chore(deps): update module golang.org/x/sys to v0.44.0 [security] (alauda-v0.70.0)

[alaudaa-renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
golang.org/x/sys	v0.43.0 -> v0.44.0

---

Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

CVE-2026-39824 / GO-2026-5024

More information

Details

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.

Severity

Unknown

References

• https://go.dev/issue/78916
• https://go.dev/cl/770080
• https://groups.google.com/g/golang-announce/c/6MMI8Lj-Atg

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[alaudaa-renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go mod tidy
go: downloading modernc.org/ccgo/v4 v4.32.0
go: downloading github.com/dgraph-io/badger/v4 v4.9.1
go: downloading github.com/miekg/dns v1.1.72
go: downloading github.com/redis/go-redis/v9 v9.18.0
go: downloading github.com/bytecodealliance/wasmtime-go/v39 v39.0.1
go: github.com/aquasecurity/trivy/cmd/trivy imports
	modernc.org/sqlite imports
	modernc.org/libc tested by
	modernc.org/libc.test imports
	modernc.org/ccgo/v4/lib: modernc.org/ccgo/v4@v4.32.0: Get "https://build-nexus.alauda.cn/repository/golang/modernc.org/ccgo/v4/@v/v4.32.0.zip": dial tcp: lookup build-nexus.alauda.cn: i/o timeout
go: github.com/aquasecurity/trivy/pkg/iac/rego imports
	github.com/open-policy-agent/opa/v1/bundle tested by
	github.com/open-policy-agent/opa/v1/bundle.test imports
	github.com/open-policy-agent/opa/v1/storage/disk imports
	github.com/dgraph-io/badger/v4: github.com/dgraph-io/badger/v4@v4.9.1: Get "https://build-nexus.alauda.cn/repository/golang/github.com/dgraph-io/badger/v4/@v/v4.9.1.zip": dial tcp: lookup build-nexus.alauda.cn on 172.28.0.10:53: read udp 172.29.200.66:57379->172.28.0.10:53: i/o timeout
go: github.com/aquasecurity/trivy/pkg/iac/rego imports
	github.com/open-policy-agent/opa/v1/rego imports
	github.com/open-policy-agent/opa/v1/topdown tested by
	github.com/open-policy-agent/opa/v1/topdown.test imports
	github.com/foxcpp/go-mockdns imports
	github.com/miekg/dns: github.com/miekg/dns@v1.1.72: Get "https://build-nexus.alauda.cn/repository/golang/github.com/miekg/dns/@v/v1.1.72.zip": dial tcp: lookup build-nexus.alauda.cn on 172.28.0.10:53: read udp 172.29.200.66:57379->172.28.0.10:53: i/o timeout
go: github.com/aquasecurity/trivy/pkg/iac/scanners/helm/parser imports
	helm.sh/helm/v3/pkg/action imports
	helm.sh/helm/v3/pkg/registry tested by
	helm.sh/helm/v3/pkg/registry.test imports
	github.com/distribution/distribution/v3/configuration imports
	github.com/redis/go-redis/v9: github.com/redis/go-redis/v9@v9.18.0: Get "https://build-nexus.alauda.cn/repository/golang/github.com/redis/go-redis/v9/@v/v9.18.0.zip": dial tcp: lookup build-nexus.alauda.cn on 172.28.0.10:53: read udp 172.29.200.66:57379->172.28.0.10:53: i/o timeout