Skip to content

Bump golang.org/x/net from 0.52.0 to 0.53.0 in the minor-and-patch group across 1 directory#269

Merged
wesm merged 2 commits intomainfrom
dependabot/go_modules/minor-and-patch-2c02d79b29
Apr 14, 2026
Merged

Bump golang.org/x/net from 0.52.0 to 0.53.0 in the minor-and-patch group across 1 directory#269
wesm merged 2 commits intomainfrom
dependabot/go_modules/minor-and-patch-2c02d79b29

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 13, 2026

Bumps the minor-and-patch group with 1 update in the / directory: golang.org/x/net.

Updates golang.org/x/net from 0.52.0 to 0.53.0

Commits
  • a8d1fc1 go.mod: update golang.org/x dependencies
  • 056ac74 quic: avoid depending on golang.org/x/sys/unix
  • c85f611 http3: add http3 package for testing in std
  • 805fc81 http2: add transport API tests
  • e63b894 http2: support testing via net/http.Transport.RoundTrip
  • 9ee1e48 http2/hpack: prevent HeaderField from escaping during encoding
  • 1e71bd8 http2: prevent hanging Transport due to bad SETTINGS frame
  • 7bca150 internal/http3: respect net/http Server Shutdown context when shutting down
  • 44c41be internal/http3: prevent server from holding mutex when sleeping during shutdown
  • 228a67a internal/http3: add CloseIdleConnections support in transport
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump golang.org/x/net in the minor-and-patch group across 1 directory
dfb8617 
Bumps the minor-and-patch group with 1 update in the / directory: [golang.org/x/net](https://github.com/golang/net).


Updates `golang.org/x/net` from 0.52.0 to 0.53.0
- [Commits](golang/net@v0.52.0...v0.53.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 13, 2026
@dependabot dependabot bot requested a review from wesm as a code owner April 13, 2026 23:07
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 13, 2026
@roborev-ci
Copy link
Copy Markdown

roborev-ci bot commented Apr 13, 2026

roborev: Combined Review (dfb8617)

No medium-or-higher findings; the dependency bump appears clean.

All three reviews found no issues. The PR updates golang.org/x/net from v0.52.0 to v0.53.0 in go.mod and refreshes checksums, with no identified medium, high, or critical concerns.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@wesm @claude
Update nix flake vendorHash for dependency bump
0937a8d 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@roborev-ci
Copy link
Copy Markdown

roborev-ci bot commented Apr 14, 2026

roborev: Combined Review (0937a8d)

Verdict: One high-severity issue needs to be addressed before merge.

High

  • go.mod:28
    golang.org/x/net was bumped to v0.53.0, but no corresponding go.sum update appears in the diff. This risks checksum mismatches and build failures if the new module version is not already recorded.
    Suggested fix: run go mod tidy and include any resulting go.sum changes in the PR.

Synthesized from 3 reviews (agents: codex, gemini | types: default, security)

@wesm wesm merged commit 392b05a into main Apr 14, 2026
6 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/minor-and-patch-2c02d79b29 branch April 14, 2026 12:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wesm wesm Awaiting requested review from wesm wesm is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wesm