Upgrade Jimp to address minimist security vuln.

[karlhorky]

Since the pull request for Jimp addressing minimist security vulnerability (https://www.npmjs.com/advisories/1179) was accepted, it would be good to upgrade to at least 0.9.6:

https://github.com/oliver-moran/jimp/pull/857

Original fix in mkdirp: https://github.com/isaacs/node-mkdirp/issues/7#issuecomment-600231795

It seems like the last minor releases have not changed anything breaking...?

• https://github.com/oliver-moran/jimp/releases/tag/v0.7.0
• https://github.com/oliver-moran/jimp/releases/tag/v0.8.0
• https://github.com/oliver-moran/jimp/releases/tag/v0.9.0

If this is accepted and released as a minor or patch, this will also enable Gatsby projects to fix the security issues without breaking semver, since gatsby-plugin-sharp and gatsby-transformer-sharp depend on potrace@^2.1.2:

• https://github.com/gatsbyjs/gatsby/blob/2ff2ba395a86407e3ccfd1e010be7408a4817a82/packages/gatsby-plugin-sharp/package.json#L22
• https://github.com/gatsbyjs/gatsby/blob/2ff2ba395a86407e3ccfd1e010be7408a4817a82/packages/gatsby-transformer-sharp/package.json#L13

[tooolbox]

https://www.npmjs.com/package/potrace/v/2.1.5

[karlhorky]

Thanks @tooolbox!

Looks like this is already in the next Gatsby pull request to bump dependencies: gatsbyjs/gatsby#22434

Edit: Ah, Gatsby was actually upgraded separately, in this pull request. These patch versions are the versions to look for:

• gatsby-plugin-sharp@2.5.4
• gatsby-remark-images@3.2.2
• gatsby-transformer-sharp@2.4.4