Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pillow vulnerabilities #1463

Open
1 task done
matsair opened this issue Feb 2, 2024 · 2 comments
Open
1 task done

Pillow vulnerabilities #1463

matsair opened this issue Feb 2, 2024 · 2 comments
Assignees
@jamie256
Milestone
1.4.1

Comments

@matsair
Copy link

matsair commented Feb 2, 2024
edited

Description

There are multiple osv vulnerability issues with the Pillow 9.x package dependency. An update to 10.x (https://github.com/whylabs/whylogs/blob/mainline/python/pyproject.toml#L68) is currently not possible.

Some vulnerabilities:

Steps to reproduce:

image

Suggestions

Could we update Pillow to its latest version?
@jamie256 jamie256 self-assigned this Feb 12, 2024
@jamie256 jamie256 mentioned this issue Feb 21, 2024
Closed
1 task
@github-actions GitHub Actions
Copy link
Contributor

This issue is stale. Remove stale label or it will be closed next week.

@jamie256 jamie256 added this to the 1.4.1 milestone May 23, 2024
@jamie256 jamie256 reopened this May 23, 2024
@jamie256
Copy link
Contributor

changes merged to allow newer versions of PIL and updates lock file. Slated for next whylogs release, 1.4.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jamie256 jamie256

Labels
None yet
Projects
None yet
Milestone
1.4.1
Development

No branches or pull requests
2 participants
@matsair @jamie256