vendor: golang.org/x/crypto v0.35.0, golang.org/x/oauth2 v0.27.0

[thaJeztah]

• depends on / stacked on update minimum go version to go1.23 #49541

---

vendor: golang.org/x/sys v0.30.0

full diff: golang/sys@v0.29.0...v0.30.0

vendor: golang.org/x/sync v0.11.0

no code-changes, only a godoc comment updated

full diff: golang/sync@v0.10.0...v0.11.0

vendor: golang.org/x/text v0.22.0

no code-changes in vendored files.

full diff: golang/text@v0.21.0...v0.22.0

vendor: golang.org/x/crypto v0.33.0

Relevant changes;

• go.mod: update golang.org/x dependencies
• ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner)
  interface

full diff: golang/crypto@v0.31.0...v0.33.0

vendor: golang.org/x/crypto v0.34.0

No code-changes, but updates the minimum go version to go1.23:

all: upgrade go directive to at least 1.23.0 [generated]

By now Go 1.24.0 has been released, and Go 1.22 is no longer supported
per the Go Release Policy (https://go.dev/doc/devel/release#policy).

For golang/go#69095.

full diff: golang/crypto@v0.33.0...v0.34.0

vendor: golang.org/x/crypto v0.35.0

We have tagged version v0.35.0 of golang.org/x/crypto in order to address
a security issue. Version v0.35.0 of golang.org/x/crypto fixes a vulnerability
in the golang.org/x/crypto/ssh package which could cause a denial of service.
SSH servers which implement file transfer protocols are vulnerable to a denial
of service attack from clients which complete the key exchange slowly, or not
at all, causing pending content to be read into memory, but never transmitted.
Thanks to Yuichi Watanabe for reporting this issue.
This is CVE-2025-22869 and Go issue https://go.dev/issue/71931.

full diff: golang/crypto@v0.31.0...v0.35.0

vendor: golang.org/x/oauth2 v0.26.0

No code changes, only comments (warnings) added;

• google: add warning about externally-provided credentials

Important: If you accept a credential configuration (credential JSON/File/Stream) from an
external source for authentication to Google Cloud Platform, you must validate it before
providing it to any Google API or library. Providing an unvalidated credential configuration to
Google APIs can compromise the security of your systems and data. For more information, refer to
Validate credential configurations from external sources.

full diff: golang/oauth2@v0.23.0...v0.26.0

vendor: golang.org/x/oauth2 v0.27.0

We have tagged version v0.27.0 of golang.org/x/oauth2 in order to address
a security issue.

jws: unexpected memory consumption during token parsing

Version v0.27.0 of golang.org/x/oauth2 fixes a vulnerability in the
golang.org/x/oauth2/jws package which could cause a denial of service.
An attacker can pass a malicious malformed token which causes unexpected
memory to be consumed during parsing.

Thanks to jub0bs for reporting this issue.
This is CVE-2025-22868 and Go issue https://go.dev/issue/71490.

full diff: golang/oauth2@v0.26.0...v0.27.0

- Human readable description for the release notes

- A picture of a cute animal (not mandatory but encouraged)

[thaJeztah]

More weird errors; perhaps because of the GitHub migration to their "v2" store?

#125 preparing build cache for export 75.6s done
#125 writing layer sha256:c83ffb796c379deb0f9b9940c2f63456545c1c228a2300355f3bf2ee3f0e3300 0.1s done
#125 ERROR: error writing layer blob: GET https://productionresultssa7.blob.core.windows.net/actions-cache/861-15325381
--------------------------------------------------------------------------------
RESPONSE 404: 404 The specified blob does not exist.
ERROR CODE: BlobNotFound
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist.
RequestId:bbfec0b4-001e-00bf-6172-8735af000000
Time:2025-02-25T10:44:52.3953576Z</Message></Error>
--------------------------------------------------------------------------------

------
 > exporting to GitHub Actions Cache:
------
ERROR: failed to solve: error writing layer blob: GET https://productionresultssa7.blob.core.windows.net/actions-cache/861-15325381
--------------------------------------------------------------------------------
RESPONSE 404: 404 The specified blob does not exist.
ERROR CODE: BlobNotFound
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist.
RequestId:bbfec0b4-001e-00bf-6172-8735af000000
Time:2025-02-25T10:44:52.3953576Z</Message></Error>
--------------------------------------------------------------------------------

[thaJeztah]

Rebased to get a fresh run of CI

[thaJeztah]

🤔

Post job cleanup.
BuildKit container logs
  /usr/bin/docker logs buildx_buildkit_builder-3ee79448-3bdb-4bf8-9a08-40362ed17da80
  time="2025-03-06T22:09:34Z" level=info msg="auto snapshotter: using overlayfs"
  time="2025-03-06T22:09:34Z" level=warning msg="CDI setup error /var/run/cdi: failed to monitor for changes: no such file or directory"
  time="2025-03-06T22:09:34Z" level=warning msg="CDI setup error /etc/buildkit/cdi: failed to monitor for changes: no such file or directory"
  time="2025-03-06T22:09:34Z" level=warning msg="CDI setup error /etc/cdi: failed to monitor for changes: no such file or directory"
  time="2025-03-06T22:09:34Z" level=warning msg="using host network as the default"
  time="2025-03-06T22:09:34Z" level=info msg="found worker \"jldklw9vy0m262wo8i292kb3h\", labels=map[org.mobyproject.buildkit.worker.executor:oci org.mobyproject.buildkit.worker.hostname:30d3e9bcbb0c org.mobyproject.buildkit.worker.network:host org.mobyproject.buildkit.worker.oci.process-mode:sandbox org.mobyproject.buildkit.worker.selinux.enabled:false org.mobyproject.buildkit.worker.snapshotter:overlayfs], platforms=[linux/amd64 linux/amd64/v2 linux/amd64/v3 linux/386]"
  time="2025-03-06T22:09:34Z" level=warning msg="skipping containerd worker, as \"/run/containerd/containerd.sock\" does not exist"
  time="2025-03-06T22:09:34Z" level=info msg="found 1 workers, default=\"jldklw9vy0m262wo8i292kb3h\""
  time="2025-03-06T22:09:34Z" level=warning msg="currently, only the default worker can be used."
  time="2025-03-06T22:09:34Z" level=info msg="running server on /run/buildkit/buildkitd.sock"
  time="2025-03-06T22:09:35Z" level=debug msg="session started" spanID=91dc18fe1542846f traceID=ccd3bee2d1b737770184b62e0942ae22
  time="2025-03-06T22:09:40Z" level=error msg="/moby.buildkit.v1.frontend.LLBBridge/StatFile returned error: rpc error: code = Unknown desc = lstat compose.yaml: no such file or directory" spanID=0025591dad65efe1 traceID=ccd3bee2d1b737770184b62e0942ae22
  lstat compose.yaml: no such file or directory
  7 v0.20.1 buildkitd --debug --allow-insecure-entitlement=network.host
  github.com/tonistiigi/fsutil.Stat
  	/src/vendor/github.com/tonistiigi/fsutil/stat.go:61
  github.com/moby/buildkit/cache/util.StatFile.func1
  	/src/cache/util/fsutil.go:130
  github.com/moby/buildkit/cache/util.withMount