unboundsoftware/default-request-adder
6
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases 32 Activity

fix(deps): bump golang.org/x/net to v0.55.0 #304

Merged
argoyle merged 1 commits from fix-x-net-vuln into main 2026-05-25 06:23:20 +00:00
Conversation 0 Commits 1 Files Changed 2
+12 -12
argoyle commented 2026-05-25 05:48:58 +00:00
Owner
Copy Link
Copy Source

Fixes GO-2026-5026 — failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna (reachable via the k8s client LimitRange.Delete path).

  • golang.org/x/net v0.53.0 → v0.55.0
  • go mod tidy also bumped x/sys, x/term, x/text

govulncheck ./... → No vulnerabilities found.

Fixes **GO-2026-5026** — failure to reject ASCII-only Punycode-encoded labels in `golang.org/x/net/idna` (reachable via the k8s client `LimitRange.Delete` path). - `golang.org/x/net` v0.53.0 → v0.55.0 - `go mod tidy` also bumped x/sys, x/term, x/text `govulncheck ./...` → No vulnerabilities found.
argoyle added 1 commit 2026-05-25 05:48:59 +00:00
fix(deps): bump golang.org/x/net to v0.55.0
default-request-adder / vulnerabilities (pull_request) Successful in 3m17s
Details
default-request-adder / test (pull_request) Successful in 4m12s
Details
default-request-adder / build (pull_request) Successful in 31m53s
Details
4b5a1ef061 
Fixes GO-2026-5026 (Punycode label rejection failure in golang.org/x/net/idna).
go mod tidy also bumped x/sys, x/term, x/text.
argoyle scheduled this pull request to auto merge when all checks succeed 2026-05-25 05:49:20 +00:00
argoyle merged commit 8202ed57f1 into main 2026-05-25 06:23:20 +00:00
argoyle deleted branch fix-x-net-vuln 2026-05-25 06:23:21 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
go
security
Pull requests that address a security vulnerability
 severity:moderate
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
acctest (Shiny Acctest) argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) peter (Peter Svensson) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unboundsoftware/default-request-adder#304
Delete Branch "fix-x-net-vuln"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?