Skip to content

build(deps): bump golang.org/x/crypto from 0.51.0 to 0.53.0#2397

Merged
psnoch-akamai merged 1 commit into
devfrom
dependabot/go_modules/golang.org/x/crypto-0.53.0
Jul 8, 2026
Merged

build(deps): bump golang.org/x/crypto from 0.51.0 to 0.53.0#2397
psnoch-akamai merged 1 commit into
devfrom
dependabot/go_modules/golang.org/x/crypto-0.53.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps golang.org/x/crypto from 0.51.0 to 0.53.0.

Commits
  • 45460e0 go.mod: update golang.org/x dependencies
  • d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
  • e2ffffe ssh: reject incomplete gssapi-with-mic configurations
  • 60e158a ssh/test: isolate CLI tests from user SSH config and agent
  • 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
  • 3872a2b ssh/knownhosts: verify declared key type matches decoded key
  • 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
  • 8f405a4 ssh: validate ECDSA curve matches expected algorithm
  • bb41b3d ssh: improve DH GEX group selection using PreferredBits
  • e04e721 ssh/agent: validate ed25519 private key length in Add
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.51.0 to 0.53.0.
- [Commits](golang/crypto@v0.51.0...v0.53.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies dependency updates usually from dependabot go labels Jul 1, 2026
@dependabot dependabot Bot requested review from a team as code owners July 1, 2026 02:32
@dependabot dependabot Bot added dependencies dependency updates usually from dependabot go labels Jul 1, 2026
@dependabot dependabot Bot requested review from ezilber-akamai and psnoch-akamai and removed request for a team July 1, 2026 02:32
@psnoch-akamai psnoch-akamai merged commit 470dfb7 into dev Jul 8, 2026
12 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/golang.org/x/crypto-0.53.0 branch July 8, 2026 11:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies dependency updates usually from dependabot

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants