get-image-colors icon indicating copy to clipboard operation
get-image-colors copied to clipboard

Published 20 hours ago verified publisher icon colorjs

consider updating the dependencies to get rid of some vulnerabilities

Open quiquelhappy opened this issue 2 years ago • 2 comments

as of right now, this package is adding 5 severe vulnerabilities to my project, itd be nice if the dependencies were updated :)

quiquelhappy avatar Aug 06 '22 10:08 quiquelhappy

I tried to update the dependencies, but there vulnerabilities are still there: it seems like get-svg-colors is causing the problems, after updating and trying an audit fix / audit fix --force

No fix available
node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/css-select
    cheerio  0.19.0 - 1.0.0-rc.3
    Depends on vulnerable versions of css-select
    node_modules/cheerio
      get-svg-colors  *
      Depends on vulnerable versions of cheerio
      node_modules/get-svg-colors

6 vulnerabilities (2 moderate, 4 high)

quiquelhappy avatar Aug 06 '22 10:08 quiquelhappy

We're hitting this too

[email protected] requires nth-check@~1.0.1 via a transitive dependency on [email protected]

Need nth-check >= 2.0.1

philwhln avatar Nov 21 '22 17:11 philwhln

@zeke a nudge to fix it.

adityapatadia avatar Aug 06 '23 19:08 adityapatadia

I'm busy, but I will accept a PR with these updates! 🙏🏼

zeke avatar Aug 07 '23 15:08 zeke

PR: https://github.com/colorjs/get-svg-colors/pull/82

adityapatadia avatar Aug 08 '23 12:08 adityapatadia

Just published 2.0.1 with updated cheerio. See https://github.com/colorjs/get-svg-colors/pull/82#issuecomment-1670520087 🚀

Thanks @adityapatadia. 🙏🏼

Gonna close this issue because it's old, but happy to accept any other PRs that update the deps as needed. 👍🏼

zeke avatar Aug 09 '23 01:08 zeke