fix: CVE-2022-45199

achimoraites · achimoraites · commit da1083806237 · 2023-04-30T08:53:45.000+02:00
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. https://nvd.nist.gov/vuln/detail/CVE-2022-45199
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,7 @@
 /venv
 /images
 /converted
+/.idea
 
 # Byte-compiled / optimized / DLL files
 __pycache__/
diff --git a/raw_image_converter/__init__.py b/raw_image_converter/__init__.py
@@ -5,4 +5,4 @@
 """
 
 # Version of the package
-__version__ = "1.0.2"
+__version__ = "1.0.3"
diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,4 @@
 imageio==2.16.2
-Pillow==9.2.0
+Pillow==9.3.0
 rawpy==0.17.1
 numpy==1.22.3
diff --git a/setup.py b/setup.py
@@ -10,7 +10,7 @@
 # This call to setup() does all the work
 setup(
     name="raw-image-converter",
-    version="1.0.2",
+    version="1.0.3",
     description="Batch conversions of raw images",
     long_description=README,
     long_description_content_type="text/markdown",
@@ -27,7 +27,7 @@
     keywords='cli, converter, raw, images',
     packages=["raw_image_converter"],
     install_requires=["numpy==1.22.3", "rawpy==0.17.1",
-                      "imageio==2.16.2", "Pillow==9.2.0"],
+                      "imageio==2.16.2", "Pillow==9.3.0"],
     entry_points={
         "console_scripts": [
             "raw_image_converter=raw_image_converter.__main__:main",
