jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/553858 )
Change subject: [setup] Update Pillow requirements ......................................................................
[setup] Update Pillow requirements
- Python 2.7 requires Pillow < 7.0.0 and 6.2.1 is the last release for this Python version - Python 3.4 needs Pillow < 6.0.0 but a vulnerability was found; this probably leads to Python 3.4 to be deprecated soon. - Pillow 6.2.0 or above must be used due to this vulnerability mentioned above - Python 3.8 requires Pillow >= 6.2.1; therefore recommed this Pillow for others than 3.4 and 2.7
Bug: T239539 Change-Id: I8a4a1fa9be53a78c7d348fca076875d3e5ad320d --- M requirements.txt M setup.py 2 files changed, 5 insertions(+), 5 deletions(-)
Approvals: Dvorapa: Looks good to me, approved jenkins-bot: Verified
diff --git a/requirements.txt b/requirements.txt index c666b1e..456576b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -41,9 +41,9 @@ python-stdnum
# GUI -Pillow < 7.0.0 ; python_version < '3' +Pillow < 7.0.0, >= 6.2.0 ; python_version < '3' Pillow < 6.0.0 ; python_version == '3.4' -Pillow ; python_version >= '3.5' +Pillow >= 6.2.1 ; python_version >= '3.5'
# core pagegenerators google >= 1.7 diff --git a/setup.py b/setup.py index de86399..5b9acee 100644 --- a/setup.py +++ b/setup.py @@ -42,9 +42,9 @@ 'Google': ['google>=1.7'], 'mwparserfromhell': ['mwparserfromhell>=0.3.3'], 'Tkinter': [ - 'Pillow<7.0.0;python_version<"3"', - 'Pillow<6.0.0;python_version=="3.4"', - 'Pillow;python_version>="3.5"', + 'Pillow<7.0.0,>=6.2.0;python_version<"3"', + 'Pillow<6.0.0;python_version=="3.4"', # vulnerability found + 'Pillow>=6.2.1;python_version>="3.5"', # 6.2.1 required for PY 3.8 ], 'security': [ 'requests[security]'