chore(deps): update module golang.org/x/crypto to v0.45.0 [security] (release-0.31)

[redhat-renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change
golang.org/x/crypto	indirect	minor	v0.31.0 -> v0.45.0

---

golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange

CVE-2025-22869 / GHSA-hcg3-q754-cr77 / GO-2025-3487

More information

Details

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-22869
• https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22
• https://github.com/golang/crypto
• https://go-review.googlesource.com/c/crypto/+/652135
• https://go.dev/cl/652135
• https://go.dev/issue/71931
• https://pkg.go.dev/vuln/GO-2025-3487
• https://security.netapp.com/advisory/ntap-20250411-0010

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Potential denial of service in golang.org/x/crypto

CVE-2025-22869 / GHSA-hcg3-q754-cr77 / GO-2025-3487

More information

Details

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Severity

Unknown

References

• https://go.dev/cl/652135
• https://go.dev/issue/71931

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Potential denial of service in golang.org/x/crypto/ssh/agent

CVE-2025-47913 / GHSA-56w8-48fp-6mgv / GO-2025-4116

More information

Details

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

Severity

Unknown

References

• https://go.dev/cl/700295
• https://go.dev/issue/75178
• https://github.com/advisories/GHSA-56w8-48fp-6mgv

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Unbounded memory consumption in golang.org/x/crypto/ssh

CVE-2025-58181 / GHSA-j5w8-q4qc-rx2x / GO-2025-4134

More information

Details

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Severity

Unknown

References

• https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA
• https://go.dev/cl/721961
• https://go.dev/issue/76363

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption

CVE-2025-58181 / GHSA-j5w8-q4qc-rx2x / GO-2025-4134

More information

Details

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-58181
• https://go.dev/cl/721961
• https://go.dev/issue/76363
• https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA
• https://pkg.go.dev/vuln/GO-2025-4134

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read

CVE-2025-47914 / GHSA-f6x5-jh6r-wrfv / GO-2025-4135

More information

Details

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2025-47914
• https://go.dev/cl/721960
• https://go.dev/issue/76364
• https://go.googlesource.com/crypto
• https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA
• https://pkg.go.dev/vuln/GO-2025-4135

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent

CVE-2025-47914 / GHSA-f6x5-jh6r-wrfv / GO-2025-4135

More information

Details

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Severity

Unknown

References

• https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA
• https://go.dev/cl/721960
• https://go.dev/issue/76364

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[redhat-renovate-bot]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 4 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
golang.org/x/net	v0.33.0 -> v0.47.0
golang.org/x/sys	v0.28.0 -> v0.38.0
golang.org/x/term	v0.27.0 -> v0.37.0
golang.org/x/text	v0.21.0 -> v0.31.0
go	1.18 -> 1.24.0

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: redhat-renovate-bot
Once this PR has been reviewed and has the lgtm label, please assign alonakaplan for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kubevirt-bot]

@redhat-renovate-bot: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-e2e-ovs-cni	54ac007	link	true	/test pull-e2e-ovs-cni-0.31

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request primarily focuses on enhancing the security and stability of the project by updating critical Go language extension modules. The most significant change is the upgrade of golang.org/x/crypto to mitigate several denial-of-service vulnerabilities. Additionally, it brings other golang.org/x dependencies and the Go toolchain up to date, incorporating various bug fixes, performance improvements, and new features across networking, system interfaces, terminal handling, and text processing.

Highlights

• Security Updates: Upgraded golang.org/x/crypto to v0.45.0 to address multiple denial-of-service vulnerabilities (CVE-2025-22869, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181) in its SSH and SSH agent implementations.
• Dependency Updates: Updated several golang.org/x modules including golang.org/x/net to v0.47.0, golang.org/x/sys to v0.38.0, golang.org/x/term to v0.37.0, and golang.org/x/text to v0.31.0.
• Go Toolchain Upgrade: The project's Go toolchain version has been updated from go 1.18 to go 1.24.0.
• HTTP/2 Improvements: Refactored HTTP/2 configuration and frame reading logic, introduced new priority scheduling for RFC 9218, and improved handling of self-closing tags and header validation.
• HTML Parsing Enhancements: Improved HTML parsing error handling, added a panic for excessively deep element nesting, and refined foreign content parsing rules.

Changelog

• go.mod
  • Updated versions for golang.org/x/crypto, golang.org/x/net, golang.org/x/sys, golang.org/x/term, and golang.org/x/text.
  • Upgraded the Go toolchain version to 1.24.0.
• go.sum
  • Updated module checksums to reflect the new dependency versions.
• vendor/golang.org/x/net/context/context.go
  • Updated comments to indicate deprecation and recommend using the standard library context package.
• vendor/golang.org/x/net/context/go17.go
  • Removed.
• vendor/golang.org/x/net/context/go19.go
  • Removed.
• vendor/golang.org/x/net/context/pre_go17.go
  • Removed.
• vendor/golang.org/x/net/context/pre_go19.go
  • Removed.
• vendor/golang.org/x/net/html/atom/table.go
  • Adjusted hexadecimal values for various HTML atom constants.
• vendor/golang.org/x/net/html/escape.go
  • Modified the panic message for unrecognized escape characters to be more specific.
• vendor/golang.org/x/net/html/parse.go
  • Enhanced panic messages to include scope information for better debugging.
  • Introduced insertOpenElement method and added a panic for exceeding 512 nested elements in the open element stack.
  • Updated inBodyIM to include a.Search in the list of elements.
  • Corrected a section number in a comment.
  • Revised logic for handling a.Tr, a.Table, a.Tbody, a.Tfoot, a.Thead in inRowIM.
  • Modified foreign content parsing for EndTagToken to improve robustness.
  • Implemented defer recover() in p.parse() to convert panics into errors.
  • Added a comment indicating that HTML nested deeper than 512 elements will be rejected.
• vendor/golang.org/x/net/html/render.go
  • Corrected a typo in a comment from 'beging' to 'being'.
• vendor/golang.org/x/net/html/token.go
  • Improved the detection logic for self-closing tags to prevent misinterpretation of unquoted attribute values.
• vendor/golang.org/x/net/http2/config.go
  • Added StrictMaxConcurrentRequests field to http2Config.
  • Updated configFromTransport to use StrictMaxConcurrentStreams from Transport.
  • Consolidated fillNetHTTPServerConfig and fillNetHTTPTransportConfig into a single fillNetHTTPConfig function.
  • Integrated logic into fillNetHTTPConfig to populate StrictMaxConcurrentRequests.
• vendor/golang.org/x/net/http2/config_go124.go
  • Removed.
• vendor/golang.org/x/net/http2/config_go125.go
  • Added a new file defining http2ConfigStrictMaxConcurrentRequests for Go 1.25.
• vendor/golang.org/x/net/http2/config_go126.go
  • Added a new file defining http2ConfigStrictMaxConcurrentRequests for Go 1.26 and later.
• vendor/golang.org/x/net/http2/config_pre_go124.go
  • Removed.
• vendor/golang.org/x/net/http2/frame.go
  • Converted frameName map to a frameNames array for improved efficiency.
  • Updated FrameType.String() to utilize the new frameNames array.
  • Converted frameParsers map to an array.
  • Modified typeFrameParser to use the frameParsers array.
  • Introduced invalidHTTP1LookingFrameHeader function.
  • Added lastFrameType field to the Framer struct.
  • Corrected a comment in startWrite.
  • Refactored ReadFrame into ReadFrameHeader and ReadFrameForHeader for more granular control over frame reading.
  • Updated checkFrameOrder to operate on FrameHeader and lastFrameType.
  • Added defaultRFC9218Priority and new fields urgency and incremental to PriorityParam.
• vendor/golang.org/x/net/http2/gotrack.go
  • Introduced disableDebugGoroutines atomic boolean and integrated its use into newGoroutineLock and check methods.
• vendor/golang.org/x/net/http2/http2.go
  • Removed an outdated comment regarding http2.golang.org.
  • Removed the context import.
  • Changed the default value of disableExtendedConnectProtocol to true and adjusted logic for the http2xconnect environment variable.
  • Removed the group field from bufferedWriter and associated methods (markNewGoroutine, now, newTimer, afterFunc, contextWithTimeout).
  • Modified writeWithByteTimeout to directly use time.Now().
• vendor/golang.org/x/net/http2/server.go
