Per Dependabot alerts, pillow needs to be updated to at least 9.0.0, and ntlk needs to be at least 3.6.4
These probably don't raise any actual risks - NLTK's issue is regarding an inefficiency that leaves it vulnerable to DOS attacks, but I don't think I'm using that function, and Pillow's issues are mostly about reading images, which I don't use it for - but since we're updating things anyway, might as well get rid of the dependabot alerts.
Per Dependabot alerts, pillow needs to be updated to at least 9.0.0, and ntlk needs to be at least 3.6.4
These probably don't raise any actual risks - NLTK's issue is regarding an inefficiency that leaves it vulnerable to DOS attacks, but I don't think I'm using that function, and Pillow's issues are mostly about reading images, which I don't use it for - but since we're updating things anyway, might as well get rid of the dependabot alerts.