search

Fueled / django-init

Project template used at Fueled for scaffolding new Django based projects. :dizzy:
Other
189 stars 46 forks source link

chore - update pillow due to security vulnerability #379

Closed tucosaurus closed 5 years ago

tucosaurus commented 5 years ago

Why was this change necessary?

GH pointed out the security vulnerability in pillow

How does it address the problem?

updates to the version suggested

Are there any side effects?

No.

theskumar commented 5 years ago

THis probably won't solve the issue as versatileimagefield would most likely downgrade the installed pillow. Can you double check on this.

Also, we might consider dropping support for versatileimagefield in this boilerplate, what are your thoughts?

tucosaurus commented 5 years ago

Yea. you are right. https://github.com/respondcreate/django-versatileimagefield/blob/master/setup.py#L18 Your PR while approved hasn't been merged yet. https://github.com/respondcreate/django-versatileimagefield/pull/147

I am also of the opinion that we should drop support to it since its too much for the boilerplate.

tucosaurus commented 5 years ago

We will have to get rid of the Image Mixin as well.