Skip to content

fix(cli): upgrade x/crypto for CVE-2026-46595#276

Merged
vangie merged 3 commits into
babelcloud:mainfrom
violet-hastings:fix/dependabot-x-crypto-cve-2026-46595
Jul 16, 2026
Merged

fix(cli): upgrade x/crypto for CVE-2026-46595#276
vangie merged 3 commits into
babelcloud:mainfrom
violet-hastings:fix/dependabot-x-crypto-cve-2026-46595

Conversation

@violet-hastings

Copy link
Copy Markdown
Contributor

Summary

  • upgrade golang.org/x/crypto from v0.37.0 to the first patched release v0.52.0
  • align golang.org/x/{net,sys,term,text} with the versions required by x/crypto v0.52.0
  • address GHSA-x527-x647-q7gg / CVE-2026-46595

Validation

  • verified versions and checksums against proxy.golang.org / sum.golang.org
  • full Go tests were not run locally because Go was not installed and the toolchain download was blocked by the current network issue

Dependabot alert: Critical, packages/cli/go.mod.

@vangie vangie merged commit 2e83ee8 into babelcloud:main Jul 16, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants