Commit 3868714
authored
fix: upgrade golang.org/x/net to v0.55.0 (release/2.29) (#25778)
Upgrades `golang.org/x/net` from v0.53.0 to v0.55.0 on the
`release/2.29` branch to fix 5 x/net/html CVEs discovered in IronBank
scan.
## CVEs Fixed
| CVE | Description |
|-----|-------------|
| CVE-2026-25680 | DoS via cubic complexity algorithm in HTML tree
construction |
| CVE-2026-25681 | Incorrect handling of character references in DOCTYPE
nodes (XSS) |
| CVE-2026-27136 | Incorrect handling of namespaced elements in foreign
content (XSS) |
| CVE-2026-42502 | Incorrect handling of HTML elements in foreign
content (XSS) |
| CVE-2026-42506 | Failure to reject ASCII-only Punycode-encoded labels
(privilege escalation) |
## Changes
- `golang.org/x/net` v0.53.0 -> v0.55.0
- `golang.org/x/crypto` v0.50.0 -> v0.51.0 (transitive)
- `golang.org/x/sys` v0.43.0 -> v0.45.0 (transitive)
- `golang.org/x/term` v0.42.0 -> v0.43.0 (transitive)
- `golang.org/x/text` v0.36.0 -> v0.37.0 (transitive)
Linear: ENT-100
> Generated by Coder Agents on behalf of @Shelnutt21 parent de95683 commit 3868714
2 files changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
193 | 193 | | |
194 | 194 | | |
195 | 195 | | |
196 | | - | |
| 196 | + | |
197 | 197 | | |
198 | 198 | | |
199 | 199 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1337 | 1337 | | |
1338 | 1338 | | |
1339 | 1339 | | |
1340 | | - | |
1341 | | - | |
| 1340 | + | |
| 1341 | + | |
1342 | 1342 | | |
1343 | 1343 | | |
1344 | 1344 | | |
| |||
0 commit comments