Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

fix(deps): update module golang.org/x/net to v0.38.0 [security] #622

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
Loading
from
Open

fix(deps): update module golang.org/x/net to v0.38.0 [security] #622

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 13, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/net v0.35.0 -> v0.38.0 age confidence

GitHub Vulnerability Alerts

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate
Copy link
Contributor Author

renovate bot commented Sep 13, 2025

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 2 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.20 -> 1.23.0
golang.org/x/crypto v0.33.0 -> v0.36.0
golang.org/x/sys v0.30.0 -> v0.31.0

@coderabbitai
Copy link

coderabbitai bot commented Sep 13, 2025
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Free review on us!

CodeRabbit is offering free reviews until Wed Dec 17 2025 to showcase some of the refinements we've made.

Comment @coderabbitai help to get the list of available commands and usage tips.

@renovate renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from d080fe3 to c081d96 Compare October 9, 2025 10:09
@codecov-commenter
Copy link

codecov-commenter commented Oct 9, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.99%. Comparing base (97a7523) to head (1313bf8).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #622      +/-   ##
==========================================
- Coverage   76.27%   75.99%   -0.29%     
==========================================
  Files          73       73              
  Lines        5965     5965              
==========================================
- Hits         4550     4533      -17     
- Misses       1038     1048      +10     
- Partials      377      384       +7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 9, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from c081d96 to 1313bf8 Compare December 15, 2025 16:51
@renovate
Copy link
Contributor Author

renovate bot commented Dec 15, 2025

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 2 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.20 -> 1.23.0
golang.org/x/crypto v0.33.0 -> v0.36.0
golang.org/x/sys v0.30.0 -> v0.31.0

@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 15, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter
Morty Proxy This is a proxified and sanitized view of the page, visit original site.