Skip to content

Bump golang.org/x/net to v0.53.0 to fix GO-2026-4918 (release-1.34)#1440

Merged
k8s-ci-robot merged 1 commit into
kubernetes:release-1.34from
howard-junec:fix-vuln-1.34
May 12, 2026
Merged

Bump golang.org/x/net to v0.53.0 to fix GO-2026-4918 (release-1.34)#1440
k8s-ci-robot merged 1 commit into
kubernetes:release-1.34from
howard-junec:fix-vuln-1.34

Conversation

@howard-junec
Copy link
Copy Markdown
Contributor

@howard-junec howard-junec commented May 11, 2026
edited
Loading

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

Bumps golang.org/x/net to v0.53.0 to fix govulncheck CI failure caused by GO-2026-4918 (infinite loop in HTTP/2 transport).

Which issue(s) this PR fixes:

Fixes govulncheck CI failure on release-1.34 branch.

Special notes for your reviewer:

Also bumps transitive dependencies (golang.org/x/crypto, mod, sync, sys, term, text, tools) as required by go mod tidy.

Does this PR introduce a user-facing change?:

None

@howard-junec
Bump golang.org/x/net to v0.53.0 to fix GO-2026-4918
63e6191 
Fixes govulncheck CI failure caused by infinite loop vulnerability
in HTTP/2 transport (golang.org/x/net/http2).
@k8s-ci-robot k8s-ci-robot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels May 11, 2026
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label May 11, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented May 11, 2026

This issue is currently awaiting triage.

If cloud-provider-aws contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 11, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented May 11, 2026

Hi @howard-junec. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label May 11, 2026
@kmala
Copy link
Copy Markdown
Member

kmala commented May 11, 2026

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 11, 2026
@kmala
Copy link
Copy Markdown
Member

kmala commented May 12, 2026

/release-note-none
/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels May 12, 2026
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 12, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented May 12, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kmala

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 12, 2026
@k8s-ci-robot k8s-ci-robot merged commit 810d990 into kubernetes:release-1.34 May 12, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JoelSpeed JoelSpeed Awaiting requested review from JoelSpeed

@yue9944882 yue9944882 Awaiting requested review from yue9944882

Assignees

@kmala kmala

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@howard-junec @k8s-ci-robot @kmala