chore(deps): bump image from 0.24.9 to 0.25.9

[dependabot]

Bumps image from 0.24.9 to 0.25.9.

Changelog

Sourced from image's changelog.

Version 0.25.9

Features:

• Support extracting XMP metadata from PNG, JPEG, GIF, WebP and TIFF files (#2567, #2634, #2644)
• Support reading IPTC metadata from PNG and JPG files (#2611)
• Support reading ICC profile from GIF files (#2644)
• Allow setting a specific DEFLATE compression level when writing PNG (#2583)
• Initial support for 16-bit CMYK TIFF files (#2588)
• Allow extracting the alpha channel of a Pixel in a generic way (#2638)

Structural changes:

• EXR format decoding now only uses multi-threading via Rayon when the rayon feature is enabled (#2643)
• Upgraded zune-jpeg to 0.5.x, ravif to 0.12.x, gif to 0.14.x
• pnm: parse integers in PBM/PGM/PPM headers without allocations (#2620)
• Replace doc_auto_cfg with doc_cfg (#2637)

Bug fixes:

• Do not encode empty JPEG images (#2624)
• tga: reject empty images (#2614)
• tga: fix orientation flip for color mapped images (#2607)
• tga: adjust colormap lookup to match tga 2.0 spec (#2608)

Version 0.25.8

Re-release of 0.25.7

Fixes:

• Reverted a signature change to load_from_memory that lead to large scale type inference breakage despite being technically compatible.
• Color conversion Luma to Rgb used incorrect coefficients instead of broadcasting.

Version 0.25.7 (yanked)

Features:

• Added an API for external image format implementations to register themselves as decoders for a specific format in image (#2372)
• Added CICP awarenes via moxcms to support color spaces (#2531). The support for transforming is limited for now and will be gradually expanded.
• You can now embed Exif metadata when writing JPEG, PNG and WebP images (#2537, #2539)
• Added functions to extract orientation from Exif metadata and optionally clear it in the Exif chunk (#2484)
• Serde support for more types (#2445)
• PNM encoder now supports writing 16-bit images (#2431)

Structural changes:

• Increased MSRV to 1.85.0 (from 1.78.0)

API improvements:

• save, save_with_format, write_to and write_with_encoder methods on DynamicImage now automatically convert the pixel format when necessary instead of returning an error (#2501)
• Added DynamicImage::has_alpha() convenience method
• Implemented TryFrom<ExtendedColorType> for ColorType (#2444)
• Added const HAS_ALPHA to trait Pixel
• Unified the error for unsupported encoder colors (#2543)

... (truncated)

Commits

• 5ceb6af Merge pull request #2640 from Shnatsel/release-v0.25.9
• 282d7b3 Merge pull request #2646 from oligamiq/main
• 5412aee Amend the note in accordance with the advice of 197g.
• 4e8a4ed Clarify default features in README and add usage note
• ca8fa52 Merge pull request #2644 from image-rs/gif-0.14
• d9bc8fe mention GIF 0.14 changes
• 053220a Provide gif's XMP and ICC metadata
• 2ec20b3 Prepare codec with gif@0.14
• 31939fa Mention EXR rayon change
• c7f68be Merge pull request #2643 from Shnatsel/really-optional-rayon
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🛡️ Dependency Sentinel Check

This dependency update has been received and will follow the Git-Core Protocol lifecycle:

📋 Quarantine Protocol (14 Days)

Phase	Status	Date
🔬 Quarantine Start	✅ NOW	2025-12-06
🧠 AI Analysis	🔄 Pending	-
🔍 Community Monitoring	🔄 Active	-
🎓 Graduation	⏳ Scheduled	2025-12-20

🤖 AI Analysis Queue

The following AI agents will analyze this update:

• Gemini 3 Pro - Risk assessment, breaking changes
• CodeRabbit - Code patterns, best practices
• Copilot - Final meta-analysis (post-bots)

⚠️ Architecture Check

Before adoption, this update will be validated against:

• .✨/ARCHITECTURE.md - Critical decisions
• docs/agent-docs/RESEARCH_STACK_CONTEXT.md - Living context

📖 Protocol Reference

Dependency Quarantine Rule: Versions < 2 weeks old are in quarantine. Never use bleeding-edge dependencies in production.

---

Managed by Git-Core Protocol Dependency Sentinel

[dependabot]

Dependabot can't parse your Cargo.toml. Because of this, Dependabot cannot update this pull request.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.