Skip to content

Commit 59dafcb

Browse files
molinavmolinav
committed
Update pillow lower pins due to vulnerabilities
1 parent b7a5973 commit 59dafcb

File tree

2 files changed

+6
-1
lines changed

2 files changed

+6
-1
lines changed

CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,9 @@ https://semver.org/spec/v2.0.0.html
2626
[CVE-2021-41495] and [CVE-2021-41496].
2727
- Set `numpy >= 1.22` for Python >= 3.8 due to `numpy` vulnerability
2828
[CVE-2021-34141].
29+
- Enforce up-to-date `pillow` dependency when possible:
30+
- Set `pillow >= 9.0.1` for Python >= 3.7 due to `pillow`
31+
vulnerability [CVE-2022-24303].
2932

3033
## [1.3.3] - 2022-05-11
3134

@@ -1021,6 +1024,8 @@ https://github.com/matplotlib/basemap/compare/v1.0.3rel...v1.0.4rel
10211024
[1.0.3]:
10221025
https://github.com/matplotlib/basemap/tree/v1.0.3rel
10231026

1027+
[CVE-2022-24303]:
1028+
https://nvd.nist.gov/vuln/detail/CVE-2022-24303
10241029
[CVE-2022-22817]:
10251030
https://nvd.nist.gov/vuln/detail/CVE-2022-22817
10261031
[CVE-2022-22816]:

packages/basemap/requirements-test.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,4 +28,4 @@ pillow >= 4.3.0, < 5.0.0; python_version == "3.3"
2828
pillow >= 5.4.0, < 6.0.0; python_version == "3.4"
2929
pillow >= 7.1.0, < 8.0.0; python_version == "3.5"
3030
pillow >= 8.3.2, < 9.0.0; python_version == "3.6"
31-
pillow >= 9.0.0, < 10.0.0; python_version >= "3.7"
31+
pillow >= 9.0.1, < 10.0.0; python_version >= "3.7"

0 commit comments

Comments
 (0)