Uses out of date WASM build of FFmpeg code (lzo-wasm/0.0.4 is out of date) #3072
Comments
|
@weldonji Thanks for reporting. Looks like 0.0.4 is the latest version. From a quick look doesn't seem to be another high performance (WASM) decompressor that works in the browser, I thought I saw a pure Typescript implementation, that would probably be the fallback. Regardless, it would be desirable to move to a maintained dependency, but it becomes a bigger effort to integrate a new library compared to just bumping to a newer version. As far as I can tell, the scanners we have on this repo have not flagged this module as a security concern. Do you have more information from your scanners? |
|
It was denylisted to an internal repository because the code is outdated and unmaintained. Additionally, they mentioned a licensing issue with ffmpeg but I don't fully understand that portion of the rejection. |
Hello, is there a way for you to update / change the package used for decompression? The one currently used is very out of date and it is causing latest versions of loaders.gl and certain deck.gl packages with dependencies on loaders.gl to be blocked from a secure repository. Thanks!
The text was updated successfully, but these errors were encountered: