Bump the pip group across 2 directories with 2 updates

[dependabot]

Updates the requirements on pillow and aiohttp to permit the latest version.
Updates pillow to 11.1.0

Release notes

Sourced from pillow's releases.

11.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/11.1.0.html

Documentation

• Added release notes for writing XMP bytes to JPEG and MPO #8627 [@​radarhere]
• Added release notes for using zlib-ng instead of zlib #8599 [@​radarhere]
• Replace python-pillow.org with python-pillow.github.io #8586 [@​hugovk]
• ImageFile tile is never None #8582 [@​radarhere]
• Only use start year in copyright, remove end years #8577 [@​hugovk]
• Python 3.12 is tested on MinGW #8575 [@​radarhere]
• Use brew formula to install libraqm #8574 [@​radarhere]
• Added link to GitHub releases in CHANGES #8571 [@​radarhere]
• Release drafter: move removals, deprecations, documentation up, and uncategorised changes last #8570 [@​hugovk]
• Updated macOS tested Pillow versions #8538 [@​radarhere]
• Use test image filename #8534 [@​radarhere]
• Update Windows 11 Arm64 tested versions #8523 [@​nulano]
• Move MPO into "Fully supported formats" #8504 [@​radarhere]
• Update license to MIT-CMU #8490 [@​radarhere]

Dependencies

• Update dependency mypy to v1.14.1 #8643 [@​renovate]
• Update dependency mypy to v1.14.0 #8613 [@​renovate]
• Updated libwebp to 1.5.0 #8612 [@​radarhere]
• Updated libXau to 1.0.12 #8598 [@​radarhere]
• Updated libjpeg-turbo to 3.1.0 #8595 [@​radarhere]
• Updated harfbuzz to 10.1.0 #8533 [@​radarhere]
• Updated openjpeg to 2.5.3 #8591 [@​radarhere]
• Update dependency cibuildwheel to v2.22.0 #8580 [@​renovate]
• Update codecov/codecov-action action to v5 #8557 [@​renovate]
• Migrate renovate config #8527 [@​renovate]
• Update dependency mypy to v1.13.0 #8491 [@​renovate]
• Update dependency mypy to v1.12.1 #8487 [@​renovate]

Testing

• Added CentOS Stream 10 #8646 [@​radarhere]
• Use monkeypatch #8628 [@​radarhere]
• Pass file handle to ContainerIO #8625 [@​radarhere]
• Use register_handler #8499 [@​radarhere]
• Use monkeypatch #8626 [@​radarhere]
• Test libjpeg-turbo on macOS #8596 [@​radarhere]
• Test 3.13t (free-threaded) from Quansight-Labs/setup-python on Linux and macOS #8565 [@​hugovk]
• Run gcc problem matcher on Python 3.13 #8541 [@​radarhere]
• Add trove-classifiers>=2024.10.12 to 'tests' extra and use for Windows CI #8514 [@​hugovk]
• Apply security fixes to GitHub Actions #8526 [@​hugovk]
• Remove unused gcov: true for codecov-action@v4 #8521 [@​hugovk]
• Added Fedora 41 #8520 [@​radarhere]
• Do not repeatedly save to the same path #8512 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

11.1.0 and newer

See GitHub Releases:

• https://github.com/python-pillow/Pillow/releases

11.0.0 (2024-10-15)

• Update licence to MIT-CMU #8460 [hugovk]

• Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

• Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

• Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

• Do not close provided file handles with libtiff when saving #8458 [radarhere]

• Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

• Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

• Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

• Use transparency when combining P frames from APNGs #8443 [radarhere]

• Support all resampling filters when resizing I;16* images #8422 [radarhere]

• Free memory on early return #8413 [radarhere]

• Cast int before potentially exceeding INT_MAX #8402 [radarhere]

• Check image value before use #8400 [radarhere]

• Improved copying imagequant libraries #8420

... (truncated)

Commits

• 4c1aed8 11.1.0 version bump
• dfb368a Merge pull request #8651 from radarhere/blp
• 5d998d3 Improved coverage
• 6b75e06 Do not reread start of header in decoder
• b89cc09 Corrected BLP1 alpha depth handling
• aa0f412 Merge pull request #8646 from radarhere/centos
• e344271 Added CentOS Stream 10
• 17f09f3 Merge pull request #8644 from radarhere/c99
• d42f22b Added release notes
• c7026d9 Merge pull request #8642 from radarhere/bigtiff
• Additional commits viewable in compare view

Updates aiohttp to 3.11.12

Release notes

Sourced from aiohttp's releases.

3.11.12

Bug fixes

• MultipartForm.decode() now follows RFC1341 7.2.1 with a CRLF after the boundary -- by :user:imnotjames.

  Related issues and pull requests on GitHub: #10270.

• Restored the missing total_bytes attribute to EmptyStreamReader -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10387.

Features

• Updated :py:func:~aiohttp.request to make it accept _RequestOptions kwargs. -- by :user:Cycloctane.

  Related issues and pull requests on GitHub: #10300.

• Improved logging of HTTP protocol errors to include the remote address -- by :user:bdraco.

  Related issues and pull requests on GitHub: #10332.

Improved documentation

• Added aiohttp-openmetrics to list of third-party libraries -- by :user:jelmer.

  Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.11.12 (2025-02-05)

Bug fixes

• MultipartForm.decode() now follows RFC1341 7.2.1 with a CRLF after the boundary -- by :user:imnotjames.

  Related issues and pull requests on GitHub: :issue:10270.

• Restored the missing total_bytes attribute to EmptyStreamReader -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10387.

Features

• Updated :py:func:~aiohttp.request to make it accept _RequestOptions kwargs. -- by :user:Cycloctane.

  Related issues and pull requests on GitHub: :issue:10300.

• Improved logging of HTTP protocol errors to include the remote address -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:10332.

Improved documentation

• Added aiohttp-openmetrics to list of third-party libraries -- by :user:jelmer.

... (truncated)

Commits

• 78ea725 [PR #10416/e92f1874 backport][3.11] Fix wheel download-artifact by setting me...
• 70da1d4 [PR #10413/f6dae31d backport][3.11] Fix missing ppc64le musllinux wheels (#10...
• 3cca959 [PR #10410/1009c066 backport][3.11] Fix runs-on for wheel builds for native a...
• d07f577 [3.11] Adjust changelog messages for armv7l wheels (#10409)
• 43a36ee [PR #10404/6ee81df6 backport][3.11] Start build wheels on armv7l musllinux (#...
• 864bf5a [PR #10403/908145c9 backport][3.11] Disable wheel builds on PyPy (#10405)
• 5f1cd3b [PR #10400/9b33be3 backport][3.11] Add workaround for segfaults during wheel ...
• b53c5f9 [PR #10396/481a8374 backport][3.11] Switch to native arm runners for wheel bu...
• 2223776 [3.11] Amend changes to remove reverted riscv64 wheels (#10397)
• 2a3111d [PR #10393/9057364b backport][3.11] Revert "Start building riscv64 platform w...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.