Skip to content

Commit

Permalink
Revert "Mandate Pillow>=10.0.1 because of libwebp CVE (matrix-org#16347
Browse files Browse the repository at this point in the history
…)"

It's not needed to update Pillow in Fedora because it has
no bundled libwebp.

Fedora has older version of Pillow, and it's OK because it's not
vulnerable to this bug.

This reverts commit 053155a.
  • Loading branch information
Oleg Girko committed Nov 29, 2023
1 parent e8cce91 commit d08247b
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -181,9 +181,7 @@ PyYAML = ">=3.13"
pyasn1 = ">=0.1.9"
pyasn1-modules = ">=0.0.7"
bcrypt = ">=3.1.7"
# 10.0.1 minimum is mandatory here because of libwebp CVE-2023-4863.
# Packagers that already took care of libwebp can lower that down to 5.4.0.
Pillow = ">=10.0.1"
Pillow = ">=5.4.0"
# We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2.
sortedcontainers = ">=1.5.2"
pymacaroons = ">=0.13.0"
Expand Down

0 comments on commit d08247b

Please sign in to comment.