Getting security vulnerability due to get-pixels #246
Labels
Comments
|
bump |
|
@Yoda-Soda @somyarocketium I submitted #254 but thought I'd tag you in case you wanted to check it out and/or provide feedback. Seems like a viable approach if we want to be able to use |
|
Resolved in https://github.com/lokesh/color-thief/releases/tag/v2.6.0 Thanks to @briandonahue |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Any better approach to fix this vulnerability ?
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ tough-cookie Prototype Pollution vulnerability │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tough-cookie │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.1.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ colorthief │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ colorthief > get-pixels > request > tough-cookie │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ GHSA-72xf-g2v4-qvf3 │
└───────────────┴──────────────────────────────────────────────────────────────┘
The text was updated successfully, but these errors were encountered: