From aec6961406c69a6a92db11d2786ea81d7cd5e2a5 Mon Sep 17 00:00:00 2001 From: rxliuli Date: Wed, 19 Feb 2025 10:42:09 +0800 Subject: [PATCH] fix: upgrade file-type dep to fix eval security warning --- packages/core/package.json | 2 +- packages/core/src/index.ts | 4 +- pnpm-lock.yaml | 138 +++++++++++++++++++++++-------------- 3 files changed, 89 insertions(+), 55 deletions(-) diff --git a/packages/core/package.json b/packages/core/package.json index 44282d0c..99ce1957 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -20,7 +20,7 @@ "@jimp/utils": "workspace:*", "await-to-js": "^3.0.0", "exif-parser": "^0.1.12", - "file-type": "^16.0.0", + "file-type": "^20.1.0", "mime": "3" }, "devDependencies": { diff --git a/packages/core/src/index.ts b/packages/core/src/index.ts index 5d1e322f..34d58cd9 100644 --- a/packages/core/src/index.ts +++ b/packages/core/src/index.ts @@ -1,6 +1,5 @@ import { Bitmap, Format, JimpClass, Edge } from "@jimp/types"; import { cssColorToHex, scan, scanIterator } from "@jimp/utils"; -import fileType from "file-type/core.js"; import { to } from "await-to-js"; import { existsSync, readFile, writeFile } from "@jimp/file-ops"; import mime from "mime/lite.js"; @@ -334,7 +333,8 @@ export function createJimp< const actualBuffer = buffer instanceof ArrayBuffer ? bufferFromArrayBuffer(buffer) : buffer; - const mime = await fileType.fromBuffer(actualBuffer); + const { fileTypeFromBuffer } = await import("file-type/core"); + const mime = await fileTypeFromBuffer(actualBuffer); if (!mime || !mime.mime) { throw new Error("Could not find MIME for Buffer"); diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index ecab2b05..03cd4b42 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -109,8 +109,8 @@ importers: specifier: ^0.1.12 version: 0.1.12 file-type: - specifier: ^16.0.0 - version: 16.5.4 + specifier: ^20.1.0 + version: 20.1.0 mime: specifier: '3' version: 3.0.0 @@ -2796,6 +2796,10 @@ packages: peerDependencies: '@testing-library/dom': '>=7.21.4' + '@tokenizer/inflate@0.2.6': + resolution: {integrity: sha512-SdR/i05U7Xhnsq36iyIq/ZiGGw4PKzw4ww3bOq80Pjj4wyXpqyTcgrgdDdGlcatnlvzNJx8CQw3hp6QZvkUwhA==} + engines: {node: '>=16'} + '@tokenizer/token@0.3.0': resolution: {integrity: sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A==} @@ -2949,9 +2953,15 @@ packages: '@types/prop-types@15.7.12': resolution: {integrity: sha512-5zvhXYtRNRluoE/jAp4GVsSduVUzNWKkOZrCDBWYtE7biZywwdC2AcEzg+cSMLFRfVgeAFqpfNabiPjxFddV1Q==} + '@types/prop-types@15.7.14': + resolution: {integrity: sha512-gNMvNH49DJ7OJYv+KAKn0Xp45p8PLl6zo2YnvDIbTd4J6MER2BmWN49TG7n9LvkyihINxeKW8+3bfS2yDC9dzQ==} + '@types/react-dom@18.2.23': resolution: {integrity: sha512-ZQ71wgGOTmDYpnav2knkjr3qXdAFu0vsk8Ci5w3pGAIdj7/kKAyn+VsQDhXsmzzzepAiI9leWMmubXz690AI/A==} + '@types/react@18.3.18': + resolution: {integrity: sha512-t4yC+vtgnkYjNSKlFx1jkAhH8LgTo2N/7Qvi83kdEaUtMDiwpbLAktKDaAMlRcJ5eSxZkH74eEGt1ky31d7kfQ==} + '@types/react@18.3.5': resolution: {integrity: sha512-WeqMfGJLGuLCqHGYRGHxnKrXcTitc6L/nBUWfWPcTarG3t9PsquqUMuVeXZeca+mglY4Vo5GZjCi0A3Or2lnxA==} @@ -3695,6 +3705,15 @@ packages: supports-color: optional: true + debug@4.4.0: + resolution: {integrity: sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==} + engines: {node: '>=6.0'} + peerDependencies: + supports-color: '*' + peerDependenciesMeta: + supports-color: + optional: true + decamelize@1.2.0: resolution: {integrity: sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==} engines: {node: '>=0.10.0'} @@ -4062,6 +4081,9 @@ packages: fastq@1.17.1: resolution: {integrity: sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==} + fflate@0.8.2: + resolution: {integrity: sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==} + figures@2.0.0: resolution: {integrity: sha512-Oa2M9atig69ZkfwiApY8F2Yy+tzMbazyvqv21R0NsSC8floSOC09BbT1ITWAdoMGQvJ/aZnR1KMwdx9tvHnTNA==} engines: {node: '>=4'} @@ -4074,9 +4096,9 @@ packages: resolution: {integrity: sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==} engines: {node: '>=16.0.0'} - file-type@16.5.4: - resolution: {integrity: sha512-/yFHK0aGjFEgDJjEKP0pWCplsPFPhwyfwevf/pVxiN0tmE4L9LmwWxWukdJSHdoCli4VgQLehjJtwQBnqmsKcw==} - engines: {node: '>=10'} + file-type@20.1.0: + resolution: {integrity: sha512-XoxU+lETfCf+bYK3SXkxFusAvmtYQl1u/ZC4zw1DBLEsHUvh339uwYucgQnnSMz1mRCWYJrCzsbJJ95hsQbZ8A==} + engines: {node: '>=18'} fill-range@7.0.1: resolution: {integrity: sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==} @@ -5196,6 +5218,9 @@ packages: ms@2.1.2: resolution: {integrity: sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==} + ms@2.1.3: + resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==} + msw@2.4.1: resolution: {integrity: sha512-HXcoQPzYTwEmVk+BGIcRa0vLabBT+J20SSSeYh/QfajaK5ceA6dlD4ZZjfz2dqGEq4vRNCPLP6eXsB94KllPFg==} engines: {node: '>=18'} @@ -5537,9 +5562,9 @@ packages: resolution: {integrity: sha512-iuh7L6jA7JEGu2WxDwtQP1ddOpaJNC4KlDEFfdQajSGgGPNi4OyDc2R7QnbY2bR9QjBVGwgvTdNJZoE7RaxUMA==} engines: {node: '>=0.12'} - peek-readable@4.1.0: - resolution: {integrity: sha512-ZI3LnwUv5nOGbQzD9c2iDG6toheuXSZP5esSHBjopsXH4dg19soufvpUGA3uohi5anFtGb2lhAVdHzH6R/Evvg==} - engines: {node: '>=8'} + peek-readable@6.1.1: + resolution: {integrity: sha512-7QmvgRKhxM0E2PGV4ocfROItVode+ELI27n4q+lpufZ+tRKBu/pBP8WOmw9HXn2ui/AUizqtvaVQhcJrOkRqYg==} + engines: {node: '>=18'} pegjs@0.10.0: resolution: {integrity: sha512-qI5+oFNEGi3L5HAxDwN2LA4Gg7irF70Zs25edhjld9QemOgp0CbvMtbFcMvFtEo1OityPrcCzkQFB8JP/hxgow==} @@ -5750,10 +5775,6 @@ packages: resolution: {integrity: sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==} engines: {node: '>= 6'} - readable-web-to-node-stream@3.0.2: - resolution: {integrity: sha512-ePeK6cc1EcKLEhJFt/AebMCLL+GgSKhuygrZ/GLaKZYEecIgIECf4UaUuaByiGtzckwR4ain9VzUh95T1exYGw==} - engines: {node: '>=8'} - readdirp@3.6.0: resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==} engines: {node: '>=8.10.0'} @@ -6232,9 +6253,9 @@ packages: resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==} engines: {node: '>=8'} - strtok3@6.3.0: - resolution: {integrity: sha512-fZtbhtvI9I48xDSywd/somNqgUHl2L2cstmXCCif0itOf96jeW18MBSyrLuNicYQVkvpOxkZtkzujiTJ9LW5Jw==} - engines: {node: '>=10'} + strtok3@10.2.1: + resolution: {integrity: sha512-Q2dTnW3UXokAvXmXvrvMoUj/me3LyJI76HNHeuGMh2o0As/vzd7eHV3ncLOyvu928vQIDbE7Vf9ldEnC7cwy1w==} + engines: {node: '>=18'} style-to-object@0.4.4: resolution: {integrity: sha512-HYNoHZa2GorYNyqiCaBgsxvcJIn7OHq6inEga+E6Ke3m5JkoqpQbnFssk4jwe+K7AhGa2fcha4wSOf1Kn01dMg==} @@ -6332,9 +6353,9 @@ packages: resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} engines: {node: '>=8.0'} - token-types@4.2.1: - resolution: {integrity: sha512-6udB24Q737UD/SDsKAHI9FCRP7Bqc9D/MQUV02ORQg5iskjtLJlZJNdN4kKtcdtwCeWIwIHDGaUsTsCCAa8sFQ==} - engines: {node: '>=10'} + token-types@6.0.0: + resolution: {integrity: sha512-lbDrTLVsHhOMljPscd0yitpozq7Ga2M5Cvez5AjGg8GASBjtt6iERCAJ93yommPmz62fb45oFIXHEZ3u9bfJEA==} + engines: {node: '>=14.16'} totalist@3.0.1: resolution: {integrity: sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==} @@ -6530,6 +6551,10 @@ packages: engines: {node: '>=0.8.0'} hasBin: true + uint8array-extras@1.4.0: + resolution: {integrity: sha512-ZPtzy0hu4cZjv3z5NW9gfKnNLjoz4y6uv4HlelAjDK7sY/xOkKZv9xK/WQpcsBB3jEybChz9DPC2U/+cusjJVQ==} + engines: {node: '>=18'} + ultrahtml@1.5.3: resolution: {integrity: sha512-GykOvZwgDWZlTQMtp5jrD4BVL+gNn2NVlVafjcFUJ7taY20tqYdwdoWBFy6GBJsNTZe1GkGPkSl5knQAjtgceg==} @@ -8162,6 +8187,14 @@ snapshots: dependencies: '@testing-library/dom': 10.4.0 + '@tokenizer/inflate@0.2.6': + dependencies: + debug: 4.4.0 + fflate: 0.8.2 + token-types: 6.0.0 + transitivePeerDependencies: + - supports-color + '@tokenizer/token@0.3.0': {} '@tootallnate/quickjs-emscripten@0.23.0': {} @@ -8265,7 +8298,9 @@ snapshots: '@types/file-type@10.9.1': dependencies: - file-type: 16.5.4 + file-type: 20.1.0 + transitivePeerDependencies: + - supports-color '@types/glob@7.2.0': dependencies: @@ -8354,9 +8389,16 @@ snapshots: '@types/prop-types@15.7.12': {} + '@types/prop-types@15.7.14': {} + '@types/react-dom@18.2.23': dependencies: - '@types/react': 18.3.5 + '@types/react': 18.3.18 + + '@types/react@18.3.18': + dependencies: + '@types/prop-types': 15.7.14 + csstype: 3.1.3 '@types/react@18.3.5': dependencies: @@ -8495,7 +8537,7 @@ snapshots: magic-string: 0.30.11 msw: 2.4.1(typescript@5.5.4) sirv: 2.0.4 - vitest: 2.0.5(@types/node@22.5.2)(@vitest/browser@2.0.5)(terser@5.30.3) + vitest: 2.0.5(@types/node@18.19.48)(@vitest/browser@2.0.5)(terser@5.30.3) ws: 8.18.0 optionalDependencies: playwright: 1.46.1 @@ -8505,23 +8547,6 @@ snapshots: - typescript - utf-8-validate - '@vitest/browser@2.0.5(typescript@5.5.4)(vitest@2.0.5)': - dependencies: - '@testing-library/dom': 10.4.0 - '@testing-library/user-event': 14.5.2(@testing-library/dom@10.4.0) - '@vitest/utils': 2.0.5 - magic-string: 0.30.11 - msw: 2.4.1(typescript@5.5.4) - sirv: 2.0.4 - vitest: 2.0.5(@types/node@18.19.48)(@vitest/browser@2.0.5)(terser@5.30.3) - ws: 8.18.0 - transitivePeerDependencies: - - bufferutil - - graphql - - typescript - - utf-8-validate - optional: true - '@vitest/expect@2.0.5': dependencies: '@vitest/spy': 2.0.5 @@ -9339,6 +9364,10 @@ snapshots: dependencies: ms: 2.1.2 + debug@4.4.0: + dependencies: + ms: 2.1.3 + decamelize@1.2.0: {} decode-named-character-reference@1.0.2: @@ -9814,6 +9843,8 @@ snapshots: dependencies: reusify: 1.0.4 + fflate@0.8.2: {} + figures@2.0.0: dependencies: escape-string-regexp: 1.0.5 @@ -9826,11 +9857,14 @@ snapshots: dependencies: flat-cache: 4.0.1 - file-type@16.5.4: + file-type@20.1.0: dependencies: - readable-web-to-node-stream: 3.0.2 - strtok3: 6.3.0 - token-types: 4.2.1 + '@tokenizer/inflate': 0.2.6 + strtok3: 10.2.1 + token-types: 6.0.0 + uint8array-extras: 1.4.0 + transitivePeerDependencies: + - supports-color fill-range@7.0.1: dependencies: @@ -11384,6 +11418,8 @@ snapshots: ms@2.1.2: {} + ms@2.1.3: {} + msw@2.4.1(typescript@5.5.4): dependencies: '@bundled-es-modules/cookie': 2.0.0 @@ -11785,7 +11821,7 @@ snapshots: safe-buffer: 5.2.1 sha.js: 2.4.11 - peek-readable@4.1.0: {} + peek-readable@6.1.1: {} pegjs@0.10.0: {} @@ -11988,10 +12024,6 @@ snapshots: string_decoder: 1.3.0 util-deprecate: 1.0.2 - readable-web-to-node-stream@3.0.2: - dependencies: - readable-stream: 3.6.2 - readdirp@3.6.0: dependencies: picomatch: 2.3.1 @@ -12586,10 +12618,10 @@ snapshots: strip-json-comments@3.1.1: {} - strtok3@6.3.0: + strtok3@10.2.1: dependencies: '@tokenizer/token': 0.3.0 - peek-readable: 4.1.0 + peek-readable: 6.1.1 style-to-object@0.4.4: dependencies: @@ -12688,7 +12720,7 @@ snapshots: dependencies: is-number: 7.0.0 - token-types@4.2.1: + token-types@6.0.0: dependencies: '@tokenizer/token': 0.3.0 ieee754: 1.2.1 @@ -12882,6 +12914,8 @@ snapshots: uglify-js@3.17.4: optional: true + uint8array-extras@1.4.0: {} + ultrahtml@1.5.3: {} unbox-primitive@1.0.2: @@ -13144,7 +13178,7 @@ snapshots: why-is-node-running: 2.3.0 optionalDependencies: '@types/node': 18.19.48 - '@vitest/browser': 2.0.5(typescript@5.5.4)(vitest@2.0.5) + '@vitest/browser': 2.0.5(playwright@1.46.1)(typescript@5.5.4)(vitest@2.0.5) transitivePeerDependencies: - less - lightningcss @@ -13178,7 +13212,7 @@ snapshots: why-is-node-running: 2.3.0 optionalDependencies: '@types/node': 22.5.2 - '@vitest/browser': 2.0.5(typescript@5.5.4)(vitest@2.0.5) + '@vitest/browser': 2.0.5(playwright@1.46.1)(typescript@5.5.4)(vitest@2.0.5) transitivePeerDependencies: - less - lightningcss