Bump cairosvg from 2.4.2 to 2.5.1
Created by: dependabot[bot]
Bumps cairosvg from 2.4.2 to 2.5.1.
Release notes
Sourced from cairosvg's releases.
2.5.1
WARNING: this is a security update.
When processing SVG files, CairoSVG was using two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS).
If an attacker provided a malicious SVG, it could make CairoSVG get stuck processing the file for a very long time.
Other bug fixes:
- Fix marker positions for unclosed paths
- Follow hint when only output_width or output_height is set
- Handle opacity on raster images
- Don’t crash when use tags reference unknown tags
- Take care of the next letter when A/a is replaced by l
- Fix misalignment in node.vertices
2.5.0
- Drop support of Python 3.5, add support of Python 3.9.
- Add EPS export
- Add background-color, negate-colors, and invert-images options
- Improve support for font weights
- Fix opacity of patterns and gradients
- Support auto-start-reverse value for orient
- Draw images contained in defs
- Add Exif transposition support
- Handle dominant-baseline
- Support transform-origin
Changelog
Sourced from cairosvg's changelog.
Version 2.5.1 released on 2021-01-06
WARNING: this is a security update.
When processing SVG files, CairoSVG was using two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS).
If an attacker provided a malicious SVG, it could make CairoSVG get stuck processing the file for a very long time.
Other bug fixes:
- Fix marker positions for unclosed paths
- Follow hint when only output_width or output_height is set
- Handle opacity on raster images
- Don’t crash when use tags reference unknown tags
- Take care of the next letter when A/a is replaced by l
- Fix misalignment in node.vertices
Version 2.5.0 released on 2020-10-29
- Drop support of Python 3.5, add support of Python 3.9.
- Add EPS export
- Add background-color, negate-colors, and invert-images options
- Improve support for font weights
- Fix opacity of patterns and gradients
- Support auto-start-reverse value for orient
- Draw images contained in defs
- Add Exif transposition support
- Handle dominant-baseline
- Support transform-origin
Commits
-
44c5d42
Version 2.5.1 -
cfc9175
Merge pull request from GHSA-hq37-853p-g5cf -
063185b
Don’t use overlapping groups for regular expressions -
9c4a982
Take care of the next letter when A/a is replaced by l -
f0edc6e
Don’t crash when use tags reference unknown tags -
73349a7
Handle opacity on raster images -
dcfbca4
Merge pull request #254 from yig/master -
1d61bfd
Merge branch 'master' into master -
83c0b83
Follow hint when only output_width or output_height is set -
6b4f2ba
Fix angle for absolute vertical lines - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.