From fa49ea95ff4b1bca089a4b20a7a926d889e24357 Mon Sep 17 00:00:00 2001
From: Sean Budd <sean@nvaccess.org>
Date: Tue, 23 Jan 2024 12:45:36 +1100
Subject: [PATCH] Bump Pillow version (#16082)

Reported by dependabot: https://github.com/nvaccess/nvda/security/dependabot/2

Pillow < 10.2.0 has a known security issue
This PR bumps the Pillow version

Note Pillow was introduced as a pinned implicit dependency as part of https://github.com/nvaccess/nvda/pull/15544
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 3c46340bb54..5be67a4fdfb 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -8,7 +8,7 @@ wxPython==4.2.1
 git+https://github.com/DiffSK/configobj@e2ba4457c4651fa54f8d59d8dcdd3da950e956b8#egg=configobj
 requests==2.31.0
 # Pillow is an implicit dependency and requires zlib and jpeg by default, but we don't need it
-Pillow==10.0.1 -C "zlib=disable" -C "jpeg=disable"
+Pillow==10.2.0 -C "zlib=disable" -C "jpeg=disable"
 
 #NVDA_DMP requires diff-match-patch
 fast_diff_match_patch==2.0.1