v1.0.17 - Security & Performance

PrzemekSkw released this 27 Apr 18:58

· 25 commits to main since this release

38d93d7

Security

Override dompurify >=3.4.1 (CVE-2026-41238, CVE-2026-41239, GHSA-h8r8-wccr-v5f2, GHSA-v2wj-7wpq-c8vv)
Update axios to 1.15.0 (CVE-2025-62718 - SSRF via NO_PROXY bypass)
Update flatted to 3.4.2 (CVE-2026-33228 - Prototype Pollution)
Update picomatch to 2.3.2 (CVE-2026-33671, CVE-2026-33672)
Update yaml to 2.8.3 (stack overflow fix)
Update minimatch to 3.1.5 (ReDoS fix)
Update rembg version range
Bump docker/login-action to v4
Bump docker/setup-buildx-action to v4
Bump docker/metadata-action to v6
Bump docker/build-push-action to v7

Performance

Fix thumbnail generating full-size PNG 14 times (5-minute delay reduced to <1 second)
Thumbnail generation moved to background tasks (HTTP response returns immediately)
Preserve input format during processing (JPG stays JPG, prevents file size inflation)
Fix RQ Worker crash from deprecated Connection import (rq >= 2.0)

Assets 2