search

sebinbenjamin / image-res-generator

A versatile tool for generating icons and splash screens for web and mobile projects. Supports Angular, Ionic, PWA, and more, with seamless SVG and PNG resource generation.
GNU General Public License v3.0
8 stars 5 forks source link

[Snyk] Security upgrade sharp from 0.23.4 to 0.24.1 #165

Closed snyk-bot closed 2 months ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 481/1000
Why? Recently disclosed, Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: sharp The new version differs by 41 commits.
  • d5ecc53 Release v0.24.1
  • c7a4905 Docs: update libvips URLs for band format/interpretation
  • a2314c4 Ensure RGBA LZW TIFF info.channel count #2064
  • 1717173 Tests: tighten composite offset thresholds
  • e44c12f Bump dependencies, tar is now node>=10
  • 1a98c39 Prevent sequentialRead for EXIF-based rotate op #2042
  • 9190274 Attempt to detect out-of-date homebrew-managed vips
  • 6aa6a93 Docs: add details of ignore-scripts to installation guide
  • b4135ac Docs: fix any remaining redirects
  • 78906e6 Update any remaining documentation links
  • ba29ba1 Release v0.24.0
  • e0fa15f Update performance test results
  • 82a1ff3 Update dev and bench dependencies
  • 18e1f10 Add support for input with 16-bit RGB profile #2037
  • 4828a17 Tests: add fontconfig static data leak suppression
  • 3b4f955 Prevent use of sequentialRead for rotate ops #2016
  • bd52e93 Deprecate limitInputPixels and sequentialRead, move to input options
  • 6fdc79d Docs: ARM64 has prebuilt libvips, not sharp
  • 7dbad72 Drop support for undef input where opts also provided #1768
  • a8a0c1e Update doc links contained within code
  • 00bcf60 Docs: metadata delay/loop properties
  • 4a745f2 Expose delay/loop metadata for animated images #1905
  • 057074b Docs: improve header layout on narrow screen devices
  • 4b8cc13 Add 2020 to list of copyright years
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic