security(gomod): 🛡️ minor indirect to v0.44.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
golang.org/x/sys	v0.16.0 → v0.44.0

---

Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows

CVE-2026-39824 / GO-2026-5024

More information

Details

NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated string rather than an error.

Severity

Unknown

References

• https://go.dev/issue/78916
• https://go.dev/cl/770080
• https://groups.google.com/g/golang-announce/c/6MMI8Lj-Atg

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Configuration

📅 Schedule: (in timezone America/Chicago)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.21 -> 1.25.0

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.