jpeg-js dependency needs updating
neilenns opened this issue · comments
The version of jpeg-js
referenced in this package is subject to a moderate level security vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2020-8175).
The package should be updated to require version 0.4.0 of jpeg-js or higher.
I found this because of a Dependabot warning in github for a project I maintain that uses pureimage.
fixed. thanks for catching that.
Thanks for the quick fix!