fix(nomic,openai,perplexity): update pillow version to >= 12.1.1, <13.0.0 (#35254)

Updates the minimum Pillow version to address CVE-2026-25990 (HIGH
severity out-of-bounds write vulnerability affecting versions 10.3.0
through 12.1.0).

Changes:
langchain-nomic: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0
langchain-openai: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0
langchain-perplexity: pillow>=10.3.0,<13.0.0 → pillow>=12.1.1,<13.0.0
Safety: This is a minimum version bump within the existing constraint
range (<13.0.0), so no breaking changes are introduced.

CVE Details:
CVE-2026-25990: An out-of-bounds write may be triggered when loading a
specially crafted PSD image
Affected versions: 10.3.0 to <12.1.1
Fixed in: 12.1.1
Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-25990

** Claude Helped me write this nice message **
The original findings was thanks to a Trivy scan

---------

Co-authored-by: Mason Daugherty <mason@langchain.dev>

libs/partners/nomic/pyproject.toml

@@ -24,7 +24,7 @@ requires-python = ">=3.10.0,<4.0.0"
 dependencies = [
     "langchain-core>=1.0.0,<2.0.0",
     "nomic>=3.5.3,<4.0.0",
-    "pillow>=10.3.0,<13.0.0",
+    "pillow>=12.1.1,<13.0.0",
 ]
 
 [project.urls]

libs/partners/openai/pyproject.toml

@@ -61,7 +61,7 @@ lint = ["ruff>=0.13.1,<0.14.0"]
 dev = ["langchain-core"]
 test_integration = [
     "httpx>=0.27.0,<1.0.0",
-    "pillow>=10.3.0,<13.0.0",
+    "pillow>=12.1.1,<13.0.0",
     "numpy>=1.26.4; python_version < '3.13'",
     "numpy>=2.1.0; python_version >= '3.13'",
 ]

libs/partners/perplexity/pyproject.toml

@@ -56,7 +56,7 @@ lint = ["ruff>=0.13.1,<0.14.0"]
 dev = ["langchain-core"]
 test_integration = [
     "httpx>=0.27.0,<1.0.0",
-    "pillow>=10.3.0,<13.0.0",
+    "pillow>=12.1.1,<13.0.0",
 ]
 typing = [
     "mypy>=1.10.0,<2.0.0",