NO-JIRA: Bump golang.org/x/net to 0.56.0 to fix CVE#1514
Conversation
|
@twoGiants: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
WalkthroughThis PR updates indirect golang.org/x/* dependency versions in go.mod and tools/go.mod. Additionally, tools/go.mod raises its go directive from 1.22.0 to 1.25.0, removes an explicit toolchain pin, and adds a new indirect dependency on golang.org/x/tools/go/packages/packagestest. ChangesDependency updates
Estimated code review effort: 1 (Trivial) | ~5 minutes Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (1 error)
✅ Passed checks (14 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Fixes CVE-2026-25681 which can cause XSS in golang.org/x/net/html. The html package is used indirectly by dependencies. Signed-off-by: Stanislav Jakuschevskij <sjakusch@redhat.com>
a2dc669 to
a951c25
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: damdo The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@twoGiants: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Summary
Fixes CVE-2026-25681 which can cause XSS in golang.org/x/net/html. The html package is used indirectly by dependencies.
Additional Info
As for the RIT process documentation the Jira ticket is not attached to this PR, I quote:
References
Here is the closed issue golang/go#79574 in the go repo.
Summary by CodeRabbit