Bump pillow from 11.0.0 to 11.1.0 #11488

dependabot · 2025-01-02T12:29:00Z

Bumps pillow from 11.0.0 to 11.1.0.

Release notes

11.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/11.1.0.html

Documentation

Added release notes for writing XMP bytes to JPEG and MPO #8627 [@radarhere]

Added release notes for using zlib-ng instead of zlib #8599 [@radarhere]

Replace python-pillow.org with python-pillow.github.io #8586 [@hugovk]

ImageFile tile is never None #8582 [@radarhere]

Only use start year in copyright, remove end years #8577 [@hugovk]

Python 3.12 is tested on MinGW #8575 [@radarhere]

Use brew formula to install libraqm #8574 [@radarhere]

Added link to GitHub releases in CHANGES #8571 [@radarhere]

Release drafter: move removals, deprecations, documentation up, and uncategorised changes last #8570 [@hugovk]

Updated macOS tested Pillow versions #8538 [@radarhere]

Use test image filename #8534 [@radarhere]

Update Windows 11 Arm64 tested versions #8523 [@nulano]

Move MPO into "Fully supported formats" #8504 [@radarhere]

Update license to MIT-CMU #8490 [@radarhere]

Dependencies

Update dependency mypy to v1.14.1 #8643 [@renovate]

Update dependency mypy to v1.14.0 #8613 [@renovate]

Updated libwebp to 1.5.0 #8612 [@radarhere]

Updated libXau to 1.0.12 #8598 [@radarhere]

Updated libjpeg-turbo to 3.1.0 #8595 [@radarhere]

Updated harfbuzz to 10.1.0 #8533 [@radarhere]

Updated openjpeg to 2.5.3 #8591 [@radarhere]

Update dependency cibuildwheel to v2.22.0 #8580 [@renovate]

Update codecov/codecov-action action to v5 #8557 [@renovate]

Migrate renovate config #8527 [@renovate]

Update dependency mypy to v1.13.0 #8491 [@renovate]

Update dependency mypy to v1.12.1 #8487 [@renovate]

Testing

Added CentOS Stream 10 #8646 [@radarhere]

Use monkeypatch #8628 [@radarhere]

Pass file handle to ContainerIO #8625 [@radarhere]

Use register_handler #8499 [@radarhere]

Use monkeypatch #8626 [@radarhere]

Test libjpeg-turbo on macOS #8596 [@radarhere]

Test 3.13t (free-threaded) from Quansight-Labs/setup-python on Linux and macOS #8565 [@hugovk]

Run gcc problem matcher on Python 3.13 #8541 [@radarhere]

Add trove-classifiers>=2024.10.12 to 'tests' extra and use for Windows CI #8514 [@hugovk]

Apply security fixes to GitHub Actions #8526 [@hugovk]

Remove unused gcov: true for codecov-action@v4 #8521 [@hugovk]

Added Fedora 41 #8520 [@radarhere]

Do not repeatedly save to the same path #8512 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

11.1.0 and newer

See GitHub Releases:

https://github.com/python-pillow/Pillow/releases

Commits

4c1aed8 11.1.0 version bump
dfb368a Merge pull request #8651 from radarhere/blp
5d998d3 Improved coverage
6b75e06 Do not reread start of header in decoder
b89cc09 Corrected BLP1 alpha depth handling
aa0f412 Merge pull request #8646 from radarhere/centos
e344271 Added CentOS Stream 10
17f09f3 Merge pull request #8644 from radarhere/c99
d42f22b Added release notes
c7026d9 Merge pull request #8642 from radarhere/bigtiff
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pillow](https://github.com/python-pillow/Pillow) from 11.0.0 to 11.1.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@11.0.0...11.1.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dryrunsecurity · 2025-01-02T12:29:16Z

DryRun Security Summary

This pull request updates the dependencies in the requirements.txt file, primarily focusing on upgrading the Pillow library to version 11.1.0 and updating various other Python libraries to their latest stable versions.

Expand for full summary

Summary:

The code changes in this pull request primarily focus on updating the dependencies listed in the requirements.txt file. The most notable change is the update of the Pillow library from version 11.0.0 to 11.1.0, which is a dependency for the django-imagekit package used in the DefectDojo application. Updating dependencies to their latest stable versions is generally a good practice, as it can include bug fixes, security patches, and performance improvements. However, it's important to thoroughly test any dependency updates to ensure they don't introduce any regressions or breaking changes in the application.

The other changes in the requirements.txt file appear to be updating various Python libraries and their dependencies to their latest versions, which is a common practice in software development to keep the application's dependencies up-to-date and secure. From an application security perspective, these changes do not raise any immediate concerns, but it's always important to review the changelog and release notes for any updated dependencies to ensure there are no known security vulnerabilities or issues that could impact the application.

Files Changed:

requirements.txt: This file has been updated to include the following changes:
- The Pillow library has been updated from version 11.0.0 to 11.1.0.
- Various other Python libraries and their dependencies have been updated to their latest versions.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.

mtesauro

Approved

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 2, 2025

mtesauro approved these changes Jan 2, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump pillow from 11.0.0 to 11.1.0 #11488

Bump pillow from 11.0.0 to 11.1.0 #11488

dependabot bot commented on behalf of github Jan 2, 2025

dryrunsecurity bot commented Jan 2, 2025

mtesauro left a comment

Bump pillow from 11.0.0 to 11.1.0 #11488

Are you sure you want to change the base?

Bump pillow from 11.0.0 to 11.1.0 #11488

Conversation

dependabot bot commented on behalf of github Jan 2, 2025

11.1.0

Documentation

Dependencies

Testing

11.1.0 and newer

dryrunsecurity bot commented Jan 2, 2025

DryRun Security Summary

Code Analysis

mtesauro left a comment

Choose a reason for hiding this comment