6bc3a2d58a
build(deps): bump pillow from 10.2.0 to 10.3.0 ( #1677 )
...
Bumps [pillow](https://github.com/python-pillow/Pillow ) from 10.2.0 to
10.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/releases ">pillow's
releases</a>.</em></p>
<blockquote>
<h2>10.3.0</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html ">https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html </a></p>
<h2>Changes</h2>
<ul>
<li>CVE-2024-28219: Use strncpy to avoid buffer overflow <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7928 ">#7928</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>Use <code>functools.lru_cache</code> for <code>hopper()</code> <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7912 ">#7912</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>Raise ValueError if seeking to greater than offset-sized integer in
TIFF <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7883 ">#7883</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Improve speed of loading QOI images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7925 ">#7925</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added RGB to I;16N conversion <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7920 ">#7920</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Add --report argument to <strong>main</strong>.py to omit supported
formats <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7818 ">#7818</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Added RGB to I;16, I;16L and I;16B conversion <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7918 ">#7918</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Fix editable installation with custom build backend and
configuration options <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7658 ">#7658</a>
[<a href="https://github.com/nulano "><code>@nulano</code></a>]</li>
<li>Fix putdata() for I;16N on big-endian <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7209 ">#7209</a>
[<a href="https://github.com/Yay295 "><code>@Yay295</code></a>]</li>
<li>Determine MPO size from markers, not EXIF data <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7884 ">#7884</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Improved conversion from RGB to RGBa, LA and La <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7888 ">#7888</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Support FITS images with GZIP_1 compression <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7894 ">#7894</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Use I;16 mode for 9-bit JPEG 2000 images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7900 ">#7900</a>
[<a
href="https://github.com/scaramallion "><code>@scaramallion</code></a>]</li>
<li>Raise ValueError if kmeans is negative <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7891 ">#7891</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Remove TIFF tag OSUBFILETYPE when saving using libtiff <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7893 ">#7893</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Raise ValueError for negative values when loading P1-P3 PPM images
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/7882 ">#7882</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added reading of JPEG2000 palettes <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7870 ">#7870</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Added alpha_quality argument when saving WebP images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7872 ">#7872</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Fixed joined corners for ImageDraw rounded_rectangle() non-integer
dimensions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7881 ">#7881</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Removed Python and NumPy pinning on Cygwin <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7880 ">#7880</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Update UnidentifiedImageError and <strong>version</strong> imports
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/7644 ">#7644</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Stop reading EPS image at EOF marker <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7753 ">#7753</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>PSD layer co-ordinates may be negative <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7706 ">#7706</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/7791 ">#7791</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>When saving GIF frame that restores to background color, do not fill
identical pixels <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7788 ">#7788</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Fixed reading PNG iCCP compression method <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7823 ">#7823</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Allow writing IFDRational to UNDEFINED tag <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7840 ">#7840</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Fix logged tag name when loading Exif data <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7842 ">#7842</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Use maximum frame size in IHDR chunk when saving APNG images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7821 ">#7821</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Prevent opening P TGA images without a palette <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7797 ">#7797</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Use palette when loading ICO images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7798 ">#7798</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Use consistent arguments for load_read and load_seek <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7713 ">#7713</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Turn off nullability warnings for macOS SDK <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7827 ">#7827</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Fix shift-sign issue in Convert.c <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7838 ">#7838</a>
[<a href="https://github.com/r-barnes "><code>@r-barnes</code></a>]</li>
<li>winbuild: Refactor dependency versions into constants <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7843 ">#7843</a>
[<a href="https://github.com/hugovk "><code>@hugovk</code></a>]</li>
<li>Build macOS arm64 wheels natively <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7852 ">#7852</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Fixed typo <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7855 ">#7855</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Open 16-bit grayscale PNGs as I;16 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7849 ">#7849</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Handle truncated chunks at the end of PNG images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7709 ">#7709</a>
[<a href="https://github.com/lajiyuan "><code>@lajiyuan</code></a>]</li>
<li>Match mask size to pasted image size in GifImagePlugin <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7779 ">#7779</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Changed SupportsGetMesh protocol to be public <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7841 ">#7841</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Release GIL while calling <code>WebPAnimDecoderGetNext</code> <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7782 ">#7782</a>
[<a
href="https://github.com/evanmiller "><code>@evanmiller</code></a>]</li>
<li>Fixed reading FLI/FLC images with a prefix chunk <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7804 ">#7804</a>
[<a href="https://github.com/twolife "><code>@twolife</code></a>]</li>
<li>Updated package name for Tidelift <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7810 ">#7810</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
<li>Removed unused code <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7744 ">#7744</a>
[<a
href="https://github.com/radarhere "><code>@radarhere</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst ">pillow's
changelog</a>.</em></p>
<blockquote>
<h2>10.3.0 (2024-04-01)</h2>
<ul>
<li>
<p>CVE-2024-28219: Use <code>strncpy</code> to avoid buffer overflow <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7928 ">#7928</a>
[radarhere, hugovk]</p>
</li>
<li>
<p>Deprecate <code>eval()</code>, replacing it with
<code>lambda_eval()</code> and <code>unsafe_eval()</code> <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7927 ">#7927</a>
[radarhere, hugovk]</p>
</li>
<li>
<p>Raise <code>ValueError</code> if seeking to greater than offset-sized
integer in TIFF <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7883 ">#7883</a>
[radarhere]</p>
</li>
<li>
<p>Add <code>--report</code> argument to <code>__main__.py</code> to
omit supported formats <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7818 ">#7818</a>
[nulano, radarhere, hugovk]</p>
</li>
<li>
<p>Added RGB to I;16, I;16L, I;16B and I;16N conversion <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7918 ">#7918</a>,
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/7920 ">#7920</a>
[radarhere]</p>
</li>
<li>
<p>Fix editable installation with custom build backend and configuration
options <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7658 ">#7658</a>
[nulano, radarhere]</p>
</li>
<li>
<p>Fix putdata() for I;16N on big-endian <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7209 ">#7209</a>
[Yay295, hugovk, radarhere]</p>
</li>
<li>
<p>Determine MPO size from markers, not EXIF data <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7884 ">#7884</a>
[radarhere]</p>
</li>
<li>
<p>Improved conversion from RGB to RGBa, LA and La <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7888 ">#7888</a>
[radarhere]</p>
</li>
<li>
<p>Support FITS images with GZIP_1 compression <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7894 ">#7894</a>
[radarhere]</p>
</li>
<li>
<p>Use I;16 mode for 9-bit JPEG 2000 images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7900 ">#7900</a>
[scaramallion, radarhere]</p>
</li>
<li>
<p>Raise ValueError if kmeans is negative <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7891 ">#7891</a>
[radarhere]</p>
</li>
<li>
<p>Remove TIFF tag OSUBFILETYPE when saving using libtiff <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7893 ">#7893</a>
[radarhere]</p>
</li>
<li>
<p>Raise ValueError for negative values when loading P1-P3 PPM images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7882 ">#7882</a>
[radarhere]</p>
</li>
<li>
<p>Added reading of JPEG2000 palettes <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7870 ">#7870</a>
[radarhere]</p>
</li>
<li>
<p>Added alpha_quality argument when saving WebP images <a
href="https://redirect.github.com/python-pillow/Pillow/issues/7872 ">#7872</a>
[radarhere]</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5c89d88eee63cbfcfdea2776126aa9https://redirect.github.com/python-pillow/Pillow/issues/7928 ">#7928</a>
from python-pillow/lcms</li>
<li><a
href="aeb51cbb165beb0b6664cac6ffa7b3https://redirect.github.com/python-pillow/Pillow/issues/7927 ">#7927</a>
from python-pillow/imagemath</li>
<li><a
href="f5eeeacf75facf3af93d2a93aba5cfa670597bc3https://github.com/python-pillow/Pillow/compare/10.2.0...10.3.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/infiniflow/ragflow/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-24 11:07:28 +08:00
d69f4ec829
build(deps): bump certifi from 2024.2.2 to 2024.7.4 ( #1680 )
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2024.2.2
to 2024.7.4.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bd8153872ehttps://redirect.github.com/certifi/python-certifi/issues/295 ">#295</a>)</li>
<li><a
href="06a2cbf21fhttps://redirect.github.com/certifi/python-certifi/issues/294 ">#294</a>)</li>
<li><a
href="13bba02b72https://redirect.github.com/certifi/python-certifi/issues/293 ">#293</a>)</li>
<li><a
href="e8abcd0e62https://redirect.github.com/certifi/python-certifi/issues/292 ">#292</a>)</li>
<li><a
href="124f4adf17https://redirect.github.com/certifi/python-certifi/issues/291 ">#291</a>)</li>
<li><a
href="c2196ce5d6https://redirect.github.com/certifi/python-certifi/issues/290 ">#290</a>)</li>
<li><a
href="fefdeec758https://redirect.github.com/certifi/python-certifi/issues/289 ">#289</a>)</li>
<li><a
href="3c5fb1560bhttps://redirect.github.com/certifi/python-certifi/issues/286 ">#286</a>)</li>
<li><a
href="4a9569a3ebhttps://redirect.github.com/certifi/python-certifi/issues/287 ">#287</a>)</li>
<li><a
href="1fc808626ahttps://redirect.github.com/certifi/python-certifi/issues/288 ">#288</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/certifi/python-certifi/compare/2024.02.02...2024.07.04 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/infiniflow/ragflow/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-24 11:06:03 +08:00
ef45526700
build(deps): bump tqdm from 4.66.2 to 4.66.3 ( #1681 )
...
Bumps [tqdm](https://github.com/tqdm/tqdm ) from 4.66.2 to 4.66.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tqdm/tqdm/releases ">tqdm's
releases</a>.</em></p>
<blockquote>
<h2>tqdm v4.66.3 stable</h2>
<ul>
<li><code>cli</code>: <code>eval</code> safety (fixes CVE-2024-34062,
GHSA-g7vv-2v7x-gj9p)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4e613f84edb53348c730https://github.com/tqdm/tqdm/compare/v4.66.2...v4.66.3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/infiniflow/ragflow/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-24 11:05:38 +08:00
79034bd194
build(deps): bump pymysql from 1.1.0 to 1.1.1 ( #1664 )
...
Bumps [pymysql](https://github.com/PyMySQL/PyMySQL ) from 1.1.0 to 1.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/PyMySQL/PyMySQL/releases ">pymysql's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.1</h2>
<blockquote>
<p>[!WARNING]
This release fixes a vulnerability (CVE-2024-36039).
All users are recommended to update to this version.</p>
<p>If you can not update soon, check the input value from untrusted
source has an expected type.
Only dict input from untrusted source can be an attack vector.</p>
</blockquote>
<h2>What's Changed</h2>
<ul>
<li>Prohibit dict parameter for <code>Cursor.execute()</code>. It didn't
produce valid SQL
and might cause SQL injection. (CVE-2024-36039)</li>
<li>Added ssl_key_password param by <a
href="https://github.com/svaskov "><code>@svaskov</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1145 ">PyMySQL/PyMySQL#1145</a></li>
</ul>
<h2>Merged PRs</h2>
<ul>
<li>Add support for Python 3.12 by <a
href="https://github.com/hugovk "><code>@hugovk</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1134 ">PyMySQL/PyMySQL#1134</a></li>
<li>chore(deps): update actions/checkout action to v4 by <a
href="https://github.com/renovate "><code>@renovate</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1136 ">PyMySQL/PyMySQL#1136</a></li>
<li>Update codecov/codecov-action action to v4 by <a
href="https://github.com/renovate "><code>@renovate</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1137 ">PyMySQL/PyMySQL#1137</a></li>
<li>ci: use codecov@v3 by <a
href="https://github.com/methane "><code>@methane</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1142 ">PyMySQL/PyMySQL#1142</a></li>
<li>chore(deps): update dessant/lock-threads action to v5 by <a
href="https://github.com/renovate "><code>@renovate</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1141 ">PyMySQL/PyMySQL#1141</a></li>
<li>doc: use rtd theme by <a
href="https://github.com/methane "><code>@methane</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1143 ">PyMySQL/PyMySQL#1143</a></li>
<li>use Ruff as formatter by <a
href="https://github.com/methane "><code>@methane</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1144 ">PyMySQL/PyMySQL#1144</a></li>
<li>chore(deps): update dependency sphinx-rtd-theme to v2 by <a
href="https://github.com/renovate "><code>@renovate</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1147 ">PyMySQL/PyMySQL#1147</a></li>
<li>chore(deps): update actions/setup-python action to v5 by <a
href="https://github.com/renovate "><code>@renovate</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1152 ">PyMySQL/PyMySQL#1152</a></li>
<li>chore(deps): update github/codeql-action action to v3 by <a
href="https://github.com/renovate "><code>@renovate</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1154 ">PyMySQL/PyMySQL#1154</a></li>
<li>chore(deps): update codecov/codecov-action action to v4 by <a
href="https://github.com/renovate "><code>@renovate</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1158 ">PyMySQL/PyMySQL#1158</a></li>
<li>Support error packet without sqlstate by <a
href="https://github.com/methane "><code>@methane</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1160 ">PyMySQL/PyMySQL#1160</a></li>
<li>test json - mariadb without JSON type by <a
href="https://github.com/grooverdan "><code>@grooverdan</code></a> in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1165 ">PyMySQL/PyMySQL#1165</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/hugovk "><code>@hugovk</code></a> made
their first contribution in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1134 ">PyMySQL/PyMySQL#1134</a></li>
<li><a href="https://github.com/svaskov "><code>@svaskov</code></a> made
their first contribution in <a
href="https://redirect.github.com/PyMySQL/PyMySQL/pull/1145 ">PyMySQL/PyMySQL#1145</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1 ">https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PyMySQL/PyMySQL/blob/main/CHANGELOG.md ">pymysql's
changelog</a>.</em></p>
<blockquote>
<h2>v1.1.1</h2>
<p>Release date: 2024-05-21</p>
<blockquote>
<p>[!WARNING]
This release fixes a vulnerability (CVE-2024-36039).
All users are recommended to update to this version.</p>
<p>If you can not update soon, check the input value from
untrusted source has an expected type. Only dict input
from untrusted source can be an attack vector.</p>
</blockquote>
<ul>
<li>Prohibit dict parameter for <code>Cursor.execute()</code>. It didn't
produce valid SQL
and might cause SQL injection. (CVE-2024-36039)</li>
<li>Added ssl_key_password param. <a
href="https://redirect.github.com/PyMySQL/PyMySQL/issues/1145 ">#1145</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2cab9ecc64521e40050c7f032a699d69f6c7439bb4ed6884a1https://redirect.github.com/PyMySQL/PyMySQL/issues/1165 ">#1165</a>)</li>
<li><a
href="bbd049f40dhttps://redirect.github.com/PyMySQL/PyMySQL/issues/1160 ">#1160</a>)</li>
<li><a
href="9694747ae61f0b7856dehttps://redirect.github.com/PyMySQL/PyMySQL/issues/1158 ">#1158</a>)</li>
<li><a
href="1e28be81c2https://redirect.github.com/PyMySQL/PyMySQL/issues/1154 ">#1154</a>)</li>
<li><a
href="f13f054abchttps://redirect.github.com/PyMySQL/PyMySQL/issues/1152 ">#1152</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/infiniflow/ragflow/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-24 11:05:14 +08:00
4da3ee400b
Add component arxiv ( #1587 )
...
### What problem does this PR solve?
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
2024-07-18 14:08:20 +08:00
f8602b5286
Add component pubmed ( #1586 )
...
### What problem does this PR solve?
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
2024-07-18 13:42:19 +08:00
258a10fb74
Add component Wikipedia ( #1513 )
...
### What problem does this PR solve?
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
2024-07-15 16:41:20 +08:00
ddeac9ab3d
added SVG for Groq model model providers ( #1470 )
...
#1432 #1447
This PR adds support for the GROQ LLM (Large Language Model).
Groq is an AI solutions company delivering ultra-low latency inference
with the first-ever LPU™ Inference Engine. The Groq API enables
developers to integrate state-of-the-art LLMs, such as Llama-2 and
llama3-70b-8192, into low latency applications with the request limits
specified below. Learn more at [groq.com](https://groq.com/ ).
Supported Models
| ID | Requests per Minute | Requests per Day | Tokens per Minute |
|----------------------|---------------------|------------------|-------------------|
| gemma-7b-it | 30 | 14,400 | 15,000 |
| gemma2-9b-it | 30 | 14,400 | 15,000 |
| llama3-70b-8192 | 30 | 14,400 | 6,000 |
| llama3-8b-8192 | 30 | 14,400 | 30,000 |
| mixtral-8x7b-32768 | 30 | 14,400 | 5,000 |
---------
Co-authored-by: paresh0628 <paresh.tuvoc@gmail.com >
Co-authored-by: Kevin Hu <kevinhu.sh@gmail.com >
2024-07-12 09:25:44 +08:00
3e9f444e6b
add support for Gemini ( #1465 )
...
### What problem does this PR solve?
#1036
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
Co-authored-by: Zhedong Cen <cenzhedong2@126.com >
2024-07-11 15:41:00 +08:00
6144a109ab
Add Support for AWS Bedrock ( #1408 )
...
### What problem does this PR solve?
#308
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
---------
Co-authored-by: KevinHuSh <kevinhu.sh@gmail.com >
2024-07-08 09:37:34 +08:00
f4674ae9d0
add Duckduckgo pkg ( #1392 )
...
### What problem does this PR solve?
#918
### Type of change
- [x] Documentation Update
2024-07-08 09:22:50 +08:00
b75bb1d8d3
Support displaying tables in the chunks of pdf file when using QA parser ( #1263 )
...
### What problem does this PR solve?
Support displaying tables in the chunks of pdf file when using QA parser
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
2024-06-24 19:02:18 +08:00
f73f7b969c
Update requirements_dev.txt
2024-06-19 08:50:32 +08:00
90975460af
Add pdf support for QA parser ( #1155 )
...
### What problem does this PR solve?
Support extracting questions and answers from PDF files
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
2024-06-14 15:12:39 +08:00
b6980d8a16
add version to package volcengine ( #1062 )
...
### What problem does this PR solve?
#992
### Type of change
- [x] Bug Fix (non-breaking change which fixes an issue)
2024-06-05 12:18:36 +08:00
8dd45459be
Add support for HTML file ( #973 )
...
### What problem does this PR solve?
Add support for HTML file
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
2024-05-30 09:12:55 +08:00
7eee193956
fix #917 #915 ( #946 )
...
### What problem does this PR solve?
#917
#915
### Type of change
- [x] Bug Fix (non-breaking change which fixes an issue)
2024-05-28 11:13:02 +08:00
46454362d7
fix raptor bugs ( #928 )
...
### What problem does this PR solve?
#922
### Type of change
- [x] Bug Fix (non-breaking change which fixes an issue)
2024-05-27 11:01:20 +08:00
9e3a0e4d03
The fasttext library is missing, and it is used in the operators.py file. ( #925 )
...
### What problem does this PR solve?
_Briefly describe what this PR aims to solve. Include background context
that will help reviewers understand the purpose of the PR._
### Type of change
- [x] Bug Fix (non-breaking change which fixes an issue)
2024-05-27 08:18:47 +08:00
04a9e95161
let file in knowledgebases visible in file manager ( #714 )
...
### What problem does this PR solve?
Let file in knowledgebases visible in file manager.
#162
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
2024-05-11 16:04:28 +08:00
de839fc3f0
optimize srv broker and executor logic ( #630 )
...
### What problem does this PR solve?
Optimize task broker and executor for reduce memory usage and deployment
complexity.
### Type of change
- [x] Performance Improvement
- [x] Refactoring
### Change Log
- Enhance redis utils for message queue(use stream)
- Modify task broker logic via message queue (1.get parse event from
message queue 2.use ThreadPoolExecutor async executor )
- Modify the table column name of document and task (process_duation ->
process_duration maybe just a spelling mistake)
- Reformat some code style(just what i see)
- Add requirement_dev.txt for developer
- Add redis container on docker compose
---------
Co-authored-by: Kevin Hu <kevinhu.sh@gmail.com >
2024-05-07 11:43:33 +08:00
