Skip to content

build(deps): bump the golang-dependencies group with 3 updates#8977

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang-dependencies-0470406640
Open

build(deps): bump the golang-dependencies group with 3 updates#8977
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang-dependencies-0470406640

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the golang-dependencies group with 3 updates: golang.org/x/crypto, golang.org/x/net and golang.org/x/sync.

Updates golang.org/x/crypto from 0.53.0 to 0.54.0

Commits
  • cdce021 go.mod: update golang.org/x dependencies
  • d9474cc openpgp: make the deprecation message more explicit
  • 7626c50 ssh: verify declared key type matches decoded key in authorized_keys
  • 0471e79 ssh/agent: enforce strict limits on DSA key parameters
  • 6435c37 ssh: sanitize client disconnect messages
  • 7d695da ssh/agent: drain channel stderr in agent forwarders
  • 5b7f841 acme/autocert: fix data race in Manager.createCert
  • 0b316e7 argon2: update RFC 9106 parameter recommendations
  • 55aec0a x509roots/fallback: update bundle
  • 5f2de1a internal: remove wycheproof tests
  • See full diff in compare view

Updates golang.org/x/net from 0.56.0 to 0.57.0

Commits
  • b8f09f6 go.mod: update golang.org/x dependencies
  • f05f21b idna: reject all-ASCII xn-- labels on all Go versions
  • 0f748cf internal/http3: clean up stream I/O methods usages in tests
  • 0bb961e internal/http3: add net/http.ResponseController support
  • 0ca694d webdav: document Dir's lack of defense against filesystem modification
  • bd5f1dc http2: initialize Transport on NewClientConn
  • 488ff63 bpf: add security considerations to package docs
  • 93d1f25 xsrftoken: avoid token collisions
  • 5a3baee internal/http3: prevent panic in QPACK decoder due to overflow
  • See full diff in compare view

Updates golang.org/x/sync from 0.21.0 to 0.22.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

  • Chores
    • Updated underlying Go component dependencies to newer versions.
    • Incorporated the latest maintenance, security, and compatibility improvements from these components.

@dependabot dependabot Bot added area/ci-tooling Indicates the PR includes changes for CI or tooling ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Jul 10, 2026
@openshift-merge-bot

Copy link
Copy Markdown
Contributor

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 5b961818-48b1-461b-9998-0e656dcc0956

📥 Commits

Reviewing files that changed from the base of the PR and between cdd411a and c1c958a.

⛔ Files ignored due to path filters (53)
  • go.sum is excluded by !**/*.sum
  • vendor/golang.org/x/crypto/ssh/keys.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/ssh/messages.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/http2/transport_wrap.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/idna/idna.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/parse.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_386.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_arm.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_386.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/windows/security_windows.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/windows/types_windows.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/text/cases/context.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/text/cases/map.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/text/unicode/norm/forminfo.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/text/unicode/norm/iter.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/text/unicode/norm/normalize.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/tools/go/packages/packages.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/tools/internal/gcimporter/iexport.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/tools/internal/gcimporter/iimport.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/tools/internal/stdlib/deps.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/tools/internal/stdlib/manifest.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/element.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/types.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/zerovalue.go is excluded by !vendor/**, !**/vendor/**
  • vendor/modules.txt is excluded by !vendor/**, !**/vendor/**
📒 Files selected for processing (1)
  • go.mod
🚧 Files skipped from review as they are similar to previous changes (1)
  • go.mod

📝 Walkthrough

Walkthrough

Updated go.mod dependency versions for eight golang.org/x/* modules: crypto, net, sync, mod, sys, term, text, and tools. The golang.org/x/oauth2 version remains unchanged. No exported or public declarations were altered.

Possibly related issues

  • openshift/assisted-installer#1404 — Updates golang.org/x/crypto in go.mod.
  • openshift/oc-mirror#1330 — Updates golang.org/x/crypto in go.mod.
  • openshift/image-based-install-operator#443 — Updates golang.org/x/crypto in go.mod.
  • openshift/oauth-server#206 — Updates golang.org/x/crypto in go.mod.
  • openshift/machine-config-operator#5506 — Updates golang.org/x/crypto alongside other golang.org/x/* dependencies.
  • openshift/cluster-api-provider-ibmcloud#141 — Updates golang.org/x/crypto alongside other golang.org/x/* dependencies.
  • openshift/origin#30621 — Updates golang.org/x/crypto in go.mod.
🚥 Pre-merge checks | ✅ 11
✅ Passed checks (11 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes a dependency bump and matches the three primary Go module upgrades in the pull request.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR only updates deps/vendor files; no *_test.go changes or Ginkgo test-title additions appear in the diff.
Test Structure And Quality ✅ Passed No Ginkgo test files changed; this PR only bumps dependencies and vendored code, so the test-structure check is not applicable.
Topology-Aware Scheduling Compatibility ✅ Passed Diff only updates Go dependencies/vendor files; no deployment manifests, controllers, or scheduling logic changed, so the topology check is not applicable.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo e2e tests were added; the diff is limited to go.mod, go.sum, and vendored dependency updates.
No-Weak-Crypto ✅ Passed Diff adds dependency bumps and SSH/idna fixes; no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB or secret-compare code was introduced.
Container-Privileges ✅ Passed PR only changes Go deps and vendored code; no container/K8s manifest files were modified, so no privileged settings were introduced.
No-Sensitive-Data-In-Logs ✅ Passed No new log/print sinks were added; the only user-facing message output is SSH disconnect text, which is sanitized before formatting.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/golang-dependencies-0470406640

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from bryan-cox and muraee July 10, 2026 01:19
@openshift-ci

openshift-ci Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci

openshift-ci Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign muraee for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

- crypto: 0.53.0 => 0.54.0
- net: 0.56.0 => 0.57.0
- sync: 0.21.0 => 0.22.0

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions github-actions Bot force-pushed the dependabot/go_modules/golang-dependencies-0470406640 branch from cdd411a to c1c958a Compare July 10, 2026 01:20
@openshift-ci

openshift-ci Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

@dependabot[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/ci-tooling Indicates the PR includes changes for CI or tooling ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants