unboundsoftware/gitlab-cleanup-handler
6
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 29 Activity

fix(deps): bump golang.org/x/net to v0.53.0 (GO-2026-4918) #419

Merged
argoyle merged 1 commits from fix-golang-net-vuln into main 2026-05-12 12:16:19 +00:00
Conversation 0 Commits 1 Files Changed 2
+12 -12
argoyle commented 2026-05-12 11:38:56 +00:00
Owner
Copy Link
Copy Source

Bumps golang.org/x/net from v0.49.0 to v0.53.0 to fix GO-2026-4918 — infinite loop in HTTP/2 transport on bad SETTINGS_MAX_FRAME_SIZE.

Reached via gitlab.RestClient.projectApiCallhttp.Client.Dohttp2.Transport.

govulncheck ./... now reports no vulnerabilities. All tests pass.

Bumps golang.org/x/net from v0.49.0 to v0.53.0 to fix [GO-2026-4918](https://pkg.go.dev/vuln/GO-2026-4918) — infinite loop in HTTP/2 transport on bad SETTINGS_MAX_FRAME_SIZE. Reached via `gitlab.RestClient.projectApiCall` → `http.Client.Do` → `http2.Transport`. `govulncheck ./...` now reports no vulnerabilities. All tests pass.
argoyle added 1 commit 2026-05-12 11:38:57 +00:00
fix(deps): bump golang.org/x/net to v0.53.0 (GO-2026-4918)
gitlab-cleanup-handler / vulnerabilities (pull_request) Successful in 1m50s
Details
gitlab-cleanup-handler / test (pull_request) Successful in 2m3s
Details
gitlab-cleanup-handler / build (pull_request) Successful in 32m29s
Details
7033c0b9b9
argoyle scheduled this pull request to auto merge when all checks succeed 2026-05-12 11:39:40 +00:00
argoyle merged commit e221e088fb into main 2026-05-12 12:16:19 +00:00
argoyle deleted branch fix-golang-net-vuln 2026-05-12 12:16:20 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
go
security
Pull requests that address a security vulnerability
 severity:moderate
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
acctest (Shiny Acctest) argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unboundsoftware/gitlab-cleanup-handler#419
Delete Branch "fix-golang-net-vuln"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?