Skip to content

Bump golang.org/x/crypto from 0.39.0 to 0.45.0#148

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/go_modules/golang.org/x/crypto-0.45.0
Nov 20, 2025
Merged

Bump golang.org/x/crypto from 0.39.0 to 0.45.0#148
github-actions[bot] merged 1 commit intomainfrom
dependabot/go_modules/golang.org/x/crypto-0.45.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 20, 2025

Bumps golang.org/x/crypto from 0.39.0 to 0.45.0.

Commits
  • 4e0068c go.mod: update golang.org/x dependencies
  • e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • f91f7a7 ssh/agent: prevent panic on malformed constraint
  • 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
  • bcf6a84 acme: pass context to request
  • b4f2b62 ssh: fix error message on unsupported cipher
  • 79ec3a5 ssh: allow to bind to a hostname in remote forwarding
  • 122a78f go.mod: update golang.org/x dependencies
  • c0531f9 all: eliminate vet diagnostics
  • 0997000 all: fix some comments
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump golang.org/x/crypto from 0.39.0 to 0.45.0
d98b85f 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.39.0 to 0.45.0.
- [Commits](golang/crypto@v0.39.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies dependencies go Pull requests that update Go code labels Nov 20, 2025
@coderabbitai
Copy link

coderabbitai bot commented Nov 20, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions bot merged commit aeb8288 into main Nov 20, 2025
2 of 9 checks passed
@github-actions github-actions bot deleted the dependabot/go_modules/golang.org/x/crypto-0.45.0 branch November 20, 2025 02:15
@what-the-diff
Copy link

what-the-diff bot commented Nov 20, 2025

PR Summary

  • Upgraded Go Language Version
    The version of Go has been upgraded from 1.23.0 to 1.24.0 in the project's configuration file go.mod. This upgrade will benefit the project by taking advantage of improvements, bug fixes, and new features in the newer version of Go.

  • Updates to Toolchain Version
    The Go toolchain version has been shifted to 1.24.1. Toolchains are a set of programming tools that help in the creation of an executable application. Hence, updating the toolchain version will ensure that your application has better performance and security because it uses the latest tools.

  • Dependency Upgrades
    Several indirect dependencies in the project's go.mod file have been updated. Below are the details of these updates:

    • golang.org/x/crypto from v0.39.0 to v0.45.0
    • golang.org/x/net from v0.41.0 to v0.47.0
    • golang.org/x/sync from v0.15.0 to v0.18.0
    • golang.org/x/sys from v0.34.0 to v0.38.0
    • golang.org/x/text from v0.26.0 to v0.31.0

    These updates will improve the project by incorporating the latest enhancements and bug fixes provided by these dependencies.

  • Checksum Updates
    The go.sum file, which contains the expected cryptographic checksums of the content of specific module versions, has also been updated. This is for the integrity of the newly updated dependencies. Checksum updates ensure that the correct and secure version of the dependency is being used.

@snyk-io
Copy link

snyk-io bot commented Nov 20, 2025

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies dependencies go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants