Upgrade to Thumbor 7.6.0

[kgeorgiou]

Closes #140

• https://github.com/thumbor/thumbor/releases/tag/7.6.0
  • bump: update pillow verson to 10.0.1 thumbor/thumbor#1592

[gingerlime]

Thank you @kgeorgiou. It seems like the SIMD build still installs Pillow 9x :-/ not sure how to fix this? or perhaps there's no 10x version available for SIMD?

[gingerlime]

@kkopachev @heynemann do you know how to resolve this issue with the SIMD images?

thumbor/thumbor/Dockerfile

Lines 40 to 49 in 362f055

	RUN PILLOW_VERSION=$(python -c 'import PIL; print(PIL.__version__)') ; \
	if [ "$SIMD_LEVEL" ]; then \
	pip uninstall -y pillow || true && \
	CC="cc -m$SIMD_LEVEL" pip install --no-cache-dir -U --force-reinstall --no-binary=:all: "pillow-SIMD<=${PILLOW_VERSION}.post99" \
	# --global-option="build_ext" --global-option="--debug" \
	--global-option="build_ext" --global-option="--enable-lcms" \
	--global-option="build_ext" --global-option="--enable-zlib" \
	--global-option="build_ext" --global-option="--enable-jpeg" \
	--global-option="build_ext" --global-option="--enable-tiff" ; \
	fi ;

[gingerlime]

I will merge this for now, so we can at least resolve the webp issue with the regular thumbor image, but it looks like the SIMD versions are still vulnerable potentially?

[heynemann]

I don't know how to fix it. Maybe @guilhermef knows how to fix it...

[kgeorgiou]

or perhaps there's no 10x version available for SIMD?

Ah yes, it looks like the latest Pillow-SIMD release is 9.5.0 from April 1, 2023: https://github.com/uploadcare/pillow-simd/tags

Edit: Might need to re-open #140 to mention that SIMD versions still use a non-patched Pillow version

[gingerlime]

Thank you @kgeorgiou. I posted a note on uploadcare/pillow-simd#129