#162 - fix(deps): update dependency pillow to v12 [security] - autoclosed - cswimr/SeaCogs

Renovate bot commented

2026-02-11 12:45:39 -05:00

Collaborator

This PR contains the following updates:

Package	Change	Age	Confidence
pillow (changelog)	`~=11.3` → `~=12.1`

Pillow affected by out-of-bounds write when loading PSD images

BIT-pillow-2026-25990 / CVE-2026-25990 / GHSA-cfh3-3jmp-rvhc

More information

Details

Impact

An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected.

Patches

Pillow 12.1.1 will be released shortly with a fix for this.

Workarounds

Image.open() has a formats parameter that can be used to prevent PSD images from being opened.

References

Pillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html

Severity

CVSS Score: Unknown
Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

python-pillow/Pillow (pillow)

`v12.1.1`

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html

Dependencies

Patch libavif for svt-av1 4.0 compatibility #9413 [@hugovk]

Other changes

Fix OOB Write with invalid tile extents #9427 [@radarhere]

`v12.1.0`

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html

Deprecations

Deprecate getdata(), in favour of new get_flattened_data() #9292 [@radarhere]

Documentation

Specify APNG duration type when opening #9368 [@radarhere]
Added release notes for #9350 #9366 [@radarhere]
Update ImageMorph documentation #9349 [@radarhere]
Docs: update major bump cadence #9334 [@hugovk]
Add release notes for #9070 #9320 [@radarhere]
Updated Ubuntu version #9306 [@radarhere]
Update macOS tested Pillow versions #9265 [@radarhere]

Dependencies

Update harfbuzz to 12.3.0 #9355 [@radarhere]
Update xz to 5.8.2 #9343 [@radarhere]
Updated libjpeg-turbo to 3.1.3 #9333 [@radarhere]
Updated zlib-ng to 2.3.2 #9324 [@radarhere]
Updated libpng to 1.6.53 #9325 [@radarhere]
Update actions/checkout action to v6 #9323 [@renovate[bot]]
Update dependency mypy to v1.19.0 #9322 [@renovate[bot]]
Updated libpng to 1.6.51 #9305 [@radarhere]
Updated brotli to 1.2.0 #9284 [@radarhere]
Update libimagequant to 4.4.1 #9301 [@radarhere]
Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 #9312 [@radarhere]
Updated harfbuzz to 12.2.0 #9289 [@radarhere]
Update github-actions #9277 [@renovate[bot]]

Testing

Replace pre-commit with prek #9360 [@hugovk]
Test PyQt6 on Python 3.14 on Windows #9353 [@radarhere]
Test 32-bit Windows on Windows Server 2022 #9345 [@radarhere]
Correct variable type #9335 [@radarhere]
Fix ResourceWarnings in selftest.py #9332 [@hugovk]
Fix testing good P mode BMP images #9319 [@radarhere]
Test Python 3.15 pre-release #9331 [@hugovk]
Test ImageFont.ImageFont, in case freetype2 is not supported #9287 [@radarhere]
Add Fedora 43 #9290 [@radarhere]
Remove Fedora 41 #9260 [@radarhere]

Type hints

Add ImageFile context manager #9367 [@radarhere]
Assert fp is not None #8617 [@radarhere]
Added return type to ImageFile _close_fp() #9356 [@radarhere]
Use different variables for Image and ImageFile instances #9316 [@radarhere]
Correct variable type #9335 [@radarhere]
Improve type hints #9317 [@radarhere]
Use different variables for Image and ImageFile instances #9268 [@radarhere]
Added type hints #9269 [@radarhere]
Correct getitem return type #9264 [@radarhere]

Other changes

Simplify band splitting #9291 [@radarhere]
Support saving APNG float durations #9365 [@radarhere]
Allow 1 mode images in MorphOp #9348 [@radarhere]
Use minimum supported Python version for Lint #9364 [@radarhere]
Allow for duplicate font variation styles #9362 [@radarhere]
Call parent verify method #9357 [@radarhere]
Return LUT from LutBuilder build_default_lut() #9350 [@radarhere]
Simplify WebP code #9329 [@radarhere]
Use unsigned long for DWORD #9352 [@radarhere]
Cast to UINT32 before shifting bits #9347 [@radarhere]
[pre-commit.ci] pre-commit autoupdate #9318 [@pre-commit-ci[bot]]
Allow window ID to be passed to ImageGrab.grab() on macOS #9070 [@yankeguo]
Apply encoder options when saving multiple PNG frames #9300 [@radarhere]
Read all non-zero transparency from mode 1 PNG images as 255 #9282 [@radarhere]
Support writing IFD, SIGNED_RATIONAL and InkNames TIFF tags #9276 [@radarhere]
Remove unused modes #9275 [@radarhere]
Correct allocating new color to RGBA palette #9313 [@radarhere]
Close image on ImageFont exception #9304 [@radarhere]
Reapply "Use macos-latest for iOS arm64 simulator" #9259 [@radarhere]
Escape period in pre-commit-config #9036 [@radarhere]
Add Apache-2.0 notice to IcoImagePlugin #8947 [@stefan6419846]
[pre-commit.ci] pre-commit autoupdate #9288 [@pre-commit-ci[bot]]
Simplify code now that I;16* modes are the only IMAGING_TYPE_SPECIAL #9263 [@radarhere]
Remove BytesIO from DdsImagePlugin #9273 [@radarhere]
Fix ZeroDivisionError in DdsImagePlugin #9272 [@radarhere]
Fix warnings #9257 [@radarhere]

`v12.0.0`

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html

Removals

Remove support for FreeType <= 2.9.0 #9159 [@radarhere]
Drop support for Python 3.9 #9119 [@hugovk]
Remove deprecations for Pillow 12.0.0 #9053 [@radarhere]

Deprecations

Deprecate Image._show #9186 [@radarhere]
Deprecate ImageCmsProfile product_name and product_info #8995 [@lukegb]

Documentation

ImagingHistogramInstance can use two bands #9251 [@radarhere]
Update 12.0.0 release notes #9247 [@hugovk]
Added ImageDraw alpha channel examples #9201 [@radarhere]
Update Python version #9230 [@radarhere]
Updated macOS tested Pillow versions #9209 [@radarhere]
Add GitHub profile link to release notes #9197 [@radarhere]
Split versionadded info #9190 [@radarhere]
Document ImageFile.MAXBLOCK #9163 [@radarhere]
Updated macOS version in CI targets #9157 [@radarhere]
Fix typos #9135 [@radarhere]
Added "Colors" to concepts #9067 [@radarhere]
Update macOS tested Pillow versions #9068 [@radarhere]
Thanks, folks! #9056 [@aclark4life]
Setup nit: "fork" should be lowercased #9055 [@aclark4life]

Dependencies

Update dependency cibuildwheel to v3.2.1 #9246 [@renovate[bot]]
[pre-commit.ci] pre-commit autoupdate #9233 [@pre-commit-ci[bot]]
Update harfbuzz to 12.1.0 #9218 [@radarhere]
Update libtiff to 4.7.1 #9222 [@radarhere]
Update FreeType to 2.14.1 on macOS and Linux wheels #9217 [@radarhere]
Update dependency cibuildwheel to v3.2.0 #9219 [@renovate[bot]]
Update Ghostscript to 10.6.0 #9202 [@radarhere]
Update openjpeg to 2.5.4 #9215 [@radarhere]
Update harfbuzz to 11.5.0 #9203 [@radarhere]
Update dependency mypy to v1.18.2 #9213 [@renovate[bot]]
Update dependency mypy to v1.18.1 #9207 [@renovate[bot]]
Update github-actions #9194 [@renovate[bot]]
Updated harfbuzz to 11.4.5 #9150 [@radarhere]
Update zlib-ng to 2.2.5 #9140 [@radarhere]
Update raqm to 0.10.3 #9137 [@radarhere]
Update libjpeg-turbo to 3.1.2 #9188 [@radarhere]
[pre-commit.ci] pre-commit autoupdate #9180 [@pre-commit-ci[bot]]
Update dependency cibuildwheel to v3.1.4 #9164 [@renovate[bot]]
Update actions/checkout action to v5 #9156 [@renovate[bot]]
Update actions/download-artifact action to v5 #9141 [@renovate[bot]]
Updated harfbuzz to 11.3.3 #9103 [@radarhere]
[pre-commit.ci] pre-commit autoupdate #9131 [@pre-commit-ci[bot]]
Updated libimagequant to 4.4.0 #9074 [@radarhere]
Update dependency mypy to v1.17.1 #9130 [@renovate[bot]]
Update dependency cibuildwheel to v3.1.3 #9129 [@renovate[bot]]
Update dependency cibuildwheel to v3.1.2 #9118 [@renovate[bot]]
Updated libpng to 1.6.50 #9058 [@radarhere]
Update cygwin/cygwin-install-action action to v6 #9108 [@renovate[bot]]
Update dependency mypy to v1.17.0 #9092 [@renovate[bot]]
Updated libwebp to 1.6.0 #9082 [@radarhere]
Update dependency cibuildwheel to v3.0.1 #9075 [@renovate[bot]]
[pre-commit.ci] pre-commit autoupdate #9073 [@pre-commit-ci[bot]]

Testing

Check return types #9045 [@radarhere]
Upgrade from macos-13 #9212 [@radarhere]
Wheels CI: Check number of expected dists #9239 [@hugovk]
Assert image type #8845 [@radarhere]
Test GD transparency #9196 [@radarhere]
Test mode when saving PPM images #9195 [@radarhere]
Test unsupported BMP bitfields layout #9193 [@radarhere]
Update Ghostscript to 10.6.0 #9202 [@radarhere]
Use monkeypatch #9192 [@radarhere]
Always check XMLPacket value #9113 [@radarhere]
Rename variable to not shadow import #9124 [@radarhere]
Removed unused code #9182 [@radarhere]
Add has_feature_version helper #9172 [@radarhere]
Replace print with assert #9171 [@radarhere]
Add Debian 13 Trixie #9147 [@hugovk]
Do not import from Tests directory in checks #9143 [@radarhere]
Improve features test coverage #9077 [@radarhere]
Remove WebP feature handling #9096 [@radarhere]
Update for pyroma 5.0 #9093 [@radarhere]
Improve WmfImagePlugin test coverage #9090 [@radarhere]
Improve DdsImagePlugin test coverage #9091 [@radarhere]
Improve ImageMath test coverage #9087 [@radarhere]
Fix unclosed file warning #9065 [@radarhere]
Pyroma now supports PEP 639 #9064 [@radarhere]

Type hints

Install arro3 dependencies when type checking #9254 [@radarhere]
Check return types #9045 [@radarhere]
Assert image type #8845 [@radarhere]
Move imports into TYPE_CHECKING #9123 [@radarhere]
Remove support for NumPy 1.20 when type checking #9125 [@radarhere]

Other changes

Use macos-14 for iOS arm64 simulator #9258 [@hugovk]
Use enums for Modes and RawModes in C #9256 [@radarhere]
Add ImageText #9098 [@radarhere]
Shift bits before making value negative #9255 [@radarhere]
Support saving variable length rational TIFF tags by default #9241 [@radarhere]
Added four private SGI TIFF tags #9245 [@radarhere]
Band names for arrow exported images #9099 [@wiredfool]
Use macos-latest for iOS arm64 simulator #9250 [@radarhere]
If pasting an image onto itself at a lower position, copy from bottom #8882 [@radarhere]
Removed unused access for I;32L and I;32B #9238 [@radarhere]
Corrected scientific-python-nightly-wheels pattern #9252 [@radarhere]
Run sdist when scheduled, but do not upload to scientific-python-nightly-wheels index #9248 [@radarhere]
Removed shebang lines and executable flags #9179 [@radarhere]
Remove Pillow version from PDF comment #9176 [@radarhere]
Support saving variable length rational TIFF tags #9111 [@radarhere]
Build Python 3.14 on macOS 10.15 #9234 [@radarhere]
Test largest CUR cursor #9191 [@radarhere]
Do not unnecessarily update FLI __offset #9184 [@radarhere]
Fill alpha channel when quantizing RGB images #9133 [@radarhere]
Allow RGBA palettes to work with ImageOps.expand() #9138 [@radarhere]
Fixed loading rotated PCD images #9177 [@radarhere]
Cast before shifting bits #9236 [@radarhere]
Use _ensure_mutable() #9200 [@radarhere]
Seek past BeginBinary data when parsing EPS metadata #9211 [@radarhere]
Do not allow negative offset with memory mapping #9235 [@radarhere]
Clear C image when MPO frame image size changes #9208 [@radarhere]
When converting RGBA to PA, use RGB to P quantization #9153 [@radarhere]
Remove use of sudo from libavif and raqm install scripts #9231 [@radarhere]
Load image palette into Python after converting to PA #9152 [@radarhere]
Check all reserved bytes in FLI header #9183 [@radarhere]
Limit length of read operation in ImageFont._load_pilfont_data() #9181 [@radarhere]
Python 3.9 wheels are no longer needed #9214 [@radarhere]
Remove unused Image _expand() #9227 [@radarhere]
Updated FreeType to 2.14.1 on Windows #9206 [@radarhere]
Only deprecate fromarray mode for changing data types #9063 [@radarhere]
Fix reading RGB and CMYK IPTC images #9088 [@radarhere]
Install zstd for libtiff on Linux wheels #9097 [@radarhere]
Improve WalImageFile test coverage #9189 [@radarhere]
ImageMorph operations must have length 1 #9102 [@radarhere]
Set correct size for rotated PCD images after opening #9086 [@radarhere]
Simplify check for GBR width and height #9089 [@radarhere]
Make in parallel when building libjpeg-turbo and openjpeg for macOS and Linux wheels #9144 [@radarhere]
Fix ZeroDivisionError in ImageStat #9105 [@radarhere]
When deleting EXIF IFD tag, delete IFD data #9083 [@radarhere]
Allow alpha_composite to use LA images #9066 [@radarhere]
Improve _accept length check #9170 [@radarhere]
Do not set core to DeferredError #9166 [@radarhere]
Use macos-14 for iOS arm64 simulator #9161 [@radarhere]
Make in parallel when building brotli and libavif for macOS and Linux wheels #9142 [@radarhere]
Use Python 3.14 for gcc problem matching #9134 [@radarhere]
Add libavif support for iOS #9117 [@freakboy3742]
Restore pyroma test for iOS #9116 [@freakboy3742]
Use correct bands for two band histograms #9054 [@radarhere]
Add support for Python 3.14 #9120 [@hugovk]
Drop support for PyPy3.10 #9112 [@radarhere]
Add parallel compile from pybind11 #8990 [@wiredfool]
Remove unused _save_cjpeg #9084 [@radarhere]
Ensure dynamic libjpeg libraries are not linked #9081 [@freakboy3742]
Remove reference to libtiff 3.x #9072 [@radarhere]
Restored manylinux2014 wheels #9059 [@radarhere]

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [pillow](https://github.com/python-pillow/Pillow) ([changelog](https://github.com/python-pillow/Pillow/releases)) | `~=11.3` → `~=12.1` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/pillow/12.1.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pillow/11.3.0/12.1.1?slim=true) | --- ### Pillow affected by out-of-bounds write when loading PSD images BIT-pillow-2026-25990 / [CVE-2026-25990](https://nvd.nist.gov/vuln/detail/CVE-2026-25990) / [GHSA-cfh3-3jmp-rvhc](https://github.com/advisories/GHSA-cfh3-3jmp-rvhc) <details> <summary>More information</summary> #### Details ##### Impact An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected. ##### Patches Pillow 12.1.1 will be released shortly with a fix for this. ##### Workarounds `Image.open()` has a `formats` parameter that can be used to prevent PSD images from being opened. ##### References Pillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html #### Severity - CVSS Score: Unknown - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P` #### References - [https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc](https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc) - [https://nvd.nist.gov/vuln/detail/CVE-2026-25990](https://nvd.nist.gov/vuln/detail/CVE-2026-25990) - [https://github.com/python-pillow/Pillow/pull/9427](https://github.com/python-pillow/Pillow/pull/9427) - [https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199](https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199) - [https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa](https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa) - [https://github.com/python-pillow/Pillow](https://github.com/python-pillow/Pillow) - [https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html](https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-cfh3-3jmp-rvhc) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>python-pillow/Pillow (pillow)</summary> ### [`v12.1.1`](https://github.com/python-pillow/Pillow/releases/tag/12.1.1) [Compare Source](https://github.com/python-pillow/Pillow/compare/12.1.0...12.1.1) <https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html> ##### Dependencies - Patch libavif for svt-av1 4.0 compatibility [#9413](https://github.com/python-pillow/Pillow/issues/9413) \[[@hugovk](https://github.com/hugovk)] ##### Other changes - Fix OOB Write with invalid tile extents [#9427](https://github.com/python-pillow/Pillow/issues/9427) \[[@radarhere](https://github.com/radarhere)] ### [`v12.1.0`](https://github.com/python-pillow/Pillow/releases/tag/12.1.0) [Compare Source](https://github.com/python-pillow/Pillow/compare/12.0.0...12.1.0) <https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html> ##### Deprecations - Deprecate getdata(), in favour of new get\_flattened\_data() [#9292](https://github.com/python-pillow/Pillow/issues/9292) \[[@radarhere](https://github.com/radarhere)] ##### Documentation - Specify APNG duration type when opening [#9368](https://github.com/python-pillow/Pillow/issues/9368) \[[@radarhere](https://github.com/radarhere)] - Added release notes for [#9350](https://github.com/python-pillow/Pillow/issues/9350) [#9366](https://github.com/python-pillow/Pillow/issues/9366) \[[@radarhere](https://github.com/radarhere)] - Update ImageMorph documentation [#9349](https://github.com/python-pillow/Pillow/issues/9349) \[[@radarhere](https://github.com/radarhere)] - Docs: update major bump cadence [#9334](https://github.com/python-pillow/Pillow/issues/9334) \[[@hugovk](https://github.com/hugovk)] - Add release notes for [#9070](https://github.com/python-pillow/Pillow/issues/9070) [#9320](https://github.com/python-pillow/Pillow/issues/9320) \[[@radarhere](https://github.com/radarhere)] - Updated Ubuntu version [#9306](https://github.com/python-pillow/Pillow/issues/9306) \[[@radarhere](https://github.com/radarhere)] - Update macOS tested Pillow versions [#9265](https://github.com/python-pillow/Pillow/issues/9265) \[[@radarhere](https://github.com/radarhere)] ##### Dependencies - Update harfbuzz to 12.3.0 [#9355](https://github.com/python-pillow/Pillow/issues/9355) \[[@radarhere](https://github.com/radarhere)] - Update xz to 5.8.2 [#9343](https://github.com/python-pillow/Pillow/issues/9343) \[[@radarhere](https://github.com/radarhere)] - Updated libjpeg-turbo to 3.1.3 [#9333](https://github.com/python-pillow/Pillow/issues/9333) \[[@radarhere](https://github.com/radarhere)] - Updated zlib-ng to 2.3.2 [#9324](https://github.com/python-pillow/Pillow/issues/9324) \[[@radarhere](https://github.com/radarhere)] - Updated libpng to 1.6.53 [#9325](https://github.com/python-pillow/Pillow/issues/9325) \[[@radarhere](https://github.com/radarhere)] - Update actions/checkout action to v6 [#9323](https://github.com/python-pillow/Pillow/issues/9323) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Update dependency mypy to v1.19.0 [#9322](https://github.com/python-pillow/Pillow/issues/9322) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Updated libpng to 1.6.51 [#9305](https://github.com/python-pillow/Pillow/issues/9305) \[[@radarhere](https://github.com/radarhere)] - Updated brotli to 1.2.0 [#9284](https://github.com/python-pillow/Pillow/issues/9284) \[[@radarhere](https://github.com/radarhere)] - Update libimagequant to 4.4.1 [#9301](https://github.com/python-pillow/Pillow/issues/9301) \[[@radarhere](https://github.com/radarhere)] - Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 [#9312](https://github.com/python-pillow/Pillow/issues/9312) \[[@radarhere](https://github.com/radarhere)] - Updated harfbuzz to 12.2.0 [#9289](https://github.com/python-pillow/Pillow/issues/9289) \[[@radarhere](https://github.com/radarhere)] - Update github-actions [#9277](https://github.com/python-pillow/Pillow/issues/9277) \[@[renovate\[bot\]](https://github.com/apps/renovate)] ##### Testing - Replace pre-commit with prek [#9360](https://github.com/python-pillow/Pillow/issues/9360) \[[@hugovk](https://github.com/hugovk)] - Test PyQt6 on Python 3.14 on Windows [#9353](https://github.com/python-pillow/Pillow/issues/9353) \[[@radarhere](https://github.com/radarhere)] - Test 32-bit Windows on Windows Server 2022 [#9345](https://github.com/python-pillow/Pillow/issues/9345) \[[@radarhere](https://github.com/radarhere)] - Correct variable type [#9335](https://github.com/python-pillow/Pillow/issues/9335) \[[@radarhere](https://github.com/radarhere)] - Fix `ResourceWarning`s in `selftest.py` [#9332](https://github.com/python-pillow/Pillow/issues/9332) \[[@hugovk](https://github.com/hugovk)] - Fix testing good P mode BMP images [#9319](https://github.com/python-pillow/Pillow/issues/9319) \[[@radarhere](https://github.com/radarhere)] - Test Python 3.15 pre-release [#9331](https://github.com/python-pillow/Pillow/issues/9331) \[[@hugovk](https://github.com/hugovk)] - Test ImageFont.ImageFont, in case freetype2 is not supported [#9287](https://github.com/python-pillow/Pillow/issues/9287) \[[@radarhere](https://github.com/radarhere)] - Add Fedora 43 [#9290](https://github.com/python-pillow/Pillow/issues/9290) \[[@radarhere](https://github.com/radarhere)] - Remove Fedora 41 [#9260](https://github.com/python-pillow/Pillow/issues/9260) \[[@radarhere](https://github.com/radarhere)] ##### Type hints - Add ImageFile context manager [#9367](https://github.com/python-pillow/Pillow/issues/9367) \[[@radarhere](https://github.com/radarhere)] - Assert fp is not None [#8617](https://github.com/python-pillow/Pillow/issues/8617) \[[@radarhere](https://github.com/radarhere)] - Added return type to ImageFile \_close\_fp() [#9356](https://github.com/python-pillow/Pillow/issues/9356) \[[@radarhere](https://github.com/radarhere)] - Use different variables for Image and ImageFile instances [#9316](https://github.com/python-pillow/Pillow/issues/9316) \[[@radarhere](https://github.com/radarhere)] - Correct variable type [#9335](https://github.com/python-pillow/Pillow/issues/9335) \[[@radarhere](https://github.com/radarhere)] - Improve type hints [#9317](https://github.com/python-pillow/Pillow/issues/9317) \[[@radarhere](https://github.com/radarhere)] - Use different variables for Image and ImageFile instances [#9268](https://github.com/python-pillow/Pillow/issues/9268) \[[@radarhere](https://github.com/radarhere)] - Added type hints [#9269](https://github.com/python-pillow/Pillow/issues/9269) \[[@radarhere](https://github.com/radarhere)] - Correct **getitem** return type [#9264](https://github.com/python-pillow/Pillow/issues/9264) \[[@radarhere](https://github.com/radarhere)] ##### Other changes - Simplify band splitting [#9291](https://github.com/python-pillow/Pillow/issues/9291) \[[@radarhere](https://github.com/radarhere)] - Support saving APNG float durations [#9365](https://github.com/python-pillow/Pillow/issues/9365) \[[@radarhere](https://github.com/radarhere)] - Allow 1 mode images in MorphOp [#9348](https://github.com/python-pillow/Pillow/issues/9348) \[[@radarhere](https://github.com/radarhere)] - Use minimum supported Python version for Lint [#9364](https://github.com/python-pillow/Pillow/issues/9364) \[[@radarhere](https://github.com/radarhere)] - Allow for duplicate font variation styles [#9362](https://github.com/python-pillow/Pillow/issues/9362) \[[@radarhere](https://github.com/radarhere)] - Call parent verify method [#9357](https://github.com/python-pillow/Pillow/issues/9357) \[[@radarhere](https://github.com/radarhere)] - Return LUT from LutBuilder build\_default\_lut() [#9350](https://github.com/python-pillow/Pillow/issues/9350) \[[@radarhere](https://github.com/radarhere)] - Simplify WebP code [#9329](https://github.com/python-pillow/Pillow/issues/9329) \[[@radarhere](https://github.com/radarhere)] - Use unsigned long for DWORD [#9352](https://github.com/python-pillow/Pillow/issues/9352) \[[@radarhere](https://github.com/radarhere)] - Cast to UINT32 before shifting bits [#9347](https://github.com/python-pillow/Pillow/issues/9347) \[[@radarhere](https://github.com/radarhere)] - \[pre-commit.ci] pre-commit autoupdate [#9318](https://github.com/python-pillow/Pillow/issues/9318) \[@[pre-commit-ci\[bot\]](https://github.com/apps/pre-commit-ci)] - Allow window ID to be passed to ImageGrab.grab() on macOS [#9070](https://github.com/python-pillow/Pillow/issues/9070) \[[@yankeguo](https://github.com/yankeguo)] - Apply encoder options when saving multiple PNG frames [#9300](https://github.com/python-pillow/Pillow/issues/9300) \[[@radarhere](https://github.com/radarhere)] - Read all non-zero transparency from mode 1 PNG images as 255 [#9282](https://github.com/python-pillow/Pillow/issues/9282) \[[@radarhere](https://github.com/radarhere)] - Support writing IFD, SIGNED\_RATIONAL and InkNames TIFF tags [#9276](https://github.com/python-pillow/Pillow/issues/9276) \[[@radarhere](https://github.com/radarhere)] - Remove unused modes [#9275](https://github.com/python-pillow/Pillow/issues/9275) \[[@radarhere](https://github.com/radarhere)] - Correct allocating new color to RGBA palette [#9313](https://github.com/python-pillow/Pillow/issues/9313) \[[@radarhere](https://github.com/radarhere)] - Close image on ImageFont exception [#9304](https://github.com/python-pillow/Pillow/issues/9304) \[[@radarhere](https://github.com/radarhere)] - Reapply "Use macos-latest for iOS arm64 simulator" [#9259](https://github.com/python-pillow/Pillow/issues/9259) \[[@radarhere](https://github.com/radarhere)] - Escape period in pre-commit-config [#9036](https://github.com/python-pillow/Pillow/issues/9036) \[[@radarhere](https://github.com/radarhere)] - Add Apache-2.0 notice to IcoImagePlugin [#8947](https://github.com/python-pillow/Pillow/issues/8947) \[[@stefan6419846](https://github.com/stefan6419846)] - \[pre-commit.ci] pre-commit autoupdate [#9288](https://github.com/python-pillow/Pillow/issues/9288) \[@[pre-commit-ci\[bot\]](https://github.com/apps/pre-commit-ci)] - Simplify code now that I;16\* modes are the only IMAGING\_TYPE\_SPECIAL [#9263](https://github.com/python-pillow/Pillow/issues/9263) \[[@radarhere](https://github.com/radarhere)] - Remove BytesIO from DdsImagePlugin [#9273](https://github.com/python-pillow/Pillow/issues/9273) \[[@radarhere](https://github.com/radarhere)] - Fix ZeroDivisionError in DdsImagePlugin [#9272](https://github.com/python-pillow/Pillow/issues/9272) \[[@radarhere](https://github.com/radarhere)] - Fix warnings [#9257](https://github.com/python-pillow/Pillow/issues/9257) \[[@radarhere](https://github.com/radarhere)] ### [`v12.0.0`](https://github.com/python-pillow/Pillow/releases/tag/12.0.0) [Compare Source](https://github.com/python-pillow/Pillow/compare/11.3.0...12.0.0) <https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html> ##### Removals - Remove support for FreeType <= 2.9.0 [#9159](https://github.com/python-pillow/Pillow/issues/9159) \[[@radarhere](https://github.com/radarhere)] - Drop support for Python 3.9 [#9119](https://github.com/python-pillow/Pillow/issues/9119) \[[@hugovk](https://github.com/hugovk)] - Remove deprecations for Pillow 12.0.0 [#9053](https://github.com/python-pillow/Pillow/issues/9053) \[[@radarhere](https://github.com/radarhere)] ##### Deprecations - Deprecate Image.\_show [#9186](https://github.com/python-pillow/Pillow/issues/9186) \[[@radarhere](https://github.com/radarhere)] - Deprecate ImageCmsProfile product\_name and product\_info [#8995](https://github.com/python-pillow/Pillow/issues/8995) \[[@lukegb](https://github.com/lukegb)] ##### Documentation - ImagingHistogramInstance can use two bands [#9251](https://github.com/python-pillow/Pillow/issues/9251) \[[@radarhere](https://github.com/radarhere)] - Update 12.0.0 release notes [#9247](https://github.com/python-pillow/Pillow/issues/9247) \[[@hugovk](https://github.com/hugovk)] - Added ImageDraw alpha channel examples [#9201](https://github.com/python-pillow/Pillow/issues/9201) \[[@radarhere](https://github.com/radarhere)] - Update Python version [#9230](https://github.com/python-pillow/Pillow/issues/9230) \[[@radarhere](https://github.com/radarhere)] - Updated macOS tested Pillow versions [#9209](https://github.com/python-pillow/Pillow/issues/9209) \[[@radarhere](https://github.com/radarhere)] - Add GitHub profile link to release notes [#9197](https://github.com/python-pillow/Pillow/issues/9197) \[[@radarhere](https://github.com/radarhere)] - Split versionadded info [#9190](https://github.com/python-pillow/Pillow/issues/9190) \[[@radarhere](https://github.com/radarhere)] - Document ImageFile.MAXBLOCK [#9163](https://github.com/python-pillow/Pillow/issues/9163) \[[@radarhere](https://github.com/radarhere)] - Updated macOS version in CI targets [#9157](https://github.com/python-pillow/Pillow/issues/9157) \[[@radarhere](https://github.com/radarhere)] - Fix typos [#9135](https://github.com/python-pillow/Pillow/issues/9135) \[[@radarhere](https://github.com/radarhere)] - Added "Colors" to concepts [#9067](https://github.com/python-pillow/Pillow/issues/9067) \[[@radarhere](https://github.com/radarhere)] - Update macOS tested Pillow versions [#9068](https://github.com/python-pillow/Pillow/issues/9068) \[[@radarhere](https://github.com/radarhere)] - Thanks, folks! [#9056](https://github.com/python-pillow/Pillow/issues/9056) \[[@aclark4life](https://github.com/aclark4life)] - Setup nit: "fork" should be lowercased [#9055](https://github.com/python-pillow/Pillow/issues/9055) \[[@aclark4life](https://github.com/aclark4life)] ##### Dependencies - Update dependency cibuildwheel to v3.2.1 [#9246](https://github.com/python-pillow/Pillow/issues/9246) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - \[pre-commit.ci] pre-commit autoupdate [#9233](https://github.com/python-pillow/Pillow/issues/9233) \[@[pre-commit-ci\[bot\]](https://github.com/apps/pre-commit-ci)] - Update harfbuzz to 12.1.0 [#9218](https://github.com/python-pillow/Pillow/issues/9218) \[[@radarhere](https://github.com/radarhere)] - Update libtiff to 4.7.1 [#9222](https://github.com/python-pillow/Pillow/issues/9222) \[[@radarhere](https://github.com/radarhere)] - Update FreeType to 2.14.1 on macOS and Linux wheels [#9217](https://github.com/python-pillow/Pillow/issues/9217) \[[@radarhere](https://github.com/radarhere)] - Update dependency cibuildwheel to v3.2.0 [#9219](https://github.com/python-pillow/Pillow/issues/9219) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Update Ghostscript to 10.6.0 [#9202](https://github.com/python-pillow/Pillow/issues/9202) \[[@radarhere](https://github.com/radarhere)] - Update openjpeg to 2.5.4 [#9215](https://github.com/python-pillow/Pillow/issues/9215) \[[@radarhere](https://github.com/radarhere)] - Update harfbuzz to 11.5.0 [#9203](https://github.com/python-pillow/Pillow/issues/9203) \[[@radarhere](https://github.com/radarhere)] - Update dependency mypy to v1.18.2 [#9213](https://github.com/python-pillow/Pillow/issues/9213) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Update dependency mypy to v1.18.1 [#9207](https://github.com/python-pillow/Pillow/issues/9207) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Update github-actions [#9194](https://github.com/python-pillow/Pillow/issues/9194) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Updated harfbuzz to 11.4.5 [#9150](https://github.com/python-pillow/Pillow/issues/9150) \[[@radarhere](https://github.com/radarhere)] - Update zlib-ng to 2.2.5 [#9140](https://github.com/python-pillow/Pillow/issues/9140) \[[@radarhere](https://github.com/radarhere)] - Update raqm to 0.10.3 [#9137](https://github.com/python-pillow/Pillow/issues/9137) \[[@radarhere](https://github.com/radarhere)] - Update libjpeg-turbo to 3.1.2 [#9188](https://github.com/python-pillow/Pillow/issues/9188) \[[@radarhere](https://github.com/radarhere)] - \[pre-commit.ci] pre-commit autoupdate [#9180](https://github.com/python-pillow/Pillow/issues/9180) \[@[pre-commit-ci\[bot\]](https://github.com/apps/pre-commit-ci)] - Update dependency cibuildwheel to v3.1.4 [#9164](https://github.com/python-pillow/Pillow/issues/9164) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Update actions/checkout action to v5 [#9156](https://github.com/python-pillow/Pillow/issues/9156) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Update actions/download-artifact action to v5 [#9141](https://github.com/python-pillow/Pillow/issues/9141) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Updated harfbuzz to 11.3.3 [#9103](https://github.com/python-pillow/Pillow/issues/9103) \[[@radarhere](https://github.com/radarhere)] - \[pre-commit.ci] pre-commit autoupdate [#9131](https://github.com/python-pillow/Pillow/issues/9131) \[@[pre-commit-ci\[bot\]](https://github.com/apps/pre-commit-ci)] - Updated libimagequant to 4.4.0 [#9074](https://github.com/python-pillow/Pillow/issues/9074) \[[@radarhere](https://github.com/radarhere)] - Update dependency mypy to v1.17.1 [#9130](https://github.com/python-pillow/Pillow/issues/9130) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Update dependency cibuildwheel to v3.1.3 [#9129](https://github.com/python-pillow/Pillow/issues/9129) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Update dependency cibuildwheel to v3.1.2 [#9118](https://github.com/python-pillow/Pillow/issues/9118) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Updated libpng to 1.6.50 [#9058](https://github.com/python-pillow/Pillow/issues/9058) \[[@radarhere](https://github.com/radarhere)] - Update cygwin/cygwin-install-action action to v6 [#9108](https://github.com/python-pillow/Pillow/issues/9108) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Update dependency mypy to v1.17.0 [#9092](https://github.com/python-pillow/Pillow/issues/9092) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - Updated libwebp to 1.6.0 [#9082](https://github.com/python-pillow/Pillow/issues/9082) \[[@radarhere](https://github.com/radarhere)] - Update dependency cibuildwheel to v3.0.1 [#9075](https://github.com/python-pillow/Pillow/issues/9075) \[@[renovate\[bot\]](https://github.com/apps/renovate)] - \[pre-commit.ci] pre-commit autoupdate [#9073](https://github.com/python-pillow/Pillow/issues/9073) \[@[pre-commit-ci\[bot\]](https://github.com/apps/pre-commit-ci)] ##### Testing - Check return types [#9045](https://github.com/python-pillow/Pillow/issues/9045) \[[@radarhere](https://github.com/radarhere)] - Upgrade from macos-13 [#9212](https://github.com/python-pillow/Pillow/issues/9212) \[[@radarhere](https://github.com/radarhere)] - Wheels CI: Check number of expected dists [#9239](https://github.com/python-pillow/Pillow/issues/9239) \[[@hugovk](https://github.com/hugovk)] - Assert image type [#8845](https://github.com/python-pillow/Pillow/issues/8845) \[[@radarhere](https://github.com/radarhere)] - Test GD transparency [#9196](https://github.com/python-pillow/Pillow/issues/9196) \[[@radarhere](https://github.com/radarhere)] - Test mode when saving PPM images [#9195](https://github.com/python-pillow/Pillow/issues/9195) \[[@radarhere](https://github.com/radarhere)] - Test unsupported BMP bitfields layout [#9193](https://github.com/python-pillow/Pillow/issues/9193) \[[@radarhere](https://github.com/radarhere)] - Update Ghostscript to 10.6.0 [#9202](https://github.com/python-pillow/Pillow/issues/9202) \[[@radarhere](https://github.com/radarhere)] - Use monkeypatch [#9192](https://github.com/python-pillow/Pillow/issues/9192) \[[@radarhere](https://github.com/radarhere)] - Always check XMLPacket value [#9113](https://github.com/python-pillow/Pillow/issues/9113) \[[@radarhere](https://github.com/radarhere)] - Rename variable to not shadow import [#9124](https://github.com/python-pillow/Pillow/issues/9124) \[[@radarhere](https://github.com/radarhere)] - Removed unused code [#9182](https://github.com/python-pillow/Pillow/issues/9182) \[[@radarhere](https://github.com/radarhere)] - Add has\_feature\_version helper [#9172](https://github.com/python-pillow/Pillow/issues/9172) \[[@radarhere](https://github.com/radarhere)] - Replace print with assert [#9171](https://github.com/python-pillow/Pillow/issues/9171) \[[@radarhere](https://github.com/radarhere)] - Add Debian 13 Trixie [#9147](https://github.com/python-pillow/Pillow/issues/9147) \[[@hugovk](https://github.com/hugovk)] - Do not import from Tests directory in checks [#9143](https://github.com/python-pillow/Pillow/issues/9143) \[[@radarhere](https://github.com/radarhere)] - Improve features test coverage [#9077](https://github.com/python-pillow/Pillow/issues/9077) \[[@radarhere](https://github.com/radarhere)] - Remove WebP feature handling [#9096](https://github.com/python-pillow/Pillow/issues/9096) \[[@radarhere](https://github.com/radarhere)] - Update for pyroma 5.0 [#9093](https://github.com/python-pillow/Pillow/issues/9093) \[[@radarhere](https://github.com/radarhere)] - Improve WmfImagePlugin test coverage [#9090](https://github.com/python-pillow/Pillow/issues/9090) \[[@radarhere](https://github.com/radarhere)] - Improve DdsImagePlugin test coverage [#9091](https://github.com/python-pillow/Pillow/issues/9091) \[[@radarhere](https://github.com/radarhere)] - Improve ImageMath test coverage [#9087](https://github.com/python-pillow/Pillow/issues/9087) \[[@radarhere](https://github.com/radarhere)] - Fix unclosed file warning [#9065](https://github.com/python-pillow/Pillow/issues/9065) \[[@radarhere](https://github.com/radarhere)] - Pyroma now supports PEP 639 [#9064](https://github.com/python-pillow/Pillow/issues/9064) \[[@radarhere](https://github.com/radarhere)] ##### Type hints - Install arro3 dependencies when type checking [#9254](https://github.com/python-pillow/Pillow/issues/9254) \[[@radarhere](https://github.com/radarhere)] - Check return types [#9045](https://github.com/python-pillow/Pillow/issues/9045) \[[@radarhere](https://github.com/radarhere)] - Assert image type [#8845](https://github.com/python-pillow/Pillow/issues/8845) \[[@radarhere](https://github.com/radarhere)] - Move imports into TYPE\_CHECKING [#9123](https://github.com/python-pillow/Pillow/issues/9123) \[[@radarhere](https://github.com/radarhere)] - Remove support for NumPy 1.20 when type checking [#9125](https://github.com/python-pillow/Pillow/issues/9125) \[[@radarhere](https://github.com/radarhere)] ##### Other changes - Use macos-14 for iOS arm64 simulator [#9258](https://github.com/python-pillow/Pillow/issues/9258) \[[@hugovk](https://github.com/hugovk)] - Use enums for Modes and RawModes in C [#9256](https://github.com/python-pillow/Pillow/issues/9256) \[[@radarhere](https://github.com/radarhere)] - Add ImageText [#9098](https://github.com/python-pillow/Pillow/issues/9098) \[[@radarhere](https://github.com/radarhere)] - Shift bits before making value negative [#9255](https://github.com/python-pillow/Pillow/issues/9255) \[[@radarhere](https://github.com/radarhere)] - Support saving variable length rational TIFF tags by default [#9241](https://github.com/python-pillow/Pillow/issues/9241) \[[@radarhere](https://github.com/radarhere)] - Added four private SGI TIFF tags [#9245](https://github.com/python-pillow/Pillow/issues/9245) \[[@radarhere](https://github.com/radarhere)] - Band names for arrow exported images [#9099](https://github.com/python-pillow/Pillow/issues/9099) \[[@wiredfool](https://github.com/wiredfool)] - Use macos-latest for iOS arm64 simulator [#9250](https://github.com/python-pillow/Pillow/issues/9250) \[[@radarhere](https://github.com/radarhere)] - If pasting an image onto itself at a lower position, copy from bottom [#8882](https://github.com/python-pillow/Pillow/issues/8882) \[[@radarhere](https://github.com/radarhere)] - Removed unused access for I;32L and I;32B [#9238](https://github.com/python-pillow/Pillow/issues/9238) \[[@radarhere](https://github.com/radarhere)] - Corrected scientific-python-nightly-wheels pattern [#9252](https://github.com/python-pillow/Pillow/issues/9252) \[[@radarhere](https://github.com/radarhere)] - Run sdist when scheduled, but do not upload to scientific-python-nightly-wheels index [#9248](https://github.com/python-pillow/Pillow/issues/9248) \[[@radarhere](https://github.com/radarhere)] - Removed shebang lines and executable flags [#9179](https://github.com/python-pillow/Pillow/issues/9179) \[[@radarhere](https://github.com/radarhere)] - Remove Pillow version from PDF comment [#9176](https://github.com/python-pillow/Pillow/issues/9176) \[[@radarhere](https://github.com/radarhere)] - Support saving variable length rational TIFF tags [#9111](https://github.com/python-pillow/Pillow/issues/9111) \[[@radarhere](https://github.com/radarhere)] - Build Python 3.14 on macOS 10.15 [#9234](https://github.com/python-pillow/Pillow/issues/9234) \[[@radarhere](https://github.com/radarhere)] - Test