Update golang.org/x/net to v0.53.0

Fixes CVE-2026-33814 (golang/go#78476): HTTP/2 Transport hangs indefinitely when a peer sends a SETTINGS frame with MaxFrameSize=0. This is reachable from kube-apiserver's OIDC, admission webhook, and aggregated API client paths. Kubernetes-commit: 12a2470693d86f63f4614048ffdd43dc393dd7e0
2026-05-01 00:00:03 +08:00 · 2026-04-23 21:36:05 -04:00
parent 0e704b8366
commit 856bc55680
2 changed files with 42 additions and 30 deletions
@@ -8,10 +8,10 @@ godebug default=go1.26

 require (
 	golang.org/x/time v0.14.0
-	k8s.io/api v0.0.0-20260423183040-4f18f6911a7e
-	k8s.io/apimachinery v0.0.0-20260423181704-58aed62c0dac
-	k8s.io/client-go v0.0.0-20260423184731-af852a6051c6
-	k8s.io/code-generator v0.0.0-20260423191340-2884c2a30124
+	k8s.io/api v0.0.0
+	k8s.io/apimachinery v0.0.0
+	k8s.io/client-go v0.0.0
+	k8s.io/code-generator v0.0.0
 	k8s.io/klog/v2 v2.140.0
 	k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a
 	k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2
@@ -39,14 +39,14 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/mod v0.33.0 // indirect
-	golang.org/x/net v0.52.0 // indirect
+	golang.org/x/mod v0.34.0 // indirect
+	golang.org/x/net v0.53.0 // indirect
 	golang.org/x/oauth2 v0.35.0 // indirect
 	golang.org/x/sync v0.20.0 // indirect
-	golang.org/x/sys v0.42.0 // indirect
-	golang.org/x/term v0.41.0 // indirect
-	golang.org/x/text v0.35.0 // indirect
-	golang.org/x/tools v0.42.0 // indirect
+	golang.org/x/sys v0.43.0 // indirect
+	golang.org/x/term v0.42.0 // indirect
+	golang.org/x/text v0.36.0 // indirect
+	golang.org/x/tools v0.43.0 // indirect
 	google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
@@ -56,3 +56,11 @@ require (
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/yaml v1.6.0 // indirect
 )
+
+replace (
+	k8s.io/api => ../api
+	k8s.io/apimachinery => ../apimachinery
+	k8s.io/client-go => ../client-go
+	k8s.io/code-generator => ../code-generator
+	k8s.io/streaming => ../streaming
+)