Moving to bl >= v2.2.1 - Githubissues

sindresorhus / gulp-imagemin

Minify PNG, JPEG, GIF and SVG images

MIT License

1.9k stars 157 forks source link

Moving to bl >= v2.2.1 #348

Open pereznetworks opened 4 years ago

pereznetworks commented 4 years ago

This may be old news but as recommenced in CVE-2020-8244, is there a release plan to move to patched version of bl, v 2.2.1?

current release ... └─┬ gulp-imagemin@7.1.0 └─┬ imagemin-gifsicle@7.0.0 └─┬ gifsicle@5.1.0 └─┬ bin-build@3.0.0 └─┬ decompress@4.2.1 └─┬ decompress-tar@4.1.1 └─┬ tar-stream@1.6.2 └── bl@1.2.3

mpopa-kfb commented 4 years ago

I'm also interested in a bugfix update.

hpierre74 commented 3 years ago

any update on this one ?