get-image-colors icon indicating copy to clipboard operation
get-image-colors copied to clipboard

Published 20 hours ago verified publisher icon colorjs

Uncontrolled resource consumption in dependency

Open dmattia opened this issue 2 years ago • 0 comments

See: https://github.com/advisories/GHSA-w7q9-p3jq-fmhm

get-image-colors depends on get-pixels with range ^3.3.2, which depends on jpeg-js with range ^0.3.2, which has the vulnerability in the advisory above.

Please remove this deep dependency on the vulnerable jpeg-js package, which was patched in v0.4.0

dmattia avatar Apr 06 '22 21:04 dmattia