Skip to content

Bump sharp from 0.34.5 to 0.35.1#92

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/sharp-0.35.1
Open

Bump sharp from 0.34.5 to 0.35.1#92
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/sharp-0.35.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 12, 2026

Copy link
Copy Markdown
Contributor

Bumps sharp from 0.34.5 to 0.35.1.

Release notes

Sourced from sharp's releases.

v0.35.1

  • TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

  • WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.1

  • TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

  • WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.0

  • TypeScript: Ensure type definitions are published #4537

  • WebAssembly: Ensure wrapper file is published. #4538

v0.35.0

  • Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.

  • Breaking: Remove install script from package.json file. Compiling from source is now opt-in via the build script.

  • Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based iq quality metrics.

  • Breaking: Add limitInputChannels with a default value of 5.

  • Breaking: Remove deprecated failOnError constructor property.

  • Breaking: Remove deprecated paletteBitDepth from metadata response.

  • Breaking: Remove deprecated properties from sharpen operation.

  • Breaking: Rename format.jp2k as format.jp2 for API consistency.

  • Upgrade to libvips v8.18.3 for upstream bug fixes.

  • Remove experimental status from WebAssembly binaries.

  • Add prebuilt binaries for FreeBSD (WebAssembly).

  • Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.

  • Ensure TIFF output bitdepth option is limited to 1, 2 or 4.

  • Add AVIF/HEIF tune option for control over quality metrics.

... (truncated)

Commits
  • d781a2d Release v0.35.1
  • 84fa853 Prerelease v0.35.1-rc.1
  • 21263c3 TypeScript: Switch type defs to ESM, convert back to CJS #4537
  • 8deceb4 Docs: fix link in changelog (#4541)
  • c9f08eb Revert "Docs: Highlight that Windows ARM64 support is experimental" (#4540)
  • 3ec892f Prerelease v0.35.1-rc.0
  • fbdeac5 CI: Run packaging linter on sub-packages
  • 1da92b3 WebAssembly: Ensure wrapper file is published #4538
  • 32c029e Add packaging linter to help prevent regression e.g. #4537
  • 98dc1df TypeScript: Ensure type definitions are published #4537
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump sharp from 0.34.5 to 0.35.1
5dea125 
Bumps [sharp](https://github.com/lovell/sharp) from 0.34.5 to 0.35.1.
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.34.5...v0.35.1)

---
updated-dependencies:
- dependency-name: sharp
  dependency-version: 0.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 12, 2026
@vercel

vercel Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
roborev-docs Ready Ready Preview, Comment Jun 12, 2026 4:13am

Request Review

@roborev-ci

roborev-ci Bot commented Jun 12, 2026

Copy link
Copy Markdown

roborev: Combined Review (5dea125)

Summary verdict: Changes need follow-up because the older sharp version remains installed through Astro.

Medium

  • package-lock.json:2605: The lockfile still installs sharp 0.34.5 under node_modules/astro/node_modules/sharp because Astro depends on sharp: ^0.34.0. The new top-level sharp 0.35.1 cannot satisfy that range, so Astro will continue resolving its nested 0.34.5 copy.
    • Fix: Upgrade Astro to a version whose optional Sharp range includes 0.35.x, or add an override after verifying compatibility.

Panel: ci_default_security | Synthesis: codex, 10s | Members: codex_default (codex/default, done, 1m30s), codex_security (codex/security, done, 25s) | Total: 2m5s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants