security(gomod): 🛡️ minor indirect to v0.33.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
golang.org/x/net	v0.26.0 -> v0.33.0

GitHub Vulnerability Alerts

CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

---

Non-linear parsing of case-insensitive content in golang.org/x/net/html

CVE-2024-45338 / GHSA-w32m-9786-jp63 / GO-2024-3333

More information

Details

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Severity

Unknown

References

• https://go.dev/cl/637536
• https://go.dev/issue/70906
• https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Non-linear parsing of case-insensitive content in golang.org/x/net/html

CVE-2024-45338 / GHSA-w32m-9786-jp63 / GO-2024-3333

More information

Details

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Severity

• CVSS Score: Unknown
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-45338
• https://github.com/golang/go/issues/70906
• https://cs.opensource.google/go/x/net
• https://go.dev/cl/637536
• https://go.dev/issue/70906
• https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
• https://pkg.go.dev/vuln/GO-2024-3333

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 5 additional dependencies were updated

Details:

Package	Change
golang.org/x/sys	v0.21.0 -> v0.28.0
golang.org/x/crypto	v0.24.0 -> v0.31.0
golang.org/x/sync	v0.7.0 -> v0.10.0
golang.org/x/term	v0.21.0 -> v0.27.0
golang.org/x/text	v0.16.0 -> v0.21.0

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 51.05%. Comparing base (a2521eb) to head (06bdb41).
Report is 120 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #178       +/-   ##
===========================================
+ Coverage   32.61%   51.05%   +18.44%     
===========================================
  Files          80       87        +7     
  Lines       10855    11983     +1128     
===========================================
+ Hits         3540     6118     +2578     
+ Misses       7027     5565     -1462     
- Partials      288      300       +12     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.