Skip to content

chore(deps): update module golang.org/x/net to v0.53.0 [security]#743

Open
renovate-sh-app[bot] wants to merge 1 commit intomainfrom
renovate/security-go-golang.org-x-net-vulnerability
Open

chore(deps): update module golang.org/x/net to v0.53.0 [security]#743
renovate-sh-app[bot] wants to merge 1 commit intomainfrom
renovate/security-go-golang.org-x-net-vulnerability

Conversation

@renovate-sh-app
Copy link
Copy Markdown
Contributor

@renovate-sh-app renovate-sh-app Bot commented May 8, 2026

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/net v0.52.0v0.53.0 age confidence

Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net

CVE-2026-33814 / GO-2026-4918

More information

Details

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.

@renovate-sh-app
chore(deps): update module golang.org/x/net to v0.53.0 [security]
e1267a1 
| datasource | package          | from    | to      |
| ---------- | ---------------- | ------- | ------- |
| go         | golang.org/x/net | v0.52.0 | v0.53.0 |


Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
@renovate-sh-app renovate-sh-app Bot requested a review from a team as a code owner May 8, 2026 01:03
@renovate-sh-app renovate-sh-app Bot enabled auto-merge (squash) May 8, 2026 01:03
@renovate-sh-app
Copy link
Copy Markdown
Contributor Author

renovate-sh-app Bot commented May 8, 2026

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 5 additional dependencies were updated

Details:

Package Change
golang.org/x/mod v0.33.0 -> v0.34.0
golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4 -> v0.0.0-20260311193753-579e4da9a98c
golang.org/x/tools v0.42.0 -> v0.43.0
golang.org/x/sys v0.42.0 -> v0.43.0
golang.org/x/text v0.35.0 -> v0.36.0

@github-project-automation github-project-automation Bot moved this to Backlog in OSS Big Tent May 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security update-minor

Projects

OSS Big Tent
Status: Backlog

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants