Skip to content

fix(deps): update module golang.org/x/sys to v0.44.0 [security] - autoclosed#463

Closed
renovate-sh-app[bot] wants to merge 1 commit into
mainfrom
renovate/golang.org-x-sys-0.x
Closed

fix(deps): update module golang.org/x/sys to v0.44.0 [security] - autoclosed#463
renovate-sh-app[bot] wants to merge 1 commit into
mainfrom
renovate/golang.org-x-sys-0.x

Conversation

@renovate-sh-app
Copy link
Copy Markdown
Contributor

@renovate-sh-app renovate-sh-app Bot commented Jun 3, 2026

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/sys v0.8.0v0.44.0 age confidence

Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

CVE-2026-39824 / GO-2026-5024

More information

Details

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.

@renovate-sh-app
fix(deps): update module golang.org/x/sys to v0.44.0 [security]
d405267 
| datasource | package          | from   | to      |
| ---------- | ---------------- | ------ | ------- |
| go         | golang.org/x/sys | v0.8.0 | v0.44.0 |


Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
@renovate-sh-app renovate-sh-app Bot requested a review from a team as a code owner June 3, 2026 19:08
@renovate-sh-app renovate-sh-app Bot requested review from d14c and esquonk June 3, 2026 19:08
@renovate-sh-app
Copy link
Copy Markdown
Contributor Author

renovate-sh-app Bot commented Jun 3, 2026

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: k6/extensions/internal/go.sum
Command failed: go mod tidy
go: downloading github.com/stretchr/testify v1.8.4
go: downloading github.com/mstoykov/envconfig v1.4.1-0.20220114105314-765c6d8c76f1
go: downloading github.com/andybalholm/brotli v1.0.5
go: downloading github.com/mccutchen/go-httpbin v1.1.2-0.20190116014521-c5cb2f4802fa
go: downloading golang.org/x/net v0.48.0
go: downloading google.golang.org/grpc v1.79.3
go: downloading github.com/onsi/ginkgo v1.16.5
go: downloading github.com/onsi/gomega v1.27.6
go: downloading golang.org/x/crypto v0.46.0
go: downloading google.golang.org/protobuf v1.36.10
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217
go: downloading google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1
go: downloading github.com/nxadm/tail v1.4.8
go: downloading github.com/google/go-cmp v0.5.9
go: downloading gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
go: downloading github.com/fsnotify/fsnotify v1.5.4
go: github.com/grafana/quickpizza/extensions/internal imports
	go.k6.io/k6/js/modules imports
	go.k6.io/k6/loader tested by
	go.k6.io/k6/loader.test imports
	go.k6.io/k6/lib/testutils/httpmultibin imports
	google.golang.org/grpc/status imports
	google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/tmp/renovate/cache/others/go/pkg/mod/google.golang.org/genproto@v0.0.0-20230410155749-daa745c078e1/googleapis/rpc/status)
	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 (/tmp/renovate/cache/others/go/pkg/mod/google.golang.org/genproto/googleapis/rpc@v0.0.0-20251202230838-ff82c1b0f217/status)

@renovate-sh-app renovate-sh-app Bot changed the title fix(deps): update module golang.org/x/sys to v0.44.0 [security] fix(deps): update module golang.org/x/sys to v0.44.0 [security] - autoclosed Jun 4, 2026
@renovate-sh-app renovate-sh-app Bot closed this Jun 4, 2026
@renovate-sh-app renovate-sh-app Bot deleted the renovate/golang.org-x-sys-0.x branch June 4, 2026 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@esquonk esquonk Awaiting requested review from esquonk esquonk is a code owner automatically assigned from grafana/k6-cloud-telemetry

@d14c d14c Awaiting requested review from d14c d14c is a code owner automatically assigned from grafana/k6-cloud-telemetry

Assignees

No one assigned

Labels

automerge-security-update severity:UNKNOWN update-minor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants