This is an automated email from the ASF dual-hosted git repository.
aglinxinyuan pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/texera.git
The following commit(s) were added to refs/heads/main by this push:
new 3c21b7231d chore(deps): bump pillow from 12.1.1 to 12.2.0 in /amber
(#4959)
3c21b7231d is described below
commit 3c21b7231dfdace3431cad6510a320f18406e32b
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue May 5 18:29:46 2026 -0700
chore(deps): bump pillow from 12.1.1 to 12.2.0 in /amber (#4959)
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.1.1 to
12.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/python-pillow/Pillow/releases";>pillow's
releases</a>.</em></p>
<blockquote>
<h2>12.2.0</h2>
<p><a
href="https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html";>https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html</a></p>
<h2>Documentation</h2>
<ul>
<li>Update 12.2.0 release notes <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9522";>#9522</a>
[<a href="https://github.com/hugovk";><code>@hugovk</code></a>]</li>
<li>Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats
via Netpbm <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9482";>#9482</a>
[<a href="https://github.com/bitplane";><code>@bitplane</code></a>]</li>
<li>Update Python versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9515";>#9515</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Jeffrey A. Clark -> Jeffrey 'Alex' Clark <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9513";>#9513</a>
[<a
href="https://github.com/aclark4life";><code>@aclark4life</code></a>]</li>
<li>Add release notes for <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9394";>#9394</a>,
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9419";>#9419</a>
and <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9456";>#9456</a>
<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9467";>#9467</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Add Amiga Workbench .info loader to 3rd party plugins list <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9459";>#9459</a>
[<a href="https://github.com/bitplane";><code>@bitplane</code></a>]</li>
<li>Merge PFM documentation into PPM <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9434";>#9434</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Update macOS tested Pillow versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9431";>#9431</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Fix CVE number <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9430";>#9430</a>
[<a href="https://github.com/hugovk";><code>@hugovk</code></a>]</li>
</ul>
<h2>Dependencies</h2>
<ul>
<li>Update xz to 5.8.3 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9523";>#9523</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Update libjpeg-turbo to 3.1.4.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9507";>#9507</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Update libpng to 1.6.56 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9499";>#9499</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Update freetype to 2.14.3 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9485";>#9485</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Updated libavif to 1.4.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9479";>#9479</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Updated harfbuzz to 13.2.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9461";>#9461</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Update Ghostscript to 10.7.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9469";>#9469</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Update harfbuzz to 13.0.1 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9453";>#9453</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Update libavif to 1.4.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9460";>#9460</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Update freetype to 2.14.2 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9449";>#9449</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Update actions/download-artifact action to v8 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9451";>#9451</a>
[@<a href="https://github.com/apps/renovate";>renovate[bot]</a>]</li>
<li>Updated libpng to 1.6.55 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9425";>#9425</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
</ul>
<h2>Testing</h2>
<ul>
<li>Cleanup .spider extension in the same test where it is added <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9517";>#9517</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Run tests in parallel via tox for 3.5x speedup <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9516";>#9516</a>
[<a href="https://github.com/hugovk";><code>@hugovk</code></a>]</li>
<li>Enable colour in CI logs <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9486";>#9486</a>
[<a href="https://github.com/hugovk";><code>@hugovk</code></a>]</li>
<li>Update Ghostscript to 10.7.0 <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9469";>#9469</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Simplify TGA test code <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9477";>#9477</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Update tests to check for ValueError when encoding an empty image <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9464";>#9464</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Upgrade CI from <code>macos-15-intel</code> to
<code>macos-26-intel</code> <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9454";>#9454</a>
[<a href="https://github.com/hugovk";><code>@hugovk</code></a>]</li>
<li>Add check-case-conflict hook <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9446";>#9446</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Specify platform when pulling docker image <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9440";>#9440</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>GHA: Cache libavif and webp builds for Ubuntu <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9437";>#9437</a>
[<a href="https://github.com/hugovk";><code>@hugovk</code></a>]</li>
<li>Update macOS tested Pillow versions <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9431";>#9431</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
</ul>
<h2>Other changes</h2>
<ul>
<li>Check calloc return value <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9527";>#9527</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
<li>Check all allocs in the Arrow tree <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9488";>#9488</a>
[<a
href="https://github.com/wiredfool";><code>@wiredfool</code></a>]</li>
<li>Reject non-numeric elements inside list coords <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9526";>#9526</a>
[<a href="https://github.com/hugovk";><code>@hugovk</code></a>]</li>
<li>Move variable declaration inside define <a
href="https://redirect.github.com/python-pillow/Pillow/issues/9525";>#9525</a>
[<a
href="https://github.com/radarhere";><code>@radarhere</code></a>]</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/python-pillow/Pillow/commit/3c41c095064200a02672d89cc5ff629eaf4b0d4f";><code>3c41c09</code></a>
12.2.0 version bump</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/cdaa29eb520291c4f1fb50fb71ae46502d41e460";><code>cdaa29e</code></a>
Check calloc return value (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9527";>#9527</a>)</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/585b2f5a780722c8a5bfffb3a40f7f42e8a205be";><code>585b2f5</code></a>
Check calloc return value</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/ecf011ea15991d4cebacd946e58270cc30b0f2c1";><code>ecf011e</code></a>
Check all allocs in the Arrow tree (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9488";>#9488</a>)</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/cf6de8ca9b23e714aa5310e1c791eda66fc0b670";><code>cf6de8c</code></a>
Reject non-numeric elements inside list coords (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9526";>#9526</a>)</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/ffdcede6516b28d9667c92929854023d17048b64";><code>ffdcede</code></a>
Update 12.2.0 release notes (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9522";>#9522</a>)</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/7929d7760fe5a307ba5ae6eabdf70ae4486b147c";><code>7929d77</code></a>
Added security release notes (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/149";>#149</a>)</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/c4f7aa5dfb4dbd1242978ac235e01b9934ec6d3c";><code>c4f7aa5</code></a>
Added security release notes</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/22cdb5f2e4b15250c06563b1124ac1667342712f";><code>22cdb5f</code></a>
Move variable declaration inside define (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9525";>#9525</a>)</li>
<li><a
href="https://github.com/python-pillow/Pillow/commit/fc15b3b01899408ec989d7804c5283e13802d057";><code>fc15b3b</code></a>
Resize tall images vertically first (<a
href="https://redirect.github.com/python-pillow/Pillow/issues/9524";>#9524</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/apache/texera/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xinyuan Lin <[email protected]>
---
.github/workflows/build.yml | 14 +++++++++++---
amber/LICENSE-binary-python | 2 +-
amber/operator-requirements.txt | 2 +-
3 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index eede7eba6a..988c383139 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -304,10 +304,17 @@ jobs:
# The integration tests spawn Python UDF workers; install
# everything they need on the host. uv for speed; no licensing
# concerns because no dist is built here.
+ # --index-strategy unsafe-best-match makes uv consider every
+ # version on every index (pip's default) rather than stopping at
+ # the first index that lists a package. operator-requirements.txt
+ # adds the pytorch CPU index as an --extra-index-url, which
+ # mirrors a subset of common deps (e.g. pillow); without this
+ # flag a dependabot bump to a version not yet mirrored there
+ # fails to resolve even though PyPI has it.
run: |
python -m pip install uv
- if [ -f amber/requirements.txt ]; then uv pip install --system -r
amber/requirements.txt; fi
- if [ -f amber/operator-requirements.txt ]; then uv pip install
--system -r amber/operator-requirements.txt; fi
+ if [ -f amber/requirements.txt ]; then uv pip install --system
--index-strategy unsafe-best-match -r amber/requirements.txt; fi
+ if [ -f amber/operator-requirements.txt ]; then uv pip install
--system --index-strategy unsafe-best-match -r amber/operator-requirements.txt;
fi
- name: Create Databases
run: |
psql -h localhost -U postgres -f sql/texera_ddl.sql
@@ -489,7 +496,8 @@ jobs:
install="pip install"
else
python -m pip install uv
- install="uv pip install --system"
+ # See amber-integration job for why --index-strategy is set.
+ install="uv pip install --system --index-strategy
unsafe-best-match"
fi
if [ -f amber/requirements.txt ]; then $install -r
amber/requirements.txt; fi
if [ -f amber/operator-requirements.txt ]; then $install -r
amber/operator-requirements.txt; fi
diff --git a/amber/LICENSE-binary-python b/amber/LICENSE-binary-python
index c797740cb9..5dfd64b6be 100644
--- a/amber/LICENSE-binary-python
+++ b/amber/LICENSE-binary-python
@@ -359,7 +359,7 @@ Dependencies under the MIT-CMU License
--------------------------------------------------------------------------------
Python packages:
- - pillow==12.1.1
+ - pillow==12.2.0
Individual jars may contain their own META-INF/LICENSE and META-INF/NOTICE
files that apply to their specific contents; those files continue to govern
diff --git a/amber/operator-requirements.txt b/amber/operator-requirements.txt
index ebb8d8f17a..7220c674f4 100644
--- a/amber/operator-requirements.txt
+++ b/amber/operator-requirements.txt
@@ -18,7 +18,7 @@
wordcloud==1.9.3
plotly==5.24.1
praw==7.6.1
-pillow==12.1.1
+pillow==12.2.0
pybase64==1.3.2
# Pin torch to the CPU wheel on Linux x86_64 to avoid the NVIDIA CUDA deps.
