Comments (10)
synedra-mpe
commented on June 27, 2024
8
yarn audit v1.22.17
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ critical │ Prototype Pollution in minimist │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimist │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.2.6 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ favicons │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ favicons > to-ico > resize-img > jimp > mkdirp > minimist │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1067342 │
└───────────────┴──────────────────────────────────────────────────────────────┘
An update would really be encouraged.
from favicons.
nrthbound
commented on June 27, 2024
7
What's the overall status of this? Been quite some time, is this scheduled to be part of the main release sometime soon? Thanks.
from favicons.
alexander-akait
commented on June 27, 2024
I think we will finish browserslist support, but we can do release right now if you want, even more I can add permission to do release, so you can do it without me
from favicons.
andy128k
commented on June 27, 2024
I am not sure if browserlist is actually needed.
- Android Chrome icons depend on device's DPI, not on a browser's version
- Apple icons and splash screens also depend on device, not a browser.
- Windows platform is not a browser.
- Yandex browser wants a single image and this may be turned on/off completely.
- For standard icons
faviconsgenerates bare minimum.
from favicons.
alexander-akait
commented on June 27, 2024
@andy128k Can you give me npm name?
from favicons.
alexander-akait
commented on June 27, 2024
Found you, added https://www.npmjs.com/package/favicons/access, feel free to do release 👍
from favicons.
mureni
commented on June 27, 2024
Any update on when the new release will be available? The audit headaches from the to-ico dependency are driving me nuts!
from favicons.
andy128k
commented on June 27, 2024
@mureni A version 7.0.0-beta.1 is already released.
Here is also a PR to one of downstream packages to test it.
from favicons.
drolsen
commented on June 27, 2024
What was the decision for 7.0.0-beta.1's dist/ files to move over to being ESModules vs. well established require like on 6.2.2?
I've got a downstream package (node 14.17.0) that I for the life of me can't seem to get working using 7.0.0-beta.1 cause dist/ is now all ESModules.
from favicons.
andy128k
commented on June 27, 2024
See #355
from favicons.
Related Issues (20)
- heads up: broken colors package HOT 10
- Bring back coverage report and badge HOT 1
- Can't be used with Next.js: Consider publishing non ESM modules: is a nightmare to setup and make it work! HOT 4
- Improved typescript types HOT 1
- Error When Installing Sharp and/or Favicons
- npm install favicons make http request to https://github.com/lovell/sharp-libvips/releases/download/v8.7.4/libvips-8.7.4-linux-x64.tar.gz HOT 2
- Unsupported platform coast HOT 2
- Handling a few different image files as favicon and touch icon HOT 3
- 7.0.0 is not working on Windows HOT 5
- [Bug] Favicons generates null value for Android platform HOT 1
- Deprecate yandex icon? HOT 3
- Deprecate Windows 8 tile icons HOT 2
- HTML for apple-touch-startup-image HOT 1
- Add a `cacheBustingQueryParam` option for a cache busting system HOT 1
- Add Release and Changelog HOT 1
- update dependency sharp to v0.32.0 HOT 1
- `icons.<platform>.sizes` weird behaviour HOT 3
- Why there is no way to configure shortcut sizes?
- I want only the icon with the '.ico' extension to be created when it is local HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from favicons.