Skip to content

chore(deps): update module golang.org/x/net to v0.55.0 [security] (release-v1.40)#5012

Open
marvin-tigera wants to merge 1 commit into
release-v1.40from
renovate/release-v1.40-go-golang.org-x-net-vulnerability
Open

chore(deps): update module golang.org/x/net to v0.55.0 [security] (release-v1.40)#5012
marvin-tigera wants to merge 1 commit into
release-v1.40from
renovate/release-v1.40-go-golang.org-x-net-vulnerability

Conversation

@marvin-tigera

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/net v0.50.0v0.55.0 age confidence

Go Net HTML parser is vulnerable to denial of service

CVE-2026-25680 / GHSA-5cv4-jp36-h3mw

More information

Details

In Go Net (golang.org/x/net) before verion 0.55.0, parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


  • If you want to rebase/retry this PR, check this box

@marvin-tigera marvin-tigera requested a review from a team as a code owner July 13, 2026 18:32
@marvin-tigera marvin-tigera added dependencies Pull requests that update a dependency file docs-not-required release-note-not-required labels Jul 13, 2026
@marvin-tigera marvin-tigera added this to the v1.40.14 milestone Jul 13, 2026
@marvin-tigera marvin-tigera force-pushed the renovate/release-v1.40-go-golang.org-x-net-vulnerability branch 2 times, most recently from 7f234d8 to 828c0d2 Compare July 13, 2026 22:45
@marvin-tigera marvin-tigera force-pushed the renovate/release-v1.40-go-golang.org-x-net-vulnerability branch from 828c0d2 to 5118e82 Compare July 14, 2026 22:24
@marvin-tigera

Copy link
Copy Markdown
Contributor Author

Removing "merge-when-ready" label due to new commits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file docs-not-required release-note-not-required

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants