fpdf2 icon indicating copy to clipboard operation
fpdf2 copied to clipboard

Published 20 hours ago verified publisher icon py-pdf

dependency pillow has a security warning

Open jdoconnor opened this issue 1 year ago • 2 comments

Describe the bug

Error details Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to https://github.com/advisories/GHSA-hhrh-69hc-fgg7 (previously https://github.com/advisories/GHSA-j7hp-h8jx-5ppr). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.

The current version is pinned to Pillow>=6.2.2,!=9.2.*

jdoconnor avatar Oct 27 '23 15:10 jdoconnor