Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update SVGO dependency #165

Open
regazzoj opened this issue Jul 27, 2022 · 1 comment
Open

Update SVGO dependency #165

regazzoj opened this issue Jul 27, 2022 · 1 comment

Comments

@regazzoj
Copy link

regazzoj commented Jul 27, 2022
edited
Loading

Hi !
Is it possible to update SVGO to 2.0.0 or above to avoid a warning with a high severity when running "npm audit fix" =>

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install svgo@2.8.0, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo

Link to advise

I try to fix it in my fork of this repo but I struggle to build the font. It looks like I miss some secrets...
Without these secrets, I can't go further to update SVGO calls.

Thanks for you help
@Xavier-IV
Copy link

I created a ticket and PR related to this, but the fix seems to be fixing most of the issue with vulnerabilities.

Outdated webpack was at fault.

Mentioned ticket - #167

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@regazzoj @Xavier-IV