Require Pillow 6.2.0 based on security vulnerability report in older versions

2025-12-30 00:31:59 +00:00 · 2019-10-23 12:27:29 -07:00 · 2019-10-23 12:27:29 -07:00 · cdcdd16865
commit cdcdd16865
parent b332d76782
2 changed files with 2 additions and 4 deletions
--- a/requirements/main.txt
+++ b/requirements/main.txt
@ -6,7 +6,7 @@ cffi == 1.12.2
 img2pdf == 0.3.3
 pdfminer.six == 20181108
 pikepdf == 1.6.5
-Pillow >= 5.0.0, != 5.1.0 ; sys_platform == "darwin"
+Pillow >= 6.2.0
 pycparser == 2.19
 python-xmp-toolkit == 2.0.1
 reportlab == 3.5.13
--- a/setup.py
+++ b/setup.py
@ -98,9 +98,7 @@ setup(
        'img2pdf >= 0.3.0, < 0.4',  # pure Python, so track HEAD closely
        'pdfminer.six == 20181108',
        'pikepdf >= 1.6.5, < 2',
-        'Pillow >= 4.0.0, != 5.1.0 ; sys_platform == "darwin"',
-        # Pillow < 4 has BytesIO/TIFF bug w/img2pdf 0.2.3
-        # block 5.1.0, broken wheels
+        'Pillow >= 6.2.0',
        'reportlab >= 3.3.0',  # oldest released version with sane image handling
        'tqdm >= 4',
    ],