Closed linsui closed 2 months ago
That's correct, thanks for bringing it up. We're using react-native-skia to render the cover images and blur. The rest is rendered using react-native-fast-image, which I imagine is vulnerable to the CVE as well. I would love to update both dependencies, but I am bound by them making a version available with the fixed version of libwebp. I will check this during this weekend.
Looks lIke react-native-fast-image is only affected on iOS. On Android I guess the system libwebp is used.
I've just updated the react-native-skia version, as well as the downstream libwebp dependency in react-native-fast-image. This covers everything on the iOS side, while libwebp is natively supported on Android, so no action is required from our end.
It uses react-native-skia which doesn't update libwebp yet. Is it used to display the cover images?