NO-JIRA: Bump golang.org/x/net to 0.56.0 to fix CVE#617
Conversation
Fixes CVE-2026-27136 which can cause XSS in golang.org/x/net/html. The html package is used indirectly by dependencies. Signed-off-by: Stanislav Jakuschevskij <sjakusch@redhat.com>
|
Pipeline controller notification For optional jobs, comment This repository is configured in: LGTM mode |
|
@twoGiants: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
WalkthroughThis pull request updates golang.org/x/* indirect dependency versions (crypto, mod, net, sync, sys, term, text, tools) across five go.mod files: root go.mod, e2e/go.mod, hack/tools/go.mod, manifests-gen/go.mod, and openshift-tests-extension/go.mod. No exported entities are modified. ChangesDependency Version Bumps
Estimated code review effort: 1 (Trivial) | ~5 minutes Related Issues: None specified in the provided context. Related PRs: None specified in the provided context. Suggested labels: dependencies, go-modules Suggested reviewers: None specified in the provided context. Poem A rabbit hops through modules deep, 🚥 Pre-merge checks | ✅ 15✅ Passed checks (15 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
heya @twoGiants, pretty sure if this has a CVE fix, we need a bug/jira attached? Or is this intentional? |
|
@damdo: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Scheduling tests matching the |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: damdo The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@twoGiants: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Summary
Fixes CVE-2026-27136 which can cause XSS in golang.org/x/net/html. The html package is used indirectly by dependencies.
Additional Info
As for the RIT process documentation the Jira ticket is not attached to this PR, I quote:
References
Here is the closed issue golang/go#79575 in the go repo.
Summary by CodeRabbit