Recent versions of pip-tools have different output comments. If you try a newer version you can probably avoid the churn. Also make sure to avoid re-adding `chardet` (licensing complexities)
--- ** [tickets:#8394] upgrade pillow dependency** **Status:** open **Milestone:** unreleased **Created:** Thu Jul 22, 2021 08:11 PM UTC by Dillon Walls **Last Updated:** Thu Jul 22, 2021 08:11 PM UTC **Owner:** Dillon Walls pillow <= 8.2.0 has a CRITICAL CVE https://nvd.nist.gov/vuln/detail/CVE-2021-34552 --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
