Bump the pip group across 1 directory with 2 updates

[dependabot]

Bumps the pip group with 2 updates in the /tools directory: pillow and mysql-connector-python.

Updates pillow from 10.3.0 to 12.1.1

Release notes

Sourced from pillow's releases.

12.1.1

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Dependencies

• Patch libavif for svt-av1 4.0 compatibility #9413 [@​hugovk]

Other changes

• Fix OOB Write with invalid tile extents #9427 [@​radarhere]

12.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html

Deprecations

• Deprecate getdata(), in favour of new get_flattened_data() #9292 [@​radarhere]

Documentation

• Specify APNG duration type when opening #9368 [@​radarhere]
• Added release notes for #9350 #9366 [@​radarhere]
• Update ImageMorph documentation #9349 [@​radarhere]
• Docs: update major bump cadence #9334 [@​hugovk]
• Add release notes for #9070 #9320 [@​radarhere]
• Updated Ubuntu version #9306 [@​radarhere]
• Update macOS tested Pillow versions #9265 [@​radarhere]

Dependencies

• Update harfbuzz to 12.3.0 #9355 [@​radarhere]
• Update xz to 5.8.2 #9343 [@​radarhere]
• Updated libjpeg-turbo to 3.1.3 #9333 [@​radarhere]
• Updated zlib-ng to 2.3.2 #9324 [@​radarhere]
• Updated libpng to 1.6.53 #9325 [@​radarhere]
• Update actions/checkout action to v6 #9323 [@renovate[bot]]
• Update dependency mypy to v1.19.0 #9322 [@renovate[bot]]
• Updated libpng to 1.6.51 #9305 [@​radarhere]
• Updated brotli to 1.2.0 #9284 [@​radarhere]
• Update libimagequant to 4.4.1 #9301 [@​radarhere]
• Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 #9312 [@​radarhere]
• Updated harfbuzz to 12.2.0 #9289 [@​radarhere]
• Update github-actions #9277 [@renovate[bot]]

Testing

• Replace pre-commit with prek #9360 [@​hugovk]
• Test PyQt6 on Python 3.14 on Windows #9353 [@​radarhere]
• Test 32-bit Windows on Windows Server 2022 #9345 [@​radarhere]
• Correct variable type #9335 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

Changelog (Pillow)

11.1.0 and newer

See GitHub Releases:

• https://github.com/python-pillow/Pillow/releases

11.0.0 (2024-10-15)

• Update licence to MIT-CMU #8460 [hugovk]

• Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

• Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

• Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

• Do not close provided file handles with libtiff when saving #8458 [radarhere]

• Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

• Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

• Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

• Use transparency when combining P frames from APNGs #8443 [radarhere]

• Support all resampling filters when resizing I;16* images #8422 [radarhere]

• Free memory on early return #8413 [radarhere]

• Cast int before potentially exceeding INT_MAX #8402 [radarhere]

... (truncated)

Commits

• 5158d98 12.1.1 version bump
• 9000313 Fix OOB Write with invalid tile extents (#9427)
• cd01118 Patch libavif for svt-av1 4.0 compatibility
• 46f45f6 12.1.0 version bump
• c9ac097 Simplify band splitting (#9291)
• 3baedf2 Deprecate getdata(), in favour of new get_flattened_data() (#9292)
• b51a036 Specify APNG duration type when opening (#9368)
• 8d08e31 Add release notes for #9348 (#9369)
• 432707e Added release notes for #9348
• 2d58910 Specify APNG duration type when opening
• Additional commits viewable in compare view

Updates mysql-connector-python from 8.0.33 to 9.1.0

Changelog

Sourced from mysql-connector-python's changelog.

v9.1.0

• WL#16452: Bundle all installable authentication plugins when building the C-extension
• WL#16444: Drop build support for DEB packages
• WL#16442: Upgrade gssapi version to 1.8.3
• WL#16411: Improve wheel metadata information for Classic and XDevAPI connectors
• WL#16341: OpenID Connect (Oauth2 - JWT) Authentication Support
• WL#16307: Remove Python 3.8 support
• WL#16306: Add support for Python 3.13
• BUG#37055435: Connection fails during the TLS negotiation when specifying TLSv1.3 ciphers
• BUG#37013057: mysql-connector-python Parameterized query SQL injection
• BUG#36765200: python mysql connector 8.3.0 raise %-.100s:%u when input a wrong host
• BUG#36577957: Update charset/collation description indicate this is 16 bits

v9.0.0

• WL#16350: Update dnspython version
• WL#16318: Deprecate Cursors Prepared Raw and Named Tuple
• WL#16284: Update the Python Protobuf version
• WL#16283: Remove OpenTelemetry Bundled Installation
• BUG#36664998: Packets out of order error is raised while changing user in aio
• BUG#36611371: Update dnspython required versions to allow latest 2.6.1
• BUG#36570707: Collation set on connect using C-Extension is ignored
• BUG#36476195: Incorrect escaping in pure Python mode if sql_mode includes NO_BACKSLASH_ESCAPES
• BUG#36289767: MySQLCursorBufferedRaw does not skip conversion

v8.4.0

• WL#16203: GPL License Exception Update
• WL#16173: Update allowed cipher and cipher-suite lists
• WL#16164: Implement support for new vector data type
• WL#16127: Remove the FIDO authentication mechanism
• WL#16053: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for C-extension
• BUG#36227964: Improve OpenTelemetry span coverage
• BUG#36167880: Massive memory leak mysqlx native Protobuf adding to collection

v8.3.0

• WL#16015: Remove use of removed COM_ commands
• WL#15985: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for Pure Python
• WL#15983: Stop using mysql_ssl_set api
• WL#15982: Remove use of mysql_shutdown
• WL#15950: Support query parameters for prepared statements
• WL#15942: Improve type hints and standardize byte type handling
• WL#15836: Split mysql and mysqlx into different packages
• WL#15523: Support Python DB API asynchronous execution

... (truncated)

Commits

• 4fbf521 Remove explicit reference to CMySQLConnection from the cipher tests
• db3d07d Updated the LICENSE files
• 29c17b4 Disable build-id links in RPMs
• 5b0bfce Added missing 'byte_code_only' option to the mysqlx RPM spec file
• e77f27e Updated the LICENSE files
• 040414f BUG#37055435: Connection fails during the TLS negotiation when specifying TLS...
• 8a90d72 Added CONTRIBUTING.md and SECURITY.md files in Connector/Python
• 6f81ac5 BUG#36765200: python mysql connector 8.3.0 raise %-.100s:%u when input a wron...
• da48d02 Prepare release 9.1.0
• 61bccb0 BUG#36577957: Update charset/collation description indicate this is 16 bits
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #143.