chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0#394
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates golang.org/x/crypto from version 0.41.0 to 0.45.0 to address security vulnerabilities CVE-2025-58181 and CVE-2025-47914. The update requires bumping the Go version to 1.24.10, which also triggers updates to several related golang.org/x packages.
Key changes:
- Updates Go from 1.23.12 to 1.24.10
- Upgrades golang.org/x/crypto from 0.41.0 to 0.45.0 to resolve security CVEs
- Updates related golang.org/x dependencies (net, sys, mod, sync, term, text, tools) to compatible versions
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| go.mod | Updates Go version directive to 1.24.10 and bumps golang.org/x dependencies |
| go.sum | Updates checksums for all upgraded golang.org/x packages |
| README.md | Updates documented Go requirement to 1.24.10 |
| .go-version | Updates Go version specification to 1.24.10 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Bumps golang.org/x/crypto from 0.41.0 to 0.45.0. - Bumps github.com/hashicorp/packer-plugin-sdk from 0.6.3 to 0.6.4. - Requires a bump of Go to 1.24.0 or later; using latest 1.24.10. Ref: - CVE-2025-58181 - CVE-2025-47914 Signed-off-by: Ryan Johnson <ryan.johnson@broadcom.com>
0bcd838 to
367cfe2
Compare
|
I'm going to lock this pull request because it has been closed for 30 days. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
Ref:
Resolved Issues
Changes to Security Controls
None.