Fix: sharp vulnerability in libwebp dependency (analyzing, don't merge)

[bobslavtriev]

Sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity GHSA-j7hp-h8jx-5ppr

Or implement sharp.block({ operation: ["VipsForeignLoadWebp"] }); in the code in messages-media.ts

[whiskeysockets-bot]

Thanks for your contribution.

The next step is to wait for review and approval to merge it to main repository

The community can help reacting with a thumb up (:thumbsup:) for approval and rocket (:rocket:) for who has tested it.

To test this PR you can run the following command below:

# NPM
npm install @whiskeysockets/baileys@bobslavtriev/Baileys#sh
# YARN v2
yarn add @whiskeysockets/baileys@bobslavtriev/Baileys#sh

[PurpShell]

WEBP is one of the reasons we use sharp, not sure where you got the "sharp uses libwebp", afaik it uses libvips

[PurpShell]

lovell/sharp#3798