Skip to content

chore(deps): update module golang.org/x/crypto to v0.35.0 [security] (release-1.18) #6312

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jbw976 merged 1 commit into from
Mar 26, 2025
Merged

chore(deps): update module golang.org/x/crypto to v0.35.0 [security] (release-1.18) #6312

jbw976 merged 1 commit into from
Mar 26, 2025

Conversation

@crossplane-renovate
Copy link
Contributor

@crossplane-renovate crossplane-renovate bot commented Mar 5, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
golang.org/x/crypto indirect minor v0.32.0 -> v0.35.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Potential denial of service in golang.org/x/crypto

CVE-2025-22869 / GO-2025-3487

More information

Details

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@crossplane-renovate crossplane-renovate bot requested a review from a team as a code owner March 5, 2025 08:17
@crossplane-renovate crossplane-renovate bot requested a review from negz March 5, 2025 08:17
@crossplane-renovate crossplane-renovate bot force-pushed the renovate/release-1.18-go-golang.org-x-crypto-vulnerability branch from 8bce0ee to 5f04b47 Compare March 14, 2025 08:17
@crossplane-renovate
Copy link
Contributor Author

crossplane-renovate bot commented Mar 18, 2025

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 4 additional dependencies were updated

Details:

Package Change
golang.org/x/sync v0.10.0 -> v0.11.0
golang.org/x/sys v0.29.0 -> v0.30.0
golang.org/x/term v0.28.0 -> v0.29.0
golang.org/x/text v0.21.0 -> v0.22.0

@crossplane-renovate crossplane-renovate bot force-pushed the renovate/release-1.18-go-golang.org-x-crypto-vulnerability branch from 5f04b47 to c74aa33 Compare March 18, 2025 18:49
@jbw976 jbw976 merged commit 1bd79b3 into release-1.18 Mar 26, 2025
19 of 20 checks passed
@crossplane-renovate crossplane-renovate bot deleted the renovate/release-1.18-go-golang.org-x-crypto-vulnerability branch March 27, 2025 08:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbw976 jbw976 jbw976 approved these changes

@negz negz Awaiting requested review from negz negz is a code owner automatically assigned from crossplane/crossplane-maintainers

Assignees

No one assigned

Labels

automated

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jbw976