Skip to content

chore(deps): bump the golang-x group across 1 directory with 5 updates#11380

Merged
lidel merged 2 commits into
masterfrom
dependabot/go_modules/golang-x-aaf21ed169
Jul 2, 2026
Merged

chore(deps): bump the golang-x group across 1 directory with 5 updates#11380
lidel merged 2 commits into
masterfrom
dependabot/go_modules/golang-x-aaf21ed169

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the golang-x group with 2 updates in the / directory: golang.org/x/crypto and golang.org/x/mod.

Updates golang.org/x/crypto from 0.52.0 to 0.53.0

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Updates golang.org/x/mod from 0.36.0 to 0.37.0

Commits
  • deb1dfc go.mod: update golang.org/x dependencies
  • 087f651 modfile: use slices.Backward
  • 343ee60 x/mod: allow for aggressively conslidating requires
  • See full diff in compare view

Updates golang.org/x/sync from 0.20.0 to 0.21.0

Commits

Updates golang.org/x/sys from 0.45.0 to 0.46.0

Commits

Updates golang.org/x/term from 0.43.0 to 0.44.0

Commits

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 1, 2026 21:32
@lidel

lidel commented Jul 2, 2026

Copy link
Copy Markdown
Member

@dependabot recreate

@dependabot dependabot Bot changed the title chore(deps): bump the golang-x group with 5 updates chore(deps): bump the golang-x group across 1 directory with 5 updates Jul 2, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang-x-aaf21ed169 branch from 8c7ca28 to 19a2d11 Compare July 2, 2026 08:43
@lidel lidel added the skip/changelog This change does NOT require a changelog entry label Jul 2, 2026
@lidel

lidel commented Jul 2, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@lidel

lidel commented Jul 2, 2026

Copy link
Copy Markdown
Member

@dependabot recreate

Bumps the golang-x group with 2 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/mod](https://github.com/golang/mod).


Updates `golang.org/x/crypto` from 0.52.0 to 0.53.0
- [Commits](golang/crypto@v0.52.0...v0.53.0)

Updates `golang.org/x/mod` from 0.36.0 to 0.37.0
- [Commits](golang/mod@v0.36.0...v0.37.0)

Updates `golang.org/x/sync` from 0.20.0 to 0.21.0
- [Commits](golang/sync@v0.20.0...v0.21.0)

Updates `golang.org/x/sys` from 0.45.0 to 0.46.0
- [Commits](golang/sys@v0.45.0...v0.46.0)

Updates `golang.org/x/term` from 0.43.0 to 0.44.0
- [Commits](golang/term@v0.43.0...v0.44.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/mod
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sync
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sys
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/term
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang-x-aaf21ed169 branch from 04878c7 to 6139bb5 Compare July 2, 2026 11:08
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgolang.org/​x/​crypto@​v0.52.0 ⏵ v0.53.074 +1100100100100
Updatedgolang.org/​x/​sys@​v0.45.0 ⏵ v0.46.084 +1100100100100
Updatedgolang.org/​x/​mod@​v0.36.0 ⏵ v0.37.096 +1100100100100
Updatedgolang.org/​x/​sync@​v0.20.0 ⏵ v0.21.099100100100100
Updatedgolang.org/​x/​term@​v0.43.0 ⏵ v0.44.0100100100100100

View full report

@lidel lidel merged commit 4c30fcf into master Jul 2, 2026
23 checks passed
@lidel lidel deleted the dependabot/go_modules/golang-x-aaf21ed169 branch July 2, 2026 12:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file skip/changelog This change does NOT require a changelog entry

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant