[PR #371] [MERGED] Update golang.org/x modules for security fixes #7814

Closed
opened 2026-06-22 00:24:33 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/fosrl/newt/pull/371
Author: @marcschaeferger
Created: 6/4/2026
Status: Merged
Merged: 6/4/2026
Merged by: @oschwartz10612

Base: mainHead: fix/go-deps-security-updates


📝 Commits (2)

  • f91deee fix(deps): update golang.org/x modules for security fixes
  • ac9852a fix(nix): update Go module vendor hash

📊 Changes

3 files changed (+13 additions, -13 deletions)

View changed files

📝 flake.nix (+1 -1)
📝 go.mod (+4 -4)
📝 go.sum (+8 -8)

📄 Description

Description

This pull request updates several dependencies in the go.mod file to newer versions, ensuring the project stays current with security patches and upstream improvements.

Dependency updates:

  • Upgraded golang.org/x/crypto from v0.50.0 to v0.52.0.
  • Upgraded golang.org/x/net from v0.53.0 to v0.55.0.
  • Upgraded golang.org/x/sys from v0.43.0 to v0.45.0.
  • Upgraded golang.org/x/text (indirect) from v0.36.0 to v0.37.0.

Security Report

  7C     2H     4M     0L  golang.org/x/crypto 0.50.0
pkg:golang/golang.org/x/crypto@0.50.0

    x CRITICAL CVE-2026-46595
      https://scout.docker.com/v/CVE-2026-46595
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x CRITICAL CVE-2026-42508
      https://scout.docker.com/v/CVE-2026-42508
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x CRITICAL CVE-2026-39834
      https://scout.docker.com/v/CVE-2026-39834
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x CRITICAL CVE-2026-39833
      https://scout.docker.com/v/CVE-2026-39833
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x CRITICAL CVE-2026-39832
      https://scout.docker.com/v/CVE-2026-39832
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x CRITICAL CVE-2026-39831
      https://scout.docker.com/v/CVE-2026-39831
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x CRITICAL CVE-2026-39830
      https://scout.docker.com/v/CVE-2026-39830
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x HIGH CVE-2026-46597
      https://scout.docker.com/v/CVE-2026-46597
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x HIGH CVE-2026-39829
      https://scout.docker.com/v/CVE-2026-39829
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x MEDIUM CVE-2026-39827
      https://scout.docker.com/v/CVE-2026-39827
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x MEDIUM CVE-2026-39828
      https://scout.docker.com/v/CVE-2026-39828
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x MEDIUM CVE-2026-46598
      https://scout.docker.com/v/CVE-2026-46598
      Affected range : <0.52.0
      Fixed version  : 0.52.0

    x MEDIUM CVE-2026-39835
      https://scout.docker.com/v/CVE-2026-39835
      Affected range : <0.52.0
      Fixed version  : 0.52.0


   1C     0H     5M     0L  golang.org/x/net 0.53.0
pkg:golang/golang.org/x/net@0.53.0

    x CRITICAL CVE-2026-39821
      https://scout.docker.com/v/CVE-2026-39821
      Affected range : <0.55.0
      Fixed version  : 0.55.0

    x MEDIUM CVE-2026-25680
      https://scout.docker.com/v/CVE-2026-25680
      Affected range : <0.55.0
      Fixed version  : 0.55.0

    x MEDIUM CVE-2026-42506
      https://scout.docker.com/v/CVE-2026-42506
      Affected range : <0.55.0
      Fixed version  : 0.55.0

    x MEDIUM CVE-2026-42502
      https://scout.docker.com/v/CVE-2026-42502
      Affected range : <0.55.0
      Fixed version  : 0.55.0

    x MEDIUM CVE-2026-27136
      https://scout.docker.com/v/CVE-2026-27136
      Affected range : <0.55.0
      Fixed version  : 0.55.0

    x MEDIUM CVE-2026-25681
      https://scout.docker.com/v/CVE-2026-25681
      Affected range : <0.55.0
      Fixed version  : 0.55.0


   0C     0H     0M     1L  golang.org/x/sys 0.43.0
pkg:golang/golang.org/x/sys@0.43.0

    x LOW CVE-2026-39824
      https://scout.docker.com/v/CVE-2026-39824
      Affected range : <0.44.0
      Fixed version  : 0.44.0

Note:

NO AI usage


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/newt/pull/371 **Author:** [@marcschaeferger](https://github.com/marcschaeferger) **Created:** 6/4/2026 **Status:** ✅ Merged **Merged:** 6/4/2026 **Merged by:** [@oschwartz10612](https://github.com/oschwartz10612) **Base:** `main` ← **Head:** `fix/go-deps-security-updates` --- ### 📝 Commits (2) - [`f91deee`](https://github.com/fosrl/newt/commit/f91deeede7b07233d3ddab8e4b026baa6ded4691) fix(deps): update golang.org/x modules for security fixes - [`ac9852a`](https://github.com/fosrl/newt/commit/ac9852a3cbadac38c53c4c35137c6690a5d79766) fix(nix): update Go module vendor hash ### 📊 Changes **3 files changed** (+13 additions, -13 deletions) <details> <summary>View changed files</summary> 📝 `flake.nix` (+1 -1) 📝 `go.mod` (+4 -4) 📝 `go.sum` (+8 -8) </details> ### 📄 Description ## Description This pull request updates several dependencies in the `go.mod` file to newer versions, ensuring the project stays current with security patches and upstream improvements. Dependency updates: * Upgraded `golang.org/x/crypto` from v0.50.0 to v0.52.0. * Upgraded `golang.org/x/net` from v0.53.0 to v0.55.0. * Upgraded `golang.org/x/sys` from v0.43.0 to v0.45.0. * Upgraded `golang.org/x/text` (indirect) from v0.36.0 to v0.37.0. ## Security Report ``` 7C 2H 4M 0L golang.org/x/crypto 0.50.0 pkg:golang/golang.org/x/crypto@0.50.0 x CRITICAL CVE-2026-46595 https://scout.docker.com/v/CVE-2026-46595 Affected range : <0.52.0 Fixed version : 0.52.0 x CRITICAL CVE-2026-42508 https://scout.docker.com/v/CVE-2026-42508 Affected range : <0.52.0 Fixed version : 0.52.0 x CRITICAL CVE-2026-39834 https://scout.docker.com/v/CVE-2026-39834 Affected range : <0.52.0 Fixed version : 0.52.0 x CRITICAL CVE-2026-39833 https://scout.docker.com/v/CVE-2026-39833 Affected range : <0.52.0 Fixed version : 0.52.0 x CRITICAL CVE-2026-39832 https://scout.docker.com/v/CVE-2026-39832 Affected range : <0.52.0 Fixed version : 0.52.0 x CRITICAL CVE-2026-39831 https://scout.docker.com/v/CVE-2026-39831 Affected range : <0.52.0 Fixed version : 0.52.0 x CRITICAL CVE-2026-39830 https://scout.docker.com/v/CVE-2026-39830 Affected range : <0.52.0 Fixed version : 0.52.0 x HIGH CVE-2026-46597 https://scout.docker.com/v/CVE-2026-46597 Affected range : <0.52.0 Fixed version : 0.52.0 x HIGH CVE-2026-39829 https://scout.docker.com/v/CVE-2026-39829 Affected range : <0.52.0 Fixed version : 0.52.0 x MEDIUM CVE-2026-39827 https://scout.docker.com/v/CVE-2026-39827 Affected range : <0.52.0 Fixed version : 0.52.0 x MEDIUM CVE-2026-39828 https://scout.docker.com/v/CVE-2026-39828 Affected range : <0.52.0 Fixed version : 0.52.0 x MEDIUM CVE-2026-46598 https://scout.docker.com/v/CVE-2026-46598 Affected range : <0.52.0 Fixed version : 0.52.0 x MEDIUM CVE-2026-39835 https://scout.docker.com/v/CVE-2026-39835 Affected range : <0.52.0 Fixed version : 0.52.0 1C 0H 5M 0L golang.org/x/net 0.53.0 pkg:golang/golang.org/x/net@0.53.0 x CRITICAL CVE-2026-39821 https://scout.docker.com/v/CVE-2026-39821 Affected range : <0.55.0 Fixed version : 0.55.0 x MEDIUM CVE-2026-25680 https://scout.docker.com/v/CVE-2026-25680 Affected range : <0.55.0 Fixed version : 0.55.0 x MEDIUM CVE-2026-42506 https://scout.docker.com/v/CVE-2026-42506 Affected range : <0.55.0 Fixed version : 0.55.0 x MEDIUM CVE-2026-42502 https://scout.docker.com/v/CVE-2026-42502 Affected range : <0.55.0 Fixed version : 0.55.0 x MEDIUM CVE-2026-27136 https://scout.docker.com/v/CVE-2026-27136 Affected range : <0.55.0 Fixed version : 0.55.0 x MEDIUM CVE-2026-25681 https://scout.docker.com/v/CVE-2026-25681 Affected range : <0.55.0 Fixed version : 0.55.0 0C 0H 0M 1L golang.org/x/sys 0.43.0 pkg:golang/golang.org/x/sys@0.43.0 x LOW CVE-2026-39824 https://scout.docker.com/v/CVE-2026-39824 Affected range : <0.44.0 Fixed version : 0.44.0 ``` ## Note: NO AI usage --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-06-22 00:24:33 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/newt#7814