chore(deps): update dependency sharp to ^0.32.6 [security] by renovate[bot] · Pull Request #15 · nzbr/copperflame

renovate · 2024-08-06T08:47:48Z

This PR contains the following updates:

Package	Change	Age	Confidence
sharp (source, changelog)	`^0.31.1` → `^0.32.6`

GitHub Vulnerability Alerts

GHSA-54xq-cgqr-rpm3

Overview

sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity GHSA-j7hp-h8jx-5ppr.

Who does this affect?

Almost anyone processing untrusted input with versions of sharp prior to 0.32.6.

How to resolve this?

Using prebuilt binaries provided by sharp?

Most people rely on the prebuilt binaries provided by sharp.

Please upgrade sharp to the latest 0.32.6, which provides libwebp 1.3.2.

Using a globally-installed libvips?

Please ensure you are using the latest libwebp 1.3.2.

Possible workaround

Add the following to your code to prevent sharp from decoding WebP images.

sharp.block({ operation: ["VipsForeignLoadWebp"] });

Release Notes

lovell/sharp (sharp)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 67773a2 to 01478ae Compare October 9, 2024 09:35

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Oct 9, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 01478ae to de998ec Compare October 9, 2024 12:45

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Oct 9, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from de998ec to 7274e17 Compare October 28, 2024 16:36

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Oct 28, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 7274e17 to d27553e Compare October 28, 2024 18:39

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Oct 28, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from d27553e to 5823d27 Compare November 3, 2024 11:18

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Nov 3, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 5823d27 to bca37ea Compare November 3, 2024 14:08

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Nov 3, 2024

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Dec 2, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from bca37ea to a963058 Compare December 2, 2024 10:19

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Dec 2, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from a963058 to 0ed577a Compare December 2, 2024 14:51

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] - autoclosed Dec 8, 2024

renovate bot closed this Dec 8, 2024

renovate bot deleted the renovate/npm-sharp-vulnerability branch December 8, 2024 18:58

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security] - autoclosed~~ chore(deps): update dependency sharp to ^0.32.6 [security] Dec 8, 2024

renovate bot reopened this Dec 8, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from b13cb1b to 0ed577a Compare December 8, 2024 21:56

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 0ed577a to 3edd1ce Compare December 17, 2024 20:15

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Dec 17, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 3edd1ce to d68d679 Compare December 17, 2024 23:48

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Dec 17, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from d68d679 to 1eaf9e4 Compare December 22, 2024 17:13

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security] Dec 22, 2024

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 1eaf9e4 to a5e47ea Compare December 22, 2024 19:19

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.33.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Dec 22, 2024

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Dec 31, 2025

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from c2ace7e to f84a3af Compare January 8, 2026 17:13

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Jan 8, 2026

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from f84a3af to ad5b56a Compare January 8, 2026 21:34

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Jan 8, 2026

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Jan 19, 2026

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch 2 times, most recently from 6d24aa2 to bd90fbe Compare January 19, 2026 21:41

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Jan 19, 2026

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Jan 23, 2026

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch 2 times, most recently from e277f52 to 508765f Compare January 23, 2026 21:41

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Jan 23, 2026

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Feb 2, 2026

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch 2 times, most recently from b108931 to 5552ed1 Compare February 3, 2026 00:54

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Feb 3, 2026

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 5552ed1 to 6b39a17 Compare February 12, 2026 11:49

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Feb 12, 2026

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 6b39a17 to 1c7accb Compare February 12, 2026 15:14

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Feb 12, 2026

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Feb 16, 2026

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 1c7accb to 93e0999 Compare February 16, 2026 14:12

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Feb 16, 2026

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch 2 times, most recently from 12dc834 to 7c9e89f Compare February 17, 2026 18:58

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.32.6 [security]~~ chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security] Feb 17, 2026

chore(deps): update dependency sharp to ^0.32.6 [security]

ee9c705

renovate bot force-pushed the renovate/npm-sharp-vulnerability branch from 7c9e89f to ee9c705 Compare February 17, 2026 22:59

renovate bot changed the title ~~chore(deps): update dependency sharp to ^0.31.1 || ^0.34.0 [security]~~ chore(deps): update dependency sharp to ^0.32.6 [security] Feb 17, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency sharp to ^0.32.6 [security]#15

chore(deps): update dependency sharp to ^0.32.6 [security]#15
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-sharp-vulnerability

renovate bot commented Aug 6, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Aug 6, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

Overview

Who does this affect?

How to resolve this?

Using prebuilt binaries provided by sharp?

Using a globally-installed libvips?

Possible workaround

Release Notes

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Aug 6, 2024 •

edited

Loading