image-webpack-loader icon indicating copy to clipboard operation
image-webpack-loader copied to clipboard

Published 20 hours ago verified publisher icon tcoopman

NPM Advisory 1217 failure

Open gkim795 opened this issue 4 years ago • 2 comments

NPM: https://www.npmjs.com/advisories/1217

There exists a vulnerability on the decompress file which is a dependency of image-webpack-loader as such: image-webpack-loader > imagemin-gifsicle > gifsicle > bin-build > decompress.

Refer to issue noted here https://github.com/kevva/decompress/issues/71

gkim795 avatar Feb 27 '20 00:02 gkim795

The upstreams must update the dep then only this loader can

anikethsaha avatar Feb 27 '20 05:02 anikethsaha

decompress is dependency of gifsicle imagemin/imagemin-gifsicle#41

either kevva GH org will fix decompress library or imagemin GH org will change to a maintained fork.

https://github.com/kevva/decompress repo was last active 2017

morganchristiansson avatar Mar 06 '20 13:03 morganchristiansson