Skip to content

chore(deps): bump github.com/moby/spdystream from 0.2.0 to 0.5.1#5791

Merged
fluid-e2e-bot[bot] merged 1 commit intomasterfrom
dependabot/go_modules/github.com/moby/spdystream-0.5.1
Apr 19, 2026
Merged

chore(deps): bump github.com/moby/spdystream from 0.2.0 to 0.5.1#5791
fluid-e2e-bot[bot] merged 1 commit intomasterfrom
dependabot/go_modules/github.com/moby/spdystream-0.5.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 16, 2026
edited
Loading

Bumps github.com/moby/spdystream from 0.2.0 to 0.5.1.

Release notes

Sourced from github.com/moby/spdystream's releases.

v0.5.1

What's Changed

Full Changelog: moby/spdystream@v0.5.0...v0.5.1

[v0.5.0] Avoid leaking timeout timer channels and update github actions

What's Changed

Full Changelog: moby/spdystream@v0.4.0...v0.5.0

[v0.4.0] fix goroutine leak and remove unused code

What's Changed

New Contributors

Full Changelog: moby/spdystream@v0.3.0...v0.4.0

[v0.3.0] Release with fixes for a race condition

What's Changed

New Contributors

Full Changelog: moby/spdystream@v0.2.0...v0.3.0

Commits
  • c59e5d7 Merge pull request #109 from thaJeztah/use_ioutil
  • 2fd0155 use ioutil.Discard for go1.13 compatibility
  • ef6121f Merge commit from fork
  • 241cec9 compare with signed Int for 32-bit Arm
  • 21c3864 Add options to customize limits
  • acf9b45 spdy: update godoc for MaxDataLength
  • eb63605 spdy: limit header-size and header-count
  • 2f21da4 spdy: fix header block byte accounting
  • 5976b66 spdy: enforce 24-bit frame length limits
  • cf0ec5d Guard against oversized SPDY frames
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 16, 2026
@fluid-e2e-bot
Copy link
Copy Markdown

fluid-e2e-bot Bot commented Apr 16, 2026

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a fluid-cloudnative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@cheyang
Copy link
Copy Markdown
Collaborator

cheyang commented Apr 17, 2026

@dependabot rebase

@dependabot
chore(deps): bump github.com/moby/spdystream from 0.2.0 to 0.5.1
3c8f054 
Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.2.0 to 0.5.1.
- [Release notes](https://github.com/moby/spdystream/releases)
- [Commits](moby/spdystream@v0.2.0...v0.5.1)

---
updated-dependencies:
- dependency-name: github.com/moby/spdystream
  dependency-version: 0.5.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/moby/spdystream-0.5.1 branch from 458ec99 to 3c8f054 Compare April 17, 2026 08:20
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 17, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@RongGu RongGu requested a review from Copilot April 19, 2026 11:50
RongGu
RongGu approved these changes Apr 19, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@RongGu RongGu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@fluid-e2e-bot fluid-e2e-bot Bot added the lgtm label Apr 19, 2026
@fluid-e2e-bot
Copy link
Copy Markdown

fluid-e2e-bot Bot commented Apr 19, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RongGu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@fluid-e2e-bot fluid-e2e-bot Bot merged commit 0956e64 into master Apr 19, 2026
19 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/moby/spdystream-0.5.1 branch April 19, 2026 11:51
Copilot AI reviewed Apr 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the vendored github.com/moby/spdystream dependency to v0.5.1, bringing in upstream fixes around frame-size enforcement, header parsing limits, and reducing goroutine/timer leak risks in SPDY connection management.

Changes:

  • Bump github.com/moby/spdystream from v0.2.0 to v0.5.1 (go.mod/go.sum + vendored source).
  • Update vendored SPDY framer to enforce 24-bit frame length limits and add configurable parsing limits (max frame payload, header field size, header count).
  • Update vendored connection/stream synchronization and shutdown timing behavior; refresh vendored licensing/notice files.

Reviewed changes

Copilot reviewed 1 out of 13 changed files in this pull request and generated no comments.

Show a summary per file
File Description
vendor/modules.txt Updates vendored module version reference for spdystream.
vendor/github.com/moby/spdystream/stream.go Adds locking around Stream.IsFinished() to avoid races.
vendor/github.com/moby/spdystream/connection.go Adds connection options, adjusts ping locking, and improves shutdown/wait timer handling.
vendor/github.com/moby/spdystream/NOTICE Updates NOTICE to reflect included derived SPDY implementation licensing.
vendor/github.com/moby/spdystream/spdy/types.go Adds frame-size documentation, default header limits, and new framer constructors with options.
vendor/github.com/moby/spdystream/spdy/read.go Enforces control-frame length/header limits; discards oversized frames; makes header parsing framer-aware.
vendor/github.com/moby/spdystream/spdy/write.go Adds frame length validations and fixes header-byte accounting.
vendor/github.com/moby/spdystream/spdy/options.go Introduces FramerOption helpers to configure parsing limits.
vendor/github.com/moby/spdystream/spdy/dictionary.go Removes duplicate license header block (vendored upstream change).
vendor/github.com/moby/spdystream/spdy/LICENSE Adds BSD license text for the derived Go SPDY code.
vendor/github.com/moby/spdystream/spdy/PATENTS Adds Go patent grant file for derived SPDY code.
go.mod Bumps spdystream version; reclassifies some deps as indirect (tidy result).
go.sum Updates sums for spdystream v0.5.1.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@RongGu RongGu RongGu approved these changes

Assignees

@RongGu RongGu

Labels

approved dependencies Pull requests that update a dependency file go Pull requests that update Go code lgtm needs-ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cheyang @RongGu