Skip to content

Bump golang.org/x/net from 0.52.0 to 0.55.0#1034

Merged
avasconcelos114 merged 1 commit into
masterfrom
dependabot/go_modules/golang.org/x/net-0.55.0
Jul 6, 2026
Merged

Bump golang.org/x/net from 0.52.0 to 0.55.0#1034
avasconcelos114 merged 1 commit into
masterfrom
dependabot/go_modules/golang.org/x/net-0.55.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps golang.org/x/net from 0.52.0 to 0.55.0.

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Change Impact: Medium 🟡

Reasoning: This update only bumps Go dependencies, but it affects shared networking libraries (golang.org/x/net and related packages) that can influence multiple runtime paths indirectly. The change is low-touch in code, but dependency upgrades can still introduce behavior differences across widely used components.

Regression Risk: Moderate due to indirect impacts on shared HTTP/HTML/crypto-related packages, with no direct application logic changes to isolate the effect.

QA Recommendation: Light manual QA is recommended, focusing on plugin startup and any networking-related workflows; full regression testing is probably unnecessary unless those paths are sensitive in your environment.
Generated by CodeRabbitAI

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.52.0 to 0.55.0.
- [Commits](golang/net@v0.52.0...v0.55.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2026
@dependabot
dependabot Bot requested a review from a team as a code owner July 1, 2026 18:33
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2026
@mattermost-build

Copy link
Copy Markdown
Contributor

Hello @dependabot[bot],

Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.

@nang2049

nang2049 commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5cc79bfb-302c-4747-9a30-85367b85421f

📥 Commits

Reviewing files that changed from the base of the PR and between 3fe4e89 and 72c827a.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod

📝 Walkthrough

Walkthrough

This change updates indirect dependency versions for several golang.org/x modules (crypto, mod, net, sys, text) in go.mod, bumping each to a newer minor or patch release without altering any exported code or public interfaces.

Changes

Dependency Updates

Layer / File(s) Summary
Indirect module version bump
go.mod
Updated golang.org/x/crypto, x/mod, x/net, x/sys, and x/text indirect dependency versions to newer releases.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Poem

A hop, a skip, a version tweak,
golang.org/x modules refreshed this week 🐇
No code was harmed, no logic bent,
Just newer bits through go.mod sent.
Carrot break — commit complete!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is specific and accurately reflects one of the dependency bumps, even though the PR updates several golang.org/x modules.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/golang.org/x/net-0.55.0

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@avasconcelos114
avasconcelos114 merged commit 651b02f into master Jul 6, 2026
19 checks passed
@avasconcelos114
avasconcelos114 deleted the dependabot/go_modules/golang.org/x/net-0.55.0 branch July 6, 2026 15:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Contributor dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants