Upgrade pillow version to 9.0.0 #1992
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
julian-risch
approved these changes
Jan 12, 2022
There was a problem hiding this comment.
Thank you for your very first contribution to Haystack! Looks good to me! 👍 All tests are passing and I don't see a reason why not to upgrade the version. The newer version 9.0.0 doesn't support python 3.6 anymore (https://pillow.readthedocs.io/en/stable/installation.html) but we dropped the support for python 3.6 anyway here: #1059
julian-risch
changed the title
|
Hello @mapapa I have sent you an email to the address provided in your GitHub profile. Please let me know if you received it. Thank you. 🙏 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pillow:8.3.2 for python pil/pdfparser.py pdf parsing improper regular expression dos
Pillow package for python contains a flaw in pil/pdfparser.py that is triggered as carriage return characters are not properly handled in a regular expression. this may allow a context-dependent attacker to hang or slow down a python process using the library.
Security source: CVSS V3 from RBS
Fix version: 9.0.0
closes #1988