1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
From: Antonio Russo <aerusso@aerusso.net>
Date: Fri, 22 Sep 2023 06:25:56 -0600
Subject: Revert pillow version bump
Forwarded: not needed
Upstream must bump their pillow version to guarantee a webp security
fix. We are not similarly constrained.
---
pyproject.toml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/pyproject.toml b/pyproject.toml
index 073c966..0cec00b 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -193,7 +193,9 @@ pyasn1-modules = ">=0.0.7"
bcrypt = ">=3.1.7"
# 10.0.1 minimum is mandatory here because of libwebp CVE-2023-4863.
# Packagers that already took care of libwebp can lower that down to 5.4.0.
-Pillow = ">=10.0.1"
+# We have, and therefore lower this back down
+#Pillow = ">=10.0.1"
+Pillow = ">=5.4.0"
# We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2.
sortedcontainers = ">=1.5.2"
pymacaroons = ">=0.13.0"
|
