Skip to content

chore(deps): update module golang.org/x/sys to v0.44.0 [security] (v1.8)#331

Open
renovate[bot] wants to merge 1 commit into
v1.8from
renovate/v1.8-go-golang.org-x-sys-vulnerability
Open

chore(deps): update module golang.org/x/sys to v0.44.0 [security] (v1.8)#331
renovate[bot] wants to merge 1 commit into
v1.8from
renovate/v1.8-go-golang.org-x-sys-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/sys v0.40.0v0.44.0 age confidence

Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

CVE-2026-39824 / GO-2026-5024

More information

Details

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).


Configuration

📅 Schedule: (in timezone Asia/Taipei)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added dependencies Pull requests that update a dependency file needs-review renovate/v1.8 labels Jul 6, 2026
@renovate
renovate Bot requested review from a team, Vicente-Cheng, Yu-Jack and tserong as code owners July 6, 2026 09:00
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@renovate
renovate Bot requested a review from a team as a code owner July 6, 2026 09:00
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate
renovate Bot force-pushed the renovate/v1.8-go-golang.org-x-sys-vulnerability branch from 34c4e9a to 113f82d Compare July 12, 2026 12:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file needs-review renovate/v1.8

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants