jenkins-bot merged this change.

View Change

Restrict Pillow to 6.2.2+

Bug: T249911
Change-Id: Id7b3141b6e489234527ef6abab503004a033c924
---
M requirements.txt
M setup.py
2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 133021f..ad66d97 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -41,9 +41,9 @@
 python-stdnum >= 1.13
 
 # GUI
-Pillow < 7.0.0, >= 6.2.0 ; python_version < '3'
+Pillow >= 6.2.2, < 7.0.0 ; python_version < '3'
 Pillow < 6.0.0 ; python_version == '3.4'
-Pillow >= 6.2.1 ; python_version >= '3.5'
+Pillow >= 6.2.2 ; python_version >= '3.5'
 
 # core pagegenerators
 google >= 1.7
diff --git a/setup.py b/setup.py
index 21407cf..21711c2 100644
--- a/setup.py
+++ b/setup.py
@@ -41,10 +41,10 @@
     'Graphviz': ['pydot>=1.2'],
     'Google': ['google>=1.7'],
     'mwparserfromhell': ['mwparserfromhell>=0.3.3'],
-    'Tkinter': [
-        'Pillow<7.0.0,>=6.2.0;python_version<"3"',
-        'Pillow<6.0.0;python_version=="3.4"',  # vulnerability found
-        'Pillow>=6.2.1;python_version>="3.5"',  # 6.2.1 required for PY 3.8
+    'Tkinter': [  # vulnerability found in Pillow<6.2.2
+        'Pillow>=6.2.2,<7.0.0;python_version<"3"',
+        'Pillow<6.0.0;python_version=="3.4"',
+        'Pillow>=6.2.2;python_version>="3.5"',
     ],
     'security': [
         'requests[security]'

To view, visit change 587995. To unsubscribe, or for help writing mail filters, visit settings.