Skip to content

Commit

Permalink
Revert "Mandate Pillow>=10.0.1 because of libwebp CVE (matrix-org#16347
Browse files Browse the repository at this point in the history 
…)"

It's not needed to update Pillow in Fedora because it has
no bundled libwebp.

Fedora has older version of Pillow, and it's OK because it's not
vulnerable to this bug.

This reverts commit 053155a.
  • Loading branch information
Oleg Girko committed Sep 18, 2023
1 parent 2366d1b commit 2741524
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,9 +174,7 @@ PyYAML = ">=3.13"
pyasn1 = ">=0.1.9"
pyasn1-modules = ">=0.0.7"
bcrypt = ">=3.1.7"
# 10.0.1 minimum is mandatory here because of libwebp CVE-2023-4863.
# Packagers that already took care of libwebp can lower that down to 5.4.0.
Pillow = ">=10.0.1"
Pillow = ">=5.4.0"
# We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2.
sortedcontainers = ">=1.5.2"
pymacaroons = ">=0.13.0"
Expand Down

0 comments on commit 2741524

Please sign in to comment.