Update module golang.org/x/sys to v0.44.0 [SECURITY] #7

Open
renovate wants to merge 1 commit from renovate/go-golang.org-x-sys-vulnerability into planka
Collaborator

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/sys v0.33.0v0.44.0 age confidence

Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

CVE-2026-39824 / GO-2026-5024

More information

Details

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).


Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/sys](https://pkg.go.dev/golang.org/x/sys) | [`v0.33.0` → `v0.44.0`](https://cs.opensource.google/go/x/sys/+/refs/tags/v0.33.0...refs/tags/v0.44.0) | ![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fsys/v0.44.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fsys/v0.33.0/v0.44.0?slim=true) | --- ### Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows [CVE-2026-39824](https://nvd.nist.gov/vuln/detail/CVE-2026-39824) / [GO-2026-5024](https://pkg.go.dev/vuln/GO-2026-5024) <details> <summary>More information</summary> #### Details NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error. #### Severity Unknown #### References - [https://go.dev/issue/78916](https://go.dev/issue/78916) - [https://go.dev/cl/770080](https://go.dev/cl/770080) - [https://groups.google.com/g/golang-announce/c/6MMI8Lj-Atg](https://groups.google.com/g/golang-announce/c/6MMI8Lj-Atg) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5024) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Configuration 📅 **Schedule**: (in timezone UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyMC4wIiwidGFyZ2V0QnJhbmNoIjoicGxhbmthIiwibGFiZWxzIjpbInNlY3VyaXR5Il19-->
Author
Collaborator

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.24.3 -> 1.25.0
### ℹ️ Artifact update notice ##### File name: go.mod In order to perform the update(s) described in the table above, Renovate ran the `go get` command, which resulted in the following additional change(s): - The `go` directive was updated for compatibility reasons Details: | **Package** | **Change** | | :---------- | :------------------- | | `go` | `1.24.3` -> `1.25.0` |
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/go-golang.org-x-sys-vulnerability:renovate/go-golang.org-x-sys-vulnerability
git switch renovate/go-golang.org-x-sys-vulnerability

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch planka
git merge --no-ff renovate/go-golang.org-x-sys-vulnerability
git switch renovate/go-golang.org-x-sys-vulnerability
git rebase planka
git switch planka
git merge --ff-only renovate/go-golang.org-x-sys-vulnerability
git switch renovate/go-golang.org-x-sys-vulnerability
git rebase planka
git switch planka
git merge --no-ff renovate/go-golang.org-x-sys-vulnerability
git switch planka
git merge --squash renovate/go-golang.org-x-sys-vulnerability
git switch planka
git merge --ff-only renovate/go-golang.org-x-sys-vulnerability
git switch planka
git merge renovate/go-golang.org-x-sys-vulnerability
git push origin planka
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Headscracher/planka_discord_bridge!7
No description provided.