Closed karlhorky closed 4 years ago
Thanks @tooolbox!
Looks like this is already in the next Gatsby pull request to bump dependencies: gatsbyjs/gatsby#22434
Edit: Ah, Gatsby was actually upgraded separately, in this pull request. These patch versions are the versions to look for:
Since the pull request for Jimp addressing
minimist
security vulnerability (https://www.npmjs.com/advisories/1179) was accepted, it would be good to upgrade to at least0.9.6
:https://github.com/oliver-moran/jimp/pull/857
Original fix in
mkdirp
: https://github.com/isaacs/node-mkdirp/issues/7#issuecomment-600231795It seems like the last minor releases have not changed anything breaking...?
If this is accepted and released as a minor or patch, this will also enable Gatsby projects to fix the security issues without breaking semver, since
gatsby-plugin-sharp
andgatsby-transformer-sharp
depend onpotrace@^2.1.2
: