Skip to content

chore(deps): weekly safe go updates · 4 packages#325

Open
mendral-app[bot] wants to merge 1 commit into
mainfrom
mendral/deps/weekly-safe-go-20260615
Open

chore(deps): weekly safe go updates · 4 packages#325
mendral-app[bot] wants to merge 1 commit into
mainfrom
mendral/deps/weekly-safe-go-20260615

Conversation

@mendral-app

@mendral-app mendral-app Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Packages bumped

Package Old New Type
golang.org/x/crypto v0.36.0 v0.53.0 indirect
golang.org/x/net v0.38.0 v0.55.0 indirect
golang.org/x/sync v0.20.0 v0.21.0 indirect
golang.org/x/text v0.30.0 v0.38.0 indirect
Per-package details

golang.org/x/crypto v0.36.0 → v0.53.0

  • Standard library extension for cryptographic primitives
  • Used indirectly (transitive dep via x/net, x/term, ssh, etc.)
  • No breaking API changes between minor versions in x/ packages
  • Includes accumulated security hardening and bug fixes across 17 minor releases

golang.org/x/net v0.38.0 → v0.55.0

  • Pulled transitively as a requirement of x/crypto v0.53.0
  • Fixes GO-2026-4918: Infinite loop in HTTP/2 transport with malformed SETTINGS_MAX_FRAME_SIZE (fixed in v0.53.0)
  • This codebase uses HTTP clients (websocket dialer, API calls) — the fix is relevant
  • No breaking API changes

golang.org/x/sync v0.20.0 → v0.21.0

  • Concurrency primitives (errgroup, singleflight, semaphore)
  • Used indirectly via charmbracelet packages
  • Single minor version bump, no breaking changes

golang.org/x/text v0.30.0 → v0.38.0

  • Unicode text processing (encoding, language, transform)
  • Used indirectly via glamour/markdown rendering chain
  • No breaking API changes between minor versions

Files modified

  • go.mod
  • go.sum
Skipped this ecosystem
Package Reason
github.com/jedib0t/go-pretty/v6 Open PR #322 (→ v6.8.1)
github.com/blaxel-ai/sdk-go Open PR #311 (→ v0.22.0)
github.com/Masterminds/semver/v3 Open PR #295 (→ v3.5.0)
github.com/getsentry/sentry-go Open PR #294 (→ v0.46.2)
golang.org/x/sys Already at latest tagged release (v0.46.0)
golang.org/x/term Already at latest tagged release (v0.44.0)
github.com/charmbracelet/* All at latest tagged releases
github.com/spf13/cobra Already at latest (v1.10.2)
github.com/stretchr/testify Already at latest (v1.11.1)
github.com/BurntSushi/toml Already at latest (v1.6.0)
github.com/fatih/color Already at latest (v1.19.0)
github.com/gorilla/websocket Already at latest (v1.5.3)
github.com/creack/pty Already at latest (v1.1.24)
github.com/joho/godotenv Already at latest stable (v1.5.1; v1.6.0-pre.1 is pre-release)

Note

Created by Mendral. Tag @mendral-app with feedback or questions.

@mendral-app
chore(deps): bump golang.org/x/{crypto,net,sync,text} to latest eligi…
a548668 
…ble versions

- golang.org/x/crypto v0.36.0 → v0.53.0
- golang.org/x/net v0.38.0 → v0.55.0 (transitive requirement)
- golang.org/x/sync v0.20.0 → v0.21.0
- golang.org/x/text v0.30.0 → v0.38.0
@mendral-app mendral-app Bot requested a review from a team June 15, 2026 09:12
@mendral-app mendral-app Bot marked this pull request as ready for review June 15, 2026 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants