Skip to content

Bump golang.org/x/net from 0.45.0 to 0.55.0#303

Merged
openshift-merge-bot[bot] merged 1 commit into
masterfrom
dependabot/go_modules/golang.org/x/net-0.55.0
Jul 7, 2026
Merged

Bump golang.org/x/net from 0.45.0 to 0.55.0#303
openshift-merge-bot[bot] merged 1 commit into
masterfrom
dependabot/go_modules/golang.org/x/net-0.55.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps golang.org/x/net from 0.45.0 to 0.55.0.

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

  • Chores
    • Updated the project to Go 1.25.0.
    • Refreshed several indirect Go module dependencies, including networking, sync, and tooling packages, to newer versions.

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.45.0 to 0.55.0.
- [Commits](golang/net@v0.45.0...v0.55.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 3, 2026
@openshift-ci openshift-ci Bot requested review from TheUndeadKing and bmeng July 3, 2026 09:28
@openshift-ci openshift-ci Bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jul 3, 2026
@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: aec1c1f4-77e4-4401-9d48-3fe2ddbdc9f5

📥 Commits

Reviewing files that changed from the base of the PR and between e61a51b and e688461.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod

Walkthrough

This PR updates go.mod to bump the Go toolchain version from 1.24.0 to 1.25.0 and updates several indirect dependency versions, including golang.org/x/net, x/sync, x/mod, x/sys, x/term, x/text, and x/tools.

Changes

Dependency Updates

Layer / File(s) Summary
Go toolchain and dependency version bumps
go.mod
Go toolchain updated from 1.24.0 to 1.25.0; indirect dependencies golang.org/x/net, x/sync, x/mod, x/sys, x/term, x/text, and x/tools bumped to newer versions.

Estimated code review effort: 1 (Trivial) | ~3 minutes

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is specific and matches a real part of the change set: the golang.org/x/net version bump.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR only updates go.mod/go.sum; no Go test files or Ginkgo titles were changed, so there are no unstable test names to flag.
Test Structure And Quality ✅ Passed This PR only changes go.mod/go.sum; no Ginkgo test files or test code were modified, so the check is not applicable.
Microshift Test Compatibility ✅ Passed Only go.mod/go.sum changed; no Ginkgo tests or MicroShift-sensitive APIs were added or modified.
Single Node Openshift (Sno) Test Compatibility ✅ Passed Only go.mod/go.sum changed; no Ginkgo e2e tests were added or modified, so SNO compatibility is not applicable.
Topology-Aware Scheduling Compatibility ✅ Passed Only go.mod/go.sum changed; no manifests, operators, or controllers were modified, so no new scheduling constraints were introduced.
Ote Binary Stdout Contract ✅ Passed Only go.mod and go.sum changed; no process-level Go code or stdout writes were introduced.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo/e2e tests were added; the PR only updates go.mod/go.sum dependency versions, so IPv4/disconnected-network test checks are not applicable.
No-Weak-Crypto ✅ Passed Only go.mod/go.sum changed; repo Go source had no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB or custom crypto patterns.
Container-Privileges ✅ Passed PR changes only go.mod/go.sum; no container/K8s manifests or privilege settings were modified.
No-Sensitive-Data-In-Logs ✅ Passed Only go.mod/go.sum version bumps are changed; no logging code or sensitive data exposure was added.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/golang.org/x/net-0.55.0

Comment @coderabbitai help to get the list of available commands.

@tkong-redhat

Copy link
Copy Markdown
Contributor

/lgtm

@tkong-redhat

Copy link
Copy Markdown
Contributor

/ok-to-test

@openshift-ci openshift-ci Bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jul 7, 2026
@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Jul 7, 2026
@openshift-ci

openshift-ci Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dependabot[bot], tkong-redhat

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 7, 2026
@openshift-ci

openshift-ci Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

@dependabot[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.04%. Comparing base (e61a51b) to head (e688461).
⚠️ Report is 5 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #303   +/-   ##
=======================================
  Coverage   66.04%   66.04%           
=======================================
  Files          23       23           
  Lines        1546     1546           
=======================================
  Hits         1021     1021           
  Misses        447      447           
  Partials       78       78           
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@openshift-merge-bot openshift-merge-bot Bot merged commit 5e0ff5e into master Jul 7, 2026
15 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/golang.org/x/net-0.55.0 branch July 7, 2026 03:54
@coderabbitai coderabbitai Bot mentioned this pull request Jul 7, 2026
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dependencies Pull requests that update a dependency file go Pull requests that update Go code lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants