Skip to content

Remove lzo-wasm dependency and references #3217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Remove lzo-wasm dependency and references #3217

wants to merge 1 commit into from

Conversation

weldonji
Copy link

@weldonji weldonji commented Sep 9, 2025

Remove lzo-wasm dependency and references

Summary

This PR removes the outdated and unmaintained lzo-wasm dependency that was causing security concerns in secure repositories.

Changes

  • Removed lzo-wasm from modules/compression/package.json dependencies
  • Cleaned up commented lzo-wasm imports and references in lzo-compression.ts
  • Removed lzo references from benchmark tests
  • Maintained LZOCompression class structure for potential future injectable module support

Background

The lzo-wasm package (version 0.0.4) was flagged as outdated and unmaintained, causing loaders.gl to be blocked from secure repositories. Analysis of the codebase showed that:

  1. The lzo-wasm functionality was already disabled (isSupported = false)
  2. All imports were commented out
  3. No active code paths depend on this library
  4. The compression class is designed to work with injectable modules

Testing

  • Verified no active usage of lzo-wasm in codebase
  • Confirmed LZOCompression class maintains structure for future module injection
  • All lzo-wasm references removed from package.json and source files

Fixes

Closes #3072

Type of Change

  • Bug fix (removes security vulnerability)
  • Dependency cleanup
  • Breaking change
  • New feature
  • Documentation update

Checklist

  • Code follows the project's style guidelines
  • Self-review completed
  • Changes generate no new warnings
  • No breaking changes to existing functionality
  • Issue reference included in commit message

@weldonji
Remove lzo-wasm dependency and references
436d0fa 
- Remove lzo-wasm from package.json dependencies
- Clean up commented lzo-wasm imports and references
- Remove lzo references from benchmark tests
- Addresses security concerns with outdated lzo-wasm package

Fixes visgl#3072
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Uses out of date WASM build of FFmpeg code (lzo-wasm/0.0.4 is out of date)
1 participant
@weldonji