Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Jimp to address minimist security vulnerability #11

Closed
wants to merge 2 commits into from
Closed

Upgrade Jimp to address minimist security vulnerability #11

wants to merge 2 commits into from

Conversation

karlhorky
Copy link

@karlhorky karlhorky commented Mar 19, 2020
edited
Loading

Why was this closed?

This is not the correct repo!

Opened a new PR in the new maintained repo of node-potrace here: tooolbox#5

This new repo is maintained by @tooolbox.

Since the pull request for Jimp addressing minimist security vulnerability (https://www.npmjs.com/advisories/1179) was accepted, it would be good to upgrade to at least 0.9.6:

jimp-dev/jimp#857

Original fix in mkdirp: isaacs/node-mkdirp#7 (comment)

It seems like the last minor releases have not changed anything breaking...?

If this is accepted and released as a minor or patch, this will also enable Gatsby projects to fix the security issues without breaking semver, since gatsby-plugin-sharp and gatsby-transformer-sharp depend on potrace@^2.1.2:

@karlhorky karlhorky changed the title Upgrade Jimp and relax dependencies Upgrade Jimp and relax dependency Mar 19, 2020
@karlhorky karlhorky mentioned this pull request Mar 19, 2020
Merged
4 tasks
crutchcorn
crutchcorn reviewed Mar 19, 2020
View reviewed changes
package.json Outdated Show resolved Hide resolved
@karlhorky @crutchcorn
Revert to caret
22e4af5 
Co-Authored-By: Corbin Crutchley <crutchcorn@gmail.com>
@karlhorky karlhorky changed the title Upgrade Jimp and relax dependency Upgrade Jimp to address minimist security vulnerability Mar 19, 2020
@tooolbox tooolbox mentioned this pull request Mar 28, 2020
Closed
@karlhorky
Copy link
Author

karlhorky commented Mar 29, 2020
edited
Loading

Closing because of reason in description above. Superseded by tooolbox#5

@karlhorky karlhorky closed this Mar 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crutchcorn crutchcorn crutchcorn left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@karlhorky @crutchcorn