Update tools/package.json dependencies, remove imagemin-zopfli (#35406)

imagemin-zopfli brings a lot of [vulnerable dependencies](https://github.com/go-gitea/gitea/security/dependabot) and it is unmaintained. The removal brings a size increase to these images, but I think ultimately this size does not matter enough. I verified this passes `pnpm audit` now.
2025-10-31 21:28:11 +09:00 · 2025-09-04 15:17:33 +02:00
parent 879b896656
commit e9655df082
7 changed files with 263 additions and 1683 deletions
--- a/public/assets/img/apple-touch-icon.png
+++ b/public/assets/img/apple-touch-icon.png
--- a/public/assets/img/avatar_default.png
+++ b/public/assets/img/avatar_default.png
--- a/public/assets/img/favicon.png
+++ b/public/assets/img/favicon.png
--- a/public/assets/img/logo.png
+++ b/public/assets/img/logo.png
--- a/tools/generate-images.js
+++ b/tools/generate-images.js
@@ -1,5 +1,4 @@
 #!/usr/bin/env node
-import imageminZopfli from 'imagemin-zopfli'; // eslint-disable-line import-x/no-unresolved
 import {loadSVGFromString, Canvas, Rect, util} from 'fabric/node'; // eslint-disable-line import-x/no-unresolved
 import {optimize} from 'svgo';
 import {readFile, writeFile} from 'node:fs/promises';
@@ -52,7 +51,6 @@ async function generate(svg, path, {size, bg}) {
    png = Buffer.concat([png, chunk]);
  }

-  png = await imageminZopfli({more: true})(png);
  await writeFile(outputFile, png);
 }

--- a/tools/package.json
+++ b/tools/package.json
@@ -5,18 +5,17 @@
  "type": "module",
  "private": true,
  "dependencies": {
-    "fabric": "^6.0.0",
-    "imagemin-zopfli": "^7.0.0",
-    "svgo": "^3.0.0",
-    "fast-glob": "^3.0.0"
+    "fabric": "^6.7.1",
+    "svgo": "^4.0.0",
+    "fast-glob": "^3.3.3"
  },
  "optionalDependencies": {
    "canvas": "^3.2.0"
  },
  "pnpm": {
-    "onlyBuiltDependencies": ["canvas", "zopflipng-bin"],
+    "onlyBuiltDependencies": ["canvas"],
    "overrides": {
      "canvas": "3.2.0"
    }
  }
-}
+}
--- a/tools/pnpm-lock.yaml
+++ b/tools/pnpm-lock.yaml