Merge pull request #19 from supabase/rebase/master

Rebase/master

.github/workflows/Dockerfile

@@ -3,10 +3,12 @@ FROM debian:bullseye-slim
 RUN apt-get -qq update \
   && apt-get install -y --no-install-recommends \
     bash \
-    ca-certificates \
-    build-essential \
     curl \
     git \
+    ca-certificates \
+    build-essential \
+    ninja-build \
+    python3-pip \
     libglib2.0-dev \
     libxml2-dev \
     libjpeg-dev \
@@ -21,40 +23,39 @@ RUN apt-get -qq update \
     libswscale-dev \
     libopencv-core-dev \
     libopencv-imgproc-dev \
-    libopencv-dnn-dev
+    libopencv-objdetect-dev \
+    libopencv-dnn-dev \
+  && pip install --force meson \
+  && rm -rf /var/lib/apt/lists/*
 
 RUN \
   mkdir /root/vips \
-  && cd /root/vips \
-  && curl -s -S -L -o vips_releases.json "https://api.github.com/repos/libvips/libvips/releases" \
-  && for VIPS_VERSION in "8.10" "8.11" "8.12"; do \
-    mkdir $VIPS_VERSION \
-    && export VIPS_RELEASE=$(grep -m 1 "\"tag_name\": \"v$VIPS_VERSION." vips_releases.json | sed -E 's/.*"v([^"]+)".*/\1/') \
-    && echo "Building Vips $VIPS_RELEASE as $VIPS_VERSION" \
-    && curl -s -S -L -o $VIPS_RELEASE.tar.gz https://github.com/libvips/libvips/releases/download/v$VIPS_RELEASE/vips-$VIPS_RELEASE.tar.gz \
-    && tar -xzf $VIPS_RELEASE.tar.gz \
-    && cd vips-$VIPS_RELEASE \
-    && ./configure \
-      --prefix=/root/vips/$VIPS_VERSION \
-      --without-python \
-      --without-gsf \
-      --without-orc \
-      --disable-debug \
-      --disable-dependency-tracking \
-      --disable-static \
-      --enable-silent-rules \
-      --enable-gtk-doc-html=no \
-      --enable-gtk-doc=no \
-      --enable-pyvips8=no \
-    && make install \
-    && cd .. \
-    && rm -rf $VIPS_RELEASE.tar.gz vips-$VIPS_RELEASE; \
-  done
+    && cd /root/vips \
+    && curl -s -S -L -o vips_releases.json "https://api.github.com/repos/libvips/libvips/releases" \
+    && for VIPS_VERSION in "8.13" "8.14"; do \
+      mkdir $VIPS_VERSION \
+      && export VIPS_RELEASE=$(grep -m 1 "\"tag_name\": \"v$VIPS_VERSION." vips_releases.json | sed -E 's/.*"v([^"]+)".*/\1/') \
+      && echo "Building Vips $VIPS_RELEASE as $VIPS_VERSION" \
+      && curl -s -S -L -o libvips-$VIPS_RELEASE.tar.gz https://github.com/libvips/libvips/archive/refs/tags/v$VIPS_RELEASE.tar.gz \
+      && tar -xzf libvips-$VIPS_RELEASE.tar.gz \
+      && cd libvips-$VIPS_RELEASE \
+      && meson setup _build \
+        --buildtype=release \
+        --strip \
+        --prefix=/root/vips/$VIPS_VERSION \
+        --libdir=lib \
+        -Dgtk_doc=false \
+        -Dintrospection=false \
+      && ninja -C _build \
+      && ninja -C _build install \
+      && cd .. \
+      && rm -rf libvips-$VIPS_RELEASE.tar.gz libvips-$VIPS_RELEASE; \
+    done
 
 RUN echo "Name: OpenCV\n" \
   "Description: Open Source Computer Vision Library\n" \
   "Version: 4.5.1\n" \
-  "Libs: -L/usr/lib/x86_64-linux-gnu -lopencv_dnn -lopencv_imgproc -lopencv_core\n" \
+  "Libs: -L/usr/lib/x86_64-linux-gnu -lopencv_dnn -lopencv_objdetect -lopencv_imgproc -lopencv_core\n" \
   "Libs.private: -ldl -lm -lpthread -lrt\n" \
   "Cflags: -I/usr/include/opencv4\n" \
   > /usr/lib/x86_64-linux-gnu/pkgconfig/opencv4.pc

.github/workflows/docs-lint.yml

@@ -0,0 +1,26 @@
+name: Lint Docs
+
+on:
+  push:
+    branches:
+    - master
+    paths:
+    - "*.md"
+    - "**/*.md"
+  pull_request:
+    paths:
+    - "*.md"
+    - "**/*.md"
+
+jobs:
+  lychee:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Link Checker
+      id: lychee
+      uses: lycheeverse/lychee-action@v1.6.1
+      env:
+        GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      with:
+        args: docs README.md CHANGELOG.md --exclude localhost --exclude-path docs/index.html -v

.github/workflows/lint.yml

@@ -11,15 +11,15 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     container:
-      image: darthsim/imgproxy-ci:latest
+      image: darthsim/imgproxy-ci:202302212110
     strategy:
       matrix:
-        go-version: ["1.19.2"]
-        vips-version: ["8.12"]
+        go-version: ["1.20.4"]
+        vips-version: ["8.14"]
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
+        uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
         with:
           go-version: ${{ matrix.go-version }}
       - name: Cache mods
@@ -34,7 +34,7 @@ jobs:
       - name: Lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.46.2
+          version: v1.51.2
           args: --timeout 5m0s
           skip-cache: true
         env:

.github/workflows/test.yml

@@ -11,15 +11,15 @@ jobs:
   test:
     runs-on: ubuntu-latest
     container:
-      image: darthsim/imgproxy-ci:latest
+      image: darthsim/imgproxy-ci:202302212110
     strategy:
       matrix:
-        go-version: ["1.19.2"]
-        vips-version: ["8.12"]
+        go-version: ["1.20.4"]
+        vips-version: ["8.14"]
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
+        uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
         with:
           go-version: ${{ matrix.go-version }}
       - name: Cache mods

CHANGELOG.md

@@ -67,6 +67,142 @@
 - Fix HTTP response status when OpenTelemetry support is enabled.
 - (docker) Fix saving of paletted PNGs with low bit-depth.
 
+## [3.17.0] - 2023-05-10
+### Add
+- Add `process_resident_memory_bytes`, `process_virtual_memory_bytes`, `go_memstats_sys_bytes`, `go_memstats_heap_idle_bytes`, `go_memstats_heap_inuse_bytes`, `go_goroutines`, `go_threads`, `buffer_default_size_bytes`, `buffer_max_size_bytes`, and `buffer_size_bytes` metrics to OpenTelemetry.
+- Add support for the `Last-Modified` response header and the `If-Modified-Since` request header (controlled by the `IMGPROXY_USE_LAST_MODIFIED` config).
+- Add `IMGPROXY_S3_ASSUME_ROLE_ARN` config.
+- Add `IMGPROXY_MALLOC` Docker-only config.
+
+### Change
+- Optimized memory buffers pooling for better performance and memory reusage.
+- Optimized watermarks application.
+
+### Fix
+- Fix crushes when `watermark_text` has an invalid value.
+
+## [3.16.1] - 2023-04-26
+### Fix
+- Fix crashes in cases where the `max_bytes` processing option was used and image saving failed.
+- Fix error when using the `extend` or `extend_aspect_ratio` processing option while setting zero width or height.
+- Fix color loss when applying a watermark with a palette on an image without a palette.
+- (pro) Fix crashes when using `IMGPROXY_SMART_CROP_FACE_DETECTION` with large `IMGPROXY_CONCURRENCY`.
+- (pro) Fix watermark scaling when neither watermark scale nor watermark size is specified.
+
+## [3.16.0] - 2023-04-18
+### Add
+- Add support for `Sec-CH-DPR` and `Sec-CH-Width` client hints.
+- Add support for Base64-encoded `filename` processing option values.
+- Add `IMGPROXY_REQUEST_HEADERS_PASSTHROUGH` and `IMGPROXY_RESPONSE_HEADERS_PASSTHROUGH` configs.
+
+### Change
+- Improved object-oriented crop.
+
+### Fix
+- Fix detection of dead HTTP/2 connections.
+- Fix the way the `dpr` processing option affects offsets and paddings.
+
+### Remove
+- Remove suport for `Viewport-Width` client hint.
+- Don't set `Content-DPR` header (deprecated in the specification).
+
+## [3.15.0] - 2023-04-10
+### Add
+- Add the `IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES`, `IMGPROXY_ALLOW_LINK_LOCAL_SOURCE_ADDRESSES`, and `IMGPROXY_ALLOW_PRIVATE_SOURCE_ADDRESSES` configs.
+
+### Change
+- Connecting to loopback, link-local multicast, and link-local unicast IP addresses when requesting source images is prohibited by default.
+- Tuned source image downloading flow.
+- Disable extension checking if the `raw` processing option is used.
+
+### Fix
+- (pro) Fix face detection during advanced smart crop in some cases.
+
+## [3.14.0] - 2023-03-07
+## Add
+- Add [extend_aspect_ratio](https://docs.imgproxy.net/latest/generating_the_url?id=extend-aspect-ratio) processing option.
+- Add the `IMGPROXY_ALLOW_SECURITY_OPTIONS` config + `max_src_resolution`, `max_src_file_size`, `max_animation_frames`, and `max_animation_frame_resolution` processing options.
+- (pro) Add [advanced smart crop](https://docs.imgproxy.net/latest/configuration?id=smart-crop).
+
+### Change
+- Make the `expires` processing option set `Expires` and `Cache-Control` headers.
+- Sanitize `use` tags in SVGs.
+
+### Fix
+- Fix handling some ICC profiles.
+
+## [3.13.2] - 2023-02-15
+### Change
+- Remove color-related EXIF data when stripping ICC profile.
+- (pro) Optimize saving to MP4.
+
+### Fix
+- (pro) Fix saving with autoquality in some cases.
+- (pro) Fix saving large images to MP4.
+
+## [3.13.1] - 2023-01-16
+### Fix
+- Fix applying watermarks with replication.
+
+## [3.13.0] - 2023-01-11
+### Change
+- Add support for Managed Identity or Service Principal credentials to Azure Blob Storage integration.
+- Optimize memory usage in some scenarios.
+- Better SVG sanitization.
+- (pro) Allow usage of floating-point numbers in the `IMGPROXY_VIDEO_THUMBNAIL_SECOND` config and the `video_thumbnail_second` processing option.
+
+### Fix
+- Fix crashes in some cases when using OpenTelemetry in Amazon ECS.
+- (pro) Fix saving of GIF with too small frame delay to MP4
+
+## [3.12.0] - 2022-12-11
+### Add
+- Add `IMGPROXY_MAX_ANIMATION_FRAME_RESOLUTION` config.
+- Add [Amazon CloudWatch](https://docs.imgproxy.net/latest/cloud_watch) support.
+- (pro) Add [`best` resultig image format](https://docs.imgproxy.net/latest/best_format).
+- (pro) Add `IMGPROXY_WEBP_COMPRESSION` config and [webp_options](https://docs.imgproxy.net/latest/generating_the_url?id=webp-options) processing option.
+
+### Change
+- Change `IMGPROXY_FORMAT_QUALITY` default value to `avif=65`.
+- Change `IMGPROXY_AVIF_SPEED` default value to `8`.
+- Change `IMGPROXY_PREFERRED_FORMATS` default value to `jpeg,png,gif`.
+- Set `Cache-Control: no-cache` header to the health check responses.
+- Allow replacing line breaks with `\n` in `IMGPROXY_OPEN_TELEMETRY_SERVER_CERT`, `IMGPROXY_OPEN_TELEMETRY_CLIENT_CERT`, and`IMGPROXY_OPEN_TELEMETRY_CLIENT_KEY`.
+
+### Fix
+- Fix 3GP video format detection.
+
+## [3.11.0] - 2022-11-17
+### Add
+- Add `IMGPROXY_OPEN_TELEMETRY_GRPC_INSECURE` config.
+- Add `IMGPROXY_OPEN_TELEMETRY_TRACE_ID_GENERATOR` config.
+- (pro) Add XMP data to the `/info` response.
+
+### Change
+- Better XMP data stripping.
+- Use parent-based OpenTelemetry sampler by default.
+- Use fixed TraceIdRatioBased sampler with OpenTelemetry.
+
+## [3.10.0] - 2022-11-04
+### Add
+- Add `IMGPROXY_CLIENT_KEEP_ALIVE_TIMEOUT` config.
+- (pro) Add [disable_animation](https://docs.imgproxy.net/latest/generating_the_url?id=disable-animation) processing option.
+- (pro) Add [gradient](https://docs.imgproxy.net/latest/generating_the_url?id=gradient) processing option.
+
+### Fix
+- Fix false-positive SVG detections.
+- Fix possible infinite loop during SVG sanitization.
+- (pro) Fix saving of GIF with variable frame delay to MP4.
+- (pro) Fix the size of video thumbnails if the video has a defined sample aspect ratio.
+
+## [3.9.0] - 2022-10-19
+### Add
+- Add `IMGPROXY_SVG_FIX_UNSUPPORTED` config.
+
+### Fix
+- Fix HTTP response status when OpenTelemetry support is enabled.
+- (docker) Fix saving of paletted PNGs with low bit-depth.
+
 ## [3.8.0] - 2022-10-06
 ### Add
 - Add [raw](https://docs.imgproxy.net/latest/generating_the_url?id=raw) processing option.

README.md

@@ -32,11 +32,18 @@ imgproxy is able to quickly and easily resize images on the fly, and it's well-e
 
 To get an even better introduction, and to dive deeper into the nitty gritty details, check out this article: [imgproxy: Resize your images instantly and securely](https://evilmartians.com/chronicles/introducing-imgproxy)
 
-<a href="https://evilmartians.com/?utm_source=imgproxy" target="_blank">
+<a href="https://evilmartians.com/?utm_source=opensource">
   <picture>
-    <source media="(prefers-color-scheme: dark)" srcset="assets/sponsored-dark.svg?sanitize=true">
-    <source media="(prefers-color-scheme: light)" srcset="assets/sponsored-light.svg?sanitize=true">
-    <img alt="Sponsored by Evil Martians" width="236" height="54" src="assets/sponsored-light.svg?sanitize=true">
+    <source
+      media="(prefers-color-scheme: dark)"
+      srcset="https://evilmartians.com/badges/sponsored-by-evil-martians_v2.0_for-dark-bg@2x.png"
+    >
+    <img
+      src="https://evilmartians.com/badges/sponsored-by-evil-martians_v2.0@2x.png"
+      alt="Sponsored by Evil Martians"
+      width="236"
+      height="54"
+    >
   </picture>
 </a>
 

SECURITY.md

@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security issues to `security@imgproxy.net`