Upgrade pillow, drop python 3.9, support up to python 3.14#2562
Open
zduvall wants to merge 2 commits intoZulko:masterfrom
Open
Upgrade pillow, drop python 3.9, support up to python 3.14#2562zduvall wants to merge 2 commits intoZulko:masterfrom
zduvall wants to merge 2 commits intoZulko:masterfrom
Conversation
zduvall
changed the title
zduvall
force-pushed
the
upgrade-pillow-2026-04-16
branch
from
c8af399 to
d215fed
Compare
zduvall
force-pushed
the
upgrade-pillow-2026-04-16
branch
from
d215fed to
d9b71bb
Compare
adamkerz
reviewed
Apr 29, 2026
| requires-python=">=3.9" | ||
| requires-python=">=3.10" | ||
| name = "moviepy" | ||
| version = "2.2.0" |
There was a problem hiding this comment.
This was inadvertently pulled backwards by a merge commit and then a fix, that was still wrong.
It should be 2.2.1 at least - or more likely 2.3.0 with these other changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #2553 — bumps the Pillow lower bound to
>=12.2.0, resolving two active CVEs that are blocked by the current<12.0constraint:12.1.112.2.0(affects>=10.3.0, <12.2.0)Targeting
12.2.0ensures both vulnerabilities are fully patched.Changes:
pyproject.toml: bump Pillow to>=12.2.0, drop Python3.9classifier, add3.13/3.14classifiers, widen pytest upper bound to<10.0.0(required for Python3.14compatibility)3.9, add3.12/3.13/3.14to test matrixREADME.md: update minimum Python version to3.10+Python
3.9is dropped because it reached EOL on October 31, 2025 and is no longer supported by Pillow 12.x. This is the minimal change needed to unblock downstream users who cannot currently resolve the Pillow CVE while depending on moviepy.Tested locally: ran the full test suite against Python
3.10–3.14, all passing.