libvips: security, use libpng version range, bump deps #23130

mayeut · 2024-03-17T16:40:57Z

Specify library name and version: libvips/all

fix use of vulnerable version of expat: #23277

I've read the contributing guidelines.
I've used a recent Conan client version close to the currently deployed.
I've tried at least one configuration locally with the conan-center hook activated.

ericLemanissierBot · 2024-03-17T16:50:35Z

I detected other pull requests that are modifying libvips/all recipe:

libvips 8.15.2: fix url of tarball #23297

This message is automatically generated by https://github.com/ericLemanissier/conan-center-conflicting-prs so don't hesitate to report issues/improvements there.

mayeut · 2024-04-17T05:24:39Z

recipes/libvips/all/conanfile.py

        if self.options.with_heif:
            self.requires("libheif/1.16.2")
        if self.options.get_safe("with_highway"):
            self.requires("highway/1.0.7")
        if self.options.with_jpeg == "libjpeg":
            self.requires("libjpeg/9e")
        elif self.options.with_jpeg == "libjpeg-turbo":
-            self.requires("libjpeg-turbo/3.0.1")
+            self.requires("libjpeg-turbo/3.0.2")


needs bump: conflicts with libtiff, opencv, jasper, openimageio

mayeut · 2024-04-17T05:25:22Z

recipes/libvips/all/conanfile.py

        if self.options.with_openjpeg:
-            self.requires("openjpeg/2.5.0")
+            self.requires("openjpeg/2.5.2")


needs bump: conflicts with opencv

mayeut · 2024-04-17T05:27:06Z

recipes/libvips/all/conanfile.py

@@ -159,15 +159,15 @@ def requirements(self):
        if self.options.with_matio:
            self.requires("matio/1.5.24")
        if self.options.with_openexr:
-            self.requires("openexr/3.2.1")
+            self.requires("openexr/3.2.3")


needs bump: conflicts with opencv + known security issues #23277

conan-center-bot · 2024-04-17T12:09:13Z

Conan v1 pipeline ✔️

All green in build 12 (7cd91d755e2fcb0d173c39df62681e4ea02cf37e):

libvips/8.15.2:
All packages built successfully! (All logs)
libvips/8.14.2:
All packages built successfully! (All logs)
libvips/8.15.1:
All packages built successfully! (All logs)

Conan v2 pipeline ✔️

Note: Conan v2 builds are now mandatory. Please read our discussion about it.

All green in build 12 (7cd91d755e2fcb0d173c39df62681e4ea02cf37e):

libvips/8.15.2:
All packages built successfully! (All logs)
libvips/8.15.1:
All packages built successfully! (All logs)
libvips/8.14.2:
All packages built successfully! (All logs)

conan-center-bot · 2024-04-17T12:31:26Z

This PR has been automatically merged due to Bump version or Bump dependencies label.
Read https://github.com/conan-io/conan-center-index/blob/master/docs/labels.md#bump-version to obtain more information.

* libvips: use libpng version range, bump deps * bump deps * bump expat * bump openexr * use version range for expat --------- Co-authored-by: Uilian Ries <uilianries@gmail.com>

libvips: use libpng version range, bump deps

35c4ef0

This was referenced Mar 17, 2024

[service] Potentially conflicting recipes #3571

Closed

libvips: add v8.15.2 #23107

Merged

prince-chrismc mentioned this pull request Mar 17, 2024

Pull Requests Ready to be Reviewed prince-chrismc/conan-center-index-pending-review#1

Open