Skip to content

Bump github.com/moby/spdystream from 0.2.0 to 0.5.1#133

Merged
dkwon17 merged 1 commit into
mainfrom
dependabot/go_modules/github.com/moby/spdystream-0.5.1
Jun 24, 2026
Merged

Bump github.com/moby/spdystream from 0.2.0 to 0.5.1#133
dkwon17 merged 1 commit into
mainfrom
dependabot/go_modules/github.com/moby/spdystream-0.5.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 16, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/moby/spdystream from 0.2.0 to 0.5.1.

Release notes

Sourced from github.com/moby/spdystream's releases.

v0.5.1

What's Changed

Security

Fix memory amplification in SPDY frame parsing leads to denial of service (CVE-2026-35469 / GHSA-pc3f-x583-g7j2)

Changes

Full Changelog: moby/spdystream@v0.5.0...v0.5.1

[v0.5.0] Avoid leaking timeout timer channels and update github actions

What's Changed

Full Changelog: moby/spdystream@v0.4.0...v0.5.0

[v0.4.0] fix goroutine leak and remove unused code

What's Changed

New Contributors

Full Changelog: moby/spdystream@v0.3.0...v0.4.0

[v0.3.0] Release with fixes for a race condition

What's Changed

New Contributors

Full Changelog: moby/spdystream@v0.2.0...v0.3.0

Commits
  • c59e5d7 Merge pull request #109 from thaJeztah/use_ioutil
  • 2fd0155 use ioutil.Discard for go1.13 compatibility
  • ef6121f Merge commit from fork
  • 241cec9 compare with signed Int for 32-bit Arm
  • 21c3864 Add options to customize limits
  • acf9b45 spdy: update godoc for MaxDataLength
  • eb63605 spdy: limit header-size and header-count
  • 2f21da4 spdy: fix header block byte accounting
  • 5976b66 spdy: enforce 24-bit frame length limits
  • cf0ec5d Guard against oversized SPDY frames
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 16, 2026
@dependabot dependabot Bot requested a review from dkwon17 as a code owner April 16, 2026 20:45
@dependabot dependabot Bot added the go Pull requests that update Go code label Apr 16, 2026
@dependabot dependabot Bot requested a review from ibuziuk as a code owner April 16, 2026 20:45
@dkwon17

dkwon17 commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

@dependabot rebase

Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.2.0 to 0.5.1.
- [Release notes](https://github.com/moby/spdystream/releases)
- [Commits](moby/spdystream@v0.2.0...v0.5.1)

---
updated-dependencies:
- dependency-name: github.com/moby/spdystream
  dependency-version: 0.5.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/moby/spdystream-0.5.1 branch from 9e712e8 to ce5ca61 Compare June 16, 2026 19:06
@dkwon17 dkwon17 merged commit 381f3ba into main Jun 24, 2026
2 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/moby/spdystream-0.5.1 branch June 24, 2026 00:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant