Skip to content

deps: bump golang.org/x/net to address CVE#4452

Merged
josephwoodward merged 2 commits into
mainfrom
jw/bumpxnet
May 22, 2026
Merged

deps: bump golang.org/x/net to address CVE#4452
josephwoodward merged 2 commits into
mainfrom
jw/bumpxnet

Conversation

@josephwoodward
Copy link
Copy Markdown
Contributor

@josephwoodward josephwoodward commented May 22, 2026

@claude
Copy link
Copy Markdown

claude Bot commented May 22, 2026

Commits
LGTM

Review
Pure dependency bump in go.mod and go.sum: golang.org/x/net 0.53.0 → 0.55.0 (CVE fix per golang/go#79571), with associated transitive updates to golang.org/x/crypto (0.50.0 → 0.51.0), golang.org/x/text (0.36.0 → 0.37.0), and golang.org/x/term (0.42.0 → 0.43.0). No source code changes.

LGTM

@claude
Copy link
Copy Markdown

claude Bot commented May 22, 2026

Commits
LGTM

Review
Patch-level dependency bumps (golang.org/x/{crypto,net,term,text}) addressing a CVE. The three test files using golang.org/x/net/http2/h2c get //nolint:staticcheck annotations to suppress deprecation warnings introduced by the new x/net version; all three h2c call sites in the repo are covered.

LGTM

@josephwoodward josephwoodward merged commit cdaacc7 into main May 22, 2026
8 checks passed
@josephwoodward josephwoodward deleted the jw/bumpxnet branch May 22, 2026 17:07
@github-actions github-actions Bot mentioned this pull request May 28, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@squiidz squiidz squiidz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@josephwoodward @squiidz