Skip to content

chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.52.0 in the go_modules group across 1 directory#215

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go_modules-a3c8a40308
Open

chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.52.0 in the go_modules group across 1 directory#215
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go_modules-a3c8a40308

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the go_modules group with 1 update in the / directory: golang.org/x/crypto.

Updates golang.org/x/crypto from 0.50.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the go_modules group with 1 update in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `golang.org/x/crypto` from 0.50.0 to 0.52.0
- [Commits](golang/crypto@v0.50.0...v0.52.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 8, 2026
@dependabot
dependabot Bot requested a review from Hardonian as a code owner July 8, 2026 01:47
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 8, 2026
@vercel

vercel Bot commented Jul 8, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
mel-mesh-edge-layer Ready Ready Preview, Comment Jul 8, 2026 1:47am

Comment thread go.mod
module github.com/mel-project/mel

go 1.24
go 1.25.0

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: PR raises the Go language directive from go 1.24 to go 1.25.0

This change on line 3 is an unintended side effect of the x/crypto upgrade: the new golang.org/x/crypto (or a transitive dependency it pulls) declares a go 1.25.0 requirement, which Go's module tooling auto-propagates into the main module's directive during go mod tidy. It raises the minimum Go toolchain requirement for the entire project, which conflicts with the repository's documented "Go 1.24+ is required" policy (AGENTS.md) and may break CI runners or contributor builds pinned to Go 1.24. GOTOOLCHAIN=auto would silently download Go 1.25.0 and mask the change locally. Please confirm CI/supported toolchain covers Go 1.25.0, and if x/crypto v0.52.0 only needs go 1.24, consider reverting this directive change.


Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@kilo-code-bot

kilo-code-bot Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Code Review Summary

Status: 1 Issue Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 1
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
go.mod 3 PR raises the Go language directive from go 1.24 to go 1.25.0 (side effect of the x/crypto bump)
Files Reviewed (2 files)
  • go.mod - 1 issue
  • go.sum - 0 issues

Fix these issues in Kilo Cloud


Reviewed by hy3-20260706:free · Input: 57.9K · Output: 7.2K · Cached: 216.8K

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants