jenkins-bot merged this change.

View Change

[setup] Update Pillow requirements

- Python 2.7 requires Pillow < 7.0.0 and 6.2.1 is the last release
  for this Python version
- Python 3.4 needs Pillow < 6.0.0 but a vulnerability was found;
  this probably leads to Python 3.4 to be deprecated soon.
- Pillow 6.2.0 or above must be used due to this vulnerability
  mentioned above
- Python 3.8 requires Pillow >= 6.2.1; therefore recommed this
  Pillow for others than 3.4 and 2.7

Bug: T239539
Change-Id: I8a4a1fa9be53a78c7d348fca076875d3e5ad320d
---
M requirements.txt
M setup.py
2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index c666b1e..456576b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -41,9 +41,9 @@
 python-stdnum
 
 # GUI
-Pillow < 7.0.0 ; python_version < '3'
+Pillow < 7.0.0, >= 6.2.0 ; python_version < '3'
 Pillow < 6.0.0 ; python_version == '3.4'
-Pillow ; python_version >= '3.5'
+Pillow >= 6.2.1 ; python_version >= '3.5'
 
 # core pagegenerators
 google >= 1.7
diff --git a/setup.py b/setup.py
index de86399..5b9acee 100644
--- a/setup.py
+++ b/setup.py
@@ -42,9 +42,9 @@
     'Google': ['google>=1.7'],
     'mwparserfromhell': ['mwparserfromhell>=0.3.3'],
     'Tkinter': [
-        'Pillow<7.0.0;python_version<"3"',
-        'Pillow<6.0.0;python_version=="3.4"',
-        'Pillow;python_version>="3.5"',
+        'Pillow<7.0.0,>=6.2.0;python_version<"3"',
+        'Pillow<6.0.0;python_version=="3.4"',  # vulnerability found
+        'Pillow>=6.2.1;python_version>="3.5"',  # 6.2.1 required for PY 3.8
     ],
     'security': [
         'requests[security]'

To view, visit change 553858. To unsubscribe, or for help writing mail filters, visit settings.