Skip to content

bump golang.org/x/net to v0.54.0 (CVE-2026-39821) #6038

Description

@haoyukongTrackunit

k6 v2.0.0 ships with golang.org/x/net@v0.53.0, which is vulnerable to CVE-2026-39821 (CWE-287, Improper Authentication, CVSS 9.3 Critical). The fix is available in v0.54.0 or higher.
Could you bump the dependency or take a look at the fix PR below?

Fix PR:
#6039

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions