chore(deps): update module golang.org/x/net to v0.51.0 [security] #74

Open

renovate-bot wants to merge 3 commits from renovate/go-golang.org-x-net-vulnerability into master

pull from: renovate/go-golang.org-x-net-vulnerability

merge into: happyDomain:master

happyDomain:master

happyDomain:renovate/lock-file-maintenance

happyDomain:renovate/github.com-oapi-codegen-runtime-1.x

happyDomain:renovate/github.com-oapi-codegen-oapi-codegen-v2-2.x

happyDomain:renovate/github.com-gin-gonic-gin-1.x

happyDomain:renovate/npm-svelte-vulnerability

happyDomain:renovate/npm-sveltejs-kit-vulnerability

happyDomain:f/rspamd

happyDomain:f/unsubscribe-link-detection

happyDomain:renovate/major-eslint-monorepo

happyDomain:internal_resolver

happyDomain:renovate/eslint-plugin-svelte-3.x-lockfile

happyDomain:renovate/node-22.x-lockfile

happyDomain:renovate/eslint-compat-1.x-lockfile

happyDomain:renovate/major-vitest-monorepo

happyDomain:renovate/sveltejs-kit-2.x-lockfile

happyDomain:renovate/svelte-5.x-lockfile

Conversation 2 Commits 3 Files changed 17 +236 -124

renovate-bot commented 2026-03-08 03:24:40 +00:00

Collaborator

Copy link

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
golang.org/x/net	v0.50.0 → v0.51.0

---

Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

CVE-2026-27141 / GO-2026-4559

More information

Details

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

Severity

Unknown

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-27141
• https://go.dev/cl/746180
• https://go.dev/issue/77652

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Adoption](https://docs.renovatebot.com/merge-confidence/) | [Passing](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | golang.org/x/net | `v0.50.0` → `v0.51.0` |  |  |  |  | --- ### Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net [CVE-2026-27141](https://nvd.nist.gov/vuln/detail/CVE-2026-27141) / [GO-2026-4559](https://pkg.go.dev/vuln/GO-2026-4559) <details> <summary>More information</summary> #### Details Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic #### Severity Unknown #### References - [https://nvd.nist.gov/vuln/detail/CVE-2026-27141](https://nvd.nist.gov/vuln/detail/CVE-2026-27141) - [https://go.dev/cl/746180](https://go.dev/cl/746180) - [https://go.dev/issue/77652](https://go.dev/issue/77652) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-4559) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4zIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMyIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->

renovate-bot added 1 commit 2026-03-08 03:24:40 +00:00

chore(deps): update module golang.org/x/net to v0.51.0 [security] 54dd9c9884

renovate-bot commented 2026-03-08 03:24:40 +00:00

Author

Collaborator

Copy link

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.24.6 -> 1.25.0

### ℹ️ Artifact update notice ##### File name: go.mod In order to perform the update(s) described in the table above, Renovate ran the `go get` command, which resulted in the following additional change(s): - The `go` directive was updated for compatibility reasons Details: | **Package** | **Change** | | :---------- | :------------------- | | `go` | `1.24.6` -> `1.25.0` |

renovate-bot force-pushed renovate/go-golang.org-x-net-vulnerability from 54dd9c9884 to 35b7bd5faf 2026-03-08 12:10:21 +00:00 Compare

renovate-bot commented 2026-03-09 09:09:55 +00:00

Author

Collaborator

Copy link

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

### Edited/Blocked Notification Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠️ **Warning**: custom changes will be lost.

This pull request has changes conflicting with the target branch.

• pkg/analyzer/rbl.go
• web/src/lib/components/WhitelistCard.svelte
• web/src/routes/test/[test]/+page.svelte

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/go-golang.org-x-net-vulnerability:renovate/go-golang.org-x-net-vulnerability

git switch renovate/go-golang.org-x-net-vulnerability

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch master

git merge --no-ff renovate/go-golang.org-x-net-vulnerability

git switch renovate/go-golang.org-x-net-vulnerability

git rebase master

git switch master

git merge --ff-only renovate/go-golang.org-x-net-vulnerability

git switch renovate/go-golang.org-x-net-vulnerability

git rebase master

git switch master

git merge --no-ff renovate/go-golang.org-x-net-vulnerability

git switch master

git merge --squash renovate/go-golang.org-x-net-vulnerability

git switch master

git merge --ff-only renovate/go-golang.org-x-net-vulnerability

git switch master

git merge renovate/go-golang.org-x-net-vulnerability

git push origin master

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

happyDomain/happyDeliver!74

No description provided.