I am actually using the lqip-loader for one of my project.
The problem is your package bring a vulnerability with him.
By looking where it come from, I manage to find that it came from the package lqip.
You are using an old version of jimp and node-vibrant who has a link with url-regex.
The package url-regex is now deprecated and has been replace by url-regex-safe.
The easiest and simplest way to fix the problem is simply by updating your dependencies.
So I have just updated your package.json with the latest pacakge that does not break anything.
Your test are working find after the update and after looking at your code, you are not using function that has been remove.
Hello,
I am actually using the
lqip-loaderfor one of my project. The problem is your package bring a vulnerability with him.By looking where it come from, I manage to find that it came from the package
lqip. You are using an old version ofjimpandnode-vibrantwho has a link withurl-regex. The packageurl-regexis now deprecated and has been replace byurl-regex-safe.The easiest and simplest way to fix the problem is simply by updating your dependencies. So I have just updated your package.json with the latest pacakge that does not break anything. Your test are working find after the update and after looking at your code, you are not using function that has been remove.