Snyk reports vulnerability

[mcandre]

Please address the security bug identified by Snyk:

https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDISINTEGRATIONIMAGING-5880692

On a related note, GitHub dependabot claims that updating the transient dependency golang.org/x/image to v0.10.0 or higher is sufficient. However, Snyk continues to report this disintegration/imaging module as vulnerable.

I don't have enough information to determine whether GitHub or Snyk is more accurate. Someone should clarify the situation.

If necessary, fork this repository.

[mcandre]

As a workaround, I am using the https://github.com/anthonynsimon/bild library.

[n2p5]

I've made a patch to this to update to the latest version of golang.org/x/image and remove the deprecatedioutils in favor of io and os supported functions. Is there anything I can do to help get this merged and support the release of a 1.6.3?

PR: #175

[ankitpunchh]

Any update on this when it will be released ?