From f844034638dce55d6cc54026f8c174539b5014f0 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 21 May 2020 20:21:17 -0500 Subject: [PATCH 1/2] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JPEGJS-570039 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 056c764f127f..b267a3ad2ad4 100644 --- a/package.json +++ b/package.json @@ -144,7 +144,7 @@ "intl-messageformat": "^2.2.0", "intl-messageformat-parser": "^1.4.0", "jest-mock": "^24.3.0", - "jpeg-js": "0.1.2", + "jpeg-js": "0.4.0", "js-library-detector": "^5.1.0", "lighthouse-logger": "^1.2.0", "lodash.isequal": "^4.5.0", From 2ace27d845a68012ca6783ea45c1732d6f7d9e32 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 21 May 2020 20:21:18 -0500 Subject: [PATCH 2/2] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JPEGJS-570039 --- yarn.lock | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/yarn.lock b/yarn.lock index 859adc617750..ae68c5015b23 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5284,7 +5284,12 @@ jest@^24.3.0: import-local "^2.0.0" jest-cli "^24.3.0" -jpeg-js@0.1.2, jpeg-js@^0.1.2: +jpeg-js@0.4.0: + version "0.4.0" + resolved "https://registry.yarnpkg.com/jpeg-js/-/jpeg-js-0.4.0.tgz#39adab7245b6d11e918ba5d4b49263ff2fc6a2f9" + integrity sha512-960VHmtN1vTpasX/1LupLohdP5odwAT7oK/VSm6mW0M58LbrBnowLAPWAZhWGhDAGjzbMnPXZxzB/QYgBwkN0w== + +jpeg-js@^0.1.2: version "0.1.2" resolved "https://registry.yarnpkg.com/jpeg-js/-/jpeg-js-0.1.2.tgz#135b992c0575c985cfa0f494a3227ed238583ece" integrity sha1-E1uZLAV1yYXPoPSUoyJ+0jhYPs4=