Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pillow dependency is on a version with security alerts #46

Closed
offbyone opened this issue May 4, 2022 · 2 comments · Fixed by #47
Closed

Pillow dependency is on a version with security alerts #46

offbyone opened this issue May 4, 2022 · 2 comments · Fixed by #47
Assignees
@phibos
Labels
bug Something isn't working good first issue Good for newcomers
Milestone
1.4.0

Comments

@offbyone
Copy link
Contributor

offbyone commented May 4, 2022

I have a repository that's getting pillow 8 via this plugin, and it looks like that version has some known security advisories. I'd like to upgrade to Pillow 9, but that requires this plugin to do so.

Do you have any plans for that? Is it as easy as "plug in the new version"?
phibos added a commit that referenced this issue May 6, 2022
@phibos
Bump dependency Pillow to 9.0.1+ (Fixes #46)
44a0336
@phibos phibos mentioned this issue May 6, 2022
Merged
@phibos
Copy link
Collaborator

phibos commented May 6, 2022

You are right. I have used this plugin with Pillow 9.0.1 in some of my projects in the last weeks and I think it should be save to bump the version.

@phibos phibos added this to the 1.4.0 milestone May 6, 2022
@phibos phibos self-assigned this May 6, 2022
@phibos phibos added bug Something isn't working good first issue Good for newcomers labels May 6, 2022
@phibos phibos closed this as completed in #47 May 6, 2022
@offbyone
Copy link
Contributor Author

offbyone commented May 7, 2022

Would you mind making a 1.3.1 release for this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phibos phibos

Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
1.4.0
Development

Successfully merging a pull request may close this issue.

Bump dependency Pillow to 9.0.1+ pelican-plugins/photos
2 participants
@offbyone @phibos