ygorrrteles
commented
1 year ago up
Closed jehhxuxu closed 1 year ago
ygorrrteles
commented
1 year ago up
dreampiggy
commented
1 year ago I don't think this repo has any Hard version limit or dependency for libwebp.
Maybe you means https://github.com/SDWebImage/libwebp-Xcode
And even that libwebp repo, already provide 1.3.1 version for CocoaPods/Carthage/SPM
dreampiggy
commented
1 year ago 
jehhxuxu
commented
1 year ago Hmm.. I'm sorry if I misunderstood but we're using a package in flutter https://pub.dev/packages/flutter_image_compress, and that package implements SDWebImageWebPCoder that implements libwebp... and our report shows that SDWebImageWebPCoder is using libwebp 1.2.4 flutter_image_compress@1.0.0 -> SDWebImageWebPCoder@0.11.0 -> libwebp@1.2.4
our podfile.lock
dreampiggy
commented
1 year ago SDWebImageWebPCoder is using libwebp 1.2.4
No, it use the dependency ~> 1.0, which means all version >= 1.0.0, < 2.0.0 will be used
See: https://github.com/SDWebImage/SDWebImageWebPCoder/blob/master/SDWebImageWebPCoder.podspec#L32
Maybe you just need to update your Podfile, you hardcode the dependency version (your App level, not SDK dependency chain level)
For more flutter support, you can check the information or readme in flutter repo as well. I guess maybe you can just pod update or ask that flutter_image_compress repo's owner to not hardcode the dependency version limitation.
Hi, we found a vulnerability in the libwebp https://security.snyk.io/vuln/SNYK-COCOAPODS-LIBWEBP-5489511
Please can we update to use version 1.3.1 or higher?