[Vulnerability] Update @jimp/types to version 0.12.0

[rmkane]

See: https://snyk.io/test/npm/node-vibrant/3.1.5

Denial of Service (DoS)

Vulnerable module: jpeg-js
Introduced through: @jimp/types@0.9.8

Detailed paths

• Introduced through: node-vibrant@3.1.5 › @jimp/types@0.9.8 › @jimp/jpeg@0.9.8 › jpeg-js@0.3.7
  Remediation: Upgrade to @jimp/types@0.12.0.

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS). The attacker could manipulate the exif data in the image file such as change the image pixel to 64250x64250pixels. If the module loaded the crafted image, it tries to allocate 4128062500 pixels into memory.

---

Denial of Service (DoS) vulnerability report

Locations

• https://github.com/Vibrant-Colors/node-vibrant/blob/master/package.json#L15
• https://github.com/Vibrant-Colors/node-vibrant/blob/develop/packages/vibrant-image-node/package.json#L22

[Misiu]

  ✗ Denial of Service (DoS) [Medium Severity][https://snyk.io/vuln/SNYK-JS-JPEGJS-570039] in jpeg-js@0.3.7
    introduced by node-vibrant@3.1.5 > @jimp/types@0.9.3 > @jimp/jpeg@0.9.3 > jpeg-js@0.3.7
  This issue was fixed in versions: 0.4.0

[Misiu]

@crutchcorn could you take a look at this please?