shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: upgrade golang.org/x/net to v0.55.0 (5 html CVEs) (#25772)

Browse Source 
Upgrades `golang.org/x/net` from v0.53.0 to v0.55.0 on `release/2.32` to
address 5 CVEs in `x/net/html`:

| CVE | Severity | Description |
| --- | --- | --- |
| CVE-2026-25680 | Low | DoS via cubic complexity in HTML tree
construction |
| CVE-2026-25681 | Low | Incorrect handling of character references in
DOCTYPE (XSS) |
| CVE-2026-27136 | Low | Incorrect handling of namespaced elements in
foreign content (XSS) |
| CVE-2026-42502 | Low | Incorrect handling of HTML elements in foreign
content (XSS) |
| CVE-2026-42506 | Low | Failure to reject ASCII-only Punycode-encoded
labels (privilege escalation) |

Transitive dependency bumps:
- `golang.org/x/crypto` v0.50.0 -> v0.51.0
- `golang.org/x/sys` v0.43.0 -> v0.45.0
- `golang.org/x/term` v0.42.0 -> v0.43.0
- `golang.org/x/text` v0.36.0 -> v0.37.0

Fixes [ENT-92](https://linear.app/codercom/issue/ENT-92)
Supersedes [ENT-28](https://linear.app/codercom/issue/ENT-28)

> Generated with [Coder Agents](https://coder.com) by @Shelnutt2
This commit is contained in:
Seth Shelnutt
2026-05-30 15:34:28 -04:00
committed by GitHub
parent 3fe6edd83f
commit 443bc1a338
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
go.mod
+1 -1
View File
@@ -221,7 +221,7 @@ require (
golang.org/x/crypto v0.52.0
golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f
golang.org/x/mod v0.35.0
golang.org/x/net v0.54.0
golang.org/x/net v0.55.0
golang.org/x/oauth2 v0.36.0
golang.org/x/sync v0.20.0
golang.org/x/sys v0.45.0
go.sum
+2 -2
View File
@@ -1400,8 +1400,8 @@ golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w=
golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ=
golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8=
golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww=
golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=