chore(deps): update dependency pillow to v12 [security] by renovate-bot · Pull Request #13822 · GoogleCloudPlatform/python-docs-samples

Simplify band splitting #9291 [@radarhere]
Support saving APNG float durations #9365 [@radarhere]
Allow 1 mode images in MorphOp #9348 [@radarhere]
Use minimum supported Python version for Lint #9364 [@radarhere]
Allow for duplicate font variation styles #9362 [@radarhere]
Call parent verify method #9357 [@radarhere]
Return LUT from LutBuilder build_default_lut() #9350 [@radarhere]
Simplify WebP code #9329 [@radarhere]
Use unsigned long for DWORD #9352 [@radarhere]
Cast to UINT32 before shifting bits #9347 [@radarhere]
[pre-commit.ci] pre-commit autoupdate #9318 [@pre-commit-ci[bot]]
Allow window ID to be passed to ImageGrab.grab() on macOS #9070 [@yankeguo]
Apply encoder options when saving multiple PNG frames #9300 [@radarhere]
Read all non-zero transparency from mode 1 PNG images as 255 #9282 [@radarhere]
Support writing IFD, SIGNED_RATIONAL and InkNames TIFF tags #9276 [@radarhere]
Remove unused modes #9275 [@radarhere]
Correct allocating new color to RGBA palette #9313 [@radarhere]
Close image on ImageFont exception #9304 [@radarhere]
Reapply "Use macos-latest for iOS arm64 simulator" #9259 [@radarhere]
Escape period in pre-commit-config #9036 [@radarhere]
Add Apache-2.0 notice to IcoImagePlugin #8947 [@stefan6419846]
[pre-commit.ci] pre-commit autoupdate #9288 [@pre-commit-ci[bot]]
Simplify code now that I;16* modes are the only IMAGING_TYPE_SPECIAL #9263 [@radarhere]
Remove BytesIO from DdsImagePlugin #9273 [@radarhere]
Fix ZeroDivisionError in DdsImagePlugin #9272 [@radarhere]
Fix warnings #9257 [@radarhere]

`v12.0.0`

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/12.0.0.html

Removals

Remove support for FreeType <= 2.9.0 #9159 [@radarhere]
Drop support for Python 3.9 #9119 [@hugovk]
Remove deprecations for Pillow 12.0.0 #9053 [@radarhere]

Deprecations

Deprecate Image._show #9186 [@radarhere]
Deprecate ImageCmsProfile product_name and product_info #8995 [@lukegb]

Documentation

ImagingHistogramInstance can use two bands #9251 [@radarhere]
Update 12.0.0 release notes #9247 [@hugovk]
Added ImageDraw alpha channel examples #9201 [@radarhere]
Update Python version #9230 [@radarhere]
Updated macOS tested Pillow versions #9209 [@radarhere]
Add GitHub profile link to release notes #9197 [@radarhere]
Split versionadded info #9190 [@radarhere]
Document ImageFile.MAXBLOCK #9163 [@radarhere]
Updated macOS version in CI targets #9157 [@radarhere]
Fix typos #9135 [@radarhere]
Added "Colors" to concepts #9067 [@radarhere]
Update macOS tested Pillow versions #9068 [@radarhere]
Thanks, folks! #9056 [@aclark4life]
Setup nit: "fork" should be lowercased #9055 [@aclark4life]

Dependencies

Update dependency cibuildwheel to v3.2.1 #9246 [@renovate[bot]]
[pre-commit.ci] pre-commit autoupdate #9233 [@pre-commit-ci[bot]]
Update harfbuzz to 12.1.0 #9218 [@radarhere]
Update libtiff to 4.7.1 #9222 [@radarhere]
Update FreeType to 2.14.1 on macOS and Linux wheels #9217 [@radarhere]
Update dependency cibuildwheel to v3.2.0 #9219 [@renovate[bot]]
Update Ghostscript to 10.6.0 #9202 [@radarhere]
Update openjpeg to 2.5.4 #9215 [@radarhere]
Update harfbuzz to 11.5.0 #9203 [@radarhere]
Update dependency mypy to v1.18.2 #9213 [@renovate[bot]]
Update dependency mypy to v1.18.1 #9207 [@renovate[bot]]
Update github-actions #9194 [@renovate[bot]]
Updated harfbuzz to 11.4.5 #9150 [@radarhere]
Update zlib-ng to 2.2.5 #9140 [@radarhere]
Update raqm to 0.10.3 #9137 [@radarhere]
Update libjpeg-turbo to 3.1.2 #9188 [@radarhere]
[pre-commit.ci] pre-commit autoupdate #9180 [@pre-commit-ci[bot]]
Update dependency cibuildwheel to v3.1.4 #9164 [@renovate[bot]]
Update actions/checkout action to v5 #9156 [@renovate[bot]]
Update actions/download-artifact action to v5 #9141 [@renovate[bot]]
Updated harfbuzz to 11.3.3 #9103 [@radarhere]
[pre-commit.ci] pre-commit autoupdate #9131 [@pre-commit-ci[bot]]
Updated libimagequant to 4.4.0 #9074 [@radarhere]
Update dependency mypy to v1.17.1 #9130 [@renovate[bot]]
Update dependency cibuildwheel to v3.1.3 #9129 [@renovate[bot]]
Update dependency cibuildwheel to v3.1.2 #9118 [@renovate[bot]]
Updated libpng to 1.6.50 #9058 [@radarhere]
Update cygwin/cygwin-install-action action to v6 #9108 [@renovate[bot]]
Update dependency mypy to v1.17.0 #9092 [@renovate[bot]]
Updated libwebp to 1.6.0 #9082 [@radarhere]
Update dependency cibuildwheel to v3.0.1 #9075 [@renovate[bot]]
[pre-commit.ci] pre-commit autoupdate #9073 [@pre-commit-ci[bot]]

Testing

Check return types #9045 [@radarhere]
Upgrade from macos-13 #9212 [@radarhere]
Wheels CI: Check number of expected dists #9239 [@hugovk]
Assert image type #8845 [@radarhere]
Test GD transparency #9196 [@radarhere]
Test mode when saving PPM images #9195 [@radarhere]
Test unsupported BMP bitfields layout #9193 [@radarhere]
Update Ghostscript to 10.6.0 #9202 [@radarhere]
Use monkeypatch #9192 [@radarhere]
Always check XMLPacket value #9113 [@radarhere]
Rename variable to not shadow import #9124 [@radarhere]
Removed unused code #9182 [@radarhere]
Add has_feature_version helper #9172 [@radarhere]
Replace print with assert #9171 [@radarhere]
Add Debian 13 Trixie #9147 [@hugovk]
Do not import from Tests directory in checks #9143 [@radarhere]
Improve features test coverage #9077 [@radarhere]
Remove WebP feature handling #9096 [@radarhere]
Update for pyroma 5.0 #9093 [@radarhere]
Improve WmfImagePlugin test coverage #9090 [@radarhere]
Improve DdsImagePlugin test coverage #9091 [@radarhere]
Improve ImageMath test coverage #9087 [@radarhere]
Fix unclosed file warning #9065 [@radarhere]
Pyroma now supports PEP 639 #9064 [@radarhere]

Type hints

Install arro3 dependencies when type checking #9254 [@radarhere]
Check return types #9045 [@radarhere]
Assert image type #8845 [@radarhere]
Move imports into TYPE_CHECKING #9123 [@radarhere]
Remove support for NumPy 1.20 when type checking #9125 [@radarhere]

Other changes

Use macos-14 for iOS arm64 simulator #9258 [@hugovk]
Use enums for Modes and RawModes in C #9256 [@radarhere]
Add ImageText #9098 [@radarhere]
Shift bits before making value negative #9255 [@radarhere]
Support saving variable length rational TIFF tags by default #9241 [@radarhere]
Added four private SGI TIFF tags #9245 [@radarhere]
Band names for arrow exported images #9099 [@wiredfool]
Use macos-latest for iOS arm64 simulator #9250 [@radarhere]
If pasting an image onto itself at a lower position, copy from bottom #8882 [@radarhere]
Removed unused access for I;32L and I;32B #9238 [@radarhere]
Corrected scientific-python-nightly-wheels pattern #9252 [@radarhere]
Run sdist when scheduled, but do not upload to scientific-python-nightly-wheels index #9248 [@radarhere]
Removed shebang lines and executable flags #9179 [@radarhere]
Remove Pillow version from PDF comment #9176 [@radarhere]
Support saving variable length rational TIFF tags #9111 [@radarhere]
Build Python 3.14 on macOS 10.15 #9234 [@radarhere]
Test largest CUR cursor #9191 [@radarhere]
Do not unnecessarily update FLI __offset #9184 [@radarhere]
Fill alpha channel when quantizing RGB images #9133 [@radarhere]
Allow RGBA palettes to work with ImageOps.expand() #9138 [@radarhere]
Fixed loading rotated PCD images #9177 [@radarhere]
Cast before shifting bits #9236 [@radarhere]
Use _ensure_mutable() #9200 [@radarhere]
Seek past BeginBinary data when parsing EPS metadata #9211 [@radarhere]
Do not allow negative offset with memory mapping #9235 [@radarhere]
Clear C image when MPO frame image size changes #9208 [@radarhere]
When converting RGBA to PA, use RGB to P quantization #9153 [@radarhere]
Remove use of sudo from libavif and raqm install scripts #9231 [@radarhere]
Load image palette into Python after converting to PA #9152 [@radarhere]
Check all reserved bytes in FLI header #9183 [@radarhere]
Limit length of read operation in ImageFont._load_pilfont_data() #9181 [@radarhere]
Python 3.9 wheels are no longer needed #9214 [@radarhere]
Remove unused Image _expand() #9227 [@radarhere]
Updated FreeType to 2.14.1 on Windows #9206 [@radarhere]
Only deprecate fromarray mode for changing data types #9063 [@radarhere]
Fix reading RGB and CMYK IPTC images #9088 [@radarhere]
Install zstd for libtiff on Linux wheels #9097 [@radarhere]
Improve WalImageFile test coverage #9189 [@radarhere]
ImageMorph operations must have length 1 #9102 [@radarhere]
Set correct size for rotated PCD images after opening #9086 [@radarhere]
Simplify check for GBR width and height #9089 [@radarhere]
Make in parallel when building libjpeg-turbo and openjpeg for macOS and Linux wheels #9144 [@radarhere]
Fix ZeroDivisionError in ImageStat #9105 [@radarhere]
When deleting EXIF IFD tag, delete IFD data #9083 [@radarhere]
Allow alpha_composite to use LA images #9066 [@radarhere]
Improve _accept length check #9170 [@radarhere]
Do not set core to DeferredError #9166 [@radarhere]
Use macos-14 for iOS arm64 simulator #9161 [@radarhere]
Make in parallel when building brotli and libavif for macOS and Linux wheels #9142 [@radarhere]
Use Python 3.14 for gcc problem matching #9134 [@radarhere]
Add libavif support for iOS #9117 [@freakboy3742]
Restore pyroma test for iOS #9116 [@freakboy3742]
Use correct bands for two band histograms #9054 [@radarhere]
Add support for Python 3.14 #9120 [@hugovk]
Drop support for PyPy3.10 #9112 [@radarhere]
Add parallel compile from pybind11 #8990 [@wiredfool]
Remove unused _save_cjpeg #9084 [@radarhere]
Ensure dynamic libjpeg libraries are not linked #9081 [@freakboy3742]
Remove reference to libtiff 3.x #9072 [@radarhere]
Restored manylinux2014 wheels #9059 [@radarhere]

`v11.3.0`

Compare Source

https://pillow.readthedocs.io/en/stable/releasenotes/11.3.0.html

Deprecations

Deprecate fromarray mode argument #9018 [@radarhere]
Deprecate saving I mode images as PNG #9023 [@radarhere]

Documentation

Added release notes for #9041 #9042 [@radarhere]
Add release notes for #8912 and #8969 #9019 [@radarhere]
ImageFont does not handle multiline text #9000 [@radarhere]
Updated Ubuntu CI targets #8988 [@radarhere]
Update MinGW package names #8987 [@H4M5TER]
Updated docstring #8943 [@radarhere]
Mention that tobytes() with the raw encoder uses Pack.c #8878 [@radarhere]
Refactor docs Makefile #8933 [@hugovk]
Add template for quarterly release issue #8932 [@aclark4life]
Add list of third party plugins #8910 [@radarhere]
Update redirected URL #8919 [@radarhere]
Docs: use sentence case for headers #8914 [@hugovk]
Docs: remove unused Makefile targets #8917 [@hugovk]
Remove indentation from lists #8915 [@radarhere]
Python 3.13 is tested on Arch #8894 [@radarhere]
Move XV Thumbnails to read only section #8893 [@aclark4life]
Updated macOS tested Pillow versions #8890 [@radarhere]

Dependencies

Add AVIF to wheels using only aomenc and dav1d AVIF codecs for reduced size #8858 [@fdintino]
Use same AVIF URL when fetching dependency #8871 [@radarhere]
Update dependency mypy to v1.16.1 #9026 [@renovate[bot]]
Update libpng to 1.6.49 #9014 [@radarhere]
Update dependency cibuildwheel to v3 #9010 [@renovate[bot]]
Updated libjpeg-turbo to 3.1.1 #9009 [@radarhere]
Update dependency mypy to v1.16.0 #8991 [@renovate[bot]]
Updated libpng to 1.6.48 #8940 [@radarhere]
Updated Ghostscript to 10.5.1 #8939 [@radarhere]
Updated harfbuzz to 11.2.1 #8937 [@radarhere]
Updated libavif to 1.3.0 #8949 [@radarhere]
Update dependency cibuildwheel to v2.23.3 #8931 [@renovate[bot]]
Updated harfbuzz to 11.1.0 #8904 [@radarhere]

Testing

Add match parameter to pytest.warns() #9038 [@hugovk]
Increase pytest verbosity #9040 [@radarhere]
Improve SgiImagePlugin test coverage #8896 [@radarhere]
Update ruff pre-commit ID #8994 [@radarhere]
Only check DHT marker for libjpeg-turbo #9025 [@radarhere]
Improve BLP tests #9020 [@radarhere]
Fix warning #9016 [@radarhere]
Test Python 3.14t on macOS and Linux #9011 [@radarhere]
Only accept missing tkinter when building wheels on Windows #8981 [@radarhere]
Fix test #8996 [@radarhere]
Stop testing deprecated Windows Server 2019 runner image #8989 [@radarhere]
Run slow tests on valgrind, but without timeout #8975 [@radarhere]
Close file pointer earlier #8895 [@radarhere]
Added Fedora 42 #8899 [@radarhere]
Removed Fedora 40 #8887 [@radarhere]

Type hints

Assert palette is not None #8877 [@radarhere]
Do not import type checking #8854 [@radarhere]
Improve type hints #8883 [@radarhere]
Update dependency mypy to v1.16.0 #8991 [@renovate[bot]]

Other changes

Updated check script paths #9052 [@radarhere]
Raise FileNotFoundError when opening an empty path #9048 [@radarhere]
Handle IPTC TIFF tags with incorrect type #8925 [@radarhere]
Do not update palette for L mode GIF frame #8924 [@radarhere]
Use save parameters as encoderinfo defaults #9001 [@radarhere]
Add support for iOS #9030 [@freakboy3742]
Fix qtables and quality scaling #8879 [@Kyliroco]
Read 16-bit McIdas images into I;16B mode to allow for memory mapping #9046 [@radarhere]
Support ttb multiline text #8730 [@radarhere]
Use unpacking #9044 [@radarhere]
Fix saving MPO with more than one appended image #8979 [@radarhere]
Restore original encoderinfo after saving #8942 [@radarhere]
Return PixelAccess from first load of ICO and IPTC images #8922 [@radarhere]
Improve justifying text #8905 [@radarhere]
Set color table fourth channel to zero for 1 and L mode when saving BMP #8889 [@radarhere]
Improve reading XPM images #8874 [@radarhere]
Fix buffer overflow when saving compressed DDS images #9041 [@radarhere]
Use PEP 489 multi-phase initialization #8983 [@radarhere]
Support saving I;16L TIFF images #9015 [@radarhere]
Do not call sys.executable in ImageShow in PyInstaller application #9028 [@radarhere]
Search for libtiff library file first on Windows and macOS #9034 [@radarhere]
Fix libtiff cleanup #9002 [@radarhere]
Use percent formatting for _dbg calls #9035 [@radarhere]
Removed ImageCmsProfile._set method #9032 [@radarhere]
Added Python 3.14 macOS x86-64 wheels #9031 [@radarhere]
Support writing QOI images #9007 [@thisismypassport]
Simplify C error handling #9021 [@radarhere]
Add Python 3.14 beta wheels #9012 [@hugovk]
Remove padding between interleaved PCX palette data #9005 [@radarhere]
Start QOI decoding with a zero-initialized array of previously seen pixels #9008 [@radarhere]
Correct drawing I;16 horizontal lines #8985 [@radarhere]
Reduce number of bytes read for PCX header #9004 [@radarhere]
Handle XMP data from an UNDEFINED TIFF tag #8997 [@radarhere]
Do not decode bytes in PPM error message #8958 [@radarhere]
Parse XMP tag bytes without decoding to string #8960 [@radarhere]
Clear TIFF core image if memory mapping was used for last load #8962 [@radarhere]
Use mask in C when drawing wide polygon lines #8984 [@radarhere]
Simplify code #8863 [@radarhere]
Call startswith once with a tuple #8998 [@radarhere]
[pre-commit.ci] pre-commit autoupdate #8993 [@pre-commit-ci[bot]]
Use ImageFile.MAXBLOCK in tobytes() #8906 [@radarhere]
Removed unreachable code #8918 [@radarhere]
Valgrind Memory Leak Checking #8954 [@wiredfool]
Add parallel test target, using pytest-xdist #8972 [@wiredfool]
Add support for flat uint8 arrow arrays for multi channel images #8908 [@wiredfool]
Removed CMAKE_POLICY_VERSION_MINIMUM=3.5 for libavif [#8973](https://re

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

gemini-code-assist · 2026-02-11T16:07:38Z

Summary of Changes

Hello @renovate-bot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request systematically updates the pillow library to its latest version, 12.1.1, across various Python project configurations. This essential upgrade not only resolves a critical security vulnerability related to image processing but also integrates a wide array of functional enhancements, performance improvements, and maintenance updates accumulated over several Pillow releases.

Highlights

Dependency Update: Updated the pillow dependency to version 12.1.1 across multiple requirements.txt files.
Security Fix: Addressed the security vulnerability CVE-2026-25990, which involved an out-of-bounds write when processing specially crafted PSD images.
Feature and Improvement Integration: Incorporated numerous features, bug fixes, and improvements from Pillow versions 11.3.0, 12.0.0, 12.1.0, and 12.1.1, including deprecations, documentation enhancements, and internal dependency updates.

Changelog

appengine/flexible/scipy/requirements.txt
- Updated pillow from 10.4.0 to 12.1.1.
appengine/flexible_python37_and_earlier/scipy/requirements.txt
- Updated pillow from 10.4.0 to 12.1.1.
generative_ai/embeddings/requirements.txt
- Updated pillow from 10.4.0 to 12.1.1.
generative_ai/evaluation/requirements.txt
- Updated pillow from 10.4.0 to 12.1.1.
generative_ai/extensions/requirements.txt
- Updated pillow from 10.4.0 to 12.1.1.
generative_ai/image_generation/requirements.txt
- Updated pillow from 10.4.0 to 12.1.1.
generative_ai/model_garden/requirements.txt
- Updated pillow from 10.4.0 to 12.1.1.
generative_ai/model_tuning/requirements.txt
- Updated pillow from 10.4.0 to 12.1.1.
generative_ai/prompts/requirements.txt
- Updated pillow from 10.4.0 to 12.1.1.
generative_ai/reasoning_engine/requirements.txt
- Updated pillow from 10.4.0 to 12.1.1.
vision/snippets/crop_hints/requirements.txt
- Updated pillow from 9.5.0 (for Python < 3.8) and 10.4.0 (for Python >= 3.8) to 12.1.1.
vision/snippets/document_text/requirements.txt
- Updated pillow from 9.5.0 (for Python < 3.8) and 10.4.0 (for Python >= 3.8) to 12.1.1.
vision/snippets/face_detection/requirements.txt
- Updated pillow from 9.5.0 (for Python < 3.8) and 10.4.0 (for Python >= 3.8) to 12.1.1.

Activity

This pull request was automatically generated by Renovate Bot.
Automerge is currently disabled, requiring manual merging.
Rebasing is configured to happen only if explicitly requested by checking the rebase/retry box.
No human comments or reviews have been recorded on this pull request.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

gemini-code-assist

Code Review

This pull request updates the pillow dependency to version 12.1.1 to address a security vulnerability. However, this is a major version upgrade which drops support for Python 3.9. As many of the projects in this repository still support Python 3.9, this upgrade will cause build failures. I have left critical comments on all affected requirements.txt files detailing the issue and suggesting potential solutions. Please carefully review these comments and decide on the appropriate course of action for handling Python 3.9 compatibility.

gemini-code-assist · 2026-02-11T16:09:48Z

appengine/flexible/scipy/requirements.txt

 numpy==1.26.4; python_version == '3.9'
 numpy==1.24.4; python_version == '3.8'
-pillow==10.4.0
+pillow==12.1.1


This update to Pillow v12 introduces a breaking change. Pillow v12.0.0 and later have dropped support for Python 3.9. This project appears to support Python 3.9 (as indicated by other dependencies in this file, e.g., numpy==1.26.4; python_version == '3.9'). Upgrading to pillow==12.1.1 will cause build failures for Python 3.9 environments.

To resolve this, you could:

Drop support for Python 3.9 in this project.

Use version pinning to install a different version of Pillow for Python 3.9. For example:
pillow<12; python_version == '3.9' pillow==12.1.1; python_version > '3.9'
However, this would mean not applying the security fix for Python 3.9 environments, as the fix is in v12.1.1. Please evaluate the security risk and decide on the best course of action.

gemini-code-assist · 2026-02-11T16:09:48Z

appengine/flexible_python37_and_earlier/scipy/requirements.txt

 numpy==2.2.4; python_version == '3.8'
 numpy==2.2.4; python_version == '3.7'
-pillow==10.4.0
+pillow==12.1.1


This update to Pillow v12 introduces a breaking change. Pillow v12.0.0 and later have dropped support for Python 3.9. This project appears to support Python 3.9 (as indicated by other dependencies in this file, e.g., numpy==2.2.4; python_version == '3.9'). Upgrading to pillow==12.1.1 will cause build failures for Python 3.9 environments.

To resolve this, you could:

Drop support for Python 3.9 in this project.

Use version pinning to install a different version of Pillow for Python 3.9. For example:
pillow<12; python_version == '3.9' pillow==12.1.1; python_version > '3.9'
However, this would mean not applying the security fix for Python 3.9 environments, as the fix is in v12.1.1. Please evaluate the security risk and decide on the best course of action.

gemini-code-assist · 2026-02-11T16:09:48Z

generative_ai/embeddings/requirements.txt

+pillow==12.1.1; python_version < '3.8'
+pillow==12.1.1; python_version >= '3.8'


This update to Pillow v12 introduces a breaking change. Pillow v12.0.0 and later have dropped support for Python 3.9. This project appears to support Python 3.9 (as indicated by the python_version >= '3.8' marker). Upgrading to pillow==12.1.1 will cause build failures for Python 3.9 environments.

To resolve this, you could:

Drop support for Python 3.9 in this project.

Use version pinning to install a different version of Pillow for Python 3.9. For example:
pillow<12; python_version == '3.9' pillow==12.1.1; python_version > '3.9'
However, this would mean not applying the security fix for Python 3.9 environments, as the fix is in v12.1.1. Please evaluate the security risk and decide on the best course of action.

Also, note that the two lines for pillow can be simplified into a single line if the same version is used for all Python versions.

gemini-code-assist · 2026-02-11T16:09:48Z

generative_ai/evaluation/requirements.txt

+pillow==12.1.1; python_version < '3.8'
+pillow==12.1.1; python_version >= '3.8'


This update to Pillow v12 introduces a breaking change. Pillow v12.0.0 and later have dropped support for Python 3.9. This project appears to support Python 3.9 (as indicated by the python_version >= '3.8' marker). Upgrading to pillow==12.1.1 will cause build failures for Python 3.9 environments.

To resolve this, you could:

Drop support for Python 3.9 in this project.

Use version pinning to install a different version of Pillow for Python 3.9. For example:
pillow<12; python_version == '3.9' pillow==12.1.1; python_version > '3.9'
However, this would mean not applying the security fix for Python 3.9 environments, as the fix is in v12.1.1. Please evaluate the security risk and decide on the best course of action.

Also, note that the two lines for pillow can be simplified into a single line if the same version is used for all Python versions.

gemini-code-assist · 2026-02-11T16:09:49Z

generative_ai/extensions/requirements.txt

+pillow==12.1.1; python_version < '3.8'
+pillow==12.1.1; python_version >= '3.8'


This update to Pillow v12 introduces a breaking change. Pillow v12.0.0 and later have dropped support for Python 3.9. This project appears to support Python 3.9 (as indicated by the python_version >= '3.8' marker). Upgrading to pillow==12.1.1 will cause build failures for Python 3.9 environments.

To resolve this, you could:

Drop support for Python 3.9 in this project.

Use version pinning to install a different version of Pillow for Python 3.9. For example:
pillow<12; python_version == '3.9' pillow==12.1.1; python_version > '3.9'
However, this would mean not applying the security fix for Python 3.9 environments, as the fix is in v12.1.1. Please evaluate the security risk and decide on the best course of action.

Also, note that the two lines for pillow can be simplified into a single line if the same version is used for all Python versions.

gemini-code-assist · 2026-02-11T16:09:49Z

generative_ai/prompts/requirements.txt

+pillow==12.1.1; python_version < '3.8'
+pillow==12.1.1; python_version >= '3.8'


This update to Pillow v12 introduces a breaking change. Pillow v12.0.0 and later have dropped support for Python 3.9. This project appears to support Python 3.9 (as indicated by the python_version >= '3.8' marker). Upgrading to pillow==12.1.1 will cause build failures for Python 3.9 environments.

To resolve this, you could:

Drop support for Python 3.9 in this project.

Use version pinning to install a different version of Pillow for Python 3.9. For example:
pillow<12; python_version == '3.9' pillow==12.1.1; python_version > '3.9'
However, this would mean not applying the security fix for Python 3.9 environments, as the fix is in v12.1.1. Please evaluate the security risk and decide on the best course of action.

Also, note that the two lines for pillow can be simplified into a single line if the same version is used for all Python versions.

gemini-code-assist · 2026-02-11T16:09:49Z

generative_ai/reasoning_engine/requirements.txt

+pillow==12.1.1; python_version < '3.8'
+pillow==12.1.1; python_version >= '3.8'


This update to Pillow v12 introduces a breaking change. Pillow v12.0.0 and later have dropped support for Python 3.9. This project appears to support Python 3.9 (as indicated by the python_version >= '3.8' marker). Upgrading to pillow==12.1.1 will cause build failures for Python 3.9 environments.

To resolve this, you could:

Drop support for Python 3.9 in this project.

Use version pinning to install a different version of Pillow for Python 3.9. For example:
pillow<12; python_version == '3.9' pillow==12.1.1; python_version > '3.9'
However, this would mean not applying the security fix for Python 3.9 environments, as the fix is in v12.1.1. Please evaluate the security risk and decide on the best course of action.

Also, note that the two lines for pillow can be simplified into a single line if the same version is used for all Python versions.

gemini-code-assist · 2026-02-11T16:09:49Z

vision/snippets/crop_hints/requirements.txt

+pillow==12.1.1; python_version < '3.8'
+pillow==12.1.1; python_version >= '3.8'


This update to Pillow v12 introduces a breaking change. Pillow v12.0.0 and later have dropped support for Python 3.9. This project appears to support Python 3.9 (as indicated by the python_version >= '3.8' marker). Upgrading to pillow==12.1.1 will cause build failures for Python 3.9 environments.

To resolve this, you could:

Drop support for Python 3.9 in this project.

Use version pinning to install a different version of Pillow for Python 3.9. For example:
pillow<12; python_version == '3.9' pillow==12.1.1; python_version > '3.9'
However, this would mean not applying the security fix for Python 3.9 environments, as the fix is in v12.1.1. Please evaluate the security risk and decide on the best course of action.

Also, note that the two lines for pillow can be simplified into a single line if the same version is used for all Python versions.

gemini-code-assist · 2026-02-11T16:09:49Z

vision/snippets/document_text/requirements.txt

+pillow==12.1.1; python_version < '3.8'
+pillow==12.1.1; python_version >= '3.8'


This update to Pillow v12 introduces a breaking change. Pillow v12.0.0 and later have dropped support for Python 3.9. This project appears to support Python 3.9 (as indicated by the python_version >= '3.8' marker). Upgrading to pillow==12.1.1 will cause build failures for Python 3.9 environments.

To resolve this, you could:

Drop support for Python 3.9 in this project.

Use version pinning to install a different version of Pillow for Python 3.9. For example:
pillow<12; python_version == '3.9' pillow==12.1.1; python_version > '3.9'
However, this would mean not applying the security fix for Python 3.9 environments, as the fix is in v12.1.1. Please evaluate the security risk and decide on the best course of action.

Also, note that the two lines for pillow can be simplified into a single line if the same version is used for all Python versions.

gemini-code-assist · 2026-02-11T16:09:49Z

vision/snippets/face_detection/requirements.txt

+pillow==12.1.1; python_version < '3.8'
+pillow==12.1.1; python_version >= '3.8'


This update to Pillow v12 introduces a breaking change. Pillow v12.0.0 and later have dropped support for Python 3.9. This project appears to support Python 3.9 (as indicated by the python_version >= '3.8' marker). Upgrading to pillow==12.1.1 will cause build failures for Python 3.9 environments.

To resolve this, you could:

Drop support for Python 3.9 in this project.

Use version pinning to install a different version of Pillow for Python 3.9. For example:
pillow<12; python_version == '3.9' pillow==12.1.1; python_version > '3.9'
However, this would mean not applying the security fix for Python 3.9 environments, as the fix is in v12.1.1. Please evaluate the security risk and decide on the best course of action.

Also, note that the two lines for pillow can be simplified into a single line if the same version is used for all Python versions.

chore(deps): update dependency pillow to v12 [security]

337f346

renovate-bot requested review from a team as code owners February 11, 2026 16:05

trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Feb 11, 2026

product-auto-label bot added samples Issues that are directly related to samples. api: appengine Issues related to the App Engine Admin API API. api: vision Issues related to the Cloud Vision API. labels Feb 11, 2026

kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 11, 2026

gemini-code-assist bot reviewed Feb 11, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency pillow to v12 [security]#13822

chore(deps): update dependency pillow to v12 [security]#13822
renovate-bot wants to merge 1 commit intoGoogleCloudPlatform:mainfrom
renovate-bot:renovate/pypi-pillow-vulnerability

renovate-bot commented Feb 11, 2026

Uh oh!

gemini-code-assist bot commented Feb 11, 2026

Uh oh!

gemini-code-assist bot left a comment

Uh oh!

gemini-code-assist bot Feb 11, 2026

Uh oh!

gemini-code-assist bot Feb 11, 2026

Uh oh!

gemini-code-assist bot Feb 11, 2026

Uh oh!

gemini-code-assist bot Feb 11, 2026

Uh oh!

gemini-code-assist bot Feb 11, 2026

Uh oh!

gemini-code-assist bot Feb 11, 2026

Uh oh!

gemini-code-assist bot Feb 11, 2026

Uh oh!

gemini-code-assist bot Feb 11, 2026

Uh oh!

gemini-code-assist bot Feb 11, 2026

Uh oh!

gemini-code-assist bot Feb 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

		pillow==12.1.1; python_version < '3.8'
		pillow==12.1.1; python_version >= '3.8'

Conversation

renovate-bot commented Feb 11, 2026

GitHub Vulnerability Alerts

CVE-2026-25990

Impact

Patches

Workarounds

References

Release Notes

v12.1.1

v12.1.0

Deprecations

Documentation

Dependencies

Testing

Type hints

Other changes

v12.0.0

Removals

Deprecations

Documentation

Dependencies

Testing

Type hints

Other changes

v11.3.0

Deprecations

Documentation

Dependencies

Testing

Type hints

Other changes

Configuration

Uh oh!

gemini-code-assist bot commented Feb 11, 2026

Summary of Changes

Highlights

Footnotes

Uh oh!

gemini-code-assist bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

`v12.1.1`

`v12.1.0`

`v12.0.0`

`v11.3.0`