From 9b27191393112e29b0d2ba6a2dedd0461612294d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Thu, 26 Mar 2026 19:18:21 +0100 Subject: [PATCH] Update module golang.org/x/net to v0.51.0 [SECURITY] (v11.0/forgejo) (#11831) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/net](https://pkg.go.dev/golang.org/x/net) | [`v0.50.0` → `v0.51.0`](https://cs.opensource.google/go/x/net/+/refs/tags/v0.50.0...refs/tags/v0.51.0) | ![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fnet/v0.51.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fnet/v0.50.0/v0.51.0?slim=true) | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2779) for more information. --- ### Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net [CVE-2026-27141](https://nvd.nist.gov/vuln/detail/CVE-2026-27141) / [GO-2026-4559](https://pkg.go.dev/vuln/GO-2026-4559)
More information #### Details Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic #### Severity Unknown #### References - [https://nvd.nist.gov/vuln/detail/CVE-2026-27141](https://nvd.nist.gov/vuln/detail/CVE-2026-27141) - [https://go.dev/cl/746180](https://go.dev/cl/746180) - [https://go.dev/issue/77652](https://go.dev/issue/77652) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-4559) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)).
--- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11831 Reviewed-by: Mathieu Fenniak Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index aaa56b8e2a..5688b7c5f4 100644 --- a/go.mod +++ b/go.mod @@ -102,7 +102,7 @@ require ( go.uber.org/mock v0.5.0 golang.org/x/crypto v0.48.0 golang.org/x/image v0.38.0 - golang.org/x/net v0.50.0 + golang.org/x/net v0.51.0 golang.org/x/oauth2 v0.28.0 golang.org/x/sync v0.20.0 golang.org/x/sys v0.41.0 diff --git a/go.sum b/go.sum index 05551c0d67..d1cb79db4d 100644 --- a/go.sum +++ b/go.sum @@ -731,8 +731,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60= -golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM= +golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= +golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=