Fix for CVE-2023-4863 - Githubissues

NJAldwin / eleventy-plugin-gen-favicons

Favicon generator plugin for eleventy

MIT License

15 stars 4 forks source link

Fix for CVE-2023-4863 #10

Closed rg-wood closed 2 months ago

rg-wood commented 9 months ago

npm is reporting a severe security alert for the sharp dependency. This change updates a number of dependencies, including the insecure one.

See here for more information:

https://github.com/advisories/GHSA-54xq-cgqr-rpm3

anantshri commented 5 months ago

@NJAldwin any chance you are thinking of upgrading this specific dependency.

NJAldwin commented 5 months ago

Hey folks, thanks for the PR and ping -- I've been busy at work. I will take a look at this this week.

NJAldwin commented 2 months ago

@rg-wood @anantshri I have pushed #13 , which includes these upgrades and a bit more. I plan to merge this as the next patch release tomorrow barring any issues. Sorry for the delay!