Skip to content

Comments

chore(deps): update module golang.org/x/net to v0.45.0 [security] (release-v0.24)#1677

Merged
kubevirt-bot merged 1 commit intorelease-v0.24from
renovate/release-v0.24-go-golang.org-x-net-vulnerability
Feb 11, 2026
Merged

chore(deps): update module golang.org/x/net to v0.45.0 [security] (release-v0.24)#1677
kubevirt-bot merged 1 commit intorelease-v0.24from
renovate/release-v0.24-go-golang.org-x-net-vulnerability

Conversation

@redhat-renovate-bot
Copy link
Collaborator

@redhat-renovate-bot redhat-renovate-bot commented Feb 6, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
golang.org/x/net indirect minor v0.43.0 -> v0.45.0

Infinite parsing loop in golang.org/x/net

CVE-2025-58190 / GO-2026-4441

More information

Details

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Quadratic parsing complexity in golang.org/x/net/html

CVE-2025-47911 / GO-2026-4440

More information

Details

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@redhat-renovate-bot
chore(deps): update module golang.org/x/net to v0.45.0 [security]
5fc6d9d 
Signed-off-by: redhat-renovate-bot <redhat-internal-renovate@redhat.com>
@redhat-renovate-bot
Copy link
Collaborator Author

redhat-renovate-bot commented Feb 6, 2026

ℹ Artifact update notice

File name: api/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 1 additional dependency was updated

Details:

Package Change
golang.org/x/text v0.28.0 -> v0.29.0
File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 4 additional dependencies were updated

Details:

Package Change
golang.org/x/sync v0.16.0 -> v0.17.0
golang.org/x/sys v0.35.0 -> v0.36.0
golang.org/x/term v0.34.0 -> v0.35.0
golang.org/x/text v0.28.0 -> v0.29.0

@redhat-renovate-bot redhat-renovate-bot added the release-note-none Denotes a PR that doesn't merit a release note. label Feb 6, 2026
@kubevirt-bot kubevirt-bot added the dco-signoff: yes Indicates the PR's author has DCO signed all their commits. label Feb 6, 2026
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 6, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@akrejcir
Copy link
Collaborator

akrejcir commented Feb 11, 2026

/lgtm
/approve

@kubevirt-bot kubevirt-bot added the lgtm Indicates that a PR is ready to be merged. label Feb 11, 2026
@kubevirt-bot
Copy link
Contributor

kubevirt-bot commented Feb 11, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: akrejcir

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubevirt-bot kubevirt-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 11, 2026
@kubevirt-bot kubevirt-bot merged commit e1739c3 into release-v0.24 Feb 11, 2026
14 checks passed
@redhat-renovate-bot redhat-renovate-bot deleted the renovate/release-v0.24-go-golang.org-x-net-vulnerability branch February 11, 2026 22:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0xFelix 0xFelix Awaiting requested review from 0xFelix

@codingben codingben Awaiting requested review from codingben

Assignees

@akrejcir akrejcir

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@redhat-renovate-bot @akrejcir @kubevirt-bot