Vulnerability in @expo/image-utils

  1. SDK Version: 39
  2. Platforms: all

@expo/image-utils/0.3.5 depends on jimp@0.9.8, which in turn depends on jpeg-js@0.3.7, which contains a vulnerability; see

How can I resolve this? I use the managed workflow. Thanks!

I don’t think this is used in Expo apps.

correct. @expo/image-utils is used on your machine to resize and optimize images. there is no risk to your app. the code only runs on your machine and against your own code/assets, and there are easier ways to use all of the memory on your machine than this bug (eg: you could open android studio). we will update the dependency at some point but it’s not a rush.

Okay, thanks for the speedy response!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.