search

reactioncommerce / reaction-file-collections

Reaction File Collection packages
MIT License
19 stars 11 forks source link

[Snyk] Upgrade sharp from 0.23.4 to 0.28.3 #100

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to upgrade sharp from 0.23.4 to 0.28.3.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 267/1000
Why? Recently disclosed, CVSS 3.7		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: sharp
  • 0.28.3 - 2021-05-24
    No content.
  • 0.28.2 - 2021-05-10
    No content.
  • 0.28.1 - 2021-04-05
    No content.
  • 0.28.0 - 2021-03-29
    No content.
  • 0.27.2 - 2021-02-22
    No content.
  • 0.27.1 - 2021-01-27
    No content.
  • 0.27.0 - 2020-12-22
    No content.
  • 0.26.3 - 2020-11-16
  • 0.26.2 - 2020-10-14
  • 0.26.1 - 2020-09-20
  • 0.26.0 - 2020-08-25
  • 0.25.4 - 2020-06-12
  • 0.25.3 - 2020-05-17
  • 0.25.2 - 2020-03-20
  • 0.25.1 - 2020-03-07
  • 0.25.0 - 2020-03-07
  • 0.24.1 - 2020-02-15
  • 0.24.0 - 2020-01-16
  • 0.23.4 - 2019-12-05
from sharp GitHub release notes
Commit messages
Package name: sharp
  • 9f384e1 Release v0.28.3
  • 35e8c8b Docs: ensure ops without examples are indexed
  • dc53f1b Bump deps
  • 7013960 Docs: fix CLAHE link
  • 1b4d152 Docs: cross-link removeAlpha and flatten
  • ed3377c Docs: add parameter names to search keywords
  • d72852b Docs: changelog entry for #2726
  • 4b6b618 Add contrast limiting adaptive histogram equalization (CLAHE) operator (#2726)
  • b69a54f Ensure presence of libvips before invoking node-gyp
  • 81e388a Docs: composite supports failOnError and limitInputPixels
  • 5bd5e50 Skip shrink-on-load for multi-page WebP #2714
  • a2d3fa7 Release v0.28.2
  • cb6811b CI: FreeBSD skip notifications
  • 53c6e80 Docs: refresh index
  • e71dca5 Bump devDeps
  • b3cd48d Docs: add section about cross-platform installation
  • 476448b Install: allow cross-libc via sharp-install-force flag (#2692)
  • 070534d Docs: changelog for #2685
  • 9a1e8ed Add premultiplied boolean flag for raw pixel data input (#2685)
  • 309918a Move lint-related tasks to dedicated script entry
  • cac83b9 Bump deps and docs refresh
  • 9c06df0 Docs: changelog entry for #2687
  • 52e4543 Detect empty input and throw a helpful error (#2687)
  • a688468 CI: replace Node.js 15 with 16
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs