Skip to content

Bump golang.org/x/image from 0.25.0 to 0.38.0#854

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/golang.org/x/image-0.38.0
Open

Bump golang.org/x/image from 0.25.0 to 0.38.0#854
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/golang.org/x/image-0.38.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 30, 2026
edited
Loading

Bumps golang.org/x/image from 0.25.0 to 0.38.0.

Commits
  • 23ae9ed tiff: cap buffer growth to prevent OOM from malicious IFD offset
  • e589e60 webp: allow VP8L + VP8X(with alpha)
  • fe7d73d go.mod: update golang.org/x dependencies
  • e3d762b all: upgrade go directive to at least 1.25.0 [generated]
  • 833c6ed go.mod: update golang.org/x dependencies
  • bc7fe0b go.mod: update golang.org/x dependencies
  • c53c97f go.mod: update golang.org/x dependencies
  • 9032ff7 all: eliminate vet diagnostics
  • 9c9d08c go.mod: update golang.org/x dependencies
  • 742b1b7 all: fix some comments
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 30, 2026
@dependabot dependabot Bot requested review from a team as code owners March 30, 2026 16:21
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/image-0.38.0 branch from 738deaf to be18228 Compare April 2, 2026 09:39
@anoadragon453
Copy link
Copy Markdown
Member

anoadragon453 commented Apr 2, 2026

This dependency appears to require go 1.25.0+.

Go in the dendrite docker image is currently 1.24.0: https://github.com/element-hq/dendrite/blob/933a12d00e9f3010cb1570c32ca9d87b79665aa4/Dockerfile#L6

So we'll need to bump that before CI in this PR will pass.

@anoadragon453 anoadragon453 mentioned this pull request Apr 2, 2026
Open
2 tasks
@dependabot
Bump golang.org/x/image from 0.25.0 to 0.38.0
e06d03b 
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.25.0 to 0.38.0.
- [Commits](golang/image@v0.25.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/image
  dependency-version: 0.38.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump golang.org/x/image from 0.18.0 to 0.38.0 Bump golang.org/x/image from 0.25.0 to 0.38.0 Apr 24, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/image-0.38.0 branch from be18228 to e06d03b Compare April 24, 2026 10:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@anoadragon453