diff --git a/go.mod b/go.mod
index 5cc0713..34ff248 100644
--- a/go.mod
+++ b/go.mod
@@ -1,12 +1,13 @@
 module github.com/microcosm-cc/bluemonday
 
-go 1.18
+go 1.19
 
 require (
 	github.com/aymerick/douceur v0.2.0
-	golang.org/x/net v0.0.0-20210614182718-04defd469f4e
+	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
 )
 
 require github.com/gorilla/css v1.0.0 // indirect
 
 retract [v1.0.0, v1.0.18] // Retract older versions as only latest is to be depended upon
+retract v1.0.19 // Uses older version of golang.org/x/net
diff --git a/go.sum b/go.sum
index 11c4fe4..81ad6ef 100644
--- a/go.sum
+++ b/go.sum
@@ -2,5 +2,5 @@ github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuP
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
 github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
-golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q=
-golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
diff --git a/sanitize_test.go b/sanitize_test.go
index 3cc35e0..3a0345d 100644
--- a/sanitize_test.go
+++ b/sanitize_test.go
@@ -1602,9 +1602,17 @@ func TestComments(t *testing.T) {
 			in:       `1 <!-- 2 --> 3`,
 			expected: `1 <!-- 2 --> 3`,
 		},
+		// Note that prior to go1.19 this test worked and preserved HTML comments
+		// of the style used by Microsoft to create browser specific sections.
+		//
+		// However as @zhsj notes https://github.com/microcosm-cc/bluemonday/pull/148
+		// the commit https://github.com/golang/net/commit/06994584 broke this.
+		//
+		// I haven't found a way to allow MS style comments without creating a risk
+		// for every user of bluemonday that utilises .AllowComments()
 		{
 			in:       `<!--[if gte mso 9]>Hello<![endif]-->`,
-			expected: `<!--[if gte mso 9]>Hello<![endif]-->`,
+			expected: `<!--[if gte mso 9]&gt;Hello&lt;![endif]-->`,
 		},
 	}