-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update SVGO requested #57
Comments
Hi @rogiervanhetschip can you try the new release? https://github.com/kamsar/Dianoga/releases/tag/5.0.0-beta.1 |
Hi! OK, we'll try it tomorrow and let you know. |
How'd it go? Looking for feedback on this process to get SVGO in painlessly |
No feedback yet, I'm afraid: I tried to get this working on Tuesday, but Dianoga does not seem to resize images, even without SVGO. Getting back to you as soon as possible, but have to find the time as this is not on our current sprint. |
Changed to use https://github.com/twardoch/svgop |
Judging by https://github.com/kamsar/Dianoga/blob/3.0/src/Dianoga/Dianoga%20Tools/SVGO/node_modules/svgo/package.json , Dianoga's SVGO is on version 0.6.2, which uses js-yaml < 3.13.1 (affected by vulnerability WS-2019-0063) and lodash < 4.17.12 (affected by vulnerabilities CVE-2019-10744 and CVE-2018-16487).
By now, SVGO 1.3.2 has been released, which should use versions of js-yaml and lodash not affected by these vulnerabilities. Any chance of an upgrade to the newest SVGO?
Thanks in advance!
The text was updated successfully, but these errors were encountered: