)]}'
{
  "commit": "96edba0fa84213a8c3cefe5d25fcc0a7c75b6a66",
  "tree": "77f4e0b019cead3e25b14ddea5277b1755318803",
  "parents": [
    "23ae9ed61c1d3343fb95015810f62dcbf444976e"
  ],
  "author": {
    "name": "Damien Neil",
    "email": "dneil@google.com",
    "time": "Thu Mar 26 14:28:31 2026 -0700"
  },
  "committer": {
    "name": "Gopher Robot",
    "email": "gobot@golang.org",
    "time": "Mon Mar 30 12:25:48 2026 -0700"
  },
  "message": "webp: reject VP8X headers with too-large canvases\n\nRFC 9649 states that the canvas width * height must be\nat most 2^32-1. Enforce this.\n\nThis avoids creating an invalid image (which will panic\nwhen manipulated) when decoding a too-large image on\n32-bit platforms.\n\nhttps://www.rfc-editor.org/rfc/rfc9649.html#section-2.7-12\n\nFixes golang/go#78407\nFixes CVE-2026-33813\n\nChange-Id: I7e2b68374681da4f72ee51ebfd8833006a6a6964\nReviewed-on: https://go-review.googlesource.com/c/image/+/759860\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\nAuto-Submit: Damien Neil \u003cdneil@google.com\u003e\nReviewed-by: Neal Patel \u003cnealpatel@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "2371808f421223e59ea7fe556ef5a8db35ee1b33",
      "old_mode": 33188,
      "old_path": "webp/decode.go",
      "new_id": "15dc0ee55613db2c045bcb04204eec66e8f1cb3a",
      "new_mode": 33188,
      "new_path": "webp/decode.go"
    },
    {
      "type": "modify",
      "old_id": "bb50ddd48a6e4a75989ac342d724415f95c8e2df",
      "old_mode": 33188,
      "old_path": "webp/decode_test.go",
      "new_id": "56948ef7fafa6642327c5ab9f0199dfc5fae9fcf",
      "new_mode": 33188,
      "new_path": "webp/decode_test.go"
    }
  ]
}