[Snyk] Upgrade sharp from 0.25.3 to 0.29.3

[snyk-bot]

Snyk has created this PR to upgrade sharp from 0.25.3 to 0.29.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 16 versions ahead of your current version.
• The recommended version was released a month ago, on 2021-11-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Write SNYK-JS-TAR-1579155	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	425/1000 Why? CVSS 8.5	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	425/1000 Why? CVSS 8.5	Proof of Concept
	Remote Memory Exposure SNYK-JS-BL-608877	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	425/1000 Why? CVSS 8.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sharp

• 0.29.3 - 2021-11-14
  No content.
• 0.29.2 - 2021-10-21
  No content.
• 0.29.1 - 2021-09-07
  No content.
• 0.29.0 - 2021-08-17
  No content.
• 0.28.3 - 2021-05-24
  No content.
• 0.28.2 - 2021-05-10
  No content.
• 0.28.1 - 2021-04-05
  No content.
• 0.28.0 - 2021-03-29
  No content.
• 0.27.2 - 2021-02-22
• 0.27.1 - 2021-01-27
• 0.27.0 - 2020-12-22
• 0.26.3 - 2020-11-16
• 0.26.2 - 2020-10-14
• 0.26.1 - 2020-09-20
• 0.26.0 - 2020-08-25
• 0.25.4 - 2020-06-12
• 0.25.3 - 2020-05-17

from sharp GitHub release notes

Commit messages

Package name: sharp

• 1ff84b2 Release v0.29.3
• 97655d2 Bump deps
• d10d7b0 Docs: remove duplicate entry for mbklein (#2971)
• 2ffdae2 Docs: changelog and credit for #2952
• 342de36 Impute TIFF xres/yres from withMetadata({density})
• b33231d Ensure correct dimensions when contain 1px image #2951
• 319db21 Release v0.29.2
• d359331 Remove animation props from single page images #2890
• 7ae1513 Bump devDeps
• 648a1e0 Throw error rather than exit for invalid binaries #2931
• b9f211f Docs: changelog for #2918
• e475d9e Improve error message on Windows for version conflict (#2918)
• f37ca82 Bump deps
• 1dd4be6 Add timeout function to limit processing time
• 197d4cf Docs: changelog and credit for #2893
• 83eed86 Docs: clarify prebuilt libc support on ARMv6/v7
• bbf612c Replace use of deprecated util.inherits
• 2679bb5 Allow use of 'tif' to select TIFF output (#2893)
• 481e350 Ensure 'versions' is populated from vendored libvips
• 50c7a08 Release v0.29.1
• 9a0bb60 Bump deps
• deb5d81 Docs: changelog entries for #2878 #2879
• 916b04d Allow using speed 9 for AVIF/HEIC encoding (#2879)
• 52307fa Resolve paths before comparing input/output destination (#2878)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs