Skip to content

Bump golang.org/x/text to v0.39.0 for CVE-2026-56852#1490

Merged
SachaProbo merged 1 commit into
mainfrom
SachaProbo/bump-golang-x-text-cve
Jul 15, 2026
Merged

Bump golang.org/x/text to v0.39.0 for CVE-2026-56852#1490
SachaProbo merged 1 commit into
mainfrom
SachaProbo/bump-golang-x-text-cve

Conversation

@SachaProbo

@SachaProbo SachaProbo commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Upgrade the indirect golang.org/x/text dependency from v0.38.0 to v0.39.0 to remediate CVE-2026-56852. Running go mod tidy also carried along golang.org/x/tools and golang.org/x/telemetry to their matching versions.


Summary by cubic

Bumps golang.org/x/text to v0.39.0 to fix CVE-2026-56852. Ran go mod tidy, which also updated golang.org/x/tools and golang.org/x/telemetry to matching versions.

Other +9 -9

  • Update golang.org/x/text v0.38.0 → v0.39.0 (indirect) to remediate CVE-2026-56852.
  • Align indirect deps: golang.org/x/tools v0.46.0 → v0.47.0, golang.org/x/telemetry → v0.0.0-20260625142307-59b4966ccb57.
  • No application code changes.

Written for commit e62524b. Summary will update on new commits.

Review in cubic

Upgrade the indirect golang.org/x/text dependency from v0.38.0 to
v0.39.0 to remediate CVE-2026-56852. Running go mod tidy also carried
along golang.org/x/tools and golang.org/x/telemetry to their matching
versions.

Signed-off-by: Sacha Al Himdani <sacha@probo.com>

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Re-trigger cubic

@SachaProbo SachaProbo merged commit e62524b into main Jul 15, 2026
20 checks passed
@SachaProbo SachaProbo deleted the SachaProbo/bump-golang-x-text-cve branch July 15, 2026 16:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant