[Snyk] Upgrade sharp from 0.29.3 to 0.32.4

[Braineanear]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sharp from 0.29.3 to 0.32.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 17 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-07-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-NODEFORGE-2330875	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-XML2JS-5414874	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sharp

• 0.32.4 - 2023-07-21
  No content.
• 0.32.3 - 2023-07-14
  No content.
• 0.32.2 - 2023-07-11
  No content.
• 0.32.1 - 2023-04-27
  No content.
• 0.32.0 - 2023-03-24
  No content.
• 0.31.3 - 2022-12-21
  No content.
• 0.31.2 - 2022-11-04
  No content.
• 0.31.1 - 2022-09-29
  No content.
• 0.31.0 - 2022-09-05
  No content.
• 0.30.7 - 2022-06-22
  No content.
• 0.30.6 - 2022-05-30
• 0.30.5 - 2022-05-23
• 0.30.4 - 2022-04-18
• 0.30.3 - 2022-03-14
• 0.30.2 - 2022-03-02
• 0.30.1 - 2022-02-09
• 0.30.0 - 2022-02-01
• 0.29.3 - 2021-11-14

from sharp GitHub release notes

Commit messages

Package name: sharp

• aea368a Release v0.32.4
• 7ecbc20 Upgrade to libvips v8.14.3
• cb0e2a9 Bump dep
• 739b317 Expose ability to (un)block libvips ops by name
• a0e1c39 Release v0.32.3
• 85b26da Expose preset option for WebP output #3639
• 66f7cef Docs: fix a few typos
• 863174f CI: FreeBSD: Use 13.2 stable, upgrade to Node.js 20
• bcd865c Ensure decoding remains sequential for all ops #3725
• 16ea04f Release v0.32.2
• 9c547dc Use copy rather than cache to prevent affine overcompute
• 5522060 Limit HEIF output dimensions to 16384x16384
• d2f0fa8 Tests: loosen threshold for affine rotate then extract
• 2bb3ea8 Bump deps
• 3434eef Guard use of smartcrop premultiplied option #3710
• 2f67823 Allow seq read for EXIF-based auto-orient #3725
• 38c760c Update to latest (temporary) prebuild patch
• 14c3346 Prevent over-compute in affine rotate #3722
• 0da55ba Tests: remove unused dependency
• cfb659f Bump deps
• cc5ac53 Docs: clarify use of extract before composite
• 93fafb0 CI: Upgrade to latest git v2 within centos 7 containers
• 41e3c8c Temporarily use patched prebuild with node-gyp v9
• da61ea0 Docs: changelog and credit for #3674

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs