Skip to content

Commit

Permalink
Revert "Mandate Pillow>=10.0.1 because of libwebp CVE (element-hq#16347
Browse files Browse the repository at this point in the history 
…)"

It's not needed to update Pillow in Fedora because it has
no bundled libwebp.

Fedora has older version of Pillow, and it's OK because it's not
vulnerable to this bug.

This reverts commit 053155a.
  • Loading branch information
@OlegGirko
OlegGirko committed Jan 16, 2025
1 parent 8ed1fe7 commit f048343
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,9 +182,7 @@ PyYAML = ">=5.3"
pyasn1 = ">=0.1.9"
pyasn1-modules = ">=0.0.7"
bcrypt = ">=3.1.7"
# 10.0.1 minimum is mandatory here because of libwebp CVE-2023-4863.
# Packagers that already took care of libwebp can lower that down to 5.4.0.
Pillow = ">=10.0.1"
Pillow = ">=5.4.0"
# We use SortedDict.peekitem(), which was added in sortedcontainers 1.5.2.
sortedcontainers = ">=1.5.2"
pymacaroons = ">=0.13.0"
Expand Down

0 comments on commit f048343

Please sign in to comment.