Remove version restriction from Pillow in TVM codebase #10238
Labels
actionable
has an immediately do-able work plan and a detailed description
type:dependency-security
Security problems in dependencies of TVM
Projects
@kparzysz-quic states: There are 3 security vulnerabilities in Pillow < 9.0.0. They are all considered critical.
CVE-2022-22815 2
CVE-2022-22816
CVE-2022-22817
apps/microtvm/ethosu/requirements.txt lists Pillow==8.3.2.
@areusch : note this was originally listed in the docs install script as a hard version limit, but it's since gone. i suspect the task here is to just remove it from the various places in the codebase which mention it.
https://github.com/apache/tvm/search?q=Pillow
The text was updated successfully, but these errors were encountered: