chore: remove image-size#1406
Conversation
|
@ilteoood is attempting to deploy a commit to the Callstack Team on Vercel. A member of the Team first needs to authorize it. |
🦋 Changeset detectedLatest commit: 0a202a4 The changes in this PR will be included in the next version bump. This PR includes changesets to release 6 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
There was a problem hiding this comment.
Firstly thanks for taking the time for opening this pr, appreciate the interest in repack.
I'm concerned that sharp might be a large dependency to add for just image size check?
- what do we gain by moving to sharp
- is there some issue with image-size in its current form?
|
Hey @dannyhw, to both I would answer with the following Snyk vulnerability |
|
@ilteoood is that not addressed? |
Yes, exactly! |
|
Im not opposed to a change like this I just think there needs to be a measurable improvement. Of course we need to address the vuln but simpler is usually better i.e whats the downside of just updating the image size version to a non vulnerable one. I also see that sharp might require us to bump the minimum node version (which may be due but not in a patch) |
Summary
The image-size package is now read-only on GitHub, and on codeberg has been a while since its last commit.
This PR is to migrate to sharp.
Test plan