Skip to content

chore(deps): update module golang.org/x/net to v0.53.0 [security]#300

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-golang.org-x-net-vulnerability
Open

chore(deps): update module golang.org/x/net to v0.53.0 [security]#300
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-golang.org-x-net-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 21, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/net v0.52.0v0.53.0 age confidence

Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

BIT-golang-2026-33814 / CVE-2026-33814 / GO-2026-4918

More information

Details

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested review from IldarMinaev and asatt as code owners May 21, 2026 14:29
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label May 21, 2026
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented May 21, 2026

ℹ️ Artifact update notice

File name: api/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 3 additional dependencies were updated

Details:

Package Change
golang.org/x/sys v0.42.0 -> v0.43.0
golang.org/x/term v0.41.0 -> v0.42.0
golang.org/x/text v0.35.0 -> v0.36.0
File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 4 additional dependencies were updated

Details:

Package Change
golang.org/x/crypto v0.49.0 -> v0.50.0
golang.org/x/sys v0.42.0 -> v0.43.0
golang.org/x/term v0.41.0 -> v0.42.0
golang.org/x/text v0.35.0 -> v0.36.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@asatt asatt Awaiting requested review from asatt asatt is a code owner

@IldarMinaev IldarMinaev Awaiting requested review from IldarMinaev IldarMinaev is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@dmitriikazanin dmitriikazanin

Labels

dependencies Pull requests that update a dependency file

Projects

qubership-observability
Status: Backlog

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dmitriikazanin