fix: cve-2026-39821, upgrade golang.org/x/net

[fghanmi]

CVE-2026-39821
This PR also includes fixes for CVE-2026-39829, intended in #3354

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: b75b6a8c-ba64-4fb2-aae0-84ff1dc09891

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 1:40 PM UTC · Completed 1:45 PM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-review]

Looks good to me

Previous run

Looks good to me

Previous run (2)

Looks good to me

---

Labels: Go dependency version bump to fix CVEs in golang.org/x/net.

Previous run (3)

Looks good to me

Previous run (4)

Looks good to me

[simonbaird]

/ok-to-test

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
acceptance	54.86% <ø> (ø)
generative	18.14% <ø> (ø)
integration	26.99% <ø> (ø)
unit	68.66% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 1:35 PM UTC · Completed 1:41 PM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 7:54 PM UTC · Completed 8:02 PM UTC
Commit: 47d3320 · View workflow run →

[fghanmi]

pushed new commit to fix acceptance test.

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 8:54 AM UTC · Completed 9:00 AM UTC
Commit: 47d3320 · View workflow run →

[st3penta]

/ok-to-test

[fghanmi]

@st3penta probably the same CVEs that we've seen in #3356 ?
PR 3356 fixed these extra 3 CVEs, maybe after we merge it, we re-run this PR ?

[fullsend-ai-review]

🤖 Review · ⚠️ Cancelled · Started 11:01 AM UTC · Ended 11:03 AM UTC
Commit: 47d3320 · View workflow run →

[fullsend-ai-review]

🤖 Finished Review · ✅ Success · Started 11:06 AM UTC · Completed 11:13 AM UTC
Commit: 47d3320 · View workflow run →

[dheerajodha]

/ok-to-test

[st3penta]

/ok-to-test

[fullsend-ai-retro]

🤖 Finished Retro · ❌ Failure · Started 3:37 PM UTC · Completed 3:44 PM UTC
Commit: 47d3320 · View workflow run →