chore(deps): update dependency pillow to v12 [security]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pillow (changelog)	==10.1.0 → ==12.2.0

---

Arbitrary Code Execution in Pillow

CVE-2023-50447 / GHSA-3f63-hfp8-52jq

More information

Details

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

Severity

• CVSS Score: 9.3 / 10 (Critical)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-50447
• https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
• https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
• http://www.openwall.com/lists/oss-security/2024/01/20/1
• https://github.com/python-pillow/Pillow/releases
• https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
• https://devhub.checkmarx.com/cve-details/CVE-2023-50447
• https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
• https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
• https://github.com/advisories/GHSA-3f63-hfp8-52jq

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Pillow buffer overflow vulnerability

CVE-2024-28219 / GHSA-44wm-f244-xhp3

More information

Details

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

Severity

• CVSS Score: 7.3 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-28219
• https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security
• https://github.com/python-pillow/Pillow/commit/2a93aba5cfcf6e241ab4f9392c13e3b74032c061
• https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M
• https://github.com/advisories/GHSA-44wm-f244-xhp3

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Pillow has an integer overflow when processing fonts

CVE-2026-42308 / GHSA-wjx4-4jcj-g98j

More information

Details

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed.

Severity

• CVSS Score: 5.1 / 10 (Medium)
• Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

• https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
• https://github.com/advisories/GHSA-wjx4-4jcj-g98j

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

CVE-2026-42310 / GHSA-r73j-pqj5-w3x7

More information

Details

Impact

An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive.

Patches

Patched version: 12.2.0.

PdfParser (introduced in Pillow 4.2.0) follows Prev pointers in PDF trailers to read cross-reference sections. If a
trailer's Prev pointer references an offset that has already been processed — either pointing to itself or forming a
longer cycle — the parser enters an infinite loop. Pillow now tracks previously processed trailer offsets and raises an
error if a cycle is detected.

Workarounds

Use any version but the affected versions: >= 4.2.0, < 12.2.0

Resources

• Fix: https://github.com/python-pillow/Pillow/pull/9519

Severity

• CVSS Score: 5.1 / 10 (Medium)
• Vector String: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References

• https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7
• https://github.com/python-pillow/Pillow/pull/9519
• https://github.com/advisories/GHSA-r73j-pqj5-w3x7

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

python-pillow/Pillow (pillow)

v12.2.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

• Update 12.2.0 release notes #​9522 [@​hugovk]
• Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #​9482 [@​bitplane]
• Update Python versions #​9515 [@​radarhere]
• Jeffrey A. Clark -> Jeffrey 'Alex' Clark #​9513 [@​aclark4life]
• Add release notes for #​9394, #​9419 and #​9456 #​9467 [@​radarhere]
• Add Amiga Workbench .info loader to 3rd party plugins list #​9459 [@​bitplane]
• Merge PFM documentation into PPM #​9434 [@​radarhere]
• Update macOS tested Pillow versions #​9431 [@​radarhere]
• Fix CVE number #​9430 [@​hugovk]

Dependencies

• Update xz to 5.8.3 #​9523 [@​radarhere]
• Update libjpeg-turbo to 3.1.4.1 #​9507 [@​radarhere]
• Update libpng to 1.6.56 #​9499 [@​radarhere]
• Update freetype to 2.14.3 #​9485 [@​radarhere]
• Updated libavif to 1.4.1 #​9479 [@​radarhere]
• Updated harfbuzz to 13.2.1 #​9461 [@​radarhere]
• Update Ghostscript to 10.7.0 #​9469 [@​radarhere]
• Update harfbuzz to 13.0.1 #​9453 [@​radarhere]
• Update libavif to 1.4.0 #​9460 [@​radarhere]
• Update freetype to 2.14.2 #​9449 [@​radarhere]
• Update actions/download-artifact action to v8 #​9451 [@​renovate[bot]]
• Updated libpng to 1.6.55 #​9425 [@​radarhere]

Testing

• Cleanup .spider extension in the same test where it is added #​9517 [@​radarhere]
• Run tests in parallel via tox for 3.5x speedup #​9516 [@​hugovk]
• Enable colour in CI logs #​9486 [@​hugovk]
• Update Ghostscript to 10.7.0 #​9469 [@​radarhere]
• Simplify TGA test code #​9477 [@​radarhere]
• Update tests to check for ValueError when encoding an empty image #​9464 [@​radarhere]
• Upgrade CI from macos-15-intel to macos-26-intel #​9454 [@​hugovk]
• Add check-case-conflict hook #​9446 [@​radarhere]
• Specify platform when pulling docker image #​9440 [@​radarhere]
• GHA: Cache libavif and webp builds for Ubuntu #​9437 [@​hugovk]
• Update macOS tested Pillow versions #​9431 [@​radarhere]

Other changes

• Check calloc return value #​9527 [@​radarhere]
• Check all allocs in the Arrow tree #​9488 [@​wiredfool]
• Reject non-numeric elements inside list coords #​9526 [@​hugovk]
• Move variable declaration inside define #​9525 [@​radarhere]
• Resize tall images vertically first #​9524 [@​radarhere]
• Avoid overflow by not adding extents together #​9520 [@​hugovk]
• Use long for glyph position #​9518 [@​hugovk]
• Raise an error if the trailer chain loops back on itself #​9519 [@​hugovk]
• Only read as much data from gzip-decompressed data as necessary #​9521 [@​hugovk]
• Allow None extents in C setimage() #​9504 [@​radarhere]
• Use critical sections to protect FontObject #​9498 [@​colesbury]
• Add ImageText.Text.wrap() to wrap text #​9286 [@​radarhere]
• Always call StubHandler open() when opening StubImageFile #​9412 [@​radarhere]
• Improved BCn overflow check #​9043 [@​radarhere]
• Image will never be None #​9512 [@​radarhere]
• Raise EOFError when seeking too far in PSD #​9388 [@​radarhere]
• Raise error if ImageGrab subprocess gives non-zero returncode #​9321 [@​radarhere]
• Allow for different palette entry sizes when correcting BMP pixel data offset #​9472 [@​radarhere]
• Ignore unspecified extra samples for TIFF separate planar configuration #​9514 [@​radarhere]
• Add PERF to lint and fix findings #​9510 [@​hugovk]
• Switch iOS back to macos-15-intel #​9509 [@​radarhere]
• Catch struct.error #​9505 [@​radarhere]
• Check PyCapsule_GetPointer and PyBytes_FromStringAndSize return values #​9508 [@​radarhere]
• Fix missing null dereference checks #​9489 [@​wiredfool]
• CI: Retry failed downloads #​9506 [@​hugovk]
• Use PyModule_AddObjectRef #​9503 [@​radarhere]
• Release reference to encoder on error #​9500 [@​radarhere]
• Fixed AVIF and WEBP dealloc #​9501 [@​radarhere]
• Check PyType_Ready return values #​9502 [@​radarhere]
• Check if PyObject_CallMethod result is NULL #​9494 [@​radarhere]
• Do not use palette from grayscale or bilevel colorspace when reading JPEG2000 images #​9468 [@​radarhere]
• If TGA v2 extension area specifies no alpha, fill alpha channel #​9478 [@​radarhere]
• Set image pixels individually on 32-bit Windows #​9492 [@​radarhere]
• Add error messages before returning NULL when encoding #​9493 [@​radarhere]
• Fix _getxy refcount leaks #​9487 [@​hugovk]
• Fix invalid test font #​9483 [@​radarhere]
• Add Exif tag "FrameRate" #​9470 [@​zhiyuanouyang]
• Support reading JPEG2000 images with CMYK palettes #​9456 [@​radarhere]
• Simplify setimage() by always passing extents #​9395 [@​radarhere]
• If bitmap buffer is empty, do not render anything #​8324 [@​radarhere]
• Change to ValueError when encoding an empty image #​9394 [@​radarhere]
• Add FontFile.to_imagefont() #​9419 [@​fjhenigman]
• [pre-commit.ci] pre-commit autoupdate #​9450 [@​pre-commit-ci[bot]]
• Use walrus operator #​9448 [@​radarhere]
• Only close file handle in ImagePalette.save() if it was opened internally #​9444 [@​bysiber]
• Fix self.decode typo #​9445 [@​bysiber]
• Fix BMP RLE delta escape reading from wrong file position #​9443 [@​bysiber]
• Correct error check when encoding AVIF images #​9442 [@​radarhere]
• Fix unexpected error when saving zero dimension images #​9391 [@​radarhere]
• Use uppercase format ID for PALM #​9435 [@​radarhere]

v12.1.1

Compare Source

v12.1.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.1.0.html

Deprecations

• Deprecate getdata(), in favour of new get_flattened_data() #​9292 [@​radarhere]

Documentation

• Specify APNG duration type when opening #​9368 [@​radarhere]
• Added release notes for #​9350 #​9366 [@​radarhere]
• Update ImageMorph documentation #​9349 [@​radarhere]
• Docs: update major bump cadence #​9334 [@​hugovk]
• Add release notes for #​9070 #​9320 [@​radarhere]
• Updated Ubuntu version #​9306 [@​radarhere]
• Update macOS tested Pillow versions #​9265 [@​radarhere]

Dependencies

• Update harfbuzz to 12.3.0 #​9355 [@​radarhere]
• Update xz to 5.8.2 #​9343 [@​radarhere]
• Updated libjpeg-turbo to 3.1.3 #​9333 [@​radarhere]
• Updated zlib-ng to 2.3.2 #​9324 [@​radarhere]
• Updated libpng to 1.6.53 #​9325 [@​radarhere]
• Update actions/checkout action to v6 #​9323 [@​renovate[bot]]
• Update dependency mypy to v1.19.0 #​9322 [@​renovate[bot]]
• Updated libpng to 1.6.51 #​9305 [@​radarhere]
• Updated brotli to 1.2.0 #​9284 [@​radarhere]
• Update libimagequant to 4.4.1 #​9301 [@​radarhere]
• Update zlib-ng to 2.3.1, except on manylinux2014 aarch64 #​9312 [@​radarhere]
• Updated harfbuzz to 12.2.0 #​9289 [@​radarhere]
• Update github-actions #​9277 [@​renovate[bot]]

Testing

• Replace pre-commit with prek #​9360 [@​hugovk]
• Test PyQt6 on Python 3.14 on Windows #​9353 [@​radarhere]
• Test 32-bit Windows on Windows Server 2022 #​9345 [@​radarhere]
• Correct variable type #​9335 [@​radarhere]
• Fix ResourceWarnings in selftest.py #​9332 [@​hugovk]
• Fix testing good P mode BMP images #​9319 [@​radarhere]
• Test Python 3.15 pre-release #​9331 [@​hugovk]
• Test ImageFont.ImageFont, in case freetype2 is not supported #​9287 [@​radarhere]
• Add Fedora 43 #​9290 [@​radarhere]
• Remove Fedora 41 #​9260 [@​radarhere]

Type hints

• Add ImageFile context manager #​9367 [@​radarhere]
• Assert fp is not None #​8617 [@​radarhere]
• Added return type to ImageFile _close_fp() #​9356 [@​radarhere]
• Use different variables for Image and ImageFile instances #​9316 [@​radarhere]
• Correct variable type #​9335 [@​radarhere]
• Improve type hints #​9317 [@​radarhere]
• Use different variables for Image and ImageFile instances #​9268 [@​radarhere]
• Added type hints #​9269 [@​radarhere]
• Correct getitem return type #​9264 [@​radarhere]

Other changes

• Simplify band splitting #​9291 [@​radarhere]
• Support saving APNG float durations #​9365 [@​radarhere]
• Allow 1 mode images in MorphOp #​9348 [@​radarhere]
• Use minimum supported Python version for Lint #​9364 [@​radarhere]
• Allow for duplicate font variation styles #​9362 [@​radarhere]
• Call parent verify method #​9357 [@​radarhere]
• Return LUT from LutBuilder build_default_lut() #​9350 [@​radarhere]
• Simplify WebP code #​9329 [@​radarhere]
• Use unsigned long for DWORD #​9352 [@​radarhere]
• Cast to UINT32 before shifting bits #​9347 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9318 [@​pre-commit-ci[bot]]
• Allow window ID to be passed to ImageGrab.grab() on macOS #​9070 [@​yankeguo]
• Apply encoder options when saving multiple PNG frames #​9300 [@​radarhere]
• Read all non-zero transparency from mode 1 PNG images as 255 #​9282 [@​radarhere]
• Support writing IFD, SIGNED_RATIONAL and InkNames TIFF tags #​9276 [@​radarhere]
• Remove unused modes #​9275 [@​radarhere]
• Correct allocating new color to RGBA palette #​9313 [@​radarhere]
• Close image on ImageFont exception #​9304 [@​radarhere]
• Reapply "Use macos-latest for iOS arm64 simulator" #​9259 [@​radarhere]
• Escape period in pre-commit-config #​9036 [@​radarhere]
• Add Apache-2.0 notice to IcoImagePlugin #​8947 [@​stefan6419846]
• [pre-commit.ci] pre-commit autoupdate #​9288 [@​pre-commit-ci[bot]]
• Simplify code now that I;16* modes are the only IMAGING_TYPE_SPECIAL #​9263 [@​radarhere]
• Remove BytesIO from DdsImagePlugin #​9273 [@​radarhere]
• Fix ZeroDivisionError in DdsImagePlugin #​9272 [@​radarhere]
• Fix warnings #​9257 [@​radarhere]

v12.0.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html

Removals

• Remove support for FreeType <= 2.9.0 #​9159 [@​radarhere]
• Drop support for Python 3.9 #​9119 [@​hugovk]
• Remove deprecations for Pillow 12.0.0 #​9053 [@​radarhere]

Deprecations

• Deprecate Image._show #​9186 [@​radarhere]
• Deprecate ImageCmsProfile product_name and product_info #​8995 [@​lukegb]

Documentation

• ImagingHistogramInstance can use two bands #​9251 [@​radarhere]
• Update 12.0.0 release notes #​9247 [@​hugovk]
• Added ImageDraw alpha channel examples #​9201 [@​radarhere]
• Update Python version #​9230 [@​radarhere]
• Updated macOS tested Pillow versions #​9209 [@​radarhere]
• Add GitHub profile link to release notes #​9197 [@​radarhere]
• Split versionadded info #​9190 [@​radarhere]
• Document ImageFile.MAXBLOCK #​9163 [@​radarhere]
• Updated macOS version in CI targets #​9157 [@​radarhere]
• Fix typos #​9135 [@​radarhere]
• Added "Colors" to concepts #​9067 [@​radarhere]
• Update macOS tested Pillow versions #​9068 [@​radarhere]
• Thanks, folks! #​9056 [@​aclark4life]
• Setup nit: "fork" should be lowercased #​9055 [@​aclark4life]

Dependencies

• Update dependency cibuildwheel to v3.2.1 #​9246 [@​renovate[bot]]
• [pre-commit.ci] pre-commit autoupdate #​9233 [@​pre-commit-ci[bot]]
• Update harfbuzz to 12.1.0 #​9218 [@​radarhere]
• Update libtiff to 4.7.1 #​9222 [@​radarhere]
• Update FreeType to 2.14.1 on macOS and Linux wheels #​9217 [@​radarhere]
• Update dependency cibuildwheel to v3.2.0 #​9219 [@​renovate[bot]]
• Update Ghostscript to 10.6.0 #​9202 [@​radarhere]
• Update openjpeg to 2.5.4 #​9215 [@​radarhere]
• Update harfbuzz to 11.5.0 #​9203 [@​radarhere]
• Update dependency mypy to v1.18.2 #​9213 [@​renovate[bot]]
• Update dependency mypy to v1.18.1 #​9207 [@​renovate[bot]]
• Update github-actions #​9194 [@​renovate[bot]]
• Updated harfbuzz to 11.4.5 #​9150 [@​radarhere]
• Update zlib-ng to 2.2.5 #​9140 [@​radarhere]
• Update raqm to 0.10.3 #​9137 [@​radarhere]
• Update libjpeg-turbo to 3.1.2 #​9188 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9180 [@​pre-commit-ci[bot]]
• Update dependency cibuildwheel to v3.1.4 #​9164 [@​renovate[bot]]
• Update actions/checkout action to v5 #​9156 [@​renovate[bot]]
• Update actions/download-artifact action to v5 #​9141 [@​renovate[bot]]
• Updated harfbuzz to 11.3.3 #​9103 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #​9131 [@​pre-commit-ci[bot]]
• Updated libimagequant to 4.4.0 #​9074 [@​radarhere]
• Update dependency mypy to v1.17.1 #​9130 [@​renovate[bot]]
• Update dependency cibuildwheel to v3.1.3 #​9129 [@​renovate[bot]]
• Update dependency cibuildwheel to v3.1.2 #​9118 [@​renovate[bot]]
• Updated libpng to 1.6.50 #​9058 [@​radarhere]
• Update cygwin/cygwin-install-action action to v6 #​9108 [@​renovate[bot]]
• Update dependency mypy to v1.17.0 #​9092 [@​renovate[bot]]
• Updated libwebp to 1.6.0 #​9082 [@​radarhere]
• Update dependency cibuildwheel to v3.0.1 #​9075 [@​renovate[bot]]
• [pre-commit.ci] pre-commit autoupdate #​9073 [@​pre-commit-ci[bot]]

Testing

• Check return types #​9045 [@​radarhere]
• Upgrade from macos-13 #​9212 [@​radarhere]
• Wheels CI: Check number of expected dists #​9239 [@​hugovk]
• Assert image type #​8845 [@​radarhere]
• Test GD transparency #​9196 [@​radarhere]
• Test mode when saving PPM images #​9195 [@​radarhere]
• Test unsupported BMP bitfields layout #​9193 [@​radarhere]
• Update Ghostscript to 10.6.0 #​9202 [@​radarhere]
• Use monkeypatch #​9192 [@​radarhere]
• Always check XMLPacket value #​9113 [@​radarhere]
• Rename variable to not shadow import #​9124 [@​radarhere]
• Removed unused code #​9182 [@​radarhere]
• Add has_feature_version helper #​9172 [@​radarhere]
• Replace print with assert #​9171 [@​radarhere]
• Add Debian 13 Trixie #​9147 [@​hugovk]
• Do not import from Tests directory in checks #​9143 [@​radarhere]
• Improve features test coverage #​9077 [@​radarhere]
• Remove WebP feature handling #​9096 [@​radarhere]
• Update for pyroma 5.0 #​9093 [@​radarhere]
• Improve WmfImagePlugin test coverage #​9090 [@​radarhere]
• Improve DdsImagePlugin test coverage #​9091 [@​radarhere]
• Improve ImageMath test coverage #​9087 [@​radarhere]
• Fix unclosed file warning #​9065 [@​radarhere]
• Pyroma now supports PEP 639 #​9064 [@​radarhere]

Type hints

• Install arro3 dependencies when type checking #​9254 [@​radarhere]
• Check return types #​9045 [@​radarhere]
• Assert image type #​8845 [@​radarhere]
• Move imports into TYPE_CHECKING #​9123 [@​radarhere]
• Remove support for NumPy 1.20 when type checking #​9125 [@​radarhere]

Other changes

• Use macos-14 for iOS arm64 simulator #​9258 [@​hugovk]
• Use enums for Modes and RawModes in C #​9256 [@​radarhere]
• Add ImageText #​9098 [@​radarhere]
• Shift bits before making value negative #​9255 [@​radarhere]
• Support saving variable length rational TIFF tags by default #​9241 [@​radarhere]
• Added four private SGI TIFF tags #​9245 [@​radarhere]
• Band names for arrow exported images #​9099 [@​wiredfool]
• Use macos-latest for iOS arm64 simulator #​9250 [@​radarhere]
• If pasting an image onto itself at a lower position, copy from bottom #​8882 [@​radarhere]
• Removed unused access for I;32L and I;32B #​9238 [@​radarhere]
• Corrected scientific-python-nightly-wheels pattern #​9252 [@​radarhere]
• Run sdist when scheduled, but do not upload to scientific-python-nightly-wheels index #​9248 [@​radarhere]
• Removed shebang lines and executable flags #​9179 [@​radarhere]
• Remove Pillow version from PDF comment #​9176 [@​radarhere]
• Support saving variable length rational TIFF tags #​9111 [@​radarhere]
• Build Python 3.14 on macOS 10.15 #​9234 [@​radarhere]
• Test largest CUR cursor #​9191 [@​radarhere]
• Do not unnecessarily update FLI __offset #​9184 [@​radarhere]
• Fill alpha channel when quantizing RGB images #​9133 [@​radarhere]
• Allow RGBA palettes to work with ImageOps.expand() #​9138 [@​radarhere]
• Fixed loading rotated PCD images #​9177 [@​radarhere]
• Cast before shifting bits #​9236 [@​radarhere]
• Use _ensure_mutable() #​9200 [@​radarhere]
• Seek past BeginBinary data when parsing EPS metadata #​9211 [@​radarhere]
• Do not allow negative offset with memory mapping #​9235 [@​radarhere]
• Clear C image when MPO frame image size changes #​9208 [@​radarhere]
• When converting RGBA to PA, use RGB to P quantization #​9153 [@​radarhere]
• Remove use of sudo from libavif and raqm install scripts #​9231 [@​radarhere]
• Load image palette into Python after converting to PA #​9152 [@​radarhere]
• Check all reserved bytes in FLI header #​9183 [@​radarhere]
• Limit length of read operation in ImageFont._load_pilfont_data() #​9181 [@​radarhere]
• Python 3.9 wheels are no longer needed #​9214 [@​radarhere]
• Remove unused Image _expand() #​9227 [@​radarhere]
• Updated FreeType to 2.14.1 on Windows #​9206 [@​radarhere]
• Only deprecate fromarray mode for changing data types #​9063 [@​radarhere]
• Fix reading RGB and CMYK IPTC images #​9088 [@​radarhere]
• Install zstd for libtiff on Linux wheels #​9097 [@​radarhere]
• Improve WalImageFile test coverage #​9189 [@​radarhere]
• ImageMorph operations must have length 1 #​9102 [@​radarhere]
• Set correct size for rotated PCD images after opening [#​9086](https://redire

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.