Skip to content

VULN UPGRADE: golang.org/x/net (unstable → v0.49.0) [server]#18

Closed
campaigner-prod[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/major/go/server/3-1770992864
Closed

VULN UPGRADE: golang.org/x/net (unstable → v0.49.0) [server]#18
campaigner-prod[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/major/go/server/3-1770992864

Conversation

@campaigner-prod

Copy link
Copy Markdown

Summary: Security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

  • server (go)

Updates

Package From To Type Vulnerabilities Fixed
golang.org/x/net v0.40.0 v0.49.0 major 2 MODERATE, 1 UNKNOWN

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

  • Review the changelog/release notes for breaking changes
  • Test thoroughly in a staging environment
  • Update any code that depends on changed APIs
  • Ensure all tests pass before merging

Security Details

ℹ️ Other Vulnerabilities (3)
Package CVE Severity Summary Unsafe Version Fixed In
golang.org/x/net GO-2026-4440 MODERATE Quadratic parsing complexity in golang.org/x/net/html v0.40.0 0.45.0
golang.org/x/net GHSA-w4gw-w5jq-g9jh MODERATE golang.org/x/net/html has a Quadratic Parsing Complexity issue v0.40.0 -
golang.org/x/net GO-2026-4441 unknown Infinite parsing loop in golang.org/x/net v0.40.0 0.45.0

Review Checklist

Extra review is recommended for this update:

  • Review changes for compatibility with your code
  • Check release notes for breaking changes
  • Run integration tests to verify service behavior
  • Test in staging environment before production
  • Monitor key metrics after deployment

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot closed this Mar 8, 2026
@campaigner-prod campaigner-prod Bot deleted the engraver-auto-version-upgrade/major/go/server/3-1770992864 branch March 8, 2026 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants