search

Iconscout / unicons

Unicons by IconScout offers 7,000+ free 3D and animated icons plus icon fonts in line, monochrome, solid and thin line styles. Use them in your web, iOS or Android design projects.
https://iconscout.com/unicons
Other
1.41k stars 97 forks source link

Update SVGO dependency #165

Open regazzoj opened 2 years ago

regazzoj commented 2 years ago

Hi ! Is it possible to update SVGO to 2.0.0 or above to avoid a warning with a high severity when running "npm audit fix" =>

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install svgo@2.8.0, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo

Link to advise

I try to fix it in my fork of this repo but I struggle to build the font. It looks like I miss some secrets... Without these secrets, I can't go further to update SVGO calls.

Thanks for you help

Xavier-IV commented 1 year ago

I created a ticket and PR related to this, but the fix seems to be fixing most of the issue with vulnerabilities.

Outdated webpack was at fault.

Mentioned ticket - https://github.com/Iconscout/unicons/issues/167