Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade jpeg-js from 0.1.2 to 0.4.0 #4

Closed
wants to merge 1 commit into from
Closed

[Snyk] Security upgrade jpeg-js from 0.1.2 to 0.4.0 #4

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

✨What is Merge Advice? We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 🙏

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Denial of Service (DoS)
SNYK-JS-JPEGJS-570039		 No No Known Exploit
Commit messages
Package name: jpeg-js The new version differs by 57 commits.
  • a2f7080 chore: update typedefs for 0.4.0
  • 238a7fe chore: add vscode to ignores
  • cbc1244 chore: track version in tags only
  • 78408c6 docs: update README for breaking changes
  • 5d3277f fix: enable tolerantDecoding by default
  • 135705b feat: add memory and resolution limits
  • a2c93e0 refactor: use spread for decode options
  • 21ef116 chore: drop support for node versions <8
  • 1731741 chore: switch to jest
  • 0a750c0 chore: switch to yarn
  • d3e272a feat: expose exif buffers (#47)
  • 7e7e2dc feat: support browser usage (#55)
  • cfeb1c7 fix: don’t fail if scan contains trailing bytes (#66)
  • 69f6415 feat(decode): add tolerantDecoding option (#57)
  • 6241ba4 chore: bump to 0.3.7
  • 7f96707 docs: add writeFileSync example to README.md (#65)
  • 4495701 fix: don’t force a color transform by default for CMYK images (#64)
  • 275c852 fix: more descriptive error for exceeding maxLength buffer (#62)
  • d00366a feat: add option to decode to RGB instead of RGBA (#49)
  • d340c1b fix: throw better error if Huffman Table can't be created (#60)
  • 6bc12b0 feat: encoder.js no longer needs module.exports (#36)
  • 2ce6a5e 0.3.6
  • 20d2f24 misc: added TypeScript types (#52)
  • 82e8ef2 0.3.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot @XadillaX
fix: package.json to reduce vulnerabilities
0d72ea9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JPEGJS-570039
@XadillaX XadillaX closed this Oct 18, 2024
@XadillaX XadillaX deleted the snyk-fix-58590a06bc8d2eb907382a3cdcc3cf9b branch October 22, 2024 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @XadillaX