tensei icon indicating copy to clipboard operation
tensei copied to clipboard

Published 20 hours ago verified publisher icon tenseijs

[Snyk] Security upgrade sharp from 0.27.2 to 0.28.0

Open bahdcoder opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/media/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: sharp The new version differs by 42 commits.
  • 7555378 Release v0.28.0
  • 80c95ee Docs: libvips tarballs are a bit smaller now
  • 31563b2 Ensure GIF input will work with future libvips v8.11.0
  • 861cd93 Pre-release v0.28.0-beta1
  • abb344b Upgrade to libvips v8.10.6
  • 6147491 Extend: default missing edge props to zero #2578
  • f1f18fb Docs: clarify that flatten removes alpha channel #2601
  • 9fc611f Docs: changelog entries for #2594 #2608
  • 34a2e14 Fix erroneous top/left clipping in composite #2571
  • 83fe65b Docs: include more relevant content in search index
  • ec26c8a Docs: ensure toBuffer pixel example works #2624
  • da43a30 Docs: correct typo in description of threshold operation
  • a38126c Ensure composite replicates correct tiles with centre gravity #2626
  • cb592ce Tests: add case for SVG with truncated embedded PNG
  • d69c58a Docs: add section about Linux memory allocators
  • bdb1986 Tests: run in parallel again
  • 55356c7 Docs: refresh markdown
  • a0f5525 Tests: a few more speed improvements
  • 013f5cf Tests: refactor modulate suite, ~20x faster
  • d5d008f Docs: reorder readme sections
  • 3b02134 Tests: update latest benchmark test results
  • a57d7b5 Tests: match concurrency with CPU count
  • 1a3c38d Pre-release v0.28.0-alpha1
  • 00aece0 Ensure id attr can be set for IIIF tile output #2612

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

bahdcoder avatar May 13 '22 21:05 bahdcoder