chore(deps): update module golang.org/x/net to v0.45.0 [security] (release-0.31)

[redhat-renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change
golang.org/x/net	indirect	minor	v0.33.0 -> v0.45.0

---

HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

CVE-2025-22870 / GHSA-qxp5-gwg8-xv66 / GO-2025-3503

More information

Details

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

Severity

• CVSS Score: 4.4 / 10 (Medium)
• Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-22870
• https://go-review.googlesource.com/q/project:net
• https://go.dev/cl/654697
• https://go.dev/issue/71984
• https://pkg.go.dev/vuln/GO-2025-3503
• https://security.netapp.com/advisory/ntap-20250509-0007
• http://www.openwall.com/lists/oss-security/2025/03/07/2

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

CVE-2025-22870 / GHSA-qxp5-gwg8-xv66 / GO-2025-3503

More information

Details

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

Severity

Unknown

References

• https://go.dev/cl/654697
• https://go.dev/issue/71984

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

golang.org/x/net vulnerable to Cross-site Scripting

CVE-2025-22872 / GHSA-vvgc-356p-c3xw / GO-2025-3595

More information

Details

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-22872
• https://go.dev/cl/662715
• https://go.dev/issue/73070
• https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA
• https://pkg.go.dev/vuln/GO-2025-3595
• https://security.netapp.com/advisory/ntap-20250516-0007

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

CVE-2025-22872 / GHSA-vvgc-356p-c3xw / GO-2025-3595

More information

Details

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. , , etc contexts).

Severity

Unknown

References

• https://go.dev/cl/662715
• https://go.dev/issue/73070
• https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Quadratic parsing complexity in golang.org/x/net/html

CVE-2025-47911 / GHSA-w4gw-w5jq-g9jh / GO-2026-4440

More information

Details

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Severity

Unknown

References

• https://go.dev/cl/709876
• https://github.com/golang/vulndb/issues/4440
• https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Infinite parsing loop in golang.org/x/net

CVE-2025-58190 / GO-2026-4441

More information

Details

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Severity

Unknown

References

• https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c
• https://github.com/golang/vulndb/issues/4441
• https://go.dev/cl/709875

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[redhat-renovate-bot]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 4 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
golang.org/x/crypto	v0.31.0 -> v0.42.0
golang.org/x/sys	v0.28.0 -> v0.36.0
golang.org/x/term	v0.27.0 -> v0.35.0
golang.org/x/text	v0.21.0 -> v0.29.0
go	1.18 -> 1.24.0

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: redhat-renovate-bot
Once this PR has been reviewed and has the lgtm label, please assign alonakaplan for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kubevirt-bot]

@redhat-renovate-bot: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-e2e-ovs-cni	3928b36	link	true	/test pull-e2e-ovs-cni-0.31

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request comprehensively updates the project's Go dependencies, particularly focusing on golang.org/x/net to mitigate critical security vulnerabilities. It also brings the project up to a newer Go language version and includes significant internal refactoring across various golang.org/x modules to improve code quality, performance, and maintainability, especially within HTTP/2 and system-level interactions.

Highlights

• Security Updates: Updated golang.org/x/net to v0.45.0 to address multiple security vulnerabilities, including HTTP proxy bypass (CVE-2025-22870), cross-site scripting (CVE-2025-22872), quadratic parsing complexity (CVE-2025-47911), and infinite parsing loops (CVE-2025-58190).
• Dependency Upgrades: Upgraded several golang.org/x modules, including golang.org/x/crypto to v0.42.0, golang.org/x/sys to v0.36.0, golang.org/x/term to v0.35.0, and golang.org/x/text to v0.29.0.
• Go Version Update: The project's Go language version has been updated from 1.18 to 1.24.0 in go.mod.
• HTTP/2 Refactoring and Enhancements: Significant refactoring in the http2 package, including the removal of synctestGroupInterface and timer interfaces for simpler timer management, introduction of a new httpcommon internal package for shared HTTP utilities, and added StrictMaxConcurrentRequests for stricter stream limits. Improved error messages for HTTP/2 frame parsing when encountering HTTP/1.1-like headers.
• HTML Parser Fixes: Fixed the HTML tokenizer to correctly handle self-closing tags with unquoted attributes and implemented a stack depth limit (512 elements) in the HTML parser to prevent denial-of-service due to quadratic parsing complexity.
• Context Package Alignment: The vendor/golang.org/x/net/context package has been refactored to align its API and implementation more closely with the standard library's context package, removing older Go version-specific files.
• New HTTP/2 Prioritization Scheme: Added support for RFC 9218 prioritization in HTTP/2 by introducing new PriorityParam fields and a dedicated scheduler implementation.
• System Call and OS-Specific Updates: Updated various golang.org/x/sys components, including adding vector I/O functions for Darwin, Dup3 for Dragonfly, Ucred helpers for Solaris, and numerous Linux-specific syscall numbers and type definitions.
• Windows Terminal and Security Enhancements: Improved Windows terminal raw mode settings and enhanced security descriptor conversion in golang.org/x/sys/windows. Added new network and system constants and types for Windows.
• Terminal History Interface: Introduced a new History interface in golang.org/x/term for managing terminal input history, allowing for more flexible history implementations.

Changelog

• go.mod
  • Updated module dependencies for golang.org/x/crypto, golang.org/x/net, golang.org/x/oauth2, golang.org/x/sys, golang.org/x/term, and golang.org/x/text.
  • Upgraded Go language version from 1.18 to 1.24.0.
• go.sum
  • Updated cryptographic checksums for all modified module dependencies.
• vendor/golang.org/x/net/context/context.go
  • Updated comments and type aliases to align with the standard library's context package.
• vendor/golang.org/x/net/context/go17.go
  • Removed Go 1.7 specific context implementation file.
• vendor/golang.org/x/net/context/go19.go
  • Removed Go 1.9 specific context implementation file.
• vendor/golang.org/x/net/context/pre_go17.go
  • Removed pre-Go 1.7 context implementation file.
• vendor/golang.org/x/net/context/pre_go19.go
  • Removed pre-Go 1.9 context implementation file.
• vendor/golang.org/x/net/html/atom/table.go
  • Updated HTML atom definitions.
• vendor/golang.org/x/net/html/escape.go
  • Updated a panic message for unrecognized escape characters.
• vendor/golang.org/x/net/html/parse.go
  • Added a stack depth limit to prevent quadratic parsing complexity.
  • Improved error messages for unknown scope types.
  • Added 'search' atom to inBodyIM function.
• vendor/golang.org/x/net/html/render.go
  • Corrected a typo in a comment from 'beging' to 'being'.
• vendor/golang.org/x/net/html/token.go
  • Fixed logic for identifying self-closing HTML tags to prevent misinterpretation with unquoted attributes.
• vendor/golang.org/x/net/http2/config.go
  • Added StrictMaxConcurrentRequests field to http2Config.
  • Refactored HTTP/2 configuration loading by introducing a generic fillNetHTTPConfig function.
• vendor/golang.org/x/net/http2/config_go124.go
  • Removed Go 1.24 specific HTTP/2 configuration file.
• vendor/golang.org/x/net/http2/config_go125.go
  • Added Go 1.25 specific HTTP/2 configuration file.
• vendor/golang.org/x/net/http2/config_go126.go
  • Added Go 1.26 specific HTTP/2 configuration file.
• vendor/golang.org/x/net/http2/config_pre_go124.go
  • Removed pre-Go 1.24 HTTP/2 configuration file.
• vendor/golang.org/x/net/http2/frame.go
  • Refactored frameName and frameParsers from maps to arrays for efficiency.
  • Added invalidHTTP1LookingFrameHeader function and enhanced error messages for HTTP/1.1-looking frame headers.
  • Updated PriorityParam struct with urgency and incremental fields for RFC 9218 prioritization.
• vendor/golang.org/x/net/http2/gotrack.go
  • Added an atomic boolean disableDebugGoroutines to control goroutine debugging during tests.
• vendor/golang.org/x/net/http2/headermap.go
  • Renamed to vendor/golang.org/x/net/internal/httpcommon/headermap.go.
  • Refactored header canonicalization functions (LowerHeader, CanonicalHeader, CachedCanonicalHeader) to use net/textproto.
• vendor/golang.org/x/net/http2/http2.go
  • Removed context import.
  • Removed synctestGroupInterface and related timer methods, simplifying timer usage to standard time package functions.
  • Updated default value for disableExtendedConnectProtocol to true.
  • Refactored bufferedWriter and writeWithByteTimeout to remove synctestGroupInterface dependency.
• vendor/golang.org/x/net/http2/server.go
  • Removed synctestGroupInterface and related timer methods, using standard time.Timer and time.AfterFunc.
  • Introduced a per-Server error channel pool (errChanPool) for better resource management.
  • Updated ServeConn to handle nil ServeConnOpts gracefully.
  • Refactored request parameter handling to use httpcommon.ServerRequestParam.
• vendor/golang.org/x/net/http2/timer.go
  • Removed the timer interface abstraction.
• vendor/golang.org/x/net/http2/transport.go
  • Removed synctestGroupInterface and related timer/context methods, simplifying timer usage.
  • Added closedOnIdle field to ClientConn to track idle closures.
  • Updated stickyErrWriter to remove synctestGroupInterface dependency.
  • Removed commaSeparatedTrailers and checkConnHeaders functions, delegating to httpcommon.
  • Refactored header encoding to use httpcommon.EncodeHeaders and httpcommon.IsRequestGzip.
• vendor/golang.org/x/net/http2/write.go
  • Updated lowerHeader function to use httpcommon.LowerHeader.
• vendor/golang.org/x/net/http2/writesched.go
  • Added priority field to OpenStreamOptions.
• vendor/golang.org/x/net/http2/writesched_priority.go
  • Renamed to writesched_priority_rfc7540.go.
  • Updated internal types and constants to reflect RFC 7540 prioritization scheme.
• vendor/golang.org/x/net/http2/writesched_priority_rfc9128.go
  • Added new file implementing RFC 9218 HTTP/2 prioritization (priorityWriteSchedulerRFC9218).
• vendor/golang.org/x/net/http2/writesched_roundrobin.go
  • Corrected a typo in a comment from 'priorizes' to 'prioritizes'.
• vendor/golang.org/x/net/internal/httpcommon/ascii.go
  • Added new file containing ASCII-specific string utility functions like asciiEqualFold, lower, isASCIIPrint, and asciiToLower.
• vendor/golang.org/x/net/internal/httpcommon/request.go
  • Added new file providing common HTTP request encoding and validation logic (EncodeHeaders, IsRequestGzip, NewServerRequest).
• vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
  • Removed Go 1.5 specific Plan 9 password utility file.
• vendor/golang.org/x/sys/plan9/pwd_plan9.go
  • Updated fixwd, Getwd, and Chdir functions to directly use syscall package functions.
• vendor/golang.org/x/sys/unix/affinity_linux.go
  • Optimized CPUSet.Zero() method by replacing a loop with the clear function.
• vendor/golang.org/x/sys/unix/auxv.go
  • Added new file for Auxv function to retrieve ELF auxiliary vector on supported Unix systems.
• vendor/golang.org/x/sys/unix/auxv_unsupported.go
  • Added new file for unsupported Auxv function, returning syscall.ENOTSUP.
• vendor/golang.org/x/sys/unix/mkerrors.sh
  • Updated script to include ETHTOOL_FAMILY_NAME and ETHTOOL_FAMILY_VERSION definitions.
• vendor/golang.org/x/sys/unix/syscall_darwin.go
  • Added Readv, Preadv, Writev, Pwritev functions for vector I/O on Darwin.
  • Added helper methods appendBytes, writevRacedetect, and readvRacedetect.
• vendor/golang.org/x/sys/unix/syscall_dragonfly.go
  • Added Dup3 function for duplicating file descriptors with flags on Dragonfly.
• vendor/golang.org/x/sys/unix/syscall_linux.go
  • Used slices.Contains for group membership check.
  • Used range over len for loops in SockaddrUnix, SockaddrL2, SockaddrCAN, SockaddrCANJ1939, SockaddrIUCV.
  • Used min function for readvRacedetect and writevRacedetect.
• vendor/golang.org/x/sys/unix/syscall_solaris.go
  • Updated Listen syscall to use __xnet_listen.
  • Added Ucred structure and related functions (GetPeerUcred, UcredGet, Geteuid, etc.) for Solaris.
• vendor/golang.org/x/sys/unix/zerrors_linux.go
  • Updated various Linux-specific error constants, including AUDIT_INTEGRITY_USERSPACE, AUDIT_LANDLOCK_ACCESS, BPF_F_PREORDER, BPF_LOAD_ACQ, BPF_STORE_REL, DM_VERSION_EXTRA, DM_VERSION_MINOR, ETHTOOL_FAMILY_NAME, ETHTOOL_FAMILY_VERSION, FAN_ERRNO_BITS, FAN_EVENT_INFO_TYPE_MNT, FAN_MARK_MNTNS, FAN_MNT_ATTACH, FAN_PRE_ACCESS, FAN_REPORT_FD_ERROR, FAN_REPORT_MNT, FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED, F_CREATED_QUERY, F_DUPFD_QUERY, IPPROTO_SMC, IPV6_VERSION, IPV6_VERSION_MASK, LANDLOCK_CREATE_RULESET_ERRATA, LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON, MAP_DROPPABLE, MSG_SOCK_DEVMEM, NFC_ATS_MAXSIZE, NFT_BITWISE_BOOL, PR_FUTEX_HASH, PR_GET_SHADOW_STACK_STATUS, PR_LOCK_SHADOW_STACK_STATUS, PR_PMLEN_MASK, PR_SHADOW_STACK_ENABLE, PR_TIMER_CREATE_RESTORE_IDS, PTRACE_SET_SYSCALL_INFO, RTA_MAX, RTM_DELANYCAST, RTM_DELMULTICAST, RTM_NEWANYCAST, RTM_NEWMULTICAST, RTM_NEWVLAN, RTPROT_OVN, RWF_DONTCACHE, RWF_SUPPORTED, STATX_DIO_READ_ALIGN, TASKSTATS_VERSION, UBI_IOCECNFO, WGALLOWEDIP_A_MAX, XDP_TXMD_FLAGS_LAUNCH_TIME.
• vendor/golang.org/x/sys/unix/zerrors_linux_386.go
  • Updated Linux 386-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
  • Updated Linux AMD64-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
  • Updated Linux ARM-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
  • Updated Linux ARM64-specific error constants, including DM_MPATH_PROBE_PATHS, GCS_MAGIC, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
  • Updated Linux Loong64-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
  • Updated Linux MIPS-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
  • Updated Linux MIPS64-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
  • Updated Linux MIPS64LE-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
  • Updated Linux MIPSLE-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
  • Updated Linux PPC-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
  • Updated Linux PPC64-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
  • Updated Linux PPC64LE-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
  • Updated Linux RISCV64-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
  • Updated Linux S390X-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
  • Updated Linux SPARC64-specific error constants, including DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
  • Added readv, preadv, writev, pwritev syscall definitions for Darwin AMD64.
• vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
  • Added assembly trampolines for readv, preadv, writev, pwritev syscalls on Darwin AMD64.
• vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
  • Added readv, preadv, writev, pwritev syscall definitions for Darwin ARM64.
• vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
  • Added assembly trampolines for readv, preadv, writev, pwritev syscalls on Darwin ARM64.
• vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
  • Updated Listen syscall definition.
  • Added getpeerucred, ucredGet, ucredGeteuid, ucredGetegid, ucredGetruid, ucredGetrgid, ucredGetsuid, ucredGetsgid, ucredGetpid, ucredFree syscall definitions for Solaris AMD64.
• vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
  • Added new Linux 386 syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
  • Added new Linux AMD64 syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
  • Added new Linux ARM syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
  • Added new Linux ARM64 syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
  • Added new Linux Loong64 syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
  • Added new Linux MIPS syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
  • Added new Linux MIPS64 syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
  • Added new Linux MIPS64LE syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
  • Added new Linux MIPSLE syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
  • Added new Linux PPC syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
  • Added new Linux PPC64 syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
  • Added new Linux PPC64LE syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
  • Added new Linux RISCV64 syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
  • Added new Linux S390X syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
  • Added new Linux SPARC64 syscall numbers: SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/ztypes_linux.go
  • Updated Statx_t struct with new fields Dio_read_offset_align and Atomic_write_unit_max_opt.
  • Updated FscryptAddKeyArg struct with Flags field.
  • Added IFAL_LABEL and IFAL_ADDRESS constants.
  • Added SizeofIfAddrlblmsg constant.
  • Added IfAddrlblmsg struct.
  • Updated NFT_PAYLOAD_TRANSPORT_HEADER related constants.
  • Updated NFT_CT_EVENTMASK related constants.
  • Updated SOF_TIMESTAMPING_LAST and SOF_TIMESTAMPING_MASK constants.
  • Added TCA_UNSPEC related constants.
  • Added RTNLGRP_MCTP_IFADDR related constants.
  • Updated ETHTOOL_MSG_USER_MAX related constants.
  • Updated ETHTOOL_A_RINGS_MAX related constants.
  • Updated ETHTOOL_A_TSINFO_MAX related constants.
  • Added TCP_V4_FLOW, UDP_V4_FLOW, TCP_V6_FLOW, UDP_V6_FLOW, ESP_V4_FLOW, ESP_V6_FLOW, IP_USER_FLOW, IPV6_USER_FLOW, IPV6_FLOW, ETHER_FLOW constants.
  • Updated NL80211_ATTR_AP_SETTINGS_FLAGS related constants.
  • Updated NL80211_ATTR_BSS_CTS_PROT related constants.
  • Updated NL80211_ATTR_EHT_CAPABILITY related constants.
  • Updated NL80211_ATTR_HT_CAPABILITY_MASK related constants.
  • Updated NL80211_ATTR_MAX related constants.
  • Updated NL80211_ATTR_MLD_CAPA_AND_OPS related constants.
  • Updated NL80211_ATTR_POWER_RULE_MAX_EIRP related constants.
  • Updated NL80211_ATTR_PROTOCOL_FEATURES related constants.
  • Updated NL80211_ATTR_WIPHY_FREQ_OFFSET related constants.
  • Updated NL80211_BAND_ATTR_MAX related constants.
  • Updated NL80211_BSS_BSSID related constants.
  • Updated NL80211_BSS_STATUS_IBSS_JOINED related constants.
  • Updated NL80211_CMD_LEAVE_OCB related constants.
  • Updated NL80211_CMD_SET_FILS_AAD related constants.
  • Updated NL80211_CMD_SET_TID_CONFIG related constants.
  • Updated NL80211_EXT_FEATURE_AQL related constants.
  • Updated NL80211_EXT_FEATURE_DEL_IBSS_STA related constants.
  • Updated NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE related constants.
  • Updated NL80211_EXT_FEATURE_SECURE_LTF related constants.
  • Updated NL80211_FREQUENCY_ATTR_8MHZ related constants.
  • Updated NL80211_IFTYPE_WDS related constants.
  • Updated NL80211_MBSSID_CONFIG_ATTR_EMA related constants.
  • Updated NL80211_MNTR_FLAG_COOK_FRAMES related constants.
  • Updated NL80211_RATE_INFO_160_MHZ_WIDTH related constants.
  • Updated NL80211_RATE_INFO_HE_RU_ALLOC related constants.
  • Updated NL80211_REPLAY_CTR_LEN related constants.
  • Updated NL80211_RRF_AUTO_BW related constants.
  • Updated NL80211_RRF_NO_IR related constants.
  • Updated NL80211_STA_FLAG_SHORT_PREAMBLE related constants.
  • Updated NL80211_VHT_NSS_MAX related constants.
  • Updated NL80211_WOWLAN_TRIG_TCP_CONNECTION related constants.
  • Added RTM_NEWNVLAN constant.
• vendor/golang.org/x/sys/unix/ztypes_linux_386.go
  • Updated Linux 386-specific Taskstats struct with new delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
  • Updated Linux AMD64-specific Taskstats struct with new delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
  • Updated Linux ARM-specific Stat_t and Taskstats structs with new padding and delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
  • Updated Linux ARM64-specific Taskstats struct with new delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
  • Updated Linux Loong64-specific Taskstats struct with new delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
  • Updated Linux MIPS-specific Taskstats struct with new padding and delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
  • Updated Linux MIPS64-specific Taskstats struct with new delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
  • Updated Linux MIPS64LE-specific Taskstats struct with new delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
  • Updated Linux MIPSLE-specific Taskstats struct with new padding and delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
  • Updated Linux PPC-specific Stat_t and Taskstats structs with new padding and delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
  • Updated Linux PPC64-specific Taskstats struct with new delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
  • Updated Linux PPC64LE-specific Taskstats struct with new delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
  • Updated Linux RISCV64-specific Taskstats struct with new delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
  • Updated Linux S390X-specific Taskstats struct with new delay fields.
• vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
  • Updated Linux SPARC64-specific Taskstats struct with new delay fields.
• vendor/golang.org/x/sys/windows/dll_windows.go
  • Updated comments for LoadDLL and NewLazyDLL regarding DLL preloading attacks.
  • Removed internal errString type.
• vendor/golang.org/x/sys/windows/security_windows.go
  • Improved ToAbsolute function for SECURITY_DESCRIPTOR by verifying pointers and setting them explicitly for GC visibility.
• vendor/golang.org/x/sys/windows/syscall_windows.go
  • Added WSADuplicateSocket syscall.
  • Corrected NTUnicodeString.Slice length calculation to use MaximumLength/2 and Length/2.
• vendor/golang.org/x/sys/windows/types_windows.go
  • Added IP_MTU_DISCOVER and IPV6_MTU_DISCOVER constants.
  • Added PMTUD_STATE enum constants.
  • Added WSACMSGHDR, IN_PKTINFO, IN6_PKTINFO types.
  • Added FileZeroDataInformation struct.
  • Added numerous virtual key codes, mouse button constants, control key state constants, and input record event types.
• vendor/golang.org/x/term/term_windows.go
  • Modified makeRaw function to exclude windows.ENABLE_PROCESSED_OUTPUT from raw mode settings.
• vendor/golang.org/x/term/terminal.go
  • Introduced a new History interface for managing terminal input history.
  • Updated Terminal struct to use the History interface with a default stRingBuffer implementation.
  • Adjusted handleKey and readLine functions to support the new History interface and handle keyLF for newlines.
• vendor/golang.org/x/text/language/parse.go
  • Corrected the return value in CanonType.Parse to always return nil for error if changed is true.
• vendor/modules.txt
  • Updated module versions and Go versions for golang.org/x/crypto, golang.org/x/net, golang.org/x/sys, golang.org/x/term, golang.org/x/text.
  • Added golang.org/x/net/internal/httpcommon.

Activity

• The pull request was opened by redhat-renovate-bot to update Go module dependencies.
• The PR description provides detailed information about multiple security vulnerabilities addressed by the golang.org/x/net update.
• Automerge is currently disabled, requiring manual review and merging.
• The PR is configured to rebase automatically if conflicts arise or if the rebase/retry checkbox is ticked.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates golang.org/x/net to v0.45.0 along with several of its transitive dependencies. This is an important security update that addresses multiple CVEs, including vulnerabilities related to HTTP proxy bypass, cross-site scripting, and parsing complexity issues in the HTML package. The changes also include a significant Go version bump in go.mod from 1.18 to 1.24.0, which is necessary to support the updated dependencies. The vendored code shows substantial refactoring, particularly in the http2 package to improve code structure and in the context package to align with the standard library. Overall, the updates are crucial for security and bring in modern Go practices. I have one minor suggestion regarding a filename.

[gemini-code-assist]

There appears to be a typo in the filename. The file implements the prioritization scheme from RFC 9218, as mentioned in the code comments, but the filename is writesched_priority_rfc9128.go. It should likely be writesched_priority_rfc9218.go to avoid confusion.