Skip to content

Commit 17858dc

Browse files
renovate[bot]renovate[bot]
authored
chore(deps): update dependency pillow to v12.1.1 [security] (#136)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [pillow](https://redirect.github.com/python-pillow/Pillow) ([changelog](https://redirect.github.com/python-pillow/Pillow/releases)) | `12.1.0` → `12.1.1` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/pillow/12.1.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pillow/12.1.0/12.1.1?slim=true) | ### GitHub Vulnerability Alerts #### [CVE-2026-25990](https://redirect.github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc) ### Impact An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected. ### Patches Pillow 12.1.1 will be released shortly with a fix for this. ### Workarounds `Image.open()` has a `formats` parameter that can be used to prevent PSD images from being opened. ### References Pillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html --- ### Release Notes <details> <summary>python-pillow/Pillow (pillow)</summary> ### [`v12.1.1`](https://redirect.github.com/python-pillow/Pillow/compare/12.1.0...12.1.1) [Compare Source](https://redirect.github.com/python-pillow/Pillow/compare/12.1.0...12.1.1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Buried-In-Code/Perdoo). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Ny4wIiwidXBkYXRlZEluVmVyIjoiNDIuOTcuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent d252133 commit 17858dc

File tree

1 file changed

+94
-94
lines changed

1 file changed

+94
-94
lines changed

0 commit comments

Comments
 (0)