Skip to content
This repository has been archived by the owner on Oct 8, 2024. It is now read-only.

chore(deps): update dependency pillow to v10.0.1 [security] - autoclosed #911

Closed
wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 3, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Pillow (source, changelog) 10.0.0 -> 10.0.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-4863

Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.

GHSA-56pw-mpj4-fxww

Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.


Release Notes

python-pillow/Pillow (Pillow)

v10.0.1

Compare Source

  • Updated libwebp to 1.3.2 #​7395
    [radarhere]

  • Updated zlib to 1.3 #​7344
    [radarhere]


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from engnadeau as a code owner October 3, 2023 21:44
@renovate renovate bot changed the title chore(deps): update dependency pillow to v10.0.1 [security] chore(deps): update dependency pillow to v10.0.1 [security] - autoclosed Oct 5, 2023
@renovate renovate bot closed this Oct 5, 2023
@renovate renovate bot deleted the renovate/pypi-Pillow-vulnerability branch October 5, 2023 12:53
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants