Skip to content

fix: bump pillow to >=12.2.0 (CVE-2026-40192)#6073

Draft
mfleader wants to merge 1 commit into
ogx-ai:release-0.4.xfrom
mfleader:fix/CVE-2026-40192-pillow
Draft

fix: bump pillow to >=12.2.0 (CVE-2026-40192)#6073
mfleader wants to merge 1 commit into
ogx-ai:release-0.4.xfrom
mfleader:fix/CVE-2026-40192-pillow

Conversation

@mfleader

@mfleader mfleader commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What does this PR do?

Bump pillow to >=12.2.0 in dependencies and provider registry to address CVE-2026-40192, GHSA-whj4-6x5x-4v2j

Only applies to release-0.4.x; pillow already pinned >=12.2.0 on main.

Test Plan

No functional changes. Version floor pin only.

@mfleader
fix: bump pillow to >=12.2.0 (CVE-2026-40192)
ba4127d 
GHSA-whj4-6x5x-4v2j

Only applies to release-0.4.x; pillow already pinned >=12.2.0 on main.

Signed-off-by: Matthew F Leader <mleader@redhat.com>
@github-actions

github-actions Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

✱ Stainless preview builds

This PR will update the llama-stack-client SDKs with the following commit message.

fix: bump pillow to >=12.2.0 (CVE-2026-40192)

Edit this comment to update it. It will appear in the SDK's changelogs.

llama-stack-client-openapi studio · code · diff

Your SDK build had at least one "warning" diagnostic, but this did not represent a regression.
generate ⚠️

llama-stack-client-node studio · conflict

Your SDK build resulted in a merge conflict between your custom code and the newly generated changes, but this did not represent a regression.

llama-stack-client-python studio · conflict

Your SDK build resulted in a merge conflict between your custom code and the newly generated changes, but this did not represent a regression.

llama-stack-client-go studio · conflict

Your SDK build resulted in a merge conflict between your custom code and the newly generated changes, but this did not represent a regression.

This comment is auto-generated by GitHub Actions and is automatically kept up to date as you push.
If you push custom code to the preview branch, re-run this workflow to update the comment.
Last updated: 2026-06-09 18:57:06 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raghotham raghotham Awaiting requested review from raghotham raghotham will be requested when the pull request is marked ready for review raghotham is a code owner

@leseb leseb Awaiting requested review from leseb leseb will be requested when the pull request is marked ready for review leseb is a code owner

@bbrowning bbrowning Awaiting requested review from bbrowning bbrowning will be requested when the pull request is marked ready for review bbrowning is a code owner

@mattf mattf Awaiting requested review from mattf mattf will be requested when the pull request is marked ready for review mattf is a code owner

@franciscojavierarceo franciscojavierarceo Awaiting requested review from franciscojavierarceo franciscojavierarceo will be requested when the pull request is marked ready for review franciscojavierarceo is a code owner

@cdoern cdoern Awaiting requested review from cdoern cdoern will be requested when the pull request is marked ready for review cdoern is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mfleader