Skip to content

fix: Update golang.org/x/net to v0.55.0#1451

Merged
k8s-ci-robot merged 1 commit into
kubernetes:masterfrom
mtulio:security/update-golang-x-net
Jun 6, 2026
Merged

fix: Update golang.org/x/net to v0.55.0#1451
k8s-ci-robot merged 1 commit into
kubernetes:masterfrom
mtulio:security/update-golang-x-net

Conversation

@mtulio

@mtulio mtulio commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

What type of PR is this?

/kind failing-test

What this PR does / why we need it:

govulncheck is failing on master branch reporting the following vulnerability caused by golang.org/x/net:

This PR updates golang.org/x/net from v0.49.0 to v0.55.0 to address security vulnerabilities detected by govulncheck.

Also updates related golang.org/x/* dependencies to compatible versions:

  • golang.org/x/crypto: v0.47.0 → v0.51.0
  • golang.org/x/sys: v0.40.0 → v0.45.0
  • golang.org/x/text: v0.33.0 → v0.37.0
  • golang.org/x/term: v0.39.0 → v0.43.0
  • golang.org/x/tools: v0.41.0 → v0.44.0
  • golang.org/x/mod: v0.32.0 → v0.35.0
  • golang.org/x/sync: v0.19.0 → v0.20.0

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. labels Jun 5, 2026
@k8s-ci-robot

k8s-ci-robot commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

This issue is currently awaiting triage.

If cloud-provider-aws contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Jun 5, 2026
@k8s-ci-robot k8s-ci-robot requested a review from cheftako June 5, 2026 17:26
@linux-foundation-easycla

linux-foundation-easycla Bot commented Jun 5, 2026
edited
Loading

Copy link
Copy Markdown

CLA Signed
The committers listed above are authorized under a signed CLA.

  • ✅ login: mtulio / name: Marco Braga (e1c656f)

@k8s-ci-robot k8s-ci-robot requested a review from mmerkes June 5, 2026 17:26
@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 5, 2026
@mtulio
Update golang.org/x/net to v0.55.0
e1c656f 
Updates golang.org/x/net from v0.49.0 to v0.55.0 to address
security vulnerabilities detected by govulncheck.

This update resolves:
- GO-2026-5026: Punycode validation issue in idna package
- GO-2026-4918: HTTP/2 transport infinite loop vulnerability

Also updates related golang.org/x/* dependencies to compatible versions:
- golang.org/x/crypto: v0.47.0 → v0.51.0
- golang.org/x/sys: v0.40.0 → v0.45.0
- golang.org/x/text: v0.33.0 → v0.37.0
- golang.org/x/term: v0.39.0 → v0.43.0
- golang.org/x/tools: v0.41.0 → v0.44.0
- golang.org/x/mod: v0.32.0 → v0.35.0
- golang.org/x/sync: v0.19.0 → v0.20.0
@mtulio mtulio force-pushed the security/update-golang-x-net branch from bafdfa9 to e1c656f Compare June 5, 2026 17:27
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Jun 5, 2026
@mtulio

mtulio commented Jun 5, 2026

Copy link
Copy Markdown
Contributor Author

cc @kmala @mfbonfigli

@mtulio mtulio changed the title Update golang.org/x/net to v0.55.0 fix: Update golang.org/x/net to v0.55.0 Jun 5, 2026
@kmala

kmala commented Jun 6, 2026

Copy link
Copy Markdown
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 6, 2026
@k8s-ci-robot

k8s-ci-robot commented Jun 6, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kmala

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 6, 2026
@k8s-ci-robot k8s-ci-robot merged commit c34d66e into kubernetes:master Jun 6, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cheftako cheftako Awaiting requested review from cheftako

@mmerkes mmerkes Awaiting requested review from mmerkes

Assignees

@kmala kmala

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mtulio @k8s-ci-robot @kmala