chore(deps): update dependency pillow to <10.5 [security] - autoclosed #96
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/pypi-pillow-vulnerability
branch
from
4dbe615 to
d8bccbb
Compare
renovate
bot
changed the title
Contributor
Live previewLast updated: 2025-11-26T01:38:45 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
<10.3-><10.5Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2024-28219
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
Release Notes
python-pillow/Pillow (pillow)
v10.4.0Compare Source
Raise FileNotFoundError if show_file() path does not exist #8178
[radarhere]
Improved reading 16-bit TGA images with colour #7965
[Yay295, radarhere]
Deprecate non-image ImageCms modes #8031
[radarhere]
Fixed processing multiple JPEG EXIF markers #8127
[radarhere]
Do not preserve EXIFIFD tag by default when saving TIFF images #8110
[radarhere]
Added ImageFont.load_default_imagefont() #8086
[radarhere]
Added Image.WARN_POSSIBLE_FORMATS #8063
[radarhere]
Remove zero-byte end padding when parsing any XMP data #8171
[radarhere]
Do not detect Ultra HDR images as MPO #8056
[radarhere]
Raise SyntaxError specific to JP2 #8146
[Yay295, radarhere]
Do not use first frame duration for other frames when saving APNG images #8104
[radarhere]
Consider I;16 pixel size when using a 1 mode mask #8112
[radarhere]
When saving multiple PNG frames, convert to mode rather than raw mode #8087
[radarhere]
Added byte support to FreeTypeFont #8141
[radarhere]
Allow float center for rotate operations #8114
[radarhere]
Do not read layers immediately when opening PSD images #8039
[radarhere]
Restore original thread state #8065
[radarhere]
Read IM and TIFF images as RGB, rather than RGBX #7997
[radarhere]
Only preserve TIFF IPTC_NAA_CHUNK tag if type is BYTE or UNDEFINED #7948
[radarhere]
Clarify ImageDraw2 error message when size is missing #8165
[radarhere]
Support unpacking more rawmodes to RGBA palettes #7966
[radarhere]
Removed support for Qt 5 #8159
[radarhere]
Improve
ImageFont.freetypesupport for XDG directories on Linux #8135[mamg22, radarhere]
Improved consistency of XMP handling #8069
[radarhere]
Use pkg-config to help find libwebp and raqm #8142
[radarhere]
Accept 't' suffix for libtiff version #8126, #8129
[radarhere]
Deprecate ImageDraw.getdraw hints parameter #8124
[radarhere, hugovk]
Added ImageDraw circle() #8085
[void4, hugovk, radarhere]
Add mypy target to Makefile #8077
[Yay295]
Added more modes to Image.MODES #7984
[radarhere]
Deprecate BGR;15, BGR;16 and BGR;24 modes #7978
[radarhere, hugovk]
Fix ImagingAccess for I;16N on big-endian #7921
[Yay295, radarhere]
Support reading P mode TIFF images with padding #7996
[radarhere]
Deprecate support for libtiff < 4 #7998
[radarhere, hugovk]
Corrected ImageShow UnixViewer command #7987
[radarhere]
Use functools.cached_property in ImageStat #7952
[nulano, hugovk, radarhere]
Add support for reading BITMAPV2INFOHEADER and BITMAPV3INFOHEADER #7956
[Cirras, radarhere]
Support reading CMYK JPEG2000 images #7947
[radarhere]
v10.3.0Compare Source
CVE-2024-28219: Use
strncpyto avoid buffer overflow #7928[radarhere, hugovk]
Deprecate
eval(), replacing it withlambda_eval()andunsafe_eval()#7927[radarhere, hugovk]
Raise
ValueErrorif seeking to greater than offset-sized integer in TIFF #7883[radarhere]
Add
--reportargument to__main__.pyto omit supported formats #7818[nulano, radarhere, hugovk]
Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920
[radarhere]
Fix editable installation with custom build backend and configuration options #7658
[nulano, radarhere]
Fix putdata() for I;16N on big-endian #7209
[Yay295, hugovk, radarhere]
Determine MPO size from markers, not EXIF data #7884
[radarhere]
Improved conversion from RGB to RGBa, LA and La #7888
[radarhere]
Support FITS images with GZIP_1 compression #7894
[radarhere]
Use I;16 mode for 9-bit JPEG 2000 images #7900
[scaramallion, radarhere]
Raise ValueError if kmeans is negative #7891
[radarhere]
Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893
[radarhere]
Raise ValueError for negative values when loading P1-P3 PPM images #7882
[radarhere]
Added reading of JPEG2000 palettes #7870
[radarhere]
Added alpha_quality argument when saving WebP images #7872
[radarhere]
Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881
[radarhere]
Stop reading EPS image at EOF marker #7753
[radarhere]
PSD layer co-ordinates may be negative #7706
[radarhere]
Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791
[radarhere]
When saving GIF frame that restores to background color, do not fill identical pixels #7788
[radarhere]
Fixed reading PNG iCCP compression method #7823
[radarhere]
Allow writing IFDRational to UNDEFINED tag #7840
[radarhere]
Fix logged tag name when loading Exif data #7842
[radarhere]
Use maximum frame size in IHDR chunk when saving APNG images #7821
[radarhere]
Prevent opening P TGA images without a palette #7797
[radarhere]
Use palette when loading ICO images #7798
[radarhere]
Use consistent arguments for load_read and load_seek #7713
[radarhere]
Turn off nullability warnings for macOS SDK #7827
[radarhere]
Fix shift-sign issue in Convert.c #7838
[r-barnes, radarhere]
Open 16-bit grayscale PNGs as I;16 #7849
[radarhere]
Handle truncated chunks at the end of PNG images #7709
[lajiyuan, radarhere]
Match mask size to pasted image size in GifImagePlugin #7779
[radarhere]
Release GIL while calling
WebPAnimDecoderGetNext#7782[evanmiller, radarhere]
Fixed reading FLI/FLC images with a prefix chunk #7804
[twolife]
Update wl-paste handling and return None for some errors in grabclipboard() on Linux #7745
[nik012003, radarhere]
Remove execute bit from
setup.py#7760[hugovk]
Do not support using test-image-results to upload images after test failures #7739
[radarhere]
Changed ImageMath.ops to be static #7721
[radarhere]
Fix APNG info after seeking backwards more than twice #7701
[esoma, radarhere]
Deprecate ImageCms constants and versions() function #7702
[nulano, radarhere]
Added PerspectiveTransform #7699
[radarhere]
Add support for reading and writing grayscale PFM images #7696
[nulano, hugovk]
Add LCMS2 flags to ImageCms #7676
[nulano, radarhere, hugovk]
Rename x64 to AMD64 in winbuild #7693
[nulano]
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.