chore(deps): minor: golang.org/x/net, golang.org/x/sys

[gh-worker-campaigns-3e9aa4]

Summary: Dependency update — 2 packages upgraded (MINOR changes included)

Manifests changed:

• . (go)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
golang.org/x/net	v0.48.0	v0.56.0	minor	Transitive	7 UNKNOWN
golang.org/x/sys	v0.39.0	v0.46.0	minor	Transitive	1 UNKNOWN

---

Security Details

ℹ️ Other Vulnerabilities (8)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
golang.org/x/net	GO-2026-4918	unknown	Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net	v0.48.0	0.53.0
golang.org/x/net	GO-2026-5025	unknown	Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html	v0.48.0	0.55.0
golang.org/x/net	GO-2026-5026	unknown	Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna	v0.48.0	0.55.0
golang.org/x/net	GO-2026-5030	unknown	Invoking duplicate attributes can cause XSS in golang.org/x/net/html	v0.48.0	0.55.0
golang.org/x/net	GO-2026-5028	unknown	Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html	v0.48.0	0.55.0
golang.org/x/net	GO-2026-5027	unknown	Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html	v0.48.0	0.55.0
golang.org/x/net	GO-2026-5029	unknown	Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html	v0.48.0	0.55.0
golang.org/x/sys	GO-2026-5024	unknown	Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows	v0.39.0	0.44.0

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System