[Snyk] Security upgrade sharp from 0.32.1 to 0.32.6

[soloinovator]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	980/1000 Why? Currently trending on Twitter, Mature exploit, Recently disclosed, Has a fix available, CVSS 9.6	Heap-based Buffer Overflow SNYK-JS-SHARP-5922108	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: sharp

The new version differs by 60 commits.

• eefaa99 Release v0.32.6
• dbce6fa Upgrade to libvips v8.14.5
• af0fcb3 Docs: changelog for build(deps): bump postcss from 8.2.9 to 8.2.10 nodejs/nodejs.org#3799
• c6f54e5 Bump devDeps
• 846563e TypeScript: add definitions for block and unblock (build(deps): bump postcss from 8.2.9 to 8.2.10 nodejs/nodejs.org#3799)
• 9c217ab Ensure withMetadata can add RGB16 profiles build(deps): bump postcss from 8.2.8 to 8.2.9 nodejs/nodejs.org#3773
• e7381e5 Alternative fix for 4340d60, uses existing StaySequential
• 4340d60 Ensure composite tile images fully decoded Add Manchester meetup to node-meetups.md nodejs/nodejs.org#3767
• 7f64d46 Docs: add missing returns property to raw
• 67e927b Docs: ensure all functions include method signature update date in april-2021-security-releases.md nodejs/nodejs.org#3777
• 9c7713e Docs: remove mention of EXIF from flip/flop ops
• 8be6da1 Docs: clarify when rotate op will remove EXIF Orientation
• 9563568 Ensure withMetadata skips default profile for RGB16 build(deps): bump postcss from 8.2.8 to 8.2.9 nodejs/nodejs.org#3773
• 44a0ee3 Release v0.32.5
• ccd51c8 Upgrade to libvips v8.14.4
• bb7469b Ensure withMetadata adds default sRGB profile [meta] Rename default branch to main nodejs/nodejs.org#3761
• a2cac61 Simplify 90/270 orient-before-resize logic (chore: Rename default branch to main nodejs/nodejs.org#3762)
• 5c19f6d Ensure resize fit=inside respects 90/270 rotate build(deps-dev): bump nock from 13.0.10 to 13.0.11 nodejs/nodejs.org#3756
• 3d01775 Docs: changelog entries for could dependabot be disabled on forks? nodejs/nodejs.org#3748 build(deps): bump autoprefixer from 10.2.4 to 10.2.5 nodejs/nodejs.org#3755 Bash script on downloads page uses a command that is not installed on Mac nodejs/nodejs.org#3758
• 87562a5 TypeScript: Ensure WebpOptions minSize is boolean (Bash script on downloads page uses a command that is not installed on Mac nodejs/nodejs.org#3758)
• 2829e17 Fix build with musl 1.2.4 (build(deps): bump autoprefixer from 10.2.4 to 10.2.5 nodejs/nodejs.org#3755)
• ffefbd2 TypeScript: add missing WebpPresetEnum (could dependabot be disabled on forks? nodejs/nodejs.org#3748)
• bc8f983 Tests: ensure Jimp benchmark uses bicubic as resizing kernel (Blog: v15.11.0 release post nodejs/nodejs.org#3745)
• 440936a Tests: update benchmark deps and container (build(deps-dev): bump nock from 13.0.9 to 13.0.10 nodejs/nodejs.org#3744)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[github-actions]

Unit Test Coverage Report

Lines	Statements	Branches	Functions
	92.42% (366/396)	79% (79/100)	88.09% (74/84)

Unit Test Report

Tests	Skipped	Failures	Errors	Time
45	0 💤	0 ❌	0 🔥	8.722s ⏱️

[github-actions]

📦 Next.js Bundle Analysis for nodejs.org

This analysis was generated by the Next.js Bundle Analysis action. 🤖

🎉 Global Bundle Size Decreased

Page	Size (compressed)
global	136.46 KB (🟢 -5.82 KB)

Details

The global bundle is the javascript bundle that loads alongside every page. It is in its own category because its impact is much higher - an increase to its size means that every page on your website loads slower, and a decrease means every page loads faster.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

If you want further insight into what is behind the changes, give @next/bundle-analyzer a try!

Three Pages Changed Size

The following pages changed size from the code in this PR compared to its base branch:

Page	Size (compressed)	First Load
/404	34.47 KB (🟢 9.5 KB)	170.92 KB
/[...path]	34.39 KB (🟢 9.5 KB)	170.85 KB
/_error	181 B (🟢 -1 B)	136.63 KB

Details

Only the gzipped size is provided here based on an expert tip.

First Load is the size of the global bundle plus the bundle for the individual page. If a user were to show up to your website and land on a given page, the first load size represents the amount of javascript that user would need to download. If next/link is used, subsequent page loads would only need to download that page's bundle (the number in the "Size" column), since the global bundle has already been downloaded.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

Next to the size is how much the size has increased or decreased compared with the base branch of this PR. If this percentage has increased by undefined% or more, there will be a red status indicator applied, indicating that special attention should be given to this.