python-pillow/Pillow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20,713 Commits 55 Branches 98 Tags 251 MiB
main
Commit Graph

1233 Commits

Author SHA1 Message Date
Andrew Murray
764e315923 Revert "Switch iOS back to macos-15-intel" 
This reverts commit 27de86483d.
 2026-05-15 15:02:42 +10:00
Hugo van Kemenade
4dc442fb01 Don't force PYTHON_GIL=0, instead fail if anything re-enables 2026-05-12 23:45:03 +03:00
Hugo van Kemenade
0582f43bad No longer test experimental 3.13t 2026-05-12 20:41:07 +03:00
Hugo van Kemenade
22e47e38bb Simplify setting PYTHON_GIL 2026-05-12 20:41:07 +03:00
Hugo van Kemenade
ea5901535d
Compare dist sizes vs latest PyPI release (#9621) 
Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>
 2026-05-12 07:31:03 +10:00
Andrew Murray
70713d69b0 Do not generate SBOM in scheduled run on fork 2026-05-07 23:53:24 +10:00
renovate[bot]
689a7f37fd
Update google/oss-fuzz digest to d872252 (#9614) 2026-05-04 21:45:55 +10:00
Andrew Murray
ab25042353 Set prCreation to not-pending 2026-05-04 19:42:55 +10:00
Hugo van Kemenade
1cd2d0f67a
Update dependency lcms2 to v2.19 (#9609) 2026-05-03 19:06:59 +03:00
Hugo van Kemenade
5f469b6bd2
Update dependency libpng to v1.6.58 (#9608) 2026-05-03 19:06:30 +03:00
renovate[bot]
32b6c5f0ee
Update dependency harfbuzz to v14 2026-05-03 10:25:32 +00:00
renovate[bot]
956d434c68
Update dependency lcms2 to v2.19 2026-05-03 10:25:27 +00:00
renovate[bot]
3bbb7a2a04
Update dependency libpng to v1.6.58 2026-05-03 10:25:22 +00:00
renovate[bot]
d92b826c4a
Update github-actions 2026-05-03 06:03:07 +00:00
Hugo van Kemenade
be8563347b
SBOM: Use real versions from dependencies.json (#9593) 2026-05-01 00:05:37 +03:00
Hugo van Kemenade
fc47d07603
No need to sort a sorted list 2026-04-30 16:17:39 +03:00
Andrew Murray
4af29fb732 Restrict SBOM upload to Pillow JSON 2026-04-30 18:41:41 +10:00
Andrew Murray
0ef81c33af
Add Fedora 44 (#9594) 2026-04-29 10:30:17 +10:00
Hugo van Kemenade
f2ee74b2f8 Use versions from dependencies.json, remove historical 'tested on' 2026-04-28 15:58:33 +03:00
Hugo van Kemenade
99869f0313 Sort things alphabetically to make easier to find 2026-04-28 15:52:41 +03:00
Hugo van Kemenade
755b73b274 Deduplicate path triggers in workflows 2026-04-27 14:14:13 +03:00
Hugo van Kemenade
f0fe496315 Fix typo to trigger on self change 2026-04-27 13:44:52 +03:00
Hugo van Kemenade
fba17910aa
Test Ubuntu 26.04 LTS (Resolute Raccoon) (#9587) 2026-04-26 12:05:56 +03:00
Jeffrey 'Alex' Clark
d2b20102e4
Generate CycloneDX SBOM at release time via CI (#9550) 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com>
 2026-04-26 00:35:21 +03:00
Hugo van Kemenade
8c522096e8 Archive non-amd64 variants of 24.04 2026-04-25 14:38:17 +03:00
Hugo van Kemenade
855774a175 Test Ubuntu 26.04 
Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>
 2026-04-25 14:06:06 +03:00
Jeffrey 'Alex' Clark
1382fc4767
Add INCIDENT_RESPONSE.md (#9555) 2026-04-22 20:12:57 -04:00
Jeffrey 'Alex' Clark
c8c391b9c0 Update .github/INCIDENT_RESPONSE.md 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-22 20:11:03 -04:00
Jeffrey 'Alex' Clark
ecef4fb33f
Add STRIDE threat model to security docs (#9562) 2026-04-22 12:33:03 -04:00
Hugo van Kemenade
2593703e51 Hash pin GitHub Actions 2026-04-17 15:54:41 +03:00
Jeffrey 'Alex' Clark
0c0bdf8d5a Update security docs 
- docs/handbook/security.rst
- .github/SECURITY.md

Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-15 13:07:37 -04:00
Andrew Murray
b27ae0b2fd Reorder to match dependencies order 2026-04-15 22:46:51 +10:00
Andrew Murray
237ab0763c Remove unneeded ? from matchStrings regex 2026-04-15 22:46:51 +10:00
Andrew Murray
658d9ce258 Updated wheels path regex 2026-04-15 22:46:51 +10:00
Hugo van Kemenade
433e46471e
Move dependency versions to single JSON and enable Renovate (#9559) 2026-04-15 15:43:14 +03:00
Jeffrey 'Alex' Clark
2d89dcc7eb
Update .github/FUNDING.yml 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-14 22:37:55 -04:00
Jeffrey 'Alex' Clark
c07f7e56a1 Add python-pillow GitHub Sponsors to FUNDING.yml 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-14 19:54:25 -04:00
Jeffrey 'Alex' Clark
9f24881521 Add STRIDE threat model to security docs 
- Update .github/SECURITY.md with threat model summary and link to handbook
- Add docs/handbook/security.rst with full STRIDE analysis (14 threats
  across Spoofing, Tampering, Repudiation, Information Disclosure,
  Denial of Service, and Elevation of Privilege categories)
- Add prioritised mitigation recommendations
- Link security.rst into the handbook toctree

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-14 12:13:45 -04:00
Jeffrey 'Alex' Clark
a124ed208f Update template wording 2026-04-14 11:36:33 -04:00
Jeffrey 'Alex' Clark
ee24a11073 Update .github/INCIDENT_RESPONSE.md 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-14 11:26:03 -04:00
Hugo van Kemenade
6dd03edba8
Use GitLab as data source for FreeType 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-13 15:39:38 +03:00
Hugo van Kemenade
65767a0cf7
Use GitLab as data source for libtiff 
Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>
 2026-04-12 12:08:07 +03:00
Hugo van Kemenade
a49c63208a Move dependency versions to single JSON and enable Renovate 2026-04-12 12:07:07 +03:00
Andrew Murray
4b911c889b
Correct environment URL (#9558) 2026-04-11 20:22:22 +10:00
Andrew Murray
3157407762
Remove or protect secrets in Actions (#9544) 2026-04-11 17:05:49 +10:00
Jeffrey 'Alex' Clark
6e1ccab749 Address review feedback on INCIDENT_RESPONSE.md 
- Update CVSS v3.1 to CVSS 4.0 throughout
- Remove 'Direct maintainer contact' from detection sources
- Fix 'before it stays public' wording for user bug reports
- Simplify sections 7.3 and 7.4 to reference RELEASING.md instead
  of duplicating release process steps
- Update RELEASING.md Point release section with security-specific
  steps (amend CVE in commits, publish GitHub Security Advisory)
- Fix PyPI API tokens entry (remove GitHub secrets reference)
- Fix 404 PyPI manage URL (use correct case and /releases/ path)
- Replace security@pypi.org mailto with https://pypi.org/security/
- Remove unconfirmed 'Notify GitHub Security' bullet
- Fix section numbering: 10.x → 9.x under Section 9. Dependency Map
- Reorder: move 9.3 Responding to Upstream Vulnerability before 9.3
  Downstream Dependencies (now 9.2 and 9.3 respectively)
- Add anchor link for Section 5 reference in 9.2
- Add #plugin-list anchor to third-party plugins handbook link
- Fix GitLab issue tracker URLs to use /-/work_items for libtiff,
  freetype2, and bzip2
- Add pyproject.toml reference for complete optional dependencies list

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-10 10:58:43 -04:00
Jeffrey 'Alex' Clark
0cbdd2eff9
Update .github/INCIDENT_RESPONSE.md 
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
 2026-04-10 10:37:34 -04:00
Hugo van Kemenade
eda14b6c4a Restrict nightly Anaconda uploads to environment 2026-04-10 16:33:18 +03:00
Jeffrey 'Alex' Clark
24b12dc84f Combine plan maintenance into a single paragraph 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-10 07:49:37 -04:00
Jeffrey 'Alex' Clark
d016c90108 Remove active exploitation escalation bullet from incident response 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-10 07:44:27 -04:00