search

matthewwithanm / pilkit

Utilities and processors built for, and on top of PIL
BSD 3-Clause "New" or "Revised" License
196 stars 54 forks source link

Please make a new pypi release #67

Closed Quantra closed 1 year ago

Quantra commented 1 year ago

The latest release on pypi was made in 2017: https://pypi.org/project/pilkit/

There have been fixes made in the last 6 years, particularly with regards to webp alpha support.

Could you please make a release which includes these fixes as well as all the other development that has been made in this time?

Thank you =]

vstoykov commented 1 year ago

Today I cleaned up the PRs and issues a little bit. Even I created the tag for the new version, but because I hadn't done any release from a long time and will need some time. I hope tomorrow the release to be on PyPi.

Quantra commented 1 year ago

Wonderful! Thank you so much! =D

mick88 commented 1 year ago

New update is urgently needed due to PYSEC-2023-175 vulnerability in webp files. By not supporting Pillow 10, the package exposes depending projects to the vulnerability.

We would appreciate prompt release of a new version with support for Pillow 10 which patches the security issue.

For anyone else anxious to get the latest release before it's listed on Pypi, try adding the following to your requirements.txt, or constraints.txt (replacing existing pilkit entry if you have one):

pilkit @ git+https://github.com/matthewwithanm/pilkit.git@3.0
vstoykov commented 1 year ago

The 3.0 release is out in PyPi https://pypi.org/project/pilkit/3.0/