- 02 12月, 2022 7 次提交
-
-
由 Nikita Manovich 提交于
Fix https://github.com/opencv/cvat/issues/5245 The PR contains a simple fix. Just return BAD REQUEST if somebody tries to export a task without data. It doesn't make sense. But a more complex fix will require changing a massive amount of code. It doesn't make any sense to support such a weird scenario.
-
由 Mariia Acoca 提交于
-
由 Boris Sekachev 提交于
-
由 Andrey Zhavoronkov 提交于
-
由 Andrey Zhavoronkov 提交于
-
由 Maxim Zhiltsov 提交于
Follow up for #5394 The existing text wont work in a clean repo. This PR adds missing info.
-
由 Maria Khrustaleva 提交于
-
- 01 12月, 2022 4 次提交
-
-
由 Boris Sekachev 提交于
-
由 Nikita Manovich 提交于
Fix https://github.com/opencv/cvat/issues/5214 1. Stable names for containers (_ vs -) 2. Improve documentation
-
由 Kirill Lakhov 提交于
<!-- Raised an issue to propose your change (https://github.com/cvat-ai/cvat/issues). It helps to avoid duplication of efforts from multiple independent contributors. Discuss your ideas with maintainers to be sure that changes will be approved and merged. Read the [CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md) guide. --> <!-- Provide a general summary of your changes in the Title above --> ### Motivation and context <!-- Why is this change required? What problem does it solve? If it fixes an open issue, please link to the issue here. Describe your changes in detail, add screenshots. --> Resolved #5274 + Fixed typo in tests ### How has this been tested? <!-- Please describe in detail how you tested your changes. Include details of your testing environment, and the tests you ran to see how your change affects other areas of the code, etc. --> ### Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply. If an item isn't applicable by a reason then ~~explicitly strikethrough~~ the whole line. If you don't do that github will show an incorrect process for the pull request. If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] I submit my changes into the `develop` branch - [x] I have added a description of my changes into [CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md) file - [ ] I have updated the [documentation]( https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation) accordingly - [x] I have added tests to cover my changes - [x] I have linked related issues ([read github docs]( https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword)) - [x] I have increased versions of npm packages if it is necessary ([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning), [cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning), [cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning) and [cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning)) ### License - [x] I submit _my code changes_ under the same [MIT License]( https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the project. Feel free to contact the maintainers if that's a concern.
-
由 Maria Khrustaleva 提交于
-
- 30 11月, 2022 6 次提交
-
-
由 Andrey Zhavoronkov 提交于
-
由 Andrey Zhavoronkov 提交于
-
由 Maria Khrustaleva 提交于
<!-- Raised an issue to propose your change (https://github.com/cvat-ai/cvat/issues). It helps to avoid duplication of efforts from multiple independent contributors. Discuss your ideas with maintainers to be sure that changes will be approved and merged. Read the [CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md) guide. --> <!-- Provide a general summary of your changes in the Title above --> ### Motivation and context <!-- Why is this change required? What problem does it solve? If it fixes an open issue, please link to the issue here. Describe your changes in detail, add screenshots. --> Closes #5361 ### How has this been tested? <!-- Please describe in detail how you tested your changes. Include details of your testing environment, and the tests you ran to see how your change affects other areas of the code, etc. --> Updated existing cypress test ### Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply. If an item isn't applicable by a reason then ~~explicitly strikethrough~~ the whole line. If you don't do that github will show an incorrect process for the pull request. If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] I submit my changes into the `develop` branch - [x] I have added a description of my changes into [CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md) file ~~- [ ] I have updated the [documentation]( https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation) accordingly~~ - [x] I have added tests to cover my changes - [x] I have linked related issues ([read github docs]( https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword)) - [x] I have increased versions of npm packages if it is necessary ([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning), [cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning), [cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning) and [cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning)) ### License - [x] I submit _my code changes_ under the same [MIT License]( https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the project. Feel free to contact the maintainers if that's a concern. Co-authored-by: NNikita Manovich <nikita@cvat.ai>
-
由 Roman Donchenko 提交于
* rq 1.5.1 uses `collections.Iterable` (long deprecated and deleted in Python 3.10). 1.5.2 fixes this issue. To avoid potential regressions, don't bump the version further. * av 8.0.2 was built with old Cython, which generates C code incompatible with Python 3.10. The newest version is av 10.0.0, but that drops support for FFmpeg<4.3, which would make it unbuildable using the default Ubuntu 20.04 FFmpeg packages. To avoid that problem, use the previous version, 9.2.0. <!-- Raised an issue to propose your change (https://github.com/cvat-ai/cvat/issues). It helps to avoid duplication of efforts from multiple independent contributors. Discuss your ideas with maintainers to be sure that changes will be approved and merged. Read the [CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md) guide. --> <!-- Provide a general summary of your changes in the Title above --> ### Motivation and context <!-- Why is this change required? What problem does it solve? If it fixes an open issue, please link to the issue here. Describe your changes in detail, add screenshots. --> This makes it possible to run CVAT on Python 3.10. Fixes #5262. ### How has this been tested? <!-- Please describe in detail how you tested your changes. Include details of your testing environment, and the tests you ran to see how your change affects other areas of the code, etc. --> I'm relying on CI. ### Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply. If an item isn't applicable by a reason then ~~explicitly strikethrough~~ the whole line. If you don't do that github will show an incorrect process for the pull request. If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] I submit my changes into the `develop` branch - ~~[ ] I have added a description of my changes into [CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md) file~~ - ~~[ ] I have updated the [documentation]( https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation) accordingly~~ - ~~[ ] I have added tests to cover my changes~~ - [x] I have linked related issues ([read github docs]( https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword)) - ~~[ ] I have increased versions of npm packages if it is necessary ([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning), [cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning), [cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning) and [cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning))~~ ### License - [x] I submit _my code changes_ under the same [MIT License]( https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the project. Feel free to contact the maintainers if that's a concern.
-
由 Nikita Manovich 提交于
PR https://github.com/opencv/cvat/pull/4543 didn't add a new migration. The migration wasn't critical. At least it was not led to any problems.
-
由 Roman Donchenko 提交于
-
- 29 11月, 2022 2 次提交
-
-
由 Boris Sekachev 提交于
<!-- Raised an issue to propose your change (https://github.com/cvat-ai/cvat/issues). It helps to avoid duplication of efforts from multiple independent contributors. Discuss your ideas with maintainers to be sure that changes will be approved and merged. Read the [CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md) guide. --> <!-- Provide a general summary of your changes in the Title above --> ### Motivation and context Resolved #2998 <img width="428" alt="image" src="https://user-images.githubusercontent.com/40690378/203806586-1367477b-cfff-46f1-947b-d0292cd6f02e.png"> ### How has this been tested? <!-- Please describe in detail how you tested your changes. Include details of your testing environment, and the tests you ran to see how your change affects other areas of the code, etc. --> ### Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply. If an item isn't applicable by a reason then ~~explicitly strikethrough~~ the whole line. If you don't do that github will show an incorrect process for the pull request. If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] I submit my changes into the `develop` branch - [x] I have added a description of my changes into [CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md) file - [ ] I have updated the [documentation]( https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation) accordingly - [x] I have added tests to cover my changes - [x] I have linked related issues ([read github docs]( https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword)) - [x] I have increased versions of npm packages if it is necessary ([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning), [cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning), [cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning) and [cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning)) ### License - [x] I submit _my code changes_ under the same [MIT License]( https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the project. Feel free to contact the maintainers if that's a concern.
-
由 Kirill Sizov 提交于
-
- 27 11月, 2022 1 次提交
-
-
由 Roman Donchenko 提交于
-
- 25 11月, 2022 2 次提交
-
-
由 Roman Donchenko 提交于
Currently, all properties of the server proxy object are created using `Object.defineProperties` in the constructor, which means that IDEs like VS Code can't analyze the file's static structure to determine what properties there are and what types they have. Consequently, things like autocomplete and go-to-definition don't work. Fix that by removing the `ServerProxy` class altogether and exporting an anonymous object with all properties defined statically.
-
由 Mariia Acoca 提交于
Link to the old videos removed as there were changes made in CVAT interface and now these videos are a bit confusing Links to playlists of the updated videos were added with the description what these videos contact Contacts sections updated General proofreading
-
- 24 11月, 2022 6 次提交
-
-
由 Anastasia Yasakova 提交于
-
由 Mariia Acoca 提交于
-
由 Boris Sekachev 提交于
-
由 dependabot[bot] 提交于
-
由 Kirill Lakhov 提交于
-
由 Maria Khrustaleva 提交于
-
- 23 11月, 2022 2 次提交
-
-
由 dependabot[bot] 提交于
Bumps [tensorflow](https://github.com/tensorflow/tensorflow) from 2.8.1 to 2.9.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tensorflow/tensorflow/releases">tensorflow's releases</a>.</em></p> <blockquote> <h2>TensorFlow 2.9.3</h2> <h1>Release 2.9.3</h1> <p>This release introduces several vulnerability fixes:</p> <ul> <li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887">CVE-2022-41887</a>)</li> <li>Fixes a heap OOB failure in <code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880">CVE-2022-41880</a>)</li> <li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884">CVE-2022-41884</a>)</li> <li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885">CVE-2022-41885</a>)</li> <li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886">CVE-2022-41886</a>)</li> <li>Fixes an FPE in <code>tf.image.generate_bounding_box_proposals</code> on GPU (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888">CVE-2022-41888</a>)</li> <li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid attributes (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889">CVE-2022-41889</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890">CVE-2022-41890</a>)</li> <li>Fixes a segfault in <code>TensorListConcat</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891">CVE-2022-41891</a>)</li> <li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893">CVE-2022-41893</a>)</li> <li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894">CVE-2022-41894</a>)</li> <li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895">CVE-2022-41895</a>)</li> <li>Fixes a crash in <code>Mfcc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896">CVE-2022-41896</a>)</li> <li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897">CVE-2022-41897</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SparseFillEmptyRowsGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898">CVE-2022-41898</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899">CVE-2022-41899</a>)</li> <li>Fixes a heap OOB in <code>FractionalAvgPool</code> and <code>FractionalMaxPool</code>(<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900">CVE-2022-41900</a>)</li> <li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901">CVE-2022-41901</a>)</li> <li>Fixes an OOB write in grappler (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902">CVE-2022-41902</a>)</li> <li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907">CVE-2022-41907</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908">CVE-2022-41908</a>)</li> <li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909">CVE-2022-41909</a>)</li> <li>Fixes a invalid char to bool conversion in printing a tensor (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911">CVE-2022-41911</a>)</li> <li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910">CVE-2022-41910</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code> and <code>TensorListScatterV2</code> in eager mode (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> </ul> <h2>TensorFlow 2.9.2</h2> <h1>Release 2.9.2</h1> <p>This releases introduces several vulnerability fixes:</p> <ul> <li>Fixes a <code>CHECK</code> failure in tf.reshape caused by overflows (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35934">CVE-2022-35934</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> <li>Fixes an OOB read in <code>Gather_nd</code> op in TF Lite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35937">CVE-2022-35937</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>TensorListReserve</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35960">CVE-2022-35960</a>)</li> <li>Fixes an OOB write in <code>Scatter_nd</code> op in TF Lite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35939">CVE-2022-35939</a>)</li> <li>Fixes an integer overflow in <code>RaggedRangeOp</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35940">CVE-2022-35940</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>AvgPoolOp</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35941">CVE-2022-35941</a>)</li> <li>Fixes a <code>CHECK</code> failures in <code>UnbatchGradOp</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35952">CVE-2022-35952</a>)</li> <li>Fixes a segfault TFLite converter on per-channel quantized transposed convolutions (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36027">CVE-2022-36027</a>)</li> <li>Fixes a <code>CHECK</code> failures in <code>AvgPool3DGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35959">CVE-2022-35959</a>)</li> <li>Fixes a <code>CHECK</code> failures in <code>FractionalAvgPoolGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35963">CVE-2022-35963</a>)</li> <li>Fixes a segfault in <code>BlockLSTMGradV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35964">CVE-2022-35964</a>)</li> <li>Fixes a segfault in <code>LowerBound</code> and <code>UpperBound</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35965">CVE-2022-35965</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md">tensorflow's changelog</a>.