Backport security fix for v0.25.1 patch release

[guicassolato]

Summary

Cherry-picked security fix for the v0.25.1 patch release.

Changes

• Backports PR Upgrade golang.org/x/net to v0.55.0 #315: Upgrade golang.org/x/net to v0.55.0

Semver Classification

All changes are patch-safe:

Change	Classification	Reason
golang.org/x/net v0.52.0 → v0.55.0	SAFE	Indirect dependency, security fix for idna package
Related golang.org/x/* bumps	SAFE	Transitive dependencies, no direct imports in codebase

Verification

• ✓ All golang.org/x packages are indirect dependencies (// indirect in go.mod)
• ✓ No direct imports of golang.org/x packages in the codebase
• ✓ Changes are dependency updates only (go.mod, go.sum)
• ✓ Original PR Upgrade golang.org/x/net to v0.55.0 #315 motivation: security fixes in idna package
• ✓ Cherry-pick applied cleanly without conflicts

Related

• Backports Upgrade golang.org/x/net to v0.55.0 #315
• Part of v0.25.1 patch release preparation

---

Generated via /kdt:patch-release workflow

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8a4a9257-703c-4491-b1cd-2b5c40e16515

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch backport-v0.25.1-patches

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.20%. Comparing base (4aa0652) to head (da5daf2).

Additional details and impacted files

@@              Coverage Diff              @@
##           release-0.25     #321   +/-   ##
=============================================
  Coverage         57.20%   57.20%           
=============================================
  Files                13       13           
  Lines              1458     1458           
=============================================
  Hits                834      834           
  Misses              529      529           
  Partials             95       95           

Flag	Coverage Δ
unit	57.20% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[maleck13]

changes look ok but not sure why builds are failing

[eguzki]

changes look ok but not sure why builds are failing

The scripts in release branch do no respect versions set in build.yml. The generated bundle is not the committed one and the bundle validation task report failure.

I believe it's been fixed in #324. I am going to rebase and see

[eguzki]

changes look ok but not sure why builds are failing

The scripts in release branch do no respect versions set in build.yml. The generated bundle is not the committed one and the bundle validation task report failure.

I believe it's been fixed in #324. I am going to rebase and see

The rebase did it