Dependency problem with Tinycolor2

[onokje]

Expected Behavior

Dependencies don't have any problems

Current Behavior

Dependency "tinycolor2" has a security vulnerability, because it includes an old jquery version, that in term has a known vulnerability.

Failure Information (for bugs)

I know technically this is not a bug, but i still hope i can be fixed, we now have to use path-package to fix our project, and I hate doing that.
https://github.com/TypeCtrl/tinycolor can probably used, as it is tinycolor2's successor.

Steps to Reproduce

1. install
2. run secutiry checker (we use https://retirejs.github.io/retire.js/)
3. error shows problem in tinycolor2

Context

• Jimp Version: any
• Operating System: ubuntu
• Node version: 8.12

Failure Logs

Found project in /tmp/app
+----------------------------------------------------------------------------------------+
| Severity | Tool | Identifier |
+----------------------------------------------------------------------------------------+
| Medium | Retire.js | CVE-2015-9251 |
| |
| 3rd party CORS request may execute in jquery |
| In node_modules/tinycolor2/demo/jquery-1.9.1.js |
+----------------------------------------------------------------------------------------+

[hipstersmoothie]

Down to change to an updated version. Feel free to make a PR! The example uses jquery but not the library itself so this seems like a false alarm to me. jquery isn't even listed as any type of dependency

[terrynguyen255]

+1

[github-actions]

🚀 Issue was released in v0.22.4 🚀