Skip to content

chore: bump golang.org/x/net from 0.53.0 to 0.54.0#329

Closed
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/go_modules/golang.org/x/net-0.54.0
Closed

chore: bump golang.org/x/net from 0.53.0 to 0.54.0#329
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/go_modules/golang.org/x/net-0.54.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps golang.org/x/net from 0.53.0 to 0.54.0.

Commits
  • b138e06 go.mod: update golang.org/x dependencies
  • 689f70a quic: fix wrong final size being used for RESET_STREAM frame
  • 208f306 http3: increase handshake timeout
  • 49810da http2: enable net/http wrapping when go >= 1.27
  • 5e11a5a quic: fix data race in streamForFrame
  • 8c63081 http2: use empty Transport rather than DefaultTransport in http2wrap
  • fc7b466 http2: add http2wrap test
  • 15c2cb1 http2: avoid overflowing 32-bit int when http2wrap enabled
  • 6465188 http2: add wrapped Server
  • 72f419a http2: add wrapped ClientConn
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 12, 2026
RiSKeD
RiSKeD previously approved these changes May 13, 2026
View reviewed changes
@dependabot dependabot Bot dismissed RiSKeD’s stale review May 13, 2026 06:26

The merge-base changed after approval.

@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/net-0.54.0 branch from e0964a8 to 8a014ae Compare May 13, 2026 06:26
@RiSKeD RiSKeD force-pushed the dependabot/go_modules/golang.org/x/net-0.54.0 branch from 8a014ae to aa20cc8 Compare May 13, 2026 06:26
@dependabot @RiSKeD
chore: bump golang.org/x/crypto from 0.50.0 to 0.51.0
cf3d35b 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.50.0 to 0.51.0.
- [Commits](golang/crypto@v0.50.0...v0.51.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Fabian Wienand <fabian.wienand@blindspot.software>
@RiSKeD RiSKeD force-pushed the dependabot/go_modules/golang.org/x/net-0.54.0 branch 2 times, most recently from 31d68f6 to cc65cfc Compare May 13, 2026 06:37
@RiSKeD
fix: replace deprecated h2c.NewHandler with http.Server.Protocols
bb2fe56 
golangci-lint flagged SA1019 against golang.org/x/net/http2/h2c, which
upstream marked deprecated in favor of the http.Server.Protocols field
introduced in Go 1.24.

- cmds/dutagent/dutagent.go, cmds/exp/dutserver/dutserver.go: drop the
  h2c.NewHandler + http2.Server wrapper; configure http.Server with
  Protocols = {HTTP1, UnencryptedHTTP2} for the same behavior.

Signed-off-by: Fabian Wienand <fabian.wienand@blindspot.software>
@RiSKeD RiSKeD force-pushed the dependabot/go_modules/golang.org/x/net-0.54.0 branch from cc65cfc to bb2fe56 Compare May 13, 2026 06:37
@RiSKeD RiSKeD requested a review from jenstopp May 13, 2026 06:39
@jenstopp

jenstopp commented May 13, 2026

Copy link
Copy Markdown
Member

Not sure if we should commit to a Dependabot PR?!

@RiSKeD

RiSKeD commented May 13, 2026

Copy link
Copy Markdown
Contributor

@jenstopp It was necessary because the update deprecated parts of the package we are using.

@dependabot @github

dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown
Contributor Author

A newer version of golang.org/x/net exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@RiSKeD RiSKeD closed this Jun 30, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/go_modules/golang.org/x/net-0.54.0 branch June 30, 2026 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RiSKeD RiSKeD RiSKeD left review comments
@jenstopp jenstopp Awaiting requested review from jenstopp

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jenstopp @RiSKeD