Skip to content

fix(deps): update golang.org/x/image to fix medium CVE (OOM via TIFF)#34

Open
sstremovsky wants to merge 1 commit into
securitybunker:masterfrom
sstremovsky:fix/security-deps-20260609
Open

fix(deps): update golang.org/x/image to fix medium CVE (OOM via TIFF)#34
sstremovsky wants to merge 1 commit into
securitybunker:masterfrom
sstremovsky:fix/security-deps-20260609

Conversation

@sstremovsky

@sstremovsky sstremovsky commented Jun 9, 2026

Copy link
Copy Markdown

Security Dependency Updates

Resolves Dependabot security alerts by updating vulnerable packages.

Packages updated

  • golang.org/x/image: 0.37.0 → v0.42.0 (CVE: out-of-memory via crafted TIFF; required ≥0.38.0)

Notes

See the Dependabot alerts in the repository Security tab for full CVE details.

🤖 Generated with Claude Code

@CLAassistant

CLAassistant commented Jun 9, 2026

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@stremovsky
fix(deps): update vulnerable dependencies
5af788e 
Packages updated:
- golang.org/x/image: 0.37.0 → v0.42.0 (CVE: out-of-memory via crafted TIFF; required ≥0.38.0)

Fixes Dependabot security alerts.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sstremovsky @CLAassistant @stremovsky