On March 17th, 2020, minimist resolved their prototype pollution vulnerability. jimp then relaxed the version of minimist required to fix the vulnerability on their end. resize-img has long since been abandoned (last update was 2 years ago). And to-ico hasn't been updated in 4 years.
To finally resolve this vulnerability once and for all, I'd like to propose replacing to-ico. I'd recommend png-to-ico. It was last updated 2 months ago, does not use resize-img and is relatively small (12.6 kB). It has the same interface as to-ico which should make it an easy replacement.
If this is an acceptable alternative, I'd be happy to provide a pull request today.
On March 17th, 2020, minimist resolved their prototype pollution vulnerability. jimp then relaxed the version of minimist required to fix the vulnerability on their end. resize-img has long since been abandoned (last update was 2 years ago). And to-ico hasn't been updated in 4 years.
To finally resolve this vulnerability once and for all, I'd like to propose replacing to-ico. I'd recommend png-to-ico. It was last updated 2 months ago, does not use resize-img and is relatively small (12.6 kB). It has the same interface as to-ico which should make it an easy replacement.
If this is an acceptable alternative, I'd be happy to provide a pull request today.