audit v4.3.0 - moderate - jimp is no longer maintained

[Lewis-Moten]

Performing an NPM audit raised a moderate severity on jpeg-js, which is nested inside [email protected]. It recommends to roll back to [email protected]. It appears that the latest version of[email protected] is vulnerable, and that the project is no longer being maintained. Can this package be changed to rely on another image package or one of the 712+ forks of jimp?

Jimp was already updated to the latest version and merged in PR #145

lewismoten@Lewiss-MacBook-Pro www % npm audit
# npm audit report

jpeg-js  <0.4.4
Severity: moderate
Infinite loop in jpeg-js - https://github.com/advisories/GHSA-xvf7-4v9q-58w6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/jpeg-js
  @jimp/jpeg  <=0.12.0 || >=0.16.1
  Depends on vulnerable versions of jpeg-js
  node_modules/@jimp/jpeg
    @jimp/types  <=0.11.1-canary.891.908.0 || >=0.16.1
    Depends on vulnerable versions of @jimp/jpeg
    node_modules/@jimp/types
      jimp  0.3.6-alpha.5 - 0.11.1-canary.891.908.0 || >=0.16.1
      Depends on vulnerable versions of @jimp/types
      node_modules/jimp
        webpack-pwa-manifest  >=4.1.0
        Depends on vulnerable versions of jimp
        node_modules/webpack-pwa-manifest

5 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

[deleonio]

How we can organize a new release?!

Should we fork or could we become a contributor with permission?!