fix(deps): bump golang.org/x/net to v0.53.0 #292

2026-05-12T11:44:10Z

argoyle commented

2026-05-12 11:44:10 +00:00

Fixes govulncheck finding GO-2026-4918: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2.

Bumps golang.org/x/net v0.49.0 → v0.53.0 (plus related x/sys, x/term, x/text via go mod tidy).

Fixes govulncheck finding GO-2026-4918: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2. Bumps golang.org/x/net v0.49.0 → v0.53.0 (plus related x/sys, x/term, x/text via go mod tidy).

argoyle added 1 commit 2026-05-12 11:44:11 +00:00

fix(deps): bump golang.org/x/net to v0.53.0 for GO-2026-4918

default-request-adder / vulnerabilities (pull_request) Successful in 1m46s

Details

default-request-adder / test (pull_request) Successful in 1m58s

Details

default-request-adder / build (pull_request) Successful in 52m36s

Details

eb50889101

argoyle scheduled this pull request to auto merge when all checks succeed 2026-05-12 11:44:25 +00:00

argoyle merged commit 918e3660fd into main

2026-05-12 15:00:35 +00:00

argoyle deleted branch fix-x-net-vuln

2026-05-12 15:00:36 +00:00

releaser referenced this pull request

2026-05-13 11:17:37 +00:00

chore(release): prepare for 1.6.6 #294

releaser referenced this pull request

2026-05-13 20:08:50 +00:00

chore(release): prepare for 1.6.6 #296

argoyle referenced this issue from a commit

2026-05-14 07:28:43 +00:00

chore(release): prepare for 1.6.6 (#296)

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: unboundsoftware/default-request-adder#292