ever-co / ever-demand

Ever® Demand™ - Open Commerce Platform - https://everdemand.co
https://everdemand.co
GNU Affero General Public License v3.0
1.74k stars 465 forks source link

[Snyk] Upgrade sharp from 0.29.3 to 0.31.3 #1542

Closed snyk-bot closed 9 months ago

snyk-bot commented 1 year ago

Snyk has created this PR to upgrade sharp from 0.29.3 to 0.31.3.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Remote Code Execution (RCE)
SNYK-JS-SHARP-2848109
539/1000
Why? Has a fix available, CVSS 6.5
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: sharp from sharp GitHub release notes
Commit messages
Package name: sharp
  • 844deaf Release v0.31.3
  • efbb0c2 Docs: add image with examples of resize fit property
  • da0b594 Docs: update benchmarks for latest versions, add ARM64 results
  • 78dada9 Tests: skip mapnik and tensorflow for Docker-run benchmarks
  • 15f5cd4 Tests: move mapnik to optional deps
  • 9eb2e94 Tests: update benchmark dependencies
  • e40b068 Tests: update leak suppresions for latest dependencies
  • 2c46528 Docs refresh
  • 584807b Add runtime detection of V8 memory cage #3384
  • a7fa701 Add experimental support for JPEG-XL, requires libvips with libjxl
  • f92e33f Bump devDeps
  • 0f1e7ef Install: add support for Linux with glibc patch version #3423
  • 89e204d Docs: clarify `failOn` property applies to decoding pixel values (#3481)
  • 2a71f18 Expand range of sharpen params to match libvips #3427
  • def99a2 Install: log proxy use, if any, to aid with debugging
  • 9d760f3 Improve perf of ops that introduce non-opaque background #3465
  • 0265d30 Ensure integral output of linear op #3468
  • a472aea Ignore sequentialRead option for stats #3462
  • 01ffa80 Improve extractChannel support for 16-bit output #3453
  • 789d485 Tests: remove flaky font assertions
  • 4490a93 Tests: simplify beforeEach configuration
  • ac0dc10 Tests: convert mocha hooks (#3450)
  • 5740f45 Expose GIF opts: interFrameMaxError, interPaletteMaxError #3401
  • a9d692f Reduce chance of race condition in test for... race condition
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

CLAassistant commented 1 year ago

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.