19b2643e69
Allowed to upload `.xml` and `.json` annotation files from UI ( #5386 )
...
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues ).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md )
guide. -->
<!-- Provide a general summary of your changes in the Title above -->
### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
Resolved #5274
+ Fixed typo in tests
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [x] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md )
file
- [ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation )
accordingly
- [x] I have added tests to cover my changes
- [x] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword ))
- [x] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning ),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning ),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning )
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning ))
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE ) that covers the
project.
Feel free to contact the maintainers if that's a concern.
3 years ago
d8c5051933
Update s3fs mount command ( #5390 )
3 years ago
e0e9e27c3a
Update docs about k8s deployment ( #5388 )
3 years ago
6f09c777f2
Fixed FBRS runtime dimension error on images with alpha channel ( #5384 )
3 years ago
ca83d3c925
Fix attaching manifest file with custom name ( #5377 )
...
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues ).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md )
guide. -->
<!-- Provide a general summary of your changes in the Title above -->
### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
Closes #5361
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
Updated existing cypress test
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [x] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md )
file
~~- [ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation )
accordingly~~
- [x] I have added tests to cover my changes
- [x] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword ))
- [x] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning ),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning ),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning )
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning ))
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE ) that covers the
project.
Feel free to contact the maintainers if that's a concern.
Co-authored-by: Nikita Manovich <nikita@cvat.ai>
3 years ago
2c63b6c7eb
Bump dependency versions to fix compatibility with Python 3.10 ( #5380 )
...
* rq 1.5.1 uses `collections.Iterable` (long deprecated and deleted in
Python 3.10). 1.5.2 fixes this issue. To avoid potential regressions,
don't bump the version further.
* av 8.0.2 was built with old Cython, which generates C code
incompatible with Python 3.10. The newest version is av 10.0.0, but that
drops support for FFmpeg<4.3, which would make it unbuildable using the
default Ubuntu 20.04 FFmpeg packages. To avoid that problem, use the
previous version, 9.2.0.
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues ).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md )
guide. -->
<!-- Provide a general summary of your changes in the Title above -->
### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
This makes it possible to run CVAT on Python 3.10.
Fixes #5262 .
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
I'm relying on CI.
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- ~~[ ] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md )
file~~
- ~~[ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation )
accordingly~~
- ~~[ ] I have added tests to cover my changes~~
- [x] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword ))
- ~~[ ] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning ),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning ),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning )
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning ))~~
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE ) that covers the
project.
Feel free to contact the maintainers if that's a concern.
3 years ago
bfa00b12de
Added missing migration for shape type == Mask ( #5376 )
...
PR https://github.com/opencv/cvat/pull/4543 didn't add a new migration.
The migration wasn't critical. At least it was not led to any problems.
3 years ago
38193ff792
SDK: add a utility function for atomically writing a file ( #5372 )
3 years ago
460df331e4
Implemented propagate backward ( #5355 )
...
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues ).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md )
guide. -->
<!-- Provide a general summary of your changes in the Title above -->
### Motivation and context
Resolved #2998
<img width="428" alt="image"
src="https://user-images.githubusercontent.com/40690378/203806586-1367477b-cfff-46f1-947b-d0292cd6f02e.png ">
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- [x] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md )
file
- [ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation )
accordingly
- [x] I have added tests to cover my changes
- [x] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword ))
- [x] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning ),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning ),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning )
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning ))
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE ) that covers the
project.
Feel free to contact the maintainers if that's a concern.
3 years ago
2ecd8c7b0c
Test webhooks sender: wait for delivery response ( #5365 )
3 years ago
0a16cfce5b
SDK: add a high-level method to download task data chunks ( #5356 )
3 years ago
85b5547541
Make the server proxy's properties visible to static analysis ( #5345 )
...
Currently, all properties of the server proxy object are created using
`Object.defineProperties` in the constructor, which means that IDEs like
VS Code can't analyze the file's static structure to determine what
properties there are and what types they have. Consequently, things like
autocomplete and go-to-definition don't work.
Fix that by removing the `ServerProxy` class altogether and exporting an
anonymous object with all properties defined statically.
3 years ago
968b575ac3
Videos link updated, contacts updated ( #5357 )
...
Link to the old videos removed as there were changes made in CVAT
interface and now these videos are a bit confusing Links to playlists of
the updated videos were added with the description what these videos
contact Contacts sections updated
General proofreading
3 years ago
279f01b53b
Fix: Can't dump annotations with objects type is track from several jobs ( #5250 )
3 years ago
dde9f610df
[Documentation] Broken links fixed ( #5348 )
3 years ago
90ca4018a0
Added cypress test to create a task with only bounding boxes ( #5346 )
3 years ago
0786d05f6b
Bump pillow from 9.0.1 to 9.3.0 in /tests/python ( #5341 )
3 years ago
8705e2366c
Added force logout on CVAT app start if token is missing ( #5331 )
3 years ago
08dd27d993
Fix missed token with using social account authentication ( #5344 )
3 years ago
bc079c3129
Bump tensorflow from 2.8.1 to 2.9.3 in /cvat/requirements ( #5338 )
...
Bumps [tensorflow](https://github.com/tensorflow/tensorflow ) from 2.8.1
to 2.9.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tensorflow/tensorflow/releases ">tensorflow's
releases</a>.</em></p>
<blockquote>
<h2>TensorFlow 2.9.3</h2>
<h1>Release 2.9.3</h1>
<p>This release introduces several vulnerability fixes:</p>
<ul>
<li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887 ">CVE-2022-41887</a>)</li>
<li>Fixes a heap OOB failure in
<code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing
validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880 ">CVE-2022-41880</a>)</li>
<li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884 ">CVE-2022-41884</a>)</li>
<li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885 ">CVE-2022-41885</a>)</li>
<li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886 ">CVE-2022-41886</a>)</li>
<li>Fixes an FPE in
<code>tf.image.generate_bounding_box_proposals</code> on GPU (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888 ">CVE-2022-41888</a>)</li>
<li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid
attributes (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889 ">CVE-2022-41889</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890 ">CVE-2022-41890</a>)</li>
<li>Fixes a segfault in <code>TensorListConcat</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891 ">CVE-2022-41891</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893 ">CVE-2022-41893</a>)</li>
<li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894 ">CVE-2022-41894</a>)</li>
<li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895 ">CVE-2022-41895</a>)</li>
<li>Fixes a crash in <code>Mfcc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896 ">CVE-2022-41896</a>)</li>
<li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897 ">CVE-2022-41897</a>)</li>
<li>Fixes a <code>CHECK</code> fail in
<code>SparseFillEmptyRowsGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898 ">CVE-2022-41898</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899 ">CVE-2022-41899</a>)</li>
<li>Fixes a heap OOB in <code>FractionalAvgPool</code> and
<code>FractionalMaxPool</code>(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900 ">CVE-2022-41900</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901 ">CVE-2022-41901</a>)</li>
<li>Fixes an OOB write in grappler (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902 ">CVE-2022-41902</a>)</li>
<li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907 ">CVE-2022-41907</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908 ">CVE-2022-41908</a>)</li>
<li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909 ">CVE-2022-41909</a>)</li>
<li>Fixes a invalid char to bool conversion in printing a tensor (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911 ">CVE-2022-41911</a>)</li>
<li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910 ">CVE-2022-41910</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via
missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code>
and <code>TensorListScatterV2</code> in eager mode (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
</ul>
<h2>TensorFlow 2.9.2</h2>
<h1>Release 2.9.2</h1>
<p>This releases introduces several vulnerability fixes:</p>
<ul>
<li>Fixes a <code>CHECK</code> failure in tf.reshape caused by overflows
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35934 ">CVE-2022-35934</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code>
caused by missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
<li>Fixes an OOB read in <code>Gather_nd</code> op in TF Lite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35937 ">CVE-2022-35937</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>TensorListReserve</code>
caused by missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35960 ">CVE-2022-35960</a>)</li>
<li>Fixes an OOB write in <code>Scatter_nd</code> op in TF Lite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35939 ">CVE-2022-35939</a>)</li>
<li>Fixes an integer overflow in <code>RaggedRangeOp</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35940 ">CVE-2022-35940</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>AvgPoolOp</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35941 ">CVE-2022-35941</a>)</li>
<li>Fixes a <code>CHECK</code> failures in <code>UnbatchGradOp</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35952 ">CVE-2022-35952</a>)</li>
<li>Fixes a segfault TFLite converter on per-channel quantized
transposed convolutions (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36027 ">CVE-2022-36027</a>)</li>
<li>Fixes a <code>CHECK</code> failures in <code>AvgPool3DGrad</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35959 ">CVE-2022-35959</a>)</li>
<li>Fixes a <code>CHECK</code> failures in
<code>FractionalAvgPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35963 ">CVE-2022-35963</a>)</li>
<li>Fixes a segfault in <code>BlockLSTMGradV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35964 ">CVE-2022-35964</a>)</li>
<li>Fixes a segfault in <code>LowerBound</code> and
<code>UpperBound</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35965 ">CVE-2022-35965</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md ">tensorflow's
changelog</a>.</em></p>
<blockquote>
<h1>Release 2.9.3</h1>
<p>This release introduces several vulnerability fixes:</p>
<ul>
<li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887 ">CVE-2022-41887</a>)</li>
<li>Fixes a heap OOB failure in
<code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing
validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880 ">CVE-2022-41880</a>)</li>
<li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884 ">CVE-2022-41884</a>)</li>
<li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885 ">CVE-2022-41885</a>)</li>
<li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886 ">CVE-2022-41886</a>)</li>
<li>Fixes an FPE in
<code>tf.image.generate_bounding_box_proposals</code> on GPU (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888 ">CVE-2022-41888</a>)</li>
<li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid
attributes (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889 ">CVE-2022-41889</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890 ">CVE-2022-41890</a>)</li>
<li>Fixes a segfault in <code>TensorListConcat</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891 ">CVE-2022-41891</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893 ">CVE-2022-41893</a>)</li>
<li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894 ">CVE-2022-41894</a>)</li>
<li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895 ">CVE-2022-41895</a>)</li>
<li>Fixes a crash in <code>Mfcc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896 ">CVE-2022-41896</a>)</li>
<li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897 ">CVE-2022-41897</a>)</li>
<li>Fixes a <code>CHECK</code> fail in
<code>SparseFillEmptyRowsGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898 ">CVE-2022-41898</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899 ">CVE-2022-41899</a>)</li>
<li>Fixes a heap OOB in <code>FractionalAvgPool</code> and
<code>FractionalMaxPool</code>(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900 ">CVE-2022-41900</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901 ">CVE-2022-41901</a>)</li>
<li>Fixes an OOB write in grappler (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902 ">CVE-2022-41902</a>)</li>
<li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907 ">CVE-2022-41907</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908 ">CVE-2022-41908</a>)</li>
<li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909 ">CVE-2022-41909</a>)</li>
<li>Fixes a invalid char to bool conversion in printing a tensor (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911 ">CVE-2022-41911</a>)</li>
<li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910 ">CVE-2022-41910</a>)</li>
<li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via
missing validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code>
and <code>TensorListScatterV2</code> in eager mode (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935 ">CVE-2022-35935</a>)</li>
</ul>
<h1>Release 2.8.4</h1>
<p>This release introduces several vulnerability fixes:</p>
<ul>
<li>Fixes a heap OOB failure in
<code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing
validation (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880 ">CVE-2022-41880</a>)</li>
<li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884 ">CVE-2022-41884</a>)</li>
<li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885 ">CVE-2022-41885</a>)</li>
<li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886 ">CVE-2022-41886</a>)</li>
<li>Fixes an FPE in
<code>tf.image.generate_bounding_box_proposals</code> on GPU (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888 ">CVE-2022-41888</a>)</li>
<li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid
attributes (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889 ">CVE-2022-41889</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890 ">CVE-2022-41890</a>)</li>
<li>Fixes a segfault in <code>TensorListConcat</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891 ">CVE-2022-41891</a>)</li>
<li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code>
(<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893 ">CVE-2022-41893</a>)</li>
<li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894 ">CVE-2022-41894</a>)</li>
<li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895 ">CVE-2022-41895</a>)</li>
<li>Fixes a crash in <code>Mfcc</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896 ">CVE-2022-41896</a>)</li>
<li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897 ">CVE-2022-41897</a>)</li>
<li>Fixes a <code>CHECK</code> fail in
<code>SparseFillEmptyRowsGrad</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898 ">CVE-2022-41898</a>)</li>
<li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899 ">CVE-2022-41899</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a5ed5f39b6https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58584 ">#58584</a>
from tensorflow/vinila21-patch-2</li>
<li><a
href="258f9a1251cd27cfb438https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58580 ">#58580</a>
from tensorflow-jenkins/version-numbers-2.9.3-24474</li>
<li><a
href="3e75385ee6bc72c39774https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58482 ">#58482</a>
from tensorflow-jenkins/relnotes-2.9.3-25695</li>
<li><a
href="3506c90f5a8dcb48e3844f34ec8499https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58576 ">#58576</a>
from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...</li>
<li><a
href="6fc67e408f5dbe90ad21https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58570 ">#58570</a>
from tensorflow/r2.9-7b174a0f2e4</li>
<li>Additional commits viewable in <a
href="https://github.com/tensorflow/tensorflow/compare/v2.8.1...v2.9.3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/opencv/cvat/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
969d1e0fdf
Bump pillow from 9.0.1 to 9.3.0 in /cvat/requirements ( #5340 )
...
Bumps [pillow](https://github.com/python-pillow/Pillow ) from 9.0.1 to
9.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/releases ">pillow's
releases</a>.</em></p>
<blockquote>
<h2>9.3.0</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html ">https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html </a></p>
<h2>Changes</h2>
<ul>
<li>Initialize libtiff buffer when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699 ">#6699</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Limit SAMPLESPERPIXEL to avoid runtime DOS <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700 ">#6700</a>
[<a
href="https://github.com/wiredfool "><code>@wiredfool</code></a>]</li>
<li>Inline fname2char to fix memory leak <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329 ">#6329</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Fix memory leaks related to text features <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330 ">#6330</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Use double quotes for version check on old CPython on Windows <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695 ">#6695</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>GHA: replace deprecated set-output command with GITHUB_OUTPUT file
<a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6697 ">#6697</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Remove backup implementation of Round for Windows platforms <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693 ">#6693</a>
[<a href="https://github.com/cgohlke "><code>@cgohlke</code></a>]</li>
<li>Upload fribidi.dll to GitHub Actions <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6532 ">#6532</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Fixed set_variation_by_name offset <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445 ">#6445</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Windows build improvements <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6562 ">#6562</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Fix malloc in _imagingft.c:font_setvaraxes <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690 ">#6690</a>
[<a href="https://github.com/cgohlke "><code>@cgohlke</code></a>]</li>
<li>Only use ASCII characters in C source file <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6691 ">#6691</a>
[<a href="https://github.com/cgohlke "><code>@cgohlke</code></a>]</li>
<li>Release Python GIL when converting images using matrix operations <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418 ">#6418</a>
[<a href="https://github.com/hmaarrfk "><code>@hmaarrfk</code></a>]</li>
<li>Added ExifTags enums <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630 ">#6630</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Do not modify previous frame when calculating delta in PNG <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683 ">#6683</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added support for reading BMP images with RLE4 compression <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674 ">#6674</a>
[<a href="https://github.com/npjg "><code>@npjg</code></a>]</li>
<li>Decode JPEG compressed BLP1 data in original mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678 ">#6678</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>pylint warnings <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6659 ">#6659</a>
[<a
href="https://github.com/marksmayo "><code>@marksmayo</code></a>]</li>
<li>Added GPS TIFF tag info <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661 ">#6661</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added conversion between RGB/RGBA/RGBX and LAB <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647 ">#6647</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Do not attempt normalization if mode is already normal <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644 ">#6644</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Fixed seeking to an L frame in a GIF <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6576 ">#6576</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Consider all frames when selecting mode for PNG save_all <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6610 ">#6610</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Don't reassign crc on ChunkStream close <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6627 ">#6627</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Raise a warning if NumPy failed to raise an error during conversion
<a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6594 ">#6594</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Only read a maximum of 100 bytes at a time in IMT header <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6623 ">#6623</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Show all frames in ImageShow <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6611 ">#6611</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Allow FLI palette chunk to not be first <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6626 ">#6626</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>If first GIF frame has transparency for RGB_ALWAYS loading strategy,
use RGBA mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6592 ">#6592</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Round box position to integer when pasting embedded color <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6517 ">#6517</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Removed EXIF prefix when saving WebP <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6582 ">#6582</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Pad IM palette to 768 bytes when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6579 ">#6579</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added DDS BC6H reading <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6449 ">#6449</a>
[<a
href="https://github.com/ShadelessFox "><code>@ShadelessFox</code></a>]</li>
<li>Added support for opening WhiteIsZero 16-bit integer TIFF images <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6642 ">#6642</a>
[<a href="https://github.com/JayWiz "><code>@JayWiz</code></a>]</li>
<li>Raise an error when allocating translucent color to RGB palette <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6654 ">#6654</a>
[<a href="https://github.com/jsbueno "><code>@jsbueno</code></a>]</li>
<li>Moved mode check outside of loops <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6650 ">#6650</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added reading of TIFF child images <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6569 ">#6569</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Improved ImageOps palette handling <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6596 ">#6596</a>
[<a
href="https://github.com/PososikTeam "><code>@PososikTeam</code></a>]</li>
<li>Defer parsing of palette into colors <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6567 ">#6567</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Apply transparency to P images in ImageTk.PhotoImage <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6559 ">#6559</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Use rounding in ImageOps contain() and pad() <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6522 ">#6522</a>
[<a
href="https://github.com/bibinhashley "><code>@bibinhashley</code></a>]</li>
<li>Fixed GIF remapping to palette with duplicate entries <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6548 ">#6548</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Allow remap_palette() to return an image with less than 256 palette
entries <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6543 ">#6543</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Corrected BMP and TGA palette size when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6500 ">#6500</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst ">pillow's
changelog</a>.</em></p>
<blockquote>
<h2>9.3.0 (2022-10-29)</h2>
<ul>
<li>
<p>Limit SAMPLESPERPIXEL to avoid runtime DOS <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700 ">#6700</a>
[wiredfool]</p>
</li>
<li>
<p>Initialize libtiff buffer when saving <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699 ">#6699</a>
[radarhere]</p>
</li>
<li>
<p>Inline fname2char to fix memory leak <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329 ">#6329</a>
[nulano]</p>
</li>
<li>
<p>Fix memory leaks related to text features <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330 ">#6330</a>
[nulano]</p>
</li>
<li>
<p>Use double quotes for version check on old CPython on Windows <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695 ">#6695</a>
[hugovk]</p>
</li>
<li>
<p>Remove backup implementation of Round for Windows platforms <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693 ">#6693</a>
[cgohlke]</p>
</li>
<li>
<p>Fixed set_variation_by_name offset <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445 ">#6445</a>
[radarhere]</p>
</li>
<li>
<p>Fix malloc in _imagingft.c:font_setvaraxes <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690 ">#6690</a>
[cgohlke]</p>
</li>
<li>
<p>Release Python GIL when converting images using matrix operations <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418 ">#6418</a>
[hmaarrfk]</p>
</li>
<li>
<p>Added ExifTags enums <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630 ">#6630</a>
[radarhere]</p>
</li>
<li>
<p>Do not modify previous frame when calculating delta in PNG <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683 ">#6683</a>
[radarhere]</p>
</li>
<li>
<p>Added support for reading BMP images with RLE4 compression <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674 ">#6674</a>
[npjg, radarhere]</p>
</li>
<li>
<p>Decode JPEG compressed BLP1 data in original mode <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678 ">#6678</a>
[radarhere]</p>
</li>
<li>
<p>Added GPS TIFF tag info <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661 ">#6661</a>
[radarhere]</p>
</li>
<li>
<p>Added conversion between RGB/RGBA/RGBX and LAB <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647 ">#6647</a>
[radarhere]</p>
</li>
<li>
<p>Do not attempt normalization if mode is already normal <a
href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644 ">#6644</a>
[radarhere]</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d594f4cb8d909dc64ed51a51ce7b95https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699 ">#6699</a>
from hugovk/security-libtiff_buffer</li>
<li><a
href="2444cddab2https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700 ">#6700</a>
from hugovk/security-samples_per_pixel-sec</li>
<li><a
href="744f4558300846bfae48799a6a010500b25fd3ac05b175ef8813f2c5ae14https://github.com/python-pillow/Pillow/compare/9.0.1...9.3.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/opencv/cvat/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
0ab445b7a8
Replace unintended Cyrillic C letters with Latin C ( #5334 )
...
The only change in production code is the one in `shortcuts-reducer.ts`.
It makes no functional difference, however, because the shortcut in
question is not handled by the regular shortcut mechanism; the control
key is handled separately in `interactionHandler.ts`, while the string
"ctrl" in `shortcuts-reducer.ts` is only used for display purposes.
Fix ESLint errors in altered files, as well.
<!-- Raised an issue to propose your change
(https://github.com/cvat-ai/cvat/issues ).
It helps to avoid duplication of efforts from multiple independent
contributors.
Discuss your ideas with maintainers to be sure that changes will be
approved and merged.
Read the
[CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md )
guide. -->
<!-- Provide a general summary of your changes in the Title above -->
### Motivation and context
<!-- Why is this change required? What problem does it solve? If it
fixes an open
issue, please link to the issue here. Describe your changes in detail,
add
screenshots. -->
These Cyrillic Cs interfere with searching and can cause confusion.
### How has this been tested?
<!-- Please describe in detail how you tested your changes.
Include details of your testing environment, and the tests you ran to
see how your change affects other areas of the code, etc. -->
I'm relying on GitHub Actions.
### Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply.
If an item isn't applicable by a reason then ~~explicitly
strikethrough~~ the whole
line. If you don't do that github will show an incorrect process for the
pull request.
If you're unsure about any of these, don't hesitate to ask. We're here
to help! -->
- [x] I submit my changes into the `develop` branch
- ~~[ ] I have added a description of my changes into
[CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md )
file~~
- ~~[ ] I have updated the [documentation](
https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation )
accordingly~~
- ~~[ ] I have added tests to cover my changes~~
- ~~[ ] I have linked related issues ([read github docs](
https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword ))~~
- ~~[ ] I have increased versions of npm packages if it is necessary
([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning ),
[cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning ),
[cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning )
and
[cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning ))~~
### License
- [x] I submit _my code changes_ under the same [MIT License](
https://github.com/cvat-ai/cvat/blob/develop/LICENSE ) that covers the
project.
Feel free to contact the maintainers if that's a concern.
3 years ago
f47c98ebe9
Fix SDK build ( #5326 )
3 years ago
6b747b458a
Added information about 'new home' for CVAT inside OpenCV organization
3 years ago
ec7acee315
<h3>Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.</h3> ( #5321 )
...
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- cvat/requirements/development.txt
Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **441/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 3.1 | Regular Expression Denial of Service (ReDoS) <br/>[SNYK-PYTHON-SETUPTOOLS-3113904](https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904 ) | `setuptools:` <br> `39.0.1 -> 65.5.1` <br> | No | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4ZGY3ZmVkNy02YjNjLTQyZTYtOWE0YS02MDYwY2E0NjM0ZmIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjhkZjdmZWQ3LTZiM2MtNDJlNi05YTRhLTYwNjBjYTQ2MzRmYiJ9fQ== " width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr )
🛠 [Adjust project settings](https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr/settings )
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities )
[//]: # (snyk:metadata:{"prId":"8df7fed7-6b3c-42e6-9a4a-6060ca4634fb","prPublicId":"8df7fed7-6b3c-42e6-9a4a-6060ca4634fb","dependencies":[{"name":"setuptools","from":"39.0.1","to":"65.5.1"}],"packageManager":"pip","projectPublicId":"2b5f3b5d-0400-48e2-b4b8-776842affe28","projectUrl":"https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr ","type":"auto","patch":[],"vulns":["SNYK-PYTHON-SETUPTOOLS-3113904"],"upgrade":[],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[441]})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr )
3 years ago
a3bf41439d
Fix CI due to cypress verify works too long ( #5320 )
...
https://docs.cypress.io/guides/guides/command-line#cypress-verify
3 years ago
7944ef8b52
Annotation with brushing tools ( #5269 )
3 years ago
2125666be1
Bump pillow from 9.2.0 to 9.3.0 in /utils/dicom_converter ( #5319 )
...
Bumps [pillow](https://github.com/python-pillow/Pillow ) from 9.2.0 to 9.3.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases )
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst )
- [Commits](https://github.com/python-pillow/Pillow/compare/9.2.0...9.3.0 )
---
updated-dependencies:
- dependency-name: pillow
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
c446fbfabe
fix: utils/dicom_converter/requirements.txt to reduce vulnerabilities ( #5314 )
...
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113875
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113876
3 years ago
4ad7e2f74f
Fix bug with nuclio env variables ( #4712 )
...
Co-authored-by: ar.kravchuk <ar.kravchuk@2gis.ru>
Co-authored-by: Nikita Manovich <nikita@cvat.ai>
3 years ago
60da8c1da3
Bump loader-utils from 1.4.0 to 1.4.2 ( #5307 )
...
Bumps [loader-utils](https://github.com/webpack/loader-utils ) from 1.4.0 to 1.4.2.
- [Release notes](https://github.com/webpack/loader-utils/releases )
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md )
- [Commits](https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.2 )
---
updated-dependencies:
- dependency-name: loader-utils
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
b8552faa8e
Add imagePullPolicy into Helm chart ( #5313 )
...
Co-authored-by: dalli <skcha67@gmail.com>
3 years ago
7383c17c8e
python-logstash-async upgrade ( #4574 )
...
Co-authored-by: Andrey Zhavoronkov <andrey@cvat.ai>
3 years ago
25503a35d2
Fix export job ( #5282 )
3 years ago
c86746c785
Convert `api.ts`, `api-implementation.ts` and `frames.ts` to ES6 modules ( #5283 )
...
This fixes ESLint errors in these files.
Set the `resolveJsonModule` setting, so that TypeScript can recognize the
`package.json` import.
3 years ago
5dd7eff97a
fix: Dockerfile.ui to reduce vulnerabilities ( #5286 )
...
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3063712
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3063712
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3063713
- https://snyk.io/vuln/SNYK-ALPINE316-CURL-3063713
- https://snyk.io/vuln/SNYK-ALPINE316-LIBXML2-3050527
3 years ago
e44decf76a
[Snyk] Security upgrade pillow from 9.0.1 to 9.2.0 ( #5291 )
...
* fix: utils/dataset_manifest/requirements.txt to reduce vulnerabilities
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113875
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113876
* Update utils/dataset_manifest/requirements.txt
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Nikita Manovich <nikita@cvat.ai>
3 years ago
23257a2a26
Significantly reduced the number of queries to DB from api/jobs, api/tasks, and api/projects endpoints. ( #5304 )
3 years ago
10baa5f135
Fix: visibility and ignored information fail to be loaded (MOT dataset format) ( #5270 )
3 years ago
7706eee504
Improved UX of signing pages ( #5295 )
3 years ago
e2d9860259
Cleanup the partner section
3 years ago
7265553654
Supported type for all labels ( #5273 )
...
* Supported type for all labels
* Multiple fixes in UI for new type scheme
* Fixed on 3d annotation view
* Fixed tests
* Updated version && changelog
* Fixed test
* Added type
* Fixed typos
* Fixed minor comments
3 years ago
6acab035f2
Improved UX of user logout ( #5266 )
...
* Improved UX of user logout
* Updated version & changelog
* Fixed ?next='' query parameter
* Updated license header
3 years ago
080755a8da
Fixed issue 5256, improved 'occluded' visualization ( #5259 )
...
* Fixed issue 5256, improved 'occluded' visualization
* Updated version & added test
* Updated changelog
* Fixed tests
3 years ago
92ba1ab845
New authentication UI ( #5181 )
...
* Add social accounts authentication && improve email confirmation
* Pass env variables to docker
* Update helm chart
* Update email verification templates
* Small refactoring
* Send email verification && redirect to /auth/email-verification-sent
* added new login form
* added main assets
* added main social buttons
* changed reset password form
* refactored reset password page
* Fix helm chart
* Fix typo
* Pass enabled advanced auth methods to client
* Rename class
* Fix
* Fix helm
* Fix github scope
* changed register page
* adjusted no social auth methods
* Some fixes
* Fix schema generation
* Fixes
* Apply comments
* Update changelog
* added responsiveness, refactored inputs
* cleanup
* fixed email-confirmed.tsx
* updated reset page, changed style on register page
* added fonts, fixed some ui problems
* removed some code
* fixed index.html
* made resizing less expressed
* fixed form sizing, issue#5166
* fixed submiting form by enter
* made toggle bigger, fixed headers
* updated versions
* removed extra lines
* fixed fields on form
* changed tests
* fixed more tests
* fixed comments
* reverted header
* added grid-unit-size for height, removed for fonts
* added new animation
Co-authored-by: Maya <maya17grd@gmail.com>
3 years ago
e5d01359aa
Removed code duplications, added checks to CI ( #5253 )
3 years ago
aadfd8814e
Fix TUS offset queries in production environments ( #5204 )
...
* Fix TUS offset queries in production environments
Previously, `mod_wsgi` would convert `HEAD` requests into `GET`, which
would be rejected, so clients were unable to resume an upload that failed
midway through.
To make use of this, update the SDK code to enable upload resumption.
* Add a test that forces a chunked TUS upload
* test_can_create_from_backup_in_chunks: make sure the upload is actually chunked
3 years ago
46b88c11ab
Development guide update ( #5255 )
...
Added missed port forwarding option to the development guide.
3 years ago
0b7fb04a09
fix pascal_voc import bug ( #4647 )
...
* fix pascal_voc import bug
* Add tests
* Fix black
* Small fixes
* Fix test
* Fix black
* Update Changelog
* Fix Changelog
* Fixes
* Remove unnecessary changes
* Remove unnecessary changes
* Join tests
* Small fix
* Fixes
* Fix pylint
* Remove unused import
* Small fix
Co-authored-by: yasakova-anastasia <yasakova_anastasiya@mail.ru>
3 years ago
ba74709c40
Add tests for export job dataset ( #5160 )
3 years ago
Kirill Lakhov
Maria Khrustaleva
Andrey Zhavoronkov
Roman Donchenko
Nikita Manovich
Boris Sekachev
Kirill Sizov
Mariia Acoca
Anastasia Yasakova
dependabot[bot]
Snyk bot
Artem
PMazarovich
magician
