Bump sharp and vue-pwa-asset-generator in /web

[dependabot[bot]]

Bumps sharp to 0.30.7 and updates ancestor dependency vue-pwa-asset-generator. These dependencies need to be updated together.

Updates sharp from 0.26.3 to 0.30.7

Changelog

Sourced from sharp's changelog.

v0.30.7 - 22nd June 2022

• Ensure tiled composition always works with outside resizing. #3227

• Allow WebP encoding effort of 0. #3261 @​AlexanderTheGrey

• Prevent upsampling via libwebp. #3267 @​blacha

v0.30.6 - 30th May 2022

• Allow values for limitInputPixels larger than 32-bit. #3238

• Ensure brew-installed vips can be detected (regression in 0.30.5). #3239

v0.30.5 - 23rd May 2022

• Install: pass PKG_CONFIG_PATH via env rather than substitution. @​dwisiswant0

• Add support for --libc flag to improve cross-platform installation. #3160 @​joonamo

• Allow installation of prebuilt libvips binaries from filesystem. #3196 @​ankurparihar

• Fix rotate-then-extract for EXIF orientation 2. #3218 @​jakob0fischl

v0.30.4 - 18th April 2022

• Increase control over sensitivity to invalid images via failOn, deprecate failOnError (equivalent to failOn: 'warning').

• Ensure create input image has correct bit depth and colour space. #3139

• Add support for TypedArray input with byteOffset and length. #3146 @​codepage949

• Improve error message when attempting to render SVG input greater than 32767x32767.

... (truncated)

Commits

• e40a881 Release v0.30.7
• c1b13ad Bump deps
• 29e0989 Docs: add examples of custom binary locations
• 853a203 Install: add help for possible worker thread problem #3268
• 8bb30d7 Docs: changelog and credit #3261 #3267
• a333b87 Prevent upsampling via libwebp (#3267)
• 4662527 Allow WebP encoding effort of 0 (#3261)
• b10d8f8 Docs: add example of multi-arch within same install tree
• f903e14 Docs: clarify wording of resize background option
• a757185 Ensure composite can tile with outside resize #3227
• Additional commits viewable in compare view

Updates vue-pwa-asset-generator from 1.6.0 to 1.7.1

Commits

• 876d63b Release 1.7.1
• e92f7ab fix flattening image with sharp
• dbffbae Release 1.7.0
• faae41f add documentation for background color
• 5c20043 add fallback background
• 8325f04 Release 1.6.2
• c7d8a3a change to pnpm package manager and upgrade packages
• 69c9fe1 :arrow_up: Bump node-fetch from 2.6.1 to 2.6.7 (#17)
• d3d0cb5 :arrow_up: Bump simple-get from 3.1.0 to 3.1.1 (#16)
• f45f939 :arrow_up: Bump ajv from 6.12.2 to 6.12.6 (#15)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/qownnotes/web-app/network/alerts).

[socket-security[bot]]

Socket Security Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 New install scripts detected

A dependency change in this PR is introducing new install scripts to your install step.

Package	Script field	Location
sharp@0.30.7 (upgraded)	install	web/package.json via vue-pwa-asset-generator@1.7.1

Socket.dev scan summary

Issue	Status
Did you mean?	✅ no new possible package typos
Install scripts	⚠️ 1 new install script detected
Telemetry	✅ no new telemetry
Troll package	✅ no new troll packages
Malware	✅ no new malware
Native code	✅ no new native modules

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

• @SocketSecurity ignore sharp@0.30.7

Powered by socket.dev