chore(deps): bump golang.org/x/net from 0.43.0 to 0.55.0#6097
chore(deps): bump golang.org/x/net from 0.43.0 to 0.55.0#6097dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.43.0 to 0.55.0. - [Commits](golang/net@v0.43.0...v0.55.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.55.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @dependabot[bot]. Thanks for your PR. I'm waiting for a fluid-cloudnative member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
|
/copilot review |
|
@gemini-code-assist /review |
There was a problem hiding this comment.
Code Review
This pull request upgrades the Go toolchain version to 1.25.0 and updates several golang.org/x dependencies in go.mod and the vendor directory, including x/net, x/sys, x/tools, x/text, x/sync, and x/term. Key updates in the vendored packages include support for RFC 9218 prioritization and standard library wrapping in http2, Unicode 16.0.0 compatibility in idna, optimizations and nesting limits in the html parser, and various API enhancements in x/tools such as the new Cursor traversal API in ast/inspector. There are no review comments to address, and I have no additional feedback to provide.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Review: Dependency Bump — needs-workThis bump of
However, CI is broken. The root cause is that To resolve, either:
Non-vendor file changes are limited to |
| module github.com/fluid-cloudnative/fluid | ||
|
|
||
| go 1.24.12 | ||
| go 1.25.0 |
There was a problem hiding this comment.
The go directive moved from 1.24.12 to 1.25.0 because x/net v0.55.0 (and all bumped x/ siblings) now require Go 1.25. CI is still on Go 1.24.12 with GOTOOLCHAIN=local, so every build, lint, test, and e2e job fails with:
go: go.mod requires go >= 1.25.0 (running go 1.24.12; GOTOOLCHAIN=local)
Options:
- Upgrade CI to Go 1.25 first, then merge this PR.
- Target the latest
x/netrelease that still supports Go 1.24 (pick a version that declaresgo 1.23orgo 1.24rather thango 1.25).



Bumps golang.org/x/net from 0.43.0 to 0.55.0.
Commits
7770ec4go.mod: update golang.org/x dependencies4ece7b6html: escape greater-than symbol in doctype identifiers08be507html: improve Noah's Ark clause performancea8fb2fehtml: properly render fostered elements in foreign content0dc5b7ahtml: properly check namespace in "in body" any other end taga452f3chtml: ignore duplicate attributes during tokenizationf865199quic: fix appendMaxDataFrame erroneously accumulating sentLimit210ed3cquic: establish a "happened-before" relationship between stream write and readad8140equic: fix buffer slicing when handling overlapping stream data23ee2efhttp2: avoid API changes when built with go1.27Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.