Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade sharp from 0.29.3 to 0.31.3 #1542

Closed

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade sharp from 0.29.3 to 0.31.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 12 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2022-12-21.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Remote Code Execution (RCE)
SNYK-JS-SHARP-2848109
539/1000
Why? Has a fix available, CVSS 6.5
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: sharp from sharp GitHub release notes
Commit messages
Package name: sharp
  • 844deaf Release v0.31.3
  • efbb0c2 Docs: add image with examples of resize fit property
  • da0b594 Docs: update benchmarks for latest versions, add ARM64 results
  • 78dada9 Tests: skip mapnik and tensorflow for Docker-run benchmarks
  • 15f5cd4 Tests: move mapnik to optional deps
  • 9eb2e94 Tests: update benchmark dependencies
  • e40b068 Tests: update leak suppresions for latest dependencies
  • 2c46528 Docs refresh
  • 584807b Add runtime detection of V8 memory cage #3384
  • a7fa701 Add experimental support for JPEG-XL, requires libvips with libjxl
  • f92e33f Bump devDeps
  • 0f1e7ef Install: add support for Linux with glibc patch version #3423
  • 89e204d Docs: clarify `failOn` property applies to decoding pixel values (#3481)
  • 2a71f18 Expand range of sharpen params to match libvips #3427
  • def99a2 Install: log proxy use, if any, to aid with debugging
  • 9d760f3 Improve perf of ops that introduce non-opaque background #3465
  • 0265d30 Ensure integral output of linear op #3468
  • a472aea Ignore sequentialRead option for stats #3462
  • 01ffa80 Improve extractChannel support for 16-bit output #3453
  • 789d485 Tests: remove flaky font assertions
  • 4490a93 Tests: simplify beforeEach configuration
  • ac0dc10 Tests: convert mocha hooks (#3450)
  • 5740f45 Expose GIF opts: interFrameMaxError, interPaletteMaxError #3401
  • a9d692f Reduce chance of race condition in test for... race condition

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants