[Snyk] Security upgrade pillow from 9.5.0 to 12.3.0#45
Conversation
…ements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-17824465 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-17824466 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-17824468 - https://snyk.io/vuln/SNYK-PYTHON-PILLOW-17824469
|
This major version upgrade from Pillow 9.5.0 to 12.3.0 includes several significant breaking changes that require code modifications and environment updates. Key Breaking Changes:
Recommendation: This upgrade requires significant developer action. Before merging, you must:
Source: Pillow Changelog [1, 5]
|
|
Important Review skippedIgnore keyword(s) in the title. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Code Review
This pull request updates the requirements.txt file for the App Engine standard Python 3 bundled services deferred WSGI application to pin the pillow dependency to version 12.3.0 or higher to resolve a security vulnerability. There are no review comments, and I have no feedback to provide.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Snyk has created this PR to fix 4 vulnerabilities in the pip dependencies of this project.
Snyk changed the following file(s):
appengine/standard_python3/bundled-services/deferred/wsgi/requirements.txtBreaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Summary by cubic
Add
pillow>=12.3.0toappengine/standard_python3/bundled-services/deferred/wsgi/requirements.txtto fix fourPillowvulnerabilities and satisfyappengine-python-standard’s dependency. This pinsPillowto a safe version and ensures it’s installed at deploy time.Written for commit 8a24453. Summary will update on new commits.