Skip to content

fix(deps): update module golang.org/x/net to v0.38.0 [security] #2133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update module golang.org/x/net to v0.38.0 [security] #2133

wants to merge 1 commit into from

Conversation

stackit-pipeline
Copy link
Contributor

This PR contains the following updates:

Package Type Update Change
golang.org/x/net require minor v0.37.0 -> v0.38.0
golang.org/x/net require minor v0.36.0 -> v0.38.0
golang.org/x/net require minor v0.35.0 -> v0.38.0
golang.org/x/net require minor v0.34.0 -> v0.38.0
golang.org/x/net require minor v0.33.0 -> v0.38.0
golang.org/x/net require minor v0.32.0 -> v0.38.0
golang.org/x/net require minor v0.31.0 -> v0.38.0
golang.org/x/net require minor v0.30.0 -> v0.38.0

GitHub Vulnerability Alerts

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@stackit-pipeline stackit-pipeline added the renovate Renovate dependency updates label May 6, 2025
@bahkauv70 bahkauv70 added the do-not-merge Do not merge this right now label May 6, 2025
@stackit-pipeline stackit-pipeline force-pushed the renovate/go-golang.org-x-net-vulnerability branch 4 times, most recently from 1ef09ed to a3354e0 Compare May 13, 2025 00:54
@stackit-pipeline stackit-pipeline force-pushed the renovate/go-golang.org-x-net-vulnerability branch from a3354e0 to 50feb86 Compare May 14, 2025 00:54
@marceljk marceljk force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 50feb86 to c6c9de5 Compare May 14, 2025 08:09
@stackit-pipeline stackit-pipeline force-pushed the renovate/go-golang.org-x-net-vulnerability branch from c6c9de5 to 277187c Compare May 16, 2025 00:55
@stackit-pipeline stackit-pipeline changed the title Update module golang.org/x/net to v0.38.0 [SECURITY] fix(deps): update module golang.org/x/net to v0.38.0 [security] May 17, 2025
@stackit-pipeline stackit-pipeline force-pushed the renovate/go-golang.org-x-net-vulnerability branch 4 times, most recently from 3f0786d to 8663e29 Compare May 24, 2025 00:52
@github-actions GitHub Actions
Copy link

This PR was marked as stale after 7 days of inactivity and will be closed after another 7 days of further inactivity. If this PR should be kept open, just add a comment, remove the stale label or push new commits to it.

@github-actions github-actions bot added the Stale label May 31, 2025
@stackit-pipeline stackit-pipeline force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 8663e29 to b6dcb61 Compare June 4, 2025 00:56
@github-actions github-actions bot removed the Stale label Jun 4, 2025
@stackit-pipeline
Copy link
Contributor Author

ℹ Artifact update notice

File name: scripts/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 1 additional dependency was updated

Details:

Package Change
golang.org/x/mod v0.24.0 -> v0.17.0

@stackit-pipeline stackit-pipeline force-pushed the renovate/go-golang.org-x-net-vulnerability branch from b6dcb61 to 2277e37 Compare June 5, 2025 00:55
@marceljk marceljk force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 2277e37 to c3fdc74 Compare June 5, 2025 07:36
@stackit-pipeline stackit-pipeline force-pushed the renovate/go-golang.org-x-net-vulnerability branch from c3fdc74 to 104a52d Compare June 6, 2025 00:54
@stackit-pipeline stackit-pipeline force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 104a52d to d579564 Compare June 7, 2025 00:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marceljk marceljk Awaiting requested review from marceljk marceljk is a code owner

@bahkauv70 bahkauv70 Awaiting requested review from bahkauv70

@Fyusel Fyusel Awaiting requested review from Fyusel Fyusel is a code owner

@rubenhoenle rubenhoenle Awaiting requested review from rubenhoenle rubenhoenle is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
do-not-merge Do not merge this right now renovate Renovate dependency updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stackit-pipeline @bahkauv70 @renovate-bot