Bump the pip group across 1 directory with 4 updates

[dependabot]

Updates the requirements on gevent, django, pillow and django-cms to permit the latest version.
Updates gevent from 1.0 to 23.9.0

Release notes

Sourced from gevent's releases.

1.2.2

No release notes provided.

1.1.2

• Python 2: sendall on a non-blocking socket could spuriously fail with a timeout.
• If sys.stderr has been monkey-patched (not recommended), exceptions that the hub reports aren't lost and can still be caught. Reported in :issue:825 by Jelle Smet.
• :class:selectors.SelectSelector is properly monkey-patched regardless of the order of imports. Reported in :issue:835 by Przemysław Węgrzyn.
• Python 2: reload(site) no longer fails with a TypeError if gevent has been imported. Reported in :issue:805 by Jake Hilton.

1.1.1 (Apr 4, 2016)

• Nested callbacks that set and clear an Event no longer cause wait to return prematurely. Reported in :issue:771 by Sergey Vasilyev.
• Fix build on Solaris 10. Reported in :issue:777 by wiggin15.
• The ref parameter to :func:gevent.os.fork_and_watch was being ignored.
• Python 3: :class:gevent.queue.Channel is now correctly iterable, instead of raising a :exc:TypeError.
• Python 3: Add support for :meth:socket.socket.sendmsg, :meth:socket.socket.recvmsg and :meth:socket.socket.recvmsg_into on platforms where they are defined. Initial :pr:773 by Jakub Klama.

1.1.0

• Python 3: A monkey-patched :class:threading.RLock now properly blocks (or deadlocks) in acquire if the default value for timeout of -1 is used (which differs from gevent's default of None). The acquire method also raises the same :exc:ValueError exceptions that the standard library does for invalid parameters. Reported in #750 by Joy Zheng.
• Fix a race condition in :class:~gevent.event.Event that made it return False when the event was set and cleared by the same greenlet before allowing a switch to already waiting greenlets. (Found by the 3.4 and 3.5 standard library test suites; the same as Python bug 13502_. Note that the Python 2 standard library still has this race condition.)
• :class:~gevent.event.Event and :class:~.AsyncResult now wake waiting greenlets in the same (unspecified) order. Previously, AsyncResult tended to use a FIFO order, but this was never guaranteed. Both classes also use less per-instance memory.
• Using a :class:~logging.Logger as a :mod:pywsgi error or request log stream no longer produces extra newlines. Reported in #756 by ael-code.
• Windows: Installing from an sdist (.tar.gz) on PyPI no longer requires having Cython installed first. (Note that the binary installation

... (truncated)

Changelog

Sourced from gevent's changelog.

=================

Commits

• 693181e Preparing release 23.9.0
• 6fc7898 Set the cython version; go back to default wheel tags.
• 666e374 Had the constraint wrong.
• 74ef876 Tweaking the build, and it seems like the greenlet stack issue should be fixed.
• b652e2a Error handling adjustments from running under a debug build.
• 70e7318 Tweaking tests and comments; temporary workarounds for 3.12 to enable builds.
• 495e37a Workaround the 3.12 traceback issue again.
• 2f53c85 gevent.pywsgi: Much improved handling of chunk trailers.
• bb06d2d Test builds with greenlet assertions enabled.
• 6b22af0 pyproject.toml: Bump to latest cython.
• Additional commits viewable in compare view

Updates django to 5.0.4

Commits

• 476d7c5 [5.0.x] Bumped version for 5.0.4 release.
• e4a0644 [5.0.x] Added release date for 5.0.4.
• fead2dd [5.0.x] Fixed #35336 -- Addressed crash when adding a GeneratedField with % l...
• 14ab15d [5.0.x] Fixed #35344, Refs #34838 -- Corrected output_field of resolved colum...
• 7b144e7 [5.0.x] Restored django.db.models.F import in final code snippet added at the...
• 3264e88 [5.0.x] Fixed typo in docs/topics/signals.txt.
• 345e3cf [5.0.x] Fixed #35329 -- Fixed migrations crash when adding partial unique con...
• 71368b6 [5.0.x] Added RowNumber() link in Rank() docs.
• 8fd953f [5.0.x] Fixed #35273 -- Fixed rendering AdminFileWidget's attributes.
• 710ca57 [5.0.x] Fixed #25595 -- Doc'd that URLValidator rejects file:// URIs without ...
• Additional commits viewable in compare view

Updates pillow from 2.1.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package name for Tidelift #7810 [@​radarhere]
• Removed unused code #7744 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

• Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

• Determine MPO size from markers, not EXIF data #7884 [radarhere]

• Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

• Support FITS images with GZIP_1 compression #7894 [radarhere]

• Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

• Raise ValueError if kmeans is negative #7891 [radarhere]

• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

• Added reading of JPEG2000 palettes #7870 [radarhere]

• Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

• 5c89d88 10.3.0 version bump
• 63cbfcf Update CHANGES.rst [ci skip]
• 2776126 Merge pull request #7928 from python-pillow/lcms
• aeb51cb Merge branch 'main' into lcms
• 5beb0b6 Update CHANGES.rst [ci skip]
• cac6ffa Merge pull request #7927 from python-pillow/imagemath
• f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
• facf3af Added release notes
• 2a93aba Use strncpy to avoid buffer overflow
• a670597 Update CHANGES.rst [ci skip]
• Additional commits viewable in compare view

Updates django-cms from 2.3.6 to 3.0.14

Changelog

Sourced from django-cms's changelog.

3.0.14 (2015-06-27)

• Fixed an issue where privileged users could be tricked into performing actions without their knowledge via a CSRF vulnerability
• Fixed an issue related to "Empty all" Placeholder feature
• Fix issue with causes menu classes to be duplicated in advanced settings
• Fix issue with breadcrumbs not showing
• Fix issues with show_menu templatetags
• Fix plugin sorting in py3
• Fix search results number and items alignment in page changelist
• Fix X-Frame-Options on top-level pages
• Preserve information regarding the current view when applying the CMS decorator
• Fix render_model template tag doesn't show correct change list
• Fix language fallback for nested plugins
• Fix order of which application urls are injected into urlpatterns
• Fix delete non existing page language
• Fix Scanning for placeholders fails on include tags with a variable as an argument
• Minor documentation fixes
• Pin South version to 1.0.2
• Pin Html5lib version to 0.999 until a current bug is fixed
• Fix language chooser template

3.0.13 (2015-04-15)

• Numerous documentation including installation and tutorial updates
• Numerous improvements to translations
• Improves reliability of apphooks
• Improves reliabiliy of Advanced Settings on page when using apphooks
• Allow page deletion after template removal
• Improves upstream caching accuracy
• Improves CMSAttachMenu registration
• Improves handling of mistyped URLs
• Improves redirection as a result of changes to page slugs, etc.
• Improves performance of "watched models"
• Improves frontend performance relating to resizing the sideframe
• Corrects an issue where items might not be visible in structure mode menus
• Limits version of django-mptt used in CMS for 3.0.x
• Prevent accidental upgrades to Django 1.8, which is not yet supported

3.0.12 (2015-03-06)

• Fixed a typo in JavaScript which prevents page tree from working

3.0.11 (2015-03-05)

... (truncated)

Commits

• d197f6c Bump version
• 9055628 Update authors file
• ca13841 Update translations
• 02cb86b Update changelogs
• ee8c8f0 Merge pull request #4187 from yakky/changelog_3014
• f77cbc6 Merge pull request #4218 from divio/issues/merge_csrf_fix
• a6e9157 Merge branch 'require_post' of https://github.com/yakky/django-cms into issue...
• d1f7a7b Merge pull request #4217 from yakky/feature/fix_language_chooser
• 88ede37 Update changelog
• a6662dd Update language chooser default template
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #7.