Closed carloscuesta closed 2 years ago
Hello! 👋🏼
I saw that this package uses a dependency called is-svg@4.1.0 on a version that has a security vulnerability; as reported in Snyk.
is-svg@4.1.0
https://github.com/colorjs/get-svg-colors/blob/6fb46b12c21e43c6eacaccf84f9305f1549eef4a/package.json#L17
Fortunately this has been fixed on is-svg@4.3.0, according to the changelog of the library there are no breaking changes so we should be able to upgrade without any problems.
is-svg@4.3.0
Hello! 👋🏼
I saw that this package uses a dependency called
is-svg@4.1.0on a version that has a security vulnerability; as reported in Snyk.https://github.com/colorjs/get-svg-colors/blob/6fb46b12c21e43c6eacaccf84f9305f1549eef4a/package.json#L17
Fortunately this has been fixed on
is-svg@4.3.0, according to the changelog of the library there are no breaking changes so we should be able to upgrade without any problems.