@expo/image-utils/0.3.5 depends on jimp@0.9.8, which in turn depends on jpeg-js@0.3.7, which contains a vulnerability; see https://snyk.io/test/npm/@expo/image-utils/0.3.5
How can I resolve this? I use the managed workflow. Thanks!
I don’t think this is used in Expo apps.
correct. @expo/image-utils is used on your machine to resize and optimize images. there is no risk to your app. the code only runs on your machine and against your own code/assets, and there are easier ways to use all of the memory on your machine than this bug (eg: you could open android studio). we will update the dependency at some point but it’s not a rush.
Okay, thanks for the speedy response!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.