Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to @memrise/lqip #193

Closed
wants to merge 2 commits into from
Closed

Switch to @memrise/lqip #193

wants to merge 2 commits into from

Conversation

mulholo
Copy link

@mulholo mulholo commented Aug 19, 2020
edited
Loading

Fix for #192

Our team was receiving a dependency security advisory for url-regex, required by the dependency chain: lqip-loaderlqipjimpurl-regex. Although jimp no longer depends on url-regex, lqip was using an older version of jimp which did.

There are two ways I think this issue can be fixed and I've taken steps along both paths.

My preferred route is to upgrade jimp in lqip, then upgrade lqip-loader and we're done. I've made a PR to lqip to upgrade jimp here.

However, since lqip and lqip-loader no longer appear to be supported, I've also forked each of these repos to @Memrise (https://github.com/Memrise/lqip-loader and https://github.com/Memrise/lqip) and made this PR to use @memrise/lqip-loader instead of lqip. This is a little more awkward and I'm not 100% confident in my changes but it is a good backup fix.

What I'd like is either for a check over of this PR and a merge or suggestion as to how we can get the original lqip-loader upgraded. Longer term, I'd love for there to be a plan for moving away from unsupported dependencies such as these.

Apologies for the formatting changes. I have my editor set to auto-prettify and I noticed you don't yet have a .prettierrc so I added one along the way to avoid issues like this in the future. Happy to set up proper CI for this if you think it's a good idea!

@codecov-commenter
Copy link

codecov-commenter commented Aug 19, 2020
edited
Loading

Codecov Report

Merging #193 into master will not change coverage.
The diff coverage is 100.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #193   +/-   ##
=======================================
  Coverage   88.42%   88.42%           
=======================================
  Files          13       13           
  Lines         190      190           
  Branches       46       46           
=======================================
  Hits          168      168           
  Misses         16       16           
  Partials        6        6
Impacted Files Coverage Δ
lib/resource-queries.js 100.00% <ø> (ø)
lib/loaders/img-loader.js 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fe31e5c...a7dc15e. Read the comment docs.

@mulholo
Copy link
Author

mulholo commented Aug 20, 2020

Closing after response here: #192 (comment)

@mulholo mulholo closed this Aug 20, 2020
@mulholo mulholo deleted the switch-to-memrise-lqip branch August 20, 2020 15:23
@wv91364210zhuozh wv91364210zhuozh mentioned this pull request Nov 4, 2022
Open
@wv91364210zhuozh wv91364210zhuozh mentioned this pull request Dec 25, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mulholo @codecov-commenter