Closed khink closed 1 year ago
I think it should be optional dependency, along with svglib. Those who need SVG support always can install it manually.
I fully support the idea that this dependency should be optional.
Making reportlab optional would also help if you can't build it at the moment: https://stackoverflow.com/questions/69973873/symbol-not-found-in-flat-namespace-ft-done-face-from-reportlab-with-python3#comment125447843_69975866
This issue may be closed.
@Mogost Installing easy_thumbnails still pulls in reportlab, even without the [svg]
extra:
$ pip install easy-thumbnails
Collecting easy-thumbnails
Using cached easy_thumbnails-2.8.1-py3-none-any.whl (74 kB)
Collecting svglib
Using cached svglib-1.2.1.tar.gz (896 kB)
Collecting reportlab
Downloading reportlab-3.6.7-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.8 MB)
|████████████████████████████████| 2.8 MB 12.6 MB/s
Sure. Fix is already in code. Just waiting for release.
May I kindly ask for the code to be released properly?
Hi Florian, just released 2.8.2. Please recheck. Sorry for the long delay and thanks for the reminder.
Hi @jrief the new release causes issues because the VIL import is not guarded in all places in the easy-thumbnails codebase. For example: https://github.com/SmileyChris/easy-thumbnails/blob/92060b9fd7b617cab1ac88d149dc5021d43b35c3/easy_thumbnails/files.py#L17 has a unguarded from easy_thumbnails.VIL.Image import load
, which breaks if reportlab
isn't installed.
When installing easy-thumbnails >=2.8, reportlab is pulled in, which had a security issue (https://security.snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145):
Does easy-thumbnails mitigate this, and if yes, how?