search

webp-sh / webp_server_go

Go version of WebP Server. A tool that will serve your JPG/PNG/BMP/SVGs as WebP/AVIF format with compression, on-the-fly.
https://docs.webp.sh
GNU General Public License v3.0
1.79k stars 173 forks source link

Bump govips to 2.14 #317

Closed n0vad3v closed 6 months ago

n0vad3v commented 6 months ago

Ref: https://github.com/davidbyttow/govips/releases/tag/v2.14.0

github-actions[bot] commented 6 months ago 

ghcr.io/webp-sh/webp_server_go (debian 12.5)
============================================
Total: 0 (HIGH: 0, CRITICAL: 0)

usr/bin/webp-server (gobinary)
==============================
Total: 1 (HIGH: 0, CRITICAL: 1)

┌─────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐
│           Library           │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                          Title                           │
├─────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤
│ github.com/gofiber/fiber/v2 │ CVE-2024-25124 │ CRITICAL │ fixed  │ v2.52.0           │ 2.52.1        │ Fiber has Insecure CORS Configuration, Allowing Wildcard │
│                             │                │          │        │                   │               │ Origin with Credentials                                  │
│                             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-25124               │
└─────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