[chore]: Bump golang.org/x/net from 0.37.0 to 0.38.0

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.37.0 to 0.38.0. - [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
2025-12-08 13:08:07 -06:00 · 2025-04-01 15:26:00 +00:00 · 2025-04-01 15:26:00 +00:00 · 8948814771
commit 8948814771
parent fdf23a91de
14 changed files with 679 additions and 655 deletions
--- a/go.mod
+++ b/go.mod
@ -2,7 +2,7 @@ module github.com/superseriousbusiness/gotosocial
 go 1.23.0
-toolchain go1.23.3
+toolchain go1.24.1
 // Replace go-swagger with our version that fixes (ours particularly) use of Go1.23
 replace github.com/go-swagger/go-swagger => codeberg.org/superseriousbusiness/go-swagger v0.31.0-gts-go1.23-fix
@ -84,7 +84,7 @@ require (
 	go.uber.org/automaxprocs v1.6.0
 	golang.org/x/crypto v0.36.0
 	golang.org/x/image v0.24.0
-	golang.org/x/net v0.37.0
+	golang.org/x/net v0.38.0
 	golang.org/x/oauth2 v0.27.0
 	golang.org/x/sys v0.31.0
 	golang.org/x/text v0.23.0
--- a/go.sum
+++ b/go.sum
@ -554,8 +554,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
 golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
--- a/vendor/golang.org/x/net/html/atom/table.go
+++ b/vendor/golang.org/x/net/html/atom/table.go
--- a/vendor/golang.org/x/net/html/parse.go
+++ b/vendor/golang.org/x/net/html/parse.go
@ -924,7 +924,7 @@ func inBodyIM(p *parser) bool {
 			p.addElement()
 			p.im = inFramesetIM
 			return true
-		case a.Address, a.Article, a.Aside, a.Blockquote, a.Center, a.Details, a.Dialog, a.Dir, a.Div, a.Dl, a.Fieldset, a.Figcaption, a.Figure, a.Footer, a.Header, a.Hgroup, a.Main, a.Menu, a.Nav, a.Ol, a.P, a.Section, a.Summary, a.Ul:
+		case a.Address, a.Article, a.Aside, a.Blockquote, a.Center, a.Details, a.Dialog, a.Dir, a.Div, a.Dl, a.Fieldset, a.Figcaption, a.Figure, a.Footer, a.Header, a.Hgroup, a.Main, a.Menu, a.Nav, a.Ol, a.P, a.Search, a.Section, a.Summary, a.Ul:
 			p.popUntil(buttonScope, a.P)
 			p.addElement()
 		case a.H1, a.H2, a.H3, a.H4, a.H5, a.H6:
@ -1136,7 +1136,7 @@ func inBodyIM(p *parser) bool {
 				return false
 			}
 			return true
-		case a.Address, a.Article, a.Aside, a.Blockquote, a.Button, a.Center, a.Details, a.Dialog, a.Dir, a.Div, a.Dl, a.Fieldset, a.Figcaption, a.Figure, a.Footer, a.Header, a.Hgroup, a.Listing, a.Main, a.Menu, a.Nav, a.Ol, a.Pre, a.Section, a.Summary, a.Ul:
+		case a.Address, a.Article, a.Aside, a.Blockquote, a.Button, a.Center, a.Details, a.Dialog, a.Dir, a.Div, a.Dl, a.Fieldset, a.Figcaption, a.Figure, a.Footer, a.Header, a.Hgroup, a.Listing, a.Main, a.Menu, a.Nav, a.Ol, a.Pre, a.Search, a.Section, a.Summary, a.Ul:
 			p.popUntil(defaultScope, p.tok.DataAtom)
 		case a.Form:
 			if p.oe.contains(a.Template) {
--- a/vendor/golang.org/x/net/html/token.go
+++ b/vendor/golang.org/x/net/html/token.go
@ -839,8 +839,22 @@ func (z *Tokenizer) readStartTag() TokenType {
 	if raw {
 		z.rawTag = strings.ToLower(string(z.buf[z.data.start:z.data.end]))
 	}
-	// Look for a self-closing token like "<br/>".
+	// Look for a self-closing token (e.g. <br/>).
-	if z.err == nil && z.buf[z.raw.end-2] == '/' {
+	//
 	// Originally, we did this by just checking that the last character of the
 	// tag (ignoring the closing bracket) was a solidus (/) character, but this
 	// is not always accurate.
 	//
 	// We need to be careful that we don't misinterpret a non-self-closing tag
 	// as self-closing, as can happen if the tag contains unquoted attribute
 	// values (i.e. <p a=/>).
 	//
 	// To avoid this, we check that the last non-bracket character of the tag
 	// (z.raw.end-2) isn't the same character as the last non-quote character of
 	// the last attribute of the tag (z.pendingAttr[1].end-1), if the tag has
 	// attributes.
 	nAttrs := len(z.attr)
 	if z.err == nil && z.buf[z.raw.end-2] == '/' && (nAttrs == 0 || z.raw.end-2 != z.attr[nAttrs-1][1].end-1) {
 		return SelfClosingTagToken
 	}
 	return StartTagToken
--- a/vendor/golang.org/x/net/http2/frame.go
+++ b/vendor/golang.org/x/net/http2/frame.go
@ -225,6 +225,11 @@ var fhBytes = sync.Pool{
 	},
 }
 func invalidHTTP1LookingFrameHeader() FrameHeader {
 	fh, _ := readFrameHeader(make([]byte, frameHeaderLen), strings.NewReader("HTTP/1.1 "))
 	return fh
 }
 // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader.
 // Most users should use Framer.ReadFrame instead.
 func ReadFrameHeader(r io.Reader) (FrameHeader, error) {
@ -503,10 +508,16 @@ func (fr *Framer) ReadFrame() (Frame, error) {
 		return nil, err
 	}
 	if fh.Length > fr.maxReadSize {
 		if fh == invalidHTTP1LookingFrameHeader() {
 			return nil, fmt.Errorf("http2: failed reading the frame payload: %w, note that the frame header looked like an HTTP/1.1 header", err)
 		}
 		return nil, ErrFrameTooLarge
 	}
 	payload := fr.getReadBuf(fh.Length)
 	if _, err := io.ReadFull(fr.r, payload); err != nil {
 		if fh == invalidHTTP1LookingFrameHeader() {
 			return nil, fmt.Errorf("http2: failed reading the frame payload: %w, note that the frame header looked like an HTTP/1.1 header", err)
 		}
 		return nil, err
 	}
 	f, err := typeFrameParser(fh.Type)(fr.frameCache, fh, fr.countError, payload)
--- a/vendor/golang.org/x/net/http2/h2c/h2c.go
+++ b/vendor/golang.org/x/net/http2/h2c/h2c.go
@ -132,11 +132,8 @@ func (s h2cHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 // of the body, and reforward the client preface on the net.Conn this function
 // creates.
 func initH2CWithPriorKnowledge(w http.ResponseWriter) (net.Conn, error) {
-	hijacker, ok := w.(http.Hijacker)
+	rc := http.NewResponseController(w)
-	if !ok {
+	conn, rw, err := rc.Hijack()
 		return nil, errors.New("h2c: connection does not support Hijack")
 	}
 	conn, rw, err := hijacker.Hijack()
 	if err != nil {
 		return nil, err
 	}
@ -163,10 +160,6 @@ func h2cUpgrade(w http.ResponseWriter, r *http.Request) (_ net.Conn, settings []
 	if err != nil {
 		return nil, nil, err
 	}
 	hijacker, ok := w.(http.Hijacker)
 	if !ok {
 		return nil, nil, errors.New("h2c: connection does not support Hijack")
 	}
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
@ -174,7 +167,8 @@ func h2cUpgrade(w http.ResponseWriter, r *http.Request) (_ net.Conn, settings []
 	}
 	r.Body = io.NopCloser(bytes.NewBuffer(body))
-	conn, rw, err := hijacker.Hijack()
+	rc := http.NewResponseController(w)
 	conn, rw, err := rc.Hijack()
 	if err != nil {
 		return nil, nil, err
 	}
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@ -1068,7 +1068,10 @@ func (sc *serverConn) serve(conf http2Config) {
 func (sc *serverConn) handlePingTimer(lastFrameReadTime time.Time) {
 	if sc.pingSent {
-		sc.vlogf("timeout waiting for PING response")
+		sc.logf("timeout waiting for PING response")
 		if f := sc.countErrorFunc; f != nil {
 			f("conn_close_lost_ping")
 		}
 		sc.conn.Close()
 		return
 	}
--- a/vendor/golang.org/x/net/publicsuffix/data/children
+++ b/vendor/golang.org/x/net/publicsuffix/data/children
--- a/vendor/golang.org/x/net/publicsuffix/data/nodes
+++ b/vendor/golang.org/x/net/publicsuffix/data/nodes
--- a/vendor/golang.org/x/net/publicsuffix/data/text
+++ b/vendor/golang.org/x/net/publicsuffix/data/text
--- a/vendor/golang.org/x/net/publicsuffix/list.go
+++ b/vendor/golang.org/x/net/publicsuffix/list.go
@ -77,7 +77,7 @@ func (list) String() string {
 // privately managed domain (and in practice, not a top level domain) or an
 // unmanaged top level domain (and not explicitly mentioned in the
 // publicsuffix.org list). For example, "foo.org" and "foo.co.uk" are ICANN
-// domains, "foo.dyndns.org" and "foo.blogspot.co.uk" are private domains and
+// domains, "foo.dyndns.org" is a private domain and
 // "cromulent" is an unmanaged top level domain.
 //
 // Use cases for distinguishing ICANN domains like "foo.com" from private
--- a/vendor/golang.org/x/net/publicsuffix/table.go
+++ b/vendor/golang.org/x/net/publicsuffix/table.go
@ -4,7 +4,7 @@ package publicsuffix
 import _ "embed"
-const version = "publicsuffix.org's public_suffix_list.dat, git revision 63cbc63d470d7b52c35266aa96c4c98c96ec499c (2023-08-03T10:01:25Z)"
+const version = "publicsuffix.org's public_suffix_list.dat, git revision 2c960dac3d39ba521eb5db9da192968f5be0aded (2025-03-18T07:22:13Z)"
 const (
 	nodesBits           = 40
@ -26,7 +26,7 @@ const (
 )
 // numTLD is the number of top level domains.
-const numTLD = 1474
+const numTLD = 1454
 // text is the combined text of all labels.
 //
@ -63,8 +63,8 @@ var nodes uint40String
 //go:embed data/children
 var children uint32String
-// max children 743 (capacity 1023)
+// max children 870 (capacity 1023)
-// max text offset 30876 (capacity 65535)
+// max text offset 31785 (capacity 65535)
 // max text length 31 (capacity 63)
-// max hi 9322 (capacity 16383)
+// max hi 10100 (capacity 16383)
-// max lo 9317 (capacity 16383)
+// max lo 10095 (capacity 16383)
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -1079,7 +1079,7 @@ golang.org/x/image/webp
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.37.0
+# golang.org/x/net v0.38.0
 ## explicit; go 1.23.0
 golang.org/x/net/bpf
 golang.org/x/net/context