Skip to content

fix: upgrade vulnerable golang.org/x/{net,sys} (Aikido)#15

Merged
dorothyyzh merged 1 commit into
mainfrom
fix/aikido-dependency-vulnerabilities-2026-06-08
Jun 8, 2026
Merged

fix: upgrade vulnerable golang.org/x/{net,sys} (Aikido)#15
dorothyyzh merged 1 commit into
mainfrom
fix/aikido-dependency-vulnerabilities-2026-06-08

Conversation

@dorothyyzh

@dorothyyzh dorothyyzh commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Summary

Upgrades vulnerable golang.org/x/* dependencies flagged by Aikido Security (team 296964).

Package Old New
golang.org/x/net v0.52.0 v0.55.0
golang.org/x/sys v0.42.0 v0.45.0
golang.org/x/text v0.35.0 v0.37.0 (transitive)

Aikido Issues Resolved

  • Group 30922311 — x/net — Missing input validation (Critical)
  • Group 30922312 — x/sys — Integer overflow (Low)

Verification

  • go build ./... ✅ • go vet ./... ✅ • go test ./... ✅ (0 failures)

Deployment Note

Skill does not touch release-* branches. Merging + release promotion handled per team policy.

🤖 Generated with Claude Code

@claude
fix: upgrade golang.org/x/{net,sys} for CVEs (Aikido)
d77c418 
- golang.org/x/net  v0.52.0 => v0.55.0
- golang.org/x/sys  v0.42.0 => v0.45.0
- golang.org/x/text v0.35.0 => v0.37.0 (transitive)

Resolves Aikido groups 30922311 (x/net), 30922312 (x/sys).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@dorothyyzh dorothyyzh merged commit 344dfa6 into main Jun 8, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iBakuman iBakuman iBakuman approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dorothyyzh @iBakuman