lemur Request to upgrade gulp-imagemin version for security concern

Request to upgrade gulp-imagemin version for security concern

Open ycaoT opened this issue 3 years ago • 0 comments

Due to the following 2 security issues, gulp-imagemin needs to be upgraded from current version 7.1.0 to 8.0.0. https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032 https://snyk.io/vuln/SNYK-JS-CSSWHAT-1298035

(The gulp version might also need to be upgraded due to that gulp-imagemin 8.0.0 uses gulp v4)

Can't perm a direct upgrade due to gulp-imagemin 8.0.0 is a pure ESM(https://github.com/sindresorhus/gulp-imagemin/releases/tag/v8.0.0).

/node_modules/gulp-imagemin/index.js:1 import {createRequire} from 'node:module'; ^ SyntaxError: Unexpected token { at Module._compile (internal/modules/cjs/loader.js:723:23) at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10) at Module.load (internal/modules/cjs/loader.js:653:32) at tryModuleLoad (internal/modules/cjs/loader.js:593:12) at Function.Module._load (internal/modules/cjs/loader.js:585:3) at Module.require (internal/modules/cjs/loader.js:692:17) at require (internal/modules/cjs/helpers.js:25:18) at Object. (/opt/lemur/gulp/build.js:25:14) at Module._compile (internal/modules/cjs/loader.js:778:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10) at Module.load (internal/modules/cjs/loader.js:653:32) at tryModuleLoad (internal/modules/cjs/loader.js:593:12) at Function.Module._load (internal/modules/cjs/loader.js:585:3) at Module.require (internal/modules/cjs/loader.js:692:17) at require (internal/modules/cjs/helpers.js:25:18) at requireDir (/opt/lemur/node_modules/require-dir/index.js:123:33)

Oct 08 '21 19:10 ycaoT

lemur lemur copied to clipboard

Request to upgrade gulp-imagemin version for security concern

lemur
lemur copied to clipboard