From 8798bd53283a78c946d23068b2d5a97f00f2124e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Mar 2026 10:48:43 +0000
Subject: [PATCH 1/2] Bump docker/setup-qemu-action from 3 to 4 (#12192)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
from 3 to 4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<ul>
<li>Node 24 as default runtime (requires <a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions
Runner v2.327.1</a> or later) by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/245">docker/setup-qemu-action#245</a></li>
<li>Switch to ESM and update config/test wiring by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/241">docker/setup-qemu-action#241</a></li>
<li>Bump <code>@​actions/core</code> from 1.11.1 to 3.0.0 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/244">docker/setup-qemu-action#244</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.67.0 to 0.77.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/243">docker/setup-qemu-action#243</a></li>
<li>Bump <code>@​isaacs/brace-expansion</code> from 5.0.0 to 5.0.1 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/240">docker/setup-qemu-action#240</a></li>
<li>Bump js-yaml from 3.14.1 to 3.14.2 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/231">docker/setup-qemu-action#231</a></li>
<li>Bump lodash from 4.17.21 to 4.17.23 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/238">docker/setup-qemu-action#238</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.7.0...v4.0.0">https://github.com/docker/setup-qemu-action/compare/v3.7.0...v4.0.0</a></p>
<h2>v3.7.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.56.0 to 0.67.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/217">docker/setup-qemu-action#217</a>
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/230">docker/setup-qemu-action#230</a></li>
<li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/220">docker/setup-qemu-action#220</a></li>
<li>Bump form-data from 2.5.1 to 2.5.5 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/218">docker/setup-qemu-action#218</a></li>
<li>Bump tmp from 0.2.3 to 0.2.4 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/221">docker/setup-qemu-action#221</a></li>
<li>Bump undici from 5.28.4 to 5.29.0 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/219">docker/setup-qemu-action#219</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0">https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0</a></p>
<h2>v3.6.0</h2>
<ul>
<li>Display binfmt version by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/202">docker/setup-qemu-action#202</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0">https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0</a></p>
<h2>v3.5.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.54.0 to 0.56.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/205">docker/setup-qemu-action#205</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0">https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0</a></p>
<h2>v3.4.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.49.0 to 0.54.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/193">docker/setup-qemu-action#193</a>
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/197">docker/setup-qemu-action#197</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.3.0...v3.4.0">https://github.com/docker/setup-qemu-action/compare/v3.3.0...v3.4.0</a></p>
<h2>v3.3.0</h2>
<ul>
<li>Add <code>cache-image</code> input to enable/disable caching of
binfmt image by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/130">docker/setup-qemu-action#130</a></li>
<li>Bump <code>@​actions/core</code> from 1.10.1 to 1.11.1 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/172">docker/setup-qemu-action#172</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.35.0 to 0.49.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/187">docker/setup-qemu-action#187</a></li>
<li>Bump cross-spawn from 7.0.3 to 7.0.6 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/182">docker/setup-qemu-action#182</a></li>
<li>Bump path-to-regexp from 6.2.2 to 6.3.0 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/162">docker/setup-qemu-action#162</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.2.0...v3.3.0">https://github.com/docker/setup-qemu-action/compare/v3.2.0...v3.3.0</a></p>
<h2>v3.2.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.31.0 to 0.35.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/154">docker/setup-qemu-action#154</a>
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/155">docker/setup-qemu-action#155</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0">https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0</a></p>
<h2>v3.1.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/ce360397dd3f832beb865e1373c09c0e9f86d70a"><code>ce36039</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/245">#245</a>
from crazy-max/node24</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/63863443c130689b5b352363f362c820cf73b26d"><code>6386344</code></a>
node 24 as default runtime</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/1ea3db7bfb6d247e5e3511955d6e476a8d400ef3"><code>1ea3db7</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/243">#243</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/b56a0022b9d517f4d4f8f8357e107e587548db78"><code>b56a002</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/c43f02d0c908d30161ad4230a59285d9e442956d"><code>c43f02d</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.67.0 to
0.77.0</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/ce10c58dd1801e20f2e65c72aff588c6fc5f6609"><code>ce10c58</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/244">#244</a>
from docker/dependabot/npm_and_yarn/actions/core-3.0.0</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/429fc9dbdab394ec482946ef7f7b60be3a169336"><code>429fc9d</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/060e5f8b59ae7d2a0e4dcf681f8625f0e54e2024"><code>060e5f8</code></a>
build(deps): bump <code>@​actions/core</code> from 1.11.1 to 3.0.0</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/44be13e7d9ba38145b648950e52ac18e2a4efd3a"><code>44be13e</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/231">#231</a>
from docker/dependabot/npm_and_yarn/js-yaml-3.14.2</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/1897438ed3baad455b19c89cda913ca4f31dd079"><code>1897438</code></a>
chore: update generated content</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/setup-qemu-action/compare/v3...v4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/ci-cd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index cef4ef57312..9cf18b9072c 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -444,7 +444,7 @@ jobs:
         submodules: true
     - name: Set up QEMU
       if: ${{ matrix.qemu }}
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@v4
       with:
         platforms: all
         # This should be temporary

From b420a456e2ef49683f87bc2f55c10221fb5a82f8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Mar 2026 10:58:03 +0000
Subject: [PATCH 2/2] Bump imagesize from 1.5.0 to 2.0.0 (#12194)

Bumps [imagesize](https://github.com/shibukawa/imagesize_py) from 1.5.0
to 2.0.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/shibukawa/imagesize_py/commit/5ab28d47b96d6a0738ec036034919a739b4d64da"><code>5ab28d4</code></a>
bump module version to 2.0</li>
<li><a
href="https://github.com/shibukawa/imagesize_py/commit/63d6afb8e24b9f9d599f7a15fa50ebc7964ad7c7"><code>63d6afb</code></a>
Merge pull request <a
href="https://redirect.github.com/shibukawa/imagesize_py/issues/82">#82</a>
from shibukawa/codex/update-readme-and-setup-instructi...</li>
<li><a
href="https://github.com/shibukawa/imagesize_py/commit/294606629eaf3950290de90a4b1ab9aaed7c89c3"><code>2946066</code></a>
docs: clarify EXIF orientation formats in v2.0 notes</li>
<li><a
href="https://github.com/shibukawa/imagesize_py/commit/53eff2e3ab713b81883003bbd4eca586cc592431"><code>53eff2e</code></a>
Merge pull request <a
href="https://redirect.github.com/shibukawa/imagesize_py/issues/81">#81</a>
from shibukawa/codex/refactor-code-to-reduce-duplication</li>
<li><a
href="https://github.com/shibukawa/imagesize_py/commit/ac14f2af0208f9d57780d86ff619a32f80b90109"><code>ac14f2a</code></a>
Refactor duplicated JPEG segment parsing logic</li>
<li><a
href="https://github.com/shibukawa/imagesize_py/commit/48ab954c707642d06081c8b5eae53b61b410715a"><code>48ab954</code></a>
Merge pull request <a
href="https://redirect.github.com/shibukawa/imagesize_py/issues/80">#80</a>
from shibukawa/codex/add-avif-exif-rotation-support</li>
<li><a
href="https://github.com/shibukawa/imagesize_py/commit/5cada1084cc21621541216810ecaf4514ca0e60b"><code>5cada10</code></a>
Add AVIF EXIF rotation support</li>
<li><a
href="https://github.com/shibukawa/imagesize_py/commit/232c6d5204e38d5a288114c098304cc2f8358f69"><code>232c6d5</code></a>
Merge pull request <a
href="https://redirect.github.com/shibukawa/imagesize_py/issues/79">#79</a>
from shibukawa/codex/add-heic/heif-support-and-rotation</li>
<li><a
href="https://github.com/shibukawa/imagesize_py/commit/324c970eb6c8d5326a6e3e16216ed2d498358219"><code>324c970</code></a>
Add HEIC/HEIF size and rotation support</li>
<li><a
href="https://github.com/shibukawa/imagesize_py/commit/7b7bb5f720401332eba12e93ad2e31d1bbc01cd4"><code>7b7bb5f</code></a>
Merge pull request <a
href="https://redirect.github.com/shibukawa/imagesize_py/issues/78">#78</a>
from shibukawa/codex/add-pypi-link-and-python-version-...</li>
<li>Additional commits viewable in <a
href="https://github.com/shibukawa/imagesize_py/compare/1.5.0...2.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=imagesize&package-manager=pip&previous-version=1.5.0&new-version=2.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/doc-spelling.txt | 2 +-
 requirements/doc.txt          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 580f8d7a7b2..dd9c6a62d58 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -92,7 +92,7 @@ idna==3.11
     #   requests
     #   trustme
     #   yarl
-imagesize==1.5.0
+imagesize==2.0.0
     # via sphinx
 iniconfig==2.3.0
     # via pytest
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 2e52f18e7a1..46c5cc27f0c 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -90,7 +90,7 @@ idna==3.11
     #   requests
     #   trustme
     #   yarl
-imagesize==1.5.0
+imagesize==2.0.0
     # via sphinx
 iniconfig==2.3.0
     # via pytest
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index aef9eb6fedc..b30bdb56929 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -20,7 +20,7 @@ docutils==0.21.2
     # via sphinx
 idna==3.11
     # via requests
-imagesize==1.5.0
+imagesize==2.0.0
     # via sphinx
 jinja2==3.1.6
     # via
diff --git a/requirements/doc.txt b/requirements/doc.txt
index c3214743726..d960803537f 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -20,7 +20,7 @@ docutils==0.21.2
     # via sphinx
 idna==3.11
     # via requests
-imagesize==1.5.0
+imagesize==2.0.0
     # via sphinx
 jinja2==3.1.6
     # via