Skip to content

chore(deps): bump golang.org/x/crypto from 0.40.0 to 0.52.0#739

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/golang.org/x/crypto-0.52.0
Open

chore(deps): bump golang.org/x/crypto from 0.40.0 to 0.52.0#739
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/golang.org/x/crypto-0.52.0

chore(deps): bump golang.org/x/crypto from 0.40.0 to 0.52.0

4b6aa65
Select commit
Loading
Failed to load commit list.
Kusari Inspector / Kusari Inspector succeeded Jul 10, 2026 in 1m 24s

Security Analysis Passed

No security issues found

Details

Kusari Inspector

Kusari Analysis Results:

Proceed with these changes

✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.

Both dependency and code security analyses independently recommend proceeding with this PR. The dependency upgrade of golang.org/x/crypto from v0.40.0 to v0.52.0 is a net security improvement, resolving 15+ known CVEs covering SSH auth bypasses, denial-of-service via panics, memory leaks, and infinite loops. Transitive updates to x/sys, x/term, and x/text are clean with no active advisories. The only advisory present in the new version (GO-2026-5932) pertains to the openpgp subpackage being unmaintained by design — this carries no CVE ID, no CVSS score, and no EPSS data, and is not relevant to kubesec's use case. The code analysis found zero issues across all severity categories in the modified go.mod and go.sum files, with no exposed secrets or workflow concerns. The combined risk profile strongly favors merging, as the benefit of eliminating 15+ active vulnerabilities significantly outweighs the negligible risk introduced by the openpgp advisory.

Note

View full detailed analysis result for more information on the output and the checks that were run.


@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 4b6aa65, performed at: 2026-07-10T17:09:06Z