Resolve dependency on logsalot related to CVE-2021-33623

Question

Resolve dependency on logsalot related to CVE-2021-33623

arborrow opened this issue 4 years ago · 1 comments

I created a similar issue upstream in the imagemin-mozjpeg project.

At issue is the dependency in this package upon what appears to be an abandoned project (logsalot) contributed by @kevva. It looks like it should be reasonably trivial to switch to a different package to generate the logs. https://www.npmjs.com/package/better-logging may be a contender.

Thanks for your consideration about how best to resolve this so as to address CVE-2021-33623.

Answer 1 · 2021-10-28T14:33:28.000Z

Solved on v7.1.1.