Update file-type from ^16 to ^21.3.1 in @jimp/core#1400
Open
Kashkovsky wants to merge 1 commit intojimp-dev:mainfrom
Open
Update file-type from ^16 to ^21.3.1 in @jimp/core#1400Kashkovsky wants to merge 1 commit intojimp-dev:mainfrom
Kashkovsky wants to merge 1 commit intojimp-dev:mainfrom
Conversation
Addresses the security vulnerability in file-type <16.5.4 and <18.7.0 (GHSA-5v7r-6r5c-r473 / CVE-2024-4367) by upgrading to v21. Changes: - Update file-type dependency from ^16.0.0 to ^21.3.1 - Remove deprecated @types/file-type (types are now bundled) - Update import from default export to named export (fileTypeFromBuffer) Fixes jimp-dev#1399
dotrongkhang2000
approved these changes
Mar 12, 2026
quanghung309
approved these changes
Mar 12, 2026
duonganh203
approved these changes
Mar 12, 2026
HongAnTran
approved these changes
Mar 12, 2026
|
@hipstersmoothie would it be possible to take a look at this PR ? Thanks in advance! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #1399
Updates the
file-typedependency in@jimp/corefrom^16.0.0to^21.3.1to address the security vulnerability GHSA-5v7r-6r5c-r473 (CVE-2024-4367), which affectsfile-typeversions<16.5.4and<18.7.0.Changes
packages/core/package.json: Bumpfile-typefrom^16.0.0to^21.3.1; remove deprecated@types/file-typedev dependency (types are now bundled infile-typeitself)packages/core/src/index.ts: Update import from default export (import fileType from "file-type/core.js") to named export (import { fileTypeFromBuffer } from "file-type/core.js"), and replacefileType.fromBuffer(...)withfileTypeFromBuffer(...)Notes
file-typev21 is ESM-only, which is compatible with@jimp/coresince it already uses"type": "module"and builds withtshy@types/file-typepackage is deprecated asfile-typenow ships its own type definitions