Skip to content

Bump golang.org/x/image from 0.21.0 to 0.41.0#1216

Merged
leokondrashov merged 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/image-0.41.0
Jul 8, 2026
Merged

Bump golang.org/x/image from 0.21.0 to 0.41.0#1216
leokondrashov merged 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/image-0.41.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Bumps golang.org/x/image from 0.21.0 to 0.41.0.

Commits
  • 0d61147 bmp: reject input with invalid palette index
  • fe8ae45 tiff: limit PackBits decompression output size
  • 542a3d9 go.mod: update golang.org/x dependencies
  • 5cbe89a tiff: reject 0-size images
  • 3d5c9b6 go.mod: update golang.org/x dependencies
  • 854c274 font/sfnt: apply bounds checks before allocating read buffer
  • 96edba0 webp: reject VP8X headers with too-large canvases
  • 23ae9ed tiff: cap buffer growth to prevent OOM from malicious IFD offset
  • e589e60 webp: allow VP8L + VP8X(with alpha)
  • fe7d73d go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 4, 2026
@leokondrashov

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps [golang.org/x/image](https://github.com/golang/image) from 0.21.0 to 0.41.0.
- [Commits](golang/image@v0.21.0...v0.41.0)

---
updated-dependencies:
- dependency-name: golang.org/x/image
  dependency-version: 0.41.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/image-0.41.0 branch from 6678b94 to 2e5133f Compare July 8, 2026 02:47
@leokondrashov leokondrashov merged commit e6af787 into main Jul 8, 2026
22 checks passed
@leokondrashov leokondrashov deleted the dependabot/go_modules/golang.org/x/image-0.41.0 branch July 8, 2026 03:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant