chore(deps): update module golang.org/x/net to v0.33.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
golang.org/x/net	v0.28.0 -> v0.33.0

GitHub Vulnerability Alerts

CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: src/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
golang.org/x/sys	v0.24.0 -> v0.28.0
golang.org/x/text	v0.17.0 -> v0.21.0

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request updates the golang.org/x/net module to version v0.33.0 to address a security vulnerability (CVE-2024-45338). This vulnerability allows attackers to cause a denial of service by crafting specific inputs that result in extremely slow parsing.

Sequence diagram showing potential DoS attack before and after the security fix

sequenceDiagram
    participant A as Attacker
    participant S as Server (golang.org/x/net)
    participant P as Parser

    rect rgb(240, 240, 240)
    Note over A,P: Before patch (v0.24.0)
    A->>S: Send crafted malicious input
    S->>P: Parse input
    P-->>S: Non-linear processing time
    S-->>A: Delayed response (potential DoS)
    end

    rect rgb(200, 255, 200)
    Note over A,P: After patch (v0.33.0)
    A->>S: Send crafted malicious input
    S->>P: Parse input with improved handling
    P-->>S: Linear processing time
    S-->>A: Normal response time
    end

Loading

File-Level Changes

Change	Details	Files
Updated golang.org/x/net to v0.33.0.	Updated the golang.org/x/net dependency to v0.33.0 in go.mod. Updated checksums in go.sum to reflect the changes in go.mod.	src/go.mod src/go.sum

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, renovate[bot]!). We assume it knows what it's doing!