Skip to content

chore(deps): update module golang.org/x/net to v0.55.0 [security] (release-v1.42)#5016

Open
marvin-tigera wants to merge 1 commit into
release-v1.42from
renovate/release-v1.42-go-golang.org-x-net-vulnerability
Open

chore(deps): update module golang.org/x/net to v0.55.0 [security] (release-v1.42)#5016
marvin-tigera wants to merge 1 commit into
release-v1.42from
renovate/release-v1.42-go-golang.org-x-net-vulnerability

Conversation

@marvin-tigera

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/net v0.54.0v0.55.0 age confidence

Go Net HTML parser is vulnerable to denial of service

CVE-2026-25680 / GHSA-5cv4-jp36-h3mw

More information

Details

In Go Net (golang.org/x/net) before verion 0.55.0, parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


  • If you want to rebase/retry this PR, check this box

@marvin-tigera marvin-tigera requested a review from a team as a code owner July 13, 2026 18:33
@marvin-tigera marvin-tigera added dependencies Pull requests that update a dependency file docs-not-required release-note-not-required labels Jul 13, 2026
@marvin-tigera marvin-tigera added this to the v1.42.5 milestone Jul 13, 2026
@marvin-tigera marvin-tigera force-pushed the renovate/release-v1.42-go-golang.org-x-net-vulnerability branch from 48ebeb3 to 5fbe4cd Compare July 13, 2026 20:26
@marvin-tigera marvin-tigera force-pushed the renovate/release-v1.42-go-golang.org-x-net-vulnerability branch from 5fbe4cd to ab07679 Compare July 13, 2026 22:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file docs-not-required release-note-not-required

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant