Fix security vulnerabilities - The package depends on vulnerable versions of jimp package #36

jacekkoziol · 2024-07-18T11:46:30Z

The package depends on vulnerable versions of jimp package. The jimp should be updated.

# npm audit report

phin  <3.7.1
Severity: moderate
phin may include sensitive headers in subsequent requests after redirect - https://github.com/advisories/GHSA-x565-32qp-m3vf
No fix available
node_modules/phin
  @jimp/core  <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
  Depends on vulnerable versions of phin
  node_modules/@jimp/core
    @jimp/custom  <=0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
    Depends on vulnerable versions of @jimp/core
    node_modules/@jimp/custom
      jimp  0.3.6-alpha.5 - 0.21.4--canary.1163.d07ed6254d130e2995d24101e93427ec091016e6.0
      Depends on vulnerable versions of @jimp/custom
      node_modules/jimp
        oslllo-svg2  *
        Depends on vulnerable versions of jimp
        node_modules/oslllo-svg2

5 moderate severity vulnerabilities

The text was updated successfully, but these errors were encountered:

Ghustavh97 linked a pull request Jul 21, 2024 that will close this issue

Security Update #37

Merged

Ghustavh97 closed this as completed in #37 Jul 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix security vulnerabilities - The package depends on vulnerable versions of jimp package #36

Fix security vulnerabilities - The package depends on vulnerable versions of jimp package #36

jacekkoziol commented Jul 18, 2024

Fix security vulnerabilities - The package depends on vulnerable versions of jimp package #36

Fix security vulnerabilities - The package depends on vulnerable versions of jimp package #36

Comments

jacekkoziol commented Jul 18, 2024