Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump jpeg-js over 0.4.4 to avoid cve-2022-25851 #1093

Merged
merged 1 commit into from Sep 15, 2022
Merged

Bump jpeg-js over 0.4.4 to avoid cve-2022-25851 #1093

merged 1 commit into from Sep 15, 2022

Conversation

melhadad
Copy link
Contributor

@melhadad melhadad commented Jul 25, 2022
edited by hipstersmoothie

What's Changing and Why

Change dependency on jpeg-js from 0.4.2 to ^0.4.4 to avoid https://avd.aquasec.com/nvd/2022/cve-2022-25851/ is present on 0.4.2

πŸ“¦ Published PR as canary version: 0.16.2-canary.1093.1332.0

✨ Test out this PR locally via:

npm install @jimp/cli@0.16.2-canary.1093.1332.0
npm install @jimp/core@0.16.2-canary.1093.1332.0
npm install @jimp/custom@0.16.2-canary.1093.1332.0
npm install jimp@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-blit@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-blur@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-circle@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-color@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-contain@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-cover@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-crop@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-displace@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-dither@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-fisheye@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-flip@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-gaussian@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-invert@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-mask@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-normalize@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-print@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-resize@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-rotate@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-scale@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-shadow@0.16.2-canary.1093.1332.0
npm install @jimp/plugin-threshold@0.16.2-canary.1093.1332.0
npm install @jimp/plugins@0.16.2-canary.1093.1332.0
npm install @jimp/test-utils@0.16.2-canary.1093.1332.0
npm install @jimp/bmp@0.16.2-canary.1093.1332.0
npm install @jimp/gif@0.16.2-canary.1093.1332.0
npm install @jimp/jpeg@0.16.2-canary.1093.1332.0
npm install @jimp/png@0.16.2-canary.1093.1332.0
npm install @jimp/tiff@0.16.2-canary.1093.1332.0
npm install @jimp/types@0.16.2-canary.1093.1332.0
npm install @jimp/utils@0.16.2-canary.1093.1332.0
# or 
yarn add @jimp/cli@0.16.2-canary.1093.1332.0
yarn add @jimp/core@0.16.2-canary.1093.1332.0
yarn add @jimp/custom@0.16.2-canary.1093.1332.0
yarn add jimp@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-blit@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-blur@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-circle@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-color@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-contain@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-cover@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-crop@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-displace@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-dither@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-fisheye@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-flip@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-gaussian@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-invert@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-mask@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-normalize@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-print@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-resize@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-rotate@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-scale@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-shadow@0.16.2-canary.1093.1332.0
yarn add @jimp/plugin-threshold@0.16.2-canary.1093.1332.0
yarn add @jimp/plugins@0.16.2-canary.1093.1332.0
yarn add @jimp/test-utils@0.16.2-canary.1093.1332.0
yarn add @jimp/bmp@0.16.2-canary.1093.1332.0
yarn add @jimp/gif@0.16.2-canary.1093.1332.0
yarn add @jimp/jpeg@0.16.2-canary.1093.1332.0
yarn add @jimp/png@0.16.2-canary.1093.1332.0
yarn add @jimp/tiff@0.16.2-canary.1093.1332.0
yarn add @jimp/types@0.16.2-canary.1093.1332.0
yarn add @jimp/utils@0.16.2-canary.1093.1332.0

@C0kkie
Copy link

C0kkie commented Aug 11, 2022

@hipstersmoothie

@C0kkie
Copy link

C0kkie commented Aug 11, 2022

@oliver-moran

@AlexKamaev AlexKamaev mentioned this pull request Aug 15, 2022
Closed
@michaeljauk
Copy link

@hipstersmoothie @oliver-moran @j-d-carmichael @mynameismax @alias-rahil Can anyone merge this? πŸ™

@joshrezende
Copy link

waiting to this to be merged =D

@michaeljauk
Copy link

Is there any active maintainer left? πŸ€”

@esterfania
Copy link

@mynameismax @hipstersmoothie Can you help us?

@noahdeering
Copy link

Thinking this project is dead. Probably going to be forked into something new, don't think jpeg-js will ever be updated due to transitive dependency issues. :/

@hipstersmoothie hipstersmoothie merged commit dad05fa into jimp-dev:master Sep 15, 2022
@hipstersmoothie
Copy link
Collaborator

πŸš€ PR was released in v0.16.2 πŸš€

@hipstersmoothie hipstersmoothie added the released This issue/pull request has been released. label Sep 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released This issue/pull request has been released.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@melhadad @C0kkie @michaeljauk @joshrezende @esterfania @noahdeering @hipstersmoothie