SixLabors dependency upgrade?

[Kangaxx-0]

<PackageReference Include="SixLabors.ImageSharp" Version="1.0.4" />
<PackageReference Include="SixLabors.Fonts" Version="1.0.0-beta17" />

Is there a plan to upgrade SixLabors.ImageSharp (3.0 as the latest) and SixLabors.Fonts (2.0)?.

[TonyValenti]

I want this too. PdfSharpCore is using outdated and even beta versions of image sharp! I've had to roll a custom build of PdfSharpCore in order to maintain compatibility because the version this library uses is so old.

[TonyValenti]

@ststeiger - would you please upgrade ImageSharp? Yes - Their license changed which requires a small payment from large companies, but please don't hold back the library (or worse, encourage a fork) so that we can continue to use it.

[Will-Bill]

Looking for this too.

[TonyValenti]

@ststeiger - this is really holding a lot of us back. Are you really intending to force all of us to choose between being frozen on an old versions of ImageSharp or abandoning this library?

Please, please release an update that lets us move forward.
Anyone who is concerned about the ImageSharp license change can always stay on an old version of this library. All in all, I'm convinced that far more people will be inconvenienced by you freezing us on an old, beta version of ImageSharp than will be by the license change.

Can you please help us out?

[Will-Bill]

I cloned and updated to the latest Six labors packages, however this would drop support for pre .net6 due to the Fonts package only support > net6.

Maybe a 2.0 release of this targeting 6+ with the updated packages?

Minimal API changes FYI. Just a case of detecting the image type changed.

protected override IImageSource FromBinaryImpl(string name, Func<byte[]> imageSource, int? quality = 75)
        {
            var readOnlySpan = imageSource.Invoke();
            var image = Image.Load<TPixel>(readOnlySpan);
            var imageInfo = Image.Identify(readOnlySpan);
            return new ImageSharpImageSourceImpl<TPixel>(name, image, (int)quality, imageInfo.Metadata.DecodedImageFormat is PngFormat);
        }

All tests passed and ran OK.

<PackageReference Include="SixLabors.ImageSharp" Version="3.0.2" />
    <PackageReference Include="SixLabors.Fonts" Version="2.0.0" />

Pull request: #405

[TonyValenti]

@Will-Bill Your approach was pretty similar to mine!

https://github.com/ststeiger/PdfSharpCore/pull/400/files

[steeltomato]

Moving my comment from the closed PR - I suspect PdfSharp will at some point need to accept this into a major version bump as a breaking change. My interpretation of the SixLabors split license is that, since PdfSharp takes this as a dependency, all use ImageSharp through PdfSharp remains under the Apache 2.0 License through the "Transitive Dependency" clause. If anyone has a different take on it, I'm curious to hear it since it would certainly affect my transitive use of ImageSharp across various corporate projects.

For now I'll just keep trucking on with my happy little fork.

[TonyValenti]

@ststeiger Take a look at this commit I just added:
#409

This will enable you to support current and historical ImageSharp versions as well as current and historical .NET versions.

Can you please merge?

[steeltomato]

I like the revised approach Tony, seems like you're on the right path. By keeping the package upgrade within PdfSharp, I think users are able to stay within the "used through transitive" clause of of the split license.

[TonyValenti]

@ststeiger - Can you please take a look at #409 ? Having PDFSharp stuck on old versions of ImageSharp is really causing us a lot of pain.

[TonyValenti]

Also, while I am not a lawyer, 99% of my clients are lawyers so I get a lot of experience working with folks who are very technical with agreements.

I would concur with @steeltomato RE the Transitive Dependency clause.

[TonyValenti]

This is really becoming a pain. @ststeiger Can you please merge my PR?

[TonyValenti]

The PR allows folks using old versions of .NET to use old versions of ImageSharp and folks using new versions of .NET to use the latest version of ImageSharp.

[TonyValenti]

@ststeiger - Can you give me permission to merge this in?

[erxbout]

Hello
I would like to upgrade the very old package PDFsharpNetStandard2 to either this library PdfSharpCore or simply PdfSharp (https://github.com/empira/PDFsharp)

It also seems like this repository here has similar code.. but its not declared as a fork somewhere? So whats the connection there?

What makes my decision hard is that (as discussed in this issue) this beta reference is used.. That does not feel like a good idea for a production environment at all so I would wait until there is an updated package that does not use beta packages..

On the other side I would need to read large files.. That is already implemented in this library but not in PdfSharp so I can not use that either at the moment..
So I am kinda stuck and also will ask in PdfSharp to add the big file support there..

In summary @ststeiger I am not going to merge beta dependencies into main production code so this issue is also a blocker for me, please take a look at it

have a nice day folks!

[TonyValenti]

For those interested, the author of SixLabors ImageSharp posted here:
#399 (comment)

and indicated that there are no issues with @ststeiger upgrading to PDFSharpCore to the latest version of ImageSharp.

[TwentyFourMinutes]

We are currently fixing some security vulnerabilities including the one from SixLabors (GHSA-5x7m-6737-26cr, GHSA-65x7-c272-7g7r, GHSA-g85r-6x2q-45w7) which in order to fix them, we would need to update at least to v2.1.8, which would introduce breaking changes AFAICT...