I did not analyze all code changes, but just looking at the difference in modules linked between “good” and “bad” releases, this catches the eye (see go.mod):
golang.org/x/net, which provides socket support among other networky thing, was updated from v0.9.0 to v0.10.0github.com/quic-go/quic-go, which, well, does the obviously relevant to the present discussion thing, was updated from v0.32.0 to v0.37.4!- Related,
github.com/quic-go/qtls-go1-20was updated from v0.1.0 to v0.3.1!!
That’s quite a massive upgrade, and I bet the culprit is in there.
Were there any reasons for such a drastic update of these crucial dependencies? I would roll everything back and only upgrade things that need to be upgraded for the reasons well understood, not just because some fella released a new update.