From adc69cb3ecd35d2bc34aab0d5e67d15a70820ae1 Mon Sep 17 00:00:00 2001
From: Gavin D'souza <gavin18d@gmail.com>
Date: Wed, 9 Feb 2022 12:19:43 +0530
Subject: [PATCH] build: Upgrade Pillow dependency

This upgrade handles multiple high severity vulnerabilities. I've not
checked the affected code in great depth but the APIs we use may be
affected. If they could actually be exploited is another matter which
would take a whole lotta effort which I'd rather not test xD

Fixes: CWE-74, CWE-125, CWE-120, CWE-125, CWE-400
CVE IDs: CVE-2022-22817, CVE-2022-22816, CVE-2021-34552, CVE-2021-23437
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index f47c296843..97536d0e56 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -32,7 +32,7 @@ openpyxl~=3.0.7
 passlib~=1.7.4
 paytmchecksum~=1.7.0
 pdfkit~=0.6.1
-Pillow~=8.2.0
+Pillow~=9.0.0
 premailer~=3.8.0
 psutil~=5.8.0
 psycopg2-binary~=2.9.1