Stop using pickle - deprecating the font caching mechanism + .pkl font files definitions parsing · Issue #345 · py-pdf/fpdf2 (original) (raw)

Intent
The pickle module is currently used in fpdf.py to implement a font caching mechanism.
However this library is notoriously dangerous: https://intoli.com/blog/dangerous-pickles/
bandit warned us about it: .banditrc.yml

Solution

1. Find out if how useful is this font caching mechanism: figure the speed improvement it provides:
   a. in a single Python script execution, with in-memory caching (no impact expected)
   b. when several consecutive calls to a Python script are made (there the cache should have some use)
2. If it is useful to keep a caching mechanism, implement another one