search

muxinc / blurhash

Using woltapp/blurhash to make nice placeholders for Mux videos. Works nicely with Mux Player.
https://mux-blurhash-react.vercel.app
MIT License
14 stars 4 forks source link

Sharp dependency. #15

Open AasimFarooqi opened 8 months ago

AasimFarooqi commented 8 months ago

When I installed blurhash, I am getting this error: sharp <0.32.6 Severity: high sharp vulnerability in libwebp dependency CVE-2023-4863 - https://github.com/advisories/GHSA-54xq-cgqr-rpm3 No fix available node_modules/@mux/blurhash/node_modules/sharp @mux/blurhash * Depends on vulnerable versions of sharp node_modules/@mux/blurhash

As I can see it depends on vulnerable version of sharp. I think dependencies needs to be updated.