unicons icon indicating copy to clipboard operation
unicons copied to clipboard

Published 20 hours ago verified publisher icon Iconscout

Update SVGO dependency

Open regazzoj opened this issue 2 years ago • 1 comments

Hi ! Is it possible to update SVGO to 2.0.0 or above to avoid a warning with a high severity when running "npm audit fix" =>

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo

Link to advise

I try to fix it in my fork of this repo but I struggle to build the font. It looks like I miss some secrets... Without these secrets, I can't go further to update SVGO calls.

Thanks for you help

regazzoj avatar Jul 27 '22 15:07 regazzoj

I created a ticket and PR related to this, but the fix seems to be fixing most of the issue with vulnerabilities.

Outdated webpack was at fault.

Mentioned ticket - https://github.com/Iconscout/unicons/issues/167

Xavier-IV avatar Oct 13 '22 18:10 Xavier-IV