Fix security vulnerabilities #109

jacekkoziol · 2024-07-18T12:33:10Z

The package depends on packages:

oslllo-potrace
oslllo-svg2

which depends on vulnerable versions of jimp package

# npm audit report

phin  <3.7.1
Severity: moderate
phin may include sensitive headers in subsequent requests after redirect - https://github.com/advisories/GHSA-x565-32qp-m3vf
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/phin
  @jimp/core  <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
  Depends on vulnerable versions of phin
  node_modules/@jimp/core
    @jimp/custom  <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
    Depends on vulnerable versions of @jimp/core
    node_modules/@jimp/custom
      jimp  0.3.6-alpha.5 - 0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
      Depends on vulnerable versions of @jimp/custom
      node_modules/jimp
        oslllo-potrace  >=1.1.0
        Depends on vulnerable versions of jimp
        node_modules/oslllo-potrace
          oslllo-svg-fixer  >=0.6.0
          Depends on vulnerable versions of oslllo-potrace
          Depends on vulnerable versions of oslllo-svg2
          node_modules/oslllo-svg-fixer
        oslllo-svg2  *
        Depends on vulnerable versions of jimp
        node_modules/oslllo-svg2

The text was updated successfully, but these errors were encountered:

This was linked to pull requests Jul 21, 2024

fix: security vulnerabilities #110

Merged

chore(master): release 5.0.0 #111

Merged

Ghustavh97 closed this as completed in #111 Jul 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix security vulnerabilities #109

Fix security vulnerabilities #109

jacekkoziol commented Jul 18, 2024

Fix security vulnerabilities #109

Fix security vulnerabilities #109

Comments

jacekkoziol commented Jul 18, 2024