Skip to content

chore(deps): update dependency sharp to ^0.35.0#162

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/sharp-0.x
Open

chore(deps): update dependency sharp to ^0.35.0#162
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/sharp-0.x

Conversation

@renovate

@renovate renovate Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
sharp (source, changelog) ^0.34.0^0.35.0 age confidence

Release Notes

lovell/sharp (sharp)

v0.35.3

Compare Source

v0.35.2

Compare Source

v0.35.1

Compare Source

  • TypeScript: Ensure type definitions are published for both ESM and CJS.
    #​4537

  • WebAssembly: Ensure wrapper file is published.
    #​4538

v0.35.0

Compare Source

  • Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.

  • Breaking: Remove install script from package.json file.
    Compiling from source is now opt-in via the build script.

  • Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based iq quality metrics.

  • Breaking: Add limitInputChannels with a default value of 5.

  • Breaking: Remove deprecated failOnError constructor property.

  • Breaking: Remove deprecated paletteBitDepth from metadata response.

  • Breaking: Remove deprecated properties from sharpen operation.

  • Breaking: Rename format.jp2k as format.jp2 for API consistency.

  • Upgrade to libvips v8.18.3 for upstream bug fixes.

  • Remove experimental status from WebAssembly binaries.

  • Add prebuilt binaries for FreeBSD (WebAssembly).

  • Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.

  • Ensure TIFF output bitdepth option is limited to 1, 2 or 4.

  • Add AVIF/HEIF tune option for control over quality metrics.
    #​4227

  • Add keepGainMap and withGainMap to process HDR JPEG images with embedded gain maps.
    #​4314

  • Add toUint8Array for output image as a TypedArray backed by a transferable ArrayBuffer.
    #​4355

  • Require prebuilt binaries using static paths to aid code bundling.
    #​4380

  • TypeScript: Ensure FormatEnum keys match reality.
    #​4475

  • Add margin option to trim operation.
    #​4480
    @​eddienubes

  • Ensure HEIF primary item is used as default page/frame.
    #​4487

  • Add image Media Type (MIME Type) to metadata response.
    #​4492

  • Add withDensity to set output density in EXIF metadata.
    #​4496

  • Improve pkg-config path discovery.
    #​4504

  • Add WebP exact option for control over transparent pixel colour values.

  • Add support for ECMAScript Modules (ESM).
    #​4509
    @​florian-lefebvre


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate

renovate Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml
Scope: all 61 workspace projects
.                                        | [WARN] There are cyclic workspace dependencies: /tmp/renovate/repos/github/TrigenSoftware/nano_kit/packages/nanoviews, /tmp/renovate/repos/github/TrigenSoftware/nano_kit/packages/storybook
? Verifying lockfile against supply-chain policies (1399 entries)...
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 37, reused 0, downloaded 0, added 0
Progress: resolved 46, reused 0, downloaded 0, added 0
Progress: resolved 47, reused 0, downloaded 0, added 0
Progress: resolved 54, reused 0, downloaded 0, added 0
Progress: resolved 55, reused 0, downloaded 0, added 0
Progress: resolved 58, reused 0, downloaded 0, added 0
Progress: resolved 59, reused 0, downloaded 0, added 0
Progress: resolved 72, reused 0, downloaded 0, added 0
Progress: resolved 79, reused 0, downloaded 0, added 0
Progress: resolved 82, reused 0, downloaded 0, added 0
Progress: resolved 84, reused 0, downloaded 0, added 0
Progress: resolved 88, reused 0, downloaded 0, added 0
Progress: resolved 92, reused 0, downloaded 0, added 0
Progress: resolved 99, reused 0, downloaded 0, added 0
✗ Lockfile failed supply-chain policy check (1399 entries in 21.8s)
[ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION] 1 lockfile entries failed verification:
  @trigen/oxlint-config@10.1.2 was published at 2026-07-11T13:21:39.746Z, within the minimumReleaseAge cutoff (2026-07-11T11:55:16.816Z)

The lockfile contains entries that the active policies reject. This can mean the lockfile is stale, or that someone committed a lockfile that bypassed the policy locally — inspect recent changes to pnpm-lock.yaml before trusting it. If the changes look expected, run "pnpm clean --lockfile" and then "pnpm install" to rebuild from a fresh resolution. Alternatively, relax the policy that flagged them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants