Skip to content

Bump the go_modules group across 1 directory with 2 updates #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the go_modules group across 1 directory with 2 updates #70

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jul 18, 2025
edited by bito-code-review bot
Loading

Bumps the go_modules group with 2 updates in the /cmd directory: golang.org/x/net and golang.org/x/oauth2.

Updates golang.org/x/net from 0.30.0 to 0.38.0

Commits
  • e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
  • ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
  • 1f1fa29 publicsuffix: regenerate table
  • 1215081 http2: improve error when server sends HTTP/1
  • 312450e html: ensure <search> tag closes <p> and update tests
  • 09731f9 http2: improve handling of lost PING in Server
  • 55989e2 http2/h2c: use ResponseController for hijacking connections
  • 2914f46 websocket: re-recommend gorilla/websocket
  • 99b3ae0 go.mod: update golang.org/x dependencies
  • 85d1d54 go.mod: update golang.org/x dependencies
  • Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.23.0 to 0.27.0

Commits
  • 681b4d8 jws: split token into fixed number of parts
  • 3f78298 all: upgrade go directive to at least 1.23.0 [generated]
  • 109dabf endpoints: add links/provider for Discord
  • ac571fa oauth2: fix docs for Config.DeviceAuth
  • 314ee5b endpoints: add patreon endpoint
  • b9c813b google: add warning about externally-provided credentials
  • 49a531d all: make method and struct comments match the names
  • 22134a4 README: don't recommend go get
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by Bito

This pull request updates dependency versions in the /cmd directory, upgrading golang.org/x/net from 0.30.0 to 0.38.0 and golang.org/x/oauth2 from 0.23.0 to 0.27.0 across go.mod and go.sum files. These updates leverage improvements and compatibility fixes from upstream modules for better performance and stability.

@dependabot
Bump the go_modules group across 1 directory with 2 updates
922f09d 
Bumps the go_modules group with 2 updates in the /cmd directory: [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/oauth2](https://github.com/golang/oauth2).


Updates `golang.org/x/net` from 0.30.0 to 0.38.0
- [Commits](golang/net@v0.30.0...v0.38.0)

Updates `golang.org/x/oauth2` from 0.23.0 to 0.27.0
- [Commits](golang/oauth2@v0.23.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.27.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 18, 2025
@bito-code-review
Copy link

bito-code-review bot commented Jul 18, 2025
edited
Loading

Code Review Agent Run #a0337d

Actionable Suggestions - 0
Security Concerns - 3
  • Vulnerability 1
    • Dependency Name: google.golang.org/protobuf
    • Dependency Version: None
    • Vulnerability Name: GO-2024-2611
    • Vulnerability Description: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain invalid JSON, causing potential denial of service.
    • Fixed in Version: v1.33.0
    • Code Suggestion: 
      
@@ -1,1 +1,1 @@
- google.golang.org/protobuf v1.32.0
+ google.golang.org/protobuf v1.33.0
  • Vulnerability 2
    • Dependency Name: golang.org/x/net
    • Dependency Version: None
    • Vulnerability Name: GO-2024-2687
    • Vulnerability Description: HTTP/2 vulnerability allowing attackers to cause excessive header data processing, leading to potential denial of service.
    • Fixed in Version: v0.23.0
    • Code Suggestion: 
      
@@ -1,1 +1,1 @@
- golang.org/x/net v0.22.0
+ golang.org/x/net v0.38.0
  • Vulnerability 3
    • Dependency Name: golang.org/x/oauth2
    • Dependency Version: None
    • Vulnerability Name: GO-2025-3488
    • Vulnerability Description: An attacker can pass a malicious malformed token which causes unexpected memory consumption during parsing.
    • Fixed in Version: v0.27.0
    • Code Suggestion: 
      
@@ -1,1 +1,1 @@
- golang.org/x/oauth2 v0.26.0
+ golang.org/x/oauth2 v0.27.0
Review Details
  • Files reviewed - 2 · Commit Range: 922f09d..922f09d
    • cmd/go.mod
    • cmd/go.sum
  • Files skipped - 0
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • OWASP (Security Vulnerability) - ✔︎ Successful
    • GOVULNCHECK (Security Vulnerability) - ✔︎ Successful
    • SNYK (Security Vulnerability) - ✔︎ Successful
Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Default Agent You can customize the agent settings here or contact your Bito workspace admin at [email protected].

Documentation & Help

AI Code Review powered by Bito Logo

@dependabot dependabot bot mentioned this pull request Jul 18, 2025
Closed
@bito-code-review
Copy link

bito-code-review bot commented Jul 18, 2025

Changelist by Bito

This pull request implements the following key changes.

Key Change Files Impacted
Other Improvements - Dependency Version Updates

go.mod - Updated multiple dependency versions including golang.org/x/net, golang.org/x/oauth2, and golang.org/x/term while adding and rearranging indirect module entries to ensure compatibility.

go.sum - Updated checksum entries to sync with the go.mod dependency revisions including changes in golang.org/x/net, golang.org/x/oauth2, golang.org/x/sys, and golang.org/x/text.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants