summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--go.mod2
-rw-r--r--go.sum4
-rw-r--r--vendor/golang.org/x/image/webp/decode.go5
-rw-r--r--vendor/modules.txt2
4 files changed, 9 insertions, 4 deletions
diff --git a/go.mod b/go.mod
index 79b4eb0d1..eb2053afd 100644
--- a/go.mod
+++ b/go.mod
@@ -67,7 +67,7 @@ require (
go.uber.org/automaxprocs v1.5.3
golang.org/x/crypto v0.17.0
golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
- golang.org/x/image v0.14.0
+ golang.org/x/image v0.15.0
golang.org/x/net v0.19.0
golang.org/x/oauth2 v0.15.0
golang.org/x/text v0.14.0
diff --git a/go.sum b/go.sum
index 316052452..9346e4ed7 100644
--- a/go.sum
+++ b/go.sum
@@ -654,8 +654,8 @@ golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnL
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.14.0 h1:tNgSxAFe3jC4uYqvZdTr84SZoM1KfwdC9SKIFrLjFn4=
-golang.org/x/image v0.14.0/go.mod h1:HUYqC05R2ZcZ3ejNQsIHQDQiwWM4JBqmm6MKANTp4LE=
+golang.org/x/image v0.15.0 h1:kOELfmgrmJlw4Cdb7g/QGuB3CvDrXbqEIww/pNtNBm8=
+golang.org/x/image v0.15.0/go.mod h1:HUYqC05R2ZcZ3ejNQsIHQDQiwWM4JBqmm6MKANTp4LE=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
diff --git a/vendor/golang.org/x/image/webp/decode.go b/vendor/golang.org/x/image/webp/decode.go
index d6eefd596..e211c7d57 100644
--- a/vendor/golang.org/x/image/webp/decode.go
+++ b/vendor/golang.org/x/image/webp/decode.go
@@ -39,6 +39,7 @@ func decode(r io.Reader, configOnly bool) (image.Image, image.Config, error) {
alpha []byte
alphaStride int
wantAlpha bool
+ seenVP8X bool
widthMinusOne uint32
heightMinusOne uint32
buf [10]byte
@@ -113,6 +114,10 @@ func decode(r io.Reader, configOnly bool) (image.Image, image.Config, error) {
return m, image.Config{}, err
case fccVP8X:
+ if seenVP8X {
+ return nil, image.Config{}, errInvalidFormat
+ }
+ seenVP8X = true
if chunkLen != 10 {
return nil, image.Config{}, errInvalidFormat
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 8bd0cfa10..6ec48a1f9 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -869,7 +869,7 @@ golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
## explicit; go 1.20
golang.org/x/exp/constraints
golang.org/x/exp/slices
-# golang.org/x/image v0.14.0
+# golang.org/x/image v0.15.0
## explicit; go 1.18
golang.org/x/image/bmp
golang.org/x/image/ccitt
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-13 11:59:34 +0000