Update dependency pillow to v12.2.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pillow (changelog)	==12.1.1 → ==12.2.0

GitHub Vulnerability Alerts

CVE-2026-40192

Impact

Pillow did not limit the amount of GZIP-compressed data read when decoding a FITS image, making it vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of service (OOM crash or severe performance degradation).

Patches

The amount of data read is now limited to the necessary amount.
Fixed in Pillow 12.2.0 (PR #​9521).

Workarounds

Avoid Pillow >= 10.3.0, < 12.2.0
Only open specific image formats, excluding FITS.

Severity

• CVSS Score: 8.7 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

---

Release Notes

python-pillow/Pillow (pillow)

v12.2.0

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

• Update 12.2.0 release notes #​9522 [@​hugovk]
• Add loader plugins: AMOS abk, Atari Degas, 40+ more obscure formats via Netpbm #​9482 [@​bitplane]
• Update Python versions #​9515 [@​radarhere]
• Jeffrey A. Clark -> Jeffrey 'Alex' Clark #​9513 [@​aclark4life]
• Add release notes for #​9394, #​9419 and #​9456 #​9467 [@​radarhere]
• Add Amiga Workbench .info loader to 3rd party plugins list #​9459 [@​bitplane]
• Merge PFM documentation into PPM #​9434 [@​radarhere]
• Update macOS tested Pillow versions #​9431 [@​radarhere]
• Fix CVE number #​9430 [@​hugovk]

Dependencies

• Update xz to 5.8.3 #​9523 [@​radarhere]
• Update libjpeg-turbo to 3.1.4.1 #​9507 [@​radarhere]
• Update libpng to 1.6.56 #​9499 [@​radarhere]
• Update freetype to 2.14.3 #​9485 [@​radarhere]
• Updated libavif to 1.4.1 #​9479 [@​radarhere]
• Updated harfbuzz to 13.2.1 #​9461 [@​radarhere]
• Update Ghostscript to 10.7.0 #​9469 [@​radarhere]
• Update harfbuzz to 13.0.1 #​9453 [@​radarhere]
• Update libavif to 1.4.0 #​9460 [@​radarhere]
• Update freetype to 2.14.2 #​9449 [@​radarhere]
• Update actions/download-artifact action to v8 #​9451 [@​renovate[bot]]
• Updated libpng to 1.6.55 #​9425 [@​radarhere]

Testing

• Cleanup .spider extension in the same test where it is added #​9517 [@​radarhere]
• Run tests in parallel via tox for 3.5x speedup #​9516 [@​hugovk]
• Enable colour in CI logs #​9486 [@​hugovk]
• Update Ghostscript to 10.7.0 #​9469 [@​radarhere]
• Simplify TGA test code #​9477 [@​radarhere]
• Update tests to check for ValueError when encoding an empty image #​9464 [@​radarhere]
• Upgrade CI from macos-15-intel to macos-26-intel #​9454 [@​hugovk]
• Add check-case-conflict hook #​9446 [@​radarhere]
• Specify platform when pulling docker image #​9440 [@​radarhere]
• GHA: Cache libavif and webp builds for Ubuntu #​9437 [@​hugovk]
• Update macOS tested Pillow versions #​9431 [@​radarhere]

Other changes

• Check calloc return value #​9527 [@​radarhere]
• Check all allocs in the Arrow tree #​9488 [@​wiredfool]
• Reject non-numeric elements inside list coords #​9526 [@​hugovk]
• Move variable declaration inside define #​9525 [@​radarhere]
• Resize tall images vertically first #​9524 [@​radarhere]
• Avoid overflow by not adding extents together #​9520 [@​hugovk]
• Use long for glyph position #​9518 [@​hugovk]
• Raise an error if the trailer chain loops back on itself #​9519 [@​hugovk]
• Only read as much data from gzip-decompressed data as necessary #​9521 [@​hugovk]
• Allow None extents in C setimage() #​9504 [@​radarhere]
• Use critical sections to protect FontObject #​9498 [@​colesbury]
• Add ImageText.Text.wrap() to wrap text #​9286 [@​radarhere]
• Always call StubHandler open() when opening StubImageFile #​9412 [@​radarhere]
• Improved BCn overflow check #​9043 [@​radarhere]
• Image will never be None #​9512 [@​radarhere]
• Raise EOFError when seeking too far in PSD #​9388 [@​radarhere]
• Raise error if ImageGrab subprocess gives non-zero returncode #​9321 [@​radarhere]
• Allow for different palette entry sizes when correcting BMP pixel data offset #​9472 [@​radarhere]
• Ignore unspecified extra samples for TIFF separate planar configuration #​9514 [@​radarhere]
• Add PERF to lint and fix findings #​9510 [@​hugovk]
• Switch iOS back to macos-15-intel #​9509 [@​radarhere]
• Catch struct.error #​9505 [@​radarhere]
• Check PyCapsule_GetPointer and PyBytes_FromStringAndSize return values #​9508 [@​radarhere]
• Fix missing null dereference checks #​9489 [@​wiredfool]
• CI: Retry failed downloads #​9506 [@​hugovk]
• Use PyModule_AddObjectRef #​9503 [@​radarhere]
• Release reference to encoder on error #​9500 [@​radarhere]
• Fixed AVIF and WEBP dealloc #​9501 [@​radarhere]
• Check PyType_Ready return values #​9502 [@​radarhere]
• Check if PyObject_CallMethod result is NULL #​9494 [@​radarhere]
• Do not use palette from grayscale or bilevel colorspace when reading JPEG2000 images #​9468 [@​radarhere]
• If TGA v2 extension area specifies no alpha, fill alpha channel #​9478 [@​radarhere]
• Set image pixels individually on 32-bit Windows #​9492 [@​radarhere]
• Add error messages before returning NULL when encoding #​9493 [@​radarhere]
• Fix _getxy refcount leaks #​9487 [@​hugovk]
• Fix invalid test font #​9483 [@​radarhere]
• Add Exif tag "FrameRate" #​9470 [@​zhiyuanouyang]
• Support reading JPEG2000 images with CMYK palettes #​9456 [@​radarhere]
• Simplify setimage() by always passing extents #​9395 [@​radarhere]
• If bitmap buffer is empty, do not render anything #​8324 [@​radarhere]
• Change to ValueError when encoding an empty image #​9394 [@​radarhere]
• Add FontFile.to_imagefont() #​9419 [@​fjhenigman]
• [pre-commit.ci] pre-commit autoupdate #​9450 [@​pre-commit-ci[bot]]
• Use walrus operator #​9448 [@​radarhere]
• Only close file handle in ImagePalette.save() if it was opened internally #​9444 [@​bysiber]
• Fix self.decode typo #​9445 [@​bysiber]
• Fix BMP RLE delta escape reading from wrong file position #​9443 [@​bysiber]
• Correct error check when encoding AVIF images #​9442 [@​radarhere]
• Fix unexpected error when saving zero dimension images #​9391 [@​radarhere]
• Use uppercase format ID for PALM #​9435 [@​radarhere]

---

Configuration

📅 Schedule: (in timezone UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

🔴 This PR fixes CVE-2026-40192 in template/requirements.txt by upgrading Pillow to 12.2.0, but chart_data_extractor/poetry.lock still pins Pillow at 12.1.1 (line 599), leaving that environment exposed to the same FITS decompression bomb vulnerability. Run poetry update pillow in chart_data_extractor/ and commit the updated lock file to complete the fix.

Extended reasoning...

Incomplete security fix: chart_data_extractor/poetry.lock still pins Pillow 12.1.1

This PR correctly updates template/requirements.txt to pillow==12.2.0 to patch CVE-2026-40192, which allows a specially crafted FITS image to trigger unbounded GZIP decompression, leading to OOM denial-of-service. However, the repository contains a second Pillow installation path that was not updated: chart_data_extractor/poetry.lock.

Affected code path: In chart_data_extractor/poetry.lock (lines 598–603), the lock file resolves Pillow to version 12.1.1 with optional = false and groups = ["main"]. This means Pillow is a non-optional, main-group dependency that is unconditionally installed by poetry install. Pillow arrives as a transitive dependency of matplotlib (which pyproject.toml lists as a direct dependency), and the lock file explicitly pins it to the vulnerable version.

Why existing checks don't catch it: The PR diff only touches template/requirements.txt. Poetry lock files are not automatically updated when a requirements.txt in a sibling directory is changed; each directory with a pyproject.toml/poetry.lock pair is managed independently. The CI workflow .github/workflows/charts_tests.yml runs poetry install in chart_data_extractor/, so every CI build for that component installs the vulnerable Pillow 12.1.1.

Impact: Any developer or CI pipeline that runs poetry install in chart_data_extractor/ will install Pillow 12.1.1 and remain exposed to CVE-2026-40192. While chart_data_extractor itself may not directly process FITS images, Pillow is present in the environment and could be exercised by upstream code, tests, or future changes.

Step-by-step proof:

1. A developer clones the repo and runs poetry install in chart_data_extractor/.
2. Poetry reads chart_data_extractor/poetry.lock and installs pillow==12.1.1 (line 599) because optional = false and it is in the main group.
3. The installed Pillow is the vulnerable 12.1.1, not the patched 12.2.0.
4. An attacker can supply a crafted FITS file to any code path that invokes PIL.Image.open(), triggering unbounded memory consumption.

Fix: Run poetry update pillow (or poetry lock --no-update after manually editing pyproject.toml to constrain the version) inside chart_data_extractor/, then commit the updated poetry.lock as part of this PR.

[codeCraft-Ritik]

Great update! Upgrading Pillow to address CVE-2026-40192 is an important security fix.
Nice to see proactive handling of potential DoS vulnerabilities 👍