chore(deps): bump sharp from 0.34.5 to 0.35.3#111
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/sharp-0.35.3
branch
10 times, most recently
from
July 13, 2026 17:08
9ef7832 to
4f95aa5
Compare
Bumps [sharp](https://github.com/lovell/sharp) from 0.34.5 to 0.35.3. - [Release notes](https://github.com/lovell/sharp/releases) - [Commits](lovell/sharp@v0.34.5...v0.35.3) --- updated-dependencies: - dependency-name: sharp dependency-version: 0.35.3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/sharp-0.35.3
branch
from
July 17, 2026 12:15
4f95aa5 to
e46144c
Compare
Member
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
ABB65
pushed a commit
that referenced
this pull request
Jul 17, 2026
sharp 0.35.3 crashed the Nuxt server at boot on the CI runner
("Server process exited before becoming ready", sharp.mjs:171 install
error) — its native binary doesn't resolve on linux-x64 there, though it
built fine on darwin-arm64 locally (which is why the local smoke was a
false green). sharp is not a security advisory, so 0.34.5 (known-good on
CI) loses nothing. This also confirms #111's e2e failure was sharp, not a
stale base.
ABB65
added a commit
that referenced
this pull request
Jul 17, 2026
…d pending bumps (#158) * chore(deps): security refresh — resolve critical/high advisories, fold pending bumps Aggressive dependency pass closing the Dependabot backlog (66 alerts on main). Direct + toolchain bumps (folds the passing/fixable Dependabot group PRs into one reviewable change): - @anthropic-ai/sdk 0.80 -> 0.112, sharp 0.34.5 -> 0.35.3, marked -> 18.0.2, vue 3.5.40, vue-router 5.2.0 - testing group (vitest 4.1.10, @vue/test-utils 2.4.11, playwright-core 1.61.1, ...) - linting group (@nuxt/eslint 1.16, eslint 10.7, @commitlint 21, lint-staged 17) - tsx 4.23 pnpm overrides for runtime-reachable transitives whose parents pin old versions: hono ^4.12.25 (MCP loopback server), fast-uri ^3.1.2, fast-xml-parser ^5.7.0, ws ^8.21.0, qs ^6.15.2, js-cookie ^3.0.7. A lockfile refresh alone clears the stale advisories on main (shell-quote 1.9.0, nuxt 4.4.8, vite 7.3.6, devalue 5.8.1, dompurify 3.4.11, tar 7.5.19, ...). Result: the one critical (shell-quote) and every high are resolved. The only remaining flagged package is uuid — its advisory needs uuid.v3/v5/v6 called with a `buf` argument, which Studio's transitive usage (@aws-sdk, uuid.v4) never does, so a risky cross-SDK major override is deliberately skipped. The @nuxt/eslint 1.16 bump surfaced real code smells (no-useless-assignment, preserve-caught-error) — fixed in migrate-postgres, anthropic-ai, cdn-builder, and the Polar webhook handler. Supersedes #107, #108, #109, #110, #111. * fix(deps): revert sharp to 0.34.5 — 0.35.3 fails to load on CI Linux sharp 0.35.3 crashed the Nuxt server at boot on the CI runner ("Server process exited before becoming ready", sharp.mjs:171 install error) — its native binary doesn't resolve on linux-x64 there, though it built fine on darwin-arm64 locally (which is why the local smoke was a false green). sharp is not a security advisory, so 0.34.5 (known-good on CI) loses nothing. This also confirms #111's e2e failure was sharp, not a stale base. --------- Co-authored-by: Contentrain <mcp@contentrain.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps sharp from 0.34.5 to 0.35.3.
Release notes
Sourced from sharp's releases.
... (truncated)
Commits
1018449Release v0.35.3ba303a7Prerelease v0.35.3-rc.24f94fc5Upgrade to sharp-libvips v1.3.2c5e7a3fBump devDeps, fix Deno/Windows smoke tests9a8d002Docs: Add changelog entry and note about transferable #45208694db0TypeScript: Return more preciseBuffer\<ArrayBuffer>fromtoBuffer(#4520)e000d0bPrerelease v0.35.3-rc.19554ca9Prerelease v0.35.3-rc.06a29fd5Emit warning about native binaries on Linux Electron540d2eaIncrease default concurrency when use of MALLOC_ARENA_MAX detected