Skip to content

chore(deps): bump sharp from 0.34.5 to 0.35.1#1116

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/sharp-0.35.1
Open

chore(deps): bump sharp from 0.34.5 to 0.35.1#1116
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/sharp-0.35.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor

Bumps sharp from 0.34.5 to 0.35.1.

Release notes

Sourced from sharp's releases.

v0.35.1

  • TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

  • WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.1

  • TypeScript: Ensure type definitions are published for both ESM and CJS. #4537

  • WebAssembly: Ensure wrapper file is published. #4538

v0.35.1-rc.0

  • TypeScript: Ensure type definitions are published #4537

  • WebAssembly: Ensure wrapper file is published. #4538

v0.35.0

  • Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.

  • Breaking: Remove install script from package.json file. Compiling from source is now opt-in via the build script.

  • Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based iq quality metrics.

  • Breaking: Add limitInputChannels with a default value of 5.

  • Breaking: Remove deprecated failOnError constructor property.

  • Breaking: Remove deprecated paletteBitDepth from metadata response.

  • Breaking: Remove deprecated properties from sharpen operation.

  • Breaking: Rename format.jp2k as format.jp2 for API consistency.

  • Upgrade to libvips v8.18.3 for upstream bug fixes.

  • Remove experimental status from WebAssembly binaries.

  • Add prebuilt binaries for FreeBSD (WebAssembly).

  • Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.

  • Ensure TIFF output bitdepth option is limited to 1, 2 or 4.

  • Add AVIF/HEIF tune option for control over quality metrics.

... (truncated)

Commits
  • d781a2d Release v0.35.1
  • 84fa853 Prerelease v0.35.1-rc.1
  • 21263c3 TypeScript: Switch type defs to ESM, convert back to CJS #4537
  • 8deceb4 Docs: fix link in changelog (#4541)
  • c9f08eb Revert "Docs: Highlight that Windows ARM64 support is experimental" (#4540)
  • 3ec892f Prerelease v0.35.1-rc.0
  • fbdeac5 CI: Run packaging linter on sub-packages
  • 1da92b3 WebAssembly: Ensure wrapper file is published #4538
  • 32c029e Add packaging linter to help prevent regression e.g. #4537
  • 98dc1df TypeScript: Ensure type definitions are published #4537
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [sharp](https://github.com/lovell/sharp) from 0.34.5 to 0.35.1.
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.34.5...v0.35.1)

---
updated-dependencies:
- dependency-name: sharp
  dependency-version: 0.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 21, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 21, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
samui-wallet-web 76c127d Commit Preview URL

Branch Preview URL
Jun 21 2026, 12:09 AM

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 21, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
samui-wallet-api 76c127d Commit Preview URL

Branch Preview URL
Jun 21 2026, 12:09 AM

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedsharp@​0.35.19710010095100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/sharp@0.35.1npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@bundlemon

bundlemon Bot commented Jun 21, 2026

Copy link
Copy Markdown

BundleMon

Unchanged files (75)
Status Path Size Limits
apps/web/dist/assets/index-(hash).js
300.58KB -
apps/extension/.output/chrome-mv3/chunks/clie
nt-(hash).js
275.86KB -
apps/web/dist/assets/combobox-(hash).js
45.75KB -
apps/extension/.output/chrome-mv3/chunks/comb
obox-(hash).js
45.74KB -
apps/web/dist/assets/toggle-(hash).js
27.61KB -
apps/extension/.output/chrome-mv3/chunks/togg
le-(hash).js
27.59KB -
apps/extension/.output/chrome-mv3/chunks/sett
ings-(hash).js
26.09KB -
apps/web/dist/assets/settings-(hash).js
26.08KB -
apps/extension/.output/chrome-mv3/chunks/form
-(hash).js
13.17KB -
apps/web/dist/assets/form-(hash).js
13.16KB -
apps/web/dist/assets/select-(hash).js
8.55KB -
apps/extension/.output/chrome-mv3/chunks/sele
ct-(hash).js
8.54KB -
apps/extension/.output/chrome-mv3/chunks/onbo
arding-(hash).js
5.83KB -
apps/web/dist/assets/onboarding-(hash).js
5.83KB -
apps/extension/.output/chrome-mv3/chunks/inde
x.browser-(hash).js
4.65KB -
apps/extension/.output/chrome-mv3/chunks/crea
te-(hash).js
4.56KB -
apps/web/dist/assets/create-(hash).js
4.56KB -
apps/extension/.output/chrome-mv3/chunks/cons
tants-(hash).js
3.6KB -
apps/web/dist/assets/constants-(hash).js
3.6KB -
apps/extension/.output/chrome-mv3/chunks/useQ
uery-(hash).js
3.12KB -
apps/web/dist/assets/useQuery-(hash).js
3.12KB -
apps/extension/.output/chrome-mv3/chunks/requ
est-(hash).js
2.86KB -
apps/web/dist/assets/request-(hash).js
2.85KB -
apps/extension/.output/chrome-mv3/assets/vani
ty-(hash).js
2.79KB -
apps/web/dist/assets/vanity-(hash).js
2.79KB -
apps/web/dist/assets/portfolio-(hash).js
2.69KB -
apps/extension/.output/chrome-mv3/chunks/port
folio-(hash).js
2.69KB -
apps/extension/.output/chrome-mv3/chunks/send
-(hash).js
2.46KB -
apps/web/dist/assets/send-(hash).js
2.46KB -
apps/web/dist/assets/dropdown-(hash).js
2.16KB -
apps/extension/.output/chrome-mv3/chunks/drop
down-(hash).js
2.16KB -
apps/extension/.output/chrome-mv3/chunks/chec
kbox-(hash).js
1.89KB -
apps/web/dist/assets/checkbox-(hash).js
1.89KB -
apps/extension/.output/chrome-mv3/chunks/tool
s-(hash).js
1.85KB -
apps/web/dist/assets/tools-(hash).js
1.85KB -
apps/web/dist/assets/explorer-(hash).js
1.52KB -
apps/extension/.output/chrome-mv3/chunks/expl
orer-(hash).js
1.52KB -
apps/web/dist/assets/index.browser-(hash).js
835B -
apps/extension/.output/chrome-mv3/chunks/badg
e-(hash).js
769B -
apps/web/dist/assets/badge-(hash).js
768B -
apps/web/dist/assets/zod-(hash).js
768B -
apps/extension/.output/chrome-mv3/chunks/zod-
(hash).js
765B -
apps/web/dist/assets/standard-(hash).js
656B -
apps/extension/.output/chrome-mv3/chunks/stan
dard-(hash).js
651B -
apps/extension/.output/chrome-mv3/chunks/tabl
e-(hash).js
595B -
apps/web/dist/assets/table-(hash).js
595B -
apps/web/dist/assets/button-(hash).js
579B -
apps/extension/.output/chrome-mv3/chunks/butt
on-(hash).js
576B -
apps/extension/.output/chrome-mv3/chunks/book
mark-(hash).js
554B -
apps/web/dist/assets/bookmark-(hash).js
552B -
apps/extension/.output/chrome-mv3/chunks/ui-(
hash).js
526B -
apps/web/dist/assets/ui-(hash).js
526B -
apps/extension/.output/chrome-mv3/chunks/text
area-(hash).js
497B -
apps/web/dist/assets/textarea-(hash).js
496B -
apps/extension/.output/chrome-mv3/chunks/dev-
(hash).js
276B -
apps/web/dist/assets/dev-(hash).js
275B -
apps/web/dist/assets/use-(hash).js
227B -
apps/extension/.output/chrome-mv3/chunks/use-
(hash).js
226B -
apps/extension/.output/chrome-mv3/chunks/side
panel-(hash).js
203B -
apps/extension/.output/chrome-mv3/chunks/popu
p-(hash).js
200B -
apps/extension/.output/chrome-mv3/chunks/inde
x-(hash).js
173B -
apps/extension/.output/chrome-mv3/chunks/form
at-(hash).js
166B -
apps/web/dist/assets/format-(hash).js
166B -
apps/web/dist/assets/sol-(hash).js
150B -
apps/extension/.output/chrome-mv3/chunks/sol-
(hash).js
148B -
apps/extension/.output/chrome-mv3/chunks/elli
psify-(hash).js
145B -
apps/web/dist/assets/ellipsify-(hash).js
145B -
apps/extension/.output/chrome-mv3/chunks/chev
ron-(hash).js
142B -
apps/web/dist/assets/chevron-(hash).js
142B -
apps/web/dist/assets/stringify-(hash).js
140B -
apps/web/dist/assets/toast-(hash).js
139B -
apps/extension/.output/chrome-mv3/chunks/stri
ngify-(hash).js
138B -
apps/extension/.output/chrome-mv3/chunks/toas
t-(hash).js
137B -
apps/extension/.output/chrome-mv3/chunks/netw
ork-(hash).js
121B -
apps/web/dist/assets/network-(hash).js
121B -

No change in files bundle size

Unchanged groups (2)
Status Path Size Limits
apps/web/dist/**/*-.js
584.4KB -
apps/extension/.output/chrome-mv3/**/*-
.js
559.08KB -

Final result: ✅

View report in BundleMon website ➡️


Current branch size history | Target branch size history

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants