jenkins-bot has submitted this change. (
https://gerrit.wikimedia.org/r/c/pywikibot/core/+/675816 )
Change subject: [deps] require Pillow>=8.1.1 due to vulnerability found
......................................................................
[deps] require Pillow>=8.1.1 due to vulnerability found
Pillow>=8.1.1 does not support Python 3.5. Therefore raise a
RuntimeError if GUI is used with this old Python release.
Bug: T278743
Change-Id: I9fdacfeaf76d7eeff3fb2b9d64a43220097fc31e
---
M pywikibot/userinterfaces/gui.py
M requirements.txt
M setup.py
3 files changed, 13 insertions(+), 8 deletions(-)
Approvals:
Xqt: Looks good to me, approved
jenkins-bot: Verified
diff --git a/pywikibot/userinterfaces/gui.py b/pywikibot/userinterfaces/gui.py
index 2fd61e3..0f0b488 100644
--- a/pywikibot/userinterfaces/gui.py
+++ b/pywikibot/userinterfaces/gui.py
@@ -4,7 +4,7 @@
Useful for editing the contents of an article.
"""
#
-# (C) Pywikibot team, 2003-2020
+# (C) Pywikibot team, 2003-2021
#
# Distributed under the terms of the MIT license.
#
@@ -560,6 +560,15 @@
def get_image(self, photo, width, height):
"""Take the BytesIO object and build an imageTK thumbnail."""
+ if PYTHON_VERSION < (3, 6):
+ # vulnerability found in Pillow<8.1.1
+ from sys import version
+ raise RuntimeError(
+ 'This script requires Python 3.5+ for GUI support.\n'
+ '{version} is not supported. Please update your Python.'
+ .format(version=version.split(maxsplit=1)[0])
+ )
+
try:
from PIL import Image, ImageTk
except ImportError:
diff --git a/requirements.txt b/requirements.txt
index 55d3e9f..a3338c8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -36,9 +36,7 @@
python-stdnum >= 1.16
# GUI
-Pillow >= 6.2.2, < 8.0.0 ; python_version < '3.6'
-Pillow >= 6.2.2 ; python_version >= '3.6' and python_version < '3.9'
-Pillow >= 8.0.0 ; python_version >= '3.9'
+Pillow >= 8.1.1 ; python_version >= '3.6'
# core pagegenerators
google >= 1.7
diff --git a/setup.py b/setup.py
index 7847dce..6e60450 100644
--- a/setup.py
+++ b/setup.py
@@ -62,10 +62,8 @@
'Graphviz': ['pydot>=1.2'],
'Google': ['google>=1.7'],
'mwparserfromhell': ['mwparserfromhell>=0.5.0'],
- 'Tkinter': [ # vulnerability found in Pillow<6.2.2
- 'Pillow>=6.2.2,<8.0.0;python_version<"3.6"',
- 'Pillow>=6.2.2;python_version>="3.6" and python_version<"3.9"',
- 'Pillow>=8.0.0;python_version>="3.9"',
+ 'Tkinter': [ # vulnerability found in Pillow<8.1.1
+ 'Pillow>=8.1.1;python_version>="3.6"',
],
'mwoauth': ['mwoauth!=0.3.1,>=0.2.4'],
'html': ['BeautifulSoup4'],
--
To view, visit https://gerrit.wikimedia.org/r/c/pywikibot/core/+/675816
To unsubscribe, or for help writing mail filters, visit
https://gerrit.wikimedia.org/r/settings
Gerrit-Project: pywikibot/core
Gerrit-Branch: master
Gerrit-Change-Id: I9fdacfeaf76d7eeff3fb2b9d64a43220097fc31e
Gerrit-Change-Number: 675816
Gerrit-PatchSet: 3
Gerrit-Owner: Xqt <[email protected]>
Gerrit-Reviewer: Dvorapa <[email protected]>
Gerrit-Reviewer: Xqt <[email protected]>
Gerrit-Reviewer: jenkins-bot
Gerrit-MessageType: merged
_______________________________________________
Pywikibot-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/pywikibot-commits
