Release v0.32.4

Upgrade to libvips v8.14.3
Bump dep
2026-02-04 13:46:19 +01:00 · 2023-07-21 11:41:08 +01:00 · 2023-07-21 11:10:21 +01:00 · 2023-07-19 16:55:12 +01:00 · 2023-07-19 16:53:52 +01:00
12 changed files with 204 additions and 21 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@ node_modules
 /coverage
 test/bench/node_modules
 test/fixtures/output*
+test/fixtures/vips-properties.xml
 test/leak/libvips.supp
 test/saliency/report.json
 test/saliency/Image*
--- a/docs/api-utility.md
+++ b/docs/api-utility.md
@@ -165,4 +165,59 @@ const simd = sharp.simd();
 ```js
 const simd = sharp.simd(false);
 // prevent libvips from using liborc at runtime
+```
+
+
+## block
+Block libvips operations at runtime.
+
+This is in addition to the `VIPS_BLOCK_UNTRUSTED` environment variable,
+which when set will block all "untrusted" operations.
+
+
+**Since**: 0.32.4  
+
+| Param | Type | Description |
+| --- | --- | --- |
+| options | <code>Object</code> |  |
+| options.operation | <code>Array.&lt;string&gt;</code> | List of libvips low-level operation names to block. |
+
+**Example** *(Block all TIFF input.)*  
+```js
+sharp.block({
+  operation: ['VipsForeignLoadTiff']
+});
+```
+
+
+## unblock
+Unblock libvips operations at runtime.
+
+This is useful for defining a list of allowed operations.
+
+
+**Since**: 0.32.4  
+
+| Param | Type | Description |
+| --- | --- | --- |
+| options | <code>Object</code> |  |
+| options.operation | <code>Array.&lt;string&gt;</code> | List of libvips low-level operation names to unblock. |
+
+**Example** *(Block all input except WebP from the filesystem.)*  
+```js
+sharp.block({
+  operation: ['VipsForeignLoad']
+});
+sharp.unblock({
+  operation: ['VipsForeignLoadWebpFile']
+});
+```
+**Example** *(Block all input except JPEG and PNG from a Buffer or Stream.)*  
+```js
+sharp.block({
+  operation: ['VipsForeignLoad']
+});
+sharp.unblock({
+  operation: ['VipsForeignLoadJpegBuffer', 'VipsForeignLoadPngBuffer']
+});
 ```
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -2,7 +2,16 @@

 ## v0.32 - *flow*

-Requires libvips v8.14.2
+Requires libvips v8.14.3
+
+### v0.32.4 - 21st July 2023
+
+* Upgrade to libvips v8.14.3 for upstream bug fixes.
+
+* Expose ability to (un)block low-level libvips operations by name.
+
+* Prebuilt binaries: restore support for tile-based output.
+  [#3581](https://github.com/lovell/sharp/issues/3581)

 ### v0.32.3 - 14th July 2023

--- a/docs/search-index.json
+++ b/docs/search-index.json
--- a/lib/utility.js
+++ b/lib/utility.js
@@ -202,6 +202,72 @@ function simd (simd) {
 }
 simd(true);

+/**
+ * Block libvips operations at runtime.
+ *
+ * This is in addition to the `VIPS_BLOCK_UNTRUSTED` environment variable,
+ * which when set will block all "untrusted" operations.
+ *
+ * @since 0.32.4
+ *
+ * @example <caption>Block all TIFF input.</caption>
+ * sharp.block({
+ *   operation: ['VipsForeignLoadTiff']
+ * });
+ *
+ * @param {Object} options
+ * @param {Array<string>} options.operation - List of libvips low-level operation names to block.
+ */
+function block (options) {
+  if (is.object(options)) {
+    if (Array.isArray(options.operation) && options.operation.every(is.string)) {
+      sharp.block(options.operation, true);
+    } else {
+      throw is.invalidParameterError('operation', 'Array<string>', options.operation);
+    }
+  } else {
+    throw is.invalidParameterError('options', 'object', options);
+  }
+}
+
+/**
+ * Unblock libvips operations at runtime.
+ *
+ * This is useful for defining a list of allowed operations.
+ *
+ * @since 0.32.4
+ *
+ * @example <caption>Block all input except WebP from the filesystem.</caption>
+ * sharp.block({
+ *   operation: ['VipsForeignLoad']
+ * });
+ * sharp.unblock({
+ *   operation: ['VipsForeignLoadWebpFile']
+ * });
+ *
+ * @example <caption>Block all input except JPEG and PNG from a Buffer or Stream.</caption>
+ * sharp.block({
+ *   operation: ['VipsForeignLoad']
+ * });
+ * sharp.unblock({
+ *   operation: ['VipsForeignLoadJpegBuffer', 'VipsForeignLoadPngBuffer']
+ * });
+ *
+ * @param {Object} options
+ * @param {Array<string>} options.operation - List of libvips low-level operation names to unblock.
+ */
+function unblock (options) {
+  if (is.object(options)) {
+    if (Array.isArray(options.operation) && options.operation.every(is.string)) {
+      sharp.block(options.operation, false);
+    } else {
+      throw is.invalidParameterError('operation', 'Array<string>', options.operation);
+    }
+  } else {
+    throw is.invalidParameterError('options', 'object', options);
+  }
+}
+
 /**
 * Decorate the Sharp class with utility-related functions.
 * @private
@@ -216,4 +282,6 @@ module.exports = function (Sharp) {
  Sharp.versions = versions;
  Sharp.vendor = vendor;
  Sharp.queue = queue;
+  Sharp.block = block;
+  Sharp.unblock = unblock;
 };
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "sharp",
  "description": "High performance Node.js image processing, the fastest module to resize JPEG, PNG, WebP, GIF, AVIF and TIFF images",
-  "version": "0.32.3",
+  "version": "0.32.4",
  "author": "Lovell Fuller <npm@lovell.info>",
  "homepage": "https://github.com/lovell/sharp",
  "contributors": [
@@ -133,7 +133,7 @@
  ],
  "dependencies": {
    "color": "^4.2.3",
-    "detect-libc": "^2.0.1",
+    "detect-libc": "^2.0.2",
    "node-addon-api": "^6.1.0",
    "prebuild-install": "^7.1.1",
    "semver": "^7.5.4",
@@ -159,19 +159,19 @@
  },
  "license": "Apache-2.0",
  "config": {
-    "libvips": "8.14.2",
+    "libvips": "8.14.3",
    "integrity": {
-      "darwin-arm64v8": "sha512-eUuxg6H0tXgX4z2lsaGtZ4cbPAm7yoFgkvPDd4csxoiVt+QUB25pEJwiXw7oB53VlBFIp3O8lbydSFS5zH8MQQ==",
-      "darwin-x64": "sha512-cMT4v76IgzSR0VoXqLk/yftRyzMEZ+SBVMLzXCgqP/lmnYisrpmHHNqrWnoZbUUBXbPXLn6KMultYOJHe/c9ZQ==",
-      "linux-arm64v8": "sha512-OcDJ/ly80pxwaKnw0W91sSvZczPtWsjmzrY/+6NMiQZT84LkmeaRuwErbHhorKDxnl7iZuNn9Uj5V25Xmj+LDQ==",
-      "linux-armv6": "sha512-hk2ohSOYTJEtVQxEQFyQ+tuayKpYqx6NiXa7AE+8MF+yscxt+g+mLJ7TjDqtmb4ttFGH4IVfsEfU2YXIqWqkpg==",
-      "linux-armv7": "sha512-/5Ci2Cd+yLZmTaEt9lVJ89elxX3RMJpps0ESjj43X40yrwka51QfXeg1QV38uNzZpCDIZkrbXZK0lyKldjpLuA==",
-      "linux-x64": "sha512-wjCKmWfBb0uz1UB7rPDLvO0s+VWuoAY/Vv/YGCRFEQUkdSLQUgHExrOMMbOM3FleuYfQqznDYCXXphkl7X44+w==",
-      "linuxmusl-arm64v8": "sha512-QtD2n90yi+rLE65C0gksFUU5uMUFPICI/pS3A0bgthpIcoCejAOYs3ZjVWpZbHQuV/lWahIUYO78MB9CzY860A==",
-      "linuxmusl-x64": "sha512-TokQ/ETCJAsPYuxIMOPYDp25rlcwtpmIMtRUR9PB75TmZEJe7abRfCEInIPYeD8F/HxxnJSLiEdlbn1z1Jfzng==",
-      "win32-arm64v8": "sha512-IIuj4EAgLqEVAoOuYH79C61a7TcJXlU/RBwk+5JsGWc2mr4J/Ar5J01e6XBvU4Lu3eqcU+3GPaACZEa1511buA==",
-      "win32-ia32": "sha512-CsZi7lrReX3B6tmYgOGJ0IiAfcN5APDC6l+3gdosxfTfwpLLO+jXaSmyNwIGeMqrdgckG/gwwc+IrUZmkmjJ/A==",
-      "win32-x64": "sha512-J7znmNKUK4ZKo6SnSnEtzT1xRAwvkGXxIx9/QihAadu1TFdS06yNhcENmwC4973+KZBlAdVpWbZ8sLrEoWkdCA=="
+      "darwin-arm64v8": "sha512-zeb7jQ/5ARZfBH9Uy5wlpN05bFpiIN0qN3gIIpfJhpN0rhGDnjJZQgK0W+pOmG1YiLL42BMCS0SHldb0xE33rA==",
+      "darwin-x64": "sha512-C3N6smxdfprfz58cjojv0aekYXDl6+f9SwpGpxPG5RrZnrDMn5NOXtUQOEQ8PZ3Hd9VzfkJTnW/s36EvcMPfYg==",
+      "linux-arm64v8": "sha512-hT6B+OswqVQH10Fggq3jpOdn+GhxNx+5bk+EMr3lY3RZy72PZ+n4ZHJDfYSxAymdiz5rCdzGxsRLMb9GgD4OSw==",
+      "linux-armv6": "sha512-cW9giVrBssHXFt07l+PgqGu7P7XRDv7oW8jC6iXGBcjG75N7rXz2CK0DyPclfnyoWH4IQ78dh5SkQWmb6X4tig==",
+      "linux-armv7": "sha512-hgqFt3UkZHK6D91JtYrYmT1niznh+N93Zxj2EWXgTLAdcS1D3QqaDPEg2EhInHbXqYvfOuQYAAXPxt7zVtKqcw==",
+      "linux-x64": "sha512-FKbMBbCcFcSugRtuiTsA6Cov+M2WQ8nzvmmJ5xYYpRg/rsrWvObFT+6x/YBpblur9uXGjGIehjXVZtB3VXc+pg==",
+      "linuxmusl-arm64v8": "sha512-RTf6mrFyLGWnyt0DH4nHeXv5oSZMSJWxTdTt4cjvJsgp2Husz3mNJLQJGeehCuqPCYj/liJ9NIczw8u71eHFng==",
+      "linuxmusl-x64": "sha512-y/8UOkHzKhi/5UM1/ONyPvpuhO11nPQmuJWfzqUKj8kSKnDasmxv3FN46yI0XY3xA2oFC8lQNFBnLudQsi3Nvw==",
+      "win32-arm64v8": "sha512-D3PiVL981S7V0bSUwW3OqDS48H9QRw2vqQhYIY3JcIEssOnjWxmJGaz0Y9Zb8TYF5DHnnD6g5kEhob5Y2PIVEw==",
+      "win32-ia32": "sha512-FuLIaSIYJGJAcxyKkG/3/uuTzputekKSCcRCpRHkQS9J8IwM+yHzQeJ5W2PyAvNdeGIEwlYq3wnCNcXe1UGXWA==",
+      "win32-x64": "sha512-VQg4aBqpEfybgV8bjnrjfvnosxQDII/23mouFUfKHCsH5kvvHV5tTuPsxm6qbl+SCVploDK/zK1qpjop8YEvtg=="
    },
    "runtime": "napi",
    "target": 7
--- a/src/common.h
+++ b/src/common.h
@@ -15,8 +15,8 @@

 #if (VIPS_MAJOR_VERSION < 8) || \
  (VIPS_MAJOR_VERSION == 8 && VIPS_MINOR_VERSION < 14) || \
-  (VIPS_MAJOR_VERSION == 8 && VIPS_MINOR_VERSION == 14 && VIPS_MICRO_VERSION < 2)
-#error "libvips version 8.14.2+ is required - please see https://sharp.pixelplumbing.com/install"
+  (VIPS_MAJOR_VERSION == 8 && VIPS_MINOR_VERSION == 14 && VIPS_MICRO_VERSION < 3)
+#error "libvips version 8.14.3+ is required - please see https://sharp.pixelplumbing.com/install"
 #endif

 #if ((!defined(__clang__)) && defined(__GNUC__) && (__GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 6)))
--- a/src/sharp.cc
+++ b/src/sharp.cc
@@ -31,6 +31,7 @@ Napi::Object init(Napi::Env env, Napi::Object exports) {
  exports.Set("simd", Napi::Function::New(env, simd));
  exports.Set("libvipsVersion", Napi::Function::New(env, libvipsVersion));
  exports.Set("format", Napi::Function::New(env, format));
+  exports.Set("block", Napi::Function::New(env, block));
  exports.Set("_maxColourDistance", Napi::Function::New(env, _maxColourDistance));
  exports.Set("_isUsingJemalloc", Napi::Function::New(env, _isUsingJemalloc));
  exports.Set("stats", Napi::Function::New(env, stats));
--- a/src/utilities.cc
+++ b/src/utilities.cc
@@ -164,6 +164,17 @@ Napi::Value format(const Napi::CallbackInfo& info) {
  return format;
 }

+/*
+  (Un)block libvips operations at runtime.
+*/
+void block(const Napi::CallbackInfo& info) {
+  Napi::Array ops = info[size_t(0)].As<Napi::Array>();
+  bool const state = info[size_t(1)].As<Napi::Boolean>().Value();
+  for (unsigned int i = 0; i < ops.Length(); i++) {
+    vips_operation_block_set(ops.Get(i).As<Napi::String>().Utf8Value().c_str(), state);
+  }
+}
+
 /*
  Synchronous, internal-only method used by some of the functional tests.
  Calculates the maximum colour distance using the DE2000 algorithm
--- a/src/utilities.h
+++ b/src/utilities.h
@@ -12,6 +12,7 @@ Napi::Value counters(const Napi::CallbackInfo& info);
 Napi::Value simd(const Napi::CallbackInfo& info);
 Napi::Value libvipsVersion(const Napi::CallbackInfo& info);
 Napi::Value format(const Napi::CallbackInfo& info);
+void block(const Napi::CallbackInfo& info);
 Napi::Value _maxColourDistance(const Napi::CallbackInfo& info);
 Napi::Value _isUsingJemalloc(const Napi::CallbackInfo& info);

--- a/test/unit/tile.js
+++ b/test/unit/tile.js
@@ -928,7 +928,7 @@ describe('Tile', function () {
              if (err) throw err;
              assert.strictEqual(true, stat.isFile());
              assert.strictEqual(true, stat.size > 0);
-              extractZip(container, { dir: path.dirname(extractTo) })
+              extractZip(container, { dir: extractTo })
                .then(() => {
                  assertDeepZoomTiles(directory, 256, 13, done);
                })
@@ -959,7 +959,7 @@ describe('Tile', function () {
              if (err) throw err;
              assert.strictEqual(true, stat.isFile());
              assert.strictEqual(true, stat.size > 0);
-              extractZip(container, { dir: path.dirname(extractTo) })
+              extractZip(container, { dir: extractTo })
                .then(() => {
                  assertDeepZoomTiles(directory, 256, 13, done);
                })
@@ -988,7 +988,7 @@ describe('Tile', function () {
              if (err) throw err;
              assert.strictEqual(true, stat.isFile());
              assert.strictEqual(true, stat.size > 0);
-              extractZip(container, { dir: path.dirname(extractTo) })
+              extractZip(container, { dir: extractTo })
                .then(() => {
                  assertDeepZoomTiles(directory, 256, 13, done);
                })
--- a/test/unit/util.js
+++ b/test/unit/util.js
@@ -153,4 +153,41 @@ describe('Utilities', function () {
      assert.strictEqual(true, Array.isArray(sharp.vendor.installed));
    });
  });
+
+  describe('Block', () => {
+    it('Can block a named operation', () => {
+      sharp.block({ operation: ['test'] });
+    });
+    it('Can unblock a named operation', () => {
+      sharp.unblock({ operation: ['test'] });
+    });
+    it('Invalid block operation throws', () => {
+      assert.throws(() => sharp.block(1),
+        /Expected object for options but received 1 of type number/
+      );
+      assert.throws(() => sharp.block({}),
+        /Expected Array<string> for operation but received undefined of type undefined/
+      );
+      assert.throws(() => sharp.block({ operation: 'fail' }),
+        /Expected Array<string> for operation but received fail of type string/
+      );
+      assert.throws(() => sharp.block({ operation: ['maybe', false] }),
+        /Expected Array<string> for operation but received maybe,false of type object/
+      );
+    });
+    it('Invalid unblock operation throws', () => {
+      assert.throws(() => sharp.unblock(1),
+        /Expected object for options but received 1 of type number/
+      );
+      assert.throws(() => sharp.unblock({}),
+        /Expected Array<string> for operation but received undefined of type undefined/
+      );
+      assert.throws(() => sharp.unblock({ operation: 'fail' }),
+        /Expected Array<string> for operation but received fail of type string/
+      );
+      assert.throws(() => sharp.unblock({ operation: ['maybe', false] }),
+        /Expected Array<string> for operation but received maybe,false of type object/
+      );
+    });
+  });
 });
Author	SHA1	Message	Date
Lovell Fuller	aea368a3a0	Release v0.32.4	2023-07-21 11:41:08 +01:00
Lovell Fuller	7ecbc20d3d	Upgrade to libvips v8.14.3	2023-07-21 11:10:21 +01:00
Lovell Fuller	cb0e2a91c4	Bump dep	2023-07-19 16:55:12 +01:00
Lovell Fuller	739b317a6f	Expose ability to (un)block libvips ops by name	2023-07-19 16:53:52 +01:00