Cryptography and pillow vulnerabilities

[adammcmaster]

There are security vulnerabilities in two of the TOM Toolkit's dependencies:

• cryptography, CVE-2026-26007, patched in 46.0.5
• pillow, CVE-2026-25990, patched in 12.1.1

Currently the tomtoolkit package prevents the patched versions from being installed:

% poetry show tomtoolkit
 name         : tomtoolkit                   
 version      : 2.31.1                       
 description  : TOM Toolkit and base modules 

dependencies
...
 - cryptography <=46
 ...
 - pillow >9.2,<12.0
...

Please could these dependencies be bumped if possible?

[jchate6]

Should be resolved in Tomtoolkit 2.31.2

[adammcmaster]

Thank you!