daos Build(deps): Bump golang.org/x/net from 0.33.0 to 0.38.0 in /src/control

Bumps golang.org/x/net from 0.33.0 to 0.38.0.

Commits

e1fcd82 html: properly handle trailing solidus in unquoted attribute value in foreign...
ebed060 internal/http3: fix build of tests with GOEXPERIMENT=nosynctest
1f1fa29 publicsuffix: regenerate table
1215081 http2: improve error when server sends HTTP/1
312450e html: ensure <search> tag closes <p> and update tests
09731f9 http2: improve handling of lost PING in Server
55989e2 http2/h2c: use ResponseController for hijacking connections
2914f46 websocket: re-recommend gorilla/websocket
99b3ae0 go.mod: update golang.org/x dependencies
85d1d54 go.mod: update golang.org/x dependencies
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Apr 16 '25 19:04 dependabot[bot]

Ticket title is 'Update golang x/net to address CVE-2025-22872' Status is 'In Review' Labels: 'scrubbed_2.8' https://daosio.atlassian.net/browse/DAOS-17612

Apr 16 '25 19:04 github-actions[bot]

We need to land #16128 first--it includes some additional changes dealing with the go version update. Then we can rebase this and land it.

Apr 16 '25 23:04 kjacque

Test stage Build RPM on EL 9 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-16272/2/execution/node/287/log

Apr 17 '25 15:04 daosbuild1

Test stage Build RPM on EL 8 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-16272/2/execution/node/326/log

Apr 17 '25 15:04 daosbuild1

Test stage Build RPM on Leap 15.5 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-16272/2/execution/node/329/log

Apr 17 '25 15:04 daosbuild1

Test stage NLT on EL 8.8 completed with status UNSTABLE. https://build.hpdd.intel.com/job/daos-stack/job/daos//view/change-requests/job/PR-16272/2/testReport/

Apr 17 '25 15:04 daosbuild1

Not sure why dependabot updated the Go toolchain. I don't think we actually need an update with this change. Current versions of x/net and its dependencies all list their Go toolchain version as 1.23.

Apr 17 '25 23:04 kjacque

Test stage Functional Hardware Medium Verbs Provider completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-16272/3/execution/node/1486/log

Apr 18 '25 21:04 daosbuild1

Test stage Functional Hardware Medium completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-16272/3/execution/node/1439/log

Apr 19 '25 03:04 daosbuild1

@dependabot rebase

Jun 05 '25 22:06 kjacque

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

Jun 05 '25 22:06 dependabot[bot]

@dependabot recreate

Jun 05 '25 22:06 kjacque

The Trivy failure regards an issue with a dependency in the Java pom.xml file, which is also outstanding. I created a ticket for it. There is no longer a Trivy failure for the go.mod file.

Jun 05 '25 22:06 kjacque

Test stage NLT on EL 8.8 completed with status FAILURE. https://jenkins-3.daos.hpc.amslabs.hpecorp.net/job/daos-stack/job/daos/job/PR-16272/5/display/redirect

Jun 06 '25 14:06 daosbuild3

Test stage Functional Hardware Large MD on SSD completed with status FAILURE. https://jenkins-3.daos.hpc.amslabs.hpecorp.net//job/daos-stack/job/daos/view/change-requests/job/PR-16272/6/execution/node/1337/log

Jun 13 '25 06:06 daosbuild3

Test stage Functional Hardware Medium Verbs Provider MD on SSD completed with status FAILURE. https://jenkins-3.daos.hpc.amslabs.hpecorp.net//job/daos-stack/job/daos/view/change-requests/job/PR-16272/6/execution/node/1477/log

Jun 14 '25 08:06 daosbuild3

Test stage Functional Hardware Medium MD on SSD completed with status FAILURE. https://jenkins-3.daos.hpc.amslabs.hpecorp.net//job/daos-stack/job/daos/view/change-requests/job/PR-16272/6/execution/node/1458/log

Jun 14 '25 10:06 daosbuild3

Test stage Functional Hardware Medium Verbs Provider MD on SSD completed with status FAILURE. https://jenkins-3.daos.hpc.amslabs.hpecorp.net//job/daos-stack/job/daos/view/change-requests/job/PR-16272/7/execution/node/1468/log

Jul 03 '25 07:07 daosbuild3

Failure is a known, unrelated issue with rebuild: https://daosio.atlassian.net/issues/DAOS-17773

Jul 03 '25 20:07 kjacque