One of the reasons why I have come to prefer using pip and virtual environments over the package installers. It's super easy to maintain "known-good" versions of the Python run environment.
On Mon, Oct 30, 2023 at 7:21 AM Greg Troxel <g...@lexort.com> wrote: > Tom Keffer <tkef...@gmail.com> writes: > > > I've done exactly this. The fix is in the master branch. > > Great, thanks. I've rebased and git has nicely decided that my > cherry-pick and yours don't actually conflict and just taken yours. > > > I'm curious why you can't rollback your version of Pillow. > > I'm not the one asking, but generally it makes sense to follow along > with one's packaging system, and for every program that thinks that > version is too new, there is another that thinks the previous is too > old. And while I'm not explicitly aware of CVEs for Pillow, in general > the only reasonable approach is to run maintained versions of > everything, and most upstreams do not maintain anything except the most > recent release. So while somebody could go back to old Pillow, I feel > that this isn't a good strategy, and intentionally being on an old > version is a situation that needs a get-well plan. > > > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to weewx-user+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/CAPq0zEBJ7f5cWcNQXnrRtxqU6XEFSyzWSaPqkpvSHEqqxBfzxA%40mail.gmail.com.
