chore(deps): bump golang.org/x/net from 0.47.0 to 0.49.0

[dependabot]

Bumps golang.org/x/net from 0.47.0 to 0.49.0.

Commits

• d977772 go.mod: update golang.org/x dependencies
• eea413e internal/http3: use go1.25 synctest.Test instead of go1.24 synctest.Run
• 9ace223 websocket: add missing call to resp.Body.Close
• 7d3dbb0 http2: buffer the most recently received PRIORITY_UPDATE frame
• 35e1306 go.mod: update golang.org/x dependencies
• 7c36036 http2, webdav, websocket: fix %q verb uses with wrong type
• ec11ecc trace: fix data race in RenderEvents
• bff14c5 http2: don't PING a responsive server when resetting a stream
• 88a6421 dns/dnsmessage: avoid use of "strings" and "math" in dns/dnsmessage
• 123d099 http2: support net/http.Transport.NewClientConn
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	4		0	0	0.25s
✅ API	spectral	2		0	0	4.23s
✅ COPYPASTE	jscpd	yes		no	no	1.84s
✅ DOCKERFILE	hadolint	1		0	0	0.08s
✅ GO	golangci-lint	yes	yes	no	no	39.11s
✅ GO	revive	yes		no	no	0.03s
✅ MARKDOWN	markdownlint	2	0	0	0	0.67s
✅ MARKDOWN	markdown-table-formatter	2	0	0	0	0.35s
✅ REPOSITORY	checkov	yes		no	no	29.82s
✅ REPOSITORY	gitleaks	yes		no	no	0.3s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	28.04s
✅ REPOSITORY	secretlint	yes		no	no	0.39s
✅ REPOSITORY	syft	yes		no	no	1.51s
✅ REPOSITORY	trivy	yes		no	no	6.24s
✅ REPOSITORY	trivy-sbom	yes		no	no	1.44s
✅ REPOSITORY	trufflehog	yes		no	no	2.21s
✅ SPELL	lychee	12		0	0	0.28s
✅ YAML	prettier	10	0	0	0	0.77s
✅ YAML	v8r	10		0	0	6.9s
✅ YAML	yamllint	10		0	0	0.6s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,API_SPECTRAL,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,GO_GOLANGCI_LINT,GO_REVIVE,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R