Security vulnerability on a dependency 'jpeg-js'

Vibrant-Colors / node-vibrant

🎨 Extract prominent colors from an image

MIT License

2.02k stars 108 forks source link

Security vulnerability on a dependency 'jpeg-js' #135

Closed Sandakan closed 2 years ago

Sandakan commented 2 years ago

A new security vulnerability "Infinite loop in jpeg-js" with high-level severity in one of the package's dependencies has been detected. Most probably, every version of node-vibrant could be affected.

confuser commented 2 years ago

Work around if on npm v8.3.0+ using overrides

"overrides": {
    "node-vibrant": {
      "@vibrant/image-node": {
        "@jimp/types": {
          "@jimp/jpeg": {
            "jpeg-js": "^0.4.4"
          }
        }
      }
    }
  }

Sandakan commented 2 years ago

@confuser Thanks for the help. It fixed the vulnerability. 😁😁