john/claude-engineering-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ce-gemini-imagegen): bump Pillow floor to 10.3.0 to clear 4 CVEs (#608)
Some checks failed
CI / pr-title (push) Has been cancelled
Details
CI / test (push) Has been cancelled
Details
Release PR / release-pr (push) Has been cancelled
Details
Release PR / publish-cli (push) Has been cancelled
Details

Browse Source
This commit is contained in:
GruntworkAI
2026-04-20 12:11:28 -07:00
committed by GitHub
parent 2dd0a6e6c7
commit e1524287f7
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/compound-engineering/skills/ce-gemini-imagegen/requirements.txt
View File

@@ -1,2 +1,5 @@
google-genai>=1.0.0 google-genai>=1.0.0
Pillow>=10.0.0 # Pillow floor bumped above the last known RCE-class CVE affecting this skill.
# 10.3.0 clears: PYSEC-2023-175, GHSA-j7hp-h8jx-5ppr (libwebp OOB),
# GHSA-3f63-hfp8-52jq (arbitrary code execution), GHSA-44wm-f244-xhp3.
Pillow>=10.3.0