Closed patrickufer closed 5 months ago
Latest commit: 55f3f5f25756e7b673177fc70d138ebbbeb5981c
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
open-next | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Feb 12, 2024 8:58pm |
Thanks, we might want to upgrade to latest. There were some issues w/ nextjs + sharp on 14.0.5, but should have been fixed post that.
Thanks, we might want to upgrade to latest. There were some issues w/ nextjs + sharp on 14.0.5, but should have been fixed post that.
Sounds good. Done ✅
@khuezy do you have an idea when this will get merged and released?
I'll do a patch now, please open a ticket if this causes some issues. (Make sure your images are properly optimized to webp.)
Released. For context, this would only affect people who have a "*" in their image optimization whitelist configuration (an anti-pattern)
@patrickufer did you notice any errors in the image optimization logs?
FYI, the latest sharp is broken :(
@khuezy @patrickufer just wanted to confirm that the latest sharp version is broken with Next 14.1
It works with the env var SHARP_VERSION=0.32.6
override during the build though
This might be potentially fixed with 14.1.1 (canary 11+)
AWS Security Hub throws a HIGH-level severity finding on the image optimization lambda resource regarding the version of
sharp
.Installed version: 0.32.5 Fixed version: 0.32.6
GHSA-54xq-cgqr-rpm3 CVE-2023-4863 - sharp
This PR bumps the installed version of sharp in the build step to the minimum fixed version
0.32.6
, but if desired we can upgrade to the latest version at the time of writing0.33.2