Skip to content

Commit a737b7a

Browse files
molinavmolinav
committed
Enforce newer pillow when possible
1 parent 114e697 commit a737b7a

File tree

2 files changed

+86
-6
lines changed

2 files changed

+86
-6
lines changed

CHANGELOG.md

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,22 @@ since version 1.3.0.
2222
- Fix `sdist` so that packages can be built from source distributions
2323
(PR [#532] by @DWesl).
2424
- Specify Cython language level for `_geoslib` extension explicitly.
25+
- Enforce up-to-date `pillow` dependency when possible:
26+
- `pillow >= 9.0.0` for Python >= 3.7 due to `pillow` vulnerabilities
27+
[CVE-2022-22815], [CVE-2022-22816] and [CVE-2022-22817].
28+
- `pillow >= 8.3.2` for Python >= 3.6 due to `pillow` vulnerabilities
29+
[CVE-2020-35653], [CVE-2020-35654], [CVE-2020-35655],
30+
[CVE-2021-23437], [CVE-2021-25287], [CVE-2021-25288],
31+
[CVE-2021-25290], [CVE-2021-25291], [CVE-2021-25292],
32+
[CVE-2021-25293], [CVE-2021-27921], [CVE-2021-27922],
33+
[CVE-2021-27923], [CVE-2021-28675], [CVE-2021-28676],
34+
[CVE-2021-28677], [CVE-2021-28678] and [CVE-2021-34552].
35+
- `pillow >= 7.1.0` for Python >= 3.5 due to `pillow` vulnerabilities
36+
[CVE-2020-10177], [CVE-2020-10378], [CVE-2020-10379],
37+
[CVE-2020-10994] and [CVE-2020-11538].
38+
- `pillow >= 6.2.2` For Python == 2.7 due to `pillow` vulnerabilities
39+
[CVE-2019-16865], [CVE-2019-19911], [CVE-2020-5310], [CVE-2020-5312]
40+
and [CVE-2020-5313].
2541

2642
### Removed
2743
- Remove deprecation notices (issue [#527]).
@@ -946,5 +962,67 @@ https://github.com/matplotlib/basemap/compare/v1.0.3rel...v1.0.4rel
946962
[1.0.3]:
947963
https://github.com/matplotlib/basemap/tree/v1.0.3rel
948964

965+
[CVE-2022-22817]:
966+
https://nvd.nist.gov/vuln/detail/CVE-2022-22817
967+
[CVE-2022-22816]:
968+
https://nvd.nist.gov/vuln/detail/CVE-2022-22816
969+
[CVE-2022-22815]:
970+
https://nvd.nist.gov/vuln/detail/CVE-2022-22815
971+
[CVE-2021-34552]:
972+
https://nvd.nist.gov/vuln/detail/CVE-2021-34552
949973
[CVE-2021-33430]:
950974
https://nvd.nist.gov/vuln/detail/CVE-2021-33430
975+
[CVE-2021-28678]:
976+
https://nvd.nist.gov/vuln/detail/CVE-2021-28678
977+
[CVE-2021-28677]:
978+
https://nvd.nist.gov/vuln/detail/CVE-2021-28677
979+
[CVE-2021-28676]:
980+
https://nvd.nist.gov/vuln/detail/CVE-2021-28676
981+
[CVE-2021-28675]:
982+
https://nvd.nist.gov/vuln/detail/CVE-2021-28675
983+
[CVE-2021-27923]:
984+
https://nvd.nist.gov/vuln/detail/CVE-2021-27923
985+
[CVE-2021-27922]:
986+
https://nvd.nist.gov/vuln/detail/CVE-2021-27922
987+
[CVE-2021-27921]:
988+
https://nvd.nist.gov/vuln/detail/CVE-2021-27921
989+
[CVE-2021-25293]:
990+
https://nvd.nist.gov/vuln/detail/CVE-2021-25293
991+
[CVE-2021-25292]:
992+
https://nvd.nist.gov/vuln/detail/CVE-2021-25292
993+
[CVE-2021-25291]:
994+
https://nvd.nist.gov/vuln/detail/CVE-2021-25291
995+
[CVE-2021-25290]:
996+
https://nvd.nist.gov/vuln/detail/CVE-2021-25290
997+
[CVE-2021-25288]:
998+
https://nvd.nist.gov/vuln/detail/CVE-2021-25288
999+
[CVE-2021-25287]:
1000+
https://nvd.nist.gov/vuln/detail/CVE-2021-25287
1001+
[CVE-2021-23437]:
1002+
https://nvd.nist.gov/vuln/detail/CVE-2021-23437
1003+
[CVE-2020-35655]:
1004+
https://nvd.nist.gov/vuln/detail/CVE-2020-35655
1005+
[CVE-2020-35654]:
1006+
https://nvd.nist.gov/vuln/detail/CVE-2020-35654
1007+
[CVE-2020-35653]:
1008+
https://nvd.nist.gov/vuln/detail/CVE-2020-35653
1009+
[CVE-2020-11538]:
1010+
https://nvd.nist.gov/vuln/detail/CVE-2020-11538
1011+
[CVE-2020-10994]:
1012+
https://nvd.nist.gov/vuln/detail/CVE-2020-10994
1013+
[CVE-2020-10379]:
1014+
https://nvd.nist.gov/vuln/detail/CVE-2020-10379
1015+
[CVE-2020-10378]:
1016+
https://nvd.nist.gov/vuln/detail/CVE-2020-10378
1017+
[CVE-2020-10177]:
1018+
https://nvd.nist.gov/vuln/detail/CVE-2020-10177
1019+
[CVE-2020-5313]:
1020+
https://nvd.nist.gov/vuln/detail/CVE-2020-5313
1021+
[CVE-2020-5312]:
1022+
https://nvd.nist.gov/vuln/detail/CVE-2020-5312
1023+
[CVE-2020-5310]:
1024+
https://nvd.nist.gov/vuln/detail/CVE-2020-5310
1025+
[CVE-2019-19911]:
1026+
https://nvd.nist.gov/vuln/detail/CVE-2019-19911
1027+
[CVE-2019-16865]:
1028+
https://nvd.nist.gov/vuln/detail/CVE-2019-16865

packages/basemap/requirements-test.txt

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,11 @@ ordereddict; python_version == "2.6"
2121
netCDF4 >= 1.3, < 1.4; python_version < "3.6"
2222
netCDF4 >= 1.3, < 1.5.6; python_version >= "3.6"
2323

24-
pillow >= 3.4, < 4.0; python_version == "2.6"
25-
pillow >= 6.2, < 7.0; python_version == "2.7"
26-
pillow >= 3.4, < 4.0; python_version == "3.2"
27-
pillow >= 4.3, < 5.0; python_version == "3.3"
28-
pillow >= 5.4, < 6.0; python_version == "3.4"
29-
pillow >= 6.2, < 8.5; python_version >= "3.5"
24+
pillow >= 3.4.0, < 4.0.0; python_version == "2.6"
25+
pillow >= 6.2.2, < 7.0.0; python_version == "2.7"
26+
pillow >= 3.4.0, < 4.0.0; python_version == "3.2"
27+
pillow >= 4.3.0, < 5.0.0; python_version == "3.3"
28+
pillow >= 5.4.0, < 6.0.0; python_version == "3.4"
29+
pillow >= 7.1.0, < 8.0.0; python_version == "3.5"
30+
pillow >= 8.3.2, < 9.0.0; python_version == "3.6"
31+
pillow >= 9.0.0, < 10.0.0; python_version >= "3.7"

0 commit comments

Comments
 (0)