Skip to content

[Snyk] Security upgrade next from 13.4.7 to 15.5.15 #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
snyk-io wants to merge 1 commit into
base: main
Choose a base branch
from

fix: package.json & package-lock.json to reduce vulnerabilities

a1cf147
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade next from 13.4.7 to 15.5.15 #21

fix: package.json & package-lock.json to reduce vulnerabilities
a1cf147
Select commit
Loading
Failed to load commit list.
Orca Security (US) / Orca Security - OSS Licenses succeeded Apr 10, 2026 in 12s

Orca Security Scan Summary

Status Check Issues by priority
Passed Passed OSS Licenses high 0   medium 14   low 0   info 0 View in Orca
📦 The following Open Source License Violations have been detected
PACKAGE VERSION LICENSE FILE PATH
medium @img/sharp-libvips-darwin-arm64 1.2.4 LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-libvips-darwin-x64 1.2.4 LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-libvips-linux-arm 1.2.4 LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-libvips-linux-arm64 1.2.4 LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-libvips-linux-ppc64 1.2.4 LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-libvips-linux-riscv64 1.2.4 LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-libvips-linux-s390x 1.2.4 LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-libvips-linux-x64 1.2.4 LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-libvips-linuxmusl-arm64 1.2.4 LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-libvips-linuxmusl-x64 1.2.4 LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-wasm32 0.34.5 Apache-2.0 AND LGPL-3.0-or-later AND MIT ./package-lock.json View in code
medium @img/sharp-win32-arm64 0.34.5 Apache-2.0 AND LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-win32-ia32 0.34.5 Apache-2.0 AND LGPL-3.0-or-later ./package-lock.json View in code
medium @img/sharp-win32-x64 0.34.5 Apache-2.0 AND LGPL-3.0-or-later ./package-lock.json View in code

Annotations

Check warning on line 161 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'LGPL-3.0-or-later' Identified for '@img/sharp-libvips-darwin-arm64' package 

Package Full Name: @img/sharp-libvips-darwin-arm64
Package Version: 1.2.4
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-libvips-darwin-arm64' is licensed under
'LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 177 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'LGPL-3.0-or-later' Identified for '@img/sharp-libvips-darwin-x64' package 

Package Full Name: @img/sharp-libvips-darwin-x64
Package Version: 1.2.4
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-libvips-darwin-x64' is licensed under
'LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 193 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'LGPL-3.0-or-later' Identified for '@img/sharp-libvips-linux-arm' package 

Package Full Name: @img/sharp-libvips-linux-arm
Package Version: 1.2.4
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-libvips-linux-arm' is licensed under
'LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 209 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'LGPL-3.0-or-later' Identified for '@img/sharp-libvips-linux-arm64' package 

Package Full Name: @img/sharp-libvips-linux-arm64
Package Version: 1.2.4
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-libvips-linux-arm64' is licensed under
'LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 225 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'LGPL-3.0-or-later' Identified for '@img/sharp-libvips-linux-ppc64' package 

Package Full Name: @img/sharp-libvips-linux-ppc64
Package Version: 1.2.4
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-libvips-linux-ppc64' is licensed under
'LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 241 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'LGPL-3.0-or-later' Identified for '@img/sharp-libvips-linux-riscv64' package 

Package Full Name: @img/sharp-libvips-linux-riscv64
Package Version: 1.2.4
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-libvips-linux-riscv64' is licensed under
'LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 257 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'LGPL-3.0-or-later' Identified for '@img/sharp-libvips-linux-s390x' package 

Package Full Name: @img/sharp-libvips-linux-s390x
Package Version: 1.2.4
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-libvips-linux-s390x' is licensed under
'LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 273 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'LGPL-3.0-or-later' Identified for '@img/sharp-libvips-linux-x64' package 

Package Full Name: @img/sharp-libvips-linux-x64
Package Version: 1.2.4
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-libvips-linux-x64' is licensed under
'LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 289 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'LGPL-3.0-or-later' Identified for '@img/sharp-libvips-linuxmusl-arm64' package 

Package Full Name: @img/sharp-libvips-linuxmusl-arm64
Package Version: 1.2.4
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-libvips-linuxmusl-arm64' is licensed under
'LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 305 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'LGPL-3.0-or-later' Identified for '@img/sharp-libvips-linuxmusl-x64' package 

Package Full Name: @img/sharp-libvips-linuxmusl-x64
Package Version: 1.2.4
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-libvips-linuxmusl-x64' is licensed under
'LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 500 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'Apache-2.0 AND LGPL-3.0-or-later AND MIT' Identified for '@img/sharp-wasm32' package 

Package Full Name: @img/sharp-wasm32
Package Version: 0.34.5
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-wasm32' is licensed under 'Apache-2.0 AND
LGPL-3.0-or-later AND MIT', which is not compliant with your organization's open
source policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 519 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'Apache-2.0 AND LGPL-3.0-or-later' Identified for '@img/sharp-win32-arm64' package 

Package Full Name: @img/sharp-win32-arm64
Package Version: 0.34.5
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-win32-arm64' is licensed under 'Apache-2.0
AND LGPL-3.0-or-later', which is not compliant with your organization's open
source policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 538 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'Apache-2.0 AND LGPL-3.0-or-later' Identified for '@img/sharp-win32-ia32' package 

Package Full Name: @img/sharp-win32-ia32
Package Version: 0.34.5
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-win32-ia32' is licensed under 'Apache-2.0 AND
LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.

Check warning on line 557 in package-lock.json

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - OSS Licenses

[MEDIUM] Unapproved License 'Apache-2.0 AND LGPL-3.0-or-later' Identified for '@img/sharp-win32-x64' package 

Package Full Name: @img/sharp-win32-x64
Package Version: 0.34.5
License Category: Weak Copyleft
SPDX URL: https://spdx.org/licenses/LGPL-3.0-or-later.html

Description:
The open source package '@img/sharp-win32-x64' is licensed under 'Apache-2.0 AND
LGPL-3.0-or-later', which is not compliant with your organization's open source
policy. This license may impose restrictions that conflict with your
distribution, usage, or legal requirements. Review the license terms and take
appropriate action, such as replacing the package, obtaining legal approval, or
applying for an exception.

Recommendation:
This package uses an unauthorized license; evaluate its necessity, review the
license terms, and either replace it with a compliant alternative, isolate its
usage to reduce risk, or escalate for legal exception if strictly required.
View more details on Orca Security (US)