fix(deps): update dependency pillow to >=11.3.0,<11.4.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pillow (changelog)	>=11.2.1,<11.3.0 -> >=11.3.0,<11.4.0

---

Release Notes

python-pillow/Pillow (pillow)

v11.3.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sourcery-ai]

Reviewer's Guide

This PR bumps the Pillow dependency to version >=11.3.0,<11.4.0 by updating the manifest and regenerating the lockfile.

File-Level Changes

Change	Details	Files
Bump Pillow version and refresh lockfile	Updated Pillow constraint in pyproject.toml Regenerated poetry.lock with new Pillow version	pyproject.toml poetry.lock

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

poetry.lock

Package	Version	License	Issue Type
pillow	11.3.0	Null	Unknown License

pyproject.toml

Package	Version	License	Issue Type
pillow	>= 11.3.0,< 11.4.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/pillow	11.3.0	🟢 6.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices 🟢 5 badge detected: Passing License 🟢 9 license file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 13 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/pillow	>= 11.3.0,< 11.4.0	🟢 6.9	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices 🟢 5 badge detected: Passing License 🟢 9 license file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 13 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Files

• poetry.lock
• pyproject.toml

[cloudflare-workers-and-pages]

Deploying tux with    Cloudflare Pages

Latest commit:	9fc66dd
Status:	⚡️  Build in progress...

View logs