chore(deps): update module golang.org/x/net to v0.51.0 [security] - autoclosed #74

Closed

renovate-bot wants to merge 1 commit from renovate/go-golang.org-x-net-vulnerability into master

pull from: renovate/go-golang.org-x-net-vulnerability

merge into: happyDomain:master

happyDomain:master

happyDomain:renovate/major-vitest-monorepo

happyDomain:renovate/github.com-oapi-codegen-runtime-1.x

happyDomain:renovate/npm-svelte-vulnerability

happyDomain:renovate/npm-sveltejs-kit-vulnerability

happyDomain:f/rspamd

happyDomain:f/unsubscribe-link-detection

happyDomain:internal_resolver

happyDomain:renovate/eslint-plugin-svelte-3.x-lockfile

happyDomain:renovate/node-22.x-lockfile

happyDomain:renovate/eslint-compat-1.x-lockfile

happyDomain:renovate/sveltejs-kit-2.x-lockfile

happyDomain:renovate/svelte-5.x-lockfile

Conversation 1 Commits 1 Files changed 2 +5 -12

renovate-bot commented 2026-03-08 03:24:40 +00:00

Collaborator

Copy link

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
golang.org/x/net	v0.50.0 → v0.51.0

---

Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

CVE-2026-27141 / GO-2026-4559

More information

Details

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic

Severity

Unknown

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-27141
• https://go.dev/cl/746180
• https://go.dev/issue/77652

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Adoption](https://docs.renovatebot.com/merge-confidence/) | [Passing](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | golang.org/x/net | `v0.50.0` → `v0.51.0` |  |  |  |  | --- ### Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net [CVE-2026-27141](https://nvd.nist.gov/vuln/detail/CVE-2026-27141) / [GO-2026-4559](https://pkg.go.dev/vuln/GO-2026-4559) <details> <summary>More information</summary> #### Details Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic #### Severity Unknown #### References - [https://nvd.nist.gov/vuln/detail/CVE-2026-27141](https://nvd.nist.gov/vuln/detail/CVE-2026-27141) - [https://go.dev/cl/746180](https://go.dev/cl/746180) - [https://go.dev/issue/77652](https://go.dev/issue/77652) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-4559) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [x] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4zIiwidXBkYXRlZEluVmVyIjoiNDMuNzcuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6W119-->

renovate-bot commented 2026-03-08 03:24:40 +00:00

Author

Collaborator

Copy link

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.24.6 -> 1.25.0

### ℹ️ Artifact update notice ##### File name: go.mod In order to perform the update(s) described in the table above, Renovate ran the `go get` command, which resulted in the following additional change(s): - The `go` directive was updated for compatibility reasons Details: | **Package** | **Change** | | :---------- | :------------------- | | `go` | `1.24.6` -> `1.25.0` |

renovate-bot force-pushed renovate/go-golang.org-x-net-vulnerability from 54dd9c9884 to 35b7bd5faf 2026-03-08 12:10:21 +00:00 Compare

renovate-bot force-pushed renovate/go-golang.org-x-net-vulnerability from 35b7bd5faf to d8bc684dec 2026-03-19 03:11:29 +00:00 Compare

renovate-bot changed title from chore(deps): update module golang.org/x/net to v0.51.0 [security] to chore(deps): update module golang.org/x/net to v0.51.0 [security] - autoclosed 2026-03-19 04:07:23 +00:00

renovate-bot closed this pull request 2026-03-19 04:07:23 +00:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

happyDomain/happyDeliver!74

No description provided.