Skip to content

Update module golang.org/x/crypto to v0.45.0 [SECURITY]#59

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-golang.org-x-crypto-vulnerability
Open

Update module golang.org/x/crypto to v0.45.0 [SECURITY]#59
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/go-golang.org-x-crypto-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Nov 20, 2025
edited
Loading

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Confidence
golang.org/x/crypto v0.36.0v0.45.0 age confidence

golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption

CVE-2025-58181 / GHSA-j5w8-q4qc-rx2x

More information

Details

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read

CVE-2025-47914 / GHSA-f6x5-jh6r-wrfv

More information

Details

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate

renovate Bot commented Nov 20, 2025

Copy link
Copy Markdown
Author

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 4 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.23.0 -> 1.24.0
golang.org/x/net v0.38.0 -> v0.47.0
golang.org/x/term v0.30.0 -> v0.37.0
golang.org/x/sys v0.31.0 -> v0.38.0
golang.org/x/text v0.23.0 -> v0.31.0

@renovate

renovate Bot commented Dec 15, 2025
edited
Loading

Copy link
Copy Markdown
Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 3 additional dependencies were updated

Details:

Package Change
golang.org/x/net v0.38.0 -> v0.47.0
golang.org/x/term v0.30.0 -> v0.37.0
golang.org/x/sys v0.31.0 -> v0.38.0

@renovate renovate Bot force-pushed the renovate/go-golang.org-x-crypto-vulnerability branch from 38fdba0 to 8b0cc26 Compare December 16, 2025 12:35
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-crypto-vulnerability branch from 8b0cc26 to 2db499b Compare February 2, 2026 15:43
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-crypto-vulnerability branch from 2db499b to 0e5622e Compare February 12, 2026 14:32
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-crypto-vulnerability branch from 0e5622e to 7025606 Compare February 24, 2026 14:02
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-crypto-vulnerability branch from 7025606 to 434e72b Compare February 25, 2026 09:46
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-crypto-vulnerability branch from 434e72b to 489437d Compare March 5, 2026 21:35
@renovate renovate Bot temporarily deployed to OS_AMD64_PS7 March 5, 2026 21:36 Inactive
@renovate renovate Bot temporarily deployed to OS_AMD64_PS7 March 5, 2026 21:36 Inactive
@renovate renovate Bot temporarily deployed to OS_ARM64_PS7 March 5, 2026 21:36 Inactive
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-crypto-vulnerability branch from 489437d to f9a9057 Compare March 13, 2026 16:37
@renovate renovate Bot temporarily deployed to OS_ARM64_PS7 March 13, 2026 16:37 Inactive
@renovate renovate Bot temporarily deployed to OS_AMD64_PS7 March 13, 2026 16:37 Inactive
@renovate renovate Bot temporarily deployed to OS_AMD64_PS7 March 13, 2026 16:37 Inactive
@renovate renovate Bot changed the title Update module golang.org/x/crypto to v0.45.0 [SECURITY] fix(deps): update module golang.org/x/crypto to v0.45.0 [security] Mar 26, 2026
@renovate renovate Bot changed the title fix(deps): update module golang.org/x/crypto to v0.45.0 [security] fix(deps): update module golang.org/x/crypto to v0.45.0 [security] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/go-golang.org-x-crypto-vulnerability branch March 27, 2026 03:29
@renovate renovate Bot changed the title fix(deps): update module golang.org/x/crypto to v0.45.0 [security] - autoclosed fix(deps): update module golang.org/x/crypto to v0.45.0 [security] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-crypto-vulnerability branch from f9a9057 to 1a30de4 Compare March 30, 2026 19:42
@renovate renovate Bot temporarily deployed to OS_ARM64_PS7 March 30, 2026 19:43 Inactive
@renovate renovate Bot temporarily deployed to OS_AMD64_PS7 March 30, 2026 19:43 Inactive
@renovate renovate Bot temporarily deployed to OS_AMD64_PS7 March 30, 2026 19:43 Inactive
@renovate renovate Bot changed the title fix(deps): update module golang.org/x/crypto to v0.45.0 [security] Update module golang.org/x/crypto to v0.45.0 [SECURITY] Apr 8, 2026
@renovate renovate Bot changed the title Update module golang.org/x/crypto to v0.45.0 [SECURITY] Update module golang.org/x/crypto to v0.45.0 [SECURITY] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title Update module golang.org/x/crypto to v0.45.0 [SECURITY] - autoclosed Update module golang.org/x/crypto to v0.45.0 [SECURITY] Apr 28, 2026
@renovate renovate Bot reopened this Apr 28, 2026
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-crypto-vulnerability branch 2 times, most recently from 1a30de4 to 91fda5f Compare April 28, 2026 00:40
@renovate renovate Bot temporarily deployed to OS_ARM64_PS7 April 28, 2026 00:41 Inactive
@renovate renovate Bot temporarily deployed to OS_AMD64_PS7 April 28, 2026 00:41 Inactive
@renovate renovate Bot temporarily deployed to OS_AMD64_PS7 April 28, 2026 00:41 Inactive
@renovate renovate Bot force-pushed the renovate/go-golang.org-x-crypto-vulnerability branch from 91fda5f to 83e88fb Compare May 12, 2026 14:42
@renovate renovate Bot temporarily deployed to OS_ARM64_PS7 May 12, 2026 14:43 Inactive
@renovate renovate Bot temporarily deployed to OS_AMD64_PS7 May 12, 2026 14:43 Inactive
@renovate renovate Bot temporarily deployed to OS_AMD64_PS7 May 12, 2026 14:43 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants