Skip to content

examples: bump x/net and x/image to v0.38.0 (Dependabot)#47

Merged
changkun merged 1 commit into
mainfrom
fix/examples-deps-security
Jun 6, 2026
Merged

examples: bump x/net and x/image to v0.38.0 (Dependabot)#47
changkun merged 1 commit into
mainfrom
fix/examples-deps-security

Conversation

@changkun

@changkun changkun commented Jun 6, 2026

Copy link
Copy Markdown
Member

Resolves all open Dependabot alerts.

Every alert was in examples/go.mod — vulnerabilities in transitive dependencies (golang.org/x/net, golang.org/x/image) pulled in by the example module's older 2022 GUI libraries (fyne/ebiten/gio/glfw). Bumping these indirect deps to v0.38.0 clears all 15 advisories; the GUI libraries still compile against them (every example builds).

The published hotkey module is unaffected — it only depends on golang.design/x/mainthread and had no alerts.

@changkun
examples: bump golang.org/x/net and x/image to v0.38.0
68cb70c 
Resolves all open Dependabot alerts, which were vulnerabilities in
transitive dependencies (golang.org/x/net, golang.org/x/image) pulled
in by the example module's older GUI libraries. Bumping these indirect
deps to v0.38.0 clears every advisory; the GUI libraries still compile
against them (all examples build). The published hotkey module is
unaffected — it only depends on golang.design/x/mainthread.
@changkun changkun merged commit 16255fc into main Jun 6, 2026
19 checks passed
@changkun changkun deleted the fix/examples-deps-security branch June 6, 2026 16:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@changkun