Skip to content
This repository has been archived by the owner on Mar 17, 2023. It is now read-only.

NPM Advisory 1217 failure #219

Open
gkim795 opened this issue Feb 27, 2020 · 2 comments
Open

NPM Advisory 1217 failure #219

gkim795 opened this issue Feb 27, 2020 · 2 comments

Comments

@gkim795
Copy link

gkim795 commented Feb 27, 2020
edited
Loading

NPM: https://www.npmjs.com/advisories/1217

There exists a vulnerability on the decompress file which is a dependency of image-webpack-loader as such: image-webpack-loader > imagemin-gifsicle > gifsicle > bin-build > decompress.

Refer to issue noted here kevva/decompress#71
@anikethsaha
Copy link
Contributor

The upstreams must update the dep then only this loader can

@morganchristiansson
Copy link

decompress is dependency of gifsicle imagemin/imagemin-gifsicle#41

either kevva GH org will fix decompress library or imagemin GH org will change to a maintained fork.

https://github.com/kevva/decompress repo was last active 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@morganchristiansson @anikethsaha @gkim795