chore(deps): update dependency sharp to ^0.32.6 [security] by renovate[bot] · Pull Request #15 · nzbr/copperflame

renovate · 2024-08-06T08:47:48Z

This PR contains the following updates:

Package	Change	Age	Confidence
sharp (source, changelog)	`^0.31.1` → `^0.32.6`

GitHub Vulnerability Alerts

GHSA-54xq-cgqr-rpm3

Overview

sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity GHSA-j7hp-h8jx-5ppr.

Who does this affect?

Almost anyone processing untrusted input with versions of sharp prior to 0.32.6.

How to resolve this?

Using prebuilt binaries provided by sharp?

Most people rely on the prebuilt binaries provided by sharp.

Please upgrade sharp to the latest 0.32.6, which provides libwebp 1.3.2.

Using a globally-installed libvips?

Please ensure you are using the latest libwebp 1.3.2.

Possible workaround

Add the following to your code to prevent sharp from decoding WebP images.

sharp.block({ operation: ["VipsForeignLoadWebp"] });

Release Notes

lovell/sharp (sharp)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 67773a2 to 01478ae Compare October 9, 2024 09:35

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Oct 9, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 01478ae to de998ec Compare October 9, 2024 12:45

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Oct 9, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from de998ec to 7274e17 Compare October 28, 2024 16:36

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Oct 28, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 7274e17 to d27553e Compare October 28, 2024 18:39

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Oct 28, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from d27553e to 5823d27 Compare November 3, 2024 11:18

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Nov 3, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 5823d27 to bca37ea Compare November 3, 2024 14:08

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Nov 3, 2024

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Dec 2, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from bca37ea to a963058 Compare December 2, 2024 10:19

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Dec 2, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from a963058 to 0ed577a Compare December 2, 2024 14:51

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] - autoclosed Dec 8, 2024

renovate bot closed this Dec 8, 2024

renovate bot deleted the renovate/npm-sharp-vulnerability branch December 8, 2024 18:58

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security] - autoclosed~~ chore(deps): update dependency sharp to ^0.32.6 [security] Dec 8, 2024

renovate bot reopened this Dec 8, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from b13cb1b to 0ed577a Compare December 8, 2024 21:56

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 0ed577a to 3edd1ce Compare December 17, 2024 20:15

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Dec 17, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 3edd1ce to d68d679 Compare December 17, 2024 23:48

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Dec 17, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from d68d679 to 1eaf9e4 Compare December 22, 2024 17:13

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Dec 22, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 1eaf9e4 to a5e47ea Compare December 22, 2024 19:19

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Dec 22, 2024

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Jan 30, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 0ab95ac to 0b5b501 Compare February 9, 2025 12:32

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Feb 9, 2025

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Feb 10, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 0b5b501 to f4ee652 Compare February 10, 2025 03:54

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from f4ee652 to d5230a3 Compare March 5, 2025 04:18

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Mar 5, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from d5230a3 to e0ad506 Compare March 5, 2025 07:20

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Mar 5, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from e0ad506 to 1d3cb0c Compare March 11, 2025 12:38

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Mar 11, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 1d3cb0c to d00d47a Compare March 11, 2025 23:11

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Mar 11, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from d00d47a to 49d1f6c Compare March 13, 2025 14:51

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Mar 13, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 49d1f6c to 3524121 Compare March 13, 2025 18:38

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Mar 13, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 3524121 to 425c90e Compare March 17, 2025 18:46

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Mar 17, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 425c90e to 27d47a4 Compare March 17, 2025 22:36

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Mar 17, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 27d47a4 to 1443e8e Compare April 3, 2025 20:09

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Apr 3, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 1443e8e to ee993bd Compare April 3, 2025 22:37

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Apr 3, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from ee993bd to 185bbce Compare April 17, 2025 18:35

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Apr 17, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 185bbce to 2b6cde6 Compare April 17, 2025 22:51

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Apr 17, 2025

chore(deps): update dependency sharp to ^0.32.6 [security]

aef53f0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency sharp to ^0.32.6 [security]#15

chore(deps): update dependency sharp to ^0.32.6 [security]#15
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-sharp-vulnerability

renovate bot commented Aug 6, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Aug 6, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

Overview

Who does this affect?

How to resolve this?

Using prebuilt binaries provided by sharp?

Using a globally-installed libvips?

Possible workaround

Release Notes

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Aug 6, 2024 •

edited

Loading