Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change url-regex to url-regex-safe #926

Closed
NomaanAhmed opened this issue Aug 17, 2020 · 1 comment
Closed

Change url-regex to url-regex-safe #926

NomaanAhmed opened this issue Aug 17, 2020 · 1 comment

Comments

@NomaanAhmed
Copy link

NomaanAhmed commented Aug 17, 2020
edited
Loading

Expected Behavior

No npm vulnerabilities in CI/CD.

Current Behavior

I am receiving a high severity vulnerability caused by the url-regex package.

Failure Information (for bugs)

Here is the NPM vulnerability: https://www.npmjs.com/advisories/1550
There is an alternative package that can (and should) be used instead called url-regex-safe and a new release should be published. favicon-webpack-plugin indirectly depends on url-regex, which is no longer maintained, so jimp is the one that needs to address it unfortunately.

Steps to Reproduce

  1. Run npm audit
  2. Notice the "high" severity vulnerability

Screenshots

N/A

Context

N/A

  • Jimp Version:
  • Operating System:
  • Node version:

Failure Logs

N/A
This was referenced Aug 18, 2020
Open
Open
@mulholo
Copy link

mulholo commented Aug 19, 2020
edited
Loading

Note that url-regex is no longer a dependency of this package. You are likely using an older version of jimp and a fix is needed further upstream.

PR to remove url-regex

Open
@Supportic Supportic mentioned this issue Feb 6, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hipstersmoothie @NomaanAhmed @mulholo