Skip to content

build(deps): bump golang.org/x/net from 0.39.0 to 0.55.0#512

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/golang.org/x/net-0.55.0
Open

build(deps): bump golang.org/x/net from 0.39.0 to 0.55.0#512
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/golang.org/x/net-0.55.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps golang.org/x/net from 0.39.0 to 0.55.0.

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

  • Chores
    • Updated the Go runtime version to a newer release.
    • Refreshed several Go-related dependencies to newer versions for compatibility and maintenance.
    • Added one additional package entry required by the updated tooling set.

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.39.0 to 0.55.0.
- [Commits](golang/net@v0.39.0...v0.55.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 3, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jul 3, 2026

Copy link
Copy Markdown

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 92fdb8ad-bdcf-4183-9268-17bf345d4afe

📥 Commits

Reviewing files that changed from the base of the PR and between 6f421bf and 48a57b4.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • codeready-toolchain/api (manual)
  • codeready-toolchain/toolchain-common (manual)
  • codeready-toolchain/host-operator (manual)
  • codeready-toolchain/toolchain-e2e (manual)
📜 Recent review details
⏰ Context from checks skipped due to timeout. (1)
  • GitHub Check: Verify Dependencies
⚠️ CI failures not shown inline (2)

GitHub Actions: ci-build / GolangCI Lint: build(deps): bump golang.org/x/net from 0.39.0 to 0.55.0

Conclusion: failure

View job details

##[group]run golangci-lint
 Running [/home/runner/golangci-lint-2.1.6-linux-amd64/golangci-lint config path --config=./.golangci.yml] in [/home/runner/work/api/api] ...
 Running [/home/runner/golangci-lint-2.1.6-linux-amd64/golangci-lint run  --config=./.golangci.yml --verbose] in [/home/runner/work/api/api] ...
 level=info msg="golangci-lint has version 2.1.6 built with go1.24.2 from eabc2638 on "
 level=info msg="[config_reader] Used config file .golangci.yml"
 level=info msg="[config_reader] Module name \"github.com/codeready-toolchain/api\""
 Error: can't load config: the Go language version (go1.24) used to build golangci-lint is lower than the targeted Go version (1.25.0)
 Failed executing command with error: can't load config: the Go language version (go1.24) used to build golangci-lint is lower than the targeted Go version (1.25.0)
 ##[error]golangci-lint exit with code 3

GitHub Actions: ci-build / 0_GolangCI Lint.txt: build(deps): bump golang.org/x/net from 0.39.0 to 0.55.0

Conclusion: failure

View job details

##[group]run golangci-lint
 Running [/home/runner/golangci-lint-2.1.6-linux-amd64/golangci-lint config path --config=./.golangci.yml] in [/home/runner/work/api/api] ...
 Running [/home/runner/golangci-lint-2.1.6-linux-amd64/golangci-lint run  --config=./.golangci.yml --verbose] in [/home/runner/work/api/api] ...
 level=info msg="golangci-lint has version 2.1.6 built with go1.24.2 from eabc2638 on "
 level=info msg="[config_reader] Used config file .golangci.yml"
 level=info msg="[config_reader] Module name \"github.com/codeready-toolchain/api\""
 Error: can't load config: the Go language version (go1.24) used to build golangci-lint is lower than the targeted Go version (1.25.0)
 Failed executing command with error: can't load config: the Go language version (go1.24) used to build golangci-lint is lower than the targeted Go version (1.25.0)
 ##[error]golangci-lint exit with code 3
🧰 Additional context used
📓 Path-based instructions (1)
**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

  • go.mod
🔀 Multi-repo context codeready-toolchain/host-operator, codeready-toolchain/toolchain-e2e, codeready-toolchain/toolchain-common

Linked repositories findings

codeready-toolchain/host-operator [::codeready-toolchain/host-operator::]

  • go.mod:4 and go.sum:29-30 pin github.com/codeready-toolchain/api to an older pseudo-version than the PR target in codeready-toolchain/api.
  • go.mod:118, go.sum:362-363, and .govulncheck.yaml:26-46 show this repo is still on golang.org/x/net v0.47.0; the vuln config explicitly notes fixes in v0.53.0 (http2) and v0.55.0 (idna).

codeready-toolchain/toolchain-e2e [::codeready-toolchain/toolchain-e2e::]

  • go.mod:4 and go.sum:29-30 also pin github.com/codeready-toolchain/api to an older pseudo-version than the PR target.
  • go.mod:118, go.sum:321-322, and .govulncheck.yaml:26-46 similarly show golang.org/x/net v0.47.0 with vuln notes pointing to fixes in v0.53.0 and v0.55.0.

codeready-toolchain/toolchain-common [::codeready-toolchain/toolchain-common::]

  • go.mod:29 and go.sum:23-24 pin github.com/codeready-toolchain/api to an older pseudo-version than the PR target.
  • go.mod:103, go.sum:249-250 show golang.org/x/net v0.47.0.
  • The repo has many consumers of github.com/codeready-toolchain/api/api/v1alpha1 across controllers, status, templates, tests, and helpers (for example controllers/toolchaincluster/toolchaincluster_controller.go:8, pkg/status/versionchecks.go:11, pkg/template/nstemplatetiers/nstemplatetier_generator.go:8, pkg/test/...), so any API surface change in codeready-toolchain/api would fan out broadly here.
🔇 Additional comments (2)
go.mod (2)

3-3: Confirm the Go 1.25 floor is intentional.

This changes the module/toolchain baseline, and .github/workflows/ci-build.yml reads go-version-file: go.mod, so CI will now build with 1.25.0. Please verify all supported contributors and downstream consumers are ready for that bump.


40-46: LGTM!


Walkthrough

This PR updates go.mod: the Go language directive is bumped from go 1.24.4 (with toolchain go1.24.13) to go 1.25.0, and several golang.org/x/* indirect dependencies are upgraded, with a deprecated indirect dependency added.

Changes

go.mod dependency update

Layer / File(s) Summary
Go version and dependency bump
go.mod
Go directive updated to 1.25.0 (removing explicit toolchain directive), and golang.org/x/* indirect dependencies (mod, net, sync, sys, text, tools) upgraded with an added deprecated packagestest dependency.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Related Issues: None found in provided context.

Related PRs: None found in provided context.

Suggested labels: dependencies, go

Suggested reviewers: None specified.

Poem

A rabbit hops through go.mod's lines,
Bumping versions, tidy signs,
x/tools, x/net, all upgraded new,
Toolchain gone, 1.25 shines through. 🐇

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is missing the required template sections for Description and Checks, including the yes/no items. Add the template sections with a brief goal summary and answer all Checks questions, including generate and cross-project impact.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the main change: bumping golang.org/x/net from 0.39.0 to 0.55.0.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/golang.org/x/net-0.55.0

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants