Skip to content

NO-JIRA: build(deps): bump golang.org/x/crypto from 0.37.0/0.41.0 to 0.45.0 #7292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

NO-JIRA: build(deps): bump golang.org/x/crypto from 0.37.0/0.41.0 to 0.45.0 #7292

wants to merge 1 commit into from
+30,431 −36,230

Conversation

@bryan-cox
Copy link
Member

@bryan-cox bryan-cox commented Nov 26, 2025

Summary

This PR combines and consolidates dependency updates from Dependabot PRs #7265 and #7264, updating golang.org/x/crypto across the project:

  • Main project: 0.41.0 → 0.45.0
  • hack/tools: 0.37.0 → 0.45.0

Changes

  • Updated golang.org/x/crypto and all transitive dependencies
  • Synced vendor directories for api/, hack/tools/, and main module
  • Updated deprecated context import (golang.org/x/net/context → standard library context)
  • Removed obsolete // +build tags from e2e test files (kept only //go:build format)

Key Updates in golang.org/x/crypto v0.45.0

  • ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • ssh/agent: prevent panic on malformed constraint
  • ssh: fix error message on unsupported cipher
  • ssh: allow to bind to a hostname in remote forwarding
  • acme/autocert: let automatic renewal work with short lifetime certs

For full changelog, see:

Related PRs

🤖 Generated with Claude Code

@bryan-cox @claude
build(deps): bump golang.org/x/crypto from 0.37.0/0.41.0 to 0.45.0
efc2f6a 
Update golang.org/x/crypto dependency across the project and hack/tools,
including all transitive dependencies and vendored packages.

This combines updates from dependabot PRs openshift#7264 and openshift#7265.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 26, 2025
edited
Loading

Walkthrough

Go module dependencies are updated across three manifest files. Direct dependencies in the root go.mod are bumped to newer versions (golang.org/x/crypto, golang.org/x/net, golang.org/x/sync), with corresponding indirect dependency updates propagated across api/go.mod and hack/tools/go.mod.

Changes

Cohort / File(s) Summary
Go module dependency updates
api/go.mod, go.mod, hack/tools/go.mod		 Updates golang.org/x/\* packages: crypto (v0.37.0→v0.45.0), net (v0.43.0→v0.47.0), sync (v0.16.0→v0.18.0), sys (v0.35.0→v0.38.0), term (v0.34.0→v0.37.0), text (v0.28.0→v0.31.0), mod (v0.27.0→v0.29.0), tools (v0.36.0→v0.38.0). New deprecated entries added to hack/tools/go.mod for golang.org/x/tools subpackages.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

  • Verify compatibility between dependency versions across the three manifests
  • Confirm no breaking changes introduced by the minor/patch version bumps
  • Validate that new deprecated tooling subpackages in hack/tools/go.mod are intentional
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 886e4b5 and efc2f6a.

⛔ Files ignored due to path filters (297)
  • api/go.sum is excluded by !**/*.sum
  • api/vendor/golang.org/x/net/http2/config.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/config_go124.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/config_go125.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/config_go126.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/config_pre_go124.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/frame.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/gotrack.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/http2.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/server.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/timer.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/writesched.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/http2/writesched_roundrobin.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/net/internal/httpcommon/request.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/plan9/pwd_plan9.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/affinity_linux.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/fdset.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/ifreq_linux.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/mkall.sh is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/syscall_linux.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/syscall_netbsd.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/syscall_solaris.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/zsyscall_linux.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/windows/types_windows.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/sys/windows/zsyscall_windows.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/term/terminal.go is excluded by !**/vendor/**
  • api/vendor/golang.org/x/text/unicode/bidi/core.go is excluded by !**/vendor/**
  • api/vendor/modules.txt is excluded by !**/vendor/**
  • go.sum is excluded by !**/*.sum
  • hack/tools/go.sum is excluded by !**/*.sum
  • hack/tools/vendor/golang.org/x/crypto/argon2/argon2.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/blake2b/blake2x.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/blake2b/go125.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/curve25519/curve25519.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/sha3/doc.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/sha3/hashes.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/sha3/hashes_noasm.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/sha3/legacy_hash.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/sha3/legacy_keccakf.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/sha3/sha3_s390x.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/sha3/sha3_s390x.s is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/sha3/shake.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/sha3/shake_noasm.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/agent/client.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/agent/keyring.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/agent/server.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/certs.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/cipher.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/client.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/client_auth.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/common.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/connection.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/doc.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/handshake.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/kex.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/keys.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/mac.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/messages.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/mlkem.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/server.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/ssh_gss.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/streamlocal.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/tcpip.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/crypto/ssh/transport.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/mod/modfile/rule.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/mod/modfile/work.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/mod/module/module.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/mod/semver/semver.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/context/context.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/html/escape.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/html/parse.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/html/render.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/config.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/config_go124.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/config_go125.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/config_go126.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/config_pre_go124.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/frame.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/gotrack.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/http2.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/server.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/timer.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/writesched.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/http2/writesched_roundrobin.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/internal/httpcommon/request.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/internal/socks/socks.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/net/trace/events.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/cpu/cpu.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/cpu/cpu_arm64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/cpu/cpu_arm64.s is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/cpu/cpu_riscv64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/plan9/pwd_plan9.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/affinity_linux.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/fdset.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ifreq_linux.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/mkall.sh is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/syscall_darwin.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/syscall_linux.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/syscall_netbsd.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/syscall_solaris.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsyscall_linux.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_386.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/windows/security_windows.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/windows/types_windows.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/sys/windows/zsyscall_windows.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/term/term_windows.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/term/terminal.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/text/unicode/bidi/core.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/cmd/stringer/stringer.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/checker/checker.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/checker/iter_go122.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/checker/iter_go123.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/internal/analysisflags/fix.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/internal/analysisflags/flags.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/internal/checker/checker.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/internal/internal.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/asmdecl/asmdecl.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/assign/assign.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/atomic/atomic.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/atomicalign/atomicalign.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/bools/bools.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/buildtag/buildtag.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/composite/composite.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/deepequalerrors/deepequalerrors.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/defers/defers.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/errorsas/errorsas.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/framepointer/framepointer.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/httpresponse/httpresponse.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/loopclosure.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/lostcancel/lostcancel.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/nilness/nilness.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/pkgfact/pkgfact.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/printf/doc.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/reflectvaluecompare/reflectvaluecompare.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/shift/shift.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/sigchanyzer/sigchanyzer.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/slog/slog.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/sortslice/analyzer.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/stdversion/stdversion.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/stringintconv/string.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/structtag/structtag.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/testinggoroutine.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/util.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/tests/tests.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/timeformat/timeformat.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/unreachable/unreachable.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/unsafeptr/unsafeptr.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/unusedresult/unusedresult.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/passes/waitgroup/waitgroup.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/analysis/unitchecker/unitchecker.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ast/astutil/enclosing.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ast/astutil/imports.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ast/astutil/rewrite.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ast/edge/edge.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ast/inspector/cursor.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ast/inspector/inspector.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ast/inspector/typeof.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ast/inspector/walk.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/buildutil/allpackages.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/buildutil/tags.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/cfg/cfg.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/loader/doc.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/loader/loader.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/packages/doc.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/packages/golist.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/packages/golist_overlay.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/packages/packages.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/packages/visit.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ssa/builder.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ssa/func.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ssa/sanity.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ssa/subst.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/ssa/util.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/types/typeutil/callee.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/go/types/typeutil/map.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/imports/forward.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/analysisinternal/analysis.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/analysisinternal/extractdoc.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/analysisinternal/typeindex/typeindex.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/astutil/clone.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/astutil/comment.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/astutil/cursor/hooks.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/astutil/equal.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/astutil/fields.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/astutil/purge.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/astutil/stringlit.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/astutil/unpack.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/astutil/util.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/diff/lcs/common.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/diff/lcs/doc.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/diff/lcs/old.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/diff/lcs/sequence.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/event/core/event.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/facts/imports.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/gcimporter/iexport.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/gcimporter/iimport_go122.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/imports/fix.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/imports/imports.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/imports/source_modindex.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/modindex/directories.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/modindex/index.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/modindex/lookup.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/modindex/modindex.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/modindex/symbols.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/modindex/types.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/moreiters/iters.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/packagesinternal/packages.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/refactor/delete.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/refactor/imports.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/refactor/refactor.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/stdlib/deps.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/stdlib/manifest.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/stdlib/stdlib.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/typesinternal/classify_call.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/typesinternal/fx.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/typesinternal/isnamed.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/typesinternal/qualifier.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/typesinternal/typeindex/typeindex.go is excluded by !**/vendor/**
  • hack/tools/vendor/golang.org/x/tools/internal/typesinternal/types.go is excluded by !**/vendor/**
📒 Files selected for processing (3)
  • api/go.mod (1 hunks)
  • go.mod (2 hunks)
  • hack/tools/go.mod (1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

  • api/go.mod
  • go.mod
  • hack/tools/go.mod
🔇 Additional comments (5)
api/go.mod (1)

62-67: Consistent indirect dependency updates across modules.

The golang.org/x package versions are correctly propagated to api/go.mod as indirect dependencies, maintaining consistency with the root go.mod updates. The absence of direct x/crypto or x/tools dependencies is appropriate for this API module.

go.mod (2)

78-80: Security-driven updates to direct dependencies.

The direct upgrades to golang.org/x/crypto, golang.org/x/net, and golang.org/x/sync are security-motivated (per PR objectives: SSH GSSAPI DoS mitigation in v0.45.0, panic prevention, etc.) and represent sound maintenance. The version bumps are conservative, reducing breaking-change risk.

255-260: Indirect dependencies consistently updated.

Indirect golang.org/x packages (mod, sys, term, text, tools) are uniformly updated across the dependency graph, maintaining version alignment with api/go.mod and hack/tools/go.mod.

hack/tools/go.mod (2)

263-274: Standard indirect updates consistent across modules.

The golang.org/x packages (crypto, mod, net, sync, sys, term, text, tools) are uniformly bumped to match root go.mod and api/go.mod, maintaining transitive dependency alignment for this dev-tools module.

275-276: Based on my verification, I have sufficient information to rewrite the review comment. Here are the key findings:

  1. Confirmed: golang.org/x/tools/go/expect and golang.org/x/tools/go/packages/packagestest are legitimate deprecated packages in golang.org/x/tools (subject to x/tools/go/{packages/packagestest,expect}: deprecate, tag, and delete golang/go#70229 for removal).

  2. Critical clarification: golangci-lint v1.64.8 requires golang.org/x/tools v0.31.0, NOT v0.38.0. This means these deprecated packages are NOT coming from golangci-lint v1.64.8.

  3. Conclusion: These packages appear to be transitive dependencies from a separate golang.org/x/tools version bump in hack/tools/go.mod (likely to v0.38.0 or later where these subpackages were introduced as deprecated stubs).

These deprecated subpackages are transitive artifacts from golang.org/x/tools, not from golangci-lint v1.64.8. golangci-lint v1.64.8 requires golang.org/x/tools v0.31.0, so the golang.org/x/tools/go/expect and golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated packages must originate from a direct or separate golang.org/x/tools version bump in hack/tools/go.mod. These are legitimate deprecated stubs introduced in golang.org/x/tools (subject to golang/go#70229 for eventual removal) and can be left as indirect dependencies or removed if hack/tools/go.mod does not directly use golang.org/x/tools beyond what golangci-lint provides.

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci bot requested review from csrwng and muraee November 26, 2025 16:23
@openshift-ci openshift-ci bot added the area/api Indicates the PR includes changes for the API label Nov 26, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 26, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added area/ci-tooling Indicates the PR includes changes for CI or tooling approved Indicates a PR has been approved by an approver from all required OWNERS files. area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release area/testing Indicates the PR includes changes for e2e testing and removed do-not-merge/needs-area labels Nov 26, 2025
@bryan-cox
Copy link
Member Author

bryan-cox commented Nov 26, 2025

/test e2e-aks-4-20

@bryan-cox bryan-cox changed the title build(deps): bump golang.org/x/crypto from 0.37.0/0.41.0 to 0.45.0 NO-JIRA: build(deps): bump golang.org/x/crypto from 0.37.0/0.41.0 to 0.45.0 Nov 26, 2025
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Nov 26, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Nov 26, 2025

@bryan-cox: This pull request explicitly references no jira issue.

In response to this:

Summary

This PR combines and consolidates dependency updates from Dependabot PRs #7265 and #7264, updating golang.org/x/crypto across the project:

  • Main project: 0.41.0 → 0.45.0
  • hack/tools: 0.37.0 → 0.45.0

Changes

  • Updated golang.org/x/crypto and all transitive dependencies
  • Synced vendor directories for api/, hack/tools/, and main module
  • Updated deprecated context import (golang.org/x/net/context → standard library context)
  • Removed obsolete // +build tags from e2e test files (kept only //go:build format)

Key Updates in golang.org/x/crypto v0.45.0

  • ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
  • ssh/agent: prevent panic on malformed constraint
  • ssh: fix error message on unsupported cipher
  • ssh: allow to bind to a hostname in remote forwarding
  • acme/autocert: let automatic renewal work with short lifetime certs

For full changelog, see:

Related PRs

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@bryan-cox
Copy link
Member Author

bryan-cox commented Nov 26, 2025

/verified by @bryan-cox through e2es

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Nov 26, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Nov 26, 2025

@bryan-cox: This PR has been marked as verified by @bryan-cox through e2es.

In response to this:

/verified by @bryan-cox through e2es

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@bryan-cox
Copy link
Member Author

bryan-cox commented Nov 26, 2025

/test e2e-aks-4-20

celebdor
celebdor reviewed Nov 28, 2025
View reviewed changes
test/e2e/assets.go
@@ -1,5 +1,4 @@
//go:build e2e
// +build e2e
Copy link
Collaborator

@celebdor celebdor Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is this related to the PR?

@celebdor
Copy link
Collaborator

celebdor commented Nov 28, 2025

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 28, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 28, 2025

@bryan-cox: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aks efc2f6a link unknown /test e2e-aks
ci/prow/e2e-aks-4-20 efc2f6a link unknown /test e2e-aks-4-20

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-ci-robot
Copy link

openshift-ci-robot commented Nov 28, 2025

/retest-required

Remaining retests: 0 against base HEAD 50304c0 and 2 for PR HEAD efc2f6a in total

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@celebdor celebdor celebdor left review comments

@csrwng csrwng Awaiting requested review from csrwng

@muraee muraee Awaiting requested review from muraee

Assignees

@celebdor celebdor

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/api Indicates the PR includes changes for the API area/ci-tooling Indicates the PR includes changes for CI or tooling area/control-plane-operator Indicates the PR includes changes for the control plane operator - in an OCP release area/hypershift-operator Indicates the PR includes changes for the hypershift operator and API - outside an OCP release area/testing Indicates the PR includes changes for e2e testing jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bryan-cox @openshift-ci-robot @celebdor