Any plans to address GO-2025-3503 in resty?

[psunderhaus-alto]

GO-2025-3503 was published last week and found to impact the latest released version of resty (v2.16.5). govulncheck flags this in the CI for my project. I don't think it's severe enough in my case to matter so I could probably get by ignoring the finding for now. But, I'm curious if there are plans to upgrade resty's reliance on golang.org/x/net beyond the vulnerable versions. v0.36.0 and v0.37.0 were released at the beginning of the month.

Are there any such plans? I'm happy to help contribute, but I'd need to familiarize myself with any test suites used in the project to feel confident in submitting a PR that would blindly bump the version of the dependency.

Example redacted output from govulncheck for my project.

=== Symbol Results ===

Vulnerability #1: GO-2025-3503
    HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
  More info: https://pkg.go.dev/vuln/GO-2025-3503
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]

[jeevatkm]

@psunderhaus-alto I see, the package version number update is required. I will take care of it. In the meantime, please override the version in your go.mod file.