From f47f1a3e9501556ad4b161d5d57807bf60367d3a Mon Sep 17 00:00:00 2001
From: Nikita Manovich <nikita@cvat.ai>
Date: Wed, 27 Sep 2023 13:44:25 +0300
Subject: [PATCH 1/3] [Snyk] Security upgrade pillow from 9.4.0 to 10.0.1
 (#6908)

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
---
 utils/dicom_converter/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/dicom_converter/requirements.txt b/utils/dicom_converter/requirements.txt
index 18f41b37ffe..7cee1274cac 100644
--- a/utils/dicom_converter/requirements.txt
+++ b/utils/dicom_converter/requirements.txt
@@ -1,4 +1,4 @@
 numpy==1.22.0
-Pillow==9.4.0
+Pillow==10.0.1
 pydicom==2.1.2
 tqdm==4.60.0

From 2451f63ba6125b351e9137ba489f20eedce49703 Mon Sep 17 00:00:00 2001
From: Anna Petrovicheva <anna.l.petrovicheva@gmail.com>
Date: Wed, 27 Sep 2023 15:25:48 +0300
Subject: [PATCH 2/3] [Snyk] Security upgrade pillow from 9.5.0 to 10.0.1
 (#6909)

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Roman Donchenko <roman@cvat.ai>
---
 cvat-cli/requirements/base.txt | 2 +-
 cvat-sdk/requirements/base.txt | 2 +-
 tests/python/requirements.txt  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/cvat-cli/requirements/base.txt b/cvat-cli/requirements/base.txt
index eac4427c9d5..8024a5ce2b7 100644
--- a/cvat-cli/requirements/base.txt
+++ b/cvat-cli/requirements/base.txt
@@ -1,3 +1,3 @@
 cvat-sdk~=2.8.0
-Pillow>=6.2.0
+Pillow>=10.0.1
 setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
diff --git a/cvat-sdk/requirements/base.txt b/cvat-sdk/requirements/base.txt
index 471ca54c97c..7ec89b8791f 100644
--- a/cvat-sdk/requirements/base.txt
+++ b/cvat-sdk/requirements/base.txt
@@ -2,7 +2,7 @@
 
 attrs >= 21.4.0
 packaging >= 21.3
-Pillow >= 9.0.1
+Pillow >= 10.0.1
 platformdirs >= 2.1.0
 tqdm >= 4.64.0
 tuspy == 0.2.5 # have it pinned, because SDK has lots of patched TUS code
diff --git a/tests/python/requirements.txt b/tests/python/requirements.txt
index 79cdfc6a992..f72e06cf1b4 100644
--- a/tests/python/requirements.txt
+++ b/tests/python/requirements.txt
@@ -5,6 +5,6 @@ pytest-cov==4.1.0
 requests==2.31.0
 deepdiff==5.6.0
 boto3==1.17.61
-Pillow==9.3.0
+Pillow==10.0.1
 pyyaml==6.0.0
 numpy==1.22.0
\ No newline at end of file

From 4a487c3a966bb96b4927147339b3c8b303e33def Mon Sep 17 00:00:00 2001
From: Nikita Manovich <nikita@cvat.ai>
Date: Wed, 27 Sep 2023 15:51:29 +0300
Subject: [PATCH 3/3] [Snyk] Security upgrade pillow from 9.3.0 to 10.0.1
 (#6907)

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Roman Donchenko <roman@cvat.ai>
---
 CHANGELOG.md                            | 3 ++-
 cvat/requirements/base.in               | 2 +-
 cvat/requirements/base.txt              | 3 ++-
 utils/dataset_manifest/requirements.in  | 2 +-
 utils/dataset_manifest/requirements.txt | 4 ++--
 5 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1a646dc4179..adc25267b52 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,7 +29,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Security
 
-- TDB
+- Security upgrade Pillow from 9.3.0 to 10.0.1
+  (<https://github.com/opencv/cvat/pull/6907>)
 
 ## \[2.7.2\] - 2023-09-25
 
diff --git a/cvat/requirements/base.in b/cvat/requirements/base.in
index b66c308984a..3e58ce5d222 100644
--- a/cvat/requirements/base.in
+++ b/cvat/requirements/base.in
@@ -41,7 +41,7 @@ opencv-python-headless==4.5.5.62
 patool==1.12
 
 pdf2image==1.14.0
-Pillow==9.3.0
+Pillow>=10.0.1
 psutil==5.9.4
 psycopg2-binary==2.9.5
 python-ldap==3.4.3
diff --git a/cvat/requirements/base.txt b/cvat/requirements/base.txt
index 908eae7fd79..72e09fbe4e6 100644
--- a/cvat/requirements/base.txt
+++ b/cvat/requirements/base.txt
@@ -1,4 +1,4 @@
-# SHA1:2d160f9f528eea85db9d4a918b2f6eeac55237b5
+# SHA1:a0efa2c9321894eb42efb7d7d1338b0749034f97
 #
 # This file is autogenerated by pip-compile-multi
 # To update, run:
@@ -349,6 +349,7 @@ six==1.16.0
     #   astunparse
     #   azure-core
     #   furl
+    #   google-auth
     #   google-pasta
     #   isodate
     #   orderedmultidict
diff --git a/utils/dataset_manifest/requirements.in b/utils/dataset_manifest/requirements.in
index a5a7b3bae83..6bbaaa92eee 100644
--- a/utils/dataset_manifest/requirements.in
+++ b/utils/dataset_manifest/requirements.in
@@ -1,5 +1,5 @@
 av==9.2.0  # Pinned for the whole CVAT
 natsort>=8.0.0
 opencv-python-headless>=4.4.0.42
-Pillow==9.3.0
+Pillow>=10.0.1
 tqdm>=4.58.0
diff --git a/utils/dataset_manifest/requirements.txt b/utils/dataset_manifest/requirements.txt
index ef831ebd6f3..986a4a64063 100644
--- a/utils/dataset_manifest/requirements.txt
+++ b/utils/dataset_manifest/requirements.txt
@@ -1,4 +1,4 @@
-# SHA1:28d323bec97cee6586d917faf4c7f58199475771
+# SHA1:2c4fe23872675e963864abe27e1644f42865f712
 #
 # This file is autogenerated by pip-compile-multi
 # To update, run:
@@ -13,7 +13,7 @@ numpy==1.22.4
     # via opencv-python-headless
 opencv-python-headless==4.5.5.62
     # via -r utils/dataset_manifest/requirements.in
-pillow==9.3.0
+pillow==10.0.1
     # via -r utils/dataset_manifest/requirements.in
 tqdm==4.66.1
     # via -r utils/dataset_manifest/requirements.in