  • Imported golang.org/x/net/internal/httpcommon.
  • Removed the group field from the Server struct and related methods.
  • Added errChanPool to serverInternalState and introduced getErrChan and putErrChan functions.
  • Initialized errChanPool within ConfigureServer.
  • Added a nil check for opts in ServeConn.
  • Updated the call to newBufferedWriter by removing the s.group argument.
  • Changed timer types to *time.Timer for shutdownTimer, idleTimer, and readIdleTimer.
  • Removed calls to sc.srv.markNewGoroutine().
  • Replaced sc.srv.afterFunc and sc.srv.now() with direct time.AfterFunc and time.Now() calls.
  • Added error counting for lost pings in handlePingTimer.
  • Replaced global errChanPool usage with sc.srv.state.getErrChan() and sc.srv.state.putErrChan().
  • Migrated requestParam to httpcommon.ServerRequestParam and updated related logic in newWriterAndRequest and newWriterAndRequestNoBody.
  • Replaced buildCommonHeaderMapsOnce() and commonCanonHeader usage with httpcommon.CachedCanonicalHeader.
  • Removed the inTests check from requestBody.Read.
• vendor/golang.org/x/net/http2/timer.go
  • Removed.
• vendor/golang.org/x/net/http2/transport.go
  • Imported compress/flate and golang.org/x/net/internal/httpcommon.
  • Removed the sort import.
  • Removed the group field from transportTestHooks and associated methods (markNewGoroutine, now, timeSince, newTimer, afterFunc, contextWithTimeout).
  • Changed timer types to *time.Timer for idleTimer.
  • Added closedOnIdle field to ClientConn.
  • Added strictMaxConcurrentStreams field to ClientConn.
  • Introduced errClientConnForceClosed error.
  • Removed the group field from stickyErrWriter.
  • Replaced cc.t.newTimer with time.NewTimer.
  • Replaced cc.t.timeSince with time.Since.
  • Updated idleStateLocked to use cc.strictMaxConcurrentStreams and cc.closedOnIdle.
  • Modified closeIfIdle to set cc.closedOnIdle.
  • Removed calls to cc.t.markNewGoroutine().
  • Simplified ClientConn.Close() to use errClientConnForceClosed.
  • Replaced commaSeparatedTrailers and checkConnHeaders functions with httpcommon equivalents.
  • Updated request header encoding logic to use httpcommon.IsRequestGzip and httpcommon.EncodeHeaders.
  • Replaced cc.t.now() with time.Now().
  • Adjusted readLoop cleanup logic for seenSettingsChan.
  • Replaced canonicalHeader with httpcommon.CanonicalHeader.
  • Updated gzipReader to leverage sync.Pool for gzip.Reader instances and introduced eofReader and flate.Reader for improved efficiency.
• vendor/golang.org/x/net/http2/write.go
  • Replaced lowerHeader with httpcommon.LowerHeader.
• vendor/golang.org/x/net/http2/writesched.go
  • Added a priority field to OpenStreamOptions.
  • Refactored writeQueue to implement a more efficient two-stage queue using currQueue, nextQueue, and currPos.
  • Added a peek method to writeQueue.
  • Updated writeQueuePool.put to correctly clear new fields.
• vendor/golang.org/x/net/http2/writesched_priority.go
  • Renamed to writesched_priority_rfc7540.go and updated constants and struct names to align with RFC 7540.
• vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go
  • Added a new file implementing RFC 9218 priority scheduling.
• vendor/golang.org/x/net/http2/writesched_roundrobin.go
  • Corrected a typo in a comment from 'priorizes' to 'prioritizes'.
• vendor/golang.org/x/net/internal/httpcommon/ascii.go
  • Added a new file containing ASCII utility functions.
• vendor/golang.org/x/net/internal/httpcommon/headermap.go
  • Renamed from http2/headermap.go.
  • Updated imports and canonicalization functions to use textproto.
  • Added CachedCanonicalHeader function.
• vendor/golang.org/x/net/internal/httpcommon/request.go
  • Added a new file containing common HTTP request encoding and parsing logic, including EncodeHeaders, IsRequestGzip, checkConnHeaders, commaSeparatedTrailers, validPseudoPath, validateHeaders, shouldSendReqContentLength, ServerRequestParam, ServerRequestResult, and NewServerRequest.
• vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
  • Removed.
• vendor/golang.org/x/sys/plan9/pwd_plan9.go
  • Updated to directly use syscall functions for fixwd, Getwd, and Chdir.
• vendor/golang.org/x/sys/unix/affinity_linux.go
  • Added a Fill method to CPUSet.
• vendor/golang.org/x/sys/unix/auxv.go
  • Added a new file providing the Auxv function for accessing the ELF auxiliary vector.
• vendor/golang.org/x/sys/unix/auxv_unsupported.go
  • Added a new file providing a fallback Auxv function for unsupported platforms.
• vendor/golang.org/x/sys/unix/fdset.go
  • Updated the Zero method to use the clear function.
• vendor/golang.org/x/sys/unix/ifreq_linux.go
  • Updated the clear method to use the clear function.
• vendor/golang.org/x/sys/unix/mkall.sh
  • Added set -e to ensure script exits on error.
• vendor/golang.org/x/sys/unix/mkerrors.sh
  • Included linux/elf.h and added new patterns for DT_, EI_, ELF, EV_, NN_, NT_, PF_, SHF_, SHN_, SHT_, STB_, STT_, VER_ constants.
  • Added definitions for ETHTOOL_FAMILY_NAME and ETHTOOL_FAMILY_VERSION.
• vendor/golang.org/x/sys/unix/syscall_darwin.go
  • Added Readv, Preadv, Writev, and Pwritev functions along with their respective race detection helpers.
• vendor/golang.org/x/sys/unix/syscall_dragonfly.go
  • Added the Dup3 function.
• vendor/golang.org/x/sys/unix/syscall_linux.go
  • Imported the slices package.
  • Updated various loops to use the range keyword for SockaddrUnix, SockaddrL2, SockaddrCAN, SockaddrCANJ1939, and SockaddrIUCV.
  • Modified SockaddrPPPoE.sockaddr() to use clear.
  • Updated anyToSockaddr loops to use range.
  • Replaced manual slice iteration with slices.Contains in isGroupMember.
  • Added the SetMemPolicy function.
• vendor/golang.org/x/sys/unix/syscall_netbsd.go
  • Added the Getvfsstat function.
• vendor/golang.org/x/sys/unix/syscall_solaris.go
  • Corrected the Listen syscall name.
  • Added Ucred helper functions for user credentials.
• vendor/golang.org/x/sys/unix/zerrors_linux.go
  • Updated various constants related to AUDIT, BPF, DM, DT, EI, ELF, ET, EV, FAN, FSCRYPT, F_, IPPROTO, IPV6, IP_, LANDLOCK, MADV, MAP, MSG, NFC, NFT, NLM, NN, NT, PF, PR, PTRACE, PT, RTA, RTM, RTPROT, RWF, SHF, SHN, SHT, STB, STT, TASKSTATS, TCP, UDP, VER, WGALLOWEDIP, and XDP.
• vendor/golang.org/x/sys/unix/zerrors_linux_386.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, GCS_MAGIC, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
  • Updated various constants related to DM_MPATH_PROBE_PATHS, IPV6_FLOWINFO_MASK, IPV6_FLOWLABEL_MASK, SCM_TS_OPT_ID, SO_PASSRIGHTS, and SO_RCVPRIORITY.
• vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
  • Added readv, preadv, writev, and pwritev syscall wrappers.
• vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
  • Added assembly stubs for readv, preadv, writev, and pwritev.
• vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
  • Added readv, preadv, writev, and pwritev syscall wrappers.
• vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
  • Added assembly stubs for readv, preadv, writev, and pwritev.
• vendor/golang.org/x/sys/unix/zsyscall_linux.go
  • Added the setMemPolicy syscall wrapper.
• vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
  • Corrected the Listen syscall name.
  • Added ucred related syscall wrappers.
• vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
  • Added new syscall numbers for SYS_SETXATTRAT, SYS_GETXATTRAT, SYS_LISTXATTRAT, SYS_REMOVEXATTRAT, and SYS_OPEN_TREE_ATTR.
• vendor/golang.org/x/sys/unix/ztypes_linux.go
  • Updated Statx_t and FscryptAddKeyArg structs.
  • Added IFAL_LABEL and IFAL_ADDRESS constants.
  • Introduced IfAddrlblmsg struct.
  • Updated various constants related to NFT_PAYLOAD, NFT_CT, SOF_TIMESTAMPING, TCA, RTNLGRP, ETHTOOL_MSG, ETHTOOL_A_RINGS, ETHTOOL_A_TSINFO, NL80211_ATTR, NL80211_BSS, NL80211_CMD, NL80211_EXT_FEATURE, NL80211_FREQUENCY_ATTR, NL80211_IFTYPE, NL80211_MBSSID_CONFIG_ATTR, NL80211_MNTR_FLAG, NL80211_RATE_INFO, NL80211_RRF, NL80211_STA_FLAG, NL80211_VHT_NSS_MAX, NL80211_WIPHY_RADIO_ATTR, and NL80211_WOWLAN_TRIG.
  • Added SizeofNhmsg and SizeofNexthopGrp constants.
  • Introduced MPOL constants.
• vendor/golang.org/x/sys/unix/ztypes_linux_386.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
  • Updated the Stat_t and Taskstats structs.
• vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
  • Updated the Stat_t and Taskstats structs.
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
  • Updated the Taskstats struct.
• vendor/golang.org/x/sys/windows/dll_windows.go
  • Updated comments for LoadDLL and NewLazyDLL to recommend NewLazySystemDLL.
  • Removed the errString type.
• vendor/golang.org/x/sys/windows/security_windows.go
  • Updated the ToAbsolute method to use unsafe.SliceData and added pointer validation for security descriptors.
• vendor/golang.org/x/sys/windows/syscall_windows.go
  • Added GetNumberOfConsoleInputEvents, FlushConsoleInputBuffer, WSADuplicateSocket, GetIpForwardEntry2, GetIpForwardTable2, FreeMibTable, and NotifyRouteChange2 syscalls.
  • Introduced RawSockaddrInet struct.
  • Updated NTUnicodeString.Slice() to correctly handle length for UTF-16 slices.
• vendor/golang.org/x/sys/windows/types_windows.go
  • Added O_FILE_FLAG constants for os.OpenFile.
  • Introduced IP_MTU_DISCOVER, IPV6_MTU_DISCOVER, and IP_PMTUDISC_ constants.
  • Added WSACMSGHDR, IN_PKTINFO, and IN6_PKTINFO structs.
  • Introduced FileZeroDataInformation struct.
  • Added IpAddressPrefix, MibIpForwardRow2, and MibIpForwardTable2 structs along with related constants.
  • Added VK_ and console event constants for virtual key codes and mouse/control key states.
• vendor/golang.org/x/term/term_windows.go
  • Modified makeRaw to remove the windows.ENABLE_PROCESSED_OUTPUT flag.
• vendor/golang.org/x/term/terminal.go
  • Imported the fmt package.
  • Introduced the History interface and updated stRingBuffer to implement it.
  • Modified NewTerminal to initialize History with stRingBuffer.
  • Added the keyLF constant.
  • Corrected typos in comments.
  • Introduced historyAt and historyAdd methods to Terminal.
  • Updated handleKey to use keyLF and historyAt.
  • Disabled AutoCompleteCallback during ReadPassword calls.
  • Modified readLine to correctly handle CRLF sequences.
  • Updated readLine to use historyAdd.
  • Replaced stRingBuffer.NthPreviousEntry with stRingBuffer.At and added a Len method.
• vendor/golang.org/x/text/language/parse.go
  • Changed the error return value of CanonType.Parse to nil.
• vendor/golang.org/x/text/unicode/bidi/core.go
  • Removed the maxLevel function and replaced its usage with the standard max function.
• vendor/modules.txt
  • Updated module versions for golang.org/x/crypto, golang.org/x/net, golang.org/x/sys, golang.org/x/term, and golang.org/x/text.
  • Added golang.org/x/net/internal/httpcommon.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates golang.org/x/crypto and several other golang.org/x dependencies to address security vulnerabilities. A key change is the update of the Go version in go.mod from 1.18 to 1.24.0. This is a significant jump and makes the module require at least Go 1.21 due to the use of new language features in the updated dependencies. This could be a breaking change for consumers of this library who are on older Go versions.

[gemini-code-assist]

Updating the Go version from 1.18 to 1.24.0 is a significant change. The updated dependencies in vendor/ now use features from Go 1.21 (like the clear and max built-ins, and the slices package), so this version bump is necessary. However, this makes the module incompatible with Go versions older than 1.21, which could be a breaking change for users of this library. While this is likely unavoidable for a security update, it's an important side-effect to be aware of for this release.