Open Dawars opened 1 year ago
Is this repo still alive ?
There's also a high-severity vulnerability in webp that was fixed in https://github.com/python-pillow/Pillow/pull/7395
This changes are unrelated to Pillow-simd, which doesn’t have binary builds. It always uses system-provided versions of libraries
Recently several vulnerabilities have been uncovered. https://github.com/advisories?query=type%3Areviewed+Pillow
It is crucial to apply these fixes for use in production.
This PR is a straightforward merge from 9.4.x containing security vulnerability fixes, specifically:
Only test failing is test_file_fits:test_open which is caused by one-off error in simd implementation of rgb2l(). https://github.com/Dawars/pillow-simd/blob/simd/9.4.x/Tests/test_file_fits.py#L21
This seems negligible, how should I proceed?
The update also contains Github Actions related changes which I'm not familiar with and therefore probably incorrectly set up.