Fix typo (#9632 )

Fixed typo
Switch iOS back to macos-26-intel (#9631 )
2026-05-15 12:41:28 +03:00 · 2026-05-15 18:42:04 +10:00 · 2026-05-15 11:41:19 +03:00 · 2026-05-15 15:02:42 +10:00 · 2026-05-14 15:02:56 +03:00 · 2026-05-14 14:09:33 +03:00
51 changed files with 1597 additions and 162 deletions
--- a/.ci/install.sh
+++ b/.ci/install.sh
@ -39,8 +39,8 @@ python3 -m pip install --only-binary=:all: pyarrow || true
 # PyQt6 doesn't support PyPy3
 if [[ $GHA_PYTHON_VERSION == 3.* ]]; then
    sudo apt-get -qq install libegl1 libxcb-cursor0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-randr0 libxcb-render-util0 libxcb-shape0 libxkbcommon-x11-0
-    # TODO Update condition when pyqt6 supports free-threading
+    # pyqt6 doesn't yet support free-threading; only install if a wheel is available
-    if ! [[ "$PYTHON_GIL" == "0" ]]; then python3 -m pip install pyqt6 ; fi
+    python3 -m pip install --only-binary=:all: pyqt6 || true
 fi
 # webp
--- a/.ci/requirements-cibw.txt
+++ b/.ci/requirements-cibw.txt
@ -1 +1 @@
-cibuildwheel==3.4.0
+cibuildwheel==3.4.1
--- a/.ci/requirements-mypy.txt
+++ b/.ci/requirements-mypy.txt
@ -1,4 +1,4 @@
-mypy==1.19.1
+mypy==1.20.2
 arro3-compute
 arro3-core
 IceSpringPySideStubs-PyQt6
--- a/.ci/requirements-sbom.txt
+++ b/.ci/requirements-sbom.txt
@ -0,0 +1 @@
 check-jsonschema==0.37.1
--- a/.github/INCIDENT_RESPONSE.md
+++ b/.github/INCIDENT_RESPONSE.md
@ -0,0 +1,424 @@
 # Incident Response Plan — Pillow
 This document describes how the Pillow maintainers detect, triage, fix, communicate, and
 learn from security incidents. It supplements the existing [Security Policy](SECURITY.md)
 and [Release Checklist](../RELEASING.md).
 ---
 ## 1. Preparation
 Maintaining readiness before an incident occurs reduces response time and errors under pressure.
 ### 1.1 Version Support Matrix
 Security fixes are applied to the **latest stable release only**. Users on older versions
 are expected to upgrade. Reporters should assume only the latest release will receive a patch.
 | Branch | Status |
 |---|---|
 | `main` / latest stable | ✅ Security fixes applied |
 | All older releases | ❌ No security support — please upgrade |
 ### 1.2 Team Readiness
 The four members of the Pillow core team are in regular contact and share collective
 responsibility for incident response. Any core team member may act as Incident Lead.
 Contact details are known to all team members.
 ### 1.3 Readiness Review
 At each quarterly release, maintainers should re-read this document and update any stale content.
 ---
 ## 2. Scope
 This plan covers:
 | Incident type | Examples |
 |---|---|
 | Vulnerability in Pillow's own Python or C code | Buffer overflow in an image decoder, integer overflow in `ImagingNew` |
 | Vulnerability in a bundled or wheel-shipped C library | libjpeg, libwebp, libtiff, libpng, openjpeg, libavif |
 | Supply-chain compromise | Malicious commit, stolen maintainer credentials, tampered PyPI wheel |
 | CI/CD or infrastructure compromise | GitHub Actions secret leak, Codecov breach, PyPI token exposure |
 | Critical non-security regression | Data-loss bug shipped in a release, crash on all supported platforms |
 ---
 ## 3. Definitions
 | Term | Meaning |
 |---|---|
 | **Incident** | Any event that compromises or threatens the confidentiality, integrity, or availability of Pillow's code, release artifacts, or infrastructure. |
 | **Vulnerability** | A security flaw in Pillow or a bundled library that can be exploited by a crafted image or API call. |
 | **Incident Lead** | The maintainer who owns coordination of the response from triage to closure. |
 | **Embargo** | A period during which fix details are kept private to allow coordinated patching before public disclosure. |
 | **Yank** | A PyPI action that keeps a release downloadable by pinned users but removes it from default `pip install` resolution. |
 | **CVE** | Common Vulnerabilities and Exposures — a public identifier assigned to a specific vulnerability. |
 | **CNA** | CVE Numbering Authority — GitHub is a CNA and can assign CVEs directly through the advisory workflow. |
 ---
 ## 4. Roles
 | Role | Responsibility |
 |---|---|
 | **Incident Lead** | First maintainer to triage the report. Owns the incident until resolution. |
 | **Patch Owner** | Writes and tests the fix (may be the same person as Incident Lead). |
 | **Release Manager** | Cuts the point release following [RELEASING.md](../RELEASING.md). |
 | **Communications Owner** | Drafts the GitHub Security Advisory, announces on Mastodon, notifies distros. |
 | **Tidelift Contact** | For reports that arrive via Tidelift, coordinate through the Tidelift security portal. |
 One person may fill multiple roles.
 ---
 ## 5. Severity Classification
 Use the [CVSS 4.0](https://www.first.org/cvss/v4.0/specification-document) base score as
 a guide, mapped to the following levels:
 | Severity | CVSS | Definition | Target Response SLA |
 |---|---|---|---|
 | **Critical** | 9.0 – 10.0 | Remote code execution, arbitrary write, or complete integrity/confidentiality loss achievable by opening a crafted image | Best effort; embargoed release where possible |
 | **High** | 7.0 – 8.9 | Heap/stack buffer overflow, use-after-free, or significant information disclosure | Best effort |
 | **Medium** | 4.0 – 6.9 | Denial of service via crafted image, out-of-bounds read, limited info disclosure | Next scheduled quarterly release, or earlier point release if needed |
 | **Low** | 0.1 – 3.9 | Minor information disclosure, unlikely to be exploitable in practice | Next quarterly release |
 Supply-chain and CI/CD incidents are always treated as **Critical** regardless of CVSS.
 > **Note:** These are good-faith targets for a small volunteer maintainer team, not contractual SLAs. Public safety and transparency will always be prioritised, even when timing varies.
 ---
 ## 6. Detection Sources
 Vulnerabilities and incidents may be reported or discovered through:
 1. **GitHub private security advisory** — preferred channel; see [SECURITY.md](SECURITY.md)
 2. **Tidelift security contact** — <https://tidelift.com/docs/security>
 3. **External researcher / coordinated disclosure** — e.g. Google Project Zero, vendor PSIRT
 4. **Automated scanning** — Dependabot, GitHub code-scanning (CodeQL), CI fuzzing
 5. **Distro security teams** — Debian, Red Hat, Ubuntu, Alpine may report upstream
 6. **User bug report** — public issue (reassess if it has security implications and convert to a private advisory if needed)
 ---
 ## 7. Response Process
 ### 7.1 Triage (all severities)
 1. **Acknowledge receipt** to the reporter within **72 hours** using the template in
   [Appendix A](#appendix-a-communication-templates). Ask the reporter:
   - How they would like to be credited (name, handle, or anonymous)
   - Whether they intend to publish their own advisory, and if so, their preferred timeline
   - Thank them explicitly — reporters do the project a favour by disclosing privately.
 2. Reproduce the issue. If the report is invalid, close it and notify the reporter.
 3. Assign a severity level ([Section 5: Severity Classification](#5-severity-classification)).
 4. If the GitHub Security Advisory was not created by the reporter, create one now and keep
   it **private** until the fix is released. Add the reporter as a collaborator if they wish
   to be involved.
 5. **Request a CVE** through the GitHub Security Advisory workflow (GitHub is a CVE
   Numbering Authority — no separate MITRE form required). The CVE is reserved privately
   and published automatically when the advisory goes public.
 6. **Escalation** — Escalate beyond the core maintainer team if any of the following apply:
   - The fix requires changes to CPython or a dependency outside Pillow's control → contact the relevant upstream immediately
   - A legal concern arises (e.g. GDPR-reportable data exposure) → contact the project's legal/fiscal sponsor
   - The Incident Lead is unreachable for > 24 hours on a Critical issue → any other maintainer may assume the role
 ### 7.2 Fix Development
 1. Develop the fix in a **private fork** or directly in the private security advisory
   workspace on GitHub. Do **not** push to a public branch before the embargo lifts.
 2. Write a regression test that fails before the fix and passes after.
 3. Review the patch with at least one other maintainer.
 ### 7.3 Standard (Non-Embargoed) Release
 For Medium and Low severity, or when no distro pre-notification is needed:
 1. Merge the fix to `main`, then cherry-pick to all affected release branches
   (see [RELEASING.md — Point release](../RELEASING.md)).
 2. Amend commit messages to include the CVE identifier.
 3. Follow the [Point release](../RELEASING.md#point-release) process in RELEASING.md to
   tag, push, and confirm wheels are live on PyPI.
 4. Publish the GitHub Security Advisory (this simultaneously publishes the CVE).
 ### 7.4 Embargoed Release
 For Critical and High severity where distro pre-notification improves user safety:
 1. Prepare patches against all affected release branches and test locally.
 2. Agree on an **embargo date** with the reporter (typically 7–14 days out, up to 90 days for
   complex issues).
 3. Privately send the patch to distros via the
   [linux-distros](https://oss-security.openwall.org/wiki/mailing-lists/distros) mailing list
   or directly to individual distro security teams.
 4. On the embargo date:
   - Amend commit messages with the CVE identifier.
   - Follow the [Embargoed release](../RELEASING.md#embargoed-release) process in
     RELEASING.md to tag, push, and confirm wheels are live on PyPI.
   - Publish the GitHub Security Advisory.
 ### 7.5 Supply-Chain / Infrastructure Compromise
 1. **Immediately** revoke any potentially compromised credentials:
   - PyPI API tokens
   - GitHub personal access tokens and OAuth apps
   - Codecov or other CI service tokens
 2. Audit recent commits and releases for tampering:
   - Verify release tags against known-good SHAs
   - Re-inspect any wheel published since the potential compromise window
 3. If a PyPI release is suspected to be tampered: yank it immediately via the
   [PyPI release management page](https://pypi.org/manage/project/Pillow/releases/)
   (login required); see [https://pypi.org/security/](https://pypi.org/security/) for
   reporting to the PyPI security team.
 4. Issue a public advisory describing the scope and any user action required.
 ### 7.6 Recovery
 After the fix is released and the advisory is public:
 1. Verify that the patched wheels are live on PyPI and passing CI across all supported platforms.
 2. Confirm any yanked releases are handled correctly .
 3. Resume normal development operations on `main`.
 4. Monitor the GitHub issue tracker and Mastodon for user reports of residual problems for at least **72 hours** post-release.
 5. Close the private GitHub Security Advisory once recovery is confirmed.
 ---
 ## 8. Communication
 ### Internal (during embargo)
 - Use the **private GitHub Security Advisory** thread for coordination with the reporter.
 - Use private communication channels for all other coordination.
 - Do not discuss details in public issues, PRs, or Gitter/IRC channels.
 ### External (at or after disclosure)
 | Audience | Channel | Timing |
 |---|---|---|
 | General users | [GitHub Security Advisory](https://github.com/python-pillow/Pillow/security/advisories) | At release |
 | PyPI ecosystem | CVE published via advisory | At release |
 | Downstream distros | Direct email or linux-distros list | Before embargo date (embargoed) |
 | Tidelift subscribers | Tidelift security portal | At release (or coordinated) |
 | Community | [Mastodon @pillow](https://fosstodon.org/@pillow) | At release |
 **Advisory content should include:**
 - CVE identifier and CVSS score
 - Affected Pillow versions
 - Fixed version(s)
 - Nature of the vulnerability (without full exploit details if still fresh)
 - Credit to the reporter (with their consent)
 - Upgrade instructions (`python3 -m pip install --upgrade Pillow`)
 ---
 ## 9. Dependency Map
 Understanding what Pillow depends on (upstream) and what depends on Pillow (downstream)
 is essential for scoping impact and coordinating notifications during an incident.
 ### 9.1 Upstream Dependencies
 #### Bundled C libraries (shipped in official wheels)
 These libraries are compiled into Pillow's binary wheels. A CVE in any of them may
 require a Pillow point release even if Pillow's own code is unchanged.
 | Library | Purpose | Security advisory tracker |
 |---|---|---|
 | [libjpeg-turbo](https://libjpeg-turbo.org/) | JPEG encode/decode | [GitHub](https://github.com/libjpeg-turbo/libjpeg-turbo/security) |
 | [libpng](http://www.libpng.org/pub/png/libpng.html) | PNG encode/decode within FreeType 2, OpenJPEG and WebP | [SourceForge](https://sourceforge.net/p/libpng/bugs/) |
 | [libtiff](https://libtiff.gitlab.io/libtiff/) | TIFF encode/decode | [GitLab](https://gitlab.com/libtiff/libtiff/-/work_items) |
 | [libwebp](https://chromium.googlesource.com/webm/libwebp) | WebP encode/decode | [Chromium tracker](https://issues.webmproject.org/issues) |
 | [libavif](https://github.com/AOMediaCodec/libavif) | AVIF encode/decode | [GitHub](https://github.com/AOMediaCodec/libavif/security) |
 | [aom](https://aomedia.googlesource.com/aom/) | AV1 codec (AVIF) | [Chromium tracker](https://aomedia.issues.chromium.org/issues) |
 | [dav1d](https://code.videolan.org/videolan/dav1d) | AV1 decode (AVIF) | [VideoLAN Security](https://www.videolan.org/security/) |
 | [openjpeg](https://www.openjpeg.org/) | JPEG 2000 encode/decode | [GitHub](https://github.com/uclouvain/openjpeg/security) |
 | [freetype2](https://freetype.org/) | Font rendering | [GitLab](https://gitlab.freedesktop.org/freetype/freetype/-/work_items) |
 | [lcms2](https://www.littlecms.com/) | ICC color management | [GitHub](https://github.com/mm2/Little-CMS/security) |
 | [harfbuzz](https://harfbuzz.github.io/) | Text shaping (via raqm) | [GitHub](https://github.com/harfbuzz/harfbuzz/security) |
 | [raqm](https://github.com/HOST-Oman/libraqm) | Complex text layout | [GitHub](https://github.com/HOST-Oman/libraqm) |
 | [fribidi](https://github.com/fribidi/fribidi) | Unicode bidi (via raqm) | [GitHub](https://github.com/fribidi/fribidi) |
 | [zlib](https://zlib.net/) | Deflate compression | [zlib.net](https://zlib.net/) |
 | [liblzma / xz-utils](https://tukaani.org/xz/) | XZ/LZMA compression | [GitHub](https://github.com/tukaani-project/xz/security) |
 | [bzip2](https://gitlab.com/bzip2/bzip2) | BZ2 compression | [GitLab](https://gitlab.com/bzip2/bzip2/-/work_items) |
 | [zstd](https://github.com/facebook/zstd) | Zstandard compression | [GitHub](https://github.com/facebook/zstd/security) |
 | [brotli](https://github.com/google/brotli) | Brotli compression | [GitHub](https://github.com/google/brotli/security) |
 | [libyuv](https://chromium.googlesource.com/libyuv/libyuv/) | YUV conversion | [Chromium tracker](https://libyuv.issues.chromium.org/issues) |
 #### Python-level dependencies
 | Package | Required? | Purpose |
 |---|---|---|
 | `setuptools` | Build-time only | Package build backend |
 | `pybind11` | Build-time only | Compile C files in parallel |
 | `olefile` | Optional (`fpx`, `mic` extras) | OLE2 container parsing (FPX, MIC formats) |
 | `defusedxml` | Optional (`xmp` extra) | Safe XML parsing for XMP metadata |
 See [`pyproject.toml`](../pyproject.toml) for the complete and authoritative list of
 optional dependencies.
 ### 9.2 Responding to an Upstream Vulnerability
 When a CVE is published for a bundled C library:
 1. Assess whether the vulnerable code path is reachable through Pillow's API.
 2. If reachable, treat as a Pillow vulnerability and follow [Section 5: Severity Classification](#5-severity-classification).
 3. Update the bundled library version in the wheel build scripts and rebuild wheels.
 4. Reference the upstream CVE in Pillow's release notes and GitHub Security Advisory.
 5. If not reachable, document the rationale in a public issue so downstream distributors
   can make informed decisions about patching their system packages.
 ### 9.3 Downstream Dependencies
 A vulnerability in Pillow can have wide impact. Notify or consider the blast radius of
 these downstream consumers when assessing severity and planning communications.
 #### Linux distribution packages
 | Distribution | Package name | Security contact |
 |---|---|---|
 | Debian / Ubuntu | `python3-pil` | [Debian Security](https://www.debian.org/security/) / [Ubuntu Security](https://ubuntu.com/security) |
 | Fedora / RHEL / CentOS | `python3-pillow` | [Red Hat Security](https://access.redhat.com/security/) |
 | Alpine Linux | `py3-pillow` | [Alpine security](https://security.alpinelinux.org/) |
 | Arch Linux | `python-pillow` | [Arch security tracker](https://security.archlinux.org/) |
 | Homebrew | `pillow` | [Homebrew maintainers](https://github.com/Homebrew/homebrew-core/security) |
 | conda-forge | `pillow` | [conda-forge](https://github.com/conda-forge/pillow-feedstock) |
 #### Major Python ecosystem consumers
 These are high-profile projects known to depend on Pillow; a critical vulnerability may
 warrant proactive notification.
 | Project | Usage |
 |---|---|
 | [matplotlib](https://matplotlib.org/) | Image I/O for plots |
 | [scikit-image](https://scikit-image.org/) | Image processing |
 | [torchvision](https://github.com/pytorch/vision) (PyTorch) | Dataset loading, transforms |
 | [Keras / TensorFlow](https://keras.io/) | Image preprocessing utilities |
 | [Django](https://www.djangoproject.com/) | `ImageField` validation and thumbnail generation |
 | [Wagtail](https://wagtail.org/) | CMS image renditions |
 | [Plone](https://plone.org/) | CMS image handling |
 | [Jupyter / IPython](https://jupyter.org/) | Inline image display |
 | [ReportLab](https://www.reportlab.com/) | PDF image embedding |
 | [Tidelift subscribers](https://tidelift.com/) | Enterprise consumers (coordinated via Tidelift) |
 #### Pillow ecosystem plugins
 Third-party plugins extend Pillow and are distributed separately on PyPI. Their
 maintainers should be notified for Critical/High issues that affect the plugin API
 or the formats they decode. See the
 [full plugin list](https://pillow.readthedocs.io/en/stable/handbook/third-party-plugins.html#plugin-list).
 ---
 ## 11. Plan Maintenance
 This document is a living record. It should be kept current so it is useful when an incident actually occurs. Revisit it during the [Section 1.3 readiness review](#13-readiness-review) at each quarterly release.
 ---
 ## 12. References
 - [Security Policy](SECURITY.md)
 - [Release Checklist](../RELEASING.md)
 - [Contributing Guide](CONTRIBUTING.md)
 - [Tidelift Security Contact](https://tidelift.com/docs/security)
 - [GitHub: Privately reporting a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability)
 - [GitHub as a CVE Numbering Authority (CNA)](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories)
 - [FIRST CVSS 4.0 Calculator](https://www.first.org/cvss/calculator/4.0)
 - [linux-distros mailing list](https://oss-security.openwall.org/wiki/mailing-lists/distros)
 - [OpenSSF CVD Guide](https://github.com/ossf/oss-vulnerability-guide) *(basis for this plan)*
 ---
 ## Appendix A: Communication Templates
 ### A.1 Reporter Acknowledgment
 > Subject: Re: [Security] \<brief issue description\>
 >
 > Hi \<name\>,
 >
 > Thank you for taking the time to report this issue. We appreciate it.
 >
 > We have received your report and will review it as soon as possible. We will
 > keep you updated on our progress.
 >
 > Questions:
 >
 > - How would you like to be credited in the advisory? (name, handle,
 >   organisation, or anonymous)
 > - Do you plan to publish your own write-up or advisory? If so, do you have a
 >   disclosure date in mind?
 >
 > We apply coordinated disclosure principles to all vulnerability reports. If
 > you have any questions or concerns at any point, please reply to this thread.
 >
 > Thank you again,
 > The Pillow team
 ### A.2 Embargoed Distro Notification
 > Subject: [EMBARGOED] Pillow security issue — \<CVE-XXXX-XXXXX\> — disclosure \<DATE\>
 >
 > This is an embargoed notification of a vulnerability in Pillow. Please keep this
 > information confidential until the disclosure date listed below.
 >
 > **CVE:** \<CVE-XXXX-XXXXX\>
 >
 > **Affected versions:** \<e.g. Pillow < 11.x.x\>
 >
 > **Fixed version:** \<version\>
 >
 > **Severity:** \<Critical / High / Medium / Low\> (CVSS \<score\>: \<vector\>)
 >
 > **Reporter:** \<name / affiliation, or "reported privately"\>
 >
 > **Public disclosure date:** \<DATE TIME UTC\>
 >
 > **Summary:**
 > \<One paragraph describing the vulnerability class and impact without a full exploit.\>
 >
 > **Proof of concept:**
 > \<Minimal reproducer or attached patch.\>
 >
 > **Remediation:**
 > Upgrade to Pillow \<fixed version\>. No known workaround.
 >
 > Please do not share this information, issue public patches, or make user communications
 > before the disclosure date. We will notify this list immediately if the date changes.
 >
 > — The Pillow maintainers
 ### A.3 Public Disclosure Advisory
 *(Published as a GitHub Security Advisory; the CVE and date are included automatically.)*
 > **Summary:** \<One-paragraph technical summary.\>
 >
 > **CVE:** \<CVE-XXXX-XXXXX\>
 >
 > **Affected versions:** Pillow \< \<fixed version\>
 >
 > **Fixed version:** \<version\>
 >
 > **Severity:** \<rating\> (CVSS \<score\>)
 >
 > **Reporter:** \<credited name / "reported privately"\>
 >
 > **Details:**
 > \<Fuller technical description. Include attack scenario where helpful.\>
 >
 > **Remediation:**
 > ```
 > python3 -m pip install --upgrade Pillow
 > ```
 >
 > **Timeline:**
 > - Reported: \<date\>
 > - Fixed: \<date\>
 > - Disclosed: \<date\>
--- a/.github/compare-dist-sizes.py
+++ b/.github/compare-dist-sizes.py
@ -0,0 +1,271 @@
 """Compare sizes of newly-built dists against the latest release on PyPI.
 Fetches file sizes for the latest Pillow release from the PyPI JSON API
 (no download required) and compares them to a directory of freshly-built
 wheels and sdist. Outputs a table to stdout (and to
 `$GITHUB_STEP_SUMMARY` if set).
 Usage:
    `uv run .github/compare-dist-sizes.py <dist-dir>`
 """
 # /// script
 # requires-python = ">=3.10"
 # dependencies = [
 #     "humanize",
 #     "prettytable",
 #     "termcolor",
 # ]
 # ///
 from __future__ import annotations
 import argparse
 import json
 import os
 import re
 import sys
 import urllib.request
 from pathlib import Path
 import humanize
 from prettytable import PrettyTable, TableStyle
 from termcolor import colored
 PYPI_JSON_URL = "https://pypi.org/pypi/pillow/json"
 # Wheel filename: {distribution}-{version}(-{build})?-{python}-{abi}-{platform}.whl
 # sdist filename: {distribution}-{version}.tar.gz
 WHEEL_RE = re.compile(
    r"^[^-]+-[^-]+(?:-(?P<build>\d[^-]*))?"
    r"-(?P<python>[^-]+)-(?P<abi>[^-]+)-(?P<platform>[^-]+)\.whl$",
    re.IGNORECASE,
 )
 SDIST_RE = re.compile(
    r"^(?P<dist>[^-]+)-(?P<version>.+)\.tar\.gz$",
    re.IGNORECASE,
 )
 def key_for(filename: str) -> str:
    """Return a version-independent identifier for a dist file."""
    if m := WHEEL_RE.match(filename):
        build = f"{m['build']}-" if m["build"] else ""
        return f"wheel:{build}{m['python']}-{m['abi']}-{m['platform']}"
    if SDIST_RE.match(filename):
        return "sdist"
    msg = f"Unexpected dist name: {filename}"
    raise ValueError(msg)
 def display_for(filename: str) -> str:
    """Strip the `pillow-{version}-` prefix for compact table display."""
    if m := WHEEL_RE.match(filename):
        build = f"{m['build']}-" if m["build"] else ""
        return f"{build}{m['python']}-{m['abi']}-{m['platform']}.whl"
    if SDIST_RE.match(filename):
        return "sdist (.tar.gz)"
    return filename
 def fetch_pypi_sizes() -> tuple[str, dict[str, tuple[str, int]]]:
    """Return (version, {key: (filename, size)}) for the latest PyPI release."""
    with urllib.request.urlopen(PYPI_JSON_URL) as response:
        data = json.load(response)
    version = data["info"]["version"]
    sizes: dict[str, tuple[str, int]] = {}
    for entry in data.get("urls", []):
        filename = entry["filename"]
        key = key_for(filename)
        sizes[key] = (filename, entry["size"])
    return version, sizes
 def collect_local_sizes(dist_dir: Path) -> dict[str, tuple[str, int]]:
    sizes: dict[str, tuple[str, int]] = {}
    for path in sorted(dist_dir.iterdir()):
        if not path.is_file():
            continue
        key = key_for(path.name)
        sizes[key] = (path.name, path.stat().st_size)
    return sizes
 def human(n: int | None) -> str:
    if n is None:
        return "n/a"
    return humanize.naturalsize(n)
 def pct_change(before: int | None, after: int | None) -> str:
    if before is None or after is None:
        return "n/a"
    delta = 0 if before == 0 else (after - before) / before * 100
    return f"{delta:+.2f}%"
 def pct_severity(text: str) -> dict[str, str] | None:
    """Return status indicators based on the change percent."""
    if text == "n/a":
        return None
    pct = float(text.rstrip("%"))
    if pct >= 5:
        return {"color": "red", "emoji": "🔴"}
    if pct > 0:
        return {"color": "yellow", "emoji": "🟡"}
    else:
        return {"color": "green", "emoji": "🟢"}
 def render_table(
    baseline_label: str,
    baseline_sizes: dict[str, tuple[str, int]],
    local_sizes: dict[str, tuple[str, int]],
    *,
    markdown: bool,
 ) -> str:
    table = PrettyTable()
    table.set_style(TableStyle.MARKDOWN if markdown else TableStyle.SINGLE_BORDER)
    table.field_names = ["File", "Size before", "Size now", "Change"]
    table.align = "r"
    table.align["File"] = "l"
    def style(cells: list[str], role: str) -> list[str]:
        severity = pct_severity(cells[3])
        if markdown:
            if severity:
                cells[3] = f"{severity['emoji']} {cells[3]}"
            if role == "orphan":
                return [f"*{c}*" for c in cells]
            if role == "summary":
                return [f"**{c}**" for c in cells]
            return cells
        if role == "orphan":
            return [colored(c, "dark_grey") for c in cells]
        bold_attrs = ["bold"] if role == "summary" else []
        if bold_attrs:
            cells[:3] = [colored(c, attrs=bold_attrs) for c in cells[:3]]
        if severity:
            cells[3] = colored(cells[3], severity["color"], attrs=bold_attrs)
        elif bold_attrs:
            cells[3] = colored(cells[3], attrs=bold_attrs)
        return cells
    keys = list(set(baseline_sizes) | set(local_sizes))
    # Put sdist first for readability
    keys.sort(key=lambda k: (k != "sdist", k))
    wheel_before = []
    wheel_after = []
    total_before = []
    total_after = []
    for key in keys:
        baseline_entry = baseline_sizes.get(key)
        local_entry = local_sizes.get(key)
        display_name = display_for((local_entry or baseline_entry)[0])
        before = baseline_entry[1] if baseline_entry else None
        after = local_entry[1] if local_entry else None
        if after is None:
            # Removed since baseline: ignore in totals
            role = "orphan"
        else:
            # Present locally (in both, or newly added): count in totals
            total_after.append(after)
            if before is not None:
                total_before.append(before)
            if key != "sdist":
                wheel_after.append(after)
                if before is not None:
                    wheel_before.append(before)
            role = "data"
        cells = [
            display_name,
            human(before),
            human(after),
            pct_change(before, after),
        ]
        table.add_row(style(cells, role))
    if not markdown:
        table.add_divider()
    if wheel_after:
        avg_before = sum(wheel_before) // len(wheel_before) if wheel_before else None
        table.add_row(
            style(
                [
                    f"wheel average ({len(wheel_after)} wheels)",
                    human(avg_before),
                    human(sum(wheel_after) // len(wheel_after)),
                    pct_change(avg_before, sum(wheel_after) // len(wheel_after)),
                ],
                "summary",
            )
        )
        table.add_row(
            style(
                [
                    f"wheel total ({len(wheel_after)} wheels)",
                    human(sum(wheel_before)),
                    human(sum(wheel_after)),
                    pct_change(sum(wheel_before), sum(wheel_after)),
                ],
                "summary",
            ),
            divider=not markdown,
        )
    if total_after:
        table.add_row(
            style(
                [
                    f"artifacts total ({len(total_after)} artifacts)",
                    human(sum(total_before)),
                    human(sum(total_after)),
                    pct_change(sum(total_before), sum(total_after)),
                ],
                "summary",
            )
        )
    title = f"## Dist size comparison vs {baseline_label}"
    if not markdown:
        title = colored(title, attrs=["bold"])
    return f"{title}\n\n{table.get_string()}\n"
 def main() -> int:
    parser = argparse.ArgumentParser(
        description=__doc__, formatter_class=argparse.ArgumentDefaultsHelpFormatter
    )
    parser.add_argument(
        "dist_dir",
        type=Path,
        help="Directory containing newly-built wheels and sdist",
    )
    args = parser.parse_args()
    if not args.dist_dir.is_dir():
        print(f"error: {args.dist_dir} is not a directory", file=sys.stderr)
        return 1
    baseline_version, baseline_sizes = fetch_pypi_sizes()
    baseline_label = f"Pillow {baseline_version} on PyPI"
    local_sizes = collect_local_sizes(args.dist_dir)
    print(render_table(baseline_label, baseline_sizes, local_sizes, markdown=False))
    if summary_path := os.environ.get("GITHUB_STEP_SUMMARY"):
        with open(summary_path, "a", encoding="utf-8") as f:
            f.write(
                render_table(baseline_label, baseline_sizes, local_sizes, markdown=True)
            )
    return 0
 if __name__ == "__main__":
    sys.exit(main())
--- a/.github/dependencies.json
+++ b/.github/dependencies.json
@ -3,12 +3,12 @@
  "bzip2": "1.0.8",
  "freetype": "2.14.3",
  "fribidi": "1.0.16",
-  "harfbuzz": "13.2.1",
+  "harfbuzz": "14.2.0",
  "jpegturbo": "3.1.4.1",
-  "lcms2": "2.18",
+  "lcms2": "2.19",
  "libavif": "1.4.1",
  "libimagequant": "4.4.1",
-  "libpng": "1.6.56",
+  "libpng": "1.6.58",
  "libwebp": "1.6.0",
  "libxcb": "1.17.0",
  "openjpeg": "2.5.4",
--- a/.github/generate-sbom.py
+++ b/.github/generate-sbom.py
@ -0,0 +1,560 @@
 #!/usr/bin/env python3
 """Generate a CycloneDX 1.7 SBOM for Pillow's C extensions and their
 vendored/optional native library dependencies.
 Usage:
    python3 .github/generate-sbom.py [output-file]
 Output defaults to pillow-{version}.cdx.json in the current directory.
 """
 from __future__ import annotations
 import argparse
 import base64
 import datetime as dt
 import difflib
 import hashlib
 import json
 import urllib.request
 import uuid
 from pathlib import Path
 def get_version() -> str:
    version_file = Path(__file__).parent.parent / "src" / "PIL" / "_version.py"
    return version_file.read_text(encoding="utf-8").split('"')[1]
 def load_dep_versions() -> dict[str, str]:
    deps_file = Path(__file__).parent / "dependencies.json"
    return json.loads(deps_file.read_text(encoding="utf-8"))
 def sha256_file(path: Path) -> str:
    return hashlib.sha256(path.read_bytes()).hexdigest()
 def upstream_diff_b64(
    upstream_url: str,
    upstream_display: bytes,
    local_path: Path,
    local_display: bytes,
 ) -> str:
    """
    Fetch an upstream file and return a base64-encoded unified diff vs the local copy.
    """
    with urllib.request.urlopen(upstream_url) as resp:
        upstream_text = resp.read()
    local_text = local_path.read_bytes()
    diff_lines = difflib.diff_bytes(
        difflib.unified_diff,
        upstream_text.splitlines(keepends=True),
        local_text.splitlines(keepends=True),
        fromfile=b"a/" + upstream_display,
        tofile=b"b/" + local_display,
    )
    return base64.b64encode(b"".join(diff_lines)).decode()
 def generate(version: str) -> dict:
    serial = str(uuid.uuid4())
    now = dt.datetime.now(dt.timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
    purl = f"pkg:pypi/pillow@{version}"
    root = Path(__file__).parent.parent
    thirdparty = root / "src" / "thirdparty"
    versions = load_dep_versions()
    metadata_component = {
        "bom-ref": purl,
        "type": "library",
        "name": "Pillow",
        "version": version,
        "description": "Python Imaging Library (fork)",
        "licenses": [{"license": {"id": "MIT-CMU"}}],
        "purl": purl,
        "externalReferences": [
            {"type": "website", "url": "https://python-pillow.github.io"},
            {"type": "vcs", "url": "https://github.com/python-pillow/Pillow"},
            {"type": "documentation", "url": "https://pillow.readthedocs.io"},
            {
                "type": "security-contact",
                "url": "https://github.com/python-pillow/Pillow/security/policy",
            },
        ],
    }
    c_extensions = [
        ("PIL._avif", "AVIF image format extension"),
        (
            "PIL._imaging",
            "Core image processing extension "
            "(decode, encode, map, display, outline, path, libImaging)",
        ),
        ("PIL._imagingcms", "LittleCMS2 colour management extension"),
        ("PIL._imagingft", "FreeType font rendering extension"),
        ("PIL._imagingmath", "Image math operations extension"),
        ("PIL._imagingmorph", "Image morphology extension"),
        ("PIL._imagingtk", "Tk/Tcl display extension"),
        ("PIL._webp", "WebP image format extension"),
    ]
    ext_components = [
        {
            "bom-ref": f"{purl}#c-ext/{name}",
            "type": "library",
            "name": name,
            "version": version,
            "description": desc,
            "licenses": [{"license": {"id": "MIT-CMU"}}],
            "purl": f"{purl}#c-ext/{name}",
        }
        for name, desc in c_extensions
    ]
    vendored_components = [
        {
            "bom-ref": f"{purl}#thirdparty/fribidi-shim",
            "type": "library",
            "name": "fribidi-shim",
            "version": "1.x",
            "description": "FriBiDi runtime-loading shim "
            "(vendored in src/thirdparty/fribidi-shim/); "
            "loads libfribidi dynamically",
            "licenses": [{"license": {"id": "LGPL-2.1-or-later"}}],
            "hashes": [
                {
                    "alg": "SHA-256",
                    "content": sha256_file(thirdparty / "fribidi-shim" / "fribidi.c"),
                }
            ],
            "pedigree": {
                "notes": "Pillow-authored shim; not taken from an upstream project."
            },
            "externalReferences": [
                {"type": "website", "url": "https://github.com/fribidi/fribidi"},
            ],
        },
        {
            "bom-ref": "pkg:github/python/pythoncapi-compat",
            "type": "library",
            "name": "pythoncapi_compat",
            "description": "Backport header for new CPython C-API functions "
            "(vendored in src/thirdparty/pythoncapi_compat.h)",
            "licenses": [{"license": {"id": "0BSD"}}],
            "hashes": [
                {
                    "alg": "SHA-256",
                    "content": sha256_file(thirdparty / "pythoncapi_compat.h"),
                }
            ],
            "pedigree": {
                "notes": "Vendored unmodified from upstream python/pythoncapi-compat."
            },
            "externalReferences": [
                {
                    "type": "vcs",
                    "url": "https://github.com/python/pythoncapi-compat",
                },
            ],
        },
        {
            "bom-ref": f"{purl}#thirdparty/raqm",
            "type": "library",
            "name": "raqm",
            "version": "0.10.5",
            "description": "Complex text layout library "
            "(vendored in src/thirdparty/raqm/)",
            "licenses": [{"license": {"id": "MIT"}}],
            "hashes": [
                {
                    "alg": "SHA-256",
                    "content": sha256_file(thirdparty / "raqm" / "raqm.c"),
                }
            ],
            "pedigree": {
                "ancestors": [
                    {
                        "bom-ref": "pkg:github/HOST-Oman/libraqm@0.10.5#upstream",
                        "type": "library",
                        "name": "raqm",
                        "version": "0.10.5",
                        "purl": "pkg:github/HOST-Oman/libraqm@0.10.5",
                        "externalReferences": [
                            {
                                "type": "distribution",
                                "url": "https://github.com/HOST-Oman/libraqm/releases/tag/v0.10.5",
                            }
                        ],
                    }
                ],
                "patches": [
                    {
                        "type": "unofficial",
                        "diff": {
                            "text": {
                                # raqm-version.h.in → raqm-version.h:
                                # template @RAQM_VERSION_*@ placeholders replaced
                                # with literal 0.10.5 values; filename changed to
                                # drop the .in suffix; minor indentation fix.
                                "content": upstream_diff_b64(
                                    "https://raw.githubusercontent.com/HOST-Oman/libraqm/v0.10.5/src/raqm-version.h.in",
                                    b"src/raqm-version.h.in",
                                    thirdparty / "raqm" / "raqm-version.h",
                                    b"src/raqm-version.h",
                                ),
                                "encoding": "base64",
                            }
                        },
                    },
                    {
                        "type": "unofficial",
                        "diff": {
                            "text": {
                                # raqm.c: wrap the <fribidi.h> include in an
                                # #ifdef HAVE_FRIBIDI_SYSTEM guard so that when
                                # building without a system FriBiDi Pillow's own
                                # fribidi-shim is used instead.
                                "content": upstream_diff_b64(
                                    "https://raw.githubusercontent.com/HOST-Oman/libraqm/v0.10.5/src/raqm.c",
                                    b"src/raqm.c",
                                    thirdparty / "raqm" / "raqm.c",
                                    b"src/raqm.c",
                                ),
                                "encoding": "base64",
                            }
                        },
                    },
                ],
                "notes": (
                    "Vendored from upstream HOST-Oman/libraqm v0.10.5 with two "
                    "Pillow-specific modifications: (1) raqm-version.h.in was "
                    "pre-processed into raqm-version.h with version placeholders "
                    "replaced by literal values; (2) raqm.c wraps the <fribidi.h> "
                    "include in an #ifdef HAVE_FRIBIDI_SYSTEM guard so Pillow's "
                    "bundled fribidi-shim is used when a system FriBiDi is absent."
                ),
            },
            "externalReferences": [
                {
                    "type": "vcs",
                    "url": "https://github.com/python-pillow/Pillow/tree/main/src/thirdparty/raqm",
                },
            ],
        },
    ]
    native_deps = [
        {
            "bom-ref": "pkg:generic/freetype2",
            "type": "library",
            "name": "FreeType",
            "version": versions["freetype"],
            "scope": "optional",
            "description": "Font rendering (optional, used by PIL._imagingft). "
            "Required for text/font support.",
            "licenses": [{"license": {"id": "FTL"}}],
            "externalReferences": [
                {"type": "website", "url": "https://freetype.org"},
                {
                    "type": "distribution",
                    "url": "https://download.savannah.gnu.org/releases/freetype/",
                },
            ],
        },
        {
            "bom-ref": "pkg:generic/fribidi",
            "type": "library",
            "name": "FriBiDi",
            "version": versions["fribidi"],
            "scope": "optional",
            "description": "Unicode bidi algorithm library (optional, "
            "loaded at runtime by fribidi-shim).",
            "licenses": [{"license": {"id": "LGPL-2.1-or-later"}}],
            "externalReferences": [
                {"type": "website", "url": "https://github.com/fribidi/fribidi"},
                {
                    "type": "distribution",
                    "url": "https://github.com/fribidi/fribidi/releases",
                },
            ],
        },
        {
            "bom-ref": "pkg:generic/harfbuzz",
            "type": "library",
            "name": "HarfBuzz",
            "version": versions["harfbuzz"],
            "scope": "optional",
            "description": "Text shaping (optional, required by libraqm "
            "for complex text layout).",
            "licenses": [{"license": {"id": "MIT"}}],
            "externalReferences": [
                {"type": "website", "url": "https://harfbuzz.github.io"},
                {
                    "type": "distribution",
                    "url": "https://github.com/harfbuzz/harfbuzz/releases",
                },
            ],
        },
        {
            "bom-ref": "pkg:generic/libavif",
            "type": "library",
            "name": "libavif",
            "version": versions["libavif"],
            "scope": "optional",
            "description": "AVIF codec (optional, used by PIL._avif).",
            "licenses": [{"license": {"id": "BSD-2-Clause"}}],
            "externalReferences": [
                {"type": "website", "url": "https://github.com/AOMediaCodec/libavif"},
                {
                    "type": "distribution",
                    "url": "https://github.com/AOMediaCodec/libavif/releases",
                },
            ],
        },
        {
            "bom-ref": "pkg:generic/libimagequant",
            "type": "library",
            "name": "libimagequant",
            "version": versions["libimagequant"],
            "scope": "optional",
            "description": "Improved colour quantization (optional).",
            "licenses": [{"license": {"id": "GPL-3.0-or-later"}}],
            "externalReferences": [
                {"type": "website", "url": "https://pngquant.org/lib/"},
                {
                    "type": "distribution",
                    "url": "https://github.com/ImageOptim/libimagequant/tags",
                },
            ],
        },
        {
            "bom-ref": "pkg:generic/libjpeg",
            "type": "library",
            "name": "libjpeg / libjpeg-turbo",
            "version": versions["jpegturbo"],
            "description": "JPEG codec (required by default; disable with "
            "-C jpeg=disable).",
            "licenses": [
                {"license": {"id": "IJG"}},
                {"license": {"id": "BSD-3-Clause"}},
            ],
            "externalReferences": [
                {"type": "website", "url": "https://ijg.org"},
                {"type": "website", "url": "https://libjpeg-turbo.org"},
                {
                    "type": "distribution",
                    "url": "https://github.com/libjpeg-turbo/libjpeg-turbo/releases",
                },
            ],
        },
        {
            "bom-ref": "pkg:generic/libtiff",
            "type": "library",
            "name": "libtiff",
            "version": versions["tiff"],
            "scope": "optional",
            "description": "TIFF codec (optional).",
            "licenses": [{"license": {"id": "libtiff"}}],
            "externalReferences": [
                {"type": "website", "url": "https://libtiff.gitlab.io/libtiff/"},
                {
                    "type": "distribution",
                    "url": "https://download.osgeo.org/libtiff/",
                },
            ],
        },
        {
            "bom-ref": "pkg:generic/libwebp",
            "type": "library",
            "name": "libwebp",
            "version": versions["libwebp"],
            "scope": "optional",
            "description": "WebP codec (optional, used by PIL._webp).",
            "licenses": [{"license": {"id": "BSD-3-Clause"}}],
            "externalReferences": [
                {
                    "type": "website",
                    "url": "https://chromium.googlesource.com/webm/libwebp",
                },
                {
                    "type": "distribution",
                    "url": "https://chromium.googlesource.com/webm/libwebp",
                },
            ],
        },
        {
            "bom-ref": "pkg:generic/libxcb",
            "type": "library",
            "name": "libxcb",
            "version": versions["libxcb"],
            "scope": "optional",
            "description": "X11 screen-grab support (optional, "
            "used by PIL._imaging on macOS and Linux).",
            "licenses": [{"license": {"id": "X11"}}],
            "externalReferences": [
                {"type": "website", "url": "https://xcb.freedesktop.org"},
                {
                    "type": "distribution",
                    "url": "https://xcb.freedesktop.org/dist/",
                },
            ],
        },
        {
            "bom-ref": "pkg:generic/littlecms2",
            "type": "library",
            "name": "Little CMS 2",
            "version": versions["lcms2"],
            "scope": "optional",
            "description": "Colour management (optional, used by PIL._imagingcms).",
            "licenses": [{"license": {"id": "MIT"}}],
            "externalReferences": [
                {"type": "website", "url": "https://www.littlecms.com"},
                {
                    "type": "distribution",
                    "url": "https://github.com/mm2/Little-CMS/releases",
                },
            ],
        },
        {
            "bom-ref": "pkg:generic/openjpeg",
            "type": "library",
            "name": "OpenJPEG",
            "version": versions["openjpeg"],
            "scope": "optional",
            "description": "JPEG 2000 codec (optional).",
            "licenses": [{"license": {"id": "BSD-2-Clause"}}],
            "externalReferences": [
                {"type": "website", "url": "https://www.openjpeg.org"},
                {
                    "type": "distribution",
                    "url": "https://github.com/uclouvain/openjpeg/releases",
                },
            ],
        },
        {
            "bom-ref": "pkg:pypi/pybind11",
            "type": "library",
            "name": "pybind11",
            "scope": "excluded",
            "description": "Parallel C compilation library (build-time dependency).",
            "licenses": [{"license": {"id": "BSD-3-Clause"}}],
            "externalReferences": [
                {"type": "website", "url": "https://pybind11.readthedocs.io"},
                {
                    "type": "distribution",
                    "url": "https://github.com/pybind/pybind11/releases",
                },
            ],
        },
        {
            "bom-ref": "pkg:generic/zlib",
            "type": "library",
            "name": "zlib",
            "version": versions["zlib-ng"],
            "description": "Deflate/PNG compression (required by default; "
            "disable with -C zlib=disable).",
            "licenses": [{"license": {"id": "Zlib"}}],
            "externalReferences": [
                {"type": "website", "url": "https://zlib.net"},
                {"type": "distribution", "url": "https://zlib.net"},
            ],
        },
    ]
    dependencies = [
        {
            "ref": purl,
            "dependsOn": [e["bom-ref"] for e in ext_components],
        },
        {
            "ref": f"{purl}#c-ext/PIL._avif",
            "dependsOn": ["pkg:generic/libavif"],
        },
        {
            "ref": f"{purl}#c-ext/PIL._imaging",
            "dependsOn": [
                "pkg:generic/libimagequant",
                "pkg:generic/libjpeg",
                "pkg:generic/libtiff",
                "pkg:generic/libxcb",
                "pkg:generic/openjpeg",
                "pkg:generic/zlib",
            ],
        },
        {
            "ref": f"{purl}#c-ext/PIL._imagingcms",
            "dependsOn": ["pkg:generic/littlecms2"],
        },
        {
            "ref": f"{purl}#c-ext/PIL._imagingft",
            "dependsOn": [
                "pkg:generic/freetype2",
                "pkg:generic/fribidi",
                "pkg:generic/harfbuzz",
                f"{purl}#thirdparty/fribidi-shim",
                f"{purl}#thirdparty/raqm",
            ],
        },
        {
            "ref": f"{purl}#c-ext/PIL._webp",
            "dependsOn": ["pkg:generic/libwebp"],
        },
        {
            "ref": f"{purl}#thirdparty/raqm",
            "dependsOn": [
                "pkg:generic/harfbuzz",
                f"{purl}#thirdparty/fribidi-shim",
            ],
        },
    ]
    return {
        "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
        "bomFormat": "CycloneDX",
        "specVersion": "1.7",
        "serialNumber": f"urn:uuid:{serial}",
        "version": 1,
        "metadata": {
            "timestamp": now,
            "lifecycles": [{"phase": "build"}],
            "tools": {
                "components": [
                    {
                        "type": "application",
                        "name": "generate-sbom.py",
                        "group": "pillow",
                    }
                ]
            },
            "component": metadata_component,
        },
        "components": ext_components + vendored_components + native_deps,
        "dependencies": dependencies,
    }
 def main() -> None:
    version = get_version()
    parser = argparse.ArgumentParser(
        description=__doc__, formatter_class=argparse.ArgumentDefaultsHelpFormatter
    )
    parser.add_argument(
        "output",
        nargs="?",
        type=Path,
        default=Path(f"pillow-{version}.cdx.json"),
        help="output file",
    )
    args = parser.parse_args()
    sbom = generate(version)
    args.output.write_text(json.dumps(sbom, indent=2) + "\n", encoding="utf-8")
    print(
        f"Wrote {args.output} (Pillow {version}, {len(sbom['components'])} components)"
    )
 if __name__ == "__main__":
    main()
--- a/.github/renovate.json
+++ b/.github/renovate.json
@ -7,6 +7,7 @@
        "Dependency"
    ],
    "minimumReleaseAge": "7 days",
    "prCreation": "not-pending",
    "schedule": [
        "* * 3 * *"
    ],
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@ -4,19 +4,14 @@ on:
  push:
    branches:
      - "**"
-    paths:
+    paths: &paths
      - ".github/dependencies.json"
      - ".github/workflows/cifuzz.yml"
      - ".github/workflows/wheels-dependencies.sh"
      - "**.c"
      - "**.h"
  pull_request:
-    paths:
+    paths: *paths
      - ".github/dependencies.json"
      - ".github/workflows/cifuzz.yml"
      - ".github/workflows/wheels-dependencies.sh"
      - "**.c"
      - "**.h"
  workflow_dispatch:
 permissions:
@ -35,14 +30,14 @@ jobs:
    steps:
    - name: Build Fuzzers
      id: build
-      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@e41e2f295eb18d630932fdd33d072527ba74c87b # master
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@d87225267726cf7ce1a3e17cf103c5ac943c4f05 # master
      with:
        oss-fuzz-project-name: 'pillow'
        language: python
        dry-run: false
    - name: Run Fuzzers
      id: run
-      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@e41e2f295eb18d630932fdd33d072527ba74c87b # master
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@d87225267726cf7ce1a3e17cf103c5ac943c4f05 # master
      with:
        oss-fuzz-project-name: 'pillow'
        fuzz-seconds: 600
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@ -4,15 +4,12 @@ on:
  push:
    branches:
      - "**"
-    paths:
+    paths: &paths
      - ".github/workflows/docs.yml"
      - "docs/**"
      - "src/PIL/**"
  pull_request:
-    paths:
+    paths: *paths
      - ".github/workflows/docs.yml"
      - "docs/**"
      - "src/PIL/**"
  workflow_dispatch:
 permissions:
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -25,7 +25,7 @@ jobs:
        with:
          python-version: "3.x"
      - name: Install uv
-        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
+        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
      - name: Lint
        run: uvx --with tox-uv tox -e lint
      - name: Mypy
--- a/.github/workflows/test-docker.yml
+++ b/.github/workflows/test-docker.yml
@ -4,19 +4,14 @@ on:
  push:
    branches:
      - "**"
-    paths-ignore:
+    paths-ignore: &paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  pull_request:
-    paths-ignore:
+    paths-ignore: *paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  workflow_dispatch:
 permissions:
@ -39,8 +34,8 @@ jobs:
        os: ["ubuntu-latest"]
        docker: [
          # Run slower jobs first to give them a headstart and reduce waiting time
-          ubuntu-24.04-noble-ppc64le,
+          ubuntu-26.04-resolute-ppc64le,
-          ubuntu-24.04-noble-s390x,
+          ubuntu-26.04-resolute-s390x,
          # Then run the remainder
          alpine,
          amazon-2023-amd64,
@ -50,17 +45,19 @@ jobs:
          debian-13-trixie-x86,
          debian-13-trixie-amd64,
          fedora-43-amd64,
          fedora-44-amd64,
          gentoo,
          ubuntu-22.04-jammy-amd64,
          ubuntu-24.04-noble-amd64,
          ubuntu-26.04-resolute-amd64,
        ]
        dockerTag: [main]
        include:
-          - docker: "ubuntu-24.04-noble-ppc64le"
+          - docker: "ubuntu-26.04-resolute-ppc64le"
            qemu-arch: "ppc64le"
-          - docker: "ubuntu-24.04-noble-s390x"
+          - docker: "ubuntu-26.04-resolute-s390x"
            qemu-arch: "s390x"
-          - docker: "ubuntu-24.04-noble-arm64v8"
+          - docker: "ubuntu-26.04-resolute-arm64v8"
            os: "ubuntu-24.04-arm"
            dockerTag: main
--- a/.github/workflows/test-mingw.yml
+++ b/.github/workflows/test-mingw.yml
@ -4,19 +4,14 @@ on:
  push:
    branches:
      - "**"
-    paths-ignore:
+    paths-ignore: &paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  pull_request:
-    paths-ignore:
+    paths-ignore: *paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  workflow_dispatch:
 permissions:
--- a/.github/workflows/test-valgrind-memory.yml
+++ b/.github/workflows/test-valgrind-memory.yml
@ -8,12 +8,13 @@ on:
  #   branches:
  #     - "**"
  #   paths:
-  #     - ".github/workflows/test-valgrind.yml"
+  #     - ".github/workflows/test-valgrind-memory.yml"
  #     - "**.c"
  #     - "**.h"
  #     - "depends/docker-test-valgrind-memory.sh"
  pull_request:
    paths:
-      - ".github/workflows/test-valgrind.yml"
+      - ".github/workflows/test-valgrind-memory.yml"
      - "**.c"
      - "**.h"
      - "depends/docker-test-valgrind-memory.sh"
--- a/.github/workflows/test-valgrind.yml
+++ b/.github/workflows/test-valgrind.yml
@ -6,15 +6,12 @@ on:
  push:
    branches:
      - "**"
-    paths:
+    paths: &paths
      - ".github/workflows/test-valgrind.yml"
      - "**.c"
      - "**.h"
  pull_request:
-    paths:
+    paths: *paths
      - ".github/workflows/test-valgrind.yml"
      - "**.c"
      - "**.h"
  workflow_dispatch:
 permissions:
--- a/.github/workflows/test-windows.yml
+++ b/.github/workflows/test-windows.yml
@ -4,19 +4,14 @@ on:
  push:
    branches:
      - "**"
-    paths-ignore:
+    paths-ignore: &paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  pull_request:
-    paths-ignore:
+    paths-ignore: *paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  workflow_dispatch:
 permissions:
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -4,19 +4,14 @@ on:
  push:
    branches:
      - "**"
-    paths-ignore:
+    paths-ignore: &paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  pull_request:
-    paths-ignore:
+    paths-ignore: *paths-ignore
      - ".github/workflows/docs.yml"
      - ".github/workflows/wheels*"
      - ".gitmodules"
      - "docs/**"
      - "wheels/**"
  workflow_dispatch:
 permissions:
@ -47,7 +42,6 @@ jobs:
          "3.15",
          "3.14t",
          "3.14",
          "3.13t",
          "3.13",
          "3.12",
          "3.11",
@ -56,10 +50,6 @@ jobs:
        include:
        - { python-version: "3.12", PYTHONOPTIMIZE: 1, REVERSE: "--reverse" }
        - { python-version: "3.11", PYTHONOPTIMIZE: 2 }
        # Free-threaded
        - { python-version: "3.15t", disable-gil: true }
        - { python-version: "3.14t", disable-gil: true }
        - { python-version: "3.13t", disable-gil: true }
        # Intel
        - { os: "macos-26-intel", python-version: "3.10" }
        exclude:
@ -83,11 +73,6 @@ jobs:
          ".ci/*.sh"
          "pyproject.toml"
    - name: Set PYTHON_GIL
      if: "${{ matrix.disable-gil }}"
      run: |
        echo "PYTHON_GIL=0" >> $GITHUB_ENV
    - name: Build system information
      run: python3 .github/workflows/system-info.py
--- a/.github/workflows/wheels.yml
+++ b/.github/workflows/wheels.yml
@ -10,9 +10,12 @@ on:
  #        │  │ │ │ │
  - cron: "42 1 * * 0,3"
  push:
-    paths:
+    paths: &paths
      - ".ci/requirements-cibw.txt"
      - ".ci/requirements-sbom.txt"
      - ".github/compare-dist-sizes.py"
      - ".github/dependencies.json"
      - ".github/generate-sbom.py"
      - ".github/workflows/wheels*"
      - "pyproject.toml"
      - "setup.py"
@ -22,15 +25,7 @@ on:
    tags:
      - "*"
  pull_request:
-    paths:
+    paths: *paths
      - ".ci/requirements-cibw.txt"
      - ".github/dependencies.json"
      - ".github/workflows/wheels*"
      - "pyproject.toml"
      - "setup.py"
      - "wheels/*"
      - "winbuild/build_prepare.py"
      - "winbuild/fribidi.cmake"
  workflow_dispatch:
 permissions:
@ -106,7 +101,7 @@ jobs:
            cibw_arch: arm64_iphonesimulator
          - name: "iOS x86_64 simulator"
            platform: ios
-            os: macos-15-intel
+            os: macos-26-intel
            cibw_arch: x86_64_iphonesimulator
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@ -261,6 +256,28 @@ jobs:
          echo $files
          [ "$files" -eq $EXPECTED_DISTS ] || exit 1
  compare-dist-sizes:
    needs: [build-native-wheels, windows, sdist]
    runs-on: ubuntu-latest
    name: Compare dist sizes vs PyPI
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          enable-cache: false
      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          pattern: dist-*
          path: dist
          merge-multiple: true
      - name: Compare dist sizes vs latest PyPI release
        run: uv run .github/compare-dist-sizes.py dist
  scientific-python-nightly-wheels-publish:
    if: github.event.repository.fork == false && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch')
    needs: count-dists
@ -276,11 +293,59 @@ jobs:
          path: dist
          merge-multiple: true
      - name: Upload wheels to scientific-python-nightly-wheels
-        uses: scientific-python/upload-nightly-action@5748273c71e2d8d3a61f3a11a16421c8954f9ecf # 0.6.3
+        uses: scientific-python/upload-nightly-action@e76cfec8a4611fd02808a801b0ff5a7d7c1b2d99 # 0.6.4
        with:
          artifacts_path: dist
          anaconda_nightly_upload_token: ${{ secrets.ANACONDA_ORG_UPLOAD_TOKEN }}
  sbom:
    if: github.event_name != 'schedule' || github.event.repository.fork == false
    runs-on: ubuntu-latest
    name: Generate SBOM
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.x"
      - name: Generate CycloneDX SBOM
        run: python3 .github/generate-sbom.py
      - name: Upload SBOM as workflow artifact
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: sbom
          path: "pillow-*.cdx.json"
      - name: Validate SBOM
        run: |
          python3 -m pip install -r .ci/requirements-sbom.txt
          check-jsonschema --schemafile "https://raw.githubusercontent.com/CycloneDX/specification/1.7/schema/bom-1.7.schema.json" pillow-*.cdx.json
  sbom-publish:
    if: |
      github.event.repository.fork == false
      && github.event_name == 'push'
      && startsWith(github.ref, 'refs/tags')
    needs: [count-dists, sbom]
    runs-on: ubuntu-latest
    name: Publish SBOM to GitHub release
    permissions:
      contents: write
    steps:
      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: sbom
          path: .
      - name: Attach SBOM to GitHub release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: gh release upload "$GITHUB_REF_NAME" pillow-*.cdx.json
  pypi-publish:
    if: github.event.repository.fork == false && github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
    needs: count-dists
--- a/.gitignore
+++ b/.gitignore
@ -97,3 +97,6 @@ pillow-test-images.zip
 # pyinstaller
 *.spec
 # Generated SBOM
 pillow-*.cdx.json
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,6 +1,6 @@
 repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.9
+    rev: v0.15.12
    hooks:
      - id: ruff-check
        args: [--exit-non-zero-on-fix]
@ -24,7 +24,7 @@ repos:
        exclude: (Makefile$|\.bat$|\.cmake$|\.eps$|\.fits$|\.gd$|\.opt$)
  - repo: https://github.com/pre-commit/mirrors-clang-format
-    rev: v22.1.2
+    rev: v22.1.4
    hooks:
      - id: clang-format
        types: [c]
@ -54,14 +54,14 @@ repos:
        exclude: ^\.github/.*TEMPLATE|^Tests/(fonts|images)/
  - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.37.1
+    rev: 0.37.2
    hooks:
      - id: check-github-workflows
      - id: check-readthedocs
      - id: check-renovate
  - repo: https://github.com/zizmorcore/zizmor-pre-commit
-    rev: v1.23.1
+    rev: v1.24.1
    hooks:
      - id: zizmor
@ -71,7 +71,7 @@ repos:
      - id: sphinx-lint
  - repo: https://github.com/tox-dev/pyproject-fmt
-    rev: v2.21.0
+    rev: v2.21.1
    hooks:
      - id: pyproject-fmt
--- a/README.md
+++ b/README.md
@ -9,8 +9,10 @@
 Pillow is the friendly PIL fork by [Jeffrey 'Alex' Clark and
 contributors](https://github.com/python-pillow/Pillow/graphs/contributors).
 PIL is the Python Imaging Library by Fredrik Lundh and contributors.
-As of 2019, Pillow development is
+Development is supported by:
-[supported by Tidelift](https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=readme&utm_campaign=enterprise).
+- [Tidelift](https://tidelift.com/subscription/pkg/pypi-pillow?utm_source=pypi-pillow&utm_medium=readme&utm_campaign=enterprise) (since 2018)
 - [Thanks.dev](https://thanks.dev) (since 2023)
 - [GitHub Sponsors](https://github.com/sponsors/python-pillow) (since 2026)
 <table>
    <tr>
--- a/RELEASING.md
+++ b/RELEASING.md
@ -19,6 +19,7 @@ Released as needed for security, installation or critical bug fixes.
  git checkout -t remotes/origin/5.2.x
  ```
 * [ ] Cherry pick individual commits from `main` branch to release branch e.g. `5.2.x`, then `git push`.
 * [ ] If this is a security fix: amend commits to include the CVE identifier in the commit message.
 * [ ] Check [GitHub Actions](https://github.com/python-pillow/Pillow/actions) to confirm passing tests in release branch e.g. `5.2.x`.
 * [ ] In compliance with [PEP 440](https://peps.python.org/pep-0440/), update version identifier in `src/PIL/_version.py`
 * [ ] Run pre-release check via `make release-test`.
@ -38,6 +39,7 @@ Released as needed for security, installation or critical bug fixes.
  ```bash
  git push
  ```
 * [ ] If this is a security fix: publish the [GitHub Security Advisory or Advisories](https://github.com/python-pillow/Pillow/security/advisories).
 ## Embargoed release
--- a/Tests/conftest.py
+++ b/Tests/conftest.py
@ -1,9 +1,17 @@
 from __future__ import annotations
 import io
 import sys
 import sysconfig
 import pytest
 FREE_THREADED_BUILD = bool(sysconfig.get_config_var("Py_GIL_DISABLED"))
 gil_enabled_at_start = True
 if FREE_THREADED_BUILD:
    gil_enabled_at_start = sys._is_gil_enabled()  # type: ignore[attr-defined]
 def pytest_report_header(config: pytest.Config) -> str:
    try:
@ -16,6 +24,25 @@ def pytest_report_header(config: pytest.Config) -> str:
        return f"pytest_report_header failed: {e}"
 def pytest_terminal_summary(terminalreporter: pytest.TerminalReporter) -> None:
    if (
        FREE_THREADED_BUILD
        and not gil_enabled_at_start
        and sys._is_gil_enabled()  # type: ignore[attr-defined]
    ):
        tr = terminalreporter
        tr.ensure_newline()
        tr.section("GIL re-enabled", red=True, bold=True)
        tr.line("The GIL was re-enabled at runtime during the tests.")
        tr.line("This can happen with no test failures if the RuntimeWarning")
        tr.line("raised by Python when this happens is filtered by a test.")
        tr.line("")
        tr.line("Please ensure all new C modules declare support for running")
        tr.line("without the GIL. Any new tests that intentionally imports")
        tr.line("code that re-enables the GIL should do so in a subprocess.")
        pytest.exit("GIL re-enabled during tests", returncode=1)
 def pytest_configure(config: pytest.Config) -> None:
    config.addinivalue_line(
        "markers",
--- a/Tests/test_file_avif.py
+++ b/Tests/test_file_avif.py
@ -145,14 +145,14 @@ class TestFileAvif:
            # avifdec hopper.avif avif/hopper_avif_write.png
            assert_image_similar_tofile(
-                reloaded, "Tests/images/avif/hopper_avif_write.png", 6.88
+                reloaded, "Tests/images/avif/hopper_avif_write.png", 6.93
            )
            # This test asserts that the images are similar. If the average pixel
            # difference between the two images is less than the epsilon value,
            # then we're going to accept that it's a reasonable lossy version of
            # the image.
-            assert_image_similar(reloaded, im, 9.28)
+            assert_image_similar(reloaded, im, 9.39)
    def test_AvifEncoder_with_invalid_args(self) -> None:
        """
--- a/Tests/test_file_eps.py
+++ b/Tests/test_file_eps.py
@ -1,6 +1,7 @@
 from __future__ import annotations
 import io
 import subprocess
 from pathlib import Path
 import pytest
@ -281,6 +282,11 @@ def test_bytesio_object() -> None:
    ),
 )
 def test_1(filename: str) -> None:
    gs_binary = EpsImagePlugin.gs_binary
    assert isinstance(gs_binary, str)
    if subprocess.check_output([gs_binary, "--version"]) == b"10.06.0\n":
        pytest.skip("Fails with Ghostscript 10.06.0")
    with Image.open(filename) as im:
        assert_image_equal_tofile(im, "Tests/images/eps/1.bmp")
--- a/Tests/test_file_png.py
+++ b/Tests/test_file_png.py
@ -502,8 +502,9 @@ class TestFilePng:
            im = roundtrip(im)
        assert im.info["transparency"] == (248, 248, 248)
-        im = roundtrip(im, transparency=(0, 1, 2))
+        for transparency in ((0, 1, 2), [0, 1, 2]):
-        assert im.info["transparency"] == (0, 1, 2)
+            im = roundtrip(im, transparency=transparency)
            assert im.info["transparency"] == (0, 1, 2)
    def test_trns_p(self, tmp_path: Path) -> None:
        # Check writing a transparency of 0, issue #528
@ -518,6 +519,36 @@ class TestFilePng:
            assert_image_equal(im2.convert("RGBA"), im.convert("RGBA"))
    def test_trns_invalid(self, tmp_path: Path) -> None:
        out = tmp_path / "temp.png"
        for mode in ("1", "L", "I;16"):
            im = Image.new(mode, (1, 1))
            with pytest.raises(
                ValueError, match=f"transparency for {mode} must be an integer"
            ):
                im.save(out, transparency="invalid")
        im = Image.new("I", (1, 1))
        with pytest.warns(DeprecationWarning, match="Saving I mode images as PNG"):
            with pytest.raises(ValueError):
                im.save(out, transparency="invalid")
        im = Image.new("P", (1, 1))
        with pytest.raises(
            ValueError, match="transparency for P must be an integer or bytes"
        ):
            im.save(out, transparency="invalid")
        im = Image.new("RGB", (1, 1))
        with pytest.raises(
            ValueError, match="transparency for RGB must be list or tuple"
        ):
            im.save(out, transparency="invalid")
        with pytest.raises(ValueError, match="transparency for RGB must have length 3"):
            im.save(out, transparency=(1, 2))
    def test_trns_null(self) -> None:
        # Check reading images with null tRNS value, issue #1239
        test_file = "Tests/images/tRNS_null_1x1.png"
--- a/Tests/test_file_webp.py
+++ b/Tests/test_file_webp.py
@ -49,6 +49,12 @@ class TestFileWebp:
        assert version is not None
        assert re.search(r"\d+\.\d+\.\d+$", version)
    def test_invalid_file(self) -> None:
        invalid_file = "Tests/images/flower.jpg"
        with pytest.raises(SyntaxError):
            WebPImagePlugin.WebPImageFile(invalid_file)
    def test_read_rgb(self) -> None:
        """
        Can we read a RGB mode WebP file without error?
--- a/Tests/test_image.py
+++ b/Tests/test_image.py
@ -862,7 +862,7 @@ class TestImage:
    def test_exif_webp(self, tmp_path: Path) -> None:
        with Image.open("Tests/images/hopper.webp") as im:
            exif = im.getexif()
-            assert exif == {}
+            assert dict(exif) == {}
            out = tmp_path / "temp.webp"
            exif[258] = 8
@ -884,7 +884,7 @@ class TestImage:
    def test_exif_png(self, tmp_path: Path) -> None:
        with Image.open("Tests/images/exif.png") as im:
            exif = im.getexif()
-            assert exif == {274: 1}
+            assert dict(exif) == {274: 1}
            out = tmp_path / "temp.png"
            exif[258] = 8
--- a/Tests/test_image_resample.py
+++ b/Tests/test_image_resample.py
@ -627,3 +627,37 @@ class TestCoreResampleBox:
                0.4,
                f">>> {size} {box} {flt}",
            )
 class TestCoreResample16bpc:
    # Lanczos weighting during downsampling can push accumulated float sums
    @pytest.mark.parametrize(
        "offset",
        (
            # below 0. These must be clamped to 0, not corrupted byte-by-byte.
            0,  # Left half = 65535, right half = 0
            # above 65535. These must be clamped to 65535, not corrupted byte-by-byte.
            50,  # # Left half = 0, right half = 65535
        ),
    )
    def test_resampling_clamp_overflow(self, offset: int) -> None:
        ims = {}
        width, height = 100, 10
        for mode in ("I;16", "F"):
            im = Image.new(mode, (width, height))
            im.paste(65535, (offset, 0, offset + width // 2, height))
            # 5x downsampling with Lanczos
            # creates ~8.7% overshoot or undershoot at the step edge
            ims[mode] = im.resize((20, height), Image.Resampling.LANCZOS)
        for y in range(height):
            for x in range(20):
                v = ims["F"].getpixel((x, y))
                assert isinstance(v, float)
                expected = max(0, min(65535, round(v)))
                value = ims["I;16"].getpixel((x, y))
                assert (
                    value == expected
                ), f"Pixel ({x}, {y}): expected {expected}, got {value}"
--- a/Tests/test_imagefont.py
+++ b/Tests/test_imagefont.py
@ -365,7 +365,7 @@ def test_rotated_transposed_font(
        bbox_b[2] - bbox_b[0],
    )
-    # Check top left co-ordinates are correct
+    # Check top left coordinates are correct
    assert bbox_b[:2] == (20, 20)
    # text length is undefined for vertical text
@ -410,7 +410,7 @@ def test_unrotated_transposed_font(
        bbox_b[3] - bbox_b[1],
    )
-    # Check top left co-ordinates are correct
+    # Check top left coordinates are correct
    assert bbox_b[:2] == (20, 20)
    assert length_a == length_b
--- a/Tests/test_imageops.py
+++ b/Tests/test_imageops.py
@ -256,6 +256,13 @@ def test_expand_palette(border: int | tuple[int, int, int, int]) -> None:
        assert_image_equal(im_cropped, im)
@pytest.mark.parametrize("border", ((1,), (1, 2, 3), (1, 2, 3, 4, 5)))
 def test_expand_invalid_border(border: tuple[int, ...]) -> None:
    im = Image.new("1", (1, 1))
    with pytest.raises(ValueError):
        ImageOps.expand(im, border)
 def test_colorize_2color() -> None:
    # Test the colorizing function with 2-color functionality
--- a/docs/installation/building-from-source.rst
+++ b/docs/installation/building-from-source.rst
@ -51,7 +51,7 @@ Many of Pillow's features require external libraries:
 * **littlecms** provides color management
  * Pillow version 2.2.1 and below uses liblcms1, Pillow 2.3.0 and
-    above uses liblcms2. Tested with **1.19** and **2.7-2.18**.
+    above uses liblcms2. Tested with **1.19** and **2.7-2.19**.
 * **libwebp** provides the WebP format.
@ -116,7 +116,7 @@ Many of Pillow's features require external libraries:
    .. Note:: ``redhat-rpm-config`` is required on Fedora 23, but not earlier versions.
-    Prerequisites for **Ubuntu 16.04 LTS - 24.04 LTS** are installed with::
+    Prerequisites for **Ubuntu 16.04 LTS - 26.04 LTS** are installed with::
        sudo apt-get install libtiff5-dev libjpeg8-dev libopenjp2-7-dev zlib1g-dev \
            libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python3-tk \
--- a/docs/installation/platform-support.rst
+++ b/docs/installation/platform-support.rst
@ -31,6 +31,8 @@ These platforms are built and tested for every change.
 +----------------------------------+----------------------------+---------------------+
 | Fedora 43                        | 3.14                       | x86-64              |
 +----------------------------------+----------------------------+---------------------+
 | Fedora 44                        | 3.14                       | x86-64              |
 +----------------------------------+----------------------------+---------------------+
 | Gentoo                           | 3.13                       | x86-64              |
 +----------------------------------+----------------------------+---------------------+
 | macOS 15 Sequoia                 | 3.11, 3.12, 3.13, 3.14,    | arm64               |
@ -42,9 +44,9 @@ These platforms are built and tested for every change.
 +----------------------------------+----------------------------+---------------------+
 | Ubuntu Linux 24.04 LTS (Noble)   | 3.10, 3.11, 3.12, 3.13,    | x86-64              |
 |                                  | 3.14, 3.15, PyPy3          |                     |
-|                                  +----------------------------+---------------------+
+----------------------------------+----------------------------+---------------------+
-|                                  | 3.12                       | arm64v8, ppc64le,   |
+| Ubuntu Linux 26.04 LTS (Resolute)| 3.14                       | x86-64, arm64v8,    |
-|                                  |                            | s390x               |
+|                                  |                            | ppc64le, s390x      |
 +----------------------------------+----------------------------+---------------------+
 | Windows Server 2022              | 3.10                       | x86                 |
 +----------------------------------+----------------------------+---------------------+
--- a/docs/reference/ImageColor.rst
+++ b/docs/reference/ImageColor.rst
@ -27,6 +27,10 @@ The ImageColor module supports the following string formats:
  as three percentages (0% to 100%). For example, ``rgb(255,0,0)`` and
  ``rgb(100%,0%,0%)`` both specify pure red.
 * RGBA functions, given as ``rgba(red, green, blue, alpha)`` where the color
  values and the alpha value are integers in the range 0 to 255. For example,
  ``rgba(255,0,0,128)`` specifies pure red with 50% opacity.
 * Hue-Saturation-Lightness (HSL) functions, given as ``hsl(hue, saturation%,
  lightness%)`` where hue is the color given as an angle between 0 and 360
  (red=0, green=120, blue=240), saturation is a value between 0% and 100%
--- a/docs/releasenotes/12.2.0.rst
+++ b/docs/releasenotes/12.2.0.rst
@ -13,28 +13,28 @@ introduced in Pillow 10.3.0.
 The data being read is now limited to only the necessary amount.
-Fix OOB write with invalid tile extents
+:cve:`2026-42311`: Fix OOB write with invalid tile extents
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Pillow 12.1.1 addressed :cve:`2026-25990` by improving checks for tile extents to
 prevent an OOB write from specially crafted PSD images in Pillow >= 10.3.0. However,
 these checks did not consider integer overflow. This has been corrected.
-Prevent PDF parsing trailer infinite loop
+:cve:`2026-42310`: Prevent PDF parsing trailer infinite loop
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 When parsing a PDF, if a trailer refers to itself, or a more complex cyclic loop
 exists, then an infinite loop occurs. Pillow now keeps a record of which trailers it
 has already processed. PdfParser was added in Pillow 4.2.0.
-Integer overflow when processing fonts
+:cve:`2026-42308`: Integer overflow when processing fonts
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-If a font advances for each glyph by an exceeding large amount, when Pillow keeps track
+If a font advances for each glyph by an exceedingly large amount, when Pillow keeps
-of the current position, it may lead to an integer overflow. This has been fixed.
+track of the current position, it may lead to an integer overflow. This has been fixed.
-Heap buffer overflow with nested list coordinates
+:cve:`2026-42309`: Heap buffer overflow with nested list coordinates
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Passing nested lists as coordinates to APIs that accept coordinates such as
 ``ImagePath.Path``, :py:meth:`~PIL.ImageDraw.ImageDraw.polygon`
--- a/docs/releasenotes/8.2.0.rst
+++ b/docs/releasenotes/8.2.0.rst
@ -81,7 +81,7 @@ Image.alpha_composite: dest
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 When calling :py:meth:`~PIL.Image.Image.alpha_composite`, the ``dest`` argument now
-accepts negative co-ordinates, like the upper left corner of the ``box`` argument of
+accepts negative coordinates, like the upper left corner of the ``box`` argument of
 :py:meth:`~PIL.Image.Image.paste` can be negative. Naturally, this has effect of
 cropping the overlaid image.
--- a/setup.py
+++ b/setup.py
@ -57,7 +57,7 @@ WEBP_ROOT = None
 ZLIB_ROOT = None
 FUZZING_BUILD = "LIB_FUZZING_ENGINE" in os.environ
-if sys.platform == "win32" and sys.version_info >= (3, 15):
+if sys.platform == "win32" and sys.version_info >= (3, 16):
    import atexit
    atexit.register(
--- a/src/PIL/Image.py
+++ b/src/PIL/Image.py
@ -2639,11 +2639,8 @@ class Image:
        if is_path(fp):
            filename = os.fspath(fp)
            open_fp = True
-        elif fp == sys.stdout:
+        elif fp == sys.stdout and isinstance(sys.stdout, io.TextIOWrapper):
-            try:
+            fp = sys.stdout.buffer
                fp = sys.stdout.buffer
            except AttributeError:
                pass
        if not filename and hasattr(fp, "name") and is_path(fp.name):
            # only set the name for metadata purposes
            filename = os.fspath(fp.name)
--- a/src/PIL/ImageDraw.py
+++ b/src/PIL/ImageDraw.py
@ -175,7 +175,7 @@ class ImageDraw:
    ) -> None:
        """Draw an arc."""
        ink, fill = self._getink(fill)
-        if ink is not None:
+        if ink is not None and width != 0:
            self.draw.draw_arc(xy, start, end, ink, width)
    def bitmap(
@ -235,12 +235,12 @@ class ImageDraw:
        self,
        xy: Coords,
        fill: _Ink | None = None,
-        width: int = 0,
+        width: int = 1,
        joint: str | None = None,
    ) -> None:
        """Draw a line, or a connected sequence of line segments."""
        ink = self._getink(fill)[0]
-        if ink is not None:
+        if ink is not None and width != 0:
            self.draw.draw_lines(xy, ink, width)
            if joint == "curve" and width > 4:
                points: Sequence[Sequence[float]]
--- a/src/PIL/ImageOps.py
+++ b/src/PIL/ImageOps.py
@ -36,6 +36,9 @@ def _border(border: int | tuple[int, ...]) -> tuple[int, int, int, int]:
            left, top = right, bottom = border
        elif len(border) == 4:
            left, top, right, bottom = border
        else:
            msg = "border must be an integer, or a tuple of two or four elements"
            raise ValueError(msg)
    else:
        left = top = right = bottom = border
    return left, top, right, bottom
--- a/src/PIL/PdfImagePlugin.py
+++ b/src/PIL/PdfImagePlugin.py
@ -148,10 +148,14 @@ def _write_image(
            strip_size=math.ceil(width / 8) * height,
        )
    elif decode_filter == "DCTDecode":
-        Image.SAVE["JPEG"](im, op, filename)
+        from . import JpegImagePlugin
        JpegImagePlugin._save(im, op, filename)
    elif decode_filter == "JPXDecode":
        from . import Jpeg2KImagePlugin
        del dict_obj["BitsPerComponent"]
-        Image.SAVE["JPEG2000"](im, op, filename)
+        Jpeg2KImagePlugin._save(im, op, filename)
    else:
        msg = f"unsupported PDF filter ({decode_filter})"
        raise ValueError(msg)
--- a/src/PIL/PdfParser.py
+++ b/src/PIL/PdfParser.py
@ -383,7 +383,7 @@ class PdfParser:
            msg = "specify buf or f or filename, but not both buf and f"
            raise RuntimeError(msg)
        self.filename = filename
-        self.buf: bytes | bytearray | mmap.mmap | None = buf
+        self.buf: bytes | bytearray | memoryview | mmap.mmap | None = buf
        self.f = f
        self.start_offset = start_offset
        self.should_close_buf = False
@ -435,7 +435,9 @@ class PdfParser:
        self.seek_end()
    def close_buf(self) -> None:
-        if isinstance(self.buf, mmap.mmap):
+        if isinstance(self.buf, memoryview):
            self.buf.release()
        elif isinstance(self.buf, mmap.mmap):
            self.buf.close()
        self.buf = None
@ -690,7 +692,7 @@ class PdfParser:
            self.read_prev_trailer(self.trailer_dict[b"Prev"])
    def read_prev_trailer(
-        self, xref_section_offset: int, processed_offsets: list[int] = []
+        self, xref_section_offset: int, processed_offsets: list[int] | None = None
    ) -> None:
        assert self.buf is not None
        trailer_offset = self.read_xref_table(xref_section_offset=xref_section_offset)
@ -706,6 +708,8 @@ class PdfParser:
        )
        trailer_dict = self.interpret_trailer(trailer_data)
        if b"Prev" in trailer_dict:
            if processed_offsets is None:
                processed_offsets = []
            processed_offsets.append(xref_section_offset)
            check_format_condition(
                trailer_dict[b"Prev"] not in processed_offsets, "trailer loop found"
--- a/src/PIL/PngImagePlugin.py
+++ b/src/PIL/PngImagePlugin.py
@ -1443,35 +1443,47 @@ def _save(
            palette_bytes += b"\0"
        chunk(fp, b"PLTE", palette_bytes)
-    transparency = im.encoderinfo.get("transparency", im.info.get("transparency", None))
+    transparency = im.encoderinfo.get("transparency", im.info.get("transparency"))
-    if transparency or transparency == 0:
+    if transparency is not None:
        if im.mode == "P":
            # limit to actual palette size
            alpha_bytes = colors
            if isinstance(transparency, bytes):
                chunk(fp, b"tRNS", transparency[:alpha_bytes])
-            else:
+            elif isinstance(transparency, int):
                transparency = max(0, min(255, transparency))
                alpha = b"\xff" * transparency + b"\0"
                chunk(fp, b"tRNS", alpha[:alpha_bytes])
            else:
                msg = "transparency for P must be an integer or bytes"
                raise ValueError(msg)
        elif im.mode in ("1", "L", "I", "I;16"):
-            transparency = max(0, min(65535, transparency))
+            if isinstance(transparency, int):
-            chunk(fp, b"tRNS", o16(transparency))
+                transparency = max(0, min(65535, transparency))
                chunk(fp, b"tRNS", o16(transparency))
            else:
                msg = f"transparency for {im.mode} must be an integer"
                raise ValueError(msg)
        elif im.mode == "RGB":
-            red, green, blue = transparency
+            if not isinstance(transparency, (list, tuple)):
-            chunk(fp, b"tRNS", o16(red) + o16(green) + o16(blue))
+                msg = "transparency for RGB must be list or tuple"
-        else:
+                raise ValueError(msg)
-            if "transparency" in im.encoderinfo:
+            elif len(transparency) != 3:
-                # don't bother with transparency if it's an RGBA
+                msg = "transparency for RGB must have length 3"
-                # and it's in the info dict. It's probably just stale.
+                raise ValueError(msg)
-                msg = "cannot use transparency for this mode"
+            else:
-                raise OSError(msg)
+                red, green, blue = transparency
-    else:
+                chunk(fp, b"tRNS", o16(red) + o16(green) + o16(blue))
-        if im.mode == "P" and im.im.getpalettemode() == "RGBA":
+        elif im.encoderinfo.get("transparency") is not None:
-            alpha = im.im.getpalette("RGBA", "A")
+            # don't bother with transparency if it's an RGBA
-            alpha_bytes = colors
+            # and it's in the info dict. It's probably just stale.
-            chunk(fp, b"tRNS", alpha[:alpha_bytes])
+            msg = "cannot use transparency for this mode"
            raise OSError(msg)
    elif im.mode == "P" and im.im.getpalettemode() == "RGBA":
        alpha = im.im.getpalette("RGBA", "A")
        alpha_bytes = colors
        chunk(fp, b"tRNS", alpha[:alpha_bytes])
    if dpi := im.encoderinfo.get("dpi"):
        chunk(
--- a/src/PIL/WebPImagePlugin.py
+++ b/src/PIL/WebPImagePlugin.py
@ -43,10 +43,15 @@ class WebPImageFile(ImageFile.ImageFile):
    __logical_frame = 0
    def _open(self) -> None:
        assert self.fp is not None
        s = self.fp.read()
        if not _accept(s):
            msg = "not a WEBP file"
            raise SyntaxError(msg)
        # Use the newer AnimDecoder API to parse the (possibly) animated file,
        # and access muxed chunks like ICC/EXIF/XMP.
-        assert self.fp is not None
+        self._decoder = _webp.WebPAnimDecoder(s)
        self._decoder = _webp.WebPAnimDecoder(self.fp.read())
        # Get info from decoder
        self._size, self.info["loop"], bgcolor, self.n_frames, self.rawmode = (
--- a/src/_imaging.c
+++ b/src/_imaging.c
@ -3172,8 +3172,8 @@ _draw_lines(ImagingDrawObject *self, PyObject *args) {
    PyObject *data;
    int ink;
-    int width = 0;
+    int width;
-    if (!PyArg_ParseTuple(args, "Oi|i", &data, &ink, &width)) {
+    if (!PyArg_ParseTuple(args, "Oii", &data, &ink, &width)) {
        return NULL;
    }
@ -3182,7 +3182,7 @@ _draw_lines(ImagingDrawObject *self, PyObject *args) {
        return NULL;
    }
-    if (width <= 1) {
+    if (width == 1) {
        double *p = NULL;
        for (i = 0; i < n - 1; i++) {
            p = &xy[i + i];
--- a/src/_imagingtk.c
+++ b/src/_imagingtk.c
@ -33,8 +33,10 @@ _tkinit(PyObject *self, PyObject *args) {
    }
    interp = (Tcl_Interp *)PyLong_AsVoidPtr(arg);
    if (interp == NULL && PyErr_Occurred()) {
        return NULL;
    }
    /* This will bomb if interp is invalid... */
    TkImaging_Init(interp);
    Py_RETURN_NONE;
--- a/src/libImaging/Convert.c
+++ b/src/libImaging/Convert.c
@ -37,8 +37,6 @@
 #define MAX(a, b) (a) > (b) ? (a) : (b)
 #define MIN(a, b) (a) < (b) ? (a) : (b)
 #define CLIP16(v) ((v) <= 0 ? 0 : (v) >= 65535 ? 65535 : (v))
 /* ITU-R Recommendation 601-2 (assuming nonlinear RGB) */
 #define L(rgb) ((INT32)(rgb)[0] * 299 + (INT32)(rgb)[1] * 587 + (INT32)(rgb)[2] * 114)
 #define L24(rgb) ((rgb)[0] * 19595 + (rgb)[1] * 38470 + (rgb)[2] * 7471 + 0x8000)
--- a/src/libImaging/ImagingUtils.h
+++ b/src/libImaging/ImagingUtils.h
@ -27,6 +27,8 @@
 #define CLIP8(v) ((v) <= 0 ? 0 : (v) < 256 ? (v) : 255)
 #define CLIP16(v) ((v) <= 0 ? 0 : (v) < 65536 ? (v) : 65535)
 /* This is to work around a bug in GCC prior 4.9 in 64 bit mode.
   GCC generates code with partial dependency which is 3 times slower.
   See: https://stackoverflow.com/a/26588074/253146 */
--- a/src/libImaging/Jpeg2KDecode.c
+++ b/src/libImaging/Jpeg2KDecode.c
@ -812,7 +812,7 @@ j2k_decode_entry(Imaging im, ImagingCodecState state) {
            break;
        }
-        /* Adjust the tile co-ordinates based on the reduction (OpenJPEG
+        /* Adjust the tile coordinates based on the reduction (OpenJPEG
           doesn't do this for us) */
        tile_info.x0 = (tile_info.x0 + correction) >> context->reduce;
        tile_info.y0 = (tile_info.y0 + correction) >> context->reduce;
--- a/src/libImaging/Resample.c
+++ b/src/libImaging/Resample.c
@ -492,9 +492,9 @@ ImagingResampleHorizontal_16bpc(
                        << 8)) *
                      k[x];
            }
-            ss_int = ROUND_UP(ss);
+            ss_int = CLIP16(ROUND_UP(ss));
-            imOut->image8[yy][xx * 2 + (bigendian ? 1 : 0)] = CLIP8(ss_int % 256);
+            imOut->image8[yy][xx * 2 + (bigendian ? 1 : 0)] = ss_int & 0xFF;
-            imOut->image8[yy][xx * 2 + (bigendian ? 0 : 1)] = CLIP8(ss_int >> 8);
+            imOut->image8[yy][xx * 2 + (bigendian ? 0 : 1)] = ss_int >> 8;
        }
    }
    ImagingSectionLeave(&cookie);
@ -531,9 +531,9 @@ ImagingResampleVertical_16bpc(
                       (imIn->image8[y + ymin][xx * 2 + (bigendian ? 0 : 1)] << 8)) *
                      k[y];
            }
-            ss_int = ROUND_UP(ss);
+            ss_int = CLIP16(ROUND_UP(ss));
-            imOut->image8[yy][xx * 2 + (bigendian ? 1 : 0)] = CLIP8(ss_int % 256);
+            imOut->image8[yy][xx * 2 + (bigendian ? 1 : 0)] = ss_int & 0xFF;
-            imOut->image8[yy][xx * 2 + (bigendian ? 0 : 1)] = CLIP8(ss_int >> 8);
+            imOut->image8[yy][xx * 2 + (bigendian ? 0 : 1)] = ss_int >> 8;
        }
    }
    ImagingSectionLeave(&cookie);
Author	SHA1	Message	Date
Hugo van Kemenade	877527cefc	Fix typo (#9632 )	2026-05-15 12:41:28 +03:00
Andrew Murray	dcd6d41e77	Fixed typo	2026-05-15 18:42:04 +10:00
Hugo van Kemenade	94ec04d33e	Switch iOS back to macos-26-intel (#9631 )	2026-05-15 11:41:19 +03:00
Andrew Murray	764e315923	Revert "Switch iOS back to macos-15-intel" This reverts commit `27de86483d`.	2026-05-15 15:02:42 +10:00
Hugo van Kemenade	0802206cfc	Update free-threading CI (#9625 )	2026-05-14 15:02:56 +03:00
Hugo van Kemenade	e7556b19b7	Don't use list as default in PdfParser read_prev_trailer (#9629 )	2026-05-14 14:09:33 +03:00
Hugo van Kemenade	3f74d08263	Remove default sep="=" Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>	2026-05-14 14:05:55 +03:00
Hugo van Kemenade	e9855d1705	Remove unused params Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>	2026-05-13 13:30:01 +03:00
danigm	f0f67f8cf8	PdfParser: Fix typing in read_prev_trailer Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>	2026-05-13 11:37:39 +02:00
Hugo van Kemenade	c48b302602	Consistently use "coordinates" instead of "co-ordinates" (#9628 )	2026-05-13 12:25:09 +03:00
Daniel Garcia Moreno	78ee80a6fd	PdfParser: Don't use list as def in read_prev_trailer It's not recommended to use the empty list as default value in functions or methods because Python interpreter evaluates during parsing, so it will be the same list for different calls. https://pylint.pycqa.org/en/latest/user_guide/messages/warning/dangerous-default-value.html	2026-05-13 11:14:41 +02:00
Andrew Murray	381e264e18	Consistently use "coordinates" instead of "co-ordinates" Co-authored-by: mokashang <mokashang@users.noreply.github.com>	2026-05-13 19:13:21 +10:00
Andrew Murray	9289863c2c	Add support for Python 3.15 (#9624 )	2026-05-13 07:54:40 +10:00
Hugo van Kemenade	4dc442fb01	Don't force PYTHON_GIL=0, instead fail if anything re-enables	2026-05-12 23:45:03 +03:00
Hugo van Kemenade	0582f43bad	No longer test experimental 3.13t	2026-05-12 20:41:07 +03:00
Hugo van Kemenade	22e47e38bb	Simplify setting PYTHON_GIL	2026-05-12 20:41:07 +03:00
Hugo van Kemenade	954269051b	Do not draw line or arc if width is zero (#9589 )	2026-05-12 19:55:18 +03:00
Andrew Murray	3ce681240f	Use _accept check in WebP _open (#9605 )	2026-05-12 12:11:38 +10:00
Hugo van Kemenade	ea5901535d	Compare dist sizes vs latest PyPI release (#9621 ) Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>	2026-05-12 07:31:03 +10:00
Andrew Murray	24696af889	Increase AVIF test epsilon for riscv64 (#9606 )	2026-05-08 19:50:29 +10:00
Hugo van Kemenade	7be56cc100	Do not generate SBOM in scheduled run on fork (#9620 )	2026-05-07 22:59:33 +03:00
Andrew Murray	70713d69b0	Do not generate SBOM in scheduled run on fork	2026-05-07 23:53:24 +10:00
Andrew Murray	894c5d5335	Width is always provided	2026-05-07 19:48:08 +10:00
Andrew Murray	f693a3a0e5	Use plugin method directly when saving PDFs (#9547 )	2026-05-06 23:51:16 +10:00
mergify[bot]	6a05e34b69	[pre-commit.ci] pre-commit autoupdate (#9617 )	2026-05-04 17:58:03 +00:00
pre-commit-ci[bot]	903065f5e9	[pre-commit.ci] pre-commit autoupdate updates: - [github.com/astral-sh/ruff-pre-commit: v0.15.9 → v0.15.12](https://github.com/astral-sh/ruff-pre-commit/compare/v0.15.9...v0.15.12) - [github.com/pre-commit/mirrors-clang-format: v22.1.2 → v22.1.4](https://github.com/pre-commit/mirrors-clang-format/compare/v22.1.2...v22.1.4) - [github.com/python-jsonschema/check-jsonschema: 0.37.1 → 0.37.2](https://github.com/python-jsonschema/check-jsonschema/compare/0.37.1...0.37.2) - [github.com/zizmorcore/zizmor-pre-commit: v1.23.1 → v1.24.1](https://github.com/zizmorcore/zizmor-pre-commit/compare/v1.23.1...v1.24.1) - [github.com/tox-dev/pyproject-fmt: v2.21.0 → v2.21.1](https://github.com/tox-dev/pyproject-fmt/compare/v2.21.0...v2.21.1)	2026-05-04 17:17:50 +00:00
renovate[bot]	689a7f37fd	Update google/oss-fuzz digest to d872252 (#9614 )	2026-05-04 21:45:55 +10:00
Hugo van Kemenade	599ddd368c	Set Renovate prCreation to not-pending (#9616 )	2026-05-04 13:44:13 +03:00
Andrew Murray	ab25042353	Set prCreation to not-pending	2026-05-04 19:42:55 +10:00
Hugo van Kemenade	1cd2d0f67a	Update dependency lcms2 to v2.19 (#9609 )	2026-05-03 19:06:59 +03:00
Hugo van Kemenade	5f469b6bd2	Update dependency libpng to v1.6.58 (#9608 )	2026-05-03 19:06:30 +03:00
Hugo van Kemenade	ead2f34515	Update dependency harfbuzz to v14 (#9610 )	2026-05-03 19:06:13 +03:00
Hugo van Kemenade	a6fc9992f2	Update dependency mypy to v1.20.2 (#9599 )	2026-05-03 19:05:49 +03:00
Andrew Murray	2128d6465c	Do not draw line or arc if width is zero	2026-05-03 22:41:33 +10:00
Andrew Murray	4bba24632f	Update docs	2026-05-03 22:13:11 +10:00
Andrew Murray	21790fc0da	Check if sys.stdout is a TextIOWrapper instance	2026-05-03 13:26:42 +03:00
Andrew Murray	c234720aca	Convert Exif to dictionary before checking	2026-05-03 13:26:42 +03:00
renovate[bot]	575b33d811	Update dependency mypy to v1.20.2	2026-05-03 13:26:42 +03:00
Hugo van Kemenade	82614324ed	Raise error if PNG transparency has incorrect type or length when saving (#9536 )	2026-05-03 13:25:49 +03:00
renovate[bot]	32b6c5f0ee	Update dependency harfbuzz to v14	2026-05-03 10:25:32 +00:00
renovate[bot]	956d434c68	Update dependency lcms2 to v2.19	2026-05-03 10:25:27 +00:00
renovate[bot]	3bbb7a2a04	Update dependency libpng to v1.6.58	2026-05-03 10:25:22 +00:00
Hugo van Kemenade	b656f900b4	If PdfParser buffer is memoryview, release it when closing (#9596 )	2026-05-03 13:23:51 +03:00
Hugo van Kemenade	586604d0c3	Update github-actions (#9611 )	2026-05-03 10:20:37 +03:00
renovate[bot]	d92b826c4a	Update github-actions	2026-05-03 06:03:07 +00:00
renovate[bot]	2d02654c54	Update dependency cibuildwheel to v3.4.1 (#9607 )	2026-05-03 14:11:33 +10:00
Hayato Ikoma	7e4ca8b3ab	Correct integer overflow in 16-bit resampling (#9480 ) Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>	2026-05-02 14:36:20 +10:00
Hugo van Kemenade	be8563347b	SBOM: Use real versions from dependencies.json (#9593 )	2026-05-01 00:05:37 +03:00
Hugo van Kemenade	fc47d07603	No need to sort a sorted list	2026-04-30 16:17:39 +03:00
Hugo van Kemenade	7fe1b9ee04	Restrict SBOM upload to only Pillow JSON (#9598 )	2026-04-30 16:13:24 +03:00
Andrew Murray	4af29fb732	Restrict SBOM upload to Pillow JSON	2026-04-30 18:41:41 +10:00
Andrew Murray	1f3b8a831d	If PdfParser buffer is memoryview, release it when closing	2026-04-30 00:13:37 +10:00
Andrew Murray	0ef81c33af	Add Fedora 44 (#9594 )	2026-04-29 10:30:17 +10:00
Hugo van Kemenade	3dda1d190f	Git ignore generated SBOM	2026-04-28 15:58:33 +03:00
Hugo van Kemenade	f2ee74b2f8	Use versions from dependencies.json, remove historical 'tested on'	2026-04-28 15:58:33 +03:00
Hugo van Kemenade	99869f0313	Sort things alphabetically to make easier to find	2026-04-28 15:52:41 +03:00
Andrew Murray	fe054a1b3f	Added CVEs to 12.2.0 release notes (#9591 ) Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>	2026-04-28 08:53:21 +10:00
Hugo van Kemenade	852a832832	Deduplicate path triggers in workflows (#9590 )	2026-04-27 18:35:58 +03:00
Hugo van Kemenade	755b73b274	Deduplicate path triggers in workflows	2026-04-27 14:14:13 +03:00
Hugo van Kemenade	f0fe496315	Fix typo to trigger on self change	2026-04-27 13:44:52 +03:00
Hugo van Kemenade	fba17910aa	Test Ubuntu 26.04 LTS (Resolute Raccoon) (#9587 )	2026-04-26 12:05:56 +03:00
Jeffrey 'Alex' Clark	d2b20102e4	Generate CycloneDX SBOM at release time via CI (#9550 ) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com> Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com> Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com>	2026-04-26 00:35:21 +03:00
Hugo van Kemenade	8c522096e8	Archive non-amd64 variants of 24.04	2026-04-25 14:38:17 +03:00
Hugo van Kemenade	855774a175	Test Ubuntu 26.04 Co-authored-by: Andrew Murray <radarhere@users.noreply.github.com>	2026-04-25 14:06:06 +03:00
Hugo van Kemenade	2ae2c4e84f	Skip EPS test_1 for Ghostscript 10.06.0 (#9588 )	2026-04-25 08:58:02 +03:00
Andrew Murray	a908c62460	Skip test_1 for Ghostscript 10.06.0	2026-04-25 13:19:01 +10:00
Andrew Murray	53800d4fcf	Raise ValueError if ImageOps border has unsupported format (#9426 )	2026-04-24 21:10:05 +10:00
Andrew Murray	a0cd878bed	Check PyLong_AsVoidPtr result (#9548 )	2026-04-24 21:04:00 +10:00
Jeffrey 'Alex' Clark	4e0aeba4af	Revise development support information in README (#9583 )	2026-04-22 22:22:50 -04:00
Jeffrey 'Alex' Clark	5f9112e862	Update README.md Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>	2026-04-22 22:22:33 -04:00
Jeffrey 'Alex' Clark	9605fccf00	Revise development support information in README Updated development support section with new sponsors.	2026-04-22 21:25:52 -04:00
Jeffrey 'Alex' Clark	1382fc4767	Add INCIDENT_RESPONSE.md (#9555 )	2026-04-22 20:12:57 -04:00
Jeffrey 'Alex' Clark	c8c391b9c0	Update .github/INCIDENT_RESPONSE.md Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>	2026-04-22 20:11:03 -04:00
Jeffrey 'Alex' Clark	a124ed208f	Update template wording	2026-04-14 11:36:33 -04:00
Jeffrey 'Alex' Clark	ee24a11073	Update .github/INCIDENT_RESPONSE.md Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>	2026-04-14 11:26:03 -04:00
Jeffrey 'Alex' Clark	6e1ccab749	Address review feedback on INCIDENT_RESPONSE.md - Update CVSS v3.1 to CVSS 4.0 throughout - Remove 'Direct maintainer contact' from detection sources - Fix 'before it stays public' wording for user bug reports - Simplify sections 7.3 and 7.4 to reference RELEASING.md instead of duplicating release process steps - Update RELEASING.md Point release section with security-specific steps (amend CVE in commits, publish GitHub Security Advisory) - Fix PyPI API tokens entry (remove GitHub secrets reference) - Fix 404 PyPI manage URL (use correct case and /releases/ path) - Replace security@pypi.org mailto with https://pypi.org/security/ - Remove unconfirmed 'Notify GitHub Security' bullet - Fix section numbering: 10.x → 9.x under Section 9. Dependency Map - Reorder: move 9.3 Responding to Upstream Vulnerability before 9.3 Downstream Dependencies (now 9.2 and 9.3 respectively) - Add anchor link for Section 5 reference in 9.2 - Add #plugin-list anchor to third-party plugins handbook link - Fix GitLab issue tracker URLs to use /-/work_items for libtiff, freetype2, and bzip2 - Add pyproject.toml reference for complete optional dependencies list Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-10 10:58:43 -04:00
Jeffrey 'Alex' Clark	0cbdd2eff9	Update .github/INCIDENT_RESPONSE.md Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>	2026-04-10 10:37:34 -04:00
Jeffrey 'Alex' Clark	24b12dc84f	Combine plan maintenance into a single paragraph Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-10 07:49:37 -04:00
Jeffrey 'Alex' Clark	d016c90108	Remove active exploitation escalation bullet from incident response Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-10 07:44:27 -04:00
Jeffrey 'Alex' Clark	6a0192a40a	Update .github/INCIDENT_RESPONSE.md Co-authored-by: Andrew Murray <3112309+radarhere@users.noreply.github.com>	2026-04-10 07:44:16 -04:00
Jeffrey 'Alex' Clark	6fe81dd52e	Remove Wand from downstream dependencies Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 18:19:22 -04:00
Jeffrey 'Alex' Clark	55989595ea	Add private channels note to internal communication guidance Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 18:17:39 -04:00
Jeffrey 'Alex' Clark	b579577aa0	Link to section 1.3 in Plan Maintenance Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 18:15:25 -04:00
Jeffrey 'Alex' Clark	6f815c2d8d	Clarify advisory thread purpose as reporter coordination Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 18:13:43 -04:00
Jeffrey 'Alex' Clark	80a91fdb4e	Add setuptools to Python-level dependencies Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 18:08:44 -04:00
Jeffrey 'Alex' Clark	0d440b7d09	Trim Plan Maintenance section Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 18:04:00 -04:00
Jeffrey 'Alex' Clark	00ff8636a2	Remove section 7.5 Rollback Procedures Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 18:01:08 -04:00
Jeffrey 'Alex' Clark	e74a89f70e	Trim version support matrix prose Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 17:59:29 -04:00
Jeffrey 'Alex' Clark	20af4ec89c	Change Critical/High SLA targets to best effort Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 17:55:11 -04:00
Jeffrey 'Alex' Clark	3f90d5c4da	Replace section sign (§) with plain Section references Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 17:53:04 -04:00
Jeffrey 'Alex' Clark	68be7f30ff	Remove Tidelift notification step from triage Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 17:50:45 -04:00
Jeffrey 'Alex' Clark	e0f9e2b98e	Fix severity classification cross-reference, remove incident lead assignment step Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 17:46:58 -04:00
Jeffrey 'Alex' Clark	ad582c1a8e	Simplify Roles section note Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 17:38:34 -04:00
Jeffrey 'Alex' Clark	c2ac2da31c	Inline Readiness Review procedure as prose Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 17:28:42 -04:00
Jeffrey 'Alex' Clark	3aa076129f	Remove backport comment from version support matrix Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 17:25:32 -04:00
Jeffrey 'Alex' Clark	4a74a20b86	Update Readiness Review: quarterly cadence, trim checklist Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 17:23:52 -04:00
Jeffrey 'Alex' Clark	64ed4710b9	Fix version support matrix to reflect main-only security policy Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>	2026-04-09 16:59:41 -04:00
Jeffrey 'Alex' Clark	cdaa1bf9ef	Add sections from Bootstrap example At the risk of making this document larger, add in sections in Bootstrap IRP but not ours. - https://github.com/twbs/bootstrap/blob/main/.github/INCIDENT_RESPONSE.md	2026-04-09 12:57:16 -04:00
Jeffrey 'Alex' Clark	4d63d0b3a6	Fix links	2026-04-09 12:47:50 -04:00
Jeffrey 'Alex' Clark	cb5736ea3e	Add INCIDENT_RESPONSE.md	2026-04-09 12:36:00 -04:00
Trần Bách	117de2b181	fix(security)(_imagingtk.c): unsafe pointer dereference from unchecked python i In `_tkinit`, `PyLong_AsVoidPtr(arg)` converts an arbitrary Python object to a `void` pointer which is then cast to `Tcl_Interp` and passed to `TkImaging_Init`. If `PyLong_AsVoidPtr` fails (returns NULL and sets an error), or if the caller passes an arbitrary integer value, the code proceeds to dereference it without any validation, potentially leading to a crash or arbitrary memory access. Affected files: _imagingtk.c Signed-off-by: Trần Bách <45133811+barttran2k@users.noreply.github.com>	2026-04-07 09:41:12 +07:00
Andrew Murray	e58c67347a	Raise error if transparency is incorrect type or length when saving	2026-04-03 22:19:52 +11:00
Andrew Murray	7f68decf2c	Clarified condition	2026-04-03 22:16:51 +11:00
Varun Chawla	e50d8a5192	Improve border validation error message wording	2026-02-22 18:50:14 -08:00
Varun Chawla	f708c00527	Fix UnboundLocalError in _border for invalid tuple lengths and document rgba() color format The _border helper in ImageOps raised UnboundLocalError when given a tuple with a length other than 2 or 4 (e.g. 1-tuple or 3-tuple). This changes it to raise a clear ValueError instead. Also adds documentation for the rgba() color format in ImageColor, which was supported in code and tested but missing from the docs.	2026-02-13 19:38:48 -08:00