largest CUR cursor [#9191](https://github.com/python-pillow/Pillow/issues/9191) \[[@radarhere](https://github.com/radarhere)] - Do not unnecessarily update FLI \_\_offset [#9184](https://github.com/python-pillow/Pillow/issues/9184) \[[@radarhere](https://github.com/radarhere)] - Fill alpha channel when quantizing RGB images [#9133](https://github.com/python-pillow/Pillow/issues/9133) \[[@radarhere](https://github.com/radarhere)] - Allow RGBA palettes to work with ImageOps.expand() [#9138](https://github.com/python-pillow/Pillow/issues/9138) \[[@radarhere](https://github.com/radarhere)] - Fixed loading rotated PCD images [#9177](https://github.com/python-pillow/Pillow/issues/9177) \[[@radarhere](https://github.com/radarhere)] - Cast before shifting bits [#9236](https://github.com/python-pillow/Pillow/issues/9236) \[[@radarhere](https://github.com/radarhere)] - Use \_ensure\_mutable() [#9200](https://github.com/python-pillow/Pillow/issues/9200) \[[@radarhere](https://github.com/radarhere)] - Seek past BeginBinary data when parsing EPS metadata [#9211](https://github.com/python-pillow/Pillow/issues/9211) \[[@radarhere](https://github.com/radarhere)] - Do not allow negative offset with memory mapping [#9235](https://github.com/python-pillow/Pillow/issues/9235) \[[@radarhere](https://github.com/radarhere)] - Clear C image when MPO frame image size changes [#9208](https://github.com/python-pillow/Pillow/issues/9208) \[[@radarhere](https://github.com/radarhere)] - When converting RGBA to PA, use RGB to P quantization [#9153](https://github.com/python-pillow/Pillow/issues/9153) \[[@radarhere](https://github.com/radarhere)] - Remove use of sudo from libavif and raqm install scripts [#9231](https://github.com/python-pillow/Pillow/issues/9231) \[[@radarhere](https://github.com/radarhere)] - Load image palette into Python after converting to PA [#9152](https://github.com/python-pillow/Pillow/issues/9152) \[[@radarhere](https://github.com/radarhere)] - Check all reserved bytes in FLI header [#9183](https://github.com/python-pillow/Pillow/issues/9183) \[[@radarhere](https://github.com/radarhere)] - Limit length of read operation in ImageFont.\_load\_pilfont\_data() [#9181](https://github.com/python-pillow/Pillow/issues/9181) \[[@radarhere](https://github.com/radarhere)] - Python 3.9 wheels are no longer needed [#9214](https://github.com/python-pillow/Pillow/issues/9214) \[[@radarhere](https://github.com/radarhere)] - Remove unused Image \_expand() [#9227](https://github.com/python-pillow/Pillow/issues/9227) \[[@radarhere](https://github.com/radarhere)] - Updated FreeType to 2.14.1 on Windows [#9206](https://github.com/python-pillow/Pillow/issues/9206) \[[@radarhere](https://github.com/radarhere)] - Only deprecate fromarray mode for changing data types [#9063](https://github.com/python-pillow/Pillow/issues/9063) \[[@radarhere](https://github.com/radarhere)] - Fix reading RGB and CMYK IPTC images [#9088](https://github.com/python-pillow/Pillow/issues/9088) \[[@radarhere](https://github.com/radarhere)] - Install zstd for libtiff on Linux wheels [#9097](https://github.com/python-pillow/Pillow/issues/9097) \[[@radarhere](https://github.com/radarhere)] - Improve WalImageFile test coverage [#9189](https://github.com/python-pillow/Pillow/issues/9189) \[[@radarhere](https://github.com/radarhere)] - ImageMorph operations must have length 1 [#9102](https://github.com/python-pillow/Pillow/issues/9102) \[[@radarhere](https://github.com/radarhere)] - Set correct size for rotated PCD images after opening [#9086](https://github.com/python-pillow/Pillow/issues/9086) \[[@radarhere](https://github.com/radarhere)] - Simplify check for GBR width and height [#9089](https://github.com/python-pillow/Pillow/issues/9089) \[[@radarhere](https://github.com/radarhere)] - Make in parallel when building libjpeg-turbo and openjpeg for macOS and Linux wheels [#9144](https://github.com/python-pillow/Pillow/issues/9144) \[[@radarhere](https://github.com/radarhere)] - Fix ZeroDivisionError in ImageStat [#9105](https://github.com/python-pillow/Pillow/issues/9105) \[[@radarhere](https://github.com/radarhere)] - When deleting EXIF IFD tag, delete IFD data [#9083](https://github.com/python-pillow/Pillow/issues/9083) \[[@radarhere](https://github.com/radarhere)] - Allow alpha\_composite to use LA images [#9066](https://github.com/python-pillow/Pillow/issues/9066) \[[@radarhere](https://github.com/radarhere)] - Improve \_accept length check [#9170](https://github.com/python-pillow/Pillow/issues/9170) \[[@radarhere](https://github.com/radarhere)] - Do not set core to DeferredError [#9166](https://github.com/python-pillow/Pillow/issues/9166) \[[@radarhere](https://github.com/radarhere)] - Use macos-14 for iOS arm64 simulator [#9161](https://github.com/python-pillow/Pillow/issues/9161) \[[@radarhere](https://github.com/radarhere)] - Make in parallel when building brotli and libavif for macOS and Linux wheels [#9142](https://github.com/python-pillow/Pillow/issues/9142) \[[@radarhere](https://github.com/radarhere)] - Use Python 3.14 for gcc problem matching [#9134](https://github.com/python-pillow/Pillow/issues/9134) \[[@radarhere](https://github.com/radarhere)] - Add libavif support for iOS [#9117](https://github.com/python-pillow/Pillow/issues/9117) \[[@freakboy3742](https://github.com/freakboy3742)] - Restore pyroma test for iOS [#9116](https://github.com/python-pillow/Pillow/issues/9116) \[[@freakboy3742](https://github.com/freakboy3742)] - Use correct bands for two band histograms [#9054](https://github.com/python-pillow/Pillow/issues/9054) \[[@radarhere](https://github.com/radarhere)] - Add support for Python 3.14 [#9120](https://github.com/python-pillow/Pillow/issues/9120) \[[@hugovk](https://github.com/hugovk)] - Drop support for PyPy3.10 [#9112](https://github.com/python-pillow/Pillow/issues/9112) \[[@radarhere](https://github.com/radarhere)] - Add parallel compile from pybind11 [#8990](https://github.com/python-pillow/Pillow/issues/8990) \[[@wiredfool](https://github.com/wiredfool)] - Remove unused \_save\_cjpeg [#9084](https://github.com/python-pillow/Pillow/issues/9084) \[[@radarhere](https://github.com/radarhere)] - Ensure dynamic libjpeg libraries are not linked [#9081](https://github.com/python-pillow/Pillow/issues/9081) \[[@freakboy3742](https://github.com/freakboy3742)] - Remove reference to libtiff 3.x [#9072](https://github.com/python-pillow/Pillow/issues/9072) \[[@radarhere](https://github.com/radarhere)] - Restored manylinux2014 wheels [#9059](https://github.com/python-pillow/Pillow/issues/9059) \[[@radarhere](https://github.com/radarhere)] </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

Renovate bot added 1 commit

2026-02-11 12:45:39 -05:00

fix(deps): update dependency pillow to v12 [security]

renovate/artifacts Artifact file update failure

Actions / Lint (pull_request) Failing after 19s

Details

Actions / Build Documentation (pull_request) Failing after 19s

Details

Actions / Ensure Cogs Load (pull_request) Successful in 3m49s

Details

ca8a29fe15

Renovate bot commented

2026-02-11 12:45:40 -05:00

Author

Collaborator

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: uv.lock

Command failed: uv lock --upgrade-package pillow
Using CPython 3.11.14 interpreter at: /opt/containerbase/tools/python/3.11.14/bin/python3
   Updating https://github.com/cswimr/Red-DiscordBot (fork)
   Updating https://github.com/Cog-Creators/redgettext (master)
    Updated https://github.com/Cog-Creators/redgettext (17032bd60a52b2da7d915b2589db821b4a46bb66)
    Updated https://github.com/cswimr/Red-DiscordBot (451a257013c2d01353cf349ebfdf69f6adc3f523)
  × No solution found when resolving dependencies:
  ╰─▶ Because only the following versions of mkdocs-material[imaging] are
      available:
          mkdocs-material[imaging]<=9.6.15
          mkdocs-material[imaging]==9.6.16
          mkdocs-material[imaging]==9.6.17
          mkdocs-material[imaging]==9.6.18
          mkdocs-material[imaging]==9.6.19
          mkdocs-material[imaging]==9.6.20
          mkdocs-material[imaging]==9.6.21
          mkdocs-material[imaging]==9.6.22
          mkdocs-material[imaging]==9.6.23
          mkdocs-material[imaging]==9.7.0
          mkdocs-material[imaging]==9.7.1
      and mkdocs-material[imaging]>=9.6.15,<=9.6.18 depends
      on pillow>=10.2,<11.dev0, we can conclude that
      mkdocs-material[imaging]>=9.6.15,<9.6.16 depends on
      pillow>=10.2,<11.dev0.
      And because mkdocs-material[imaging]>=9.6.16,<=9.6.18 depends
      on pillow>=10.2,<11.dev0 and pillow>=10.2,<11.dev0, we can
      conclude that mkdocs-material[imaging]>=9.6.15,<9.6.18 depends on
      pillow>=10.2,<11.dev0.
      And because mkdocs-material[imaging]==9.6.18 depends on
      pillow>=10.2,<11.dev0 and pillow>=10.2,<12.0, we can conclude that
      mkdocs-material[imaging]>=9.6.15,<9.6.20 depends on pillow>=10.2,<12.0.
      And because mkdocs-material[imaging]>=9.6.20 depends on
      pillow>=10.2,<12.0 and pillow>=10.2,<12.0, we can conclude that
      mkdocs-material[imaging]>=9.6.15,<9.6.22 depends on pillow>=10.2,<12.0.
      And because mkdocs-material[imaging]>=9.6.22 depends on
      pillow>=10.2,<12.0 and pillow>=10.2,<12.0, we can conclude that
      mkdocs-material[imaging]>=9.6.15,<9.7.0 depends on pillow>=10.2,<12.0.
      And because mkdocs-material[imaging]>=9.7.0 depends on
      pillow>=10.2,<12.0 and pillow>=10.2,<12.0, we can conclude that
      mkdocs-material[imaging]>=9.6.15 depends on pillow>=10.2,<12.0.
      And because seacogs:dev depends on mkdocs-material[imaging]>=9.6.15 and
      your project depends on pillow>=12.1, we can conclude that your project
      and seacogs:dev are incompatible.
      And because your project requires your project and seacogs:dev, we can
      conclude that your project's requirements are unsatisfiable.

### ⚠️ Artifact update problem Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens: - any of the package files in this branch needs updating, or - the branch becomes conflicted, or - you click the rebase/retry checkbox if found above, or - you rename this PR's title to start with "rebase!" to trigger it manually The artifact failure details are included below: ##### File name: uv.lock ``` Command failed: uv lock --upgrade-package pillow Using CPython 3.11.14 interpreter at: /opt/containerbase/tools/python/3.11.14/bin/python3 Updating https://github.com/cswimr/Red-DiscordBot (fork) Updating https://github.com/Cog-Creators/redgettext (master) Updated https://github.com/Cog-Creators/redgettext (17032bd60a52b2da7d915b2589db821b4a46bb66) Updated https://github.com/cswimr/Red-DiscordBot (451a257013c2d01353cf349ebfdf69f6adc3f523) × No solution found when resolving dependencies: ╰─▶ Because only the following versions of mkdocs-material[imaging] are available: mkdocs-material[imaging]<=9.6.15 mkdocs-material[imaging]==9.6.16 mkdocs-material[imaging]==9.6.17 mkdocs-material[imaging]==9.6.18 mkdocs-material[imaging]==9.6.19 mkdocs-material[imaging]==9.6.20 mkdocs-material[imaging]==9.6.21 mkdocs-material[imaging]==9.6.22 mkdocs-material[imaging]==9.6.23 mkdocs-material[imaging]==9.7.0 mkdocs-material[imaging]==9.7.1 and mkdocs-material[imaging]>=9.6.15,<=9.6.18 depends on pillow>=10.2,<11.dev0, we can conclude that mkdocs-material[imaging]>=9.6.15,<9.6.16 depends on pillow>=10.2,<11.dev0. And because mkdocs-material[imaging]>=9.6.16,<=9.6.18 depends on pillow>=10.2,<11.dev0 and pillow>=10.2,<11.dev0, we can conclude that mkdocs-material[imaging]>=9.6.15,<9.6.18 depends on pillow>=10.2,<11.dev0. And because mkdocs-material[imaging]==9.6.18 depends on pillow>=10.2,<11.dev0 and pillow>=10.2,<12.0, we can conclude that mkdocs-material[imaging]>=9.6.15,<9.6.20 depends on pillow>=10.2,<12.0. And because mkdocs-material[imaging]>=9.6.20 depends on pillow>=10.2,<12.0 and pillow>=10.2,<12.0, we can conclude that mkdocs-material[imaging]>=9.6.15,<9.6.22 depends on pillow>=10.2,<12.0. And because mkdocs-material[imaging]>=9.6.22 depends on pillow>=10.2,<12.0 and pillow>=10.2,<12.0, we can conclude that mkdocs-material[imaging]>=9.6.15,<9.7.0 depends on pillow>=10.2,<12.0. And because mkdocs-material[imaging]>=9.7.0 depends on pillow>=10.2,<12.0 and pillow>=10.2,<12.0, we can conclude that mkdocs-material[imaging]>=9.6.15 depends on pillow>=10.2,<12.0. And because seacogs:dev depends on mkdocs-material[imaging]>=9.6.15 and your project depends on pillow>=12.1, we can conclude that your project and seacogs:dev are incompatible. And because your project requires your project and seacogs:dev, we can conclude that your project's requirements are unsatisfiable. ```

Renovate bot force-pushed renovate/pypi-pillow-vulnerability from ca8a29fe15

renovate/artifacts Artifact file update failure

Actions / Lint (pull_request) Failing after 19s

Details

Actions / Build Documentation (pull_request) Failing after 19s

Details

Actions / Ensure Cogs Load (pull_request) Successful in 3m49s

Details

to ea20eb67f9

renovate/artifacts Artifact file update failure

Actions / Lint (pull_request) Failing after 24s

Details

Actions / Build Documentation (pull_request) Failing after 24s

Details

Actions / Ensure Cogs Load (pull_request) Successful in 3m45s

Details

2026-02-17 15:37:37 -05:00

Compare

cswimr added a new dependency

2026-02-20 09:12:06 -05:00

#118 WIP: Add SentinelCore

cswimr removed a dependency

2026-02-20 09:12:09 -05:00

#118 WIP: Add SentinelCore

Renovate bot changed title from ~~fix(deps): update dependency pillow to v12 [security]~~ to fix(deps): update dependency pillow to v12 [security] - autoclosed

2026-02-26 04:02:49 -05:00

Renovate bot closed this pull request

2026-02-26 04:02:49 -05:00

renovate/artifacts Artifact file update failure

Actions / Lint (pull_request) Failing after 24s

Required

Details

Actions / Build Documentation (pull_request) Failing after 24s

Required

Details

Actions / Ensure Cogs Load (pull_request) Successful in 3m45s

Required

Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Rows
Columns

fix(deps): update dependency pillow to v12 [security] - autoclosed #162

Pillow affected by out-of-bounds write when loading PSD images

Details

Impact

Patches

Workarounds

References

Severity

References

Release Notes

v12.1.1

Dependencies

Other changes

v12.1.0

Deprecations

Documentation

Dependencies

Testing

Type hints

Other changes

v12.0.0

Removals

Deprecations

Documentation

Dependencies

Testing

Type hints

Other changes

Configuration

⚠️ Artifact update problem

File name: uv.lock

Pull request closed

`v12.1.1`

`v12.1.0`

`v12.0.0`