Skip to content

[Snyk] Upgrade sharp from 0.23.3 to 0.31.0#104

Open
linkinn wants to merge 1 commit intomasterfrom
snyk-upgrade-f941ea618fc0e8397db026a433d9d830
Open

[Snyk] Upgrade sharp from 0.23.3 to 0.31.0#104
linkinn wants to merge 1 commit intomasterfrom
snyk-upgrade-f941ea618fc0e8397db026a433d9d830

Conversation

@linkinn
Copy link
Owner

@linkinn linkinn commented Sep 27, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade sharp from 0.23.3 to 0.31.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 32 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2022-09-05.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary File Write
SNYK-JS-TAR-1579155		 425/1000
Why? CVSS 8.5		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579152		 425/1000
Why? CVSS 8.5		 No Known Exploit
Arbitrary File Write
SNYK-JS-TAR-1579147		 425/1000
Why? CVSS 8.5		 No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 425/1000
Why? CVSS 8.5		 No Known Exploit
Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 425/1000
Why? CVSS 8.5		 No Known Exploit
Information Exposure
SNYK-JS-SIMPLEGET-2361683		 425/1000
Why? CVSS 8.5		 Proof of Concept
Remote Memory Exposure
SNYK-JS-BL-608877		 425/1000
Why? CVSS 8.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 425/1000
Why? CVSS 8.5		 Proof of Concept
Remote Code Execution (RCE)
SNYK-JS-SHARP-2848109		 425/1000
Why? CVSS 8.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-COLORSTRING-1082939		 425/1000
Why? CVSS 8.5		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 425/1000
Why? CVSS 8.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: sharp
  • 0.31.0 - 2022-09-05
    No content.
  • 0.30.7 - 2022-06-22
    No content.
  • 0.30.6 - 2022-05-30
    No content.
  • 0.30.5 - 2022-05-23
    No content.
  • 0.30.4 - 2022-04-18
    No content.
  • 0.30.3 - 2022-03-14
    No content.
  • 0.30.2 - 2022-03-02
    No content.
  • 0.30.1 - 2022-02-09
    No content.
  • 0.30.0 - 2022-02-01
    No content.
  • 0.29.3 - 2021-11-14
    No content.
  • 0.29.2 - 2021-10-21
  • 0.29.1 - 2021-09-07
  • 0.29.0 - 2021-08-17
  • 0.28.3 - 2021-05-24
  • 0.28.2 - 2021-05-10
  • 0.28.1 - 2021-04-05
  • 0.28.0 - 2021-03-29
  • 0.27.2 - 2021-02-22
  • 0.27.1 - 2021-01-27
  • 0.27.0 - 2020-12-22
  • 0.26.3 - 2020-11-16
  • 0.26.2 - 2020-10-14
  • 0.26.1 - 2020-09-20
  • 0.26.0 - 2020-08-25
  • 0.25.4 - 2020-06-12
  • 0.25.3 - 2020-05-17
  • 0.25.2 - 2020-03-20
  • 0.25.1 - 2020-03-07
  • 0.25.0 - 2020-03-07
  • 0.24.1 - 2020-02-15
  • 0.24.0 - 2020-01-16
  • 0.23.4 - 2019-12-05
  • 0.23.3 - 2019-11-17
from sharp GitHub release notes
Commit messages
Package name: sharp
  • f7b29d7 CI: ensure prebuilds use Node API version 7
  • 0b80618 Release v0.31.0
  • c1393da Expose unlimited option for HEIF input
  • 31c1cfb Docs: add note about GIF optimisation
  • afc35c2 Docs: update benchmark results for libvips v8.13.1
  • 6eb2add Docs: refresh for 5cdb2b8
  • 5cdb2b8 Upgrade to libvips v8.13.1
  • 1eb66c0 Tests: relax truncated PNG test assertion
  • 55c4d88 Improve normalise op with use of histogram #200
  • 9a54a03 Tests: ensure truncated PNG test handles possible race
  • f510956 Standardise approach for string to enum conversion
  • 953a948 Tests: run benchmarks in container via Docker
  • 0e3bd46 Docs: clarify that metadata respects page/pages
  • 4b38f56 Docs: add avif and heif examples
  • 0fe857c Docs: move serverless-esbuild to bundlers section
  • 1bf06bd Docs: add info for serverless-esbuild users (#3235)
  • 6e3f4c3 Docs: changelog for #3332
  • 8583eb1 Tests: update leak suppressions for latest versions
  • c3a852e Add trim option to provide a specific background colour (#3332)
  • 3a44748 Ensure PNG bitdepth can be set for non-palette output #3322
  • e1bc867 Docs: clarify composite operation ordering
  • a618ce7 Ensure image is unpremultiplied before composite #3334
  • a44168c Docs: changelog and credit for #3303
  • 74e3f73 Expand linear operation to allow use of per-channel arrays #3303

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 27, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@linkinn @snyk-bot