fix(deps): Update module golang.org/x/net to v0.38.0 [SECURITY] #287

renovate · 2025-03-12T22:27:19Z

This PR contains the following updates:

Package	Change	Age	Confidence
golang.org/x/net	`v0.34.0` -> `v0.38.0`

GitHub Vulnerability Alerts

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2025-03-12T22:27:21Z

ℹ Artifact update notice

File name: modules/project_cleanup/function_source/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

4 additional dependencies were updated
The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.22.7` -> `1.23.0`
`go (toolchain)`	`1.23.6` -> `1.24.11`
`golang.org/x/crypto`	`v0.32.0` -> `v0.36.0`
`golang.org/x/sync`	`v0.10.0` -> `v0.12.0`
`golang.org/x/sys`	`v0.29.0` -> `v0.31.0`
`golang.org/x/text`	`v0.21.0` -> `v0.23.0`

dpebot · 2025-03-12T22:27:24Z

/gcbrun

dpebot · 2025-04-16T19:45:01Z

/gcbrun

dpebot · 2025-08-10T14:43:34Z

/gcbrun

dpebot · 2025-08-22T17:24:49Z

/gcbrun

dpebot · 2025-08-22T18:06:48Z

/gcbrun

dpebot · 2025-09-11T01:44:08Z

/gcbrun

dpebot · 2025-09-11T04:33:48Z

/gcbrun

dpebot · 2025-09-11T10:51:29Z

/gcbrun

dpebot · 2025-09-11T13:33:20Z

/gcbrun

dpebot · 2025-09-11T20:59:17Z

/gcbrun

dpebot · 2025-09-11T21:21:13Z

/gcbrun

dpebot · 2025-09-11T22:03:28Z

/gcbrun

dpebot · 2025-09-11T22:22:23Z

/gcbrun

dpebot · 2025-09-16T20:09:29Z

/gcbrun

dpebot · 2025-10-02T08:35:00Z

/gcbrun

dpebot · 2025-10-09T09:38:16Z

/gcbrun

dpebot · 2025-10-28T16:38:43Z

/gcbrun

dpebot · 2025-10-28T18:24:18Z

/gcbrun

dpebot · 2025-11-12T22:14:11Z

/gcbrun

dpebot · 2025-11-12T23:26:15Z

/gcbrun

dpebot · 2025-11-13T05:09:51Z

/gcbrun

dpebot · 2025-11-13T23:19:00Z

/gcbrun

dpebot · 2025-12-06T00:43:48Z

/gcbrun

dpebot · 2025-12-09T19:33:55Z

/gcbrun

renovate · 2025-12-11T19:47:35Z

ℹ️ Artifact update notice

File name: modules/project_cleanup/function_source/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

4 additional dependencies were updated
The go directive was updated for compatibility reasons

Details:

Package	Change
`go`	`1.22.7` -> `1.23.0`
`go (toolchain)`	`1.23.6` -> `1.24.11`
`golang.org/x/crypto`	`v0.32.0` -> `v0.36.0`
`golang.org/x/sync`	`v0.10.0` -> `v0.12.0`
`golang.org/x/sys`	`v0.29.0` -> `v0.31.0`
`golang.org/x/text`	`v0.21.0` -> `v0.23.0`

dpebot · 2025-12-11T19:47:44Z

/gcbrun

renovate bot added the type:security label Mar 12, 2025

renovate bot requested a review from a team as a code owner March 12, 2025 22:27

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 6e87f11 to a603b18 Compare April 16, 2025 19:44

renovate bot changed the title ~~fix(deps): Update module golang.org/x/net to v0.36.0 [SECURITY]~~ fix(deps): Update module golang.org/x/net to v0.38.0 [SECURITY] Apr 16, 2025

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from a603b18 to 1e489e6 Compare August 10, 2025 14:43

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 1e489e6 to b38b97e Compare August 22, 2025 17:24

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from b38b97e to 1bc9eb5 Compare August 22, 2025 17:37

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 1bc9eb5 to 88ce5fd Compare September 11, 2025 01:43

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 88ce5fd to dcd09ce Compare September 11, 2025 04:33

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from dcd09ce to 2363bd7 Compare September 11, 2025 10:51

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 2363bd7 to ba45936 Compare September 11, 2025 13:33

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from ba45936 to 4e79170 Compare September 11, 2025 20:59

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 4e79170 to 0f1d308 Compare September 11, 2025 21:21

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 0f1d308 to 32c3d81 Compare September 11, 2025 22:03

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 32c3d81 to 38d2d0e Compare September 11, 2025 22:22

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 38d2d0e to b38ee87 Compare September 12, 2025 04:32

renovate bot changed the title ~~fix(deps): Update module golang.org/x/net to v0.38.0 [SECURITY]~~ fix(deps): Update module golang.org/x/net to v0.38.0 [SECURITY] - autoclosed Oct 2, 2025

renovate bot closed this Oct 2, 2025

renovate bot deleted the renovate/go-golang.org-x-net-vulnerability branch October 2, 2025 05:46

renovate bot changed the title ~~fix(deps): Update module golang.org/x/net to v0.38.0 [SECURITY] - autoclosed~~ fix(deps): Update module golang.org/x/net to v0.38.0 [SECURITY] Oct 2, 2025

renovate bot reopened this Oct 2, 2025

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from dfab821 to 24b5950 Compare October 2, 2025 08:34

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 24b5950 to a69d3f2 Compare October 9, 2025 09:38

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from a69d3f2 to 7d8d308 Compare October 28, 2025 16:38

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 7d8d308 to be4f4bb Compare October 28, 2025 18:24

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from be4f4bb to 9a5296b Compare November 12, 2025 22:14

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 9a5296b to 2e4cc4c Compare November 12, 2025 23:26

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 2e4cc4c to 9980403 Compare November 13, 2025 05:09

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 9980403 to 0354df5 Compare November 13, 2025 23:18

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from 0354df5 to ba715f8 Compare December 6, 2025 00:43

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from ba715f8 to b497616 Compare December 9, 2025 19:33

fix(deps): Update module golang.org/x/net to v0.38.0 [SECURITY]

694a6fc

renovate bot force-pushed the renovate/go-golang.org-x-net-vulnerability branch from b497616 to 694a6fc Compare December 11, 2025 19:47

fix(deps): Update module golang.org/x/net to v0.38.0 [SECURITY] #287

Are you sure you want to change the base?

fix(deps): Update module golang.org/x/net to v0.38.0 [SECURITY] #287

Uh oh!

Conversation

renovate bot commented Mar 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

CVE-2025-22870

CVE-2025-22872

Configuration

Uh oh!

renovate bot commented Mar 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ Artifact update notice

File name: modules/project_cleanup/function_source/go.mod

Uh oh!

dpebot commented Mar 12, 2025

Uh oh!

dpebot commented Apr 16, 2025

Uh oh!

dpebot commented Aug 10, 2025

Uh oh!

dpebot commented Aug 22, 2025

Uh oh!

dpebot commented Aug 22, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 11, 2025

Uh oh!

dpebot commented Sep 16, 2025

Uh oh!

dpebot commented Oct 2, 2025

Uh oh!

dpebot commented Oct 9, 2025

Uh oh!

dpebot commented Oct 28, 2025

Uh oh!

dpebot commented Oct 28, 2025

Uh oh!

dpebot commented Nov 12, 2025

Uh oh!

dpebot commented Nov 12, 2025

Uh oh!

dpebot commented Nov 13, 2025

Uh oh!

dpebot commented Nov 13, 2025

Uh oh!

dpebot commented Dec 6, 2025

Uh oh!

dpebot commented Dec 9, 2025

Uh oh!

renovate bot commented Dec 11, 2025

ℹ️ Artifact update notice

File name: modules/project_cleanup/function_source/go.mod

Uh oh!

dpebot commented Dec 11, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate bot commented Mar 12, 2025 •

edited

Loading

renovate bot commented Mar 12, 2025 •

edited

Loading