Skip to content

chore(deps): Bump golang.org/x/mod from 0.35.0 to 0.36.0#591

Merged
HerbHall merged 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/mod-0.36.0
Jun 2, 2026
Merged

chore(deps): Bump golang.org/x/mod from 0.35.0 to 0.36.0#591
HerbHall merged 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/mod-0.36.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Bumps golang.org/x/mod from 0.35.0 to 0.36.0.

Commits
  • 643da9b go.mod: update golang.org/x dependencies
  • ccc3cdf zip: include 'but content has correct sum' note in TestVCS
  • ab30318 zip: update zip hashes for new flate compression
  • See full diff in compare view

@dependabot dependabot Bot added chore Maintenance, refactor, tooling, dependencies dependencies Dependency updates labels May 11, 2026
@dependabot dependabot Bot requested a review from HerbHall as a code owner May 11, 2026 13:47
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jun 1, 2026

Dependabot can't resolve your Go dependency files. Because of this, Dependabot cannot update this pull request.

@HerbHall HerbHall mentioned this pull request Jun 1, 2026
Merged
HerbHall added a commit that referenced this pull request Jun 1, 2026
@HerbHall @claude
chore(status): sync session 2026-06-01 state file (#604)
4db8b0b 
Routine state-file sync after this session's merges (#601 IP sort, #602
govulncheck security sweep).

## Changes to `.samverk/status.md`

- **Phase**: main at f568739 (#601); latest release v0.6.4, v0.6.5
queued (#603); 7 open PRs; 8 open issues
- **Recently completed**: added the 2026-06-01 session (#601 IP sort +
Copilot localeCompare catch, #602 security sweep, dashboard skill path
de-hardcoding)
- **Pending / Next actions**: surfaced the open-PR backlog —
release-please #603 and 6 Dependabot PRs, flagging #591 (x/mod) and #599
(x/net) as needing rebase after the #602 x/* bump

Docs-only / state-file change. No code touched.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: HerbHall <HerbHall@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@HerbHall
Copy link
Copy Markdown
Owner

HerbHall commented Jun 2, 2026

@dependabot squash and merge

@HerbHall
Copy link
Copy Markdown
Owner

HerbHall commented Jun 2, 2026

@dependabot rebase

@dependabot dependabot Bot changed the title chore(deps): Bump golang.org/x/mod from 0.34.0 to 0.36.0 chore(deps): Bump golang.org/x/mod from 0.35.0 to 0.36.0 Jun 2, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/mod-0.36.0 branch from de0729a to fe1ac2f Compare June 2, 2026 22:27
@HerbHall
Copy link
Copy Markdown
Owner

HerbHall commented Jun 2, 2026

@dependabot squash and merge

1 similar comment
@HerbHall
Copy link
Copy Markdown
Owner

HerbHall commented Jun 2, 2026

@dependabot squash and merge

@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/mod-0.36.0 branch from fe1ac2f to 4589772 Compare June 2, 2026 22:46
@HerbHall HerbHall mentioned this pull request Jun 2, 2026
Merged
HerbHall added a commit that referenced this pull request Jun 2, 2026
@HerbHall @claude
fix(deps): bump Go 1.25.10 -> 1.25.11 for new stdlib CVEs (#606)
30cfd68 
## Summary

A fresh govulncheck DB update (one day after #602) flagged two new
**stdlib** vulnerabilities in go1.25.10, re-blocking the entire PR queue
— main itself, the remaining Dependabot PRs (#588/#591/#596), and
release #603 all fail `Vulnerability Check`:

| Vuln | Package | Fixed in |
|------|---------|----------|
| GO-2026-5039 | net/textproto | go1.25.11 |
| GO-2026-5037 | crypto/x509 | go1.25.11 |

Pure toolchain bump — no module changes. Bumps the `go` directive
**and** the Dockerfile `go-builder` image in lockstep (CI reads
`go-version-file: go.mod`; the Docker build pins the builder explicitly
and fails on a version mismatch otherwise).

## Verification (local)

- `go build ./...` / `go vet ./...` — clean
- `GOTOOLCHAIN=go1.25.11 govulncheck ./...` — **"No vulnerabilities
found"**

Once merged, rebasing #588/#591/#596 onto main clears their vuln check,
and #603 (v0.6.5) can be cut.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: HerbHall <HerbHall@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@HerbHall
Copy link
Copy Markdown
Owner

HerbHall commented Jun 2, 2026

@dependabot rebase

@dependabot
chore(deps): Bump golang.org/x/mod from 0.35.0 to 0.36.0
e8a28fb 
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.35.0 to 0.36.0.
- [Commits](golang/mod@v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/mod-0.36.0 branch from 4589772 to e8a28fb Compare June 2, 2026 23:12
@HerbHall
Copy link
Copy Markdown
Owner

HerbHall commented Jun 2, 2026

@dependabot squash and merge

@HerbHall HerbHall merged commit 66db42d into main Jun 2, 2026
17 checks passed
@HerbHall HerbHall deleted the dependabot/go_modules/golang.org/x/mod-0.36.0 branch June 2, 2026 23:25
@github-actions github-actions Bot locked and limited conversation to collaborators Jun 2, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@HerbHall HerbHall Awaiting requested review from HerbHall HerbHall is a code owner

Assignees

No one assigned

Labels

chore Maintenance, refactor, tooling, dependencies dependencies Dependency updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@HerbHall