Bump pillow from 8.1.1 to 12.2.0 in /src by dependabot[bot] · Pull Request #50 · CodeEditorLand/LandPythonDeviceSimulator

dependabot · 2026-05-05T07:41:12Z

Bumps pillow from 8.1.1 to 12.2.0.

Release notes

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Update 12.2.0 release notes #9522 [@hugovk]

Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #9482 [@bitplane]

Update Python versions #9515 [@radarhere]

Jeffrey A. Clark -> Jeffrey 'Alex' Clark #9513 [@aclark4life]

Add release notes for #9394, #9419 and #9456 #9467 [@radarhere]

Add Amiga Workbench .info loader to 3rd party plugins list #9459 [@bitplane]

Merge PFM documentation into PPM #9434 [@radarhere]

Update macOS tested Pillow versions #9431 [@radarhere]

Fix CVE number #9430 [@hugovk]

Dependencies

Update xz to 5.8.3 #9523 [@radarhere]

Update libjpeg-turbo to 3.1.4.1 #9507 [@radarhere]

Update libpng to 1.6.56 #9499 [@radarhere]

Update freetype to 2.14.3 #9485 [@radarhere]

Updated libavif to 1.4.1 #9479 [@radarhere]

Updated harfbuzz to 13.2.1 #9461 [@radarhere]

Update Ghostscript to 10.7.0 #9469 [@radarhere]

Update harfbuzz to 13.0.1 #9453 [@radarhere]

Update libavif to 1.4.0 #9460 [@radarhere]

Update freetype to 2.14.2 #9449 [@radarhere]

Update actions/download-artifact action to v8 #9451 [@renovate[bot]]

Updated libpng to 1.6.55 #9425 [@radarhere]

Testing

Cleanup .spider extension in the same test where it is added #9517 [@radarhere]

Run tests in parallel via tox for 3.5x speedup #9516 [@hugovk]

Enable colour in CI logs #9486 [@hugovk]

Update Ghostscript to 10.7.0 #9469 [@radarhere]

Simplify TGA test code #9477 [@radarhere]

Update tests to check for ValueError when encoding an empty image #9464 [@radarhere]

Upgrade CI from macos-15-intel to macos-26-intel #9454 [@hugovk]

Add check-case-conflict hook #9446 [@radarhere]

Specify platform when pulling docker image #9440 [@radarhere]

GHA: Cache libavif and webp builds for Ubuntu #9437 [@hugovk]

Update macOS tested Pillow versions #9431 [@radarhere]

Other changes

Check calloc return value #9527 [@radarhere]

Check all allocs in the Arrow tree #9488 [@wiredfool]

Reject non-numeric elements inside list coords #9526 [@hugovk]

Move variable declaration inside define #9525 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

Changelog (Pillow)

11.1.0 and newer

See GitHub Releases:

https://github.com/python-pillow/Pillow/releases

11.0.0 (2024-10-15)

Update licence to MIT-CMU #8460 [hugovk]

Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

Do not close provided file handles with libtiff when saving #8458 [radarhere]

Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

Use transparency when combining P frames from APNGs #8443 [radarhere]

Support all resampling filters when resizing I;16* images #8422 [radarhere]

Free memory on early return #8413 [radarhere]

Cast int before potentially exceeding INT_MAX #8402 [radarhere]

... (truncated)

Commits

3c41c09 12.2.0 version bump
cdaa29e Check calloc return value (#9527)
585b2f5 Check calloc return value
ecf011e Check all allocs in the Arrow tree (#9488)
cf6de8c Reject non-numeric elements inside list coords (#9526)
ffdcede Update 12.2.0 release notes (#9522)
7929d77 Added security release notes (#149)
c4f7aa5 Added security release notes
22cdb5f Move variable declaration inside define (#9525)
fc15b3b Resize tall images vertically first (#9524)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [pillow](https://github.com/python-pillow/Pillow) from 8.1.1 to 12.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@8.1.1...12.2.0) --- updated-dependencies: - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-05-05T08:03:41Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Protestware or unwanted behavior: npm `es5-ext` Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts. From: `?` → `npm/es5-ext@0.10.64` ℹ Read more on: This package \| This alert \| What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/es5-ext@0.10.64`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 5, 2026

dependabot Bot mentioned this pull request May 5, 2026

Bump pillow from 8.1.1 to 10.3.0 in /src #28

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump pillow from 8.1.1 to 12.2.0 in /src#50

Bump pillow from 8.1.1 to 12.2.0 in /src#50
dependabot[bot] wants to merge 1 commit intoCurrentfrom
dependabot/pip/src/pillow-12.2.0

dependabot Bot commented on behalf of github May 5, 2026

Uh oh!

socket-security Bot commented May 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 5, 2026

12.2.0

Documentation

Dependencies

Testing

Other changes

Changelog (Pillow)

11.1.0 and newer

11.0.0 (2024-10-15)

Uh oh!

socket-security Bot commented May 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants