chore: Bumps pytest version to avoids CWE-1333 (#174)

* chore: Bumps pytest version * chore: Updates version specifiers * docs: Updates makefile * chore: Updates Pillow specifier
pyronear · Oct 25, 2023 · 0f8a92d · 0f8a92d
1 parent 59600d0
commit 0f8a92d
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 5 deletions.
diff --git a/api/Makefile b/api/Makefile
@@ -2,7 +2,7 @@
 lock:
 	poetry lock
 	poetry export -f requirements.txt --without-hashes --output requirements.txt
-	poetry export -f requirements.txt --without-hashes --dev --output requirements-dev.txt
+	poetry export -f requirements.txt --without-hashes --with dev --output requirements-dev.txt
 
 # Run the docker
 run:

diff --git a/api/pyproject.toml b/api/pyproject.toml
@@ -14,14 +14,14 @@ python = "^3.8"
 uvicorn = ">=0.11.1"
 fastapi = ">=0.65.2,<1.0.0"
 python-multipart = "==0.0.5"
-Pillow = ">=8.4.0"
+Pillow = ">=8.4.0,!=9.2.0"
 onnxruntime = "^1.10.0"
 huggingface-hub = ">=0.4.0,<1.0.0"
 numpy = "^1.19.5"
 
 
 [tool.poetry.dev-dependencies]
-pytest = ">=5.3.2,<8.0.0"
+pytest = ">=7.2.0,<8.0.0"
 pytest-asyncio = ">=0.14.0,<1.0.0"
 httpx = ">=0.23.0"
 requests = "^2.31.0"
diff --git a/pyproject.toml b/pyproject.toml
@@ -40,7 +40,8 @@ dependencies = [
 
 [project.optional-dependencies]
 test = [
-    "pytest>=5.3.2",
+    # cf. https://cwe.mitre.org/data/definitions/1333.html
+    "pytest>=7.2.0,<8.0.0",
     "coverage[toml]>=4.5.4",
 ]
 training = [
@@ -68,7 +69,7 @@ docs = [
 ]
 dev = [
     # test
-    "pytest>=5.3.2",
+    "pytest>=7.2.0,<8.0.0",
     "coverage[toml]>=4.5.4",
     "requests>=2.20.0",
     "torchvision>=0.4.0",