-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pillow vulnerabilities #1463
Milestone
Comments
1 task
This issue is stale. Remove stale label or it will be closed next week. |
changes merged to allow newer versions of PIL and updates lock file. Slated for next whylogs release, 1.4.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
There are multiple osv vulnerability issues with the Pillow 9.x package dependency. An update to 10.x (https://github.com/whylabs/whylogs/blob/mainline/python/pyproject.toml#L68) is currently not possible.
Some vulnerabilities:
Steps to reproduce:
poetry install
osv-scanner --lockfile poetry.lock
(https://github.com/google/osv-scanner)Suggestions
Could we update Pillow to its latest version?
The text was updated successfully, but these errors were encountered: