Revert pillow lower pin increase

molinav · molinav · commit df00513cec94 · 2023-11-25T10:29:01.000+01:00
This upgrade is reverted because PyPI lacks of official `pillow` wheels
for the x86 platforms starting with version 10.0.0.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -23,9 +23,6 @@ https://semver.org/spec/v2.0.0.html
 - Create optional library requirements file `requirements-full.txt`:
   - Move optional dependency `pillow` to optional requirements.
   - Upgrade `pillow` upper pin to 10.2.0.
-  - Upgrade `pillow` lower pin to 10.0.1 for Python 3.8+ due to
-    vulnerabilities [CVE-2023-4863], [CVE-2023-5129] and
-    [CVE-2023-44271].
 - Update build dependencies:
   - Upgrade `Cython` upper pin to 3.1.
 - Update doc dependencies:
@@ -1180,12 +1177,6 @@ https://github.com/matplotlib/basemap/compare/v1.0.3rel...v1.0.4rel
 [1.0.3]:
 https://github.com/matplotlib/basemap/tree/v1.0.3rel
 
-[CVE-2023-44271]:
-https://nvd.nist.gov/vuln/detail/CVE-2023-44271
-[CVE-2023-5129]:
-https://nvd.nist.gov/vuln/detail/CVE-2023-5129
-[CVE-2023-4863]:
-https://nvd.nist.gov/vuln/detail/CVE-2023-4863
 [CVE-2022-24303]:
 https://nvd.nist.gov/vuln/detail/CVE-2022-24303
 [CVE-2022-22817]:
diff --git a/packages/basemap/requirements-full.txt b/packages/basemap/requirements-full.txt
@@ -5,5 +5,4 @@ pillow >= 4.3.0, < 5.0.0; python_version == "3.3"
 pillow >= 5.4.0, < 6.0.0; python_version == "3.4"
 pillow >= 7.1.0, < 8.0.0; python_version == "3.5"
 pillow >= 8.3.2, < 9.0.0; python_version == "3.6"
-pillow >= 9.4.0, < 10.0.0; python_version == "3.7"
-pillow >= 10.0.1, < 10.2.0; python_version >= "3.8"
+pillow >= 9.4.0, < 10.2.0; python_version >= "3.7"
