python-pillow/Pillow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20,615 Commits 55 Branches 98 Tags 251 MiB
copilot-instructions
Commit Graph

20615 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Murray
b71096460f Update MANIFEST 2026-04-25 11:30:32 +10:00
Andrew Murray
933716f3d3 Added CLAUDE.md 2026-04-25 11:19:53 +10:00
Andrew Murray
6305a17401 Update alignment 2026-04-24 20:53:43 +10:00
Jeffrey 'Alex' Clark
35c3fcc7e3 Remove CI checks section from AGENTS.md 
Not actionable for agents — knowing workflow names and triggers
does not help write better code.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-22 20:04:35 -04:00
Jeffrey 'Alex' Clark
d9fb08b797 Update AGENTS.md 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-22 19:53:49 -04:00
Jeffrey 'Alex' Clark
17e6f08f83 Rename copilot-instructions.md -> AGENTS.md 2026-04-22 16:28:06 -04:00
Jeffrey 'Alex' Clark
718edc5cc7 Add .github/copilot-instructions.md 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-22 14:06:09 -04:00
Jeffrey 'Alex' Clark
ecef4fb33f
Add STRIDE threat model to security docs (#9562) 2026-04-22 12:33:03 -04:00
Jeffrey 'Alex' Clark
0cb00acc92 Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-22 12:32:08 -04:00
Jeffrey 'Alex' Clark
da06640873 docs: fix nested inline markup in E-3 and E-4 headings 
RST does not allow inline markup (backticks) nested inside bold
markers. Remove backticks from the E-3 and E-4 heading text so
they render correctly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:58:06 -04:00
Jeffrey 'Alex' Clark
d3b73ea462
Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-21 11:33:48 -04:00
Jeffrey 'Alex' Clark
5af49b380e docs: address Andrew's review comments on security.rst 
- Add image.getexif() alongside image._getexif() in T-1 mitigations
- Remove 'appended bytes' from T-2 (Pillow does not preserve them on resave)
- Reframe R-1 threat as user-facing (not Pillow dev advice); add
  DecompressionBombError to the log/alert list
- Add blank line before E-3 heading
- Qualify dependency list in recommendation #4 as non-exhaustive

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:32:36 -04:00
Jeffrey 'Alex' Clark
1f026416f9
Update docs/handbook/security.rst 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-21 11:23:54 -04:00
Jeffrey 'Alex' Clark
114e4d5695 docs: list all 8 C extensions in security threat model diagram 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-21 11:22:58 -04:00
Jeffrey 'Alex' Clark
2911422753 s/littlecms/littlecms2/ 2026-04-21 11:11:00 -04:00
Jeffrey 'Alex' Clark
13433dc0a9 Update docs/handbook/security.rst 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-21 11:10:19 -04:00
Hugo van Kemenade
9f6a6a6921
Catch subprocess.CalledProcessError in test_grab_x11 (#9578) 2026-04-21 13:17:20 +03:00
Andrew Murray
9867b51d89 Catch subprocess.CalledProcessError in test_grab_x11 2026-04-21 07:51:50 +10:00
Hugo van Kemenade
087376dc18
Hash pin GitHub Actions (#9568) 2026-04-17 17:18:41 +03:00
Hugo van Kemenade
2593703e51 Hash pin GitHub Actions 2026-04-17 15:54:41 +03:00
Jeffrey 'Alex' Clark
74e07b5b8a Lint 2026-04-16 06:48:09 -04:00
Jeffrey 'Alex' Clark
07b20b3b33 Remove Sensitive exception messages 2026-04-16 06:45:55 -04:00
Jeffrey 'Alex' Clark
0c0bdf8d5a Update security docs 
- docs/handbook/security.rst
- .github/SECURITY.md

Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-15 13:07:37 -04:00
Jeffrey 'Alex' Clark
b300e78838 Update docs/handbook/security.rst 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-04-15 13:07:30 -04:00
Andrew Murray
b893310045
Reorder renovate.json (#9565) 2026-04-16 00:22:23 +10:00
Andrew Murray
b27ae0b2fd Reorder to match dependencies order 2026-04-15 22:46:51 +10:00
Andrew Murray
237ab0763c Remove unneeded ? from matchStrings regex 2026-04-15 22:46:51 +10:00
Andrew Murray
ff00aaa6d3 Use keys from dependencies JSON 2026-04-15 22:46:51 +10:00
Andrew Murray
658d9ce258 Updated wheels path regex 2026-04-15 22:46:51 +10:00
Hugo van Kemenade
433e46471e
Move dependency versions to single JSON and enable Renovate (#9559) 2026-04-15 15:43:14 +03:00
Jeffrey 'Alex' Clark
082cf04e85
Add python-pillow GitHub Sponsors to FUNDING.yml (#9563) 2026-04-14 22:39:25 -04:00
Jeffrey 'Alex' Clark
2d89dcc7eb
Update .github/FUNDING.yml 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-14 22:37:55 -04:00
Jeffrey 'Alex' Clark
b71b4b98d9 Lint 2026-04-14 19:56:59 -04:00
Jeffrey 'Alex' Clark
c07f7e56a1 Add python-pillow GitHub Sponsors to FUNDING.yml 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-14 19:54:25 -04:00
Jeffrey 'Alex' Clark
9f24881521 Add STRIDE threat model to security docs 
- Update .github/SECURITY.md with threat model summary and link to handbook
- Add docs/handbook/security.rst with full STRIDE analysis (14 threats
  across Spoofing, Tampering, Repudiation, Information Disclosure,
  Denial of Service, and Elevation of Privilege categories)
- Add prioritised mitigation recommendations
- Link security.rst into the handbook toctree

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-14 12:13:45 -04:00
Hugo van Kemenade
6dd03edba8
Use GitLab as data source for FreeType 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-13 15:39:38 +03:00
Hugo van Kemenade
65767a0cf7
Use GitLab as data source for libtiff 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-12 12:08:07 +03:00
Hugo van Kemenade
a49c63208a Move dependency versions to single JSON and enable Renovate 2026-04-12 12:07:07 +03:00
Andrew Murray
3a3dab8bb0
Updated raqm to 0.10.5 (#9557) 2026-04-12 15:13:32 +10:00
Andrew Murray
4b911c889b
Correct environment URL (#9558) 2026-04-11 20:22:22 +10:00
Hugo van Kemenade
b04c9a3d2f
Add CVEs to 12.2.0 release notes (#9556) 2026-04-11 11:03:38 +03:00
Andrew Murray
3157407762
Remove or protect secrets in Actions (#9544) 2026-04-11 17:05:49 +10:00
Andrew Murray
fb1375d93b Added CVEs 2026-04-11 08:34:08 +10:00
Hugo van Kemenade
eda14b6c4a Restrict nightly Anaconda uploads to environment 2026-04-10 16:33:18 +03:00
Hugo van Kemenade
5ada8c8306
Use github.event.repository.fork (#9551) 2026-04-09 18:43:23 +03:00
Andrew Murray
6ede62874b
Update README with revised security policy (#9553) 2026-04-09 19:01:17 +10:00
Jeffrey 'Alex' Clark
b97034ae02 Link to New draft security advisory 2026-04-08 20:01:39 -04:00
Jeffrey 'Alex' Clark
77b2f6791a
Update security policy (#9552) 2026-04-08 16:23:51 -04:00
Jeffrey 'Alex' Clark
8f625f19ef
Update .github/SECURITY.md 
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
 2026-04-08 16:17:52 -04:00
Jeffrey 'Alex' Clark
8edb7734b5
Update .github/SECURITY.md 
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
 2026-04-08 14:52:36 -04:00