Closed jehhxuxu closed 1 year ago
up
I don't think this repo has any Hard version limit or dependency for libwebp.
Maybe you means https://github.com/SDWebImage/libwebp-Xcode
And even that libwebp repo, already provide 1.3.1 version for CocoaPods/Carthage/SPM
Hmm.. I'm sorry if I misunderstood but we're using a package in flutter https://pub.dev/packages/flutter_image_compress, and that package implements SDWebImageWebPCoder that implements libwebp... and our report shows that SDWebImageWebPCoder is using libwebp 1.2.4 flutter_image_compress@1.0.0 -> SDWebImageWebPCoder@0.11.0 -> libwebp@1.2.4
our podfile.lock
SDWebImageWebPCoder is using libwebp 1.2.4
No, it use the dependency ~> 1.0
, which means all version >= 1.0.0, < 2.0.0 will be used
See: https://github.com/SDWebImage/SDWebImageWebPCoder/blob/master/SDWebImageWebPCoder.podspec#L32
Maybe you just need to update your Podfile, you hardcode the dependency version (your App level, not SDK dependency chain level)
For more flutter support, you can check the information or readme in flutter repo as well. I guess maybe you can just pod update
or ask that flutter_image_compress
repo's owner to not hardcode the dependency version limitation.
Hi, we found a vulnerability in the libwebp https://security.snyk.io/vuln/SNYK-COCOAPODS-LIBWEBP-5489511
Please can we update to use version 1.3.1 or higher?