Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in *sharp* library #177

Closed
rawnsley opened this issue Nov 22, 2023 · 1 comment
Closed

Vulnerability in *sharp* library #177

rawnsley opened this issue Nov 22, 2023 · 1 comment
Assignees
@donmccurdy

Comments

@rawnsley
Copy link

A vulnerability has been flagged for the sharp library, which ndarray-pixels depends on.

This was flagged in my project by npm install and npm audit.
@donmccurdy
Copy link
Owner

More context:

Currently ndarray-pixels depends on ^0.32.1 (note the caret allows newer patch releases) and the fix lands in sharp 0.32.6, so I think that reinstalling ndarray-pixels should resolve the newer sharp version and fix the issue.

Alternatively, sharp can be configured to block the vulnerable WebP operation:

sharp.block({ operation: ["VipsForeignLoadWebp"] });

Regardless, I'll try to get a new ndarray-pixels release out in the next week.

@donmccurdy donmccurdy self-assigned this Nov 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@donmccurdy donmccurdy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rawnsley @donmccurdy