Bump sharp from 0.34.5 to 0.35.2#629
Conversation
Bumps [sharp](https://github.com/lovell/sharp) from 0.34.5 to 0.35.2. - [Release notes](https://github.com/lovell/sharp/releases) - [Commits](lovell/sharp@v0.34.5...v0.35.2) --- updated-dependencies: - dependency-name: sharp dependency-version: 0.35.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Caution Review the following alerts detected in dependencies. According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.
|
Bumps sharp from 0.34.5 to 0.35.2.
Release notes
Sourced from sharp's releases.
... (truncated)
Commits
c9622a3Release v0.35.2cd4568fUpgrade to sharp-libvips v1.3.178390cfTests: Add font file to prevent font discovery flakiness (#4550)61210b4Verify convolve kernel values are numbers (#4549)1cb27dcPrerelease v0.35.2-rc.2c7606c3Upgrade to sharp-libvips v1.3.1-rc.029d1e9ePrerelease v0.35.2-rc.1bbba0a1Improve code bundler support with stub binariesab52866Bound dilate and erode width to avoid mask-size overflow (#4548)0f594ddPrerelease v0.35.2-rc.0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)