chore: bump vendor/zoekt to upgrade golang.org/x/net to ^0.55.0 (CVE-2026-25680)

linear-code[bot] · linear-code[bot] · commit d8490e5f74ce · 2026-06-23T14:05:35.000Z
Advances the vendor/zoekt submodule to a commit that upgrades golang.org/x/net v0.53.0 -> v0.55.0, addressing CVE-2026-25680 (excessive CPU consumption when parsing arbitrary HTML). go mod tidy also bumped the transitive golang.org/x/sys, golang.org/x/crypto, golang.org/x/term, and golang.org/x/text. Generated with [Linear](https://linear.app/sourcebot/issue/SOU-1417/sourcebot-devsourcebot-cve-2026-25680-parsing-arbitrary-html-can#agent-session-f919f080) Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Added per-step token cost tracking and estimated tool call token usage to Ask Sourcebot chat history. [#1353](https://github.com/sourcebot-dev/sourcebot/pull/1353)
 
+### Fixed
+- Bumped the `vendor/zoekt` submodule to upgrade `golang.org/x/net` to `^0.55.0`. [#1361](https://github.com/sourcebot-dev/sourcebot/pull/1361)
+
 ## [5.0.4] - 2026-06-18
 
 ### Changed
diff --git a/vendor/zoekt b/vendor/zoekt
@@ -1 +1 @@
-Subproject commit 3d1f49a3e6d367e714da1a00450efad2fd1a318c
+Subproject commit 1d5bf377c0efa969750fbefd85d6fdae3a890539