</em></p> <blockquote> <h1>Release 2.9.3</h1> <p>This release introduces several vulnerability fixes:</p> <ul> <li>Fixes an overflow in <code>tf.keras.losses.poisson</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41887">CVE-2022-41887</a>)</li> <li>Fixes a heap OOB failure in <code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880">CVE-2022-41880</a>)</li> <li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884">CVE-2022-41884</a>)</li> <li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885">CVE-2022-41885</a>)</li> <li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886">CVE-2022-41886</a>)</li> <li>Fixes an FPE in <code>tf.image.generate_bounding_box_proposals</code> on GPU (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888">CVE-2022-41888</a>)</li> <li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid attributes (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889">CVE-2022-41889</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890">CVE-2022-41890</a>)</li> <li>Fixes a segfault in <code>TensorListConcat</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891">CVE-2022-41891</a>)</li> <li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893">CVE-2022-41893</a>)</li> <li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894">CVE-2022-41894</a>)</li> <li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895">CVE-2022-41895</a>)</li> <li>Fixes a crash in <code>Mfcc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896">CVE-2022-41896</a>)</li> <li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897">CVE-2022-41897</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SparseFillEmptyRowsGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898">CVE-2022-41898</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899">CVE-2022-41899</a>)</li> <li>Fixes a heap OOB in <code>FractionalAvgPool</code> and <code>FractionalMaxPool</code>(<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41900">CVE-2022-41900</a>)</li> <li>Fixes a <code>CHECK_EQ</code> in <code>SparseMatrixNNZ</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41901">CVE-2022-41901</a>)</li> <li>Fixes an OOB write in grappler (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41902">CVE-2022-41902</a>)</li> <li>Fixes a overflow in <code>ResizeNearestNeighborGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41907">CVE-2022-41907</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>PyFunc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41908">CVE-2022-41908</a>)</li> <li>Fixes a segfault in <code>CompositeTensorVariantToComponents</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41909">CVE-2022-41909</a>)</li> <li>Fixes a invalid char to bool conversion in printing a tensor (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41911">CVE-2022-41911</a>)</li> <li>Fixes a heap overflow in <code>QuantizeAndDequantizeV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41910">CVE-2022-41910</a>)</li> <li>Fixes a <code>CHECK</code> failure in <code>SobolSample</code> via missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>TensorListScatter</code> and <code>TensorListScatterV2</code> in eager mode (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35935">CVE-2022-35935</a>)</li> </ul> <h1>Release 2.8.4</h1> <p>This release introduces several vulnerability fixes:</p> <ul> <li>Fixes a heap OOB failure in <code>ThreadUnsafeUnigramCandidateSampler</code> caused by missing validation (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41880">CVE-2022-41880</a>)</li> <li>Fixes a segfault in <code>ndarray_tensor_bridge</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41884">CVE-2022-41884</a>)</li> <li>Fixes an overflow in <code>FusedResizeAndPadConv2D</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41885">CVE-2022-41885</a>)</li> <li>Fixes a overflow in <code>ImageProjectiveTransformV2</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41886">CVE-2022-41886</a>)</li> <li>Fixes an FPE in <code>tf.image.generate_bounding_box_proposals</code> on GPU (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41888">CVE-2022-41888</a>)</li> <li>Fixes a segfault in <code>pywrap_tfe_src</code> caused by invalid attributes (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41889">CVE-2022-41889</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>BCast</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41890">CVE-2022-41890</a>)</li> <li>Fixes a segfault in <code>TensorListConcat</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41891">CVE-2022-41891</a>)</li> <li>Fixes a <code>CHECK_EQ</code> fail in <code>TensorListResize</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41893">CVE-2022-41893</a>)</li> <li>Fixes an overflow in <code>CONV_3D_TRANSPOSE</code> on TFLite (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41894">CVE-2022-41894</a>)</li> <li>Fixes a heap OOB in <code>MirrorPadGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41895">CVE-2022-41895</a>)</li> <li>Fixes a crash in <code>Mfcc</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41896">CVE-2022-41896</a>)</li> <li>Fixes a heap OOB in <code>FractionalMaxPoolGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41897">CVE-2022-41897</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SparseFillEmptyRowsGrad</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41898">CVE-2022-41898</a>)</li> <li>Fixes a <code>CHECK</code> fail in <code>SdcaOptimizer</code> (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41899">CVE-2022-41899</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tensorflow/tensorflow/commit/a5ed5f39b675a1c6f315e0caf3ad4b38478fa571"><code>a5ed5f3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58584">#58584</a> from tensorflow/vinila21-patch-2</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/258f9a1251346d93e129c53f82d21732df6067f5"><code>258f9a1</code></a> Update py_func.cc</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/cd27cfb438b78a019ff8a215a9d6c58d10c062c3"><code>cd27cfb</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58580">#58580</a> from tensorflow-jenkins/version-numbers-2.9.3-24474</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/3e75385ee6c9ef8f06d6848244e1421c603dd4a1"><code>3e75385</code></a> Update version numbers to 2.9.3</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/bc72c39774b0a0cb38ed03e5ee09fa78103ed749"><code>bc72c39</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58482">#58482</a> from tensorflow-jenkins/relnotes-2.9.3-25695</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/3506c90f5ac0f471a6b1d60d4055b14ca3da170b"><code>3506c90</code></a> Update RELEASE.md</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/8dcb48e384cd3914458f3c494f1da878ae8dc6d5"><code>8dcb48e</code></a> Update RELEASE.md</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/4f34ec84994e63cf47c1d13748a404edd3d5a0d3"><code>4f34ec8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58576">#58576</a> from pak-laura/c2.99f03a9d3bafe902c1e6beb105b2f2417...</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/6fc67e408f239384d26acabc34d287911af92dc8"><code>6fc67e4</code></a> Replace CHECK with returning an InternalError on failing to create python tuple</li> <li><a href="https://github.com/tensorflow/tensorflow/commit/5dbe90ad21068007cbc31a56e8ed514ec27e0b26"><code>5dbe90a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/tensorflow/tensorflow/issues/58570">#58570</a> from tensorflow/r2.9-7b174a0f2e4</li> <li>Additional commits viewable in <a href="https://github.com/tensorflow/tensorflow/compare/v2.8.1...v2.9.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tensorflow&package-manager=pip&previous-version=2.8.1&new-version=2.9.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/opencv/cvat/network/alerts). </details> Signed-off-by: Ndependabot[bot] <support@github.com> Co-authored-by: Ndependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
由 dependabot[bot] 提交于
Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.0.1 to 9.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>9.3.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html</a></p> <h2>Changes</h2> <ul> <li>Initialize libtiff buffer when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699">#6699</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Limit SAMPLESPERPIXEL to avoid runtime DOS <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700">#6700</a> [<a href="https://github.com/wiredfool"><code>@wiredfool</code></a>]</li> <li>Inline fname2char to fix memory leak <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329">#6329</a> [<a href="https://github.com/nulano"><code>@nulano</code></a>]</li> <li>Fix memory leaks related to text features <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330">#6330</a> [<a href="https://github.com/nulano"><code>@nulano</code></a>]</li> <li>Use double quotes for version check on old CPython on Windows <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695">#6695</a> [<a href="https://github.com/hugovk"><code>@hugovk</code></a>]</li> <li>GHA: replace deprecated set-output command with GITHUB_OUTPUT file <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6697">#6697</a> [<a href="https://github.com/nulano"><code>@nulano</code></a>]</li> <li>Remove backup implementation of Round for Windows platforms <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693">#6693</a> [<a href="https://github.com/cgohlke"><code>@cgohlke</code></a>]</li> <li>Upload fribidi.dll to GitHub Actions <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6532">#6532</a> [<a href="https://github.com/nulano"><code>@nulano</code></a>]</li> <li>Fixed set_variation_by_name offset <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445">#6445</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Windows build improvements <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6562">#6562</a> [<a href="https://github.com/nulano"><code>@nulano</code></a>]</li> <li>Fix malloc in _imagingft.c:font_setvaraxes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690">#6690</a> [<a href="https://github.com/cgohlke"><code>@cgohlke</code></a>]</li> <li>Only use ASCII characters in C source file <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6691">#6691</a> [<a href="https://github.com/cgohlke"><code>@cgohlke</code></a>]</li> <li>Release Python GIL when converting images using matrix operations <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418">#6418</a> [<a href="https://github.com/hmaarrfk"><code>@hmaarrfk</code></a>]</li> <li>Added ExifTags enums <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630">#6630</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Do not modify previous frame when calculating delta in PNG <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683">#6683</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Added support for reading BMP images with RLE4 compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674">#6674</a> [<a href="https://github.com/npjg"><code>@npjg</code></a>]</li> <li>Decode JPEG compressed BLP1 data in original mode <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678">#6678</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>pylint warnings <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6659">#6659</a> [<a href="https://github.com/marksmayo"><code>@marksmayo</code></a>]</li> <li>Added GPS TIFF tag info <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661">#6661</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Added conversion between RGB/RGBA/RGBX and LAB <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647">#6647</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Do not attempt normalization if mode is already normal <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644">#6644</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Fixed seeking to an L frame in a GIF <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6576">#6576</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Consider all frames when selecting mode for PNG save_all <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6610">#6610</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Don't reassign crc on ChunkStream close <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6627">#6627</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Raise a warning if NumPy failed to raise an error during conversion <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6594">#6594</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Only read a maximum of 100 bytes at a time in IMT header <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6623">#6623</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Show all frames in ImageShow <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6611">#6611</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Allow FLI palette chunk to not be first <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6626">#6626</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6592">#6592</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Round box position to integer when pasting embedded color <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6517">#6517</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Removed EXIF prefix when saving WebP <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6582">#6582</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Pad IM palette to 768 bytes when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6579">#6579</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Added DDS BC6H reading <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6449">#6449</a> [<a href="https://github.com/ShadelessFox"><code>@ShadelessFox</code></a>]</li> <li>Added support for opening WhiteIsZero 16-bit integer TIFF images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6642">#6642</a> [<a href="https://github.com/JayWiz"><code>@JayWiz</code></a>]</li> <li>Raise an error when allocating translucent color to RGB palette <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6654">#6654</a> [<a href="https://github.com/jsbueno"><code>@jsbueno</code></a>]</li> <li>Moved mode check outside of loops <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6650">#6650</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Added reading of TIFF child images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6569">#6569</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Improved ImageOps palette handling <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6596">#6596</a> [<a href="https://github.com/PososikTeam"><code>@PososikTeam</code></a>]</li> <li>Defer parsing of palette into colors <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6567">#6567</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Apply transparency to P images in ImageTk.PhotoImage <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6559">#6559</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Use rounding in ImageOps contain() and pad() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6522">#6522</a> [<a href="https://github.com/bibinhashley"><code>@bibinhashley</code></a>]</li> <li>Fixed GIF remapping to palette with duplicate entries <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6548">#6548</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Allow remap_palette() to return an image with less than 256 palette entries <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6543">#6543</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> <li>Corrected BMP and TGA palette size when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6500">#6500</a> [<a href="https://github.com/radarhere"><code>@radarhere</code></a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst">pillow's changelog</a>.</em></p> <blockquote> <h2>9.3.0 (2022-10-29)</h2> <ul> <li> <p>Limit SAMPLESPERPIXEL to avoid runtime DOS <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700">#6700</a> [wiredfool]</p> </li> <li> <p>Initialize libtiff buffer when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699">#6699</a> [radarhere]</p> </li> <li> <p>Inline fname2char to fix memory leak <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6329">#6329</a> [nulano]</p> </li> <li> <p>Fix memory leaks related to text features <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6330">#6330</a> [nulano]</p> </li> <li> <p>Use double quotes for version check on old CPython on Windows <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6695">#6695</a> [hugovk]</p> </li> <li> <p>Remove backup implementation of Round for Windows platforms <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6693">#6693</a> [cgohlke]</p> </li> <li> <p>Fixed set_variation_by_name offset <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6445">#6445</a> [radarhere]</p> </li> <li> <p>Fix malloc in _imagingft.c:font_setvaraxes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6690">#6690</a> [cgohlke]</p> </li> <li> <p>Release Python GIL when converting images using matrix operations <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6418">#6418</a> [hmaarrfk]</p> </li> <li> <p>Added ExifTags enums <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6630">#6630</a> [radarhere]</p> </li> <li> <p>Do not modify previous frame when calculating delta in PNG <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6683">#6683</a> [radarhere]</p> </li> <li> <p>Added support for reading BMP images with RLE4 compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6674">#6674</a> [npjg, radarhere]</p> </li> <li> <p>Decode JPEG compressed BLP1 data in original mode <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6678">#6678</a> [radarhere]</p> </li> <li> <p>Added GPS TIFF tag info <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6661">#6661</a> [radarhere]</p> </li> <li> <p>Added conversion between RGB/RGBA/RGBX and LAB <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6647">#6647</a> [radarhere]</p> </li> <li> <p>Do not attempt normalization if mode is already normal <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6644">#6644</a> [radarhere]</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-pillow/Pillow/commit/d594f4cb8dc47fb0c69ae58d9fff86faae4515bd"><code>d594f4c</code></a> Update CHANGES.rst [ci skip]</li> <li><a href="https://github.com/python-pillow/Pillow/commit/909dc64ed5f676169aa3d9b0c26f132a06321b83"><code>909dc64</code></a> 9.3.0 version bump</li> <li><a href="https://github.com/python-pillow/Pillow/commit/1a51ce7b955c65c8f2c6bc7772735b197b8a6aa3"><code>1a51ce7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6699">#6699</a> from hugovk/security-libtiff_buffer</li> <li><a href="https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3"><code>2444cdd</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/6700">#6700</a> from hugovk/security-samples_per_pixel-sec</li> <li><a href="https://github.com/python-pillow/Pillow/commit/744f455830871d61a8de0a5e629d4c2e33817cbb"><code>744f455</code></a> Added release notes</li> <li><a href="https://github.com/python-pillow/Pillow/commit/0846bfae48513f2f51ca8547ed3b8954fa501fda"><code>0846bfa</code></a> Add to release notes</li> <li><a href="https://github.com/python-pillow/Pillow/commit/799a6a01052cea3f417a571d7c64cd14acc18c64"><code>799a6a0</code></a> Fix linting</li> <li><a href="https://github.com/python-pillow/Pillow/commit/00b25fd3ac3648bc28eff5d4c4d816e605e3f05f"><code>00b25fd</code></a> Hide UserWarning in logs</li> <li><a href="https://github.com/python-pillow/Pillow/commit/05b175ef88c22f5c416bc9b8d5b897dea1abbf2c"><code>05b175e</code></a> Tighter test case</li> <li><a href="https://github.com/python-pillow/Pillow/commit/13f2c5ae14901c89c38f898496102afd9daeaf6d"><code>13f2c5a</code></a> Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD</li> <li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/9.0.1...9.3.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pillow&package-manager=pip&previous-version=9.0.1&new-version=9.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/opencv/cvat/network/alerts). </details> Signed-off-by: Ndependabot[bot] <support@github.com> Co-authored-by: Ndependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
- 22 11月, 2022 1 次提交
-
-
由 Roman Donchenko 提交于
The only change in production code is the one in `shortcuts-reducer.ts`. It makes no functional difference, however, because the shortcut in question is not handled by the regular shortcut mechanism; the control key is handled separately in `interactionHandler.ts`, while the string "ctrl" in `shortcuts-reducer.ts` is only used for display purposes. Fix ESLint errors in altered files, as well. <!-- Raised an issue to propose your change (https://github.com/cvat-ai/cvat/issues). It helps to avoid duplication of efforts from multiple independent contributors. Discuss your ideas with maintainers to be sure that changes will be approved and merged. Read the [CONTRIBUTION](https://github.com/cvat-ai/cvat/blob/develop/CONTRIBUTING.md) guide. --> <!-- Provide a general summary of your changes in the Title above --> ### Motivation and context <!-- Why is this change required? What problem does it solve? If it fixes an open issue, please link to the issue here. Describe your changes in detail, add screenshots. --> These Cyrillic Cs interfere with searching and can cause confusion. ### How has this been tested? <!-- Please describe in detail how you tested your changes. Include details of your testing environment, and the tests you ran to see how your change affects other areas of the code, etc. --> I'm relying on GitHub Actions. ### Checklist <!-- Go over all the following points, and put an `x` in all the boxes that apply. If an item isn't applicable by a reason then ~~explicitly strikethrough~~ the whole line. If you don't do that github will show an incorrect process for the pull request. If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] I submit my changes into the `develop` branch - ~~[ ] I have added a description of my changes into [CHANGELOG](https://github.com/cvat-ai/cvat/blob/develop/CHANGELOG.md) file~~ - ~~[ ] I have updated the [documentation]( https://github.com/cvat-ai/cvat/blob/develop/README.md#documentation) accordingly~~ - ~~[ ] I have added tests to cover my changes~~ - ~~[ ] I have linked related issues ([read github docs]( https://help.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword))~~ - ~~[ ] I have increased versions of npm packages if it is necessary ([cvat-canvas](https://github.com/cvat-ai/cvat/tree/develop/cvat-canvas#versioning), [cvat-core](https://github.com/cvat-ai/cvat/tree/develop/cvat-core#versioning), [cvat-data](https://github.com/cvat-ai/cvat/tree/develop/cvat-data#versioning) and [cvat-ui](https://github.com/cvat-ai/cvat/tree/develop/cvat-ui#versioning))~~ ### License - [x] I submit _my code changes_ under the same [MIT License]( https://github.com/cvat-ai/cvat/blob/develop/LICENSE) that covers the project. Feel free to contact the maintainers if that's a concern.
-
- 21 11月, 2022 1 次提交
-
-
由 Kirill Sizov 提交于
-
- 19 11月, 2022 8 次提交
-
-
由 Nikita Manovich 提交于
-
由 Nikita Manovich 提交于
<h3>Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.</h3> (#5321) - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - cvat/requirements/development.txt Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **441/1000** <br/> **Why?** Recently disclosed, Has a fix available, CVSS 3.1 | Regular Expression Denial of Service (ReDoS) <br/>[SNYK-PYTHON-SETUPTOOLS-3113904](https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904) | `setuptools:` <br> `39.0.1 -> 65.5.1` <br> | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised. Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI4ZGY3ZmVkNy02YjNjLTQyZTYtOWE0YS02MDYwY2E0NjM0ZmIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjhkZjdmZWQ3LTZiM2MtNDJlNi05YTRhLTYwNjBjYTQ2MzRmYiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr/settings)📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"8df7fed7-6b3c-42e6-9a4a-6060ca4634fb","prPublicId":"8df7fed7-6b3c-42e6-9a4a-6060ca4634fb","dependencies":[{"name":"setuptools","from":"39.0.1","to":"65.5.1"}],"packageManager":"pip","projectPublicId":"2b5f3b5d-0400-48e2-b4b8-776842affe28","projectUrl":"https://app.snyk.io/org/cvat/project/2b5f3b5d-0400-48e2-b4b8-776842affe28?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-PYTHON-SETUPTOOLS-3113904"],"upgrade":[],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[441]}) --- **Learn how to fix vulnerabilities with free interactive lessons:**🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) -
由 Mariia Acoca 提交于
-
由 dependabot[bot] 提交于
Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.2.0 to 9.3.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](https://github.com/python-pillow/Pillow/compare/9.2.0...9.3.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production ... Signed-off-by: Ndependabot[bot] <support@github.com> Signed-off-by: Ndependabot[bot] <support@github.com> Co-authored-by: Ndependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
由 Snyk bot 提交于
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113875 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-3113876
-
由 Artem 提交于
Co-authored-by: Nar.kravchuk <ar.kravchuk@2gis.ru> Co-authored-by: NNikita Manovich <nikita@cvat.ai>
-
由 dependabot[bot] 提交于
Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.4.0 to 1.4.2. - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.2) --- updated-dependencies: - dependency-name: loader-utils dependency-type: indirect ... Signed-off-by: Ndependabot[bot] <support@github.com> Signed-off-by: Ndependabot[bot] <support@github.com> Co-authored-by: Ndependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-