chore(deps): update bump-dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
debian	final	patch	trixie-20260421 → trixie-20260610
debian	stage	patch	trixie-20260421 → trixie-20260610
docker/dockerfile	syntax	minor	1.23 → 1.25
golang	stage	digest	47ce563 → 5f68ec6
libvips		patch	8.18.2 → 8.18.3
mariadb		digest	e0236fc → b1c7bf8
python	final	digest	355522f → 6b91e66

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

libvips/libvips (libvips)

v8.18.3

Compare Source

Changes since 8.18.2:

• invertlut: verify input mask positions [lovell]
• bandjoin_const: fix possible OOB read with RAD/LABQ images [kleisauke]
• edge: ensure parent object is built [lovell]
• object: guard against invalid interpolators [kleisauke]
• foreign: guard against NULL filenames [kleisauke]
• stdif: expand input by one column [lovell]
• dcrawload: add support for non-square pixels [jcupitt]
• image_sanity: ensure scanlines fit in INT_MAX [Niels Provos]
• rank: expand input by one column [kleisauke]
• hist_local: expand input by one column [kleisauke]
• fix possible null-pointer dereference in quantizr backend [felixbuenemann]
• jp2ksave: fix OOB read during chroma subsampling [dloebl]
• jp2ksave: prevent heap buffer overflow on non-RGB images [dloebl]
• heifload: tighten limits on memory use [provos]
• boolean: fix heap-buffer-overflow in lshift [dloebl]
• magickload: check animation height [Himanshu Anand]
• source: fix max/min confusion [Himanshu Anand]
• uhdrsave: use macro to size buffer [Himanshu Anand]
• draw_mask: fix support for packed LABQ images [lovell]
• reduceh: fix possible OOB read in Highway path [kleisauke]
• buildlut: check upper bound of x range [lovell]
• jxl: ensure status codes are propagated [lovell]
• archive: fix compatibility with MSVC [eunos-1128]
• ppmload: check image dimensions [lovell]
• thumbnail: better pyr detection [Niels Provos]
• jpegsave: fix scrgb save with uhdr disabled [jcupitt]

Windows binaries here:

https://github.com/libvips/build-win64-mxe/releases/tag/v8.18.3

v8.18.3-rc1

Compare Source

Changes since 8.18.2:

• invertlut: verify input mask positions [lovell]
• bandjoin_const: fix possible OOB read with RAD/LABQ images [kleisauke]
• edge: ensure parent object is built [lovell]
• object: guard against invalid interpolators [kleisauke]
• foreign: guard against NULL filenames [kleisauke]
• stdif: expand input by one column [lovell]
• dcrawload: add support for non-square pixels [jcupitt]
• image_sanity: ensure scanlines fit in INT_MAX [Niels Provos]
• rank: expand input by one column [kleisauke]
• hist_local: expand input by one column [kleisauke]
• fix possible null-pointer dereference in quantizr backend [felixbuenemann]
• jp2ksave: fix OOB read during chroma subsampling [dloebl]
• jp2ksave: prevent heap buffer overflow on non-RGB images [dloebl]
• heifload: tighten limits on memory use [provos]
• boolean: fix heap-buffer-overflow in lshift [dloebl]
• magickload: check animation height [Himanshu Anand]
• radload: deprecate old-style scanline read [Himanshu Anand]
• source: fix max/min confusion [Himanshu Anand]
• uhdrsave: use macro to size buffer [Himanshu Anand]
• draw_mask: fix support for packed LABQ images [lovell]
• reduceh: fix possible OOB read in Highway path [kleisauke]
• buildlut: check upper bound of x range [lovell]
• jxl: ensure status codes are propagated [lovell]
• archive: fix compatibility with MSVC [eunos-1128]
• ppmload: check image dimensions [lovell]
• thumbnail: better pyr detection [Niels Provos]

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Only on Wednesday (* * * * 3)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Benchmark Matrix: pr-37-27948759693

Summary

Triplet image: ghcr.io/libops/triplet:renovate.bump-dependencies

Mode	Concurrency	Triplet OK	Duration s	Req/s	p95 ms	p99 ms	CPU ms/req	Max MiB
uncached	2	270/270 (100%)	16.52	16.3	205.7	371.8	100.62	204.6
uncached	4	270/270 (100%)	12.70	21.3	337.9	596.1	103.73	345.0
uncached	8	270/270 (100%)	12.83	21.1	488.3	825.7	102.30	399.2
cached	8	270/270 (100%)	12.75	21.2	533.4	941.1	101.99	356.4
cached	32	270/270 (100%)	13.06	20.7	863.4	1199.2	98.44	275.5
cached	128	270/270 (100%)	13.32	20.3	1884.0	2280.9	106.86	235.6

Status reflects Triplet request success. Performance metrics are informational.