893 ">CVE-2022-41893</a>)</li>
<li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894 ">CVE-2022-41894</a>)</li>
<li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895 ">CVE-2022-41895</a>)</li>
<li>Fixes a crash in <code>Mfcc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896 ">CVE-2022-41896</a>)</li>
<li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897 ">CVE-2022-41897</a>)</li>
<li>Fixes a <code>CHECK</code> fail in
<code>SparseFillEmptyRowsGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898 ">CVE-2022-41898</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899 ">CVE-2022-41899</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a5ed5f39b6https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58584 ">#58584</a>
from tensorflow/vinila21-patch-2</li>
<li><a
href="258f9a1251cd27cfb438https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58580 ">#58580</a>
from tensorflow-jenkins/version-numbers-2.9.3-24474</li>
<li><a
href="3e75385ee6bc72c39774https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58482 ">#58482</a>
from tensorflow-jenkins/relnotes-2.9.3-25695</li>
<li><a
href="3506c90f5a8dcb48e3844f34ec8499https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58576 ">#58576</a>
from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...</li>
<li><a
href="6fc67e408f5dbe90ad21https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58570 ">#58570</a>
from tensorflow/r2.9-7b174a0f2e4</li>
<li>Additional commits viewable in <a
href="https://github.com/tensorflow/tensorflow/compare/v2.8.1...v2.9.3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/opencv/cvat/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
969d1e0fdf
Bump pillow from 9.0.1 to 9.3.0 in /cvat/requirements ( #5340 )
...
Bumps [pillow](https://github.com/python-pillow/Pillow ) from 9.0.1 to
9.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/releases ">pillow's
releases</a>.</em></p>
<blockquote>
<h2>9.3.0</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html ">https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html </a></p>
<h2>Changes</h2>
<ul>
<li>Initialize libtiff buffer when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699 ">#6699</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Limit SAMPLESPERPIXEL to avoid runtime DOS <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700 ">#6700</a>
[<a
href="https://github.com/wiredfool "><code>@wiredfool</code></a>]</li>
<li>Inline fname2char to fix memory leak <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329 ">#6329</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Fix memory leaks related to text features <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330 ">#6330</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Use double quotes for version check on old CPython on Windows <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695 ">#6695</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>GHA: replace deprecated set-output command with GITHUB_OUTPUT file
<a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6697 ">#6697</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Remove backup implementation of Round for Windows platforms <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693 ">#6693</a>
[<a href="https://github.com/cgohlke "><code>@cgohlke</code></a>]</li>
<li>Upload fribidi.dll to GitHub Actions <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6532 ">#6532</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Fixed set_variation_by_name offset <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445 ">#6445</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Windows build improvements <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6562 ">#6562</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Fix malloc in _imagingft.c:font_setvaraxes <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690 ">#6690</a>
[<a href="https://github.com/cgohlke "><code>@cgohlke</code></a>]</li>
<li>Only use ASCII characters in C source file <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6691 ">#6691</a>
[<a href="https://github.com/cgohlke "><code>@cgohlke</code></a>]</li>
<li>Release Python GIL when converting images using matrix operations <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418 ">#6418</a>
[<a href="https://github.com/hmaarrfk "><code>@hmaarrfk</code></a>]</li>
<li>Added ExifTags enums <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630 ">#6630</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Do not modify previous frame when calculating delta in PNG <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683 ">#6683</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added support for reading BMP images with RLE4 compression <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674 ">#6674</a>
[<a href="https://github.com/npjg "><code>@npjg</code></a>]</li>
<li>Decode JPEG compressed BLP1 data in original mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678 ">#6678</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>pylint warnings <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6659 ">#6659</a>
[<a
href="https://github.com/marksmayo "><code>@marksmayo</code></a>]</li>
<li>Added GPS TIFF tag info <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661 ">#6661</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added conversion between RGB/RGBA/RGBX and LAB <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647 ">#6647</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Do not attempt normalization if mode is already normal <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644 ">#6644</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Fixed seeking to an L frame in a GIF <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6576 ">#6576</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Consider all frames when selecting mode for PNG save_all <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6610 ">#6610</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Don't reassign crc on ChunkStream close <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6627 ">#6627</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Raise a warning if NumPy failed to raise an error during conversion
<a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6594 ">#6594</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Only read a maximum of 100 bytes at a time in IMT header <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6623 ">#6623</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Show all frames in ImageShow <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6611 ">#6611</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Allow FLI palette chunk to not be first <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6626 ">#6626</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>If first GIF frame has transparency for RGB_ALWAYS loading strategy,
use RGBA mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6592 ">#6592</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Round box position to integer when pasting embedded color <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6517 ">#6517</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Removed EXIF prefix when saving WebP <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6582 ">#6582</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Pad IM palette to 768 bytes when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6579 ">#6579</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added DDS BC6H reading <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6449 ">#6449</a>
[<a
href="https://github.com/ShadelessFox "><code>@ShadelessFox</code></a>]</li>
<li>Added support for opening WhiteIsZero 16-bit integer TIFF images <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6642 ">#6642</a>
[<a href="https://github.com/JayWiz "><code>@JayWiz</code></a>]</li>
<li>Raise an error when allocating translucent color to RGB palette <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6654 ">#6654</a>
[<a href="https://github.com/jsbueno "><code>@jsbueno</code></a>]</li>
<li>Moved mode check outside of loops <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6650 ">#6650</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added reading of TIFF child images <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6569 ">#6569</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Improved ImageOps palette handling <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6596 ">#6596</a>
[<a
href="https://github.com/PososikTeam "><code>@PososikTeam</code></a>]</li>
<li>Defer parsing of palette into colors <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6567 ">#6567</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Apply transparency to P images in ImageTk.PhotoImage <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6559 ">#6559</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Use rounding in ImageOps contain() and pad() <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6522 ">#6522</a>
[<a
href="https://github.com/bibinhashley "><code>@bibinhashley</code></a>]</li>
<li>Fixed GIF remapping to palette with duplicate entries <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6548 ">#6548</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Allow remap_palette() to return an image with less than 256 palette
entries <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6543 ">#6543</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Corrected BMP and TGA palette size when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6500 ">#6500</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst ">pillow's
changelog</a>.</em></p>
<blockquote>
<h2>9.3.0 (2022-10-29)</h2>
<ul>
<li>
<p>Limit SAMPLESPERPIXEL to avoid runtime DOS <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700 ">#6700</a>
[wiredfool]</p>
</li>
<li>
<p>Initialize libtiff buffer when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699 ">#6699</a>
[radarhere]</p>
</li>
<li>
<p>Inline fname2char to fix memory leak <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329 ">#6329</a>
[nulano]</p>
</li>
<li>
<p>Fix memory leaks related to text features <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330 ">#6330</a>
[nulano]</p>
</li>
<li>
<p>Use double quotes for version check on old CPython on Windows <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695 ">#6695</a>
[hugovk]</p>
</li>
<li>
<p>Remove backup implementation of Round for Windows platforms <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693 ">#6693</a>
[cgohlke]</p>
</li>
<li>
<p>Fixed set_variation_by_name offset <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445 ">#6445</a>
[radarhere]</p>
</li>
<li>
<p>Fix malloc in _imagingft.c:font_setvaraxes <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690 ">#6690</a>
[cgohlke]</p>
</li>
<li>
<p>Release Python GIL when converting images using matrix operations <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418 ">#6418</a>
[hmaarrfk]</p>
</li>
<li>
<p>Added ExifTags enums <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630 ">#6630</a>
[radarhere]</p>
</li>
<li>
<p>Do not modify previous frame when calculating delta in PNG <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683 ">#6683</a>
[radarhere]</p>
</li>
<li>
<p>Added support for reading BMP images with RLE4 compression <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674 ">#6674</a>
[npjg, radarhere]</p>
</li>
<li>
<p>Decode JPEG compressed BLP1 data in original mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678 ">#6678</a>
[radarhere]</p>
</li>
<li>
<p>Added GPS TIFF tag info <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661 ">#6661</a>
[radarhere]</p>
</li>
<li>
<p>Added conversion between RGB/RGBA/RGBX and LAB <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647 ">#6647</a>
[radarhere]</p>
</li>
<li>
<p>Do not attempt normalization if mode is already normal <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644 ">#6644</a>
[radarhere]</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d594f4cb8d909dc64ed51a51ce7b95https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699 ">#6699</a>
from hugovk/security-libtiff_buffer</li>
<li><a
href="2444cddab2https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700 ">#6700</a>
from hugovk/security-samples_per_pixel-sec</li>
<li><a
href="744f4558300846bfae48799a6a010500b25fd3ac05b175ef8813f2c5ae14https://github.com/python-pillow/Pillow/compare/9.0.1...9.3.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/opencv/cvat/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
0ab445b7a8
Replace unintended Cyrillic C letters with Latin C ( #5334 )
...
The only change in production code is the one in `shortcuts-reducer.ts`.
It makes no functional difference, however, because the shortcut in
question is not handled by the regular shortcut mechanism; the control
key is handled separately in `interactionHandler.ts`, while the string
"ctrl" in `shortcuts-reducer.ts` is only used for display purposes.
Fix ESLint errors in altered files, as well.
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues ).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md )
guide. -->
<!-- Provide a general summary of your changes in the Title above -->
### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
These Cyrillic Cs interfere with searching and can cause confusion.
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
I'm relying on GitHub Actions.
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- ~~[ ] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md )
file~~
- ~~[ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation )
accordingly~~
- ~~[ ] I have added tests to cover my changes~~
- ~~[ ] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword ))~~
- ~~[ ] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning ),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning ),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning )
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning ))~~
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE ) that covers the
project.
Feel free to contact the maintainers if that's a concern.
3 years ago
f47c98ebe9
Fix SDK build ( #5326 )
3 years ago
6b747b458a
Added information about 'new home' for CVAT inside OpenCV organization
3 years ago
ec7acee315
<h3>Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.</h3> ( #5321 )
...
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- cvat/requirements/development.txt
Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **441/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 3.1 | Regular Expression Denial of Service (ReDoS) <br/>[SNYK-PYTHON-SETUPTOOLS-3113904](https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904 ) | `setuptools:` <br> `39.0.1 -> 65.5.1` <br> | No | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4ZGY3ZmVkNy02YjNjLTQyZTYtOWE0YS02MDYwY2E0NjM0ZmIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjhkZjdmZWQ3LTZiM2MtNDJlNi05YTRhLTYwNjBjYTQ2MzRmYiJ9fQ== " width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr )
🛠 [Adjust project settings](https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr/settings )
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities )
[//]: # (snyk:metadata:{"prId":"8df7fed7-6b3c-42e6-9a4a-6060ca4634fb","prPublicId":"8df7fed7-6b3c-42e6-9a4a-6060ca4634fb","dependencies":[{"name":"setuptools","from":"39.0.1","to":"65.5.1"}],"packageManager":"pip","projectPublicId":"2b5f3b5d-0400-48e2-b4b8-776842affe28","projectUrl":"https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr ","type":"auto","patch":[],"vulns":["SNYK-PYTHON-SETUPTOOLS-3113904"],"upgrade":[],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[441]})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr )
3 years ago
a3bf41439d
Fix CI due to cypress verify works too long ( #5320 )
...
https://docs.cypress.io/guides/guides/command-line#cypress-verify
3 years ago
7944ef8b52
Annotation with brushing tools ( #5269 )
3 years ago
2125666be1
Bump pillow from 9.2.0 to 9.3.0 in /utils/dicom_converter ( #5319 )
...
Bumps [pillow](https://github.com/python-pillow/Pillow ) from 9.2.0 to 9.3.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases )
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst )
- [Commits](https://github.com/python-pillow/Pillow/compare/9.2.0...9.3.0 )
---
updated-dependencies:
- dependency-name: pillow
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
c446fbfabe
fix: utils/dicom_converter/requirements.txt to reduce vulnerabilities ( #5314 )
...
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113875
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113876
3 years ago
4ad7e2f74f
Fix bug with nuclio env variables ( #4712 )
...
Co-authored-by: ar.kravchuk <ar.kravchuk@2gis.ru>
Co-authored-by: Nikita Manovich <nikita@cvat.ai>
3 years ago
60da8c1da3
Bump loader-utils from 1.4.0 to 1.4.2 ( #5307 )
...
Bumps [loader-utils](https://github.com/webpack/loader-utils ) from 1.4.0 to 1.4.2.
- [Release notes](https://github.com/webpack/loader-utils/releases )
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md )
- [Commits](https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.2 )
---
updated-dependencies:
- dependency-name: loader-utils
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
b8552faa8e
Add imagePullPolicy into Helm chart ( #5313 )
...
Co-authored-by: dalli <skcha67@gmail.com>
3 years ago
7383c17c8e
python-logstash-async upgrade ( #4574 )
...
Co-authored-by: Andrey Zhavoronkov <andrey@cvat.ai>
3 years ago
25503a35d2
Fix export job ( #5282 )
3 years ago
c86746c785
Convert `api.ts`, `api-implementation.ts` and `frames.ts` to ES6 modules ( #5283 )
...
This fixes ESLint errors in these files.
Set the `resolveJsonModule` setting, so that TypeScript can recognize the
`package.json` import.
3 years ago
5dd7eff97a
fix: Dockerfile.ui to reduce vulnerabilities ( #5286 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3063712
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3063712
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3063713
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3063713
- https://snyk.io/vuln/SNYK-ALPINE316-LIBXML2-3050527
3 years ago
e44decf76a
[Snyk] Security upgrade pillow from 9.0.1 to 9.2.0 ( #5291 )
...
* fix: utils/dataset_manifest/requirements.txt to reduce vulnerabilities
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113875
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113876
* Update utils/dataset_manifest/requirements.txt
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Nikita Manovich <nikita@cvat.ai>
3 years ago
23257a2a26
Significantly reduced the number of queries to DB from api/jobs, api/tasks, and api/projects endpoints. ( #5304 )
3 years ago
10baa5f135
Fix: visibility and ignored information fail to be loaded (MOT dataset format) ( #5270 )
3 years ago
7706eee504
Improved UX of signing pages ( #5295 )
3 years ago
Maxim Zhiltsov
Nikita Manovich
Mariia Acoca
Boris Sekachev
Andrey Zhavoronkov
Maria Khrustaleva
Kirill Lakhov
Roman Donchenko
Kirill Sizov
Anastasia Yasakova
dependabot[bot]
Snyk bot
Artem
PMazarovich
