search

tcoopman / image-webpack-loader

Image loader module for webpack
MIT License
2.03k stars 132 forks source link

chore: upgrade imagemin-webp to v7.0.0 #413

Closed adamstankiewicz closed 2 years ago

adamstankiewicz commented 2 years ago

Related to https://github.com/tcoopman/image-webpack-loader/pull/412, this PR upgrades imagemin-webp from v6 to v7. Per the release notes, v7 changes it output format to ESM which necessitates the use of import instead of require, which can also be noted in the failing CI in the above linked PR from dependabot:

Error [ERR_REQUIRE_ESM]: Must use import to load ES Module: /home/runner/work/image-webpack-loader/image-webpack-loader/node_modules/imagemin-webp/index.js require() of ES modules is not supported.

After changing to import, the previously failing npm run test is now passing while using imagemin-webp@7.

This is required to upgrade/remove a transient dependency trim-newlines which currently has a "High" security vulnerability, causing Dependabot alerts across several repositories.

macdiesel commented 2 years ago

@tcoopman any chance you could merge this? We would like to get this high security vulnerability squashed ASAP.

Thanks,

Brian