Skip to content

build(deps): bump the golang-x group across 1 directory with 3 updates#3945

Merged
DrJosh9000 merged 1 commit into
mainfrom
dependabot/go_modules/golang-x-105f79c659
May 26, 2026
Merged

build(deps): bump the golang-x group across 1 directory with 3 updates#3945
DrJosh9000 merged 1 commit into
mainfrom
dependabot/go_modules/golang-x-105f79c659

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 25, 2026
edited
Loading

Bumps the golang-x group with 2 updates in the / directory: golang.org/x/crypto and golang.org/x/net.

Updates golang.org/x/crypto from 0.51.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.54.0 to 0.55.0

Commits
  • 7770ec4 go.mod: update golang.org/x dependencies
  • 4ece7b6 html: escape greater-than symbol in doctype identifiers
  • 08be507 html: improve Noah's Ark clause performance
  • a8fb2fe html: properly render fostered elements in foreign content
  • 0dc5b7a html: properly check namespace in "in body" any other end tag
  • a452f3c html: ignore duplicate attributes during tokenization
  • f865199 quic: fix appendMaxDataFrame erroneously accumulating sentLimit
  • 210ed3c quic: establish a "happened-before" relationship between stream write and read
  • ad8140e quic: fix buffer slicing when handling overlapping stream data
  • 23ee2ef http2: avoid API changes when built with go1.27
  • See full diff in compare view

Updates golang.org/x/sys from 0.44.0 to 0.45.0

Commits
  • 397d5f8 unix: update to Linux kernel 7.0
  • 0a387f7 cpu: detect zbc extension on riscv64
  • 758f71c cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64
  • 99666ae unix: merge Linux readv/writev implementation with Darwin/OpenBSD
  • e4444cb windows: add NtSetEaFile, NtQueryEaFile and NtQueryInformationFile
  • 04396e8 unix: add Readv, Writev, Preadv, Pwritev for OpenBSD
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 25, 2026
@dependabot dependabot Bot requested review from a team as code owners May 25, 2026 21:47
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 25, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 25, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgolang/​golang.org/​x/​crypto@​v0.51.0 ⏵ v0.52.074 +1100100100100
Updatedgolang/​golang.org/​x/​net@​v0.54.0 ⏵ v0.55.075 +1100100100100
Updatedgolang/​golang.org/​x/​sys@​v0.44.0 ⏵ v0.45.084100100100100

View full report

@dependabot
build(deps): bump the golang-x group across 1 directory with 3 updates
51bcab5 
Bumps the golang-x group with 2 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net).


Updates `golang.org/x/crypto` from 0.51.0 to 0.52.0
- [Commits](golang/crypto@v0.51.0...v0.52.0)

Updates `golang.org/x/net` from 0.54.0 to 0.55.0
- [Commits](golang/net@v0.54.0...v0.55.0)

Updates `golang.org/x/sys` from 0.44.0 to 0.45.0
- [Commits](golang/sys@v0.44.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/sys
  dependency-version: 0.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump the golang-x group with 3 updates build(deps): bump the golang-x group across 1 directory with 3 updates May 25, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang-x-105f79c659 branch from 0791234 to 51bcab5 Compare May 25, 2026 23:46
@DrJosh9000 DrJosh9000 merged commit c802132 into main May 26, 2026
4 checks passed
@DrJosh9000 DrJosh9000 deleted the dependabot/go_modules/golang-x-105f79c659 branch May 26, 2026 00:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DrJosh9000 DrJosh9000 DrJosh9000 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DrJosh9000