Skip to content

chore: update module golang.org/x/net to v0.45.0 [security] - autoclosed#82

Closed
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/go-golang.org-x-net-vulnerability
Closed

chore: update module golang.org/x/net to v0.45.0 [security] - autoclosed#82
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/go-golang.org-x-net-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 1, 2026

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/net v0.40.0v0.45.0 age confidence

Quadratic parsing complexity in golang.org/x/net/html

CVE-2025-47911 / GHSA-w4gw-w5jq-g9jh / GO-2026-4440

More information

Details

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Infinite parsing loop in golang.org/x/net

CVE-2025-58190 / GO-2026-4441

More information

Details

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented May 1, 2026

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 6 additional dependencies were updated

Details:

Package Change
golang.org/x/mod v0.24.0 -> v0.27.0
golang.org/x/sync v0.14.0 -> v0.17.0
golang.org/x/sys v0.33.0 -> v0.36.0
golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 -> v0.0.0-20250807160809-1a19826ec488
golang.org/x/text v0.25.0 -> v0.29.0
golang.org/x/tools v0.31.0 -> v0.36.0

@renovate renovate Bot added dependencies Pull requests that update a dependency file security labels May 1, 2026
@renovate renovate Bot requested a review from ZerGo0 as a code owner May 1, 2026 03:54
@renovate renovate Bot added dependencies Pull requests that update a dependency file security labels May 1, 2026
@renovate renovate Bot changed the title chore: update module golang.org/x/net to v0.45.0 [security] chore: update module golang.org/x/net to v0.45.0 [security] - autoclosed May 1, 2026
@renovate renovate Bot closed this May 1, 2026
@renovate renovate Bot deleted the renovate/go-golang.org-x-net-vulnerability branch May 1, 2026 04:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZerGo0 ZerGo0 Awaiting requested review from ZerGo0 ZerGo0 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants