Skip to content

Update all packages with golang.org/x/crypto to v0.45.0#296

Merged
sgmiller merged 2 commits intomainfrom
stevendpclark_update-x-crypto-v1450
Dec 1, 2025
Merged

Update all packages with golang.org/x/crypto to v0.45.0#296
sgmiller merged 2 commits intomainfrom
stevendpclark_update-x-crypto-v1450

Conversation

@stevendpclark
Copy link
Copy Markdown
Contributor

@stevendpclark stevendpclark commented Nov 24, 2025
edited
Loading

Update all packages that had a direct or indirect dependency on golang.org/x/crypto to version v0.45.0 to remediate various warnings from the package. This latest version of golang.org/x/crypto, requires Go 1.24 so various packages have had their minimum Go versions bumped. I've also bumped the versions we run within CI accordingly to 1.25 and 1.24 from 1.24 and 1.23.

To the best of my knowledge none of the packages use any of the code that was part of the reported vulnerabilities but this will help lower the number of false positives.

PCI review checklist

  • I have documented a clear reason for, and description of, the change I am making.

  • If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.

  • If applicable, I've documented the impact of any changes to security controls.

    Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

@stevendpclark stevendpclark self-assigned this Nov 24, 2025
@stevendpclark stevendpclark added the dependencies Pull requests that update a dependency file label Nov 24, 2025
johanbrandhorst
johanbrandhorst approved these changes Dec 1, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@johanbrandhorst johanbrandhorst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, seems reasonable to me!

@sgmiller sgmiller merged commit 3000775 into main Dec 1, 2025
20 checks passed
@sgmiller sgmiller deleted the stevendpclark_update-x-crypto-v1450 branch December 1, 2025 20:06
@stevendpclark stevendpclark mentioned this pull request Feb 2, 2026
Closed
@campaigner-prod campaigner-prod Bot mentioned this pull request Apr 23, 2026
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sgmiller sgmiller sgmiller approved these changes

+1 more reviewer

@johanbrandhorst johanbrandhorst johanbrandhorst approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@stevendpclark stevendpclark

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stevendpclark @sgmiller @johanbrandhorst