Bump the tensorflow group in /tensorflow with 2 updates #468

dependabot · 2024-10-21T13:29:34Z

Bumps the tensorflow group in /tensorflow with 2 updates: pillow and jupyterhub.

Updates pillow from 10.4.0 to 11.0.0

Release notes

11.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/11.0.0.html

Changes

Do not create core image in TIFF seek() #8392 [@radarhere]

Removed custom build_openjpeg #8365 [@radarhere]

Support writing LONG8 offsets in AppendingTiffWriter #8417 [@radarhere]

Use ImageFile.MAXBLOCK when saving TIFF images #8461 [@radarhere]

Always raise warnings for deprecated feature checks #8459 [@radarhere]

Do not close provided file handles with libtiff when saving #8458 [@radarhere]

Revert "Skip QEMU-emulated wheels on workflow dispatch event" #8455 [@radarhere]

Support ImageFilter.BuiltinFilter for I;16* images #8438 [@radarhere]

[pre-commit.ci] pre-commit autoupdate #8448 [@pre-commit-ci]

Use ImagingCore.ptr instead of ImagingCore.id #8341 [@homm]

Simplified code #8445 [@radarhere]

Removed unused code #8447 [@radarhere]

Updated EPS mode when opening images without transparency #8281 [@Yay295]

Use transparency when combining P frames from APNGs #8443 [@radarhere]

Generate and upload attestations to PyPI #8441 [@hugovk]

Do not convert images unnecessarily in ImageEnhance #8431 [@radarhere]

Raise an error if path is compacted during mapping #8416 [@radarhere]

Support all resampling filters when resizing I;16* images #8422 [@radarhere]

Free memory on early return #8413 [@radarhere]

Cast int before potentially exceeding INT_MAX #8402 [@radarhere]

Prevent division by zero #8408 [@radarhere]

Check image value before use #8400 [@radarhere]

Use ruff check #8423 [@radarhere]

Change harfbuzz versions in wheels #8421 [@radarhere]

Use Capsule for WebP saving #8386 [@homm]

Fixed writing multiple StripOffsets to TIFF #8317 [@Yay295]

Updated macOS deployment target for PyPy on Intel to 10.15 #8414 [@radarhere]

Fix dereference before checking for NULL in ImagingTransformAffine #8398 [@PavlNekrasov]

Use transposed size after opening for TIFF images #8390 [@radarhere]

Improve ImageFont error messages #8338 [@yngvem]

Mention MAX_TEXT_CHUNK limit in PNG error message #8391 [@radarhere]

Cast Dib handle to int #8385 [@radarhere]

Updated macOS deployment target for Python >= 3.12 on Intel to 10.13 #8379 [@radarhere]

Removed unused ImagePath variable #8377 [@radarhere]

Change macos-14 to macos-latest #8376 [@radarhere]

Accept float stroke widths #8369 [@radarhere]

Remove comments #8370 [@radarhere]

Removed libffi-dev #8368 [@radarhere]

Improved handling of RGBA palettes when saving GIF images #8366 [@radarhere]

Support converting more modes to LAB by converting to RGBA first #8358 [@radarhere]

Optimize getbbox() and getextrema() routines #8194 [@homm]

Removed unused TiffImagePlugin IFD_LEGACY_API #8355 [@radarhere]

Handle duplicate EXIF header #8350 [@zakajd]

Use (void) for empty function parameters #8002 [@Yay295]

Return early from BoxBlur if either width or height is zero #8347 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

11.0.0 (2024-10-15)

Update licence to MIT-CMU #8460 [hugovk]

Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

Do not close provided file handles with libtiff when saving #8458 [radarhere]

Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

Use transparency when combining P frames from APNGs #8443 [radarhere]

Support all resampling filters when resizing I;16* images #8422 [radarhere]

Free memory on early return #8413 [radarhere]

Cast int before potentially exceeding INT_MAX #8402 [radarhere]

Check image value before use #8400 [radarhere]

Improved copying imagequant libraries #8420 [radarhere]

Use Capsule for WebP saving #8386 [homm, radarhere]

Fixed writing multiple StripOffsets to TIFF #8317 [Yay295, radarhere]

... (truncated)

Commits

204aae6 11.0.0 version bump
f2cc87b Update CHANGES.rst [ci skip]
c855e8e Merge pull request #8464 from radarhere/imagemath_type_hint
dc37515 Merge pull request #8463 from hugovk/update-3.13-date
c3d81d6 Update Python 3.13 release date
a60610c Added type hints
a5c58f2 Merge pull request #8460 from hugovk/mit-cmu
e74994e Update licence to MIT-CMU
b5e1115 Update CHANGES.rst [ci skip]
686b5e2 Merge pull request #8392 from radarhere/tiff_seek
Additional commits viewable in compare view

Updates jupyterhub from 5.2.0 to 5.2.1

Commits

9749b6e Bump to 5.2.1
979b47d Merge pull request #4935 from consideRatio/pr/cl521
c12ccaf changelog for 5.2.1
acc51db Merge pull request #4934 from minrk/nicer-import-error
51dcbe4 jupyterhub[singleuser]'s not a thing
6da70e9 informative error on missing dependencies for singleuser server
1cb98ce Merge pull request #4932 from manics/subdowmain-doc
f2ecf6a Merge pull request #4930 from consideRatio/pr/startup-service
0a4c3bb Remove unnecessary exc_info from log
e4ae7ce Remove out-of-date info from subdomain_hook doc
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

github-actions · 2024-10-21T13:34:47Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

tensorflow/jupyter-requirements.txt

Package	Version	License	Issue Type
jupyterhub	5.2.1	Null	Unknown License

OpenSSF Scorecard

Package

Version

Score

Details

pip/jupyterhub

5.2.1

🟢 5.6

Details

Check	Score	Reason
Code-Review	🟢 6	Found 6/9 approved changesets -- score normalized to 6
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	⚠️ 2	8 existing vulnerabilities detected

pip/pillow

11.0.0

🟢 7.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 6	Found 12/18 approved changesets -- score normalized to 6
License	🟢 9	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

pip/pillow

11.0.0

🟢 7.3

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 6	Found 12/18 approved changesets -- score normalized to 6
License	🟢 9	license file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

tensorflow/jupyter-requirements.txt

jupyterhub@5.2.1
jupyterhub@5.2.0

tensorflow/requirements.txt

pillow@11.0.0
pillow@10.4.0

tensorflow/serving/requirements.txt

pillow@11.0.0
pillow@10.4.0

github-advanced-security · 2024-10-21T14:04:08Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

tylertitsworth · 2024-10-21T16:09:11Z

@dependabot rebase

tylertitsworth · 2024-10-21T18:16:03Z

@dependabot rebase

Bumps the tensorflow group in /tensorflow with 2 updates: [pillow](https://github.com/python-pillow/Pillow) and [jupyterhub](https://github.com/jupyterhub/jupyterhub). Updates `pillow` from 10.4.0 to 11.0.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.4.0...11.0.0) Updates `jupyterhub` from 5.2.0 to 5.2.1 - [Changelog](https://github.com/jupyterhub/jupyterhub/blob/main/RELEASE.md) - [Commits](jupyterhub/jupyterhub@5.2.0...5.2.1) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-major dependency-group: tensorflow - dependency-name: jupyterhub dependency-type: direct:production update-type: version-update:semver-patch dependency-group: tensorflow ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2024-10-21T18:59:01Z

Integration Test Results

Groups Tested: tensorflow/tests

Results

Test-Group	Test	Status
tensorflow/tests	import-itex-cpu-pip	PASS
tensorflow/tests	import-itex-cpu-idp	PASS
tensorflow/tests	import-itex-xpu-pip	PASS
tensorflow/tests	import-itex-xpu-idp	PASS
tensorflow/tests	import-cpu-jupyter-pip	PASS
tensorflow/tests	import-cpu-jupyter-idp	PASS
tensorflow/tests	import-xpu-jupyter-pip	PASS
tensorflow/tests	import-xpu-jupyter-idp	PASS
tensorflow/tests	itex-cpu-pip	PASS
tensorflow/tests	itex-cpu-idp	PASS
tensorflow/tests	itex-xpu-pip	PASS
tensorflow/tests	itex-xpu-idp	PASS
tensorflow/tests	itex-xpu-jupyter-pip	PASS
tensorflow/tests	itex-xpu-jupyter-idp	PASS

Overall Result: PASS ✅

Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: jafraustro <jaime.fraustro.valdez@intel.com>

dependabot bot requested review from tylertitsworth, jitendra42 and sramakintel as code owners October 21, 2024 13:29

dependabot bot added the dependencies Pull requests that update a dependency file label Oct 21, 2024

dependabot bot requested a review from sharvil10 as a code owner October 21, 2024 13:29

dependabot bot added the python Pull requests that update Python code label Oct 21, 2024

dependabot bot force-pushed the dependabot/pip/tensorflow/tensorflow-ced4724ca5 branch from cc72e0b to 3d227b0 Compare October 21, 2024 16:10

dependabot bot force-pushed the dependabot/pip/tensorflow/tensorflow-ced4724ca5 branch from 3d227b0 to 654a35e Compare October 21, 2024 18:17

tylertitsworth approved these changes Oct 21, 2024

View reviewed changes

tylertitsworth merged commit d15a722 into main Oct 21, 2024
38 checks passed

tylertitsworth deleted the dependabot/pip/tensorflow/tensorflow-ced4724ca5 branch October 21, 2024 19:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the tensorflow group in /tensorflow with 2 updates #468

Bump the tensorflow group in /tensorflow with 2 updates #468

dependabot bot commented on behalf of github Oct 21, 2024 •

edited

Loading

github-actions bot commented Oct 21, 2024 •

edited

Loading

github-advanced-security bot commented Oct 21, 2024

tylertitsworth commented Oct 21, 2024

tylertitsworth commented Oct 21, 2024

github-actions bot commented Oct 21, 2024

Bump the tensorflow group in /tensorflow with 2 updates #468

Bump the tensorflow group in /tensorflow with 2 updates #468

Conversation

dependabot bot commented on behalf of github Oct 21, 2024 • edited Loading

11.0.0

Changes

11.0.0 (2024-10-15)

github-actions bot commented Oct 21, 2024 • edited Loading

Dependency Review

License Issues

tensorflow/jupyter-requirements.txt

OpenSSF Scorecard

Scanned Manifest Files

github-advanced-security bot commented Oct 21, 2024

tylertitsworth commented Oct 21, 2024

tylertitsworth commented Oct 21, 2024

github-actions bot commented Oct 21, 2024

Integration Test Results

Overall Result: PASS ✅

dependabot bot commented on behalf of github Oct 21, 2024 •

edited

Loading

github-actions bot commented Oct 21, 2024 •

edited

Loading