mcandre
commented
8 months ago As a workaround, I am using the https://github.com/anthonynsimon/bild library.
Open mcandre opened 10 months ago
mcandre
commented
8 months ago As a workaround, I am using the https://github.com/anthonynsimon/bild library.
Please address the security bug identified by Snyk:
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDISINTEGRATIONIMAGING-5880692
On a related note, GitHub dependabot claims that updating the transient dependency golang.org/x/image to v0.10.0 or higher is sufficient. However, Snyk continues to report this disintegration/imaging module as vulnerable.
I don't have enough information to determine whether GitHub or Snyk is more accurate. Someone should clarify the situation.
If necessary, fork this repository.