Skip to content

chore(deps): update module golang.org/x/net to v0.53.0 [security]#144

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-golang.org-x-net-vulnerability
Open

chore(deps): update module golang.org/x/net to v0.53.0 [security]#144
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-golang.org-x-net-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 20, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
golang.org/x/net v0.47.0v0.53.0 age adoption passing confidence

Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

BIT-golang-2026-33814 / CVE-2026-33814 / GO-2026-4918

More information

Details

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from lis0x90 as a code owner May 20, 2026 10:42
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented May 20, 2026

ℹ️ Artifact update notice

File name: core-bootstrap/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 4 additional dependencies were updated

Details:

Package Change
golang.org/x/sync v0.18.0 -> v0.20.0
golang.org/x/sys v0.38.0 -> v0.43.0
golang.org/x/term v0.37.0 -> v0.42.0
golang.org/x/text v0.31.0 -> v0.36.0
File name: cr-synchronizer/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 3 additional dependencies were updated

Details:

Package Change
golang.org/x/sys v0.38.0 -> v0.43.0
golang.org/x/term v0.37.0 -> v0.42.0
golang.org/x/text v0.31.0 -> v0.36.0

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 20, 2026

Quality Gate Passed Quality Gate passed for 'Core Bootstrap'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lis0x90 lis0x90 Awaiting requested review from lis0x90 lis0x90 is a code owner

Assignees

@lis0x90 lis0x90

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lis0x90