Skip to content

Commit 018382d

Browse files
radarhereradarhere
committed
Merge branch 'main' into jxl-support2
2 parents b87b189 + 087376d commit 018382d

41 files changed

Lines changed: 506 additions & 249 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.ci/requirements-cibw.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
cibuildwheel==3.3.1
1+
cibuildwheel==3.4.0

.github/FUNDING.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
1-
tidelift: "pypi/pillow"
1+
github: python-pillow
2+
tidelift: pypi/pillow

.github/SECURITY.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
# Security policy
22

3-
To report sensitive vulnerability information, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
3+
To report sensitive vulnerability information, report it [privately on GitHub](https://github.com/python-pillow/Pillow/security/advisories/new).
44

5-
If your organisation/employer is a distributor of Pillow and would like advance notification of security-related bugs, please let us know your preferred contact method.
5+
If you cannot use GitHub, use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
6+
7+
DO NOT report sensitive vulnerability information in public.

.github/dependencies.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
{
2+
"brotli": "1.2.0",
3+
"bzip2": "1.0.8",
4+
"freetype": "2.14.3",
5+
"fribidi": "1.0.16",
6+
"harfbuzz": "13.2.1",
7+
"highway": "1.3.0",
8+
"jpegturbo": "3.1.4.1",
9+
"jpegxl": "0.11.2",
10+
"lcms2": "2.18",
11+
"libavif": "1.4.1",
12+
"libimagequant": "4.4.1",
13+
"libpng": "1.6.56",
14+
"libwebp": "1.6.0",
15+
"libxcb": "1.17.0",
16+
"openjpeg": "2.5.4",
17+
"tiff": "4.7.1",
18+
"xz": "5.8.3",
19+
"zlib-ng": "2.3.3",
20+
"zstd": "1.5.7"
21+
}

.github/renovate.json

Lines changed: 175 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,16 +7,185 @@
77
"Dependency"
88
],
99
"minimumReleaseAge": "7 days",
10+
"schedule": [
11+
"* * 3 * *"
12+
],
13+
"customManagers": [
14+
{
15+
"customType": "regex",
16+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
17+
"matchStrings": ["\"brotli\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
18+
"depNameTemplate": "brotli",
19+
"packageNameTemplate": "google/brotli",
20+
"datasourceTemplate": "github-releases",
21+
"extractVersionTemplate": "^v(?<version>.+)$"
22+
},
23+
{
24+
"customType": "regex",
25+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
26+
"matchStrings": ["\"bzip2\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
27+
"depNameTemplate": "bzip2",
28+
"packageNameTemplate": "bzip2/bzip2",
29+
"datasourceTemplate": "gitlab-tags",
30+
"extractVersionTemplate": "^bzip2-(?<version>.+)$"
31+
},
32+
{
33+
"customType": "regex",
34+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
35+
"matchStrings": ["\"freetype\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
36+
"depNameTemplate": "freetype",
37+
"packageNameTemplate": "freetype/freetype",
38+
"datasourceTemplate": "gitlab-tags",
39+
"registryUrlTemplate": "https://gitlab.freedesktop.org",
40+
"extractVersionTemplate": "^VER-(?<version>[\\d-]+)$",
41+
"versioningTemplate": "regex:^(?<major>\\d+)[.-](?<minor>\\d+)[.-](?<patch>\\d+)$"
42+
},
43+
{
44+
"customType": "regex",
45+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
46+
"matchStrings": ["\"fribidi\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
47+
"depNameTemplate": "fribidi",
48+
"packageNameTemplate": "fribidi/fribidi",
49+
"datasourceTemplate": "github-releases",
50+
"extractVersionTemplate": "^v(?<version>.+)$"
51+
},
52+
{
53+
"customType": "regex",
54+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
55+
"matchStrings": ["\"harfbuzz\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
56+
"depNameTemplate": "harfbuzz",
57+
"packageNameTemplate": "harfbuzz/harfbuzz",
58+
"datasourceTemplate": "github-releases"
59+
},
60+
{
61+
"customType": "regex",
62+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
63+
"matchStrings": ["\"highway\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
64+
"depNameTemplate": "highway",
65+
"packageNameTemplate": "google/highway",
66+
"datasourceTemplate": "github-releases"
67+
},
68+
{
69+
"customType": "regex",
70+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
71+
"matchStrings": ["\"jpegturbo\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
72+
"depNameTemplate": "jpegturbo",
73+
"packageNameTemplate": "libjpeg-turbo/libjpeg-turbo",
74+
"datasourceTemplate": "github-releases"
75+
},
76+
{
77+
"customType": "regex",
78+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
79+
"matchStrings": ["\"jpegxl\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
80+
"depNameTemplate": "jpegxl",
81+
"packageNameTemplate": "libjxl/libjxl",
82+
"datasourceTemplate": "github-releases",
83+
"extractVersionTemplate": "^v(?<version>.+)$"
84+
},
85+
{
86+
"customType": "regex",
87+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
88+
"matchStrings": ["\"lcms2\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
89+
"depNameTemplate": "lcms2",
90+
"packageNameTemplate": "mm2/Little-CMS",
91+
"datasourceTemplate": "github-releases",
92+
"extractVersionTemplate": "^lcms(?<version>.+)$"
93+
},
94+
{
95+
"customType": "regex",
96+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
97+
"matchStrings": ["\"libavif\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
98+
"depNameTemplate": "libavif",
99+
"packageNameTemplate": "AOMediaCodec/libavif",
100+
"datasourceTemplate": "github-releases",
101+
"extractVersionTemplate": "^v(?<version>.+)$"
102+
},
103+
{
104+
"customType": "regex",
105+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
106+
"matchStrings": ["\"libimagequant\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
107+
"depNameTemplate": "libimagequant",
108+
"packageNameTemplate": "ImageOptim/libimagequant",
109+
"datasourceTemplate": "github-tags"
110+
},
111+
{
112+
"customType": "regex",
113+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
114+
"matchStrings": ["\"libpng\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
115+
"depNameTemplate": "libpng",
116+
"packageNameTemplate": "pnggroup/libpng",
117+
"datasourceTemplate": "github-tags",
118+
"extractVersionTemplate": "^v(?<version>.+)$"
119+
},
120+
{
121+
"customType": "regex",
122+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
123+
"matchStrings": ["\"libwebp\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
124+
"depNameTemplate": "libwebp",
125+
"packageNameTemplate": "webmproject/libwebp",
126+
"datasourceTemplate": "github-tags",
127+
"extractVersionTemplate": "^v(?<version>.+)$"
128+
},
129+
{
130+
"customType": "regex",
131+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
132+
"matchStrings": ["\"libxcb\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
133+
"depNameTemplate": "libxcb",
134+
"packageNameTemplate": "xorg/lib/libxcb",
135+
"datasourceTemplate": "gitlab-tags",
136+
"registryUrlTemplate": "https://gitlab.freedesktop.org",
137+
"extractVersionTemplate": "^libxcb-(?<version>.+)$"
138+
},
139+
{
140+
"customType": "regex",
141+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
142+
"matchStrings": ["\"openjpeg\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
143+
"depNameTemplate": "openjpeg",
144+
"packageNameTemplate": "uclouvain/openjpeg",
145+
"datasourceTemplate": "github-releases",
146+
"extractVersionTemplate": "^v(?<version>.+)$"
147+
},
148+
{
149+
"customType": "regex",
150+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
151+
"matchStrings": ["\"tiff\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
152+
"depNameTemplate": "tiff",
153+
"packageNameTemplate": "libtiff/libtiff",
154+
"datasourceTemplate": "gitlab-tags",
155+
"extractVersionTemplate": "^v(?<version>.+)$"
156+
},
157+
{
158+
"customType": "regex",
159+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
160+
"matchStrings": ["\"xz\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
161+
"depNameTemplate": "xz",
162+
"packageNameTemplate": "tukaani-project/xz",
163+
"datasourceTemplate": "github-releases",
164+
"extractVersionTemplate": "^v(?<version>.+)$"
165+
},
166+
{
167+
"customType": "regex",
168+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
169+
"matchStrings": ["\"zlib-ng\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
170+
"depNameTemplate": "zlib-ng",
171+
"packageNameTemplate": "zlib-ng/zlib-ng",
172+
"datasourceTemplate": "github-releases"
173+
},
174+
{
175+
"customType": "regex",
176+
"managerFilePatterns": ["/^\\.github/dependencies\\.json$/"],
177+
"matchStrings": ["\"zstd\":\\s*\"(?<currentValue>\\d+[^\"]*)\""],
178+
"depNameTemplate": "zstd",
179+
"packageNameTemplate": "facebook/zstd",
180+
"datasourceTemplate": "github-releases",
181+
"extractVersionTemplate": "^v(?<version>.+)$"
182+
}
183+
],
10184
"packageRules": [
11185
{
12186
"groupName": "github-actions",
13-
"matchManagers": [
14-
"github-actions"
15-
],
187+
"matchManagers": ["github-actions"],
16188
"separateMajorMinor": false
17189
}
18-
],
19-
"schedule": [
20-
"* * 3 * *"
21190
]
22191
}

.github/workflows/Brewfile

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
brew "aom"
2+
brew "dav1d"
3+
brew "freetype"
4+
brew "ghostscript"
5+
brew "jpeg-turbo"
6+
brew "libimagequant"
7+
brew "libraqm"
8+
brew "libtiff"
9+
brew "little-cms2"
10+
brew "openjpeg"
11+
brew "rav1e"
12+
brew "svt-av1"
13+
brew "webp"

.github/workflows/cifuzz.yml

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,14 @@ on:
55
branches:
66
- "**"
77
paths:
8+
- ".github/dependencies.json"
89
- ".github/workflows/cifuzz.yml"
910
- ".github/workflows/wheels-dependencies.sh"
1011
- "**.c"
1112
- "**.h"
1213
pull_request:
1314
paths:
15+
- ".github/dependencies.json"
1416
- ".github/workflows/cifuzz.yml"
1517
- ".github/workflows/wheels-dependencies.sh"
1618
- "**.c"
@@ -33,27 +35,27 @@ jobs:
3335
steps:
3436
- name: Build Fuzzers
3537
id: build
36-
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
38+
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@e41e2f295eb18d630932fdd33d072527ba74c87b # master
3739
with:
3840
oss-fuzz-project-name: 'pillow'
3941
language: python
4042
dry-run: false
4143
- name: Run Fuzzers
4244
id: run
43-
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
45+
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@e41e2f295eb18d630932fdd33d072527ba74c87b # master
4446
with:
4547
oss-fuzz-project-name: 'pillow'
4648
fuzz-seconds: 600
4749
language: python
4850
dry-run: false
4951
- name: Upload New Crash
50-
uses: actions/upload-artifact@v6
52+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
5153
if: failure() && steps.build.outcome == 'success'
5254
with:
5355
name: artifacts
5456
path: ./out/artifacts
5557
- name: Upload Legacy Crash
56-
uses: actions/upload-artifact@v6
58+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
5759
if: steps.run.outcome == 'success'
5860
with:
5961
name: crash

.github/workflows/docs.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -32,12 +32,12 @@ jobs:
3232
name: Docs
3333

3434
steps:
35-
- uses: actions/checkout@v6
35+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3636
with:
3737
persist-credentials: false
3838

3939
- name: Set up Python
40-
uses: actions/setup-python@v6
40+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
4141
with:
4242
python-version: "3.x"
4343
cache: pip
@@ -49,21 +49,21 @@ jobs:
4949
run: python3 .github/workflows/system-info.py
5050

5151
- name: Cache libavif
52-
uses: actions/cache@v5
52+
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
5353
id: cache-libavif
5454
with:
5555
path: ~/cache-libavif
5656
key: ${{ runner.os }}-libavif-${{ hashFiles('depends/install_libavif.sh', 'depends/libavif-svt4.patch') }}
5757

5858
- name: Cache libimagequant
59-
uses: actions/cache@v5
59+
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
6060
id: cache-libimagequant
6161
with:
6262
path: ~/cache-libimagequant
6363
key: ${{ runner.os }}-libimagequant-${{ hashFiles('depends/install_imagequant.sh') }}
6464

6565
- name: Cache libwebp
66-
uses: actions/cache@v5
66+
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
6767
id: cache-libwebp
6868
with:
6969
path: ~/cache-libwebp

.github/workflows/lint.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,14 +18,14 @@ jobs:
1818
runs-on: ubuntu-latest
1919
name: Lint
2020
steps:
21-
- uses: actions/checkout@v6
21+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2222
with:
2323
persist-credentials: false
24-
- uses: actions/setup-python@v6
24+
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
2525
with:
2626
python-version: "3.x"
2727
- name: Install uv
28-
uses: astral-sh/setup-uv@v7
28+
uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
2929
- name: Lint
3030
run: uvx --with tox-uv tox -e lint
3131
- name: Mypy

.github/workflows/macos-install.sh

Lines changed: 1 addition & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -2,20 +2,7 @@
22

33
set -e
44

5-
brew install \
6-
aom \
7-
dav1d \
8-
freetype \
9-
ghostscript \
10-
jpeg-turbo \
11-
libimagequant \
12-
libraqm \
13-
libtiff \
14-
little-cms2 \
15-
openjpeg \
16-
rav1e \
17-
svt-av1 \
18-
webp
5+
brew bundle --file=.github/workflows/Brewfile
196
export PKG_CONFIG_PATH="/usr/local/opt/openblas/lib/pkgconfig"
207

218
python3 -m pip install coverage

0 commit comments

Comments
 (0)