Fix typo (#9632 )

Fixed typo
Switch iOS back to macos-26-intel (#9631 )
2026-05-15 12:41:28 +03:00 · 2026-05-15 18:42:04 +10:00 · 2026-05-15 11:41:19 +03:00 · 2026-05-15 15:02:42 +10:00 · 2026-05-14 15:02:56 +03:00 · 2026-05-14 14:09:33 +03:00
278 changed files with 5925 additions and 2880 deletions
--- a/.ci/install.sh
+++ b/.ci/install.sh
@ -27,21 +27,20 @@ python3 -m pip install --upgrade wheel
 python3 -m pip install coverage
 python3 -m pip install defusedxml
 python3 -m pip install ipython
-python3 -m pip install numpy
 python3 -m pip install olefile
 python3 -m pip install -U pytest
 python3 -m pip install -U pytest-cov
 python3 -m pip install -U pytest-timeout
 python3 -m pip install pyroma
-# optional test dependency, only install if there's a binary package.
-# fails on beta 3.14 and PyPy
+# optional test dependencies, only install if there's a binary package.
+python3 -m pip install --only-binary=:all: numpy || true
 python3 -m pip install --only-binary=:all: pyarrow || true

 # PyQt6 doesn't support PyPy3
 if [[ $GHA_PYTHON_VERSION == 3.* ]]; then
    sudo apt-get -qq install libegl1 libxcb-cursor0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-shape0 libxkbcommon-x11-0
-    # TODO Update condition when pyqt6 supports free-threading
-    if ! [[ "$PYTHON_GIL" == "0" ]]; then python3 -m pip install pyqt6 ; fi
+    # pyqt6 doesn't yet support free-threading; only install if a wheel is available
+    python3 -m pip install --only-binary=:all: pyqt6 || true
 fi

 # webp
@ -54,7 +53,7 @@ pushd depends && ./install_imagequant.sh && popd
 pushd depends && sudo ./install_raqm.sh && popd

 # libavif
-pushd depends && sudo ./install_libavif.sh && popd
+pushd depends && ./install_libavif.sh && popd

 # extra test images
 pushd depends && ./install_extra_test_images.sh && popd
--- a/.ci/requirements-cibw.txt
+++ b/.ci/requirements-cibw.txt
@ -1 +1 @@
-cibuildwheel==3.2.1
+cibuildwheel==3.4.1
--- a/.ci/requirements-mypy.txt
+++ b/.ci/requirements-mypy.txt
@ -1,4 +1,4 @@
-mypy==1.18.2
+mypy==1.20.2
 arro3-compute
 arro3-core
 IceSpringPySideStubs-PyQt6
@ -9,7 +9,6 @@ packaging
 pyarrow-stubs
 pybind11
 pytest
-sphinx
 types-atheris
 types-defusedxml
 types-olefile
--- a/.ci/requirements-sbom.txt
+++ b/.ci/requirements-sbom.txt
@ -0,0 +1 @@
+check-jsonschema==0.37.1
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1 +1,2 @@
-tidelift: "pypi/pillow"
+github: python-pillow
+tidelift: pypi/pillow
--- a/.github/INCIDENT_RESPONSE.md
+++ b/.github/INCIDENT_RESPONSE.md
@ -0,0 +1,424 @@
+# Incident Response Plan — Pillow
+
+This document describes how the Pillow maintainers detect, triage, fix, communicate, and
+learn from security incidents. It supplements the existing [Security Policy](SECURITY.md)
+and [Release Checklist](../RELEASING.md).
+
+---
+
+## 1. Preparation
+
+Maintaining readiness before an incident occurs reduces response time and errors under pressure.
+
+### 1.1 Version Support Matrix
+
+Security fixes are applied to the **latest stable release only**. Users on older versions
+are expected to upgrade. Reporters should assume only the latest release will receive a patch.
+
+| Branch | Status |
+|---|---|
+| `main` / latest stable | ✅ Security fixes applied |
+| All older releases | ❌ No security support — please upgrade |
+
+### 1.2 Team Readiness
+
+The four members of the Pillow core team are in regular contact and share collective
+responsibility for incident response. Any core team member may act as Incident Lead.
+Contact details are known to all team members.
+
+### 1.3 Readiness Review
+
+At each quarterly release, maintainers should re-read this document and update any stale content.
+
+---
+
+## 2. Scope
+
+This plan covers:
+
+| Incident type | Examples |
+|---|---|
+| Vulnerability in Pillow's own Python or C code | Buffer overflow in an image decoder, integer overflow in `ImagingNew` |
+| Vulnerability in a bundled or wheel-shipped C library | libjpeg, libwebp, libtiff, libpng, openjpeg, libavif |
+| Supply-chain compromise | Malicious commit, stolen maintainer credentials, tampered PyPI wheel |
+| CI/CD or infrastructure compromise | GitHub Actions secret leak, Codecov breach, PyPI token exposure |
+| Critical non-security regression | Data-loss bug shipped in a release, crash on all supported platforms |
+
+---
+
+## 3. Definitions
+
+| Term | Meaning |
+|---|---|
+| **Incident** | Any event that compromises or threatens the confidentiality, integrity, or availability of Pillow's code, release artifacts, or infrastructure. |
+| **Vulnerability** | A security flaw in Pillow or a bundled library that can be exploited by a crafted image or API call. |
+| **Incident Lead** | The maintainer who owns coordination of the response from triage to closure. |
+| **Embargo** | A period during which fix details are kept private to allow coordinated patching before public disclosure. |
+| **Yank** | A PyPI action that keeps a release downloadable by pinned users but removes it from default `pip install` resolution. |
+| **CVE** | Common Vulnerabilities and Exposures — a public identifier assigned to a specific vulnerability. |
+| **CNA** | CVE Numbering Authority — GitHub is a CNA and can assign CVEs directly through the advisory workflow. |
+
+---
+
+## 4. Roles
+
+| Role | Responsibility |
+|---|---|
+| **Incident Lead** | First maintainer to triage the report. Owns the incident until resolution. |
+| **Patch Owner** | Writes and tests the fix (may be the same person as Incident Lead). |
+| **Release Manager** | Cuts the point release following [RELEASING.md](../RELEASING.md). |
+| **Communications Owner** | Drafts the GitHub Security Advisory, announces on Mastodon, notifies distros. |
+| **Tidelift Contact** | For reports that arrive via Tidelift, coordinate through the Tidelift security portal. |
+
+One person may fill multiple roles.
+
+---
+
+## 5. Severity Classification
+
+Use the [CVSS 4.0](https://www.first.org/cvss/v4.0/specification-document) base score as
+a guide, mapped to the following levels:
+
+| Severity | CVSS | Definition | Target Response SLA |
+|---|---|---|---|
+| **Critical** | 9.0 – 10.0 | Remote code execution, arbitrary write, or complete integrity/confidentiality loss achievable by opening a crafted image | Best effort; embargoed release where possible |
+| **High** | 7.0 – 8.9 | Heap/stack buffer overflow, use-after-free, or significant information disclosure | Best effort |
+| **Medium** | 4.0 – 6.9 | Denial of service via crafted image, out-of-bounds read, limited info disclosure | Next scheduled quarterly release, or earlier point release if needed |
+| **Low** | 0.1 – 3.9 | Minor information disclosure, unlikely to be exploitable in practice | Next quarterly release |
+
+Supply-chain and CI/CD incidents are always treated as **Critical** regardless of CVSS.
+
+> **Note:** These are good-faith targets for a small volunteer maintainer team, not contractual SLAs. Public safety and transparency will always be prioritised, even when timing varies.
+
+---
+
+## 6. Detection Sources
+
+Vulnerabilities and incidents may be reported or discovered through:
+
+1. **GitHub private security advisory** — preferred channel; see [SECURITY.md](SECURITY.md)
+2. **Tidelift security contact** — <https://tidelift.com/docs/security>
+3. **External researcher / coordinated disclosure** — e.g. Google Project Zero, vendor PSIRT
+4. **Automated scanning** — Dependabot, GitHub code-scanning (CodeQL), CI fuzzing
+5. **Distro security teams** — Debian, Red Hat, Ubuntu, Alpine may report upstream
+6. **User bug report** — public issue (reassess if it has security implications and convert to a private advisory if needed)
+
+---
+
+## 7. Response Process
+
+### 7.1 Triage (all severities)
+
+1. **Acknowledge receipt** to the reporter within **72 hours** using the template in
+   [Appendix A](#appendix-a-communication-templates). Ask the reporter:
+   - How they would like to be credited (name, handle, or anonymous)
+   - Whether they intend to publish their own advisory, and if so, their preferred timeline
+   - Thank them explicitly — reporters do the project a favour by disclosing privately.
+2. Reproduce the issue. If the report is invalid, close it and notify the reporter.
+3. Assign a severity level ([Section 5: Severity Classification](#5-severity-classification)).
+4. If the GitHub Security Advisory was not created by the reporter, create one now and keep
+   it **private** until the fix is released. Add the reporter as a collaborator if they wish
+   to be involved.
+5. **Request a CVE** through the GitHub Security Advisory workflow (GitHub is a CVE
+   Numbering Authority — no separate MITRE form required). The CVE is reserved privately
+   and published automatically when the advisory goes public.
+6. **Escalation** — Escalate beyond the core maintainer team if any of the following apply:
+   - The fix requires changes to CPython or a dependency outside Pillow's control → contact the relevant upstream immediately
+   - A legal concern arises (e.g. GDPR-reportable data exposure) → contact the project's legal/fiscal sponsor
+   - The Incident Lead is unreachable for > 24 hours on a Critical issue → any other maintainer may assume the role
+
+### 7.2 Fix Development
+
+1. Develop the fix in a **private fork** or directly in the private security advisory
+   workspace on GitHub. Do **not** push to a public branch before the embargo lifts.
+2. Write a regression test that fails before the fix and passes after.
+3. Review the patch with at least one other maintainer.
+
+### 7.3 Standard (Non-Embargoed) Release
+
+For Medium and Low severity, or when no distro pre-notification is needed:
+
+1. Merge the fix to `main`, then cherry-pick to all affected release branches
+   (see [RELEASING.md — Point release](../RELEASING.md)).
+2. Amend commit messages to include the CVE identifier.
+3. Follow the [Point release](../RELEASING.md#point-release) process in RELEASING.md to
+   tag, push, and confirm wheels are live on PyPI.
+4. Publish the GitHub Security Advisory (this simultaneously publishes the CVE).
+
+### 7.4 Embargoed Release
+
+For Critical and High severity where distro pre-notification improves user safety:
+
+1. Prepare patches against all affected release branches and test locally.
+2. Agree on an **embargo date** with the reporter (typically 7–14 days out, up to 90 days for
+   complex issues).
+3. Privately send the patch to distros via the
+   [linux-distros](https://oss-security.openwall.org/wiki/mailing-lists/distros) mailing list
+   or directly to individual distro security teams.
+4. On the embargo date:
+   - Amend commit messages with the CVE identifier.
+   - Follow the [Embargoed release](../RELEASING.md#embargoed-release) process in
+     RELEASING.md to tag, push, and confirm wheels are live on PyPI.
+   - Publish the GitHub Security Advisory.
+
+### 7.5 Supply-Chain / Infrastructure Compromise
+
+1. **Immediately** revoke any potentially compromised credentials:
+   - PyPI API tokens
+   - GitHub personal access tokens and OAuth apps
+   - Codecov or other CI service tokens
+2. Audit recent commits and releases for tampering:
+   - Verify release tags against known-good SHAs
+   - Re-inspect any wheel published since the potential compromise window
+3. If a PyPI release is suspected to be tampered: yank it immediately via the
+   [PyPI release management page](https://pypi.org/manage/project/Pillow/releases/)
+   (login required); see [https://pypi.org/security/](https://pypi.org/security/) for
+   reporting to the PyPI security team.
+4. Issue a public advisory describing the scope and any user action required.
+
+### 7.6 Recovery
+
+After the fix is released and the advisory is public:
+
+1. Verify that the patched wheels are live on PyPI and passing CI across all supported platforms.
+2. Confirm any yanked releases are handled correctly .
+3. Resume normal development operations on `main`.
+4. Monitor the GitHub issue tracker and Mastodon for user reports of residual problems for at least **72 hours** post-release.
+5. Close the private GitHub Security Advisory once recovery is confirmed.
+
+---
+
+## 8. Communication
+
+### Internal (during embargo)
+- Use the **private GitHub Security Advisory** thread for coordination with the reporter.
+- Use private communication channels for all other coordination.
+- Do not discuss details in public issues, PRs, or Gitter/IRC channels.
+
+### External (at or after disclosure)
+
+| Audience | Channel | Timing |
+|---|---|---|
+| General users | [GitHub Security Advisory](https://github.com/python-pillow/Pillow/security/advisories) | At release |
+| PyPI ecosystem | CVE published via advisory | At release |
+| Downstream distros | Direct email or linux-distros list | Before embargo date (embargoed) |
+| Tidelift subscribers | Tidelift security portal | At release (or coordinated) |
+| Community | [Mastodon @pillow](https://fosstodon.org/@pillow) | At release |
+
+**Advisory content should include:**
+- CVE identifier and CVSS score
+- Affected Pillow versions
+- Fixed version(s)
+- Nature of the vulnerability (without full exploit details if still fresh)
+- Credit to the reporter (with their consent)
+- Upgrade instructions (`python3 -m pip install --upgrade Pillow`)
+
+---
+
+## 9. Dependency Map
+
+Understanding what Pillow depends on (upstream) and what depends on Pillow (downstream)
+is essential for scoping impact and coordinating notifications during an incident.
+
+### 9.1 Upstream Dependencies
+
+#### Bundled C libraries (shipped in official wheels)
+
+These libraries are compiled into Pillow's binary wheels. A CVE in any of them may
+require a Pillow point release even if Pillow's own code is unchanged.
+
+| Library | Purpose | Security advisory tracker |
+|---|---|---|
+| [libjpeg-turbo](https://libjpeg-turbo.org/) | JPEG encode/decode | [GitHub](https://github.com/libjpeg-turbo/libjpeg-turbo/security) |
+| [libpng](http://www.libpng.org/pub/png/libpng.html) | PNG encode/decode within FreeType 2, OpenJPEG and WebP | [SourceForge](https://sourceforge.net/p/libpng/bugs/) |
+| [libtiff](https://libtiff.gitlab.io/libtiff/) | TIFF encode/decode | [GitLab](https://gitlab.com/libtiff/libtiff/-/work_items) |
+| [libwebp](https://chromium.googlesource.com/webm/libwebp) | WebP encode/decode | [Chromium tracker](https://issues.webmproject.org/issues) |
+| [libavif](https://github.com/AOMediaCodec/libavif) | AVIF encode/decode | [GitHub](https://github.com/AOMediaCodec/libavif/security) |
+| [aom](https://aomedia.googlesource.com/aom/) | AV1 codec (AVIF) | [Chromium tracker](https://aomedia.issues.chromium.org/issues) |
+| [dav1d](https://code.videolan.org/videolan/dav1d) | AV1 decode (AVIF) | [VideoLAN Security](https://www.videolan.org/security/) |
+| [openjpeg](https://www.openjpeg.org/) | JPEG 2000 encode/decode | [GitHub](https://github.com/uclouvain/openjpeg/security) |
+| [freetype2](https://freetype.org/) | Font rendering | [GitLab](https://gitlab.freedesktop.org/freetype/freetype/-/work_items) |
+| [lcms2](https://www.littlecms.com/) | ICC color management | [GitHub](https://github.com/mm2/Little-CMS/security) |
+| [harfbuzz](https://harfbuzz.github.io/) | Text shaping (via raqm) | [GitHub](https://github.com/harfbuzz/harfbuzz/security) |
+| [raqm](https://github.com/HOST-Oman/libraqm) | Complex text layout | [GitHub](https://github.com/HOST-Oman/libraqm) |
+| [fribidi](https://github.com/fribidi/fribidi) | Unicode bidi (via raqm) | [GitHub](https://github.com/fribidi/fribidi) |
+| [zlib](https://zlib.net/) | Deflate compression | [zlib.net](https://zlib.net/) |
+| [liblzma / xz-utils](https://tukaani.org/xz/) | XZ/LZMA compression | [GitHub](https://github.com/tukaani-project/xz/security) |
+| [bzip2](https://gitlab.com/bzip2/bzip2) | BZ2 compression | [GitLab](https://gitlab.com/bzip2/bzip2/-/work_items) |
+| [zstd](https://github.com/facebook/zstd) | Zstandard compression | [GitHub](https://github.com/facebook/zstd/security) |
+| [brotli](https://github.com/google/brotli) | Brotli compression | [GitHub](https://github.com/google/brotli/security) |
+| [libyuv](https://chromium.googlesource.com/libyuv/libyuv/) | YUV conversion | [Chromium tracker](https://libyuv.issues.chromium.org/issues) |
+
+#### Python-level dependencies
+
+| Package | Required? | Purpose |
+|---|---|---|
+| `setuptools` | Build-time only | Package build backend |
+| `pybind11` | Build-time only | Compile C files in parallel |
+| `olefile` | Optional (`fpx`, `mic` extras) | OLE2 container parsing (FPX, MIC formats) |
+| `defusedxml` | Optional (`xmp` extra) | Safe XML parsing for XMP metadata |
+
+See [`pyproject.toml`](../pyproject.toml) for the complete and authoritative list of
+optional dependencies.
+
+### 9.2 Responding to an Upstream Vulnerability
+
+When a CVE is published for a bundled C library:
+
+1. Assess whether the vulnerable code path is reachable through Pillow's API.
+2. If reachable, treat as a Pillow vulnerability and follow [Section 5: Severity Classification](#5-severity-classification).
+3. Update the bundled library version in the wheel build scripts and rebuild wheels.
+4. Reference the upstream CVE in Pillow's release notes and GitHub Security Advisory.
+5. If not reachable, document the rationale in a public issue so downstream distributors
+   can make informed decisions about patching their system packages.
+
+### 9.3 Downstream Dependencies
+
+A vulnerability in Pillow can have wide impact. Notify or consider the blast radius of
+these downstream consumers when assessing severity and planning communications.
+
+#### Linux distribution packages
+
+| Distribution | Package name | Security contact |
+|---|---|---|
+| Debian / Ubuntu | `python3-pil` | [Debian Security](https://www.debian.org/security/) / [Ubuntu Security](https://ubuntu.com/security) |
+| Fedora / RHEL / CentOS | `python3-pillow` | [Red Hat Security](https://access.redhat.com/security/) |
+| Alpine Linux | `py3-pillow` | [Alpine security](https://security.alpinelinux.org/) |
+| Arch Linux | `python-pillow` | [Arch security tracker](https://security.archlinux.org/) |
+| Homebrew | `pillow` | [Homebrew maintainers](https://github.com/Homebrew/homebrew-core/security) |
+| conda-forge | `pillow` | [conda-forge](https://github.com/conda-forge/pillow-feedstock) |
+
+#### Major Python ecosystem consumers
+
+These are high-profile projects known to depend on Pillow; a critical vulnerability may
+warrant proactive notification.
+
+| Project | Usage |
+|---|---|
+| [matplotlib](https://matplotlib.org/) | Image I/O for plots |
+| [scikit-image](https://scikit-image.org/) | Image processing |
+| [torchvision](https://github.com/pytorch/vision) (PyTorch) | Dataset loading, transforms |
+| [Keras / TensorFlow](https://keras.io/) | Image preprocessing utilities |
+| [Django](https://www.djangoproject.com/) | `ImageField` validation and thumbnail generation |
+| [Wagtail](https://wagtail.org/) | CMS image renditions |
+| [Plone](https://plone.org/) | CMS image handling |
+| [Jupyter / IPython](https://jupyter.org/) | Inline image display |
+| [ReportLab](https://www.reportlab.com/) | PDF image embedding |
+| [Tidelift subscribers](https://tidelift.com/) | Enterprise consumers (coordinated via Tidelift) |
+
+#### Pillow ecosystem plugins
+
+Third-party plugins extend Pillow and are distributed separately on PyPI. Their
+maintainers should be notified for Critical/High issues that affect the plugin API
+or the formats they decode. See the
+[full plugin list](https://pillow.readthedocs.io/en/stable/handbook/third-party-plugins.html#plugin-list).
+
+---
+
+## 11. Plan Maintenance
+
+This document is a living record. It should be kept current so it is useful when an incident actually occurs. Revisit it during the [Section 1.3 readiness review](#13-readiness-review) at each quarterly release.
+
+---
+
+## 12. References
+
+- [Security Policy](SECURITY.md)
+- [Release Checklist](../RELEASING.md)
+- [Contributing Guide](CONTRIBUTING.md)
+- [Tidelift Security Contact](https://tidelift.com/docs/security)
+- [GitHub: Privately reporting a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability)
+- [GitHub as a CVE Numbering Authority (CNA)](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)
+- [FIRST CVSS 4.0 Calculator](https://www.first.org/cvss/calculator/4.0)
+- [linux-distros mailing list](https://oss-security.openwall.org/wiki/mailing-lists/distros)
+- [OpenSSF CVD Guide](https://github.com/ossf/oss-vulnerability-guide) *(basis for this plan)*
+
+---
+
+## Appendix A: Communication Templates
+
+### A.1 Reporter Acknowledgment
+
+> Subject: Re: [Security] \<brief issue description\>
+>
+> Hi \<name\>,
+>
+> Thank you for taking the time to report this issue. We appreciate it.
+>
+> We have received your report and will review it as soon as possible. We will
+> keep you updated on our progress.
+>
+> Questions:
+>
+> - How would you like to be credited in the advisory? (name, handle,
+>   organisation, or anonymous)
+> - Do you plan to publish your own write-up or advisory? If so, do you have a
+>   disclosure date in mind?
+>
+> We apply coordinated disclosure principles to all vulnerability reports. If
+> you have any questions or concerns at any point, please reply to this thread.
+>
+> Thank you again,
+> The Pillow team
+
+### A.2 Embargoed Distro Notification
+
+> Subject: [EMBARGOED] Pillow security issue — \<CVE-XXXX-XXXXX\> — disclosure \<DATE\>
+>
+> This is an embargoed notification of a vulnerability in Pillow. Please keep this
+> information confidential until the disclosure date listed below.
+>
+> **CVE:** \<CVE-XXXX-XXXXX\>
+>
+> **Affected versions:** \<e.g. Pillow < 11.x.x\>
+>
+> **Fixed version:** \<version\>
+>
+> **Severity:** \<Critical / High / Medium / Low\> (CVSS \<score\>: \<vector\>)
+>
+> **Reporter:** \<name / affiliation, or "reported privately"\>
+>
+> **Public disclosure date:** \<DATE TIME UTC\>
+>
+> **Summary:**
+> \<One paragraph describing the vulnerability class and impact without a full exploit.\>
+>
+> **Proof of concept:**
+> \<Minimal reproducer or attached patch.\>
+>
+> **Remediation:**
+> Upgrade to Pillow \<fixed version\>. No known workaround.
+>
+> Please do not share this information, issue public patches, or make user communications
+> before the disclosure date. We will notify this list immediately if the date changes.
+>
+> — The Pillow maintainers
+
+### A.3 Public Disclosure Advisory
+
+*(Published as a GitHub Security Advisory; the CVE and date are included automatically.)*
+
+> **Summary:** \<One-paragraph technical summary.\>
+>
+> **CVE:** \<CVE-XXXX-XXXXX\>
+>
+> **Affected versions:** Pillow \< \<fixed version\>
+>
+> **Fixed version:** \<version\>
+>
+> **Severity:** \<rating\> (CVSS \<score\>)
+>
+> **Reporter:** \<credited name / "reported privately"\>
+>
+> **Details:**
+> \<Fuller technical description. Include attack scenario where helpful.\>
+>
+> **Remediation:**
+> ```
+> python3 -m pip install --upgrade Pillow
+> ```
+>
+> **Timeline:**
+> - Reported: \<date\>
+> - Fixed: \<date\>
+> - Disclosed: \<date\>
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@ -1,5 +1,21 @@
 # Security policy

-To report sensitive vulnerability information, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
+## Reporting a vulnerability

-If your organisation/employer is a distributor of Pillow and would like advance notification of security-related bugs, please let us know your preferred contact method.
+To report sensitive vulnerability information, report it [privately on GitHub](https://github.com/python-pillow/Pillow/security/advisories/new).
+
+If you cannot use GitHub, use the [Tidelift security contact](https://tidelift.com/docs/security). Tidelift will coordinate the fix and disclosure.
+
+**DO NOT report sensitive vulnerability information in public.**
+
+## Threat model
+
+Pillow's primary attack surface is parsing untrusted image data. A full STRIDE threat model covering spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege is maintained in the [Security handbook page](https://pillow.readthedocs.io/en/latest/handbook/security.html).
+
+Key risks to be aware of when using Pillow to process untrusted images:
+
+- **Decompression bombs** — do not set `Image.MAX_IMAGE_PIXELS = None` in production.
+- **EPS files invoke Ghostscript** — block EPS input at the application layer unless strictly required.
+- **`ImageMath.unsafe_eval()`** — never pass user-controlled strings to this function; use `lambda_eval` instead.
+- **C extension memory safety** — keep Pillow and its bundled C libraries (libjpeg, libpng, libtiff, libwebp, etc.) up to date.
+- **Sandboxing** — for high-risk deployments, run image processing in a sandboxed subprocess.
--- a/.github/compare-dist-sizes.py
+++ b/.github/compare-dist-sizes.py
@ -0,0 +1,271 @@
+"""Compare sizes of newly-built dists against the latest release on PyPI.
+
+Fetches file sizes for the latest Pillow release from the PyPI JSON API
+(no download required) and compares them to a directory of freshly-built
+wheels and sdist. Outputs a table to stdout (and to
+`$GITHUB_STEP_SUMMARY` if set).
+
+Usage:
+    `uv run .github/compare-dist-sizes.py <dist-dir>`
+"""
+
+# /// script
+# requires-python = ">=3.10"
+# dependencies = [
+#     "humanize",
+#     "prettytable",
+#     "termcolor",
+# ]
+# ///
+
+from __future__ import annotations
+
+import argparse
+import json
+import os
+import re
+import sys
+import urllib.request
+from pathlib import Path
+
+import humanize
+from prettytable import PrettyTable, TableStyle
+from termcolor import colored
+
+PYPI_JSON_URL = "https://pypi.org/pypi/pillow/json"
+
+# Wheel filename: {distribution}-{version}(-{build})?-{python}-{abi}-{platform}.whl
+# sdist filename: {distribution}-{version}.tar.gz
+WHEEL_RE = re.compile(
+    r"^[^-]+-[^-]+(?:-(?P<build>\d[^-]*))?"
+    r"-(?P<python>[^-]+)-(?P<abi>[^-]+)-(?P<platform>[^-]+)\.whl$",
+    re.IGNORECASE,
+)
+SDIST_RE = re.compile(
+    r"^(?P<dist>[^-]+)-(?P<version>.+)\.tar\.gz$",
+    re.IGNORECASE,
+)
+
+
+def key_for(filename: str) -> str:
+    """Return a version-independent identifier for a dist file."""
+    if m := WHEEL_RE.match(filename):
+        build = f"{m['build']}-" if m["build"] else ""
+        return f"wheel:{build}{m['python']}-{m['abi']}-{m['platform']}"
+    if SDIST_RE.match(filename):
+        return "sdist"
+    msg = f"Unexpected dist name: {filename}"
+    raise ValueError(msg)
+
+
+def display_for(filename: str) -> str:
+    """Strip the `pillow-{version}-` prefix for compact table display."""
+    if m := WHEEL_RE.match(filename):
+        build = f"{m['build']}-" if m["build"] else ""
+        return f"{build}{m['python']}-{m['abi']}-{m['platform']}.whl"
+    if SDIST_RE.match(filename):
+        return "sdist (.tar.gz)"
+    return filename
+
+
+def fetch_pypi_sizes() -> tuple[str, dict[str, tuple[str, int]]]:
+    """Return (version, {key: (filename, size)}) for the latest PyPI release."""
+    with urllib.request.urlopen(PYPI_JSON_URL) as response:
+        data = json.load(response)
+    version = data["info"]["version"]
+    sizes: dict[str, tuple[str, int]] = {}
+    for entry in data.get("urls", []):
+        filename = entry["filename"]
+        key = key_for(filename)
+        sizes[key] = (filename, entry["size"])
+    return version, sizes
+
+
+def collect_local_sizes(dist_dir: Path) -> dict[str, tuple[str, int]]:
+    sizes: dict[str, tuple[str, int]] = {}
+    for path in sorted(dist_dir.iterdir()):
+        if not path.is_file():
+            continue
+        key = key_for(path.name)
+        sizes[key] = (path.name, path.stat().st_size)
+    return sizes
+
+
+def human(n: int | None) -> str:
+    if n is None:
+        return "n/a"
+    return humanize.naturalsize(n)
+
+
+def pct_change(before: int | None, after: int | None) -> str:
+    if before is None or after is None:
+        return "n/a"
+    delta = 0 if before == 0 else (after - before) / before * 100
+    return f"{delta:+.2f}%"
+
+
+def pct_severity(text: str) -> dict[str, str] | None:
+    """Return status indicators based on the change percent."""
+    if text == "n/a":
+        return None
+    pct = float(text.rstrip("%"))
+    if pct >= 5:
+        return {"color": "red", "emoji": "🔴"}
+    if pct > 0:
+        return {"color": "yellow", "emoji": "🟡"}
+    else:
+        return {"color": "green", "emoji": "🟢"}
+
+
+def render_table(
+    baseline_label: str,
+    baseline_sizes: dict[str, tuple[str, int]],
+    local_sizes: dict[str, tuple[str, int]],
+    *,
+    markdown: bool,
+) -> str:
+    table = PrettyTable()
+    table.set_style(TableStyle.MARKDOWN if markdown else TableStyle.SINGLE_BORDER)
+    table.field_names = ["File", "Size before", "Size now", "Change"]
+    table.align = "r"
+    table.align["File"] = "l"
+
+    def style(cells: list[str], role: str) -> list[str]:
+        severity = pct_severity(cells[3])
+        if markdown:
+            if severity:
+                cells[3] = f"{severity['emoji']} {cells[3]}"
+            if role == "orphan":
+                return [f"*{c}*" for c in cells]
+            if role == "summary":
+                return [f"**{c}**" for c in cells]
+            return cells
+
+        if role == "orphan":
+            return [colored(c, "dark_grey") for c in cells]
+
+        bold_attrs = ["bold"] if role == "summary" else []
+        if bold_attrs:
+            cells[:3] = [colored(c, attrs=bold_attrs) for c in cells[:3]]
+        if severity:
+            cells[3] = colored(cells[3], severity["color"], attrs=bold_attrs)
+        elif bold_attrs:
+            cells[3] = colored(cells[3], attrs=bold_attrs)
+        return cells
+
+    keys = list(set(baseline_sizes) | set(local_sizes))
+    # Put sdist first for readability
+    keys.sort(key=lambda k: (k != "sdist", k))
+
+    wheel_before = []
+    wheel_after = []
+    total_before = []
+    total_after = []
+    for key in keys:
+        baseline_entry = baseline_sizes.get(key)
+        local_entry = local_sizes.get(key)
+        display_name = display_for((local_entry or baseline_entry)[0])
+        before = baseline_entry[1] if baseline_entry else None
+        after = local_entry[1] if local_entry else None
+        if after is None:
+            # Removed since baseline: ignore in totals
+            role = "orphan"
+        else:
+            # Present locally (in both, or newly added): count in totals
+            total_after.append(after)
+            if before is not None:
+                total_before.append(before)
+            if key != "sdist":
+                wheel_after.append(after)
+                if before is not None:
+                    wheel_before.append(before)
+            role = "data"
+        cells = [
+            display_name,
+            human(before),
+            human(after),
+            pct_change(before, after),
+        ]
+        table.add_row(style(cells, role))
+
+    if not markdown:
+        table.add_divider()
+
+    if wheel_after:
+        avg_before = sum(wheel_before) // len(wheel_before) if wheel_before else None
+        table.add_row(
+            style(
+                [
+                    f"wheel average ({len(wheel_after)} wheels)",
+                    human(avg_before),
+                    human(sum(wheel_after) // len(wheel_after)),
+                    pct_change(avg_before, sum(wheel_after) // len(wheel_after)),
+                ],
+                "summary",
+            )
+        )
+        table.add_row(
+            style(
+                [
+                    f"wheel total ({len(wheel_after)} wheels)",
+                    human(sum(wheel_before)),
+                    human(sum(wheel_after)),
+                    pct_change(sum(wheel_before), sum(wheel_after)),
+                ],
+                "summary",
+            ),
+            divider=not markdown,
+        )
+
+    if total_after:
+        table.add_row(
+            style(
+                [
+                    f"artifacts total ({len(total_after)} artifacts)",
+                    human(sum(total_before)),
+                    human(sum(total_after)),
+                    pct_change(sum(total_before), sum(total_after)),
+                ],
+                "summary",
+            )
+        )
+
+    title = f"## Dist size comparison vs {baseline_label}"
+    if not markdown:
+        title = colored(title, attrs=["bold"])
+    return f"{title}\n\n{table.get_string()}\n"
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(
+        description=__doc__, formatter_class=argparse.ArgumentDefaultsHelpFormatter
+    )
+    parser.add_argument(
+        "dist_dir",
+        type=Path,
+        help="Directory containing newly-built wheels and sdist",
+    )
+    args = parser.parse_args()
+
+    if not args.dist_dir.is_dir():
+        print(f"error: {args.dist_dir} is not a directory", file=sys.stderr)
+        return 1
+
+    baseline_version, baseline_sizes = fetch_pypi_sizes()
+    baseline_label = f"Pillow {baseline_version} on PyPI"
+
+    local_sizes = collect_local_sizes(args.dist_dir)
+
+    print(render_table(baseline_label, baseline_sizes, local_sizes, markdown=False))
+
+    if summary_path := os.environ.get("GITHUB_STEP_SUMMARY"):
+        with open(summary_path, "a", encoding="utf-8") as f:
+            f.write(
+                render_table(baseline_label, baseline_sizes, local_sizes, markdown=True)
+            )
+
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())
--- a/.github/dependencies.json
+++ b/.github/dependencies.json
@ -0,0 +1,19 @@
+{
+  "brotli": "1.2.0",
+  "bzip2": "1.0.8",
+  "freetype": "2.14.3",
+  "fribidi": "1.0.16",
+  "harfbuzz": "14.2.0",
+  "jpegturbo": "3.1.4.1",
+  "lcms2": "2.19",
+  "libavif": "1.4.1",
+  "libimagequant": "4.4.1",
+  "libpng": "1.6.58",
+  "libwebp": "1.6.0",
+  "libxcb": "1.17.0",
+  "openjpeg": "2.5.4",
+  "tiff": "4.7.1",
+  "xz": "5.8.3",
+  "zlib-ng": "2.3.3",
+  "zstd": "1.5.7"
+}
--- a/.github/generate-sbom.py
+++ b/.github/generate-sbom.py
@ -0,0 +1,560 @@
+#!/usr/bin/env python3
+"""Generate a CycloneDX 1.7 SBOM for Pillow's C extensions and their
+vendored/optional native library dependencies.
+
+Usage:
+    python3 .github/generate-sbom.py [output-file]
+
+Output defaults to pillow-{version}.cdx.json in the current directory.
+"""
+
+from __future__ import annotations
+
+import argparse
+import base64
+import datetime as dt
+import difflib
+import hashlib
+import json
+import urllib.request
+import uuid
+from pathlib import Path
+
+
+def get_version() -> str:
+    version_file = Path(__file__).parent.parent / "src" / "PIL" / "_version.py"
+    return version_file.read_text(encoding="utf-8").split('"')[1]
+
+
+def load_dep_versions() -> dict[str, str]:
+    deps_file = Path(__file__).parent / "dependencies.json"
+    return json.loads(deps_file.read_text(encoding="utf-8"))
+
+
+def sha256_file(path: Path) -> str:
+    return hashlib.sha256(path.read_bytes()).hexdigest()
+
+
+def upstream_diff_b64(
+    upstream_url: str,
+    upstream_display: bytes,
+    local_path: Path,
+    local_display: bytes,
+) -> str:
+    """
+    Fetch an upstream file and return a base64-encoded unified diff vs the local copy.
+    """
+    with urllib.request.urlopen(upstream_url) as resp:
+        upstream_text = resp.read()
+    local_text = local_path.read_bytes()
+    diff_lines = difflib.diff_bytes(
+        difflib.unified_diff,
+        upstream_text.splitlines(keepends=True),
+        local_text.splitlines(keepends=True),
+        fromfile=b"a/" + upstream_display,
+        tofile=b"b/" + local_display,
+    )
+    return base64.b64encode(b"".join(diff_lines)).decode()
+
+
+def generate(version: str) -> dict:
+    serial = str(uuid.uuid4())
+    now = dt.datetime.now(dt.timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+    purl = f"pkg:pypi/pillow@{version}"
+    root = Path(__file__).parent.parent
+    thirdparty = root / "src" / "thirdparty"
+    versions = load_dep_versions()
+
+    metadata_component = {
+        "bom-ref": purl,
+        "type": "library",
+        "name": "Pillow",
+        "version": version,
+        "description": "Python Imaging Library (fork)",
+        "licenses": [{"license": {"id": "MIT-CMU"}}],
+        "purl": purl,
+        "externalReferences": [
+            {"type": "website", "url": "https://python-pillow.github.io"},
+            {"type": "vcs", "url": "https://github.com/python-pillow/Pillow"},
+            {"type": "documentation", "url": "https://pillow.readthedocs.io"},
+            {
+                "type": "security-contact",
+                "url": "https://github.com/python-pillow/Pillow/security/policy",
+            },
+        ],
+    }
+
+    c_extensions = [
+        ("PIL._avif", "AVIF image format extension"),
+        (
+            "PIL._imaging",
+            "Core image processing extension "
+            "(decode, encode, map, display, outline, path, libImaging)",
+        ),
+        ("PIL._imagingcms", "LittleCMS2 colour management extension"),
+        ("PIL._imagingft", "FreeType font rendering extension"),
+        ("PIL._imagingmath", "Image math operations extension"),
+        ("PIL._imagingmorph", "Image morphology extension"),
+        ("PIL._imagingtk", "Tk/Tcl display extension"),
+        ("PIL._webp", "WebP image format extension"),
+    ]
+
+    ext_components = [
+        {
+            "bom-ref": f"{purl}#c-ext/{name}",
+            "type": "library",
+            "name": name,
+            "version": version,
+            "description": desc,
+            "licenses": [{"license": {"id": "MIT-CMU"}}],
+            "purl": f"{purl}#c-ext/{name}",
+        }
+        for name, desc in c_extensions
+    ]
+
+    vendored_components = [
+        {
+            "bom-ref": f"{purl}#thirdparty/fribidi-shim",
+            "type": "library",
+            "name": "fribidi-shim",
+            "version": "1.x",
+            "description": "FriBiDi runtime-loading shim "
+            "(vendored in src/thirdparty/fribidi-shim/); "
+            "loads libfribidi dynamically",
+            "licenses": [{"license": {"id": "LGPL-2.1-or-later"}}],
+            "hashes": [
+                {
+                    "alg": "SHA-256",
+                    "content": sha256_file(thirdparty / "fribidi-shim" / "fribidi.c"),
+                }
+            ],
+            "pedigree": {
+                "notes": "Pillow-authored shim; not taken from an upstream project."
+            },
+            "externalReferences": [
+                {"type": "website", "url": "https://github.com/fribidi/fribidi"},
+            ],
+        },
+        {
+            "bom-ref": "pkg:github/python/pythoncapi-compat",
+            "type": "library",
+            "name": "pythoncapi_compat",
+            "description": "Backport header for new CPython C-API functions "
+            "(vendored in src/thirdparty/pythoncapi_compat.h)",
+            "licenses": [{"license": {"id": "0BSD"}}],
+            "hashes": [
+                {
+                    "alg": "SHA-256",
+                    "content": sha256_file(thirdparty / "pythoncapi_compat.h"),
+                }
+            ],
+            "pedigree": {
+                "notes": "Vendored unmodified from upstream python/pythoncapi-compat."
+            },
+            "externalReferences": [
+                {
+                    "type": "vcs",
+                    "url": "https://github.com/python/pythoncapi-compat",
+                },
+            ],
+        },
+        {
+            "bom-ref": f"{purl}#thirdparty/raqm",
+            "type": "library",
+            "name": "raqm",
+            "version": "0.10.5",
+            "description": "Complex text layout library "
+            "(vendored in src/thirdparty/raqm/)",
+            "licenses": [{"license": {"id": "MIT"}}],
+            "hashes": [
+                {
+                    "alg": "SHA-256",
+                    "content": sha256_file(thirdparty / "raqm" / "raqm.c"),
+                }
+            ],
+            "pedigree": {
+                "ancestors": [
+                    {
+                        "bom-ref": "pkg:github/HOST-Oman/libraqm@0.10.5#upstream",
+                        "type": "library",
+                        "name": "raqm",
+                        "version": "0.10.5",
+                        "purl": "pkg:github/HOST-Oman/libraqm@0.10.5",
+                        "externalReferences": [
+                            {
+                                "type": "distribution",
+                                "url": "https://github.com/HOST-Oman/libraqm/releases/tag/v0.10.5",
+                            }
+                        ],
+                    }
+                ],
+                "patches": [
+                    {
+                        "type": "unofficial",
+                        "diff": {
+                            "text": {
+                                # raqm-version.h.in → raqm-version.h:
+                                # template @RAQM_VERSION_*@ placeholders replaced
+                                # with literal 0.10.5 values; filename changed to
+                                # drop the .in suffix; minor indentation fix.
+                                "content": upstream_diff_b64(
+                                    "https://raw.githubusercontent.com/HOST-Oman/libraqm/v0.10.5/src/raqm-version.h.in",
+                                    b"src/raqm-version.h.in",
+                                    thirdparty / "raqm" / "raqm-version.h",
+                                    b"src/raqm-version.h",
+                                ),
+                                "encoding": "base64",
+                            }
+                        },
+                    },
+                    {
+                        "type": "unofficial",
+                        "diff": {
+                            "text": {
+                                # raqm.c: wrap the <fribidi.h> include in an
+                                # #ifdef HAVE_FRIBIDI_SYSTEM guard so that when
+                                # building without a system FriBiDi Pillow's own
+                                # fribidi-shim is used instead.
+                                "content": upstream_diff_b64(
+                                    "https://raw.githubusercontent.com/HOST-Oman/libraqm/v0.10.5/src/raqm.c",
+                                    b"src/raqm.c",
+                                    thirdparty / "raqm" / "raqm.c",
+                                    b"src/raqm.c",
+                                ),
+                                "encoding": "base64",
+                            }
+                        },
+                    },
+                ],
+                "notes": (
+                    "Vendored from upstream HOST-Oman/libraqm v0.10.5 with two "
+                    "Pillow-specific modifications: (1) raqm-version.h.in was "
+                    "pre-processed into raqm-version.h with version placeholders "
+                    "replaced by literal values; (2) raqm.c wraps the <fribidi.h> "
+                    "include in an #ifdef HAVE_FRIBIDI_SYSTEM guard so Pillow's "
+                    "bundled fribidi-shim is used when a system FriBiDi is absent."
+                ),
+            },
+            "externalReferences": [
+                {
+                    "type": "vcs",
+                    "url": "https://github.com/python-pillow/Pillow/tree/main/src/thirdparty/raqm",
+                },
+            ],
+        },
+    ]
+
+    native_deps = [
+        {
+            "bom-ref": "pkg:generic/freetype2",
+            "type": "library",
+            "name": "FreeType",
+            "version": versions["freetype"],
+            "scope": "optional",
+            "description": "Font rendering (optional, used by PIL._imagingft). "
+            "Required for text/font support.",
+            "licenses": [{"license": {"id": "FTL"}}],
+            "externalReferences": [
+                {"type": "website", "url": "https://freetype.org"},
+                {
+                    "type": "distribution",
+                    "url": "https://download.savannah.gnu.org/releases/freetype/",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:generic/fribidi",
+            "type": "library",
+            "name": "FriBiDi",
+            "version": versions["fribidi"],
+            "scope": "optional",
+            "description": "Unicode bidi algorithm library (optional, "
+            "loaded at runtime by fribidi-shim).",
+            "licenses": [{"license": {"id": "LGPL-2.1-or-later"}}],
+            "externalReferences": [
+                {"type": "website", "url": "https://github.com/fribidi/fribidi"},
+                {
+                    "type": "distribution",
+                    "url": "https://github.com/fribidi/fribidi/releases",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:generic/harfbuzz",
+            "type": "library",
+            "name": "HarfBuzz",
+            "version": versions["harfbuzz"],
+            "scope": "optional",
+            "description": "Text shaping (optional, required by libraqm "
+            "for complex text layout).",
+            "licenses": [{"license": {"id": "MIT"}}],
+            "externalReferences": [
+                {"type": "website", "url": "https://harfbuzz.github.io"},
+                {
+                    "type": "distribution",
+                    "url": "https://github.com/harfbuzz/harfbuzz/releases",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:generic/libavif",
+            "type": "library",
+            "name": "libavif",
+            "version": versions["libavif"],
+            "scope": "optional",
+            "description": "AVIF codec (optional, used by PIL._avif).",
+            "licenses": [{"license": {"id": "BSD-2-Clause"}}],
+            "externalReferences": [
+                {"type": "website", "url": "https://github.com/AOMediaCodec/libavif"},
+                {
+                    "type": "distribution",
+                    "url": "https://github.com/AOMediaCodec/libavif/releases",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:generic/libimagequant",
+            "type": "library",
+            "name": "libimagequant",
+            "version": versions["libimagequant"],
+            "scope": "optional",
+            "description": "Improved colour quantization (optional).",
+            "licenses": [{"license": {"id": "GPL-3.0-or-later"}}],
+            "externalReferences": [
+                {"type": "website", "url": "https://pngquant.org/lib/"},
+                {
+                    "type": "distribution",
+                    "url": "https://github.com/ImageOptim/libimagequant/tags",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:generic/libjpeg",
+            "type": "library",
+            "name": "libjpeg / libjpeg-turbo",
+            "version": versions["jpegturbo"],
+            "description": "JPEG codec (required by default; disable with "
+            "-C jpeg=disable).",
+            "licenses": [
+                {"license": {"id": "IJG"}},
+                {"license": {"id": "BSD-3-Clause"}},
+            ],
+            "externalReferences": [
+                {"type": "website", "url": "https://ijg.org"},
+                {"type": "website", "url": "https://libjpeg-turbo.org"},
+                {
+                    "type": "distribution",
+                    "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/releases",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:generic/libtiff",
+            "type": "library",
+            "name": "libtiff",
+            "version": versions["tiff"],
+            "scope": "optional",
+            "description": "TIFF codec (optional).",
+            "licenses": [{"license": {"id": "libtiff"}}],
+            "externalReferences": [
+                {"type": "website", "url": "https://libtiff.gitlab.io/libtiff/"},
+                {
+                    "type": "distribution",
+                    "url": "https://download.osgeo.org/libtiff/",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:generic/libwebp",
+            "type": "library",
+            "name": "libwebp",
+            "version": versions["libwebp"],
+            "scope": "optional",
+            "description": "WebP codec (optional, used by PIL._webp).",
+            "licenses": [{"license": {"id": "BSD-3-Clause"}}],
+            "externalReferences": [
+                {
+                    "type": "website",
+                    "url": "https://chromium.googlesource.com/webm/libwebp",
+                },
+                {
+                    "type": "distribution",
+                    "url": "https://chromium.googlesource.com/webm/libwebp",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:generic/libxcb",
+            "type": "library",
+            "name": "libxcb",
+            "version": versions["libxcb"],
+            "scope": "optional",
+            "description": "X11 screen-grab support (optional, "
+            "used by PIL._imaging on macOS and Linux).",
+            "licenses": [{"license": {"id": "X11"}}],
+            "externalReferences": [
+                {"type": "website", "url": "https://xcb.freedesktop.org"},
+                {
+                    "type": "distribution",
+                    "url": "https://xcb.freedesktop.org/dist/",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:generic/littlecms2",
+            "type": "library",
+            "name": "Little CMS 2",
+            "version": versions["lcms2"],
+            "scope": "optional",
+            "description": "Colour management (optional, used by PIL._imagingcms).",
+            "licenses": [{"license": {"id": "MIT"}}],
+            "externalReferences": [
+                {"type": "website", "url": "https://www.littlecms.com"},
+                {
+                    "type": "distribution",
+                    "url": "https://github.com/mm2/Little-CMS/releases",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:generic/openjpeg",
+            "type": "library",
+            "name": "OpenJPEG",
+            "version": versions["openjpeg"],
+            "scope": "optional",
+            "description": "JPEG 2000 codec (optional).",
+            "licenses": [{"license": {"id": "BSD-2-Clause"}}],
+            "externalReferences": [
+                {"type": "website", "url": "https://www.openjpeg.org"},
+                {
+                    "type": "distribution",
+                    "url": "https://github.com/uclouvain/openjpeg/releases",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:pypi/pybind11",
+            "type": "library",
+            "name": "pybind11",
+            "scope": "excluded",
+            "description": "Parallel C compilation library (build-time dependency).",
+            "licenses": [{"license": {"id": "BSD-3-Clause"}}],
+            "externalReferences": [
+                {"type": "website", "url": "https://pybind11.readthedocs.io"},
+                {
+                    "type": "distribution",
+                    "url": "https://github.com/pybind/pybind11/releases",
+                },
+            ],
+        },
+        {
+            "bom-ref": "pkg:generic/zlib",
+            "type": "library",
+            "name": "zlib",
+            "version": versions["zlib-ng"],
+            "description": "Deflate/PNG compression (required by default; "
+            "disable with -C zlib=disable).",
+            "licenses": [{"license": {"id": "Zlib"}}],
+            "externalReferences": [
+                {"type": "website", "url": "https://zlib.net"},
+                {"type": "distribution", "url": "https://zlib.net"},
+            ],
+        },
+    ]
+
+    dependencies = [
+        {
+            "ref": purl,
+            "dependsOn": [e["bom-ref"] for e in ext_components],
+        },
+        {
+            "ref": f"{purl}#c-ext/PIL._avif",
+            "dependsOn": ["pkg:generic/libavif"],
+        },
+        {
+            "ref": f"{purl}#c-ext/PIL._imaging",
+            "dependsOn": [
+                "pkg:generic/libimagequant",
+                "pkg:generic/libjpeg",
+                "pkg:generic/libtiff",
+                "pkg:generic/libxcb",
+                "pkg:generic/openjpeg",
+                "pkg:generic/zlib",
+            ],
+        },
+        {
+            "ref": f"{purl}#c-ext/PIL._imagingcms",
+            "dependsOn": ["pkg:generic/littlecms2"],
+        },
+        {
+            "ref": f"{purl}#c-ext/PIL._imagingft",
+            "dependsOn": [
+                "pkg:generic/freetype2",
+                "pkg:generic/fribidi",
+                "pkg:generic/harfbuzz",
+                f"{purl}#thirdparty/fribidi-shim",
+                f"{purl}#thirdparty/raqm",
+            ],
+        },
+        {
+            "ref": f"{purl}#c-ext/PIL._webp",
+            "dependsOn": ["pkg:generic/libwebp"],
+        },
+        {
+            "ref": f"{purl}#thirdparty/raqm",
+            "dependsOn": [
+                "pkg:generic/harfbuzz",
+                f"{purl}#thirdparty/fribidi-shim",
+            ],
+        },
+    ]
+
+    return {
+        "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
+        "bomFormat": "CycloneDX",
+        "specVersion": "1.7",
+        "serialNumber": f"urn:uuid:{serial}",
+        "version": 1,
+        "metadata": {
+            "timestamp": now,
+            "lifecycles": [{"phase": "build"}],
+            "tools": {
+                "components": [
+                    {
+                        "type": "application",
+                        "name": "generate-sbom.py",
+                        "group": "pillow",
+                    }
+                ]
+            },
+            "component": metadata_component,
+        },
+        "components": ext_components + vendored_components + native_deps,
+        "dependencies": dependencies,
+    }
+
+
+def main() -> None:
+    version = get_version()
+
+    parser = argparse.ArgumentParser(
+        description=__doc__, formatter_class=argparse.ArgumentDefaultsHelpFormatter
+    )
+    parser.add_argument(
+        "output",
+        nargs="?",
+        type=Path,
+        default=Path(f"pillow-{version}.cdx.json"),
+        help="output file",
+    )
+    args = parser.parse_args()
+
+    sbom = generate(version)
+    args.output.write_text(json.dumps(sbom, indent=2) + "\n", encoding="utf-8")
+    print(
+        f"Wrote {args.output} (Pillow {version}, {len(sbom['components'])} components)"
+    )
+
+
+if __name__ == "__main__":
+    main()
--- a/.github/renovate.json
+++ b/.github/renovate.json
@ -6,16 +6,170 @@
    "labels": [
        "Dependency"
    ],
+    "minimumReleaseAge": "7 days",
+    "prCreation": "not-pending",
+    "schedule": [
+        "* * 3 * *"
+    ],
+    "customManagers": [
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"brotli\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "brotli",
+            "packageNameTemplate": "google/brotli",
+            "datasourceTemplate": "github-releases",
+            "extractVersionTemplate": "^v(?<version>.+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"bzip2\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "bzip2",
+            "packageNameTemplate": "bzip2/bzip2",
+            "datasourceTemplate": "gitlab-tags",
+            "extractVersionTemplate": "^bzip2-(?<version>.+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"freetype\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "freetype",
+            "packageNameTemplate": "freetype/freetype",
+            "datasourceTemplate": "gitlab-tags",
+            "registryUrlTemplate": "https://gitlab.freedesktop.org",
+            "extractVersionTemplate": "^VER-(?<version>[\\d-]+)$",
+            "versioningTemplate": "regex:^(?<major>\\d+)[.-](?<minor>\\d+)[.-](?<patch>\\d+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"fribidi\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "fribidi",
+            "packageNameTemplate": "fribidi/fribidi",
+            "datasourceTemplate": "github-releases",
+            "extractVersionTemplate": "^v(?<version>.+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"harfbuzz\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "harfbuzz",
+            "packageNameTemplate": "harfbuzz/harfbuzz",
+            "datasourceTemplate": "github-releases"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"jpegturbo\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "jpegturbo",
+            "packageNameTemplate": "libjpeg-turbo/libjpeg-turbo",
+            "datasourceTemplate": "github-releases"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"lcms2\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "lcms2",
+            "packageNameTemplate": "mm2/Little-CMS",
+            "datasourceTemplate": "github-releases",
+            "extractVersionTemplate": "^lcms(?<version>.+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"libavif\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "libavif",
+            "packageNameTemplate": "AOMediaCodec/libavif",
+            "datasourceTemplate": "github-releases",
+            "extractVersionTemplate": "^v(?<version>.+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"libimagequant\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "libimagequant",
+            "packageNameTemplate": "ImageOptim/libimagequant",
+            "datasourceTemplate": "github-tags"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"libpng\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "libpng",
+            "packageNameTemplate": "pnggroup/libpng",
+            "datasourceTemplate": "github-tags",
+            "extractVersionTemplate": "^v(?<version>.+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"libwebp\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "libwebp",
+            "packageNameTemplate": "webmproject/libwebp",
+            "datasourceTemplate": "github-tags",
+            "extractVersionTemplate": "^v(?<version>.+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"libxcb\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "libxcb",
+            "packageNameTemplate": "xorg/lib/libxcb",
+            "datasourceTemplate": "gitlab-tags",
+            "registryUrlTemplate": "https://gitlab.freedesktop.org",
+            "extractVersionTemplate": "^libxcb-(?<version>.+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"openjpeg\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "openjpeg",
+            "packageNameTemplate": "uclouvain/openjpeg",
+            "datasourceTemplate": "github-releases",
+            "extractVersionTemplate": "^v(?<version>.+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"tiff\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "tiff",
+            "packageNameTemplate": "libtiff/libtiff",
+            "datasourceTemplate": "gitlab-tags",
+            "extractVersionTemplate": "^v(?<version>.+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"xz\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "xz",
+            "packageNameTemplate": "tukaani-project/xz",
+            "datasourceTemplate": "github-releases",
+            "extractVersionTemplate": "^v(?<version>.+)$"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"zlib-ng\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "zlib-ng",
+            "packageNameTemplate": "zlib-ng/zlib-ng",
+            "datasourceTemplate": "github-releases"
+        },
+        {
+            "customType": "regex",
+            "managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
+            "matchStrings": ["\"zstd\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
+            "depNameTemplate": "zstd",
+            "packageNameTemplate": "facebook/zstd",
+            "datasourceTemplate": "github-releases",
+            "extractVersionTemplate": "^v(?<version>.+)$"
+        }
+    ],
    "packageRules": [
        {
            "groupName": "github-actions",
-            "matchManagers": [
-                "github-actions"
-            ],
+            "matchManagers": ["github-actions"],
            "separateMajorMinor": false
        }
-    ],
-    "schedule": [
-        "* * 3 * *"
    ]
 }
--- a/.github/workflows/Brewfile
+++ b/.github/workflows/Brewfile
@ -0,0 +1,13 @@
+brew "aom"
+brew "dav1d"
+brew "freetype"
+brew "ghostscript"
+brew "jpeg-turbo"
+brew "libimagequant"
+brew "libraqm"
+brew "libtiff"
+brew "little-cms2"
+brew "openjpeg"
+brew "rav1e"
+brew "svt-av1"
+brew "webp"
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@ -4,17 +4,14 @@ on:
  push:
    branches:
      - "**"
-    paths:
+    paths: &paths
+      - ".github/dependencies.json"
      - ".github/workflows/cifuzz.yml"
      - ".github/workflows/wheels-dependencies.sh"
      - "**.c"
      - "**.h"
  pull_request:
-    paths:
-      - ".github/workflows/cifuzz.yml"
-      - ".github/workflows/wheels-dependencies.sh"
-      - "**.c"
-      - "**.h"
+    paths: *paths
  workflow_dispatch:

 permissions:
@ -24,33 +21,36 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

+env:
+  FORCE_COLOR: 1
+
 jobs:
  Fuzzing:
    runs-on: ubuntu-latest
    steps:
    - name: Build Fuzzers
      id: build
-      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@d87225267726cf7ce1a3e17cf103c5ac943c4f05 # master
      with:
        oss-fuzz-project-name: 'pillow'
        language: python
        dry-run: false
    - name: Run Fuzzers
      id: run
-      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@d87225267726cf7ce1a3e17cf103c5ac943c4f05 # master
      with:
        oss-fuzz-project-name: 'pillow'
        fuzz-seconds: 600
        language: python
        dry-run: false
    - name: Upload New Crash
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
      if: failure() && steps.build.outcome == 'success'
      with:
        name: artifacts
        path: ./out/artifacts
    - name: Upload Legacy Crash
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
      if: steps.run.outcome == 'success'
      with:
        name: crash
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@ -4,15 +4,12 @@ on:
  push:
    branches:
      - "**"
-    paths:
+    paths: &paths
      - ".github/workflows/docs.yml"
      - "docs/**"
      - "src/PIL/**"
  pull_request:
-    paths:
-      - ".github/workflows/docs.yml"
-      - "docs/**"
-      - "src/PIL/**"
+    paths: *paths
  workflow_dispatch:

 permissions:
@ -32,12 +29,12 @@ jobs:
    name: Docs

    steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        persist-credentials: false

    - name: Set up Python
-      uses: actions/setup-python@v6
+      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
      with:
        python-version: "3.x"
        cache: pip
@ -48,19 +45,35 @@ jobs:
    - name: Build system information
      run: python3 .github/workflows/system-info.py

+    - name: Cache libavif
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      id: cache-libavif
+      with:
+        path: ~/cache-libavif
+        key: ${{ runner.os }}-libavif-${{ hashFiles('depends/install_libavif.sh', 'depends/libavif-svt4.patch') }}
+
    - name: Cache libimagequant
-      uses: actions/cache@v4
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
      id: cache-libimagequant
      with:
        path: ~/cache-libimagequant
        key: ${{ runner.os }}-libimagequant-${{ hashFiles('depends/install_imagequant.sh') }}

+    - name: Cache libwebp
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      id: cache-libwebp
+      with:
+        path: ~/cache-libwebp
+        key: ${{ runner.os }}-libwebp-${{ hashFiles('depends/install_webp.sh') }}
+
    - name: Install Linux dependencies
      run: |
        .ci/install.sh
      env:
        GHA_PYTHON_VERSION: "3.x"
+        GHA_LIBAVIF_CACHE_HIT: ${{ steps.cache-libavif.outputs.cache-hit }}
        GHA_LIBIMAGEQUANT_CACHE_HIT: ${{ steps.cache-libimagequant.outputs.cache-hit }}
+        GHA_LIBWEBP_CACHE_HIT: ${{ steps.cache-libwebp.outputs.cache-hit }}

    - name: Build
      run: |
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -2,55 +2,31 @@ name: Lint

 on: [push, pull_request, workflow_dispatch]

+permissions: {}
+
 env:
  FORCE_COLOR: 1
-
-permissions:
-  contents: read
+  PREK_COLOR: always
+  RUFF_OUTPUT_FORMAT: github

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

 jobs:
-  build:
-
+  lint:
    runs-on: ubuntu-latest
-
    name: Lint
-
    steps:
-    - uses: actions/checkout@v5
-      with:
-        persist-credentials: false
-
-    - name: pre-commit cache
-      uses: actions/cache@v4
-      with:
-        path: ~/.cache/pre-commit
-        key: lint-pre-commit-${{ hashFiles('**/.pre-commit-config.yaml') }}
-        restore-keys: |
-          lint-pre-commit-
-
-    - name: Set up Python
-      uses: actions/setup-python@v6
-      with:
-        python-version: "3.x"
-        cache: pip
-        cache-dependency-path: "setup.py"
-
-    - name: Build system information
-      run: python3 .github/workflows/system-info.py
-
-    - name: Install dependencies
-      run: |
-        python3 -m pip install -U pip
-        python3 -m pip install -U tox
-
-    - name: Lint
-      run: tox -e lint
-      env:
-        PRE_COMMIT_COLOR: always
-
-    - name: Mypy
-      run: tox -e mypy
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        with:
+          python-version: "3.x"
+      - name: Install uv
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
+      - name: Lint
+        run: uvx --with tox-uv tox -e lint
+      - name: Mypy
+        run: uvx --with tox-uv tox -e mypy
--- a/.github/workflows/macos-install.sh
+++ b/.github/workflows/macos-install.sh
@ -2,20 +2,7 @@

 set -e

-brew install \
-    aom \
-    dav1d \
-    freetype \
-    ghostscript \
-    jpeg-turbo \
-    libimagequant \
-    libraqm \
-    libtiff \
-    little-cms2 \
-    openjpeg \
-    rav1e \
-    svt-av1 \
-    webp
+brew bundle --file=.github/workflows/Brewfile
 export PKG_CONFIG_PATH="/usr/local/opt/openblas/lib/pkgconfig"

 python3 -m pip install coverage
@ -26,9 +13,8 @@ python3 -m pip install -U pytest
 python3 -m pip install -U pytest-cov
 python3 -m pip install -U pytest-timeout
 python3 -m pip install pyroma
-python3 -m pip install numpy
-# optional test dependency, only install if there's a binary package.
-# fails on beta 3.14 and PyPy
+# optional test dependencies, only install if there's a binary package.
+python3 -m pip install --only-binary=:all: numpy || true
 python3 -m pip install --only-binary=:all: pyarrow || true

 # libavif
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@ -14,6 +14,9 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

+env:
+  FORCE_COLOR: 1
+
 jobs:
  update_release_draft:
    permissions:
@ -23,6 +26,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      # Drafts your next release notes as pull requests are merged into "main"
-      - uses: release-drafter/release-drafter@v6
+      - uses: release-drafter/release-drafter@5de93583980a40bd78603b6dfdcda5b4df377b32 # v7.2.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -12,9 +12,12 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

+env:
+  FORCE_COLOR: 1
+
 jobs:
  stale:
-    if: github.repository_owner == 'python-pillow'
+    if: github.event.repository.fork == false
    permissions:
      issues: write

@ -22,7 +25,7 @@ jobs:

    steps:
    - name: "Check issues"
-      uses: actions/stale@v10
+      uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        only-labels: "Awaiting OP Action"
--- a/.github/workflows/test-docker.yml
+++ b/.github/workflows/test-docker.yml
@ -4,19 +4,14 @@ on:
  push:
    branches:
      - "**"
-    paths-ignore:
+    paths-ignore: &paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  pull_request:
-    paths-ignore:
-      - ".github/workflows/docs.yml"
-      - ".github/workflows/wheels*"
-      - ".gitmodules"
-      - "docs/**"
-      - "wheels/**"
+    paths-ignore: *paths-ignore
  workflow_dispatch:

 permissions:
@ -26,6 +21,9 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

+env:
+  FORCE_COLOR: 1
+
 jobs:
  build:

@ -36,39 +34,37 @@ jobs:
        os: ["ubuntu-latest"]
        docker: [
          # Run slower jobs first to give them a headstart and reduce waiting time
-          ubuntu-24.04-noble-ppc64le,
-          ubuntu-24.04-noble-s390x,
+          ubuntu-26.04-resolute-ppc64le,
+          ubuntu-26.04-resolute-s390x,
          # Then run the remainder
          alpine,
-          amazon-2-amd64,
          amazon-2023-amd64,
          arch,
          centos-stream-9-amd64,
          centos-stream-10-amd64,
-          debian-12-bookworm-x86,
-          debian-12-bookworm-amd64,
          debian-13-trixie-x86,
          debian-13-trixie-amd64,
-          fedora-41-amd64,
-          fedora-42-amd64,
+          fedora-43-amd64,
+          fedora-44-amd64,
          gentoo,
          ubuntu-22.04-jammy-amd64,
          ubuntu-24.04-noble-amd64,
+          ubuntu-26.04-resolute-amd64,
        ]
        dockerTag: [main]
        include:
-          - docker: "ubuntu-24.04-noble-ppc64le"
+          - docker: "ubuntu-26.04-resolute-ppc64le"
            qemu-arch: "ppc64le"
-          - docker: "ubuntu-24.04-noble-s390x"
+          - docker: "ubuntu-26.04-resolute-s390x"
            qemu-arch: "s390x"
-          - docker: "ubuntu-24.04-noble-arm64v8"
+          - docker: "ubuntu-26.04-resolute-arm64v8"
            os: "ubuntu-24.04-arm"
            dockerTag: main

    name: ${{ matrix.docker }}

    steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        persist-credentials: false

@ -77,13 +73,13 @@ jobs:

    - name: Set up QEMU
      if: "matrix.qemu-arch"
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
      with:
        platforms: ${{ matrix.qemu-arch }}

    - name: Docker pull
      run: |
-        docker pull pythonpillow/${{ matrix.docker }}:${{ matrix.dockerTag }}
+        docker pull ${{ matrix.qemu-arch && format('--platform=linux/{0}', matrix.qemu-arch)}} pythonpillow/${{ matrix.docker }}:${{ matrix.dockerTag }}

    - name: Docker build
      run: |
@ -105,11 +101,10 @@ jobs:
        .ci/after_success.sh

    - name: Upload coverage
-      uses: codecov/codecov-action@v5
+      uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
      with:
        flags: GHA_Docker
        name: ${{ matrix.docker }}
-        token: ${{ secrets.CODECOV_ORG_TOKEN }}

  success:
    permissions:
--- a/.github/workflows/test-mingw.yml
+++ b/.github/workflows/test-mingw.yml
@ -4,19 +4,14 @@ on:
  push:
    branches:
      - "**"
-    paths-ignore:
+    paths-ignore: &paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  pull_request:
-    paths-ignore:
-      - ".github/workflows/docs.yml"
-      - ".github/workflows/wheels*"
-      - ".gitmodules"
-      - "docs/**"
-      - "wheels/**"
+    paths-ignore: *paths-ignore
  workflow_dispatch:

 permissions:
@ -28,6 +23,7 @@ concurrency:

 env:
  COVERAGE_CORE: sysmon
+  FORCE_COLOR: 1

 jobs:
  build:
@ -45,7 +41,7 @@ jobs:

    steps:
      - name: Checkout Pillow
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@ -86,9 +82,8 @@ jobs:
          .ci/test.sh

      - name: Upload coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
        with:
          files: ./coverage.xml
          flags: GHA_Windows
          name: "MSYS2 MinGW"
-          token: ${{ secrets.CODECOV_ORG_TOKEN }}
--- a/.github/workflows/test-valgrind-memory.yml
+++ b/.github/workflows/test-valgrind-memory.yml
@ -8,12 +8,13 @@ on:
  #   branches:
  #     - "**"
  #   paths:
-  #     - ".github/workflows/test-valgrind.yml"
+  #     - ".github/workflows/test-valgrind-memory.yml"
  #     - "**.c"
  #     - "**.h"
+  #     - "depends/docker-test-valgrind-memory.sh"
  pull_request:
    paths:
-      - ".github/workflows/test-valgrind.yml"
+      - ".github/workflows/test-valgrind-memory.yml"
      - "**.c"
      - "**.h"
      - "depends/docker-test-valgrind-memory.sh"
@ -26,6 +27,9 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

+env:
+  FORCE_COLOR: 1
+
 jobs:
  build:

@ -41,7 +45,7 @@ jobs:
    name: ${{ matrix.docker }}

    steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        persist-credentials: false

--- a/.github/workflows/test-valgrind.yml
+++ b/.github/workflows/test-valgrind.yml
@ -6,15 +6,12 @@ on:
  push:
    branches:
      - "**"
-    paths:
+    paths: &paths
      - ".github/workflows/test-valgrind.yml"
      - "**.c"
      - "**.h"
  pull_request:
-    paths:
-      - ".github/workflows/test-valgrind.yml"
-      - "**.c"
-      - "**.h"
+    paths: *paths
  workflow_dispatch:

 permissions:
@ -24,6 +21,9 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

+env:
+  FORCE_COLOR: 1
+
 jobs:
  build:

@ -39,7 +39,7 @@ jobs:
    name: ${{ matrix.docker }}

    steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        persist-credentials: false

--- a/.github/workflows/test-windows.yml
+++ b/.github/workflows/test-windows.yml
@ -4,19 +4,14 @@ on:
  push:
    branches:
      - "**"
-    paths-ignore:
+    paths-ignore: &paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  pull_request:
-    paths-ignore:
-      - ".github/workflows/docs.yml"
-      - ".github/workflows/wheels*"
-      - ".gitmodules"
-      - "docs/**"
-      - "wheels/**"
+    paths-ignore: *paths-ignore
  workflow_dispatch:

 permissions:
@ -28,18 +23,20 @@ concurrency:

 env:
  COVERAGE_CORE: sysmon
+  FORCE_COLOR: 1

 jobs:
  build:
-    runs-on: windows-latest
+    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
-        python-version: ["pypy3.11", "3.11", "3.12", "3.13", "3.14"]
+        python-version: ["pypy3.11", "3.11", "3.12", "3.13", "3.14", "3.15"]
        architecture: ["x64"]
+        os: ["windows-latest"]
        include:
            # Test the oldest Python on 32-bit
-            - { python-version: "3.10", architecture: "x86" }
+            - { python-version: "3.10", architecture: "x86", os: "windows-2022" }

    timeout-minutes: 45

@ -47,19 +44,19 @@ jobs:

    steps:
    - name: Checkout Pillow
-      uses: actions/checkout@v5
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        persist-credentials: false

    - name: Checkout cached dependencies
-      uses: actions/checkout@v5
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        persist-credentials: false
        repository: python-pillow/pillow-depends
        path: winbuild\depends

    - name: Checkout extra test images
-      uses: actions/checkout@v5
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        persist-credentials: false
        repository: python-pillow/test-images
@ -67,7 +64,7 @@ jobs:

    # sets env: pythonLocation
    - name: Set up Python
-      uses: actions/setup-python@v6
+      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
      with:
        python-version: ${{ matrix.python-version }}
        allow-prereleases: true
@ -83,7 +80,7 @@ jobs:
        python3 -m pip install --upgrade pip

    - name: Install CPython dependencies
-      if: "!contains(matrix.python-version, 'pypy') && !contains(matrix.python-version, '3.14') && matrix.architecture != 'x86'"
+      if: "!contains(matrix.python-version, 'pypy') && matrix.architecture != 'x86'"
      run: |
        python3 -m pip install PyQt6

@ -97,8 +94,8 @@ jobs:
        choco install nasm --no-progress
        echo "C:\Program Files\NASM" >> $env:GITHUB_PATH

-        choco install ghostscript --version=10.6.0 --no-progress
-        echo "C:\Program Files\gs\gs10.06.0\bin" >> $env:GITHUB_PATH
+        choco install ghostscript --version=10.7.0 --no-progress
+        echo "C:\Program Files\gs\gs10.07.0\bin" >> $env:GITHUB_PATH

        # Install extra test images
        xcopy /S /Y Tests\test-images\* Tests\images
@ -111,7 +108,7 @@ jobs:

    - name: Cache build
      id: build-cache
-      uses: actions/cache@v4
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
      with:
        path: winbuild\build
        key:
@ -187,8 +184,9 @@ jobs:
    # trim ~150MB for each job
    - name: Optimize build cache
      if: steps.build-cache.outputs.cache-hit != 'true'
-      run: rmdir /S /Q winbuild\build\src
-      shell: cmd
+      run: |
+        rm -rf winbuild\build\src
+      shell: bash

    - name: Build Pillow
      run: |
@ -205,9 +203,7 @@ jobs:

    - name: Test Pillow
      run: |
-        path %GITHUB_WORKSPACE%\winbuild\build\bin;%PATH%
        .ci\test.cmd
-      shell: cmd

    - name: Prepare to upload errors
      if: failure()
@ -216,7 +212,7 @@ jobs:
      shell: bash

    - name: Upload errors
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
      if: failure()
      with:
        name: errors
@ -228,12 +224,11 @@ jobs:
      shell: pwsh

    - name: Upload coverage
-      uses: codecov/codecov-action@v5
+      uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
      with:
        files: ./coverage.xml
        flags: GHA_Windows
        name: ${{ runner.os }} Python ${{ matrix.python-version }}
-        token: ${{ secrets.CODECOV_ORG_TOKEN }}

  success:
    permissions:
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -4,19 +4,14 @@ on:
  push:
    branches:
      - "**"
-    paths-ignore:
+    paths-ignore: &paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  pull_request:
-    paths-ignore:
-      - ".github/workflows/docs.yml"
-      - ".github/workflows/wheels*"
-      - ".gitmodules"
-      - "docs/**"
-      - "wheels/**"
+    paths-ignore: *paths-ignore
  workflow_dispatch:

 permissions:
@ -29,6 +24,7 @@ concurrency:
 env:
  COVERAGE_CORE: sysmon
  FORCE_COLOR: 1
+  PIP_DISABLE_PIP_VERSION_CHECK: 1

 jobs:
  build:
@ -42,9 +38,10 @@ jobs:
        ]
        python-version: [
          "pypy3.11",
+          "3.15t",
+          "3.15",
          "3.14t",
          "3.14",
-          "3.13t",
          "3.13",
          "3.12",
          "3.11",
@ -53,11 +50,8 @@ jobs:
        include:
        - { python-version: "3.12", PYTHONOPTIMIZE: 1, REVERSE: "--reverse" }
        - { python-version: "3.11", PYTHONOPTIMIZE: 2 }
-        # Free-threaded
-        - { python-version: "3.14t", disable-gil: true }
-        - { python-version: "3.13t", disable-gil: true }
        # Intel
-        - { os: "macos-15-intel", python-version: "3.10" }
+        - { os: "macos-26-intel", python-version: "3.10" }
        exclude:
        - { os: "macos-latest", python-version: "3.10" }

@ -65,12 +59,12 @@ jobs:
    name: ${{ matrix.os }} Python ${{ matrix.python-version }}

    steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        persist-credentials: false

    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v6
+      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
      with:
        python-version: ${{ matrix.python-version }}
        allow-prereleases: true
@ -79,29 +73,42 @@ jobs:
          ".ci/*.sh"
          "pyproject.toml"

-    - name: Set PYTHON_GIL
-      if: "${{ matrix.disable-gil }}"
-      run: |
-        echo "PYTHON_GIL=0" >> $GITHUB_ENV
-
    - name: Build system information
      run: python3 .github/workflows/system-info.py

+    - name: Cache libavif
+      if: startsWith(matrix.os, 'ubuntu')
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      id: cache-libavif
+      with:
+        path: ~/cache-libavif
+        key: ${{ runner.os }}-libavif-${{ hashFiles('depends/install_libavif.sh', 'depends/libavif-svt4.patch') }}
+
    - name: Cache libimagequant
      if: startsWith(matrix.os, 'ubuntu')
-      uses: actions/cache@v4
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
      id: cache-libimagequant
      with:
        path: ~/cache-libimagequant
        key: ${{ runner.os }}-libimagequant-${{ hashFiles('depends/install_imagequant.sh') }}

+    - name: Cache libwebp
+      if: startsWith(matrix.os, 'ubuntu')
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      id: cache-libwebp
+      with:
+        path: ~/cache-libwebp
+        key: ${{ runner.os }}-libwebp-${{ hashFiles('depends/install_webp.sh') }}
+
    - name: Install Linux dependencies
      if: startsWith(matrix.os, 'ubuntu')
      run: |
        .ci/install.sh
      env:
        GHA_PYTHON_VERSION: ${{ matrix.python-version }}
+        GHA_LIBAVIF_CACHE_HIT: ${{ steps.cache-libavif.outputs.cache-hit }}
        GHA_LIBIMAGEQUANT_CACHE_HIT: ${{ steps.cache-libimagequant.outputs.cache-hit }}
+        GHA_LIBWEBP_CACHE_HIT: ${{ steps.cache-libwebp.outputs.cache-hit }}

    - name: Install macOS dependencies
      if: startsWith(matrix.os, 'macOS')
@ -140,7 +147,7 @@ jobs:
        mkdir -p Tests/errors

    - name: Upload errors
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
      if: failure()
      with:
        name: errors
@ -151,11 +158,10 @@ jobs:
        .ci/after_success.sh

    - name: Upload coverage
-      uses: codecov/codecov-action@v5
+      uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
      with:
        flags: ${{ matrix.os == 'ubuntu-latest' && 'GHA_Ubuntu' || 'GHA_macOS' }}
        name: ${{ matrix.os }} Python ${{ matrix.python-version }}
-        token: ${{ secrets.CODECOV_ORG_TOKEN }}

  success:
    permissions:
--- a/.github/workflows/wheels-dependencies.sh
+++ b/.github/workflows/wheels-dependencies.sh
@ -32,7 +32,6 @@ if [[ "$CIBW_PLATFORM" == "ios" ]]; then
    # or `build/deps/iphonesimulator`
    WORKDIR=$(pwd)/build/$IOS_SDK
    BUILD_PREFIX=$(pwd)/build/deps/$IOS_SDK
-    PATCH_DIR=$(pwd)/patches/iOS

    # GNU tooling insists on using aarch64 rather than arm64
    if [[ $PLAT == "arm64" ]]; then
@ -90,28 +89,23 @@ fi

 ARCHIVE_SDIR=pillow-depends-main

-# Package versions for fresh source builds. Version numbers with "Patched"
-# annotations have a source code patch that is required for some platforms. If
-# you change those versions, ensure the patch is also updated.
-if [[ -n "$IOS_SDK" ]]; then
-  FREETYPE_VERSION=2.13.3
-else
-  FREETYPE_VERSION=2.14.1
-fi
-HARFBUZZ_VERSION=12.1.0
-LIBPNG_VERSION=1.6.50
-JPEGTURBO_VERSION=3.1.2
-OPENJPEG_VERSION=2.5.4
-XZ_VERSION=5.8.1
-ZSTD_VERSION=1.5.7
-TIFF_VERSION=4.7.1
-LCMS2_VERSION=2.17
-ZLIB_NG_VERSION=2.2.5
-LIBWEBP_VERSION=1.6.0
-BZIP2_VERSION=1.0.8
-LIBXCB_VERSION=1.17.0
-BROTLI_VERSION=1.1.0  # Patched; next release won't need patching. See patch file.
-LIBAVIF_VERSION=1.3.0
+VERSIONS_FILE="$PROJECTDIR/.github/dependencies.json"
+_get_ver() { python3 -c "import json; print(json.load(open('$VERSIONS_FILE'))['$1'])"; }
+FREETYPE_VERSION=$(_get_ver freetype)
+HARFBUZZ_VERSION=$(_get_ver harfbuzz)
+LIBPNG_VERSION=$(_get_ver libpng)
+JPEGTURBO_VERSION=$(_get_ver jpegturbo)
+OPENJPEG_VERSION=$(_get_ver openjpeg)
+XZ_VERSION=$(_get_ver xz)
+ZSTD_VERSION=$(_get_ver zstd)
+TIFF_VERSION=$(_get_ver tiff)
+LCMS2_VERSION=$(_get_ver lcms2)
+ZLIB_NG_VERSION=$(_get_ver zlib-ng)
+LIBWEBP_VERSION=$(_get_ver libwebp)
+BZIP2_VERSION=$(_get_ver bzip2)
+LIBXCB_VERSION=$(_get_ver libxcb)
+BROTLI_VERSION=$(_get_ver brotli)
+LIBAVIF_VERSION=$(_get_ver libavif)

 function build_pkg_config {
    if [ -e pkg-config-stamp ]; then return; fi
@ -149,18 +143,9 @@ function build_zlib_ng {
    ORIGINAL_HOST_CONFIGURE_FLAGS=$HOST_CONFIGURE_FLAGS
    unset HOST_CONFIGURE_FLAGS

-    build_github zlib-ng/zlib-ng $ZLIB_NG_VERSION --zlib-compat
+    build_github zlib-ng/zlib-ng $ZLIB_NG_VERSION --installnamedir=$BUILD_PREFIX/lib --zlib-compat

    HOST_CONFIGURE_FLAGS=$ORIGINAL_HOST_CONFIGURE_FLAGS
-
-    if [[ -n "$IS_MACOS" ]] && [[ -z "$IOS_SDK" ]]; then
-        # Ensure that on macOS, the library name is an absolute path, not an
-        # @rpath, so that delocate picks up the right library (and doesn't need
-        # DYLD_LIBRARY_PATH to be set). The default Makefile doesn't have an
-        # option to control the install_name. This isn't needed on iOS, as iOS
-        # only builds the static library.
-        install_name_tool -id $BUILD_PREFIX/lib/libz.1.dylib $BUILD_PREFIX/lib/libz.1.dylib
-    fi
    touch zlib-stamp
 }

@ -168,7 +153,7 @@ function build_brotli {
    if [ -e brotli-stamp ]; then return; fi
    local out_dir=$(fetch_unpack https://github.com/google/brotli/archive/v$BROTLI_VERSION.tar.gz brotli-$BROTLI_VERSION.tar.gz)
    (cd $out_dir \
-        && cmake -DCMAKE_INSTALL_PREFIX=$BUILD_PREFIX -DCMAKE_INSTALL_LIBDIR=$BUILD_PREFIX/lib -DCMAKE_INSTALL_NAME_DIR=$BUILD_PREFIX/lib $HOST_CMAKE_FLAGS . \
+        && cmake -DCMAKE_INSTALL_PREFIX=$BUILD_PREFIX -DCMAKE_INSTALL_LIBDIR=$BUILD_PREFIX/lib -DCMAKE_INSTALL_NAME_DIR=$BUILD_PREFIX/lib -DCMAKE_MACOSX_BUNDLE=OFF $HOST_CMAKE_FLAGS . \
        && make -j4 install)
    touch brotli-stamp
 }
@ -194,7 +179,6 @@ function build_libavif {
        build_simple nasm 2.16.03 https://www.nasm.us/pub/nasm/releasebuilds/2.16.03
    fi

-    local build_type=MinSizeRel
    local build_shared=ON
    local lto=ON

@ -211,9 +195,6 @@ function build_libavif {
            build_shared=OFF
        fi
    else
-        if [[ "$MB_ML_VER" == 2014 ]] && [[ "$PLAT" == "x86_64" ]]; then
-            build_type=Release
-        fi
        libavif_cmake_flags=(-DCMAKE_SHARED_LINKER_FLAGS_INIT="-Wl,--strip-all,-z,relro,-z,now")
    fi
    if [[ -n "$IOS_SDK" ]] && [[ "$PLAT" == "x86_64" ]]; then
@ -242,7 +223,7 @@ function build_libavif {
            -DCMAKE_INTERPROCEDURAL_OPTIMIZATION=$lto \
            -DCMAKE_C_VISIBILITY_PRESET=hidden \
            -DCMAKE_CXX_VISIBILITY_PRESET=hidden \
-            -DCMAKE_BUILD_TYPE=$build_type \
+            -DCMAKE_BUILD_TYPE=MinSizeRel \
            "${libavif_cmake_flags[@]}" \
            $HOST_CMAKE_FLAGS . )

@ -279,7 +260,7 @@ function build {

    build_simple xcb-proto 1.17.0 https://xorg.freedesktop.org/archive/individual/proto
    if [[ -n "$IS_MACOS" ]]; then
-        build_simple xorgproto 2024.1 https://www.x.org/pub/individual/proto
+        build_simple xorgproto 2025.1 https://www.x.org/pub/individual/proto
        build_simple libXau 1.0.12 https://www.x.org/pub/individual/lib
        build_simple libpthread-stubs 0.5 https://xcb.freedesktop.org/dist
    else
@ -322,10 +303,6 @@ function build {

    if [[ -n "$IS_MACOS" ]]; then
        # Custom freetype build
-        if [[ -z "$IOS_SDK" ]]; then
-          build_simple sed 4.9 https://mirrors.middlendian.com/gnu/sed
-        fi
-
        build_simple freetype $FREETYPE_VERSION https://download.savannah.gnu.org/releases/freetype tar.gz --with-harfbuzz=no
    else
        build_freetype
--- a/.github/workflows/wheels.yml
+++ b/.github/workflows/wheels.yml
@ -10,9 +10,13 @@ on:
  #        │  │ │ │ │
  - cron: "42 1 * * 0,3"
  push:
-    paths:
+    paths: &paths
      - ".ci/requirements-cibw.txt"
-      - ".github/workflows/wheel*"
+      - ".ci/requirements-sbom.txt"
+      - ".github/compare-dist-sizes.py"
+      - ".github/dependencies.json"
+      - ".github/generate-sbom.py"
+      - ".github/workflows/wheels*"
      - "pyproject.toml"
      - "setup.py"
      - "wheels/*"
@ -21,14 +25,7 @@ on:
    tags:
      - "*"
  pull_request:
-    paths:
-      - ".ci/requirements-cibw.txt"
-      - ".github/workflows/wheel*"
-      - "pyproject.toml"
-      - "setup.py"
-      - "wheels/*"
-      - "winbuild/build_prepare.py"
-      - "winbuild/fribidi.cmake"
+    paths: *paths
  workflow_dispatch:

 permissions:
@ -39,12 +36,12 @@ concurrency:
  cancel-in-progress: true

 env:
-  EXPECTED_DISTS: 91
+  EXPECTED_DISTS: 66
  FORCE_COLOR: 1

 jobs:
  build-native-wheels:
-    if: github.event_name != 'schedule' || github.repository_owner == 'python-pillow'
+    if: github.event_name != 'schedule' || github.event.repository.fork == false
    name: ${{ matrix.name }}
    runs-on: ${{ matrix.os }}
    strategy:
@ -53,19 +50,19 @@ jobs:
        include:
          - name: "macOS 10.10 x86_64"
            platform: macos
-            os: macos-15-intel
+            os: macos-26-intel
            cibw_arch: x86_64
            build: "cp3{10,11}*"
            macosx_deployment_target: "10.10"
          - name: "macOS 10.13 x86_64"
            platform: macos
-            os: macos-15-intel
+            os: macos-26-intel
            cibw_arch: x86_64
            build: "cp3{12,13}*"
            macosx_deployment_target: "10.13"
          - name: "macOS 10.15 x86_64"
            platform: macos
-            os: macos-15-intel
+            os: macos-26-intel
            cibw_arch: x86_64
            build: "{cp314,pp3}*"
            macosx_deployment_target: "10.15"
@ -74,45 +71,45 @@ jobs:
            os: macos-latest
            cibw_arch: arm64
            macosx_deployment_target: "11.0"
-          - name: "manylinux2014 and musllinux x86_64"
-            platform: linux
-            os: ubuntu-latest
-            cibw_arch: x86_64
-            manylinux: "manylinux2014"
          - name: "manylinux_2_28 x86_64"
            platform: linux
            os: ubuntu-latest
            cibw_arch: x86_64
            build: "*manylinux*"
-          - name: "manylinux2014 and musllinux aarch64"
+          - name: "musllinux x86_64"
            platform: linux
-            os: ubuntu-24.04-arm
-            cibw_arch: aarch64
-            manylinux: "manylinux2014"
+            os: ubuntu-latest
+            cibw_arch: x86_64
+            build: "*musllinux*"
          - name: "manylinux_2_28 aarch64"
            platform: linux
            os: ubuntu-24.04-arm
            cibw_arch: aarch64
            build: "*manylinux*"
+          - name: "musllinux aarch64"
+            platform: linux
+            os: ubuntu-24.04-arm
+            cibw_arch: aarch64
+            build: "*musllinux*"
          - name: "iOS arm64 device"
            platform: ios
            os: macos-latest
            cibw_arch: arm64_iphoneos
          - name: "iOS arm64 simulator"
            platform: ios
-            os: macos-14
+            os: macos-latest
            cibw_arch: arm64_iphonesimulator
          - name: "iOS x86_64 simulator"
            platform: ios
-            os: macos-15-intel
+            os: macos-26-intel
            cibw_arch: x86_64_iphonesimulator
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
          submodules: true

-      - uses: actions/setup-python@v6
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.x"

@ -127,20 +124,16 @@ jobs:
          CIBW_PLATFORM: ${{ matrix.platform }}
          CIBW_ARCHS: ${{ matrix.cibw_arch }}
          CIBW_BUILD: ${{ matrix.build }}
-          CIBW_ENABLE: cpython-prerelease cpython-freethreading pypy
-          CIBW_MANYLINUX_AARCH64_IMAGE: ${{ matrix.manylinux }}
-          CIBW_MANYLINUX_PYPY_AARCH64_IMAGE: ${{ matrix.manylinux }}
-          CIBW_MANYLINUX_PYPY_X86_64_IMAGE: ${{ matrix.manylinux }}
-          CIBW_MANYLINUX_X86_64_IMAGE: ${{ matrix.manylinux }}
+          CIBW_ENABLE: cpython-prerelease pypy
          MACOSX_DEPLOYMENT_TARGET: ${{ matrix.macosx_deployment_target }}

-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: dist-${{ matrix.name }}
          path: ./wheelhouse/*.whl

  windows:
-    if: github.event_name != 'schedule' || github.repository_owner == 'python-pillow'
+    if: github.event_name != 'schedule' || github.event.repository.fork == false
    name: Windows ${{ matrix.cibw_arch }}
    runs-on: ${{ matrix.os }}
    strategy:
@ -154,18 +147,18 @@ jobs:
          - cibw_arch: ARM64
            os: windows-11-arm
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Checkout extra test images
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
          repository: python-pillow/test-images
          path: Tests\test-images

-      - uses: actions/setup-python@v6
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.x"

@ -186,29 +179,23 @@ jobs:

      - name: Build wheels
        run: |
-          setlocal EnableDelayedExpansion
-          for %%f in (winbuild\build\license\*) do (
-            set x=%%~nf
-            rem Skip FriBiDi license, it is not included in the wheel.
-            set fribidi=!x:~0,7!
-            if NOT !fribidi!==fribidi (
-              rem Skip imagequant license, it is not included in the wheel.
-              set libimagequant=!x:~0,13!
-              if NOT !libimagequant!==libimagequant (
-                echo. >> LICENSE
-                echo ===== %%~nf ===== >> LICENSE
-                echo. >> LICENSE
-                type %%f >> LICENSE
-              )
-            )
-          )
-          call winbuild\\build\\build_env.cmd
-          %pythonLocation%\python.exe -m cibuildwheel . --output-dir wheelhouse
+          for f in winbuild/build/license/*; do
+            name=$(basename "${f%.*}")
+            # Skip FriBiDi license, it is not included in the wheel.
+            [[ $name == fribidi* ]] && continue
+            # Skip imagequant license, it is not included in the wheel.
+            [[ $name == libimagequant* ]] && continue
+            echo "" >> LICENSE
+            echo "===== $name =====" >> LICENSE
+            echo "" >> LICENSE
+            cat "$f" >> LICENSE
+          done
+          cmd //c "winbuild\\build\\build_env.cmd && $pythonLocation\\python.exe -m cibuildwheel . --output-dir wheelhouse"
        env:
          CIBW_ARCHS: ${{ matrix.cibw_arch }}
          CIBW_BEFORE_ALL: "{package}\\winbuild\\build\\build_dep_all.cmd"
          CIBW_CACHE_PATH: "C:\\cibw"
-          CIBW_ENABLE: cpython-prerelease cpython-freethreading pypy
+          CIBW_ENABLE: cpython-prerelease pypy
          CIBW_TEST_SKIP: "*-win_arm64"
          CIBW_TEST_COMMAND: 'docker run --rm
            -v {project}:C:\pillow
@ -217,36 +204,36 @@ jobs:
            -e CI -e GITHUB_ACTIONS
            mcr.microsoft.com/windows/servercore:ltsc2022
            powershell C:\pillow\.github\workflows\wheels-test.ps1 %CD%\..\venv-test'
-        shell: cmd
+        shell: bash

      - name: Upload wheels
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: dist-windows-${{ matrix.cibw_arch }}
          path: ./wheelhouse/*.whl

      - name: Upload fribidi.dll
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: fribidi-windows-${{ matrix.cibw_arch }}
          path: winbuild\build\bin\fribidi*

  sdist:
-    if: github.event_name != 'schedule' || github.repository_owner == 'python-pillow'
+    if: github.event_name != 'schedule' || github.event.repository.fork == false
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      with:
        persist-credentials: false

    - name: Set up Python
-      uses: actions/setup-python@v6
+      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
      with:
        python-version: "3.x"

    - run: make sdist

-    - uses: actions/upload-artifact@v4
+    - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
      with:
        name: dist-sdist
        path: dist/*.tar.gz
@ -256,7 +243,7 @@ jobs:
    runs-on: ubuntu-latest
    name: Count dists
    steps:
-      - uses: actions/download-artifact@v5
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          pattern: dist-*
          path: dist
@ -269,25 +256,98 @@ jobs:
          echo $files
          [ "$files" -eq $EXPECTED_DISTS ] || exit 1

+  compare-dist-sizes:
+    needs: [build-native-wheels, windows, sdist]
+    runs-on: ubuntu-latest
+    name: Compare dist sizes vs PyPI
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
+        with:
+          enable-cache: false
+
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          pattern: dist-*
+          path: dist
+          merge-multiple: true
+
+      - name: Compare dist sizes vs latest PyPI release
+        run: uv run .github/compare-dist-sizes.py dist
+
  scientific-python-nightly-wheels-publish:
-    if: github.repository_owner == 'python-pillow' && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
+    if: github.event.repository.fork == false && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
    needs: count-dists
    runs-on: ubuntu-latest
    name: Upload wheels to scientific-python-nightly-wheels
+    environment:
+      name: release-anaconda
+      url: https://anaconda.org/channels/scientific-python-nightly-wheels/packages/pillow/overview
    steps:
-      - uses: actions/download-artifact@v5
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          pattern: dist-!(sdist)*
          path: dist
          merge-multiple: true
      - name: Upload wheels to scientific-python-nightly-wheels
-        uses: scientific-python/upload-nightly-action@b36e8c0c10dbcfd2e05bf95f17ef8c14fd708dbf # 0.6.2
+        uses: scientific-python/upload-nightly-action@e76cfec8a4611fd02808a801b0ff5a7d7c1b2d99 # 0.6.4
        with:
          artifacts_path: dist
          anaconda_nightly_upload_token: ${{ secrets.ANACONDA_ORG_UPLOAD_TOKEN }}

+  sbom:
+    if: github.event_name != 'schedule' || github.event.repository.fork == false
+    runs-on: ubuntu-latest
+    name: Generate SBOM
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        with:
+          python-version: "3.x"
+
+      - name: Generate CycloneDX SBOM
+        run: python3 .github/generate-sbom.py
+
+      - name: Upload SBOM as workflow artifact
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: sbom
+          path: "pillow-*.cdx.json"
+
+      - name: Validate SBOM
+        run: |
+          python3 -m pip install -r .ci/requirements-sbom.txt
+          check-jsonschema --schemafile "https://raw.githubusercontent.com/CycloneDX/specification/1.7/schema/bom-1.7.schema.json" pillow-*.cdx.json
+
+  sbom-publish:
+    if: |
+      github.event.repository.fork == false
+      && github.event_name == 'push'
+      && startsWith(github.ref, 'refs/tags')
+    needs: [count-dists, sbom]
+    runs-on: ubuntu-latest
+    name: Publish SBOM to GitHub release
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          name: sbom
+          path: .
+
+      - name: Attach SBOM to GitHub release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: gh release upload "$GITHUB_REF_NAME" pillow-*.cdx.json
+
  pypi-publish:
-    if: github.repository_owner == 'python-pillow' && github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
+    if: github.event.repository.fork == false && github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
    needs: count-dists
    runs-on: ubuntu-latest
    name: Upload release to PyPI
@ -297,12 +357,12 @@ jobs:
    permissions:
      id-token: write
    steps:
-      - uses: actions/download-artifact@v5
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          pattern: dist-*
          path: dist
          merge-multiple: true
      - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
        with:
          attestations: true
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@ -1,7 +0,0 @@
-# Configuration for the zizmor static analysis tool, run via pre-commit in CI
-# https://docs.zizmor.sh/configuration/
-rules:
-  unpinned-uses:
-    config:
-      policies:
-        "*": ref-pin
--- a/.gitignore
+++ b/.gitignore
@ -97,3 +97,6 @@ pillow-test-images.zip

 # pyinstaller
 *.spec
+
+# Generated SBOM
+pillow-*.cdx.json
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,30 +1,30 @@
 repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.13.3
+    rev: v0.15.12
    hooks:
      - id: ruff-check
        args: [--exit-non-zero-on-fix]

  - repo: https://github.com/psf/black-pre-commit-mirror
-    rev: 25.9.0
+    rev: 26.3.1
    hooks:
      - id: black

  - repo: https://github.com/PyCQA/bandit
-    rev: 1.8.6
+    rev: 1.9.4
    hooks:
    - id: bandit
      args: [--severity-level=high]
      files: ^src/

  - repo: https://github.com/Lucas-C/pre-commit-hooks
-    rev: v1.5.5
+    rev: v1.5.6
    hooks:
      - id: remove-tabs
-        exclude: (Makefile$|\.bat$|\.cmake$|\.eps$|\.fits$|\.gd$|\.opt$|\.patch$)
+        exclude: (Makefile$|\.bat$|\.cmake$|\.eps$|\.fits$|\.gd$|\.opt$)

  - repo: https://github.com/pre-commit/mirrors-clang-format
-    rev: v21.1.2
+    rev: v22.1.4
    hooks:
      - id: clang-format
        types: [c]
@ -38,6 +38,7 @@ repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v6.0.0
    hooks:
+      - id: check-case-conflict
      - id: check-executables-have-shebangs
      - id: check-shebang-scripts-are-executable
      - id: check-merge-conflict
@ -46,40 +47,42 @@ repos:
      - id: check-yaml
        args: [--allow-multiple-documents]
      - id: end-of-file-fixer
-        exclude: ^Tests/images/|\.patch$
+        exclude: ^Tests/images/
+      - id: file-contents-sorter
+        files: .github/workflows/Brewfile
      - id: trailing-whitespace
-        exclude: ^.github/.*TEMPLATE|^Tests/(fonts|images)/|\.patch$
+        exclude: ^\.github/.*TEMPLATE|^Tests/(fonts|images)/

  - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.34.0
+    rev: 0.37.2
    hooks:
      - id: check-github-workflows
      - id: check-readthedocs
      - id: check-renovate

  - repo: https://github.com/zizmorcore/zizmor-pre-commit
-    rev: v1.14.2
+    rev: v1.24.1
    hooks:
      - id: zizmor

  - repo: https://github.com/sphinx-contrib/sphinx-lint
-    rev: v1.0.0
+    rev: v1.0.2
    hooks:
      - id: sphinx-lint

  - repo: https://github.com/tox-dev/pyproject-fmt
-    rev: v2.7.0
+    rev: v2.21.1
    hooks:
      - id: pyproject-fmt

  - repo: https://github.com/abravalheri/validate-pyproject
-    rev: v0.24.1
+    rev: v0.25
    hooks:
      - id: validate-pyproject
        additional_dependencies: [trove-classifiers>=2024.10.12]

  - repo: https://github.com/tox-dev/tox-ini-fmt
-    rev: 1.6.0
+    rev: 1.7.1
    hooks:
      - id: tox-ini-fmt

--- a/2
+++ b/2
@ -5,7 +5,7 @@ The Python Imaging Library (PIL) is

 Pillow is the friendly PIL fork. It is

-    Copyright © 2010 by Jeffrey A. Clark and contributors
+    Copyright © 2010 by Jeffrey 'Alex' Clark and contributors

 Like PIL, Pillow is licensed under the open source MIT-CMU License:

--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -15,7 +15,6 @@ include tox.ini
 graft Tests
 graft Tests/images
 graft checks
-graft patches
 graft src
 graft depends
 graft winbuild
--- a/README.md
+++ b/README.md
@ -6,11 +6,13 @@

 ## Python Imaging Library (Fork)

-Pillow is the friendly PIL fork by [Jeffrey A. Clark and
+Pillow is the friendly PIL fork by [Jeffrey 'Alex' Clark and
 contributors](https://github.com/python-pillow/Pillow/graphs/contributors).
 PIL is the Python Imaging Library by Fredrik Lundh and contributors.
-As of 2019, Pillow development is
-[supported by Tidelift](https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=readme&utm_campaign=enterprise).
+Development is supported by:
+- [Tidelift](https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=readme&utm_campaign=enterprise) (since 2018)
+- [Thanks.dev](https://thanks.dev) (since 2023)
+- [GitHub Sponsors](https://github.com/sponsors/python-pillow) (since 2026)

 <table>
    <tr>
@ -106,4 +108,8 @@ The core image library is designed for fast access to data stored in a few basic

 ## Report a vulnerability

-To report a security vulnerability, please follow the procedure described in the [Tidelift security policy](https://tidelift.com/docs/security).
+To report sensitive vulnerability information, report it [privately on GitHub](https://github.com/python-pillow/Pillow/security/advisories/new).
+
+If you cannot use GitHub, use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
+
+DO NOT report sensitive vulnerability information in public.
--- a/RELEASING.md
+++ b/RELEASING.md
@ -19,6 +19,7 @@ Released as needed for security, installation or critical bug fixes.
  git checkout -t remotes/origin/5.2.x
  ```
 * [ ] Cherry pick individual commits from `main` branch to release branch e.g. `5.2.x`, then `git push`.
+* [ ] If this is a security fix: amend commits to include the CVE identifier in the commit message.
 * [ ] Check [GitHub Actions](https://github.com/python-pillow/Pillow/actions) to confirm passing tests in release branch e.g. `5.2.x`.
 * [ ] In compliance with [PEP 440](https://peps.python.org/pep-0440/), update version identifier in `src/PIL/_version.py`
 * [ ] Run pre-release check via `make release-test`.
@ -38,6 +39,7 @@ Released as needed for security, installation or critical bug fixes.
  ```bash
  git push
  ```
+* [ ] If this is a security fix: publish the [GitHub Security Advisory or Advisories](https://github.com/python-pillow/Pillow/security/advisories).

 ## Embargoed release

--- a/Tests/conftest.py
+++ b/Tests/conftest.py
@ -1,9 +1,17 @@
 from __future__ import annotations

 import io
+import sys
+import sysconfig

 import pytest

+FREE_THREADED_BUILD = bool(sysconfig.get_config_var("Py_GIL_DISABLED"))
+
+gil_enabled_at_start = True
+if FREE_THREADED_BUILD:
+    gil_enabled_at_start = sys._is_gil_enabled()  # type: ignore[attr-defined]
+

 def pytest_report_header(config: pytest.Config) -> str:
    try:
@ -16,6 +24,25 @@ def pytest_report_header(config: pytest.Config) -> str:
        return f"pytest_report_header failed: {e}"


+def pytest_terminal_summary(terminalreporter: pytest.TerminalReporter) -> None:
+    if (
+        FREE_THREADED_BUILD
+        and not gil_enabled_at_start
+        and sys._is_gil_enabled()  # type: ignore[attr-defined]
+    ):
+        tr = terminalreporter
+        tr.ensure_newline()
+        tr.section("GIL re-enabled", red=True, bold=True)
+        tr.line("The GIL was re-enabled at runtime during the tests.")
+        tr.line("This can happen with no test failures if the RuntimeWarning")
+        tr.line("raised by Python when this happens is filtered by a test.")
+        tr.line("")
+        tr.line("Please ensure all new C modules declare support for running")
+        tr.line("without the GIL. Any new tests that intentionally imports")
+        tr.line("code that re-enables the GIL should do so in a subprocess.")
+        pytest.exit("GIL re-enabled during tests", returncode=1)
+
+
 def pytest_configure(config: pytest.Config) -> None:
    config.addinivalue_line(
        "markers",
--- a/Tests/fonts/AdobeVFPrototypeDuplicates.ttf
+++ b/Tests/fonts/AdobeVFPrototypeDuplicates.ttf
--- a/Tests/fonts/LICENSE.txt
+++ b/Tests/fonts/LICENSE.txt
@ -2,7 +2,7 @@
 NotoNastaliqUrdu-Regular.ttf and NotoSansSymbols-Regular.ttf, from https://github.com/googlei18n/noto-fonts
 NotoSans-Regular.ttf, from https://www.google.com/get/noto/
 NotoSansJP-Thin.otf, from https://www.google.com/get/noto/help/cjk/
-AdobeVFPrototype.ttf, from https://github.com/adobe-fonts/adobe-variable-font-prototype
+AdobeVFPrototype.ttf, from https://github.com/adobe-fonts/adobe-variable-font-prototype. AdobeVFPrototypeDuplicates.ttf is a modified version of this
 TINY5x3GX.ttf, from http://velvetyne.fr/fonts/tiny
 ArefRuqaa-Regular.ttf, from https://github.com/google/fonts/tree/master/ofl/arefruqaa
 ter-x20b.pcf, from http://terminus-font.sourceforge.net/
--- a/Tests/fonts/fuzz_font-5203009437302784
+++ b/Tests/fonts/fuzz_font-5203009437302784
@ -1,10 +1,10 @@
 STARTFONT
 FONT ÿ
 SIZE 10
-FONTBOUNDINGBOX
-CHARS
+FONTBOUNDINGBOX 1 1 0 0
+CHARS 1
 STARTCHAR 
-ENCODING
+ENCODING 65
 BBX 2 5
 ENDCHAR
 ENDFONT
--- a/Tests/helper.py
+++ b/Tests/helper.py
@ -55,8 +55,8 @@ def convert_to_comparable(
    if a.mode == "P":
        new_a = Image.new("L", a.size)
        new_b = Image.new("L", b.size)
-        new_a.putdata(a.getdata())
-        new_b.putdata(b.getdata())
+        new_a.putdata(a.get_flattened_data())
+        new_b.putdata(b.get_flattened_data())
    elif a.mode == "I;16":
        new_a = a.convert("I")
        new_b = b.convert("I")
@ -104,10 +104,9 @@ def assert_image_equal_tofile(
    msg: str | None = None,
    mode: str | None = None,
 ) -> None:
-    with Image.open(filename) as img:
-        if mode:
-            img = img.convert(mode)
-        assert_image_equal(a, img, msg)
+    with Image.open(filename) as im:
+        converted_im = im.convert(mode) if mode else im
+        assert_image_equal(a, converted_im, msg)


 def assert_image_similar(
--- a/Tests/images/bmp/html/bkgd.png
+++ b/Tests/images/bmp/html/bkgd.png
--- a/Tests/images/bmp/html/bmpsuite.html
+++ b/Tests/images/bmp/html/bmpsuite.html
@ -1,578 +0,0 @@
-<!DOCTYPE html>
-<html>
-
-<head>
-
-<title>BMP Suite Image List</title>
-
-<style>
- .b { background:url(bkgd.png); }
- .q { background-color:#fff0e0; }
- .bad { background-color:#ffa0a0; }
-</style>
-
-</head>
-
-<body>
-
-<h1>BMP Suite Image List</h1>
-
-<p><i>For <a href="http://entropymine.com/jason/bmpsuite/">BMP Suite</a>
-version 2.3</i></p>
-
-<p>This document describes the images in <i>BMP Suite</i>, and shows what
-I allege to be the correct way to interpret them. PNG and JPEG images are
-used for reference.
-</p>
-
-<p>It also shows how your web browser displays the BMP images,
-but that&rsquo;s not its main purpose.
-BMP is poor image format to use on web pages, so a web browser&rsquo;s
-level of support for it is arguably not important.</p>
-
-<table border=1 cellpadding=8>
-
- <tr>
-  <th>File</th>
-  <th>Ver.</th>
-  <th>Correct display</th>
-  <th>In your browser</th>
-  <th>Notes</th>
- </tr>
-
- <tr>
-  <td>g/pal1.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal1.png"></td>
-  <td class=b><img src="../g/pal1.bmp"></td>
-  <td>1 bit/pixel paletted image, in which black is the first color in
-   the palette.</td>
- </tr>
-
- <tr>
-  <td>g/pal1wb.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal1.png"></td>
-  <td class=b><img src="../g/pal1wb.bmp"></td>
-  <td>1 bit/pixel paletted image, in which white is the first color in
-   the palette.</td>
- </tr>
-
- <tr>
-  <td>g/pal1bg.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal1bg.png"></td>
-  <td class=b><img src="../g/pal1bg.bmp"></td>
-  <td>1 bit/pixel paletted image, with colors other than black and white.</td>
- </tr>
-
- <tr>
-  <td class=q>q/pal1p1.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal1p1.png"></td>
-  <td class=b><img src="../q/pal1p1.bmp"></td>
-  <td>1 bit/pixel paletted image, with only one color in the palette.
-   The documentation says that 1-bpp images have a palette size of 2
-   (not &ldquo;up to 2&rdquo;), but it would be silly for a viewer not to
-   support a size of 1.</td>
- </tr>
-
- <tr>
-  <td class=q>q/pal2.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal2.png"></td>
-  <td class=b><img src="../q/pal2.bmp"></td>
-  <td>A paletted image with 2 bits/pixel. Usually only 1, 4,
-   and 8 are allowed, but 2 is legal on Windows CE.</td>
- </tr>
-
- <tr>
-  <td>g/pal4.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal4.png"></td>
-  <td class=b><img src="../g/pal4.bmp"></td>
-  <td>Paletted image with 12 palette colors, and 4 bits/pixel.</td>
- </tr>
-
- <tr>
-  <td>g/pal4rle.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal4.png"></td>
-  <td class=b><img src="../g/pal4rle.bmp"></td>
-  <td>4-bit image that uses RLE compression.</td>
- </tr>
-
- <tr>
-  <td class=q>q/pal4rletrns.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal4rletrns.png"><br>
-     or<br><img src="pal4rletrns-0.png"><br>
-     or<br><img src="pal4rletrns-b.png"></td>
-  <td class=b><img src="../q/pal4rletrns.bmp"></td>
-  <td>An RLE-compressed image that used &ldquo;delta&rdquo;
-  codes to skip over some pixels, leaving them undefined. Some viewers
-  make undefined pixels transparent, others make them black, and
-  others assign them palette color 0 (purple, in this case).</td>
- </tr>
-
- <tr>
-  <td>g/pal8.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../g/pal8.bmp"></td>
-  <td>Our standard paletted image, with 252 palette colors, and 8
-   bits/pixel.</td>
- </tr>
-
- <tr>
-  <td>g/pal8-0.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../g/pal8-0.bmp"></td>
-  <td>Every field that can be set to 0 is set to 0: pixels/meter=0;
-   colors used=0 (meaning the default 256); size-of-image=0.</td>
- </tr>
-
- <tr>
-  <td>g/pal8rle.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../g/pal8rle.bmp"></td>
-  <td>8-bit image that uses RLE compression.</td>
- </tr>
-
- <tr>
-  <td class=q>q/pal8rletrns.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal8rletrns.png"><br>
-     or<br><img src="pal8rletrns-0.png"><br>
-     or<br><img src="pal8rletrns-b.png"></td>
-  <td class=b><img src="../q/pal8rletrns.bmp"></td>
-  <td>8-bit version of q/pal4rletrns.bmp.</td>
- </tr>
-
- <tr>
-  <td>g/pal8w126.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal8w126.png"></td>
-  <td class=b><img src="../g/pal8w126.bmp"></td>
-  <td rowspan=3>Images with different widths and heights.
-   In BMP format, rows are padded to a multiple of four bytes, so we
-   test all four possibilities.</td>
- </tr>
-
- <tr>
-  <td>g/pal8w125.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal8w125.png"></td>
-  <td class=b><img src="../g/pal8w125.bmp"></td>
- </tr>
-
- <tr>
-  <td>g/pal8w124.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal8w124.png"></td>
-  <td class=b><img src="../g/pal8w124.bmp"></td>
- </tr>
-
- <tr>
-  <td>g/pal8topdown.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../g/pal8topdown.bmp"></td>
-  <td>BMP images are normally stored from the bottom up, but
-   there is a way to store them from the top down.</td>
- </tr>
-
- <tr>
-  <td class=q>q/pal8offs.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../q/pal8offs.bmp"></td>
-  <td>A file with some unused bytes between the palette and the
-   image. This is probably valid, but I&rsquo;m not 100% sure.</td>
- </tr>
-
- <tr>
-  <td class=q>q/pal8oversizepal.bmp</td>
-  <td>3</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../q/pal8oversizepal.bmp"></td>
-  <td>An 8-bit image with 300 palette colors. This may be invalid,
-   because the documentation could
-   be interpreted to imply that 8-bit images aren&rsquo;t allowed
-   to have more than 256 colors.</td>
- </tr>
-
- <tr>
-  <td>g/pal8nonsquare.bmp</td>
-  <td>3</td>
-  <td class=b>
-   <img src="pal8nonsquare-v.png"><br>
-   or<br>
-   <img src="pal8nonsquare-e.png">
-  </td>
-  <td class=b><img src="../g/pal8nonsquare.bmp"></td>
-  <td>An image with non-square pixels: the X pixels/meter is twice
-   the Y pixels/meter. Image <i>editors</i> can be expected to
-   leave the image &ldquo;squashed&rdquo;; image <i>viewers</i> should
-   consider stretching it to its correct proportions.</td>
- </tr>
-
- <tr>
-  <td>g/pal8os2.bmp</td>
-  <td>OS/2v1</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../g/pal8os2.bmp"></td>
-  <td>An OS/2-style bitmap.</td>
- </tr>
-
- <tr>
-  <td class=q>q/pal8os2sp.bmp</td>
-  <td>OS/2v1</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../q/pal8os2sp.bmp"></td>
-  <td>An OS/2v1 with a less-than-full-sized palette.
-   Probably not valid, but such files have been seen in the wild.</td>
- </tr>
-
- <tr>
-  <td class=q>q/pal8os2v2.bmp</td>
-  <td>OS/2v2</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../q/pal8os2v2.bmp"></td>
-  <td>My attempt to make an OS/2v2 bitmap.</td>
- </tr>
-
- <tr>
-  <td class=q>q/pal8os2v2-16.bmp</td>
-  <td>OS/2v2</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../q/pal8os2v2-16.bmp"></td>
-  <td>An OS/2v2 bitmap whose header has only 16 bytes, instead of the full 64.</td>
- </tr>
-
- <tr>
-  <td>g/pal8v4.bmp</td>
-  <td>4</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../g/pal8v4.bmp"></td>
-  <td>A v4 bitmap. I&rsquo;m not sure that the gamma and chromaticity values in
-   this file are sensible, because I can&rsquo;t find any detailed documentation
-   of them.</td>
- </tr>
-
- <tr>
-  <td>g/pal8v5.bmp</td>
-  <td>5</td>
-  <td class=b><img src="pal8.png"></td>
-  <td class=b><img src="../g/pal8v5.bmp"></td>
-  <td>A v5 bitmap. Version 5 has additional colorspace options over v4, so it
-   is easier to create, and ought to be more portable.</td>
- </tr>
-
- <tr>
-  <td>g/rgb16.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgb16.png"></td>
-  <td class=b><img src="../g/rgb16.bmp"></td>
-  <td>A 16-bit image with the default color format: 5 bits each for red,
-   green, and blue, and 1 unused bit.
-   The whitest colors should (I assume) be displayed as pure white:
-   <span style="background-color:rgb(255,255,255)">(255,255,255)</span>, not
-   <span style="background-color:rgb(248,248,248)">(248,248,248)</span>.</td>
- </tr>
-
- <tr>
-  <td>g/rgb16-565.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgb16-565.png"></td>
-  <td class=b><img src="../g/rgb16-565.bmp"></td>
-  <td>A 16-bit image with a BITFIELDS segment indicating 5 red, 6 green,
-   and 5 blue bits. This is a standard 16-bit format, even supported by
-   old versions of Windows that don&rsquo;t support any other non-default 16-bit
-   formats.
-   The whitest colors should be displayed as pure white:
-   <span style="background-color:rgb(255,255,255)">(255,255,255)</span>, not
-   <span style="background-color:rgb(248,252,248)">(248,252,248)</span>.</td>
- </tr>
-
- <tr>
-  <td>g/rgb16-565pal.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgb16-565.png"></td>
-  <td class=b><img src="../g/rgb16-565pal.bmp"></td>
-  <td>A 16-bit image with both a BITFIELDS segment and a palette.</td>
- </tr>
-
- <tr>
-  <td class=q>q/rgb16-231.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgb16-231.png"></td>
-  <td class=b><img src="../q/rgb16-231.bmp"></td>
-  <td>An unusual and silly 16-bit image, with 2 red bits, 3 green bits, and 1
-  blue bit. Most viewers do support this image, but the colors may be darkened
-  with a yellow-green shadow. That&rsquo;s because they&rsquo;re doing simple
-  bit-shifting (possibly including one round of bit replication), instead of
-  proper scaling.</td>
- </tr>
-
- <tr>
-  <td class=q>q/rgba16-4444.bmp</td>
-  <td>5</td>
-  <td class=b><img src="rgba16-4444.png"></td>
-  <td class=b><img src="../q/rgba16-4444.bmp"></td>
-  <td>A 16-bit image with an alpha channel. There are 4 bits for each color
-   channel, and 4 bits for the alpha channel.
-   It&rsquo;s not clear if this is valid, but I can&rsquo;t find anything that
-   suggests it isn&rsquo;t.
-   </td>
- </tr>
-
- <tr>
-  <td>g/rgb24.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgb24.png"></td>
-  <td class=b><img src="../g/rgb24.bmp"></td>
-  <td>A perfectly ordinary 24-bit (truecolor) image.</td>
- </tr>
-
- <tr>
-  <td>g/rgb24pal.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgb24.png"></td>
-  <td class=b><img src="../g/rgb24pal.bmp"></td>
-  <td>A 24-bit image, with a palette containing 256 colors. There is little if
-   any reason for a truecolor image to contain a palette, but it is legal.</td>
- </tr>
-
- <tr>
-  <td class=q>q/rgb24largepal.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgb24.png"></td>
-  <td class=b><img src="../q/rgb24largepal.bmp"></td>
-  <td>A 24-bit image, with a palette containing 300 colors.
-   The fact that the palette has more than 256 colors may cause some viewers
-   to complain, but the documentation does not mention a size limit.</td>
- </tr>
-
- <tr>
-  <td class=q>q/rgb24prof.bmp</td>
-  <td>5</td>
-  <td class=b><img src="rgb24.png"></td>
-  <td class=b><img src="../q/rgb24prof.bmp"></td>
-  <td>My attempt to make a BMP file with an embedded color profile.</td>
- </tr>
-
- <tr>
-  <td class=q>q/rgb24lprof.bmp</td>
-  <td>5</td>
-  <td class=b><img src="rgb24.png"></td>
-  <td class=b><img src="../q/rgb24lprof.bmp"></td>
-  <td>My attempt to make a BMP file with a linked color profile.</td>
- </tr>
-
- <tr>
-  <td class=q>q/rgb24jpeg.bmp</td>
-  <td>5</td>
-  <td class=b><img src="rgb24.jpg"></td>
-  <td class=b><img src="../q/rgb24jpeg.bmp"></td>
-  <td rowspan=2>My attempt to make BMP files with embedded JPEG and PNG images.
-   These are not likely to be supported by much of anything (they&rsquo;re
-   intended for printers).</td>
- </tr>
-
- <tr>
-  <td class=q>q/rgb24png.bmp</td>
-  <td>5</td>
-  <td class=b><img src="rgb24.png"></td>
-  <td class=b><img src="../q/rgb24png.bmp"></td>
- </tr>
-
- <tr>
-  <td>g/rgb32.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgb24.png"></td>
-  <td class=b><img src="../g/rgb32.bmp"></td>
-  <td>A 32-bit image using the default color format for 32-bit images (no
-   BITFIELDS segment). There are 8 bits per color channel, and 8 unused
-   bits. The unused bits are set to 0.</td>
- </tr>
-
- <tr>
-  <td>g/rgb32bf.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgb24.png"></td>
-  <td class=b><img src="../g/rgb32bf.bmp"></td>
-  <td>A 32-bit image with a BITFIELDS segment. As usual, there are 8 bits per
-   color channel, and 8 unused bits. But the color channels are in an unusual
-   order, so the viewer must read the BITFIELDS, and not just guess.</td>
- </tr>
-
- <tr>
-  <td class=q>q/rgb32fakealpha.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgb24.png"><br>
-    or<br>
-    <img class=b src="fakealpha.png">
-</td>
-  <td class=b><img src="../q/rgb32fakealpha.bmp"></td>
-  <td>Same as g/rgb32.bmp, except that the unused bits are set to something
-   other than 0.
-   If the image becomes transparent toward the bottom, it probably means
-   the viewer uses heuristics to guess whether the undefined
-   data represents transparency.</td>
- </tr>
-
- <tr>
-  <td class=q>q/rgb32-111110.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgb24.png"></td>
-  <td class=b><img src="../q/rgb32-111110.bmp"></td>
-  <td>A 32 bits/pixel image, with all 32 bits used: 11 each for red and
-   green, and 10 for blue. As far as I know, this is perfectly valid, but it
-   is unusual.</td>
- </tr>
-
- <tr>
-  <td class=q>q/rgba32.bmp</td>
-  <td>5</td>
-  <td class=b><img src="rgba32.png"></td>
-  <td class=b><img src="../q/rgba32.bmp"></td>
-  <td>A BMP with an alpha channel. Transparency is barely documented,
-   so it&rsquo;s <i>possible</i> that this file is not correctly formed.
-   The color channels are in an unusual order, to prevent viewers from
-   passing this test by making a lucky guess.</td>
- </tr>
-
- <tr>
-  <td class=q>q/rgba32abf.bmp</td>
-  <td>3</td>
-  <td class=b><img src="rgba32.png"></td>
-  <td class=b><img src="../q/rgba32abf.bmp"></td>
-  <td>An image of type BI_ALHPABITFIELDS. Supposedly, this was used on
-   Windows CE. I don&rsquo;t know whether it is constructed correctly.</td>
- </tr>
-
-
- <tr>
-  <td class=bad>b/badbitcount.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/badbitcount.bmp"></td>
-  <td>Header indicates an absurdly large number of bits/pixel.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/badbitssize.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/badbitssize.bmp"></td>
-  <td>Header incorrectly indicates that the bitmap is several GB in size.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/baddens1.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/baddens1.bmp"></td>
-  <td rowspan=2>Density (pixels per meter) suggests the image is <i>much</i>
-      larger in one dimension than the other.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/baddens2.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/baddens2.bmp"></td>
- </tr>
-
- <tr>
-  <td class=bad>b/badfilesize.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/badfilesize.bmp"></td>
-  <td>Header incorrectly indicates that the file is several GB in size.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/badheadersize.bmp</td>
-  <td>?</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/badheadersize.bmp"></td>
-  <td>Header size is 66 bytes, which is not a valid size for any known BMP
-   version.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/badpalettesize.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/badpalettesize.bmp"></td>
-  <td>Header incorrectly indicates that the palette contains an absurdly large
-   number of colors.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/badplanes.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/badplanes.bmp"></td>
-  <td>The &ldquo;planes&rdquo; setting, which is required to be 1, is not 1.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/badrle.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/badrle.bmp"></td>
-  <td>An invalid RLE-compressed image that tries to cause buffer overruns.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/badwidth.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/badwidth.bmp"></td>
-  <td>The image claims to be a negative number of pixels in width.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/pal8badindex.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/pal8badindex.bmp"></td>
-  <td>Many of the palette indices used in the image are not present in the
-   palette.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/reallybig.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/reallybig.bmp"></td>
-  <td>An image with a very large reported width and height.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/rletopdown.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/rletopdown.bmp"></td>
-  <td>An RLE-compressed image that tries to use top-down orientation,
-   which isn&rsquo;t allowed.</td>
- </tr>
-
- <tr>
-  <td class=bad>b/shortfile.bmp</td>
-  <td>3</td>
-  <td class=b>N/A</td>
-  <td class=b><img src="../b/shortfile.bmp"></td>
-  <td>A file that has been truncated in the middle of the bitmap.</td>
- </tr>
-
-</table>
-
-</body>
-
-</html>
--- a/Tests/images/bmp/html/fakealpha.png
+++ b/Tests/images/bmp/html/fakealpha.png
--- a/Tests/images/bmp/html/pal1p1.png
+++ b/Tests/images/bmp/html/pal1p1.png
--- a/Tests/images/bmp/html/pal2.png
+++ b/Tests/images/bmp/html/pal2.png
--- a/Tests/images/bmp/html/pal4rletrns-0.png
+++ b/Tests/images/bmp/html/pal4rletrns-0.png
--- a/Tests/images/bmp/html/pal4rletrns-b.png
+++ b/Tests/images/bmp/html/pal4rletrns-b.png
--- a/Tests/images/bmp/html/pal4rletrns.png
+++ b/Tests/images/bmp/html/pal4rletrns.png
--- a/Tests/images/bmp/html/pal8nonsquare-v.png
+++ b/Tests/images/bmp/html/pal8nonsquare-v.png
--- a/Tests/images/bmp/html/pal8rletrns-0.png
+++ b/Tests/images/bmp/html/pal8rletrns-0.png
--- a/Tests/images/bmp/html/pal8rletrns-b.png
+++ b/Tests/images/bmp/html/pal8rletrns-b.png
--- a/Tests/images/bmp/html/pal8rletrns.png
+++ b/Tests/images/bmp/html/pal8rletrns.png
--- a/Tests/images/bmp/html/rgb16-231.png
+++ b/Tests/images/bmp/html/rgb16-231.png
--- a/Tests/images/bmp/html/rgb24.jpg
+++ b/Tests/images/bmp/html/rgb24.jpg
--- a/Tests/images/bmp/html/rgba16-4444.png
+++ b/Tests/images/bmp/html/rgba16-4444.png
--- a/Tests/images/bmp/html/rgba32.png
+++ b/Tests/images/bmp/html/rgba32.png
--- a/Tests/images/imagedraw_rounded_rectangle_radius.png
+++ b/Tests/images/imagedraw_rounded_rectangle_radius.png
--- a/Tests/images/morph_a.png
+++ b/Tests/images/morph_a.png
--- a/Tests/images/pal8_offset.bmp
+++ b/Tests/images/pal8_offset.bmp
--- a/Tests/images/pal8rletrns.png
+++ b/Tests/images/pal8rletrns.png
--- a/Tests/images/psd-oob-write-overflow.psd
+++ b/Tests/images/psd-oob-write-overflow.psd
--- a/Tests/images/psd-oob-write-x.psd
+++ b/Tests/images/psd-oob-write-x.psd
--- a/Tests/images/psd-oob-write-y.psd
+++ b/Tests/images/psd-oob-write-y.psd
--- a/Tests/images/psd-oob-write.psd
+++ b/Tests/images/psd-oob-write.psd
--- a/Tests/images/separate_planar_extra_samples.tiff
+++ b/Tests/images/separate_planar_extra_samples.tiff
--- a/Tests/images/trailer_loop.pdf
+++ b/Tests/images/trailer_loop.pdf
--- a/Tests/images/zero_mask_totals.dds
+++ b/Tests/images/zero_mask_totals.dds
--- a/Tests/test_arro3.py
+++ b/Tests/test_arro3.py
@ -213,7 +213,7 @@ INT32 = DataShape(
    ),
 )
 def test_fromarray(mode: str, data_tp: DataShape, mask: list[int] | None) -> None:
-    (dtype, elt, elts_per_pixel) = data_tp
+    dtype, elt, elts_per_pixel = data_tp

    ct_pixels = TEST_IMAGE_SIZE[0] * TEST_IMAGE_SIZE[1]
    if dtype == fl_uint8_4_type:
@ -239,7 +239,7 @@ def test_fromarray(mode: str, data_tp: DataShape, mask: list[int] | None) -> Non
 )
@pytest.mark.parametrize("data_tp", (UINT32, INT32))
 def test_from_int32array(mode: str, mask: list[int] | None, data_tp: DataShape) -> None:
-    (dtype, elt, elts_per_pixel) = data_tp
+    dtype, elt, elts_per_pixel = data_tp

    ct_pixels = TEST_IMAGE_SIZE[0] * TEST_IMAGE_SIZE[1]
    arr = Array([elt] * (ct_pixels * elts_per_pixel), type=dtype)
--- a/Tests/test_arrow.py
+++ b/Tests/test_arrow.py
@ -68,7 +68,7 @@ def test_multiblock_l_image() -> None:
    img = Image.new("L", size, 128)

    with pytest.raises(ValueError):
-        (schema, arr) = img.__arrow_c_array__()
+        schema, arr = img.__arrow_c_array__()


 def test_multiblock_rgba_image() -> None:
@ -79,7 +79,7 @@ def test_multiblock_rgba_image() -> None:
    img = Image.new("RGBA", size, (128, 127, 126, 125))

    with pytest.raises(ValueError):
-        (schema, arr) = img.__arrow_c_array__()
+        schema, arr = img.__arrow_c_array__()


 def test_multiblock_l_schema() -> None:
@ -114,7 +114,7 @@ def test_singleblock_l_image() -> None:
    img = Image.new("L", size, 128)
    assert img.im.isblock()

-    (schema, arr) = img.__arrow_c_array__()
+    schema, arr = img.__arrow_c_array__()
    assert schema
    assert arr

@ -130,7 +130,7 @@ def test_singleblock_rgba_image() -> None:
    img = Image.new("RGBA", size, (128, 127, 126, 125))
    assert img.im.isblock()

-    (schema, arr) = img.__arrow_c_array__()
+    schema, arr = img.__arrow_c_array__()
    assert schema
    assert arr
    Image.core.set_use_block_allocator(0)
--- a/Tests/test_bmp_reference.py
+++ b/Tests/test_bmp_reference.py
@ -56,7 +56,7 @@ def test_questionable() -> None:
                im.load()
            if os.path.basename(f) not in supported:
                print(f"Please add {f} to the partially supported bmp specs.")
-        except Exception:  # as msg:
+        except Exception:  # noqa: PERF203
            if os.path.basename(f) in supported:
                raise

@ -72,7 +72,7 @@ def test_good() -> None:
        "pal8-0.bmp": "pal8.png",
        "pal8rle.bmp": "pal8.png",
        "pal8topdown.bmp": "pal8.png",
-        "pal8nonsquare.bmp": "pal8nonsquare-v.png",
+        "pal8nonsquare.bmp": "pal8nonsquare-e.png",
        "pal8os2.bmp": "pal8.png",
        "pal8os2sp.bmp": "pal8.png",
        "pal8os2v2.bmp": "pal8.png",
@ -95,18 +95,18 @@ def test_good() -> None:
    for f in get_files("g"):
        try:
            with Image.open(f) as im:
-                im.load()
                with Image.open(get_compare(f)) as compare:
-                    compare.load()
-                    if im.mode == "P":
-                        # assert image similar doesn't really work
-                        # with paletized image, since the palette might
-                        # be differently ordered for an equivalent image.
-                        im = im.convert("RGBA")
-                        compare = im.convert("RGBA")
-                    assert_image_similar(im, compare, 5)
+                    # assert image similar doesn't really work
+                    # with paletized image, since the palette might
+                    # be differently ordered for an equivalent image.
+                    im_converted = im.convert("RGBA") if im.mode == "P" else im
+                    compare_converted = (
+                        compare.convert("RGBA") if im.mode == "P" else compare
+                    )

-        except Exception as msg:
+                    assert_image_similar(im_converted, compare_converted, 5)
+
+        except Exception as msg:  # noqa: PERF203
            # there are three here that are unsupported:
            unsupported = (
                os.path.join(base, "g", "rgb32bf.bmp"),
--- a/Tests/test_box_blur.py
+++ b/Tests/test_box_blur.py
@ -28,9 +28,13 @@ def box_blur(image: Image.Image, radius: float = 1, n: int = 1) -> Image.Image:


 def assert_image(im: Image.Image, data: list[list[int]], delta: int = 0) -> None:
-    it = iter(im.getdata())
+    it = iter(im.get_flattened_data())
    for data_row in data:
-        im_row = [next(it) for _ in range(im.size[0])]
+        im_row = []
+        for _ in range(im.width):
+            im_v = next(it)
+            assert isinstance(im_v, (int, float))
+            im_row.append(im_v)
        if any(abs(data_v - im_v) > delta for data_v, im_v in zip(data_row, im_row)):
            assert im_row == data_row
    with pytest.raises(StopIteration):
--- a/Tests/test_file_apng.py
+++ b/Tests/test_file_apng.py
@ -1,5 +1,6 @@
 from __future__ import annotations

+from io import BytesIO
 from pathlib import Path

 import pytest
@ -277,25 +278,25 @@ def test_apng_mode() -> None:
        assert isinstance(im, PngImagePlugin.PngImageFile)
        assert im.mode == "P"
        im.seek(im.n_frames - 1)
-        im = im.convert("RGB")
-        assert im.getpixel((0, 0)) == (0, 255, 0)
-        assert im.getpixel((64, 32)) == (0, 255, 0)
+        im_rgb = im.convert("RGB")
+    assert im_rgb.getpixel((0, 0)) == (0, 255, 0)
+    assert im_rgb.getpixel((64, 32)) == (0, 255, 0)

    with Image.open("Tests/images/apng/mode_palette_alpha.png") as im:
        assert isinstance(im, PngImagePlugin.PngImageFile)
        assert im.mode == "P"
        im.seek(im.n_frames - 1)
-        im = im.convert("RGBA")
-        assert im.getpixel((0, 0)) == (0, 255, 0, 255)
-        assert im.getpixel((64, 32)) == (0, 255, 0, 255)
+        im_rgba = im.convert("RGBA")
+    assert im_rgba.getpixel((0, 0)) == (0, 255, 0, 255)
+    assert im_rgba.getpixel((64, 32)) == (0, 255, 0, 255)

    with Image.open("Tests/images/apng/mode_palette_1bit_alpha.png") as im:
        assert isinstance(im, PngImagePlugin.PngImageFile)
        assert im.mode == "P"
        im.seek(im.n_frames - 1)
-        im = im.convert("RGBA")
-        assert im.getpixel((0, 0)) == (0, 0, 255, 128)
-        assert im.getpixel((64, 32)) == (0, 0, 255, 128)
+        im_rgba = im.convert("RGBA")
+    assert im_rgba.getpixel((0, 0)) == (0, 0, 255, 128)
+    assert im_rgba.getpixel((64, 32)) == (0, 0, 255, 128)


 def test_apng_chunk_errors() -> None:
@ -517,6 +518,24 @@ def test_apng_save_duration_loop(tmp_path: Path) -> None:
        assert im.info["duration"] == 600


+def test_apng_save_duration_float(tmp_path: Path) -> None:
+    test_file = tmp_path / "temp.png"
+    im = Image.new("1", (1, 1))
+    im2 = Image.new("1", (1, 1), 1)
+    im.save(test_file, save_all=True, append_images=[im2], duration=0.5)
+
+    with Image.open(test_file) as reloaded:
+        assert reloaded.info["duration"] == 0.5
+
+
+def test_apng_save_large_duration(tmp_path: Path) -> None:
+    test_file = tmp_path / "temp.png"
+    im = Image.new("1", (1, 1))
+    im2 = Image.new("1", (1, 1), 1)
+    with pytest.raises(ValueError, match="cannot write duration"):
+        im.save(test_file, save_all=True, append_images=[im2], duration=65536000)
+
+
 def test_apng_save_disposal(tmp_path: Path) -> None:
    test_file = tmp_path / "temp.png"
    size = (128, 64)
@ -718,6 +737,25 @@ def test_apng_save_size(tmp_path: Path) -> None:
        assert reloaded.size == (200, 200)


+def test_compress_level() -> None:
+    compress_level_sizes = {}
+    for compress_level in (0, 9):
+        out = BytesIO()
+
+        im = Image.new("L", (100, 100))
+        im.save(
+            out,
+            "PNG",
+            save_all=True,
+            append_images=[Image.new("L", (200, 200))],
+            compress_level=compress_level,
+        )
+
+        compress_level_sizes[compress_level] = len(out.getvalue())
+
+    assert compress_level_sizes[0] > compress_level_sizes[9]
+
+
 def test_seek_after_close() -> None:
    im = Image.open("Tests/images/apng/delay.png")
    im.seek(1)
--- a/Tests/test_file_avif.py
+++ b/Tests/test_file_avif.py
@ -121,7 +121,6 @@ class TestFileAvif:
            assert image.size == (128, 128)
            assert image.format == "AVIF"
            assert image.get_format_mimetype() == "image/avif"
-            image.getdata()

            # generated with:
            # avifdec hopper.avif hopper_avif_write.png
@ -143,18 +142,17 @@ class TestFileAvif:
            assert reloaded.mode == "RGB"
            assert reloaded.size == (128, 128)
            assert reloaded.format == "AVIF"
-            reloaded.getdata()

            # avifdec hopper.avif avif/hopper_avif_write.png
            assert_image_similar_tofile(
-                reloaded, "Tests/images/avif/hopper_avif_write.png", 6.02
+                reloaded, "Tests/images/avif/hopper_avif_write.png", 6.93
            )

            # This test asserts that the images are similar. If the average pixel
            # difference between the two images is less than the epsilon value,
            # then we're going to accept that it's a reasonable lossy version of
            # the image.
-            assert_image_similar(reloaded, im, 8.62)
+            assert_image_similar(reloaded, im, 9.39)

    def test_AvifEncoder_with_invalid_args(self) -> None:
        """
@ -463,12 +461,9 @@ class TestFileAvif:
    @pytest.mark.parametrize(
        "advanced",
        [
-            {
-                "aq-mode": "1",
-                "enable-chroma-deltaq": "1",
-            },
-            (("aq-mode", "1"), ("enable-chroma-deltaq", "1")),
-            [("aq-mode", "1"), ("enable-chroma-deltaq", "1")],
+            {"tune": "psnr"},
+            (("tune", "psnr"),),
+            [("tune", "psnr")],
        ],
    )
    def test_encoder_advanced_codec_options(
--- a/Tests/test_file_bmp.py
+++ b/Tests/test_file_bmp.py
@ -42,7 +42,7 @@ def test_fallback_if_mmap_errors() -> None:
    # This image has been truncated,
    # so that the buffer is not large enough when using mmap
    with Image.open("Tests/images/mmap_error.bmp") as im:
-        assert_image_equal_tofile(im, "Tests/images/pal8_offset.bmp")
+        assert_image_equal_tofile(im, "Tests/images/bmp/g/pal8.bmp")


 def test_save_to_bytes() -> None:
@ -165,9 +165,9 @@ def test_rgba_bitfields() -> None:
    with Image.open("Tests/images/rgb32bf-rgba.bmp") as im:
        # So before the comparing the image, swap the channels
        b, g, r = im.split()[1:]
-        im = Image.merge("RGB", (r, g, b))
+        im_rgb = Image.merge("RGB", (r, g, b))

-    assert_image_equal_tofile(im, "Tests/images/bmp/q/rgb32bf-xbgr.bmp")
+    assert_image_equal_tofile(im_rgb, "Tests/images/bmp/q/rgb32bf-xbgr.bmp")

    # This test image has been manually hexedited
    # to change the bitfield compression in the header from XBGR to ABGR
@ -221,6 +221,11 @@ def test_rle8_eof(file_name: str, length: int) -> None:
            im.load()


+def test_rle_delta() -> None:
+    with Image.open("Tests/images/bmp/q/pal8rletrns.bmp") as im:
+        assert_image_equal_tofile(im, "Tests/images/pal8rletrns.png")
+
+
 def test_unsupported_bmp_bitfields_layout() -> None:
    fp = io.BytesIO(
        o32(40)  # header size
@ -233,11 +238,21 @@ def test_unsupported_bmp_bitfields_layout() -> None:
        Image.open(fp)


-def test_offset() -> None:
-    # This image has been hexedited
-    # to exclude the palette size from the pixel data offset
-    with Image.open("Tests/images/pal8_offset.bmp") as im:
-        assert_image_equal_tofile(im, "Tests/images/bmp/g/pal8.bmp")
+@pytest.mark.parametrize(
+    "offset, path",
+    (
+        (26, "pal8os2.bmp"),
+        (54, "pal8.bmp"),
+    ),
+)
+def test_offset(offset: int, path: str) -> None:
+    image_path = "Tests/images/bmp/g/" + path
+    # Exclude the palette size from the pixel data offset
+    with open(image_path, "rb") as fp:
+        data = fp.read()
+        data = data[:10] + o32(offset) + data[14:]
+        with Image.open(io.BytesIO(data)) as im:
+            assert_image_equal_tofile(im, image_path)


 def test_use_raw_alpha(monkeypatch: pytest.MonkeyPatch) -> None:
--- a/Tests/test_file_bufrstub.py
+++ b/Tests/test_file_bufrstub.py
@ -61,6 +61,7 @@ def test_handler(tmp_path: Path) -> None:

        def load(self, im: ImageFile.StubImageFile) -> Image.Image:
            self.loaded = True
+            assert im.fp is not None
            im.fp.close()
            return Image.new("RGB", (1, 1))

--- a/Tests/test_file_container.py
+++ b/Tests/test_file_container.py
@ -179,9 +179,7 @@ def test_iter(bytesmode: bool) -> None:
        container = ContainerIO.ContainerIO(fh, 0, 120)

        # Act
-        data = []
-        for line in container:
-            data.append(line)
+        data = list(container)

        # Assert
        if bytesmode:
--- a/Tests/test_file_dds.py
+++ b/Tests/test_file_dds.py
@ -57,7 +57,7 @@ TEST_FILE_UNCOMPRESSED_RGB_WITH_ALPHA = "Tests/images/uncompressed_rgb.dds"
 def test_sanity_dxt1_bc1(image_path: str) -> None:
    """Check DXT1 and BC1 images can be opened"""
    with Image.open(TEST_FILE_DXT1.replace(".dds", ".png")) as target:
-        target = target.convert("RGBA")
+        target_rgba = target.convert("RGBA")
    with Image.open(image_path) as im:
        im.load()

@ -65,7 +65,7 @@ def test_sanity_dxt1_bc1(image_path: str) -> None:
        assert im.mode == "RGBA"
        assert im.size == (256, 256)

-        assert_image_equal(im, target)
+        assert_image_equal(im, target_rgba)


 def test_sanity_dxt3() -> None:
@ -380,6 +380,11 @@ def test_palette() -> None:
        assert_image_equal_tofile(im, "Tests/images/transparent.gif")


+def test_zero_mask_totals() -> None:
+    with Image.open("Tests/images/zero_mask_totals.dds") as im:
+        im.load()
+
+
 def test_unsupported_header_size() -> None:
    with pytest.raises(OSError, match="Unsupported header size 0"):
        with Image.open(BytesIO(b"DDS " + b"\x00" * 4)):
@ -515,9 +520,9 @@ def test_save_dx10_bc5(tmp_path: Path) -> None:
        im.save(out, pixel_format="BC5")
    assert_image_similar_tofile(im, out, 9.56)

-    im = hopper("L")
+    im_l = hopper("L")
    with pytest.raises(OSError, match="only RGB mode can be written as BC5"):
-        im.save(out, pixel_format="BC5")
+        im_l.save(out, pixel_format="BC5")


@pytest.mark.parametrize(
--- a/Tests/test_file_eps.py
+++ b/Tests/test_file_eps.py
@ -1,6 +1,7 @@
 from __future__ import annotations

 import io
+import subprocess
 from pathlib import Path

 import pytest
@ -265,9 +266,9 @@ def test_bytesio_object() -> None:
        img.load()

        with Image.open(FILE1_COMPARE) as image1_scale1_compare:
-            image1_scale1_compare = image1_scale1_compare.convert("RGB")
-        image1_scale1_compare.load()
-        assert_image_similar(img, image1_scale1_compare, 5)
+            image1_scale1_compare_rgb = image1_scale1_compare.convert("RGB")
+        image1_scale1_compare_rgb.load()
+        assert_image_similar(img, image1_scale1_compare_rgb, 5)


@pytest.mark.skipif(not HAS_GHOSTSCRIPT, reason="Ghostscript not available")
@ -281,6 +282,11 @@ def test_bytesio_object() -> None:
    ),
 )
 def test_1(filename: str) -> None:
+    gs_binary = EpsImagePlugin.gs_binary
+    assert isinstance(gs_binary, str)
+    if subprocess.check_output([gs_binary, "--version"]) == b"10.06.0\n":
+        pytest.skip("Fails with Ghostscript 10.06.0")
+
    with Image.open(filename) as im:
        assert_image_equal_tofile(im, "Tests/images/eps/1.bmp")

@ -301,17 +307,17 @@ def test_render_scale1() -> None:
    with Image.open(FILE1) as image1_scale1:
        image1_scale1.load()
        with Image.open(FILE1_COMPARE) as image1_scale1_compare:
-            image1_scale1_compare = image1_scale1_compare.convert("RGB")
-        image1_scale1_compare.load()
-        assert_image_similar(image1_scale1, image1_scale1_compare, 5)
+            image1_scale1_compare_rgb = image1_scale1_compare.convert("RGB")
+        image1_scale1_compare_rgb.load()
+        assert_image_similar(image1_scale1, image1_scale1_compare_rgb, 5)

    # Non-zero bounding box
    with Image.open(FILE2) as image2_scale1:
        image2_scale1.load()
        with Image.open(FILE2_COMPARE) as image2_scale1_compare:
-            image2_scale1_compare = image2_scale1_compare.convert("RGB")
-        image2_scale1_compare.load()
-        assert_image_similar(image2_scale1, image2_scale1_compare, 10)
+            image2_scale1_compare_rgb = image2_scale1_compare.convert("RGB")
+        image2_scale1_compare_rgb.load()
+        assert_image_similar(image2_scale1, image2_scale1_compare_rgb, 10)


@pytest.mark.skipif(not HAS_GHOSTSCRIPT, reason="Ghostscript not available")
@ -324,18 +330,16 @@ def test_render_scale2() -> None:
        assert isinstance(image1_scale2, EpsImagePlugin.EpsImageFile)
        image1_scale2.load(scale=2)
        with Image.open(FILE1_COMPARE_SCALE2) as image1_scale2_compare:
-            image1_scale2_compare = image1_scale2_compare.convert("RGB")
-        image1_scale2_compare.load()
-        assert_image_similar(image1_scale2, image1_scale2_compare, 5)
+            image1_scale2_compare_rgb = image1_scale2_compare.convert("RGB")
+        assert_image_similar(image1_scale2, image1_scale2_compare_rgb, 5)

    # Non-zero bounding box
    with Image.open(FILE2) as image2_scale2:
        assert isinstance(image2_scale2, EpsImagePlugin.EpsImageFile)
        image2_scale2.load(scale=2)
        with Image.open(FILE2_COMPARE_SCALE2) as image2_scale2_compare:
-            image2_scale2_compare = image2_scale2_compare.convert("RGB")
-        image2_scale2_compare.load()
-        assert_image_similar(image2_scale2, image2_scale2_compare, 10)
+            image2_scale2_compare_rgb = image2_scale2_compare.convert("RGB")
+        assert_image_similar(image2_scale2, image2_scale2_compare_rgb, 10)


@pytest.mark.skipif(not HAS_GHOSTSCRIPT, reason="Ghostscript not available")
@ -345,8 +349,8 @@ def test_render_scale2() -> None:
 def test_resize(filename: str) -> None:
    with Image.open(filename) as im:
        new_size = (100, 100)
-        im = im.resize(new_size)
-        assert im.size == new_size
+        im_resized = im.resize(new_size)
+        assert im_resized.size == new_size


@pytest.mark.skipif(not HAS_GHOSTSCRIPT, reason="Ghostscript not available")
--- a/Tests/test_file_gbr.py
+++ b/Tests/test_file_gbr.py
@ -33,7 +33,7 @@ def test_multiple_load_operations() -> None:
        assert_image_equal_tofile(im, "Tests/images/gbr.png")


-def create_gbr_image(info: dict[str, int] = {}, magic_number=b"") -> BytesIO:
+def create_gbr_image(info: dict[str, int] = {}, magic_number: bytes = b"") -> BytesIO:
    return BytesIO(
        b"".join(
            _binary.o32be(i)
--- a/Tests/test_file_gif.py
+++ b/Tests/test_file_gif.py
@ -310,6 +310,14 @@ def test_roundtrip_save_all_1(tmp_path: Path) -> None:
        assert reloaded.getpixel((0, 0)) == 255


+@pytest.mark.parametrize("size", ((0, 1), (1, 0), (0, 0)))
+def test_save_zero(size: tuple[int, int]) -> None:
+    b = BytesIO()
+    im = Image.new("RGB", size)
+    with pytest.raises(ValueError, match="cannot write empty image"):
+        im.save(b, "GIF")
+
+
@pytest.mark.parametrize(
    "path, mode",
    (
@ -327,14 +335,13 @@ def test_loading_multiple_palettes(path: str, mode: str) -> None:

        im.seek(1)
        assert im.mode == mode
-        if mode == "RGBA":
-            im = im.convert("RGB")
+        im_rgb = im.convert("RGB") if mode == "RGBA" else im

        # Check a color only from the old palette
-        assert im.getpixel((0, 0)) == original_color
+        assert im_rgb.getpixel((0, 0)) == original_color

        # Check a color from the new palette
-        assert im.getpixel((24, 24)) not in first_frame_colors
+        assert im_rgb.getpixel((24, 24)) not in first_frame_colors


 def test_headers_saving_for_animated_gifs(tmp_path: Path) -> None:
@ -354,16 +361,16 @@ def test_palette_handling(tmp_path: Path) -> None:
    # see https://github.com/python-pillow/Pillow/issues/513

    with Image.open(TEST_GIF) as im:
-        im = im.convert("RGB")
+        im_rgb = im.convert("RGB")

-        im = im.resize((100, 100), Image.Resampling.LANCZOS)
-        im2 = im.convert("P", palette=Image.Palette.ADAPTIVE, colors=256)
+    im_rgb = im_rgb.resize((100, 100), Image.Resampling.LANCZOS)
+    im_p = im_rgb.convert("P", palette=Image.Palette.ADAPTIVE, colors=256)

-        f = tmp_path / "temp.gif"
-        im2.save(f, optimize=True)
+    f = tmp_path / "temp.gif"
+    im_p.save(f, optimize=True)

    with Image.open(f) as reloaded:
-        assert_image_similar(im, reloaded.convert("RGB"), 10)
+        assert_image_similar(im_rgb, reloaded.convert("RGB"), 10)


 def test_palette_434(tmp_path: Path) -> None:
@ -383,35 +390,36 @@ def test_palette_434(tmp_path: Path) -> None:
        with roundtrip(im, optimize=True) as reloaded:
            assert_image_similar(im, reloaded, 1)

-        im = im.convert("RGB")
-        # check automatic P conversion
-        with roundtrip(im) as reloaded:
-            reloaded = reloaded.convert("RGB")
-            assert_image_equal(im, reloaded)
+        im_rgb = im.convert("RGB")
+
+    # check automatic P conversion
+    with roundtrip(im_rgb) as reloaded:
+        reloaded = reloaded.convert("RGB")
+        assert_image_equal(im_rgb, reloaded)


@pytest.mark.skipif(not netpbm_available(), reason="Netpbm not available")
 def test_save_netpbm_bmp_mode(tmp_path: Path) -> None:
    with Image.open(TEST_GIF) as img:
-        img = img.convert("RGB")
+        img_rgb = img.convert("RGB")

-        tempfile = str(tmp_path / "temp.gif")
-        b = BytesIO()
-        GifImagePlugin._save_netpbm(img, b, tempfile)
-        with Image.open(tempfile) as reloaded:
-            assert_image_similar(img, reloaded.convert("RGB"), 0)
+    tempfile = str(tmp_path / "temp.gif")
+    b = BytesIO()
+    GifImagePlugin._save_netpbm(img_rgb, b, tempfile)
+    with Image.open(tempfile) as reloaded:
+        assert_image_equal(img_rgb, reloaded.convert("RGB"))


@pytest.mark.skipif(not netpbm_available(), reason="Netpbm not available")
 def test_save_netpbm_l_mode(tmp_path: Path) -> None:
    with Image.open(TEST_GIF) as img:
-        img = img.convert("L")
+        img_l = img.convert("L")

        tempfile = str(tmp_path / "temp.gif")
        b = BytesIO()
-        GifImagePlugin._save_netpbm(img, b, tempfile)
+        GifImagePlugin._save_netpbm(img_l, b, tempfile)
        with Image.open(tempfile) as reloaded:
-            assert_image_similar(img, reloaded.convert("L"), 0)
+            assert_image_equal(img_l, reloaded.convert("L"))


 def test_seek() -> None:
@ -1038,9 +1046,9 @@ def test_webp_background(tmp_path: Path) -> None:
            im.save(out)

    # Test non-opaque WebP background
-    im = Image.new("L", (100, 100), "#000")
-    im.info["background"] = (0, 0, 0, 0)
-    im.save(out)
+    im2 = Image.new("L", (100, 100), "#000")
+    im2.info["background"] = (0, 0, 0, 0)
+    im2.save(out)


 def test_comment(tmp_path: Path) -> None:
@ -1048,16 +1056,16 @@ def test_comment(tmp_path: Path) -> None:
        assert im.info["comment"] == b"File written by Adobe Photoshop\xa8 4.0"

    out = tmp_path / "temp.gif"
-    im = Image.new("L", (100, 100), "#000")
-    im.info["comment"] = b"Test comment text"
-    im.save(out)
+    im2 = Image.new("L", (100, 100), "#000")
+    im2.info["comment"] = b"Test comment text"
+    im2.save(out)
    with Image.open(out) as reread:
-        assert reread.info["comment"] == im.info["comment"]
+        assert reread.info["comment"] == im2.info["comment"]

-    im.info["comment"] = "Test comment text"
-    im.save(out)
+    im2.info["comment"] = "Test comment text"
+    im2.save(out)
    with Image.open(out) as reread:
-        assert reread.info["comment"] == im.info["comment"].encode()
+        assert reread.info["comment"] == im2.info["comment"].encode()

        # Test that GIF89a is used for comments
        assert reread.info["version"] == b"GIF89a"
@ -1433,7 +1441,7 @@ def test_getdata(monkeypatch: pytest.MonkeyPatch) -> None:
    # with open('Tests/images/gif_header_data.pkl', 'wb') as f:
    #    pickle.dump((h, d), f, 1)
    with open("Tests/images/gif_header_data.pkl", "rb") as f:
-        (h_target, d_target) = pickle.load(f)
+        h_target, d_target = pickle.load(f)

    assert h == h_target
    assert d == d_target
--- a/Tests/test_file_gribstub.py
+++ b/Tests/test_file_gribstub.py
@ -59,8 +59,9 @@ def test_handler(tmp_path: Path) -> None:
        def open(self, im: Image.Image) -> None:
            self.opened = True

-        def load(self, im: Image.Image) -> Image.Image:
+        def load(self, im: ImageFile.ImageFile) -> Image.Image:
            self.loaded = True
+            assert im.fp is not None
            im.fp.close()
            return Image.new("RGB", (1, 1))

--- a/Tests/test_file_hdf5stub.py
+++ b/Tests/test_file_hdf5stub.py
@ -61,8 +61,9 @@ def test_handler(tmp_path: Path) -> None:
        def open(self, im: Image.Image) -> None:
            self.opened = True

-        def load(self, im: Image.Image) -> Image.Image:
+        def load(self, im: ImageFile.ImageFile) -> Image.Image:
            self.loaded = True
+            assert im.fp is not None
            im.fp.close()
            return Image.new("RGB", (1, 1))

--- a/Tests/test_file_iptc.py
+++ b/Tests/test_file_iptc.py
@ -6,13 +6,13 @@ import pytest

 from PIL import Image, IptcImagePlugin, TiffImagePlugin, TiffTags

-from .helper import assert_image_equal, hopper
+from .helper import assert_image_equal

 TEST_FILE = "Tests/images/iptc.jpg"


 def create_iptc_image(info: dict[str, int] = {}) -> BytesIO:
-    def field(tag, value):
+    def field(tag: tuple[int, int], value: bytes) -> bytes:
        return bytes((0x1C,) + tag + (0, len(value))) + value

    data = field((3, 60), bytes((info.get("layers", 1), info.get("component", 0))))
@ -85,7 +85,7 @@ def test_getiptcinfo() -> None:

 def test_getiptcinfo_jpg_none() -> None:
    # Arrange
-    with hopper() as im:
+    with Image.open("Tests/images/hopper.jpg") as im:
        # Act
        iptc = IptcImagePlugin.getiptcinfo(im)

@ -143,6 +143,7 @@ def test_getiptcinfo_tiff() -> None:

    # Test with LONG tag type
    with Image.open("Tests/images/hopper.Lab.tif") as im:
+        assert isinstance(im, TiffImagePlugin.TiffImageFile)
        im.tag_v2.tagtype[TiffImagePlugin.IPTC_NAA_CHUNK] = TiffTags.LONG
        iptc = IptcImagePlugin.getiptcinfo(im)

--- a/Tests/test_file_jpeg.py
+++ b/Tests/test_file_jpeg.py
@ -85,7 +85,7 @@ class TestFileJpeg:
    def test_zero(self, size: tuple[int, int], tmp_path: Path) -> None:
        f = tmp_path / "temp.jpg"
        im = Image.new("RGB", size)
-        with pytest.raises(ValueError):
+        with pytest.raises(ValueError, match="cannot write empty image"):
            im.save(f)

    def test_app(self) -> None:
@ -590,9 +590,7 @@ class TestFileJpeg:
            assert im2.quantization == {0: bounds_qtable}

            # values from wizard.txt in jpeg9-a src package.
-            standard_l_qtable = [
-                int(s)
-                for s in """
+            standard_l_qtable = [int(s) for s in """
                16  11  10  16  24  40  51  61
                12  12  14  19  26  58  60  55
                14  13  16  24  40  57  69  56
@ -601,14 +599,9 @@ class TestFileJpeg:
                24  35  55  64  81 104 113  92
                49  64  78  87 103 121 120 101
                72  92  95  98 112 100 103  99
-                """.split(
-                    None
-                )
-            ]
+                """.split(None)]

-            standard_chrominance_qtable = [
-                int(s)
-                for s in """
+            standard_chrominance_qtable = [int(s) for s in """
                17  18  24  47  99  99  99  99
                18  21  26  66  99  99  99  99
                24  26  56  99  99  99  99  99
@ -617,10 +610,7 @@ class TestFileJpeg:
                99  99  99  99  99  99  99  99
                99  99  99  99  99  99  99  99
                99  99  99  99  99  99  99  99
-                """.split(
-                    None
-                )
-            ]
+                """.split(None)]

            for quality in range(101):
                qtable_from_qtable_quality = self.roundtrip(
@ -1133,8 +1123,9 @@ class TestFileCloseW32:
            im.save(tmpfile)

        im = Image.open(tmpfile)
+        assert im.fp is not None
+        assert not im.fp.closed
        fp = im.fp
-        assert not fp.closed
        with pytest.raises(OSError):
            os.remove(tmpfile)
        im.load()
--- a/Tests/test_file_jpeg2k.py
+++ b/Tests/test_file_jpeg2k.py
@ -148,6 +148,22 @@ def test_prog_res_rt(card: ImageFile.ImageFile) -> None:
    assert_image_equal(im, card)


+def test_unknown_progression(tmp_path: Path) -> None:
+    outfile = tmp_path / "temp.jp2"
+
+    im = Image.new("1", (1, 1))
+    with pytest.raises(ValueError, match="unknown progression"):
+        im.save(outfile, progression="invalid")
+
+
+def test_unknown_cinema_mode(tmp_path: Path) -> None:
+    outfile = tmp_path / "temp.jp2"
+
+    im = Image.new("1", (1, 1))
+    with pytest.raises(ValueError, match="unknown cinema mode"):
+        im.save(outfile, cinema_mode="invalid")
+
+
@pytest.mark.parametrize("num_resolutions", range(2, 6))
 def test_default_num_resolutions(
    card: ImageFile.ImageFile, num_resolutions: int
@ -162,7 +178,7 @@ def test_default_num_resolutions(

 def test_reduce() -> None:
    with Image.open("Tests/images/test-card-lossless.jp2") as im:
-        assert callable(im.reduce)
+        assert isinstance(im, Jpeg2KImagePlugin.Jpeg2KImageFile)

        im.reduce = 2
        assert im.reduce == 2
@ -440,11 +456,19 @@ def test_pclr() -> None:
        assert len(im.palette.colors) == 256
        assert im.palette.colors[(255, 255, 255)] == 0

+    for enumcs in (0, 15, 17):
+        with open(f"{EXTRA_DIR}/issue104_jpxstream.jp2", "rb") as fp:
+            data = bytearray(fp.read())
+        data[114:115] = bytes([enumcs])
+        with Image.open(BytesIO(data)) as im:
+            assert im.mode == "L"
+
    with Image.open(
        f"{EXTRA_DIR}/147af3f1083de4393666b7d99b01b58b_signal_sigsegv_130c531_6155_5136.jp2"
    ) as im:
        assert im.mode == "P"
        assert im.palette is not None
+        assert im.palette.mode == "CMYK"
        assert len(im.palette.colors) == 139
        assert im.palette.colors[(0, 0, 0, 0)] == 0

--- a/Tests/test_file_libtiff.py
+++ b/Tests/test_file_libtiff.py
@ -11,7 +11,15 @@ from typing import Any, NamedTuple

 import pytest

-from PIL import Image, ImageFilter, ImageOps, TiffImagePlugin, TiffTags, features
+from PIL import (
+    Image,
+    ImageFile,
+    ImageFilter,
+    ImageOps,
+    TiffImagePlugin,
+    TiffTags,
+    features,
+)
 from PIL.TiffImagePlugin import OSUBFILETYPE, SAMPLEFORMAT, STRIPOFFSETS, SUBIFD

 from .helper import (
@ -27,14 +35,13 @@ from .helper import (

@skip_unless_feature("libtiff")
 class LibTiffTestCase:
-    def _assert_noerr(self, tmp_path: Path, im: TiffImagePlugin.TiffImageFile) -> None:
+    def _assert_noerr(self, tmp_path: Path, im: ImageFile.ImageFile) -> None:
        """Helper tests that assert basic sanity about the g4 tiff reading"""
        # 1 bit
        assert im.mode == "1"

        # Does the data actually load
        im.load()
-        im.getdata()

        assert isinstance(im, TiffImagePlugin.TiffImageFile)
        assert im._compression == "group4"
@ -217,10 +224,7 @@ class TestFileLibTiff(LibTiffTestCase):
        with Image.open("Tests/images/hopper_g4.tif") as im:
            assert isinstance(im, TiffImagePlugin.TiffImageFile)
            for tag in im.tag_v2:
-                try:
-                    del core_items[tag]
-                except KeyError:
-                    pass
+                core_items.pop(tag, None)
            del core_items[320]  # colormap is special, tested below

            # Type codes:
@ -355,6 +359,36 @@ class TestFileLibTiff(LibTiffTestCase):
            # Should not segfault
            im.save(outfile)

+    @pytest.mark.parametrize("tagtype", (TiffTags.SIGNED_RATIONAL, TiffTags.IFD))
+    def test_tag_type(
+        self, tagtype: int, monkeypatch: pytest.MonkeyPatch, tmp_path: Path
+    ) -> None:
+        monkeypatch.setattr(TiffImagePlugin, "WRITE_LIBTIFF", True)
+
+        ifd = TiffImagePlugin.ImageFileDirectory_v2()
+        ifd[37000] = 100
+        ifd.tagtype[37000] = tagtype
+
+        out = tmp_path / "temp.tif"
+        im = Image.new("L", (1, 1))
+        im.save(out, tiffinfo=ifd)
+
+        with Image.open(out) as reloaded:
+            assert isinstance(reloaded, TiffImagePlugin.TiffImageFile)
+            assert reloaded.tag_v2[37000] == 100
+
+    def test_inknames_tag(
+        self, monkeypatch: pytest.MonkeyPatch, tmp_path: Path
+    ) -> None:
+        monkeypatch.setattr(TiffImagePlugin, "WRITE_LIBTIFF", True)
+
+        out = tmp_path / "temp.tif"
+        hopper("L").save(out, tiffinfo={333: "name\x00"})
+
+        with Image.open(out) as reloaded:
+            assert isinstance(reloaded, TiffImagePlugin.TiffImageFile)
+            assert reloaded.tag_v2[333] in ("name", "name\x00")
+
    def test_whitepoint_tag(
        self, monkeypatch: pytest.MonkeyPatch, tmp_path: Path
    ) -> None:
@ -478,12 +512,12 @@ class TestFileLibTiff(LibTiffTestCase):
        # and save to compressed tif.
        out = tmp_path / "temp.tif"
        with Image.open("Tests/images/pport_g4.tif") as im:
-            im = im.convert("L")
+            im_l = im.convert("L")

-        im = im.filter(ImageFilter.GaussianBlur(4))
-        im.save(out, compression="tiff_adobe_deflate")
+        im_l = im_l.filter(ImageFilter.GaussianBlur(4))
+        im_l.save(out, compression="tiff_adobe_deflate")

-        assert_image_equal_tofile(im, out)
+        assert_image_equal_tofile(im_l, out)

    def test_compressions(self, tmp_path: Path) -> None:
        # Test various tiff compressions and assert similar image content but reduced
@ -572,8 +606,9 @@ class TestFileLibTiff(LibTiffTestCase):
            im.save(out, compression=compression)

    def test_fp_leak(self) -> None:
-        im: Image.Image | None = Image.open("Tests/images/hopper_g4_500.tif")
+        im: ImageFile.ImageFile | None = Image.open("Tests/images/hopper_g4_500.tif")
        assert im is not None
+        assert im.fp is not None
        fn = im.fp.fileno()

        os.fstat(fn)
@ -700,7 +735,7 @@ class TestFileLibTiff(LibTiffTestCase):
            buffer_io.seek(0)

            with Image.open(buffer_io) as saved_im:
-                assert_image_similar(pilim, saved_im, 0)
+                assert_image_equal(pilim, saved_im)

        save_bytesio()
        save_bytesio("raw")
@ -1020,6 +1055,15 @@ class TestFileLibTiff(LibTiffTestCase):
        with Image.open("Tests/images/tiff_strip_planar_16bit_RGBa.tiff") as im:
            assert_image_equal_tofile(im, "Tests/images/tiff_16bit_RGBa_target.png")

+    def test_separate_planar_extra_samples(self, tmp_path: Path) -> None:
+        out = tmp_path / "temp.tif"
+        with Image.open("Tests/images/separate_planar_extra_samples.tiff") as im:
+            assert im.mode == "L"
+
+            im.save(out)
+        with Image.open(out) as reloaded:
+            assert reloaded.mode == "L"
+
    @pytest.mark.parametrize("compression", (None, "jpeg"))
    def test_block_tile_tags(self, compression: str | None, tmp_path: Path) -> None:
        im = hopper()
@ -1049,8 +1093,10 @@ class TestFileLibTiff(LibTiffTestCase):
        data = data[:102] + b"\x02" + data[103:]

        with Image.open(io.BytesIO(data)) as im:
-            im = im.transpose(Image.Transpose.FLIP_LEFT_RIGHT)
-        assert_image_equal_tofile(im, "Tests/images/old-style-jpeg-compression.png")
+            im_transposed = im.transpose(Image.Transpose.FLIP_LEFT_RIGHT)
+        assert_image_equal_tofile(
+            im_transposed, "Tests/images/old-style-jpeg-compression.png"
+        )

    def test_open_missing_samplesperpixel(self) -> None:
        with Image.open(
@ -1117,9 +1163,9 @@ class TestFileLibTiff(LibTiffTestCase):
        with Image.open("Tests/images/g4_orientation_1.tif") as base_im:
            for i in range(2, 9):
                with Image.open("Tests/images/g4_orientation_" + str(i) + ".tif") as im:
-                    im = ImageOps.exif_transpose(im)
+                    im_transposed = ImageOps.exif_transpose(im)

-                    assert_image_similar(base_im, im, 0.7)
+                assert_image_similar(base_im, im_transposed, 0.7)

    @pytest.mark.parametrize(
        "test_file",
@ -1204,7 +1250,7 @@ class TestFileLibTiff(LibTiffTestCase):
    def test_save_zero(self, compression: str | None, tmp_path: Path) -> None:
        im = Image.new("RGB", (0, 0))
        out = tmp_path / "temp.tif"
-        with pytest.raises(SystemError):
+        with pytest.raises(ValueError, match="cannot write empty image"):
            im.save(out, compression=compression)

    def test_save_many_compressed(self, tmp_path: Path) -> None:
--- a/Tests/test_file_mic.py
+++ b/Tests/test_file_mic.py
@ -22,10 +22,10 @@ def test_sanity() -> None:

        # Adjust for the gamma of 2.2 encoded into the file
        lut = ImagePalette.make_gamma_lut(1 / 2.2)
-        im = Image.merge("RGBA", [chan.point(lut) for chan in im.split()])
+        im1 = Image.merge("RGBA", [chan.point(lut) for chan in im.split()])

        im2 = hopper("RGBA")
-        assert_image_similar(im, im2, 10)
+        assert_image_similar(im1, im2, 10)


 def test_n_frames() -> None:
--- a/Tests/test_file_mpo.py
+++ b/Tests/test_file_mpo.py
@ -6,7 +6,14 @@ from typing import Any

 import pytest

-from PIL import Image, ImageFile, JpegImagePlugin, MpoImagePlugin
+from PIL import (
+    Image,
+    ImageFile,
+    JpegImagePlugin,
+    MpoImagePlugin,
+    TiffImagePlugin,
+    _binary,
+)

 from .helper import (
    assert_image_equal,
@ -145,6 +152,32 @@ def test_parallax() -> None:
        assert exif.get_ifd(0x927C)[0xB211] == -3.125


+def test_truncated_makernote() -> None:
+    def check(ifd: TiffImagePlugin.ImageFileDirectory_v2) -> None:
+        fp = BytesIO()
+        ifd.save(fp)
+
+        e = Image.Exif()
+        e.load(fp.getvalue())
+        assert e.get_ifd(37500) == {}
+
+    # Nintendo
+    ifd = TiffImagePlugin.ImageFileDirectory_v2()
+    ifd[271] = "Nintendo"
+    ifd[34665] = {37500: b" "}
+    check(ifd)
+
+    # Fujifilm
+    for data in (
+        b"FUJIFILM",
+        b"FUJIFILM" + _binary.o32le(50),
+        b"FUJIFILM" + _binary.o32le(0),
+    ):
+        ifd = TiffImagePlugin.ImageFileDirectory_v2()
+        ifd[34665] = {37500: data}
+        check(ifd)
+
+
 def test_reload_exif_after_seek() -> None:
    with Image.open("Tests/images/sugarshack.mpo") as im:
        exif = im.getexif()
@ -300,12 +333,12 @@ def test_save_all() -> None:
            im_reloaded.seek(1)
            assert_image_similar(im, im_reloaded, 30)

-    im = Image.new("RGB", (1, 1))
+    im_rgb = Image.new("RGB", (1, 1))
    for colors in (("#f00",), ("#f00", "#0f0")):
        append_images = [Image.new("RGB", (1, 1), color) for color in colors]
-        im_reloaded = roundtrip(im, save_all=True, append_images=append_images)
+        im_reloaded = roundtrip(im_rgb, save_all=True, append_images=append_images)

-        assert_image_equal(im, im_reloaded)
+        assert_image_equal(im_rgb, im_reloaded)
        assert isinstance(im_reloaded, MpoImagePlugin.MpoImageFile)
        assert im_reloaded.mpinfo is not None
        assert im_reloaded.mpinfo[45056] == b"0100"
@ -315,7 +348,7 @@ def test_save_all() -> None:
            assert_image_similar(im_reloaded, im_expected, 1)

    # Test that a single frame image will not be saved as an MPO
-    jpg = roundtrip(im, save_all=True)
+    jpg = roundtrip(im_rgb, save_all=True)
    assert "mp" not in jpg.info


--- a/Tests/test_file_pcx.py
+++ b/Tests/test_file_pcx.py
@ -37,6 +37,14 @@ def test_sanity(tmp_path: Path) -> None:
        im.save(f)


+@pytest.mark.parametrize("size", ((0, 1), (1, 0), (0, 0)))
+def test_save_zero(size: tuple[int, int]) -> None:
+    b = io.BytesIO()
+    im = Image.new("1", size)
+    with pytest.raises(ValueError):
+        im.save(b, "PCX")
+
+
 def test_p_4_planes() -> None:
    with Image.open("Tests/images/p_4_planes.pcx") as im:
        assert im.getpixel((0, 0)) == 3
@ -119,36 +127,36 @@ def test_large_count(tmp_path: Path) -> None:
    _roundtrip(tmp_path, im)


-def _test_buffer_overflow(tmp_path: Path, im: Image.Image, size: int = 1024) -> None:
-    _last = ImageFile.MAXBLOCK
-    ImageFile.MAXBLOCK = size
-    try:
-        _roundtrip(tmp_path, im)
-    finally:
-        ImageFile.MAXBLOCK = _last
+def _test_buffer_overflow(
+    tmp_path: Path, im: Image.Image, monkeypatch: pytest.MonkeyPatch
+) -> None:
+    monkeypatch.setattr(ImageFile, "MAXBLOCK", 1024)
+    _roundtrip(tmp_path, im)


-def test_break_in_count_overflow(tmp_path: Path) -> None:
+def test_break_in_count_overflow(
+    tmp_path: Path, monkeypatch: pytest.MonkeyPatch
+) -> None:
    im = Image.new("L", (256, 5))
    px = im.load()
    assert px is not None
    for y in range(4):
        for x in range(256):
            px[x, y] = x % 128
-    _test_buffer_overflow(tmp_path, im)
+    _test_buffer_overflow(tmp_path, im, monkeypatch)


-def test_break_one_in_loop(tmp_path: Path) -> None:
+def test_break_one_in_loop(tmp_path: Path, monkeypatch: pytest.MonkeyPatch) -> None:
    im = Image.new("L", (256, 5))
    px = im.load()
    assert px is not None
    for y in range(5):
        for x in range(256):
            px[x, y] = x % 128
-    _test_buffer_overflow(tmp_path, im)
+    _test_buffer_overflow(tmp_path, im, monkeypatch)


-def test_break_many_in_loop(tmp_path: Path) -> None:
+def test_break_many_in_loop(tmp_path: Path, monkeypatch: pytest.MonkeyPatch) -> None:
    im = Image.new("L", (256, 5))
    px = im.load()
    assert px is not None
@ -157,10 +165,10 @@ def test_break_many_in_loop(tmp_path: Path) -> None:
            px[x, y] = x % 128
    for x in range(8):
        px[x, 4] = 16
-    _test_buffer_overflow(tmp_path, im)
+    _test_buffer_overflow(tmp_path, im, monkeypatch)


-def test_break_one_at_end(tmp_path: Path) -> None:
+def test_break_one_at_end(tmp_path: Path, monkeypatch: pytest.MonkeyPatch) -> None:
    im = Image.new("L", (256, 5))
    px = im.load()
    assert px is not None
@ -168,10 +176,10 @@ def test_break_one_at_end(tmp_path: Path) -> None:
        for x in range(256):
            px[x, y] = x % 128
    px[0, 3] = 128 + 64
-    _test_buffer_overflow(tmp_path, im)
+    _test_buffer_overflow(tmp_path, im, monkeypatch)


-def test_break_many_at_end(tmp_path: Path) -> None:
+def test_break_many_at_end(tmp_path: Path, monkeypatch: pytest.MonkeyPatch) -> None:
    im = Image.new("L", (256, 5))
    px = im.load()
    assert px is not None
@ -181,10 +189,10 @@ def test_break_many_at_end(tmp_path: Path) -> None:
    for x in range(4):
        px[x * 2, 3] = 128 + 64
        px[x + 256 - 4, 3] = 0
-    _test_buffer_overflow(tmp_path, im)
+    _test_buffer_overflow(tmp_path, im, monkeypatch)


-def test_break_padding(tmp_path: Path) -> None:
+def test_break_padding(tmp_path: Path, monkeypatch: pytest.MonkeyPatch) -> None:
    im = Image.new("L", (257, 5))
    px = im.load()
    assert px is not None
@ -193,4 +201,4 @@ def test_break_padding(tmp_path: Path) -> None:
            px[x, y] = x % 128
    for x in range(5):
        px[x, 3] = 0
-    _test_buffer_overflow(tmp_path, im)
+    _test_buffer_overflow(tmp_path, im, monkeypatch)
--- a/Tests/test_file_png.py
+++ b/Tests/test_file_png.py
@ -4,7 +4,7 @@ import re
 import sys
 import warnings
 import zlib
-from io import BytesIO
+from io import BytesIO, TextIOWrapper
 from pathlib import Path
 from types import ModuleType
 from typing import Any, cast
@ -101,12 +101,13 @@ class TestFilePng:
            assert im.get_format_mimetype() == "image/png"

        for mode in ["1", "L", "P", "RGB", "I;16", "I;16B"]:
-            im = hopper(mode)
-            im.save(test_file)
+            im1 = hopper(mode)
+            im1.save(test_file)
            with Image.open(test_file) as reloaded:
-                if mode == "I;16B":
-                    reloaded = reloaded.convert(mode)
-                assert_image_equal(reloaded, im)
+                converted_reloaded = (
+                    reloaded.convert(mode) if mode == "I;16B" else reloaded
+                )
+                assert_image_equal(converted_reloaded, im1)

    def test_invalid_file(self) -> None:
        invalid_file = "Tests/images/flower.jpg"
@ -225,11 +226,11 @@ class TestFilePng:
        test_file = "Tests/images/pil123p.png"
        with Image.open(test_file) as im:
            assert_image(im, "P", (162, 150))
-            im = im.convert("RGBA")
-        assert_image(im, "RGBA", (162, 150))
+            im_rgba = im.convert("RGBA")
+        assert_image(im_rgba, "RGBA", (162, 150))

        # image has 124 unique alpha values
-        colors = im.getchannel("A").getcolors()
+        colors = im_rgba.getchannel("A").getcolors()
        assert colors is not None
        assert len(colors) == 124

@ -239,11 +240,11 @@ class TestFilePng:
            assert im.info["transparency"] == (0, 255, 52)

            assert_image(im, "RGB", (64, 64))
-            im = im.convert("RGBA")
-        assert_image(im, "RGBA", (64, 64))
+            im_rgba = im.convert("RGBA")
+        assert_image(im_rgba, "RGBA", (64, 64))

        # image has 876 transparent pixels
-        colors = im.getchannel("A").getcolors()
+        colors = im_rgba.getchannel("A").getcolors()
        assert colors is not None
        assert colors[0][0] == 876

@ -262,11 +263,11 @@ class TestFilePng:
            assert len(im.info["transparency"]) == 256

            assert_image(im, "P", (162, 150))
-            im = im.convert("RGBA")
-        assert_image(im, "RGBA", (162, 150))
+            im_rgba = im.convert("RGBA")
+        assert_image(im_rgba, "RGBA", (162, 150))

        # image has 124 unique alpha values
-        colors = im.getchannel("A").getcolors()
+        colors = im_rgba.getchannel("A").getcolors()
        assert colors is not None
        assert len(colors) == 124

@ -285,13 +286,13 @@ class TestFilePng:
            assert im.info["transparency"] == 164
            assert im.getpixel((31, 31)) == 164
            assert_image(im, "P", (64, 64))
-            im = im.convert("RGBA")
-        assert_image(im, "RGBA", (64, 64))
+            im_rgba = im.convert("RGBA")
+        assert_image(im_rgba, "RGBA", (64, 64))

-        assert im.getpixel((31, 31)) == (0, 255, 52, 0)
+        assert im_rgba.getpixel((31, 31)) == (0, 255, 52, 0)

        # image has 876 transparent pixels
-        colors = im.getchannel("A").getcolors()
+        colors = im_rgba.getchannel("A").getcolors()
        assert colors is not None
        assert colors[0][0] == 876

@ -338,6 +339,15 @@ class TestFilePng:
            assert colors is not None
            assert colors[0][0] == num_transparent

+    def test_save_1_transparency(self, tmp_path: Path) -> None:
+        out = tmp_path / "temp.png"
+
+        im = Image.new("1", (1, 1), 1)
+        im.save(out, transparency=1)
+
+        with Image.open(out) as reloaded:
+            assert reloaded.info["transparency"] == 255
+
    def test_save_rgb_single_transparency(self, tmp_path: Path) -> None:
        in_file = "Tests/images/caption_6_33_22.png"
        with Image.open(in_file) as im:
@ -492,8 +502,9 @@ class TestFilePng:
            im = roundtrip(im)
        assert im.info["transparency"] == (248, 248, 248)

-        im = roundtrip(im, transparency=(0, 1, 2))
-        assert im.info["transparency"] == (0, 1, 2)
+        for transparency in ((0, 1, 2), [0, 1, 2]):
+            im = roundtrip(im, transparency=transparency)
+            assert im.info["transparency"] == (0, 1, 2)

    def test_trns_p(self, tmp_path: Path) -> None:
        # Check writing a transparency of 0, issue #528
@ -508,6 +519,36 @@ class TestFilePng:

            assert_image_equal(im2.convert("RGBA"), im.convert("RGBA"))

+    def test_trns_invalid(self, tmp_path: Path) -> None:
+        out = tmp_path / "temp.png"
+
+        for mode in ("1", "L", "I;16"):
+            im = Image.new(mode, (1, 1))
+            with pytest.raises(
+                ValueError, match=f"transparency for {mode} must be an integer"
+            ):
+                im.save(out, transparency="invalid")
+
+        im = Image.new("I", (1, 1))
+        with pytest.warns(DeprecationWarning, match="Saving I mode images as PNG"):
+            with pytest.raises(ValueError):
+                im.save(out, transparency="invalid")
+
+        im = Image.new("P", (1, 1))
+        with pytest.raises(
+            ValueError, match="transparency for P must be an integer or bytes"
+        ):
+            im.save(out, transparency="invalid")
+
+        im = Image.new("RGB", (1, 1))
+        with pytest.raises(
+            ValueError, match="transparency for RGB must be list or tuple"
+        ):
+            im.save(out, transparency="invalid")
+
+        with pytest.raises(ValueError, match="transparency for RGB must have length 3"):
+            im.save(out, transparency=(1, 2))
+
    def test_trns_null(self) -> None:
        # Check reading images with null tRNS value, issue #1239
        test_file = "Tests/images/tRNS_null_1x1.png"
@ -644,21 +685,17 @@ class TestFilePng:
        with pytest.raises(SyntaxError, match="Unknown compression method"):
            PngImagePlugin.PngImageFile("Tests/images/unknown_compression_method.png")

-    def test_padded_idat(self) -> None:
+    def test_padded_idat(self, monkeypatch: pytest.MonkeyPatch) -> None:
        # This image has been manually hexedited
        # so that the IDAT chunk has padding at the end
        # Set MAXBLOCK to the length of the actual data
        # so that the decoder finishes reading before the chunk ends
-        MAXBLOCK = ImageFile.MAXBLOCK
-        ImageFile.MAXBLOCK = 45
-        ImageFile.LOAD_TRUNCATED_IMAGES = True
+        monkeypatch.setattr(ImageFile, "MAXBLOCK", 45)
+        monkeypatch.setattr(ImageFile, "LOAD_TRUNCATED_IMAGES", True)

        with Image.open("Tests/images/padded_idat.png") as im:
            im.load()

-            ImageFile.MAXBLOCK = MAXBLOCK
-            ImageFile.LOAD_TRUNCATED_IMAGES = False
-
            assert_image_equal_tofile(im, "Tests/images/bw_gradient.png")

    @pytest.mark.parametrize(
@ -701,6 +738,16 @@ class TestFilePng:
            assert reloaded.png.im_palette is not None
            assert len(reloaded.png.im_palette[1]) == 3

+    def test_plte_cmyk(self, tmp_path: Path) -> None:
+        im = Image.new("P", (1, 1))
+        im.putpalette((0, 100, 150, 200), "CMYK")
+
+        out = tmp_path / "temp.png"
+        im.save(out)
+
+        with Image.open(out) as reloaded:
+            assert reloaded.convert("CMYK").getpixel((0, 0)) == (200, 222, 232, 0)
+
    def test_getxmp(self) -> None:
        with Image.open("Tests/images/color_snakes.png") as im:
            if ElementTree is None:
@ -778,7 +825,9 @@ class TestFilePng:
            im.save(test_file, exif=im.getexif())

        with Image.open(test_file) as reloaded:
+            assert isinstance(reloaded, PngImagePlugin.PngImageFile)
            exif = reloaded._getexif()
+        assert exif is not None
        assert exif[305] == "Adobe Photoshop CS Macintosh"

    def test_exif_argument(self, tmp_path: Path) -> None:
@ -803,19 +852,15 @@ class TestFilePng:
    @pytest.mark.parametrize("buffer", (True, False))
    def test_save_stdout(self, buffer: bool, monkeypatch: pytest.MonkeyPatch) -> None:

-        class MyStdOut:
-            buffer = BytesIO()
-
-        mystdout: MyStdOut | BytesIO = MyStdOut() if buffer else BytesIO()
+        fp = BytesIO()
+        mystdout = TextIOWrapper(fp) if buffer else fp

        monkeypatch.setattr(sys, "stdout", mystdout)

        with Image.open(TEST_PNG_FILE) as im:
-            im.save(sys.stdout, "PNG")
+            im.save(sys.stdout, "PNG")  # type: ignore[arg-type]

-        if isinstance(mystdout, MyStdOut):
-            mystdout = mystdout.buffer
-        with Image.open(mystdout) as reloaded:
+        with Image.open(fp) as reloaded:
            assert_image_equal_tofile(reloaded, TEST_PNG_FILE)

    def test_truncated_end_chunk(self, monkeypatch: pytest.MonkeyPatch) -> None:
--- a/Tests/test_file_ppm.py
+++ b/Tests/test_file_ppm.py
@ -1,7 +1,7 @@
 from __future__ import annotations

 import sys
-from io import BytesIO
+from io import BytesIO, TextIOWrapper
 from pathlib import Path

 import pytest
@ -381,17 +381,13 @@ def test_mimetypes(tmp_path: Path) -> None:
@pytest.mark.parametrize("buffer", (True, False))
 def test_save_stdout(buffer: bool, monkeypatch: pytest.MonkeyPatch) -> None:

-    class MyStdOut:
-        buffer = BytesIO()
-
-    mystdout: MyStdOut | BytesIO = MyStdOut() if buffer else BytesIO()
+    fp = BytesIO()
+    mystdout = TextIOWrapper(fp) if buffer else fp

    monkeypatch.setattr(sys, "stdout", mystdout)

    with Image.open(TEST_FILE) as im:
-        im.save(sys.stdout, "PPM")
+        im.save(sys.stdout, "PPM")  # type: ignore[arg-type]

-    if isinstance(mystdout, MyStdOut):
-        mystdout = mystdout.buffer
-    with Image.open(mystdout) as reloaded:
+    with Image.open(fp) as reloaded:
        assert_image_equal_tofile(reloaded, TEST_FILE)
--- a/Tests/test_file_psd.py
+++ b/Tests/test_file_psd.py
@ -1,12 +1,18 @@
 from __future__ import annotations

+import sys
 import warnings

 import pytest

 from PIL import Image, PsdImagePlugin

-from .helper import assert_image_equal_tofile, assert_image_similar, hopper, is_pypy
+from .helper import (
+    assert_image_equal_tofile,
+    assert_image_similar,
+    hopper,
+    is_pypy,
+)

 test_file = "Tests/images/hopper.psd"

@ -85,6 +91,11 @@ def test_eoferror() -> None:
        # Test that seeking to the last frame does not raise an error
        im.seek(n_frames - 1)

+    # Test seeking past the last frame without calling n_frames first
+    with Image.open(test_file) as im:
+        with pytest.raises(EOFError):
+            im.seek(3)
+

 def test_seek_tell() -> None:
    with Image.open(test_file) as im:
@ -100,7 +111,7 @@ def test_seek_tell() -> None:

        im.seek(2)
        layer_number = im.tell()
-        assert layer_number == 2
+    assert layer_number == 2


 def test_seek_eoferror() -> None:
@ -138,7 +149,7 @@ def test_icc_profile() -> None:
        assert "icc_profile" in im.info

        icc_profile = im.info["icc_profile"]
-        assert len(icc_profile) == 3144
+    assert len(icc_profile) == 3144


 def test_no_icc_profile() -> None:
@ -158,17 +169,16 @@ def test_combined_larger_than_size() -> None:


@pytest.mark.parametrize(
-    "test_file,raises",
+    "test_file",
    [
-        ("Tests/images/timeout-c8efc3fded6426986ba867a399791bae544f59bc.psd", OSError),
-        ("Tests/images/timeout-dedc7a4ebd856d79b4359bbcc79e8ef231ce38f6.psd", OSError),
+        "Tests/images/timeout-c8efc3fded6426986ba867a399791bae544f59bc.psd",
+        "Tests/images/timeout-dedc7a4ebd856d79b4359bbcc79e8ef231ce38f6.psd",
    ],
 )
-def test_crashes(test_file: str, raises: type[Exception]) -> None:
-    with open(test_file, "rb") as f:
-        with pytest.raises(raises):
-            with Image.open(f):
-                pass
+def test_crashes(test_file: str) -> None:
+    with pytest.raises(OSError):
+        with Image.open(test_file):
+            pass


@pytest.mark.parametrize(
@ -179,8 +189,38 @@ def test_crashes(test_file: str, raises: type[Exception]) -> None:
    ],
 )
 def test_layer_crashes(test_file: str) -> None:
-    with open(test_file, "rb") as f:
-        with Image.open(f) as im:
-            assert isinstance(im, PsdImagePlugin.PsdImageFile)
-            with pytest.raises(SyntaxError):
-                im.layers
+    with Image.open(test_file) as im:
+        assert isinstance(im, PsdImagePlugin.PsdImageFile)
+        with pytest.raises(SyntaxError):
+            im.layers
+
+
+@pytest.mark.parametrize(
+    "test_file",
+    [
+        "Tests/images/psd-oob-write.psd",
+        "Tests/images/psd-oob-write-x.psd",
+        "Tests/images/psd-oob-write-y.psd",
+    ],
+)
+def test_bounds_crash(test_file: str) -> None:
+    with Image.open(test_file) as im:
+        assert isinstance(im, PsdImagePlugin.PsdImageFile)
+        im.seek(im.n_frames)
+
+        with pytest.raises(ValueError):
+            im.load()
+
+
+def test_bounds_crash_overflow() -> None:
+    with Image.open("Tests/images/psd-oob-write-overflow.psd") as im:
+        assert isinstance(im, PsdImagePlugin.PsdImageFile)
+        im.load()
+        if sys.maxsize <= 2**32:
+            with pytest.raises(OverflowError):
+                im.seek(im.n_frames)
+        else:
+            im.seek(im.n_frames)
+
+            with pytest.raises(ValueError):
+                im.load()
--- a/Tests/test_file_spider.py
+++ b/Tests/test_file_spider.py
@ -63,6 +63,16 @@ def test_save(tmp_path: Path) -> None:
        assert im2.size == (128, 128)
        assert im2.format == "SPIDER"

+    del Image.EXTENSION[".spider"]
+
+
+@pytest.mark.parametrize("size", ((0, 1), (1, 0), (0, 0)))
+def test_save_zero(size: tuple[int, int]) -> None:
+    b = BytesIO()
+    im = Image.new("1", size)
+    with pytest.raises(ValueError, match="cannot write empty image"):
+        im.save(b, "SPIDER")
+

 def test_tempfile() -> None:
    # Arrange
--- a/Tests/test_file_sun.py
+++ b/Tests/test_file_sun.py
@ -84,8 +84,8 @@ def test_rgbx() -> None:

    with Image.open(io.BytesIO(data)) as im:
        r, g, b = im.split()
-        im = Image.merge("RGB", (b, g, r))
-        assert_image_equal_tofile(im, os.path.join(EXTRA_DIR, "32bpp.png"))
+        im_rgb = Image.merge("RGB", (b, g, r))
+        assert_image_equal_tofile(im_rgb, os.path.join(EXTRA_DIR, "32bpp.png"))


@pytest.mark.skipif(
--- a/Tests/test_file_tga.py
+++ b/Tests/test_file_tga.py
@ -1,11 +1,12 @@
 from __future__ import annotations

 import os
+from io import BytesIO
 from pathlib import Path

 import pytest

-from PIL import Image, UnidentifiedImageError
+from PIL import Image, UnidentifiedImageError, _binary

 from .helper import assert_image_equal, assert_image_equal_tofile, hopper

@ -13,8 +14,6 @@ _TGA_DIR = os.path.join("Tests", "images", "tga")
 _TGA_DIR_COMMON = os.path.join(_TGA_DIR, "common")


-_ORIGINS = ("tl", "bl")
-
 _ORIGIN_TO_ORIENTATION = {"tl": 1, "bl": -1}


@ -29,7 +28,7 @@ _ORIGIN_TO_ORIENTATION = {"tl": 1, "bl": -1}
        ("200x32", "RGBA"),
    ),
 )
-@pytest.mark.parametrize("origin", _ORIGINS)
+@pytest.mark.parametrize("origin", _ORIGIN_TO_ORIENTATION)
@pytest.mark.parametrize("rle", (True, False))
 def test_sanity(
    size_mode: tuple[str, str], origin: str, rle: str, tmp_path: Path
@ -94,6 +93,25 @@ def test_rgba_16() -> None:
        assert im.getpixel((1, 0)) == (0, 255, 82, 0)


+def test_v2_no_alpha() -> None:
+    test_file = "Tests/images/tga/common/200x32_rgba_tl_rle.tga"
+    with open(test_file, "rb") as fp:
+        data = fp.read()
+        data += (
+            b"\x00" * 495
+            + _binary.o32le(len(data))
+            + _binary.o32le(0)
+            + b"TRUEVISION-XFILE.\x00"
+        )
+    with Image.open(BytesIO(data)) as im:
+        with Image.open(test_file) as im2:
+            r, g, b = im2.split()[:3]
+        a = Image.new("L", im2.size, 255)
+        expected = Image.merge("RGBA", (r, g, b, a))
+
+        assert_image_equal(im, expected)
+
+
 def test_id_field() -> None:
    # tga file with id field
    test_file = "Tests/images/tga_id_field.tga"
--- a/Tests/test_file_tiff.py
+++ b/Tests/test_file_tiff.py
@ -16,6 +16,7 @@ from PIL import (
    TiffImagePlugin,
    TiffTags,
    UnidentifiedImageError,
+    _binary,
 )
 from PIL.TiffImagePlugin import RESOLUTION_UNIT, X_RESOLUTION, Y_RESOLUTION

@ -764,9 +765,9 @@ class TestFileTiff:

        # Test appending images
        mp = BytesIO()
-        im = Image.new("RGB", (100, 100), "#f00")
+        im_rgb = Image.new("RGB", (100, 100), "#f00")
        ims = [Image.new("RGB", (100, 100), color) for color in ["#0f0", "#00f"]]
-        im.copy().save(mp, format="TIFF", save_all=True, append_images=ims)
+        im_rgb.copy().save(mp, format="TIFF", save_all=True, append_images=ims)

        mp.seek(0, os.SEEK_SET)
        with Image.open(mp) as reread:
@ -778,7 +779,7 @@ class TestFileTiff:
            yield from ims

        mp = BytesIO()
-        im.save(mp, format="TIFF", save_all=True, append_images=im_generator(ims))
+        im_rgb.save(mp, format="TIFF", save_all=True, append_images=im_generator(ims))

        mp.seek(0, os.SEEK_SET)
        with Image.open(mp) as reread:
@ -941,6 +942,15 @@ class TestFileTiff:
                4001,
            ]

+    def test_truncated_photoshop_blocks(self) -> None:
+        with Image.open("Tests/images/hopper.tif") as im:
+            assert isinstance(im, TiffImagePlugin.TiffImageFile)
+            im.tag_v2[34377] = b"8BIM"
+            assert im.get_photoshop_blocks() == {}
+
+            im.tag_v2[34377] = b"8BIM" + _binary.o16be(0) + _binary.o8(2) + b" " * 5
+            assert im.get_photoshop_blocks() == {}
+
    def test_tiff_chunks(self, tmp_path: Path) -> None:
        tmpfile = tmp_path / "temp.tif"

@ -971,6 +981,7 @@ class TestFileTiff:

        im = Image.open(tmpfile)
        fp = im.fp
+        assert fp is not None
        assert not fp.closed
        im.load()
        assert fp.closed
@ -984,6 +995,7 @@ class TestFileTiff:
        with open(tmpfile, "rb") as f:
            im = Image.open(f)
            fp = im.fp
+            assert fp is not None
            assert not fp.closed
            im.load()
            assert not fp.closed
@ -1034,8 +1046,9 @@ class TestFileTiffW32:
            im.save(tmpfile)

        im = Image.open(tmpfile)
+        assert im.fp is not None
+        assert not im.fp.closed
        fp = im.fp
-        assert not fp.closed
        with pytest.raises(OSError):
            os.remove(tmpfile)
        im.load()
--- a/Tests/test_file_tiff_metadata.py
+++ b/Tests/test_file_tiff_metadata.py
@ -175,13 +175,13 @@ def test_change_stripbytecounts_tag_type(tmp_path: Path) -> None:
        del info[278]

        # Resize the image so that STRIPBYTECOUNTS will be larger than a SHORT
-        im = im.resize((500, 500))
-        info[TiffImagePlugin.IMAGEWIDTH] = im.width
+        im_resized = im.resize((500, 500))
+        info[TiffImagePlugin.IMAGEWIDTH] = im_resized.width

        # STRIPBYTECOUNTS can be a SHORT or a LONG
        info.tagtype[TiffImagePlugin.STRIPBYTECOUNTS] = TiffTags.SHORT

-        im.save(out, tiffinfo=info)
+        im_resized.save(out, tiffinfo=info)

    with Image.open(out) as reloaded:
        assert isinstance(reloaded, TiffImagePlugin.TiffImageFile)
--- a/Tests/test_file_webp.py
+++ b/Tests/test_file_webp.py
@ -49,6 +49,12 @@ class TestFileWebp:
        assert version is not None
        assert re.search(r"\d+\.\d+\.\d+$", version)

+    def test_invalid_file(self) -> None:
+        invalid_file = "Tests/images/flower.jpg"
+
+        with pytest.raises(SyntaxError):
+            WebPImagePlugin.WebPImageFile(invalid_file)
+
    def test_read_rgb(self) -> None:
        """
        Can we read a RGB mode WebP file without error?
@ -60,7 +66,6 @@ class TestFileWebp:
            assert image.size == (128, 128)
            assert image.format == "WEBP"
            image.load()
-            image.getdata()

            # generated with:
            # dwebp -ppm ../../Tests/images/hopper.webp -o hopper_webp_bits.ppm
@ -77,7 +82,6 @@ class TestFileWebp:
            assert image.size == (128, 128)
            assert image.format == "WEBP"
            image.load()
-            image.getdata()

            if mode == self.rgb_mode:
                # generated with: dwebp -ppm temp.webp -o hopper_webp_write.ppm
--- a/Tests/test_file_webp_alpha.py
+++ b/Tests/test_file_webp_alpha.py
@ -29,7 +29,6 @@ def test_read_rgba() -> None:
        assert image.size == (200, 150)
        assert image.format == "WEBP"
        image.load()
-        image.getdata()

        image.tobytes()

@ -60,7 +59,6 @@ def test_write_lossless_rgb(tmp_path: Path) -> None:
        assert image.size == pil_image.size
        assert image.format == "WEBP"
        image.load()
-        image.getdata()

        assert_image_equal(image, pil_image)

@ -83,7 +81,6 @@ def test_write_rgba(tmp_path: Path) -> None:
        assert image.size == (10, 10)
        assert image.format == "WEBP"
        image.load()
-        image.getdata()

        assert_image_similar(image, pil_image, 1.0)

@ -133,7 +130,6 @@ def test_write_unsupported_mode_PA(tmp_path: Path) -> None:
        assert image.format == "WEBP"

        image.load()
-        image.getdata()
        with Image.open(file_path) as im:
            target = im.convert("RGBA")

--- a/Tests/test_file_webp_lossless.py
+++ b/Tests/test_file_webp_lossless.py
@ -24,6 +24,5 @@ def test_write_lossless_rgb(tmp_path: Path) -> None:
        assert image.size == (128, 128)
        assert image.format == "WEBP"
        image.load()
-        image.getdata()

        assert_image_equal(image, hopper(RGB_MODE))
--- a/Tests/test_file_wmf.py
+++ b/Tests/test_file_wmf.py
@ -18,7 +18,7 @@ def test_load_raw() -> None:
            # Currently, support for WMF/EMF is Windows-only
            im.load()
            # Compare to reference rendering
-            assert_image_similar_tofile(im, "Tests/images/drawing_emf_ref.png", 0)
+            assert_image_equal_tofile(im, "Tests/images/drawing_emf_ref.png")

    # Test basic WMF open and rendering
    with Image.open("Tests/images/drawing.wmf") as im:
--- a/Tests/test_font_crash.py
+++ b/Tests/test_font_crash.py
@ -1,7 +1,5 @@
 from __future__ import annotations

-import pytest
-
 from PIL import Image, ImageDraw, ImageFont

 from .helper import skip_unless_feature
@ -20,6 +18,5 @@ class TestFontCrash:

    @skip_unless_feature("freetype2")
    def test_segfault(self) -> None:
-        with pytest.raises(OSError):
-            font = ImageFont.truetype("Tests/fonts/fuzz_font-5203009437302784")
-            self._fuzz_font(font)
+        font = ImageFont.truetype("Tests/fonts/fuzz_font-5203009437302784")
+        self._fuzz_font(font)
--- a/Show More
+++ b/Show More