Bump jimp 0.10.2 -> 0.14.0 #9

wendorf · 2020-07-27T17:57:27Z

jimp -> @jimp/types -> @jimp/jpeg depends on jpeg-js, and bumping jimp
bumps jpeg-js 0.3.7 -> 0.4.1

jpeg-js 0.4.0 fixes CVE-2020-8175
(GHSA-w7q9-p3jq-fmhm)

jimp -> @jimp/types -> @jimp/jpeg depends on jpeg-js, and bumping jimp bumps jpeg-js 0.3.7 -> 0.4.1 jpeg-js 0.4.0 fixes CVE-2020-8175 (GHSA-w7q9-p3jq-fmhm)

tooolbox · 2020-07-29T21:14:11Z

Looks good. 4 major versions in Jimp seems like a lot to jump through but doesn't seem like all that much changed.

tooolbox · 2020-07-29T21:22:42Z

Published as v2.1.8

Vulnerability: GHSA-w7q9-p3jq-fmhm Jimp Pull Request: jimp-dev/jimp#892 Potrace Pull Request: tooolbox/node-potrace#9

karlhorky · 2020-07-30T08:12:07Z

Thanks!

Upgraded the Gatsby plugins and transformers here: gatsbyjs/gatsby#26122

* Address vulnerability in jpeg-js Vulnerability: GHSA-w7q9-p3jq-fmhm Jimp Pull Request: jimp-dev/jimp#892 Potrace Pull Request: tooolbox/node-potrace#9 * Address vulnerability in jpeg-js Vulnerability: GHSA-w7q9-p3jq-fmhm Jimp Pull Request: jimp-dev/jimp#892 Potrace Pull Request: tooolbox/node-potrace#9 * Address vulnerability in jpeg-js Vulnerability: GHSA-w7q9-p3jq-fmhm Jimp Pull Request: jimp-dev/jimp#892 Potrace Pull Request: tooolbox/node-potrace#9 * Update lockfile

Bump jimp 0.10.2 -> 0.14.0

7136345

jimp -> @jimp/types -> @jimp/jpeg depends on jpeg-js, and bumping jimp bumps jpeg-js 0.3.7 -> 0.4.1 jpeg-js 0.4.0 fixes CVE-2020-8175 (GHSA-w7q9-p3jq-fmhm)

karlhorky mentioned this pull request Jul 27, 2020

Upgrade Jimp to address jpeg-js vulnerability #10

Closed

tooolbox merged commit 7bf4c33 into tooolbox:master Jul 29, 2020

wendorf deleted the bump-jimp-0.14.0 branch July 30, 2020 00:57

karlhorky added a commit to gatsbyjs/gatsby that referenced this pull request Jul 30, 2020

Address vulnerability in jpeg-js

012c9eb

Vulnerability: GHSA-w7q9-p3jq-fmhm Jimp Pull Request: jimp-dev/jimp#892 Potrace Pull Request: tooolbox/node-potrace#9

karlhorky added a commit to gatsbyjs/gatsby that referenced this pull request Jul 30, 2020

Address vulnerability in jpeg-js

dfaaaad

Vulnerability: GHSA-w7q9-p3jq-fmhm Jimp Pull Request: jimp-dev/jimp#892 Potrace Pull Request: tooolbox/node-potrace#9

karlhorky added a commit to gatsbyjs/gatsby that referenced this pull request Jul 30, 2020

Address vulnerability in jpeg-js

febf892

Vulnerability: GHSA-w7q9-p3jq-fmhm Jimp Pull Request: jimp-dev/jimp#892 Potrace Pull Request: tooolbox/node-potrace#9

karlhorky mentioned this pull request Jul 30, 2020

Address Uncontrolled Resource Consumption in jpeg-js gatsbyjs/gatsby#26122

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump jimp 0.10.2 -> 0.14.0 #9

Bump jimp 0.10.2 -> 0.14.0 #9

wendorf commented Jul 27, 2020

tooolbox commented Jul 29, 2020

tooolbox commented Jul 29, 2020

karlhorky commented Jul 30, 2020 •

edited

Loading

Bump jimp 0.10.2 -> 0.14.0 #9

Bump jimp 0.10.2 -> 0.14.0 #9

Conversation

wendorf commented Jul 27, 2020

tooolbox commented Jul 29, 2020

tooolbox commented Jul 29, 2020

karlhorky commented Jul 30, 2020 • edited Loading

karlhorky commented Jul 30, 2020 •

edited

Loading