Skip to content

chore: bump vendor/zoekt to upgrade golang.org/x/net and golang.org/x/crypto (CVEs)#1412

Merged
brendan-kellam merged 2 commits into
mainfrom
brendan/bump-zoekt-x-net-crypto-cves
Jul 2, 2026
Merged

chore: bump vendor/zoekt to upgrade golang.org/x/net and golang.org/x/crypto (CVEs)#1412
brendan-kellam merged 2 commits into
mainfrom
brendan/bump-zoekt-x-net-crypto-cves

Conversation

@brendan-kellam

@brendan-kellam brendan-kellam commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary

Advances the vendor/zoekt submodule from 3d1f49a58f59f1 (sourcebot-dev/zoekt#16), which upgrades:

Dep Before → After
golang.org/x/net v0.53.0 → v0.55.0
golang.org/x/crypto v0.50.0 → v0.52.0

This clears the Trivy container-scan HIGH CVEs originating from the zoekt binary.

CVEs addressed

golang.org/x/net — SOU-1417, 1418, 1419, 1420, 1430, 1431

golang.org/x/crypto — SOU-1421, 1422, 1423, 1424, 1429, 1432, 1433, 1434

Notes

Pointer-only change (matches prior submodule bump #1290). The upstream zoekt PR was verified with go build ./... clean.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Updated a bundled third-party component to a newer version, which may include general stability and search-related improvements.

…g/x/crypto (CVEs)

Advances the vendor/zoekt submodule to sourcebot-dev/zoekt#16, which upgrades
golang.org/x/net v0.53.0 -> v0.55.0 and golang.org/x/crypto v0.50.0 -> v0.52.0
to address the Trivy container-scan HIGH CVEs:

- x/net: CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-39821,
  CVE-2026-42502, CVE-2026-42506
- x/crypto: CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830,
  CVE-2026-39835, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@brendan-kellam your pull request is missing a changelog!

@brendan-kellam brendan-kellam merged commit a09f0de into main Jul 2, 2026
6 of 7 checks passed
@brendan-kellam brendan-kellam deleted the brendan/bump-zoekt-x-net-crypto-cves branch July 2, 2026 02:05
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: eab63fe7-7954-418c-b2ed-e4d1dd7d445c

📥 Commits

Reviewing files that changed from the base of the PR and between 8325eb1 and 3a38e50.

📒 Files selected for processing (1)
  • vendor/zoekt

Walkthrough

The vendor/zoekt git submodule reference is updated from commit 3d1f49a3e6d367e714da1a00450efad2fd1a318c to commit 58f59f14543881234affea940a8cf4240eb60b4b. No other code changes are present in this diff.

Changes

Zoekt Submodule Update

Layer / File(s) Summary
Submodule pointer update
vendor/zoekt
The pinned commit reference for the vendor/zoekt submodule is bumped to a newer upstream commit.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Possibly related PRs

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch brendan/bump-zoekt-x-net-crypto-cves

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant