update libwebp to 1.3.2 #63

jzern · 2023-10-13T18:35:57Z

This addresses CVE-2023-4863.

Fixes: #62

This addresses CVE-2023-4863. Additionally, Linux aarch64 and macOS arm64 binaries are added. Linux x86 is removed as previously this was an x64 binaries; prebuilt x86 Linux binaries are no longer distributed. The source and binaries are from: https://developers.google.com/speed/webp/download Fixes: imagemin#62

jzern · 2023-10-13T19:06:53Z

lib/index.js

-	.src(`${url}osx/cwebp`, 'darwin')
-	.src(`${url}linux/x86/cwebp`, 'linux', 'x86')
+	.src(`${url}osx/arm64/cwebp`, 'darwin', 'arm64')
+	.src(`${url}osx/x86-64/cwebp`, 'darwin', 'x86-64')


I didn't see any documentation in bin-wrapper about recognized architectures. These are how they're referenced in macOS and Linux, but I'm happy to change them to x64 and arm64 to match if that will work.

jzern · 2023-10-13T19:09:11Z

The check failure looks unrelated.

jzern force-pushed the libwebp-1.3.2 branch from 600b01c to 579f868 Compare October 13, 2023 19:00

jzern commented Oct 13, 2023

View reviewed changes

jzern marked this pull request as ready for review October 13, 2023 19:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

update libwebp to 1.3.2 #63

update libwebp to 1.3.2 #63

Uh oh!

jzern commented Oct 13, 2023

Uh oh!

jzern Oct 13, 2023

Uh oh!

jzern commented Oct 13, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

update libwebp to 1.3.2 #63

Are you sure you want to change the base?

update libwebp to 1.3.2 #63

Uh oh!

Conversation

jzern commented Oct 13, 2023

Uh oh!

jzern Oct 13, 2023

Choose a reason for hiding this comment

Uh oh!

jzern commented Oct 13, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant