[Snyk] Security upgrade sharp from 0.29.3 to 0.30.5

[brent-hoover]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • apps/reaction/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: sharp

The new version differs by 120 commits.

• db654de Release v0.30.5
• a6aeef6 Install: pass `PKG_CONFIG_PATH` via env rather than substitution
• 7bf6cbd Docs: correct links to libvips documentation
• 04c31b3 Install: warn about filesystem owner running npm v8+ as root
• ee9cdb6 Bump deps
• 8960eb8 Docs: changelog entry for Fix "Failed to get currency exchange rates" error in server #3218
• 54d9dc4 Fix rotate-then-extract for EXIF orientation 2 (Fix "Failed to get currency exchange rates" error in server #3218)
• 51b4a7c Add support for --libc flag to improve cross-platform install (jsdoc: fix - 2 typos from PR review #3160)
• 5b03579 Docs: more details about concurrency, parallelism, threads
• 58c2af3 Docs: improve output format info for toBuffer
• ee948ac Docs: changelog and credit for [WIP] Fix Reaction.hasPermissions for anonymous users #3196
• 66a3ce5 Allow installation of prebuilt libvips binary from filesystem ([WIP] Fix Reaction.hasPermissions for anonymous users #3196)
• 75e5afc Docs: fix typo in gif example (Cannot navigate to products in Marketplace shops #3201)
• d396a4e Release v0.30.4
• ae1dbcd Bump deps
• 4c29368 Docs: EXIF metadata unsupported for TIFF output Re-wrap in variant form in a blaze wrapper to prevent focus loss on tab #3074
• 36e5596 Docs: mention npm's foreground-scripts option to aid debugging
• 985e881 Bump deps
• 0b11671 Docs: changelog for Npm package Aliases doesnt work on custom plugins #3178
• 9deac83 Add missing file name to 'Input file is missing' error message (Npm package Aliases doesnt work on custom plugins #3178)
• 5d36f5f Improve error message for SVG render above limit jsdoc: add Orders, Shipping, Payment methods from core #3167
• 926572b Control sensitivity to invalid images via failOn
• d0c8e95 Docs: expand info about use with worker threads
• b0ca23c Docs: changelog and credit for Products sub not updating component reactively  #3146

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[changeset-bot]

🦋 Changeset detected

Latest commit: 7f93979

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
reaction	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vanpho93]

Unable to start image after upgrading sharp. I'll look into this later.

[vanpho93]

Implemented in #6692