From 44119e3304ef8d4ba639398c93940877823fa443 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 May 2026 11:41:51 +0000 Subject: [PATCH] Bump golang.org/x/crypto from 0.50.0 to 0.51.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.50.0 to 0.51.0. - [Commits](https://github.com/golang/crypto/compare/v0.50.0...v0.51.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.51.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- vendor/golang.org/x/crypto/hkdf/hkdf.go | 21 +++++++++++++-------- vendor/modules.txt | 4 ++-- 4 files changed, 21 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index fa14fdf94..1087687d5 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/rivo/tview v0.42.0 github.com/spf13/cobra v1.10.2 github.com/stretchr/testify v1.11.1 - golang.org/x/crypto v0.50.0 + golang.org/x/crypto v0.51.0 golang.org/x/mod v0.36.0 golang.org/x/oauth2 v0.36.0 golang.org/x/sync v0.20.0 @@ -100,7 +100,7 @@ require ( go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/net v0.53.0 // indirect golang.org/x/sys v0.44.0 // indirect - golang.org/x/text v0.36.0 // indirect + golang.org/x/text v0.37.0 // indirect google.golang.org/protobuf v1.36.11 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 4c548467e..f64a8772c 100644 --- a/go.sum +++ b/go.sum @@ -211,8 +211,8 @@ go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= -golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q= +golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= +golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= @@ -250,8 +250,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= -golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= +golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= +golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go index 3bee66294..49f3a5582 100644 --- a/vendor/golang.org/x/crypto/hkdf/hkdf.go +++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go @@ -11,6 +11,7 @@ package hkdf import ( + "crypto/hkdf" "crypto/hmac" "errors" "hash" @@ -24,15 +25,19 @@ import ( // Expand invocations and different context values. Most common scenarios, // including the generation of multiple keys, should use New instead. func Extract(hash func() hash.Hash, secret, salt []byte) []byte { - if salt == nil { - salt = make([]byte, hash().Size()) + // Use the stdlib Extract, which disables FIPS 140 enforcement of the HMAC + // key (which in HKDF is the salt). The only possible error is FIPS 140 + // enforcement of the hash, which had to panic under this API anyway. We + // don't use the stdlib Expand, because it switched to returning a []byte + // instead of an io.Reader, and Expand uses the HMAC key as a key. + out, err := hkdf.Extract(hash, secret, salt) + if err != nil { + panic(err) } - extractor := hmac.New(hash, salt) - extractor.Write(secret) - return extractor.Sum(nil) + return out } -type hkdf struct { +type hkdfReader struct { expander hash.Hash size int @@ -43,7 +48,7 @@ type hkdf struct { buf []byte } -func (f *hkdf) Read(p []byte) (int, error) { +func (f *hkdfReader) Read(p []byte) (int, error) { // Check whether enough data can be generated need := len(p) remains := len(f.buf) + int(255-f.counter+1)*f.size @@ -84,7 +89,7 @@ func (f *hkdf) Read(p []byte) (int, error) { // 3.3. Most common scenarios will want to use New instead. func Expand(hash func() hash.Hash, pseudorandomKey, info []byte) io.Reader { expander := hmac.New(hash, pseudorandomKey) - return &hkdf{expander, expander.Size(), info, 1, nil, nil} + return &hkdfReader{expander, expander.Size(), info, 1, nil, nil} } // New returns a Reader, from which keys can be read, using the given hash, diff --git a/vendor/modules.txt b/vendor/modules.txt index dca8c787f..3feca3b27 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -338,7 +338,7 @@ go.yaml.in/yaml/v2 # go.yaml.in/yaml/v3 v3.0.4 ## explicit; go 1.16 go.yaml.in/yaml/v3 -# golang.org/x/crypto v0.50.0 +# golang.org/x/crypto v0.51.0 ## explicit; go 1.25.0 golang.org/x/crypto/bcrypt golang.org/x/crypto/blowfish @@ -371,7 +371,7 @@ golang.org/x/sys/windows # golang.org/x/term v0.43.0 ## explicit; go 1.25.0 golang.org/x/term -# golang.org/x/text v0.36.0 +# golang.org/x/text v0.37.0 ## explicit; go 1.25.0 golang.org/x/text/cases golang.org/x/text/encoding