Skip to content

Dependabot/go modules/golang.org/x/crypto 0.45.0 #371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hlipsig wants to merge 21 commits into
base: release-4.19
Choose a base branch
from
Open

Dependabot/go modules/golang.org/x/crypto 0.45.0 #371

hlipsig wants to merge 21 commits into from

Conversation

@hlipsig
Copy link
Contributor

@hlipsig hlipsig commented Nov 26, 2025

Dependency bumps should be double checked against the active release branch before merge to main.

rhamitarora and others added 21 commits July 14, 2025 16:00
@rhamitarora
FluentBit update to latest version 4.0.2
83ef038
@hawkowl
don't check for availability zones in bad regions (like centraluseuap)
7d50092
@openshift-merge-bot
Merge pull request #324 from openshift/hawkowl/ARO-20321
9aaab60 
[ARO-20321] Don't check for availability zones in bad regions (like centraluseuap)
@wanghaoran1988
Merge pull request #316 from rhamitarora/rhamitarora/ARO-14269-fluentbit
3d89b5d 
ARO-14269 Fluentbit update to latest support version 4.0.4
@fahlmant
Add red-hat-managed: true tag to install-config
326633f
@openshift-merge-bot
Merge pull request #345 from fahlmant/red-hat-managed-true-tag
3a4291e 
Add red-hat-managed: true tag to install-config
@jewzaam
Remove jewzaam from OWNERS
31b3b6b
@openshift-merge-bot
Merge pull request #351 from jewzaam/rm-jewzaam
4e628f5 
Remove jewzaam from OWNERS
@aasserzo
- Updated golang.org/x/net from v0.35.0 to v0.38.0 to fix:
eb638fd 
  - GHSA-qxp5-gwg8-xv66
  - GHSA-vvgc-356p-c3xw (CVE-2025-22872)
- Updated related dependencies (x/crypto, x/sync, x/sys, x/term, x/text)

System library vulnerabilities (glibc, krb5, libxml2) will be fixed on image rebuild.
@openshift-merge-bot
Merge pull request #352 from aasserzo/aasserzo/ARO-21088/main
99183d0 
ARO-21088: Installer vulnerabilities September 2025
@cadenmarchese
Revert "Add red-hat-managed: true tag to install-config"
a770ce9 
This reverts commit 326633f.
@openshift-merge-bot
Merge pull request #353 from cadenmarchese/cadenmarchese/revert-userTags
f62b8f7 
Revert "Add red-hat-managed: true tag to install-config"
@jaitaiwan
chore(bingo): Update old deps
bec863c 
Signed-off-by: Daniel J. Holmes (jaitaiwan) <[email protected]>
@jaitaiwan
chore: run lint across packages
80b1c0f 
Signed-off-by: Daniel J. Holmes (jaitaiwan) <[email protected]>
@jaitaiwan
chore: exclude mocks from linting
79d6748 
Signed-off-by: Daniel J. Holmes (jaitaiwan) <[email protected]>
@jaitaiwan
feat(api): use ARO-RP for api instead of copy/paste
680f2ee 
Signed-off-by: Daniel J. Holmes (jaitaiwan) <[email protected]>
@jaitaiwan
chore: Add vendoring for ARO-RP change
ddbaf4b 
Signed-off-by: Daniel J. Holmes (jaitaiwan) <[email protected]>
@openshift-merge-bot
Merge pull request #358 from jaitaiwan/jaitaiwan/ARO-3572
0cfdab6 
Remove pkg/api in favour of ARO-RP/pkg/api
Make builder and base images configurable via build args
f483a91 
Split image configuration into granular build args for better flexibility:

Builder image args:
- BUILDER_REGISTRY (default: registry.ci.openshift.org)
- BUILDER_REPOSITORY (default: ocp/builder)
- BUILDER_TAG (default: rhel-9-golang-1.24-openshift-4.20)

Base image args:
- REGISTRY (default: registry.access.redhat.com)
- REPOSITORY (default: ubi9/ubi-minimal)
- TAG (default: latest)

This allows customizing individual components (registry, repository, or tag)
without modifying the Dockerfile, making it more flexible for different
environments (e.g., using MCR images for OneBranch pipelines).

Defaults maintain existing behavior.
@openshift-merge-bot
Merge pull request #359 from shubhadapaithankar/add-configurable-buil…
8ff8aa7 
…d-images

Make builder and base images configurable via build args
@dependabot
Bump golang.org/x/crypto from 0.36.0 to 0.45.0
d0c0410 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.36.0 to 0.45.0.
- [Commits](golang/crypto@v0.36.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@openshift-merge-robot
Copy link
Contributor

openshift-merge-robot commented Nov 26, 2025

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 26, 2025
@openshift-ci openshift-ci bot requested a review from kimorris27 November 26, 2025 21:46
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 26, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hlipsig

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot requested a review from petrkotas November 26, 2025 21:46
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 26, 2025
@sebrandon1 sebrandon1 mentioned this pull request Nov 30, 2025
Open
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 3, 2025

@hlipsig: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/vendor d0c0410 link true /test vendor
ci/prow/images d0c0410 link true /test images
ci/prow/lint d0c0410 link true /test lint
ci/prow/unit d0c0410 link true /test unit
ci/prow/validate d0c0410 link true /test validate

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kimorris27 kimorris27 Awaiting requested review from kimorris27

@petrkotas petrkotas Awaiting requested review from petrkotas

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@hlipsig @openshift-merge-robot @rhamitarora @hawkowl @wanghaoran1988 @fahlmant @jewzaam @aasserzo @cadenmarchese @jaitaiwan