[Snyk] Upgrade sharp from 0.29.3 to 0.33.3

[Braineanear]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sharp from 0.29.3 to 0.33.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 38 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-03-23.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-SHARP-5922108	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Mature
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEMAILER-6219989	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-XML2JS-5414874	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-MONGODB-5871303	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-NODEFORGE-2330875	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sharp

• 0.33.3 - 2024-03-23
  No content.
• 0.33.3-rc.0 - 2024-03-22
  No content.
• 0.33.2 - 2024-01-12
  No content.
• 0.33.2-rc.1 - 2024-01-12
  No content.
• 0.33.2-rc.0 - 2024-01-11
  No content.
• 0.33.1 - 2023-12-17
  No content.
• 0.33.1-rc.3 - 2023-12-17
  No content.
• 0.33.1-rc.2 - 2023-12-17
  No content.
• 0.33.1-rc.0 - 2023-12-12
  No content.
• 0.33.0 - 2023-11-29
• 0.33.0-rc.2 - 2023-11-22
• 0.33.0-alpha.11 - 2023-11-10
• 0.33.0-alpha.10 - 2023-11-04
• 0.33.0-alpha.9 - 2023-10-13
• 0.33.0-alpha.8 - 2023-10-10
• 0.33.0-alpha.7 - 2023-10-10
• 0.33.0-alpha.6 - 2023-10-09
• 0.33.0-alpha.4 - 2023-10-06
• 0.33.0-alpha.3 - 2023-10-06
• 0.32.6 - 2023-09-18
• 0.32.5 - 2023-08-15
• 0.32.4 - 2023-07-21
• 0.32.3 - 2023-07-14
• 0.32.2 - 2023-07-11
• 0.32.1 - 2023-04-27
• 0.32.0 - 2023-03-24
• 0.31.3 - 2022-12-21
• 0.31.2 - 2022-11-04
• 0.31.1 - 2022-09-29
• 0.31.0 - 2022-09-05
• 0.30.7 - 2022-06-22
• 0.30.6 - 2022-05-30
• 0.30.5 - 2022-05-23
• 0.30.4 - 2022-04-18
• 0.30.3 - 2022-03-14
• 0.30.2 - 2022-03-02
• 0.30.1 - 2022-02-09
• 0.30.0 - 2022-02-01
• 0.29.3 - 2021-11-14

from sharp GitHub release notes

Commit messages

Package name: sharp

• 55466f1 Release v0.33.3
• ede8217 Prerelease v0.33.3-rc.0
• 2689fb4 Bump deps
• eaf31a5 Docs: changelog and credit for #4036
• aa1bbcb Guard heif bitdepth property for prebuilt binaries
• 3c26080 Add bitdepth option to heif output (#4036)
• dc07fd4 Upgrade to libvips v8.15.2
• 7bc74fe Ensure clone takes deep copy of options #4029
• c5f318e Docs: add changelog and credit for #4028
• 8fbb1cd Ensure text.wrap property can accept word-char as value (#4028)
• 88aee8a Bump devDeps
• 0f77b18 Rename internal property name to better reflect use
• 3eeaee7 Ensure pipelineColourspace handles CMYK profiles #3906
• 045d54e Docs: include use of fetch() in Stream-based example
• 75fedf1 Ensure keepIccProfile retains P3 input profiles #4008
• debdacb Bump deps
• 1c8ae67 CI: Upgrade OS on Linux ARM64 runners
• 0eb5769 Docs: clarify how to achieve 16-bit PNG output
• bc95531 Docs: clarify skipBlanks default for tile-based output
• 60f4048 CI: Upgrade to Python 3.12
• fb70fbb Ensure keepIccProfile retains CMYK input profiles #3906
• fc439be Docs: add section to help those bundling via Vite
• 26d0b71 Bump devDeps
• af6aa8a CI: Add macOS 14 (ARM64)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs