Skip to content

chore(deps): update module golang.org/x/sys to v0.44.0 [security]#18

Open
alaudaa-renovate[bot] wants to merge 1 commit into
alauda-v0.0.18from
renovate/go-golang.org-x-sys-vulnerability
Open

chore(deps): update module golang.org/x/sys to v0.44.0 [security]#18
alaudaa-renovate[bot] wants to merge 1 commit into
alauda-v0.0.18from
renovate/go-golang.org-x-sys-vulnerability

Conversation

@alaudaa-renovate
Copy link
Copy Markdown

@alaudaa-renovate alaudaa-renovate Bot commented May 27, 2026

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/sys v0.43.0 -> v0.44.0 age confidence
golang.org/x/sys v0.36.0 -> v0.44.0 age confidence

Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

CVE-2026-39824 / GO-2026-5024

More information

Details

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@alaudaa-renovate
Copy link
Copy Markdown
Author

alaudaa-renovate Bot commented May 27, 2026

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: .dagger/go.sum
Command failed: go get -d -t ./...
go: -d flag is deprecated. -d=true is a no-op
go: dagger/harbor-cli imports
	dagger/harbor-cli/internal/dagger: package dagger/harbor-cli/internal/dagger is not in std (/opt/containerbase/tools/golang/1.26.2/src/dagger/harbor-cli/internal/dagger)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@chengjingtao chengjingtao

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chengjingtao