Update `libwebp-sys` to fix CVE-2023-1999

[w-flo]

Hi!

libwebp-sys just released version 0.9.1 that includes not-yet-released code from libwebp git's 1.3.0 branch. libwebp 1.3.0 appears to be affected by CVE-2023-1999, which might allow arbitrary code execution by a remote attacker because of a double-free.

The CVE situation is a bit confusing because Google hasn't released 1.3.1, even though they fixed the double free in February and the CVE was filed last month (without any details), and Firefox shipped that patch in Firefox 112, refering to CVE-2023-1999, many weeks ago. Ubuntu just updated libwebp in their archives a few days ago to include the patch.

So it might be a good idea to update this crate's libwebp-sys version, too.

[misl-smlz]

https://github.com/jaredforth/webp/pull/25 / any updates on this?

[jaredforth]

Resolved in https://github.com/jaredforth/webp/pull/25