Bump pillow to address CVE-2023-4863 (#1952)

* Bump pillow from 9.3.0 to 10.0.1 in /rastervision_core Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.3.0 to 10.0.1. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@9.3.0...10.0.1) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump pillow from 9.3.0 to 10.0.1 in /rastervision_pytorch_learner Bumps [pillow](https://github.com/python-pillow/Pillow) from 9.3.0 to 10.0.1. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@9.3.0...10.0.1) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
azavea · Oct 5, 2023 · 142df38 · 142df38
1 parent 89e8ce7
commit 142df38
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/rastervision_core/requirements.txt b/rastervision_core/requirements.txt
@@ -2,7 +2,7 @@ rastervision_pipeline==0.21.3-dev
 shapely==2.0.1
 geopandas==0.13.2
 numpy==1.25.0
-pillow==9.3.0
+pillow==10.0.1
 pyproj==3.4.0
 rasterio==1.3.7
 pystac==1.6.1

diff --git a/rastervision_pytorch_learner/requirements.txt b/rastervision_pytorch_learner/requirements.txt
@@ -1,7 +1,7 @@
 rastervision_pipeline==0.21.3-dev
 rastervision_core==0.21.3-dev
 numpy==1.25.0
-pillow==9.3.0
+pillow==10.0.1
 torch==2.0.1
 torchvision==0.15.2
 tensorboard==2.13.0