Mandate Pillow>=10.0.1 because of libwebp CVE (#16347)
This commit is contained in:
parent
53b7d9ccf2
commit
053155a2af
|
@ -0,0 +1 @@
|
||||||
|
Pillow 10.0.1 is now mandatory because of libwebp CVE-2023-4863, since Pillow provides libwebp in the wheels.
|
|
@ -174,7 +174,9 @@ PyYAML = ">=3.13"
|
||||||
pyasn1 = ">=0.1.9"
|
pyasn1 = ">=0.1.9"
|
||||||
pyasn1-modules = ">=0.0.7"
|
pyasn1-modules = ">=0.0.7"
|
||||||
bcrypt = ">=3.1.7"
|
bcrypt = ">=3.1.7"
|
||||||
Pillow = ">=5.4.0"
|
# 10.0.1 minimum is mandatory here because of libwebp CVE-2023-4863.
|
||||||
|
# Packagers that already took care of libwebp can lower that down to 5.4.0.
|
||||||
|
Pillow = ">=10.0.1"
|
||||||
# We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2.
|
# We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2.
|
||||||
sortedcontainers = ">=1.5.2"
|
sortedcontainers = ">=1.5.2"
|
||||||
pymacaroons = ">=0.13.0"
|
pymacaroons = ">=0.13.0"
|
||||||
|
|
Loading…
Reference in New Issue