VULN UPGRADE: golang.org/x/net (minor → v0.47.0) [client]

[campaigner-prod]

Summary: High-severity security update — 1 package upgraded (MINOR changes included)

Manifests changed:

• client (go)

Updates

Package	From	To	Type	Vulnerabilities Fixed
golang.org/x/net	v0.4.0	v0.47.0	minor	3 HIGH, 5 MODERATE, 7 UNKNOWN

---

Security Details

🚨 Critical & High Severity (3 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
golang.org/x/net	CVE-2023-44487	high	This package is related to CVE CVE-2023-44487 which was detected by cisa.gov as actively being exploited in the wild	v0.4.0	-
golang.org/x/net	GHSA-vvpx-j8f3-3w6h	HIGH	golang.org/x/net vulnerable to Uncontrolled Resource Consumption	v0.4.0	0.7.0
golang.org/x/net	GHSA-4374-p667-p6c8	HIGH	HTTP/2 rapid reset can cause excessive work in net/http	v0.4.0	0.17.0

ℹ️ Other Vulnerabilities (12)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
golang.org/x/net	GHSA-vvgc-356p-c3xw	MODERATE	golang.org/x/net vulnerable to Cross-site Scripting	v0.4.0	0.38.0
golang.org/x/net	GHSA-4v7x-pqxf-cx7m	MODERATE	net/http, x/net/http2: close connections when receiving too many headers	v0.4.0	0.23.0
golang.org/x/net	GHSA-qppj-fm5r-hxr3	MODERATE	HTTP/2 Stream Cancellation Attack	v0.4.0	0.17.0
golang.org/x/net	GHSA-qxp5-gwg8-xv66	MODERATE	HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net	v0.4.0	0.36.0
golang.org/x/net	GHSA-2wrh-6pvc-2jm9	MODERATE	Improper rendering of text nodes in golang.org/x/net/html	v0.4.0	0.13.0
golang.org/x/net	GO-2023-1988	unknown	Improper rendering of text nodes in golang.org/x/net/html	v0.4.0	0.13.0
golang.org/x/net	GO-2025-3595	unknown	Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net	v0.4.0	0.38.0
golang.org/x/net	GO-2023-2102	unknown	HTTP/2 rapid reset can cause excessive work in net/http	v0.4.0	0.17.0
golang.org/x/net	GO-2024-3333	unknown	Non-linear parsing of case-insensitive content in golang.org/x/net/html	v0.4.0	0.33.0
golang.org/x/net	GO-2024-2687	unknown	HTTP/2 CONTINUATION flood in net/http	v0.4.0	0.23.0
golang.org/x/net	GO-2025-3503	unknown	HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net	v0.4.0	0.36.0
golang.org/x/net	GO-2023-1571	unknown	Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net	v0.4.0	0.7.0

📅 Dependencies Nearing EOL (1)

Dependency	Unsafe Version	EOL Date	New Version	Path
golang.org/x/net	v0.4.0	Dec 7, 2025	v0.47.0	client/go.mod

---

Review Checklist

Enhanced review recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System