search

imagemin / imagemin-pngquant

Imagemin plugin for `pngquant`
MIT License
316 stars 81 forks source link

Security issues #64

Open Vlasterx opened 4 years ago

Vlasterx commented 4 years ago

Command npm audit returned the following list of errors with high severity:

  High            Arbitrary File Write                                          

  Package         decompress                                                    

  Patched in      No patch available                                            

  Dependency of   imagemin-pngquant [dev]                                       

  Path            imagemin-pngquant > pngquant-bin > bin-build > decompress     

  More info       https://npmjs.com/advisories/1217  

  High            Arbitrary File Write                                          

  Package         decompress                                                    

  Patched in      No patch available                                            

  Dependency of   imagemin-pngquant [dev]                                       

  Path            imagemin-pngquant > pngquant-bin > bin-build > download >     
                  decompress                                                    

  More info       https://npmjs.com/advisories/1217

Is there a chance to fix this problem?

smhmd commented 4 years ago

referencing: https://github.com/kevva/decompress/issues/71