From 73fc6e128ace1efd90d5d87a09f4959ec5f70d82 Mon Sep 17 00:00:00 2001
From: senke <okin.tcs@gmail.com>
Date: Wed, 15 Apr 2026 15:31:35 +0200
Subject: [PATCH] fix(deps): bump x/net to v0.51.0 for GO-2026-4559
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

HTTP/2 frame handling panic fix in golang.org/x/net. The vuln database
added this entry between the local govulncheck run on 3d1f127ad (clean)
and the CI run on b33227a57 (GO-2026-4559 flagged). Reachable from
PlaylistHandler / SupportHandler / PlaylistExportHandler via standard
http2.* error and frame string helpers — production path, not test-only.

  golang.org/x/net    v0.50.0 → v0.51.0   (GO-2026-4559)

Local verification:
  go build ./...                OK
  go mod tidy                   OK
  govulncheck ./...             OK (no findings)
---
 veza-backend-api/go.mod | 2 +-
 veza-backend-api/go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/veza-backend-api/go.mod b/veza-backend-api/go.mod
index 224d90d25..52bff4a1a 100644
--- a/veza-backend-api/go.mod
+++ b/veza-backend-api/go.mod
@@ -158,7 +158,7 @@ require (
 	golang.org/x/arch v0.20.0 // indirect
 	golang.org/x/image v0.38.0 // indirect
 	golang.org/x/mod v0.33.0 // indirect
-	golang.org/x/net v0.50.0 // indirect
+	golang.org/x/net v0.51.0 // indirect
 	golang.org/x/sync v0.20.0 // indirect
 	golang.org/x/sys v0.42.0 // indirect
 	golang.org/x/text v0.35.0 // indirect
diff --git a/veza-backend-api/go.sum b/veza-backend-api/go.sum
index 776611537..138c184b3 100644
--- a/veza-backend-api/go.sum
+++ b/veza-backend-api/go.sum
@@ -383,8 +383,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
-golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
+golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
+golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
 golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
 golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=