Skip to content

chore(deps): update dependency sharp to ^0.32.6 [security] #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency sharp to ^0.32.6 [security] #15

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 6, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
sharp (source, changelog) ^0.31.1^0.32.6 age confidence

GitHub Vulnerability Alerts

GHSA-54xq-cgqr-rpm3

Overview

sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity GHSA-j7hp-h8jx-5ppr.

Who does this affect?

Almost anyone processing untrusted input with versions of sharp prior to 0.32.6.

How to resolve this?

Using prebuilt binaries provided by sharp?

Most people rely on the prebuilt binaries provided by sharp.

Please upgrade sharp to the latest 0.32.6, which provides libwebp 1.3.2.

Using a globally-installed libvips?

Please ensure you are using the latest libwebp 1.3.2.

Possible workaround

Add the following to your code to prevent sharp from decoding WebP images.

sharp.block({ operation: ["VipsForeignLoadWebp"] });

Release Notes

lovell/sharp (sharp)

v0.32.6

Compare Source

v0.32.5

Compare Source

v0.32.4

Compare Source

v0.32.3

Compare Source

v0.32.2

Compare Source

v0.32.1

Compare Source

v0.32.0

Compare Source

v0.31.3

Compare Source

v0.31.2

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 67773a2 to 01478ae Compare October 9, 2024 09:35
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Oct 9, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 01478ae to de998ec Compare October 9, 2024 12:45
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] chore(deps): update dependency sharp to ^0.32.6 [security] Oct 9, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from de998ec to 7274e17 Compare October 28, 2024 16:36
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Oct 28, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 7274e17 to d27553e Compare October 28, 2024 18:39
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] chore(deps): update dependency sharp to ^0.32.6 [security] Oct 28, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from d27553e to 5823d27 Compare November 3, 2024 11:18
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Nov 3, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 5823d27 to bca37ea Compare November 3, 2024 14:08
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] chore(deps): update dependency sharp to ^0.32.6 [security] Nov 3, 2024
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Dec 2, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from bca37ea to a963058 Compare December 2, 2024 10:19
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] chore(deps): update dependency sharp to ^0.32.6 [security] Dec 2, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from a963058 to 0ed577a Compare December 2, 2024 14:51
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] chore(deps): update dependency sharp to ^0.32.6 [security] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-sharp-vulnerability branch December 8, 2024 18:58
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] - autoclosed chore(deps): update dependency sharp to ^0.32.6 [security] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from b13cb1b to 0ed577a Compare December 8, 2024 21:56
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 0ed577a to 3edd1ce Compare December 17, 2024 20:15
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Dec 17, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 3edd1ce to d68d679 Compare December 17, 2024 23:48
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] chore(deps): update dependency sharp to ^0.32.6 [security] Dec 17, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from d68d679 to 1eaf9e4 Compare December 22, 2024 17:13
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Dec 22, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 1eaf9e4 to a5e47ea Compare December 22, 2024 19:19
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] chore(deps): update dependency sharp to ^0.32.6 [security] Dec 22, 2024
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch 2 times, most recently from fb1a862 to ff3fa93 Compare December 9, 2025 05:15
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] chore(deps): update dependency sharp to ^0.32.6 [security] Dec 9, 2025
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from ff3fa93 to 983e000 Compare December 10, 2025 15:18
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Dec 10, 2025
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 983e000 to 547c91a Compare December 10, 2025 16:17
@nzbr nzbr force-pushed the main branch 7 times, most recently from c830383 to 2702aba Compare December 10, 2025 18:37
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] chore(deps): update dependency sharp to ^0.32.6 [security] Dec 11, 2025
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch 2 times, most recently from 9f4a7d8 to 4739580 Compare December 15, 2025 17:07
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Dec 15, 2025
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] chore(deps): update dependency sharp to ^0.32.6 [security] Dec 15, 2025
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 4739580 to 7d46f58 Compare December 15, 2025 21:02
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Dec 30, 2025
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch 2 times, most recently from b65330e to 0306f75 Compare December 30, 2025 17:59
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] chore(deps): update dependency sharp to ^0.32.6 [security] Dec 30, 2025
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 0306f75 to 1f9f45a Compare December 31, 2025 16:50
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.32.6 [security] chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Dec 31, 2025
@renovate renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 1f9f45a to c2ace7e Compare December 31, 2025 21:53
@renovate renovate bot changed the title chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] chore(deps): update dependency sharp to ^0.32.6 [security] Dec 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant