Skip to content
Snippets Groups Projects
Commit 053155a2 authored by Mathieu Velten's avatar Mathieu Velten
Browse files

Mandate Pillow>=10.0.1 because of libwebp CVE (#16347)

parent 53b7d9cc
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
changelog.d/16347.misc 0 → 100644
+ 1
0
View file @ 053155a2
Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels.
pyproject.toml
+ 3
1
View file @ 053155a2
...@@ -174,7 +174,9 @@ PyYAML = ">=3.13" ...@@ -174,7 +174,9 @@ PyYAML = ">=3.13"
pyasn1 = ">=0.1.9" pyasn1 = ">=0.1.9"
pyasn1-modules = ">=0.0.7" pyasn1-modules = ">=0.0.7"
bcrypt = ">=3.1.7" bcrypt = ">=3.1.7"
Pillow = ">=5.4.0" # 10.0.1 minimum is mandatory here because of libwebp CVE-2023-4863.
# Packagers that already took care of libwebp can lower that down to 5.4.0.
Pillow = ">=10.0.1"
# We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2. # We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2.
sortedcontainers = ">=1.5.2" sortedcontainers = ">=1.5.2"
pymacaroons = ">=0.13.0" pymacaroons = ">=0.13.0"
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment