From f9b95f7cdc5831e4a1ec38fe00bf39ceed3fe210 Mon Sep 17 00:00:00 2001 From: Seth Shelnutt Date: Thu, 28 May 2026 10:15:55 +0000 Subject: [PATCH] fix(go.mod): upgrade golang.org/x/net to v0.55.0 Fixes 5 x/net/html CVEs (CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-42502, CVE-2026-42506) discovered in IronBank scan. Also bumps transitive x/ dependencies: - x/crypto v0.50.0 -> v0.51.0 - x/sys v0.43.0 -> v0.45.0 - x/term v0.42.0 -> v0.43.0 - x/text v0.36.0 -> v0.37.0 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f829558e2a1f3..9feb31f371cb7 100644 --- a/go.mod +++ b/go.mod @@ -193,7 +193,7 @@ require ( golang.org/x/crypto v0.52.0 golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f golang.org/x/mod v0.35.0 - golang.org/x/net v0.54.0 + golang.org/x/net v0.55.0 golang.org/x/oauth2 v0.34.0 golang.org/x/sync v0.20.0 golang.org/x/sys v0.45.0 diff --git a/go.sum b/go.sum index ad9d2b9f27523..ebdfb1c628427 100644 --- a/go.sum +++ b/go.sum @@ -1337,8 +1337,8 @@ golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w= -golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ= +golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8= +golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww= golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=