sour-is/go-passwd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

chore(deps): bump golang.org/x/crypto from 0.4.0 to 0.7.0 #5

Closed
dependabot[bot] wants to merge 1 commits from dependabot/go_modules/golang.org/x/crypto-0.7.0 into main
pull from: dependabot/go_modules/golang.org/x/crypto-0.7.0
merge into: sour-is:main
Conversation 1 Commits 1 Files Changed 2 +6 -6
dependabot[bot] commented 2023-03-06 13:34:57 -07:00 (Migrated from github.com)
Copy Link

Bumps golang.org/x/crypto from 0.4.0 to 0.7.0.

Commits
  • 776e461 go.mod: update golang.org/x dependencies
  • ebe9262 ssh: add support for aes256-gcm@openssh.com
  • a9f661c go.mod: update golang.org/x dependencies
  • 310bfa4 cryptobyte: reject negative Unwrite argument
  • 59ff472 all: fix some comments
  • 3d872d0 go.mod: update golang.org/x dependencies
  • bc7d1d1 bcrypt: reject passwords longer than 72 bytes
  • 7e3ac20 internal/wycheproof: also use Verify in TestECDSA
  • 23edec0 ssh: ensure that handshakeTransport goroutines have finished before Close ret...
  • f495dc3 acme: eliminate arbitrary timeouts in tests
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.7.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/776e461a4e6d8b372a43c72122c5c28cfc40dca2"><code>776e461</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/ebe92624d1428c68f92576e1d27cc65d62bc2f7e"><code>ebe9262</code></a> ssh: add support for <a href="mailto:aes256-gcm@openssh.com">aes256-gcm@openssh.com</a></li> <li><a href="https://github.com/golang/crypto/commit/a9f661cb6e1b78478731da332a7b82f1e2fd779c"><code>a9f661c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/310bfa40f1e490c722a9c86d8ede143d3d506be5"><code>310bfa4</code></a> cryptobyte: reject negative Unwrite argument</li> <li><a href="https://github.com/golang/crypto/commit/59ff47295ca89b9497fc7964d4777b2a9edd1e22"><code>59ff472</code></a> all: fix some comments</li> <li><a href="https://github.com/golang/crypto/commit/3d872d042823aed41f28af3b13beb27c0c9b1e35"><code>3d872d0</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/bc7d1d1eb54b3530da4f5ec31625c95d7df40231"><code>bc7d1d1</code></a> bcrypt: reject passwords longer than 72 bytes</li> <li><a href="https://github.com/golang/crypto/commit/7e3ac2043e18f9cbc0c089cb28e73caac2c9d9d1"><code>7e3ac20</code></a> internal/wycheproof: also use Verify in TestECDSA</li> <li><a href="https://github.com/golang/crypto/commit/23edec0b383afbf83bd3e94309cfe09a01a68a99"><code>23edec0</code></a> ssh: ensure that handshakeTransport goroutines have finished before Close ret...</li> <li><a href="https://github.com/golang/crypto/commit/f495dc37d5f5cc59ca73af6acbbe0a741559792b"><code>f495dc3</code></a> acme: eliminate arbitrary timeouts in tests</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.4.0...v0.7.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.4.0&new-version=0.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
dependabot[bot] commented 2023-05-26 11:21:17 -06:00 (Migrated from github.com)
Copy Link

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file. If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something isn't working

  
dependencies

Pull requests that update a dependency file

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
wontfix

This will not be worked on

No Label
bug
dependencies
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sour-is/go-passwd#5
No description provided.
Delete Branch "dependabot/go_modules/golang.org/x/crypto-0.7.0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?