Skip to content

build(deps): Bump the golang-x group with 2 updates#337

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang-x-2572febda1
Open

build(deps): Bump the golang-x group with 2 updates#337
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang-x-2572febda1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jul 29, 2025
edited
Loading

Bumps the golang-x group with 2 updates: golang.org/x/oauth2 and golang.org/x/term.

Updates golang.org/x/oauth2 from 0.24.0 to 0.30.0

Commits
  • cf14319 oauth2: fix expiration time window check
  • 32d34ef internal: include clientID in auth style cache key
  • 2d34e30 oauth2: replace a magic number with AuthStyleUnknown
  • 696f7b3 all: modernize with doc links and any
  • 471209b oauth2: drop dependency on go-cmp
  • 6968da2 oauth2: sync Token.ExpiresIn from internal Token
  • d2c4e0a oauth2: context instead of golang.org/x/net/context in doc
  • 883dc3c endpoints: add various endpoints from stale CLs
  • 1c06e87 all: make use of oauth.Token.ExpiresIn
  • 65c15a3 oauth2: remove extra period
  • Additional commits viewable in compare view

Updates golang.org/x/term from 0.26.0 to 0.33.0

Commits
  • 30da5dd go.mod: update golang.org/x dependencies
  • 2ec7864 go.mod: update golang.org/x dependencies
  • a809085 term: support pluggable history
  • 5d2308b go.mod: update golang.org/x dependencies
  • e770ddd x/term: disabling auto-completion around GetPassword()
  • 04218fd go.mod: update golang.org/x dependencies
  • 208db03 all: upgrade go directive to at least 1.23.0 [generated]
  • 743b270 go.mod: update golang.org/x dependencies
  • 40b02d6 go.mod: update golang.org/x dependencies
  • 442846a go.mod: update golang.org/x dependencies
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): Bump the golang-x group with 2 updates
ff8405c 
Bumps the golang-x group with 2 updates: [golang.org/x/oauth2](https://github.com/golang/oauth2) and [golang.org/x/term](https://github.com/golang/term).


Updates `golang.org/x/oauth2` from 0.24.0 to 0.30.0
- [Commits](golang/oauth2@v0.24.0...v0.30.0)

Updates `golang.org/x/term` from 0.26.0 to 0.33.0
- [Commits](golang/term@v0.26.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
- dependency-name: golang.org/x/term
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 29, 2025
@dependabot dependabot Bot requested a review from a team as a code owner July 29, 2025 00:52
@dependabot dependabot Bot added the go Pull requests that update Go code label Jul 29, 2025
@kusari-inspector
Copy link
Copy Markdown

kusari-inspector Bot commented Jul 29, 2025

Kusari Analysis Results

Analysis for commit: ff8405c, performed at: 2025-07-29T00:52:28Z

@kusari-inspector rerun - Trigger a re-analysis of this PR

@kusari-inspector feedback [your message] - Send feedback to our AI and team

Recommendation

✅ PROCEED with this Pull Request

Summary

No Flagged Issues Detected

All values appear to be within acceptable risk parameters.

This PR safely updates four Go modules to their latest versions, including golang.org/x/oauth2 which fixes a HIGH severity vulnerability (CVE-2025-22868) present in the old version. All dependencies use permissive BSD-3-Clause licenses, and no new vulnerabilities are introduced. The security code analysis confirms there are no code issues, secrets, or workflow problems in the changes. This update improves the security posture of the application by patching a known vulnerability.

Found this helpful? Give it a 👍 or 👎 reaction!

Click to expand for details and specific link to issues

Dependency Changes

Status Package Change Version Latest Version Advisories License
❓ Uncertain stdlib updated 1.20 → 1.23.0 Unknown None Unknown

Risk Details

Safe Dependency Changes

Status Package Change Version Latest Version Advisories License
✅ Safe golang.org/x/oauth2 updated 0.24.0 → 0.30.0 v0.30.0 None BSD-3-Clause (permissive)
✅ Safe golang.org/x/sys updated 0.27.0 → 0.34.0 v0.34.0 None BSD-3-Clause (permissive)
✅ Safe golang.org/x/term updated 0.26.0 → 0.33.0 v0.33.0 None BSD-3-Clause (permissive)

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Sep 15, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants