Skip to content

Update module golang.org/x/image to v0.38.0 [SECURITY]#1391

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-golang.org-x-image-vulnerability
Open

Update module golang.org/x/image to v0.38.0 [SECURITY]#1391
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-golang.org-x-image-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Aug 6, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/image v0.16.0v0.38.0 age confidence

Panic when parsing invalid palette-color images in golang.org/x/image

CVE-2024-24792 / GHSA-9phm-fm57-rhg8

More information

Details

Parsing a corrupt or malicious image with invalid color indices can cause a panic.

Severity

  • CVSS Score: 8.7 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Go Images vulnerable to an out-of-memory error via a crafted TIFF file

CVE-2026-33809 / GHSA-44p7-9xx4-hf2g

More information

Details

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the renovate-bot label Aug 6, 2024
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Aug 6, 2024

ℹ Artifact update notice

File name: backend/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 1 additional dependency was updated

Details:

Package Change
golang.org/x/text v0.15.0 -> v0.16.0

@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Dec 15, 2025
edited
Loading

ℹ️ Artifact update notice

File name: backend/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 1 additional dependency was updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.21 -> 1.25.0
golang.org/x/text v0.15.0 -> v0.35.0

@renovate renovate Bot changed the title Update module golang.org/x/image to v0.18.0 [SECURITY] Update module golang.org/x/image to v0.18.0 [SECURITY] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/go-golang.org-x-image-vulnerability branch March 27, 2026 02:11
@renovate renovate Bot changed the title Update module golang.org/x/image to v0.18.0 [SECURITY] - autoclosed Update module golang.org/x/image to v0.38.0 [SECURITY] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-image-vulnerability branch 2 times, most recently from 8ce6924 to 5c01c76 Compare March 30, 2026 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

renovate-bot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants