#8394 upgrade pillow dependency

unreleased
closed
None
General
2021-07-26
2021-07-22
No

pillow <= 8.2.0 has a CRITICAL CVE

https://nvd.nist.gov/vuln/detail/CVE-2021-34552

Discussion

  • Dave Brondsema

    Dave Brondsema - 2021-07-22

    Recent versions of pip-tools have different output comments. If you try a newer version you can probably avoid the churn.

    Also make sure to avoid re-adding chardet (licensing complexities)

     
  • Dillon Walls

    Dillon Walls - 2021-07-26

    Good catch, I updated pip-tools and made sure chardet was omitted. branch dw/8394b

     
  • Dave Brondsema

    Dave Brondsema - 2021-07-26
    • status: open --> closed
    • Reviewer: Dave Brondsema
     

Log in to post a comment.