Build: Update Go toolchain to 1.26.4 and refresh x/net and x/sys

Bumps the go.mod toolchain directive and the dummy OIDC fixture to
go1.26.4, clearing the GO-2026-5037/5038/5039 stdlib advisories. Updates
golang.org/x/net to v0.56.0 (NOTICE regenerated) and the fixture's
golang.org/x/sys to v0.46.0. osv-scanner --recursive returns zero
advisories and the full Go suite passes.
This commit is contained in:
Michael Mayer 2026-06-10 18:06:19 +00:00
parent 8b09cfe76e
commit 1ca21007b3
5 changed files with 10 additions and 8 deletions

4
NOTICE
View file

@ -8919,8 +8919,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--------------------------------------------------------------------------------
Package: golang.org/x/net
Version: v0.55.0
License: BSD-3-Clause (https://cs.opensource.google/go/x/net/+/v0.55.0:LICENSE)
Version: v0.56.0
License: BSD-3-Clause (https://cs.opensource.google/go/x/net/+/v0.56.0:LICENSE)
Copyright 2009 The Go Authors.

View file

@ -1,6 +1,6 @@
module caos-test-op
go 1.26.3
go 1.26.4
require (
github.com/go-chi/chi/v5 v5.2.5
@ -26,6 +26,6 @@ require (
go.opentelemetry.io/otel/metric v1.43.0 // indirect
go.opentelemetry.io/otel/trace v1.43.0 // indirect
golang.org/x/oauth2 v0.36.0 // indirect
golang.org/x/sys v0.42.0 // indirect
golang.org/x/sys v0.46.0 // indirect
golang.org/x/text v0.36.0 // indirect
)

View file

@ -57,8 +57,8 @@ go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09
go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0=
golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw=
golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=

4
go.mod
View file

@ -39,7 +39,7 @@ require (
github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6
go4.org v0.0.0-20260112195520-a5071408f32f // indirect
golang.org/x/crypto v0.53.0
golang.org/x/net v0.55.0
golang.org/x/net v0.56.0
gonum.org/v1/gonum v0.17.0
gopkg.in/yaml.v2 v2.4.0
)
@ -195,4 +195,4 @@ require (
go 1.25.0
toolchain go1.26.3
toolchain go1.26.4

2
go.sum
View file

@ -576,6 +576,8 @@ golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8=
golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww=
golang.org/x/net v0.56.0 h1:Rw8j/hFzGvJUZwNBXnAtf5sVDVt+65SK2C7IxCxZt5o=
golang.org/x/net v0.56.0/go.mod h1:D3Ku6r+V6JROoZK144D2XfMHFcMq/0zSfLelVTCFKec=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=