chore(deps): update dependency pillow to v12 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pillow (changelog)	^11.3.0 → ^12.0.0

GitHub Vulnerability Alerts

CVE-2026-25990

Impact

An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected.

Patches

Pillow 12.1.1 will be released shortly with a fix for this.

Workarounds

Image.open() has a formats parameter that can be used to prevent PSD images from being opened.

References

Pillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html

---

Release Notes

python-pillow/Pillow (pillow)

v12.1.1

Compare Source

v12.1.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html

Deprecations

• Deprecate getdata(), in favour of new get_flattened_data() #​9292 [@​radarhere]

Documentation

• Specify APNG duration type when opening #​9368 [@​radarhere]
• Added release notes for #​9350 #​9366 [@​radarhere]
• Update ImageMorph documentation #​9349 [@​radarhere]
• Docs: update major bump cadence #​9334 [@​hugovk]
• Add release notes for #​9070 #​9320 [@​radarhere]
• Updated Ubuntu version #​9306 [@​radarhere]
• Update macOS tested Pillow versions #​9265 [@​radarhere]

Dependencies

• Update harfbuzz to 12.3.0 #​9355 [@​radarhere]
• Update xz to 5.8.2 #​9343 [@​radarhere]
• Updated libjpeg-turbo to 3.1.3 #​9333 [@​radarhere]
• Updated zlib-ng to 2.3.2 #​9324 [@​radarhere]
• Updated libpng to 1.6.53 #​9325 [@​radarhere]
• Update actions/checkout action to v6 #​9323 [@​renovate[bot]]
• Update dependency mypy to v1.19.0 #​9322 [@​renovate[bot]]
• Updated libpng to 1.6.51 #​9305 [@​radarhere]
• Updated brotli to 1.2.0 #​9284 [@​radarhere]
• Update libimagequant to 4.4.1 #​9301 [@​radarhere]
• Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 #​9312 [@​radarhere]
• Updated harfbuzz to 12.2.0 #​9289 [@​radarhere]
• Update github-actions #​9277 [@​renovate[bot]]

Testing

• Replace pre-commit with prek #​9360 [@​hugovk]
• Test PyQt6 on Python 3.14 on Windows #​9353 [@​radarhere]
• Test 32-bit Windows on Windows Server 2022 #​9345 [@​radarhere]
• Correct variable type #​9335 [@​radarhere]
• Fix ResourceWarnings in selftest.py #​9332 [@​hugovk]
• Fix testing good P mode BMP images #​9319 [@​radarhere]
• Test Python 3.15 pre-release #​9331 [@​hugovk]
• Test ImageFont.ImageFont, in case freetype2 is not supported #​9287 [@​radarhere]
• Add Fedora 43 #​9290 [@​radarhere]
• Remove Fedora 41 #​9260 [@​radarhere]

Type hints

• Add ImageFile context manager #​9367 [@​radarhere]
• Assert fp is not None #​8617 [@​radarhere]
• Added return type to ImageFile _close_fp() #​9356 [@​radarhere]
• Use different variables for Image and ImageFile instances #​9316 [@​radarhere]
• Correct variable type #​9335 [@​radarhere]
• Improve type hints #​9317 [@​radarhere]
• Use different variables for Image and ImageFile instances #​9268 [@​radarhere]
• Added type hints #​9269 [@​radarhere]
• Correct getitem return type #​9264 [@​radarhere]

Other changes

• Simplify band splitting #​9291 [@​radarhere]
• Support saving APNG float durations #​9365 [@​radarhere]
• Allow 1 mode images in MorphOp #​9348 [@​radarhere]
• Use minimum supported Python version for Lint #​9364 [@​radarhere]
• Allow for duplicate font variation styles #​9362 [@​radarhere]
• Call parent verify method #​9357 [@​radarhere]
• Return LUT from LutBuilder build_default_lut() #​9350 [@​radarhere]
• Simplify WebP code #​9329 [@​radarhere]
• Use unsigned long for DWORD #​9352 [@​radarhere]
• Cast to UINT32 before shifting bits #​9347 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9318 [@​pre-commit-ci[bot]]
• Allow window ID to be passed to ImageGrab.grab() on macOS #​9070 [@​yankeguo]
• Apply encoder options when saving multiple PNG frames #​9300 [@​radarhere]
• Read all non-zero transparency from mode 1 PNG images as 255 #​9282 [@​radarhere]
• Support writing IFD, SIGNED_RATIONAL and InkNames TIFF tags #​9276 [@​radarhere]
• Remove unused modes #​9275 [@​radarhere]
• Correct allocating new color to RGBA palette #​9313 [@​radarhere]
• Close image on ImageFont exception #​9304 [@​radarhere]
• Reapply "Use macos-latest for iOS arm64 simulator" #​9259 [@​radarhere]
• Escape period in pre-commit-config #​9036 [@​radarhere]
• Add Apache-2.0 notice to IcoImagePlugin #​8947 [@​stefan6419846]
• [pre-commit.ci] pre-commit autoupdate #​9288 [@​pre-commit-ci[bot]]
• Simplify code now that I;16* modes are the only IMAGING_TYPE_SPECIAL #​9263 [@​radarhere]
• Remove BytesIO from DdsImagePlugin #​9273 [@​radarhere]
• Fix ZeroDivisionError in DdsImagePlugin #​9272 [@​radarhere]
• Fix warnings #​9257 [@​radarhere]

v12.0.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html

Removals

• Remove support for FreeType <= 2.9.0 #​9159 [@​radarhere]
• Drop support for Python 3.9 #​9119 [@​hugovk]
• Remove deprecations for Pillow 12.0.0 #​9053 [@​radarhere]

Deprecations

• Deprecate Image._show #​9186 [@​radarhere]
• Deprecate ImageCmsProfile product_name and product_info #​8995 [@​lukegb]

Documentation

• ImagingHistogramInstance can use two bands #​9251 [@​radarhere]
• Update 12.0.0 release notes #​9247 [@​hugovk]
• Added ImageDraw alpha channel examples #​9201 [@​radarhere]
• Update Python version #​9230 [@​radarhere]
• Updated macOS tested Pillow versions #​9209 [@​radarhere]
• Add GitHub profile link to release notes #​9197 [@​radarhere]
• Split versionadded info #​9190 [@​radarhere]
• Document ImageFile.MAXBLOCK #​9163 [@​radarhere]
• Updated macOS version in CI targets #​9157 [@​radarhere]
• Fix typos #​9135 [@​radarhere]
• Added "Colors" to concepts #​9067 [@​radarhere]
• Update macOS tested Pillow versions #​9068 [@​radarhere]
• Thanks, folks! #​9056 [@​aclark4life]
• Setup nit: "fork" should be lowercased #​9055 [@​aclark4life]

Dependencies

• Update dependency cibuildwheel to v3.2.1 #​9246 [@​renovate[bot]]
• [pre-commit.ci] pre-commit autoupdate #​9233 [@​pre-commit-ci[bot]]
• Update harfbuzz to 12.1.0 #​9218 [@​radarhere]
• Update libtiff to 4.7.1 #​9222 [@​radarhere]
• Update FreeType to 2.14.1 on macOS and Linux wheels #​9217 [@​radarhere]
• Update dependency cibuildwheel to v3.2.0 #​9219 [@​renovate[bot]]
• Update Ghostscript to 10.6.0 #​9202 [@​radarhere]
• Update openjpeg to 2.5.4 #​9215 [@​radarhere]
• Update harfbuzz to 11.5.0 #​9203 [@​radarhere]
• Update dependency mypy to v1.18.2 #​9213 [@​renovate[bot]]
• Update dependency mypy to v1.18.1 #​9207 [@​renovate[bot]]
• Update github-actions #​9194 [@​renovate[bot]]
• Updated harfbuzz to 11.4.5 #​9150 [@​radarhere]
• Update zlib-ng to 2.2.5 #​9140 [@​radarhere]
• Update raqm to 0.10.3 #​9137 [@​radarhere]
• Update libjpeg-turbo to 3.1.2 #​9188 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9180 [@​pre-commit-ci[bot]]
• Update dependency cibuildwheel to v3.1.4 #​9164 [@​renovate[bot]]
• Update actions/checkout action to v5 #​9156 [@​renovate[bot]]
• Update actions/download-artifact action to v5 #​9141 [@​renovate[bot]]
• Updated harfbuzz to 11.3.3 #​9103 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9131 [@​pre-commit-ci[bot]]
• Updated libimagequant to 4.4.0 #​9074 [@​radarhere]
• Update dependency mypy to v1.17.1 #​9130 [@​renovate[bot]]
• Update dependency cibuildwheel to v3.1.3 #​9129 [@​renovate[bot]]
• Update dependency cibuildwheel to v3.1.2 #​9118 [@​renovate[bot]]
• Updated libpng to 1.6.50 #​9058 [@​radarhere]
• Update cygwin/cygwin-install-action action to v6 #​9108 [@​renovate[bot]]
• Update dependency mypy to v1.17.0 #​9092 [@​renovate[bot]]
• Updated libwebp to 1.6.0 #​9082 [@​radarhere]
• Update dependency cibuildwheel to v3.0.1 #​9075 [@​renovate[bot]]
• [pre-commit.ci] pre-commit autoupdate #​9073 [@​pre-commit-ci[bot]]

Testing

• Check return types #​9045 [@​radarhere]
• Upgrade from macos-13 #​9212 [@​radarhere]
• Wheels CI: Check number of expected dists #​9239 [@​hugovk]
• Assert image type #​8845 [@​radarhere]
• Test GD transparency #​9196 [@​radarhere]
• Test mode when saving PPM images #​9195 [@​radarhere]
• Test unsupported BMP bitfields layout #​9193 [@​radarhere]
• Update Ghostscript to 10.6.0 #​9202 [@​radarhere]
• Use monkeypatch #​9192 [@​radarhere]
• Always check XMLPacket value #​9113 [@​radarhere]
• Rename variable to not shadow import #​9124 [@​radarhere]
• Removed unused code #​9182 [@​radarhere]
• Add has_feature_version helper #​9172 [@​radarhere]
• Replace print with assert #​9171 [@​radarhere]
• Add Debian 13 Trixie #​9147 [@​hugovk]
• Do not import from Tests directory in checks #​9143 [@​radarhere]
• Improve features test coverage #​9077 [@​radarhere]
• Remove WebP feature handling #​9096 [@​radarhere]
• Update for pyroma 5.0 #​9093 [@​radarhere]
• Improve WmfImagePlugin test coverage #​9090 [@​radarhere]
• Improve DdsImagePlugin test coverage #​9091 [@​radarhere]
• Improve ImageMath test coverage #​9087 [@​radarhere]
• Fix unclosed file warning #​9065 [@​radarhere]
• Pyroma now supports PEP 639 #​9064 [@​radarhere]

Type hints

• Install arro3 dependencies when type checking #​9254 [@​radarhere]
• Check return types #​9045 [@​radarhere]
• Assert image type #​8845 [@​radarhere]
• Move imports into TYPE_CHECKING #​9123 [@​radarhere]
• Remove support for NumPy 1.20 when type checking #​9125 [@​radarhere]

Other changes

• Use macos-14 for iOS arm64 simulator #​9258 [@​hugovk]
• Use enums for Modes and RawModes in C #​9256 [@​radarhere]
• Add ImageText #​9098 [@​radarhere]
• Shift bits before making value negative #​9255 [@​radarhere]
• Support saving variable length rational TIFF tags by default #​9241 [@​radarhere]
• Added four private SGI TIFF tags #​9245 [@​radarhere]
• Band names for arrow exported images #​9099 [@​wiredfool]
• Use macos-latest for iOS arm64 simulator #​9250 [@​radarhere]
• If pasting an image onto itself at a lower position, copy from bottom #​8882 [@​radarhere]
• Removed unused access for I;32L and I;32B #​9238 [@​radarhere]
• Corrected scientific-python-nightly-wheels pattern #​9252 [@​radarhere]
• Run sdist when scheduled, but do not upload to scientific-python-nightly-wheels index #​9248 [@​radarhere]
• Removed shebang lines and executable flags #​9179 [@​radarhere]
• Remove Pillow version from PDF comment #​9176 [@​radarhere]
• Support saving variable length rational TIFF tags #​9111 [@​radarhere]
• Build Python 3.14 on macOS 10.15 #​9234 [@​radarhere]
• Test largest CUR cursor #​9191 [@​radarhere]
• Do not unnecessarily update FLI __offset #​9184 [@​radarhere]
• Fill alpha channel when quantizing RGB images #​9133 [@​radarhere]
• Allow RGBA palettes to work with ImageOps.expand() #​9138 [@​radarhere]
• Fixed loading rotated PCD images #​9177 [@​radarhere]
• Cast before shifting bits #​9236 [@​radarhere]
• Use _ensure_mutable() #​9200 [@​radarhere]
• Seek past BeginBinary data when parsing EPS metadata #​9211 [@​radarhere]
• Do not allow negative offset with memory mapping #​9235 [@​radarhere]
• Clear C image when MPO frame image size changes #​9208 [@​radarhere]
• When converting RGBA to PA, use RGB to P quantization #​9153 [@​radarhere]
• Remove use of sudo from libavif and raqm install scripts #​9231 [@​radarhere]
• Load image palette into Python after converting to PA #​9152 [@​radarhere]
• Check all reserved bytes in FLI header #​9183 [@​radarhere]
• Limit length of read operation in ImageFont._load_pilfont_data() #​9181 [@​radarhere]
• Python 3.9 wheels are no longer needed #​9214 [@​radarhere]
• Remove unused Image _expand() #​9227 [@​radarhere]
• Updated FreeType to 2.14.1 on Windows #​9206 [@​radarhere]
• Only deprecate fromarray mode for changing data types #​9063 [@​radarhere]
• Fix reading RGB and CMYK IPTC images #​9088 [@​radarhere]
• Install zstd for libtiff on Linux wheels #​9097 [@​radarhere]
• Improve WalImageFile test coverage #​9189 [@​radarhere]
• ImageMorph operations must have length 1 #​9102 [@​radarhere]
• Set correct size for rotated PCD images after opening #​9086 [@​radarhere]
• Simplify check for GBR width and height #​9089 [@​radarhere]
• Make in parallel when building libjpeg-turbo and openjpeg for macOS and Linux wheels #​9144 [@​radarhere]
• Fix ZeroDivisionError in ImageStat #​9105 [@​radarhere]
• When deleting EXIF IFD tag, delete IFD data #​9083 [@​radarhere]
• Allow alpha_composite to use LA images #​9066 [@​radarhere]
• Improve _accept length check #​9170 [@​radarhere]
• Do not set core to DeferredError #​9166 [@​radarhere]
• Use macos-14 for iOS arm64 simulator #​9161 [@​radarhere]
• Make in parallel when building brotli and libavif for macOS and Linux wheels #​9142 [@​radarhere]
• Use Python 3.14 for gcc problem matching #​9134 [@​radarhere]
• Add libavif support for iOS #​9117 [@​freakboy3742]
• Restore pyroma test for iOS #​9116 [@​freakboy3742]
• Use correct bands for two band histograms #​9054 [@​radarhere]
• Add support for Python 3.14 #​9120 [@​hugovk]
• Drop support for PyPy3.10 #​9112 [@​radarhere]
• Add parallel compile from pybind11 #​8990 [@​wiredfool]
• Remove unused _save_cjpeg #​9084 [@​radarhere]
• Ensure dynamic libjpeg libraries are not linked #​9081 [@​freakboy3742]
• Remove reference to libtiff 3.x #​9072 [@​radarhere]
• Restored manylinux2014 wheels #​9059 [@​radarhere]

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[malled2002]

Image generation is working. But the stats module is broken and unused. Should we drop this?

[dargmuesli]

cc @soerface, I think you can answer malled's question above better than me

[soerface]

Yes, the stats module is from back in the days where the drinks statistics were displayed on a flipdot display. It is already non-functional because database layout changed. I don't have plans to revive it, so I'm fine with deleting the whole module.

[dargmuesli]

@soerface stats module removed, pls approve