Skip to content

build(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1#238

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/go_modules/github.com/moby/spdystream-0.5.1
Jun 9, 2026
Merged

build(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1#238
github-actions[bot] merged 1 commit into
mainfrom
dependabot/go_modules/github.com/moby/spdystream-0.5.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps github.com/moby/spdystream from 0.5.0 to 0.5.1.

Release notes

Sourced from github.com/moby/spdystream's releases.

v0.5.1

What's Changed

Security

Fix memory amplification in SPDY frame parsing leads to denial of service (CVE-2026-35469 / GHSA-pc3f-x583-g7j2)

Changes

Full Changelog: moby/spdystream@v0.5.0...v0.5.1

Commits
  • c59e5d7 Merge pull request #109 from thaJeztah/use_ioutil
  • 2fd0155 use ioutil.Discard for go1.13 compatibility
  • ef6121f Merge commit from fork
  • 241cec9 compare with signed Int for 32-bit Arm
  • 21c3864 Add options to customize limits
  • acf9b45 spdy: update godoc for MaxDataLength
  • eb63605 spdy: limit header-size and header-count
  • 2f21da4 spdy: fix header block byte accounting
  • 5976b66 spdy: enforce 24-bit frame length limits
  • cf0ec5d Guard against oversized SPDY frames
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 4, 2026
@shano

shano commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

@dependabot recreate

@dependabot
build(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1
6138602 
Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/moby/spdystream/releases)
- [Commits](moby/spdystream@v0.5.0...v0.5.1)

---
updated-dependencies:
- dependency-name: github.com/moby/spdystream
  dependency-version: 0.5.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/moby/spdystream-0.5.1 branch from 2b4f0e9 to 6138602 Compare June 9, 2026 13:41
@shano shano closed this Jun 9, 2026
@shano shano reopened this Jun 9, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@github-actions github-actions Bot merged commit 788d34a into main Jun 9, 2026
7 checks passed
@github-actions github-actions Bot deleted the dependabot/go_modules/github.com/moby/spdystream-0.5.1 branch June 9, 2026 13:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shano shano shano approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shano @syntassodev