Update golang.org/x/net -> v0.15.0

[jcconnell]

Update golang.org/x/net from v0.12.0 -> v0.15.0 to address https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-5816820

[mna]

Thank you. It's important to understand, though, that the go.mod file of goquery does not define what the applications using goquery will use. That is, the fact that goquery's go.mod does not use the latest version of a dependency does not prevent in any way applications using goquery from updating to the latest dependency (as long as that dependency is version-compatible, of course):

$ go mod init
go: creating new go.mod: module myapp

$ go get github.com/PuerkitoBio/goquery@latest
go: added github.com/PuerkitoBio/goquery v1.8.1
go: added github.com/andybalholm/cascadia v1.3.1
go: added golang.org/x/net v0.7.0

$ go get -u
go: upgraded github.com/andybalholm/cascadia v1.3.1 => v1.3.2
go: upgraded golang.org/x/net v0.7.0 => v0.15.0

$ cat go.mod
module myapp

go 1.21.1

require github.com/PuerkitoBio/goquery v1.8.1

require (
	github.com/andybalholm/cascadia v1.3.2 // indirect
	golang.org/x/net v0.15.0 // indirect
)

$ go build .

$ go version -m myapp 
myapp: go1.21.1
	path	.../myapp
	mod	.../myapp	(devel)	
	dep	github.com/PuerkitoBio/goquery	v1.8.1	h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
	dep	github.com/andybalholm/cascadia	v1.3.2	h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
	dep	golang.org/x/net	v0.15.0	h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
	build	-buildmode=exe
	build	-compiler=gc
	build	CGO_ENABLED=1
	build	CGO_CFLAGS=
	build	CGO_CPPFLAGS=
	build	CGO_CXXFLAGS=
	build	CGO_LDFLAGS=
	build	GOARCH=amd64
	build	GOOS=linux
	build	GOAMD64=v1

[jcconnell]

Thank you for pointing this out - I was not aware. Good to know!

[mna]

No problem, yeah it's not something that is widely known or understood about Go modules.