[Snyk] Upgrade sharp from 0.28.3 to 0.32.5

[rizkimaung]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sharp from 0.28.3 to 0.32.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 22 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-08-15.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JPEGJS-2859218	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JPEGJS-2859218	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JPEGJS-570039	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sharp

• 0.32.5 - 2023-08-15
  No content.
• 0.32.4 - 2023-07-21
  No content.
• 0.32.3 - 2023-07-14
  No content.
• 0.32.2 - 2023-07-11
  No content.
• 0.32.1 - 2023-04-27
  No content.
• 0.32.0 - 2023-03-24
  No content.
• 0.31.3 - 2022-12-21
  No content.
• 0.31.2 - 2022-11-04
  No content.
• 0.31.1 - 2022-09-29
  No content.
• 0.31.0 - 2022-09-05
  No content.
• 0.30.7 - 2022-06-22
• 0.30.6 - 2022-05-30
• 0.30.5 - 2022-05-23
• 0.30.4 - 2022-04-18
• 0.30.3 - 2022-03-14
• 0.30.2 - 2022-03-02
• 0.30.1 - 2022-02-09
• 0.30.0 - 2022-02-01
• 0.29.3 - 2021-11-14
• 0.29.2 - 2021-10-21
• 0.29.1 - 2021-09-07
• 0.29.0 - 2021-08-17
• 0.28.3 - 2021-05-24

from sharp GitHub release notes

Commit messages

Package name: sharp

• 44a0ee3 Release v0.32.5
• ccd51c8 Upgrade to libvips v8.14.4
• bb7469b Ensure withMetadata adds default sRGB profile #3761
• a2cac61 Simplify 90/270 orient-before-resize logic (#3762)
• 5c19f6d Ensure resize fit=inside respects 90/270 rotate #3756
• 3d01775 Docs: changelog entries for #3748 #3755 #3758
• 87562a5 TypeScript: Ensure WebpOptions minSize is boolean (#3758)
• 2829e17 Fix build with musl 1.2.4 (#3755)
• ffefbd2 TypeScript: add missing WebpPresetEnum (#3748)
• bc8f983 Tests: ensure Jimp benchmark uses bicubic as resizing kernel (#3745)
• 440936a Tests: update benchmark deps and container (#3744)
• 0bc79cd Docs: include paletteBitDepth metadata
• 9a66e25 Docs: ensure resize fit image supports dark mode
• 8370935 Docs: ensure 'fit' values are clearly separated
• f908987 Docs: use SVG image for the resize fit property example (#3735)
• aea368a Release v0.32.4
• 7ecbc20 Upgrade to libvips v8.14.3
• cb0e2a9 Bump dep
• 739b317 Expose ability to (un)block libvips ops by name
• a0e1c39 Release v0.32.3
• 85b26da Expose preset option for WebP output #3639
• 66f7cef Docs: fix a few typos
• 863174f CI: FreeBSD: Use 13.2 stable, upgrade to Node.js 20
• bcd865c Ensure decoding remains sequential for all ops #3725

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs