Skip to content

Commit

Permalink
Bump Pillow version (nvaccess#16082)
Browse files Browse the repository at this point in the history 
Reported by dependabot: https://github.com/nvaccess/nvda/security/dependabot/2

Pillow < 10.2.0 has a known security issue
This PR bumps the Pillow version

Note Pillow was introduced as a pinned implicit dependency as part of nvaccess#15544
  • Loading branch information
@seanbudd @Adriani90
seanbudd authored and Adriani90 committed Mar 13, 2024
1 parent 9c9ee75 commit 789c3bb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ wxPython==4.2.1
git+https://github.com/DiffSK/configobj@e2ba4457c4651fa54f8d59d8dcdd3da950e956b8#egg=configobj
requests==2.31.0
# Pillow is an implicit dependency and requires zlib and jpeg by default, but we don't need it
Pillow==10.0.1 -C "zlib=disable" -C "jpeg=disable"
Pillow==10.2.0 -C "zlib=disable" -C "jpeg=disable"

#NVDA_DMP requires diff-match-patch
fast_diff_match_patch==2.0.1
Expand Down

0 comments on commit 789c3bb

Please sign in to comment.