⚠️ Outdated golang.org/x/crypto Dependency
This repository is currently using golang.org/x/crypto v0.41.0 but the latest version is v0.52.0.
Last scanned: 2026-05-29 09:35 UTC
Why Update?
Keeping cryptographic dependencies up-to-date is critical for security. Newer versions often include fixes for known vulnerabilities.
🔒 Security Vulnerabilities Fixed in Newer Versions
The following CVEs have been addressed in versions after v0.41.0:
- CVE-2025-47914 (MODERATE): golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read - Fixed in
0.45.0 (details)
- CVE-2025-58181 (MODERATE): golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption - Fixed in
0.45.0 (details)
📋 How to Update
Run the following command to update:
go get golang.org/x/crypto@v0.52.0
go mod tidy
Then run your tests and submit a PR with the changes.
🔗 Central Tracking
This issue is part of an organization-wide effort to keep golang.org/x/crypto dependencies up-to-date.
See the central tracking issue for a full overview: redhat-best-practices-for-k8s/telco-bot#59
This issue is automatically managed by the xcrypto-lookup.sh scanner.
This repository is currently using
golang.org/x/crypto v0.41.0but the latest version isv0.52.0.Why Update?
Keeping cryptographic dependencies up-to-date is critical for security. Newer versions often include fixes for known vulnerabilities.
🔒 Security Vulnerabilities Fixed in Newer Versions
The following CVEs have been addressed in versions after v0.41.0:
0.45.0(details)0.45.0(details)📋 How to Update
Run the following command to update:
Then run your tests and submit a PR with the changes.
🔗 Central Tracking
This issue is part of an organization-wide effort to keep
golang.org/x/cryptodependencies up-to-date.See the central tracking issue for a full overview: redhat-best-practices-for-k8s/telco-bot#59
This issue is automatically managed by the xcrypto-lookup.sh scanner.