Pillow version 10+ blocked in v0.6.22

[Rafiot]

Is there any reason to block Pillow 10 in the latest release? v10.0.0 and v10.0.1 contain security fixes and as far as I can tell, they work fine with python-pptx.

[scanny]

@Rafiot Pillow version 10 removed ImageFont.getsize(), which is used by the (ill-begotten) text-fitting algorithm here: https://github.com/scanny/python-pptx/blob/0e684ff57c5dc6c5dae9f4e2904951c2b90dc82a/pptx/text/layout.py#L313

This results in a test failure which is why the upper-limit was introduced.

I have what I believe is a simple fix, which I expect to include in the next release within a month or so.

In the meantime, as long as you don't call TextFrame.fit_text() then you should be able to use Pillow 10+ without a problem.

[Rafiot]

alright, I see. I don't use this feature so that explains why I had no issue.

Thanks!

[paul-freeman]

Adding here that using old version of Pillow has become a pretty big security issue.

[scanny]

Thanks @paul-freeman, that's good to know. I'll see if I can get this fixed up this week. It's an issue for my day job too as it happens, so I should be able to find an hour or two to do the needful :)

[ryanhiebert]

I pulled in a new version of this library this morning and didn't realize it was downgrading Pillow at the same time because of the version bound. I would definitely appreciate being able to get this library up-to-date.

[Knight1997]

@scanny do you have an ETA for fixing this issue?

[seankfh]

Hi @scanny! What can we do to help this get done?

[scanny]

This will be fixed in v0.6.23 coming out a little later today.

[scanny]

Okay, it's up there now. One of you want to give it a try and confirm it works as expected?

[seankfh]

Yes @scanny pip-audit no longer complains, so I have removed the --ignore-vulns from my pre-commit config, and pip-tools compiles to pillow 10.1.0. LGTM! :pray: