imaging icon indicating copy to clipboard operation
imaging copied to clipboard

Published 20 hours ago verified publisher icon disintegration

Snyk reports vulnerability

Open mcandre opened this issue 1 year ago • 1 comments

Please address the security bug identified by Snyk:

https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDISINTEGRATIONIMAGING-5880692

On a related note, GitHub dependabot claims that updating the transient dependency golang.org/x/image to v0.10.0 or higher is sufficient. However, Snyk continues to report this disintegration/imaging module as vulnerable.

I don't have enough information to determine whether GitHub or Snyk is more accurate. Someone should clarify the situation.

If necessary, fork this repository.

mcandre avatar Nov 02 '23 22:11 mcandre

As a workaround, I am using the https://github.com/anthonynsimon/bild library.

mcandre avatar Dec 28 '23 02:12 mcandre