jenkins-bot merged this change.

View Change

Approvals: Dvorapa: Looks good to me, approved jenkins-bot: Verified
[setup] Update Pillow requirements

- Python 2.7 requires Pillow < 7.0.0 and 6.2.1 is the last release
for this Python version
- Python 3.4 needs Pillow < 6.0.0 but a vulnerability was found;
this probably leads to Python 3.4 to be deprecated soon.
- Pillow 6.2.0 or above must be used due to this vulnerability
mentioned above
- Python 3.8 requires Pillow >= 6.2.1; therefore recommed this
Pillow for others than 3.4 and 2.7

Bug: T239539
Change-Id: I8a4a1fa9be53a78c7d348fca076875d3e5ad320d
---
M requirements.txt
M setup.py
2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index c666b1e..456576b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -41,9 +41,9 @@
python-stdnum

# GUI
-Pillow < 7.0.0 ; python_version < '3'
+Pillow < 7.0.0, >= 6.2.0 ; python_version < '3'
Pillow < 6.0.0 ; python_version == '3.4'
-Pillow ; python_version >= '3.5'
+Pillow >= 6.2.1 ; python_version >= '3.5'

# core pagegenerators
google >= 1.7
diff --git a/setup.py b/setup.py
index de86399..5b9acee 100644
--- a/setup.py
+++ b/setup.py
@@ -42,9 +42,9 @@
'Google': ['google>=1.7'],
'mwparserfromhell': ['mwparserfromhell>=0.3.3'],
'Tkinter': [
- 'Pillow<7.0.0;python_version<"3"',
- 'Pillow<6.0.0;python_version=="3.4"',
- 'Pillow;python_version>="3.5"',
+ 'Pillow<7.0.0,>=6.2.0;python_version<"3"',
+ 'Pillow<6.0.0;python_version=="3.4"', # vulnerability found
+ 'Pillow>=6.2.1;python_version>="3.5"', # 6.2.1 required for PY 3.8
],
'security': [
'requests[security]'

To view, visit change 553858. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: pywikibot/core
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I8a4a1fa9be53a78c7d348fca076875d3e5ad320d
Gerrit-Change-Number: 553858
Gerrit-PatchSet: 2
Gerrit-Owner: Xqt <info@gno.de>
Gerrit-Reviewer: Dvorapa <dvorapa@seznam.cz>
Gerrit-Reviewer: jenkins-bot (75)