search

benwiley4000 / gif-frames

🖼 Extract frames from an animated GIF with pure JS
MIT License
167 stars 26 forks source link

High Severity Vulnerabilities #43

Open jmanring opened 2 years ago

jmanring commented 2 years ago

Please update to use jpeg-js@0.4.4 to fix these vulnerabilities.

✗ Denial of Service (DoS) [High Severity][https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218] in jpeg-js@0.3.7 introduced by gif-frames@1.0.1 > get-pixels-frame-info-update@3.3.2 > jpeg-js@0.3.7 and 1 other path(s) This issue was fixed in versions: 0.4.4 ✗ Denial of Service (DoS) [Medium Severity][https://snyk.io/vuln/SNYK-JS-JPEGJS-570039] in jpeg-js@0.3.7 introduced by gif-frames@1.0.1 > get-pixels-frame-info-update@3.3.2 > jpeg-js@0.3.7 and 1 other path(s) This issue was fixed in versions: 0.4.0

Tsytrytskyi commented 9 months ago

While no one react on this as temporary fix it's possible to update library in your package.json

"overrides": { "get-pixels-frame-info-update": "npm:get-pixels@^3.3.3", "save-pixels-jpeg-js-upgrade": "npm:save-pixels@^2.3.6" }