Constrain NumPy and Pillow packages to fix vulnerabilites

xofbd · Aug 12, 2022 · 352146a · 352146a
1 parent 6eb3c05
commit 352146a
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -6,9 +6,9 @@ gunicorn==20.0.4
 itsdangerous==1.1.0
 Jinja2==2.11.3
 MarkupSafe==1.1.1
-numpy==1.19.4
+numpy==1.23.1
 packaging==20.8
-Pillow==8.3.2
+Pillow==9.2.0
 pip-tools==5.5.0
 pyparsing==2.4.7
 python-dateutil==2.8.1

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
@@ -1,4 +1,5 @@
 # Constraints to fix security bugs
 jinja2>=2.11.3
-pillow>=8.3.2
+numpy>=1.22
+pillow>=9.0.1
 PyYAML>=5.4
diff --git a/requirements/prod.txt b/requirements/prod.txt
@@ -31,13 +31,14 @@ markupsafe==1.1.1
     # via
     #   jinja2
     #   wtforms
-numpy==1.19.4
+numpy==1.23.1
     # via
+    #   -c requirements/constraints.txt
     #   bokeh
     #   scipy
 packaging==20.8
     # via bokeh
-pillow==8.3.2
+pillow==9.2.0
     # via
     #   -c requirements/constraints.txt
     #   bokeh