chore(deps): update dependency sharp to v0.35.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
sharp (source, changelog)	0.34.5 → 0.35.2

---

Release Notes

lovell/sharp (sharp)

v0.35.2

Compare Source

v0.35.1

Compare Source

• TypeScript: Ensure type definitions are published for both ESM and CJS.
  #​4537

• WebAssembly: Ensure wrapper file is published.
  #​4538

v0.35.0

Compare Source

• Breaking: Drop support for Node.js 18, now requires Node.js >= 20.9.0.

• Breaking: Remove install script from package.json file.
  Compiling from source is now opt-in via the build script.

• Breaking: Lossy AVIF output is now tuned using SSIMULACRA2-based iq quality metrics.

• Breaking: Add limitInputChannels with a default value of 5.

• Breaking: Remove deprecated failOnError constructor property.

• Breaking: Remove deprecated paletteBitDepth from metadata response.

• Breaking: Remove deprecated properties from sharpen operation.

• Breaking: Rename format.jp2k as format.jp2 for API consistency.

• Upgrade to libvips v8.18.3 for upstream bug fixes.

• Remove experimental status from WebAssembly binaries.

• Add prebuilt binaries for FreeBSD (WebAssembly).

• Deprecate Windows 32-bit (win32-ia32) prebuilt binaries.

• Ensure TIFF output bitdepth option is limited to 1, 2 or 4.

• Add AVIF/HEIF tune option for control over quality metrics.
  #​4227

• Add keepGainMap and withGainMap to process HDR JPEG images with embedded gain maps.
  #​4314

• Add toUint8Array for output image as a TypedArray backed by a transferable ArrayBuffer.
  #​4355

• Require prebuilt binaries using static paths to aid code bundling.
  #​4380

• TypeScript: Ensure FormatEnum keys match reality.
  #​4475

• Add margin option to trim operation.
  #​4480
  @​eddienubes

• Ensure HEIF primary item is used as default page/frame.
  #​4487

• Add image Media Type (MIME Type) to metadata response.
  #​4492

• Add withDensity to set output density in EXIF metadata.
  #​4496

• Improve pkg-config path discovery.
  #​4504

• Add WebP exact option for control over transparent pixel colour values.

• Add support for ECMAScript Modules (ESM).
  #​4509
  @​florian-lefebvre

---

Configuration

📅 Schedule: (in timezone Asia/Bangkok)

• Branch creation
  • "every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
coding-stats	Error		Jun 27, 2026 1:44am

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

? Verifying lockfile against supply-chain policies (650 entries)...
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 45, reused 0, downloaded 0, added 0
Progress: resolved 49, reused 0, downloaded 0, added 0
✗ Lockfile failed supply-chain policy check (650 entries in 5.8s)
[ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION] 1 lockfile entries failed verification:
  prettier@3.8.5 was published at 2026-06-26T12:58:13.266Z, within the minimumReleaseAge cutoff (2026-06-26T01:44:20.165Z)

The lockfile contains entries that the active policies reject. This can mean the lockfile is stale, or that someone committed a lockfile that bypassed the policy locally — inspect recent changes to pnpm-lock.yaml before trusting it. If the changes look expected, run "pnpm clean --lockfile" and then "pnpm install" to rebuild from a fresh resolution. Alternatively, relax the policy that flagged them.