Skip to content

build(deps): bump github.com/moby/spdystream from 0.2.0 to 0.5.1#5296

Merged
maru-ava merged 2 commits intomasterfrom
dependabot/go_modules/github.com/moby/spdystream-0.5.1
Apr 29, 2026
Merged

build(deps): bump github.com/moby/spdystream from 0.2.0 to 0.5.1#5296
maru-ava merged 2 commits intomasterfrom
dependabot/go_modules/github.com/moby/spdystream-0.5.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 16, 2026
edited
Loading

Bumps github.com/moby/spdystream from 0.2.0 to 0.5.1.

Release notes

Sourced from github.com/moby/spdystream's releases.

v0.5.1

What's Changed

Security

Fix memory amplification in SPDY frame parsing leads to denial of service (CVE-2026-35469 / GHSA-pc3f-x583-g7j2)

Changes

Full Changelog: moby/spdystream@v0.5.0...v0.5.1

[v0.5.0] Avoid leaking timeout timer channels and update github actions

What's Changed

Full Changelog: moby/spdystream@v0.4.0...v0.5.0

[v0.4.0] fix goroutine leak and remove unused code

What's Changed

New Contributors

Full Changelog: moby/spdystream@v0.3.0...v0.4.0

[v0.3.0] Release with fixes for a race condition

What's Changed

New Contributors

Full Changelog: moby/spdystream@v0.2.0...v0.3.0

Commits
  • c59e5d7 Merge pull request #109 from thaJeztah/use_ioutil
  • 2fd0155 use ioutil.Discard for go1.13 compatibility
  • ef6121f Merge commit from fork
  • 241cec9 compare with signed Int for 32-bit Arm
  • 21c3864 Add options to customize limits
  • acf9b45 spdy: update godoc for MaxDataLength
  • eb63605 spdy: limit header-size and header-count
  • 2f21da4 spdy: fix header block byte accounting
  • 5976b66 spdy: enforce 24-bit frame length limits
  • cf0ec5d Guard against oversized SPDY frames
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies This primarily focuses on changing a dependency go Pull requests that update Go code labels Apr 16, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 16, 2026 20:48
@dependabot dependabot Bot added dependencies This primarily focuses on changing a dependency go Pull requests that update Go code labels Apr 16, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/moby/spdystream-0.5.1 branch from 0c73413 to 1c06d38 Compare April 28, 2026 16:21
@dependabot
build(deps): bump github.com/moby/spdystream from 0.2.0 to 0.5.1
593c5d1 
Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.2.0 to 0.5.1.
- [Release notes](https://github.com/moby/spdystream/releases)
- [Commits](moby/spdystream@v0.2.0...v0.5.1)

---
updated-dependencies:
- dependency-name: github.com/moby/spdystream
  dependency-version: 0.5.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/moby/spdystream-0.5.1 branch from 1c06d38 to 593c5d1 Compare April 28, 2026 16:25
@maru-ava maru-ava added this pull request to the merge queue Apr 29, 2026
Merged via the queue into master with commit 2bfabb7 Apr 29, 2026
60 checks passed
@maru-ava maru-ava deleted the dependabot/go_modules/github.com/moby/spdystream-0.5.1 branch April 29, 2026 16:21
@github-project-automation github-project-automation Bot moved this to Done 🎉 in avalanchego Apr 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ARR4N ARR4N ARR4N approved these changes

@JonathanOppenheimer JonathanOppenheimer JonathanOppenheimer approved these changes

@maru-ava maru-ava maru-ava approved these changes

@StephenButtolph StephenButtolph Awaiting requested review from StephenButtolph

Assignees

No one assigned

Labels

dependencies This primarily focuses on changing a dependency go Pull requests that update Go code

Projects

avalanchego
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ARR4N @JonathanOppenheimer @maru-ava