Skip to content

fix(deps): update module golang.org/x/net to v0.53.0 [security]#33

Merged
alaudabot merged 1 commit into
alauda-v1.33.7from
renovate/go-golang.org-x-net-vulnerability
May 10, 2026
Merged

fix(deps): update module golang.org/x/net to v0.53.0 [security]#33
alaudabot merged 1 commit into
alauda-v1.33.7from
renovate/go-golang.org-x-net-vulnerability

Conversation

@alaudaa-renovate

@alaudaa-renovate alaudaa-renovate Bot commented May 10, 2026

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/net v0.48.0 -> v0.53.0 age confidence

Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

CVE-2026-33814 / GO-2026-4918

More information

Details

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@alaudaa-renovate alaudaa-renovate Bot added the dependencies Pull requests that update a dependency file label May 10, 2026
@alaudaa-renovate

alaudaa-renovate Bot commented May 10, 2026

Copy link
Copy Markdown
Author

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 7 additional dependencies were updated

Details:

Package Change
golang.org/x/crypto v0.46.0 -> v0.50.0
golang.org/x/sync v0.19.0 -> v0.20.0
golang.org/x/sys v0.42.0 -> v0.43.0
golang.org/x/term v0.38.0 -> v0.42.0
golang.org/x/tools v0.39.0 -> v0.43.0
golang.org/x/mod v0.30.0 -> v0.34.0
golang.org/x/text v0.32.0 -> v0.36.0
File name: staging/src/k8s.io/kubectl/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 5 additional dependencies were updated

Details:

Package Change
golang.org/x/sys v0.42.0 -> v0.43.0
golang.org/x/sync v0.19.0 -> v0.20.0
golang.org/x/term v0.38.0 -> v0.42.0
golang.org/x/text v0.32.0 -> v0.36.0
golang.org/x/tools v0.39.0 -> v0.43.0

@alaudabot alaudabot merged commit c90d625 into alauda-v1.33.7 May 10, 2026
2 checks passed
@alaudabot alaudabot deleted the renovate/go-golang.org-x-net-vulnerability branch May 10, 2026 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@yuzichen12123 yuzichen12123

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alaudabot @yuzichen12123