Update module golang.org/x/crypto to v0.45.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
golang.org/x/crypto	v0.43.0 -> v0.45.0

GitHub Vulnerability Alerts

CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

CVE-2025-47914

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: integrationtests/go.sum

Command failed: go mod vendor
go: downloading go.opentelemetry.io/otel/trace v1.37.0
go: downloading go.opentelemetry.io/otel v1.37.0
go: downloading go.opentelemetry.io/otel/metric v1.37.0
go: downloading github.com/go-logr/logr v1.4.3
go: downloading golang.org/x/sync v0.14.0
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/tools imports
	golang.org/x/sys/unix: missing go.sum entry for module providing package golang.org/x/sys/unix (imported by github.com/bitrise-io/bitrise/v2/tools); to add:
	go get github.com/bitrise-io/bitrise/v2/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/bitrise imports
	github.com/bitrise-io/goinp/goinp imports
	golang.org/x/crypto/ssh/terminal: missing go.sum entry for module providing package golang.org/x/crypto/ssh/terminal (imported by github.com/bitrise-io/goinp/goinp); to add:
	go get github.com/bitrise-io/goinp/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/envman/v2/cli imports
	github.com/sirupsen/logrus imports
	golang.org/x/sys/windows: missing go.sum entry for module providing package golang.org/x/sys/windows (imported by github.com/sirupsen/logrus); to add:
	go get github.com/sirupsen/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/ProtonMail/go-crypto/openpgp imports
	golang.org/x/crypto/sha3: missing go.sum entry for module providing package golang.org/x/crypto/sha3 (imported by github.com/ProtonMail/go-crypto/openpgp); to add:
	go get github.com/ProtonMail/go-crypto/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/ProtonMail/go-crypto/openpgp/packet imports
	golang.org/x/crypto/hkdf: missing go.sum entry for module providing package golang.org/x/crypto/hkdf (imported by github.com/ProtonMail/go-crypto/openpgp/packet); to add:
	go get github.com/ProtonMail/go-crypto/openpgp/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/ProtonMail/go-crypto/openpgp imports
	github.com/ProtonMail/go-crypto/openpgp/internal/algorithm imports
	golang.org/x/crypto/cast5: missing go.sum entry for module providing package golang.org/x/crypto/cast5 (imported by github.com/ProtonMail/go-crypto/openpgp/internal/algorithm); to add:
	go get github.com/ProtonMail/go-crypto/openpgp/internal/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/ProtonMail/go-crypto/openpgp/packet imports
	github.com/ProtonMail/go-crypto/openpgp/s2k imports
	golang.org/x/crypto/argon2: missing go.sum entry for module providing package golang.org/x/crypto/argon2 (imported by github.com/ProtonMail/go-crypto/openpgp/s2k); to add:
	go get github.com/ProtonMail/go-crypto/openpgp/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/go-git/go-git/v5/plumbing/transport/client imports
	github.com/go-git/go-git/v5/plumbing/transport/file imports
	golang.org/x/sys/execabs: missing go.sum entry for module providing package golang.org/x/sys/execabs (imported by github.com/go-git/go-git/v5/plumbing/transport/file); to add:
	go get github.com/go-git/go-git/v5/plumbing/transport/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/go-git/go-git/v5/plumbing/transport/client imports
	github.com/go-git/go-git/v5/plumbing/transport/ssh imports
	golang.org/x/crypto/ssh: missing go.sum entry for module providing package golang.org/x/crypto/ssh (imported by github.com/go-git/go-git/v5/plumbing/transport/ssh); to add:
	go get github.com/go-git/go-git/v5/plumbing/transport/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/go-git/go-git/v5/plumbing/transport/client imports
	github.com/go-git/go-git/v5/plumbing/transport/ssh imports
	golang.org/x/net/proxy: missing go.sum entry for module providing package golang.org/x/net/proxy (imported by github.com/go-git/go-git/v5/plumbing/transport/ssh); to add:
	go get github.com/go-git/go-git/v5/plumbing/transport/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/go-git/go-git/v5/utils/ioutil imports
	github.com/jbenet/go-context/io imports
	golang.org/x/net/context: missing go.sum entry for module providing package golang.org/x/net/context (imported by github.com/jbenet/go-context/io); to add:
	go get github.com/jbenet/go-context/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/ProtonMail/go-crypto/openpgp imports
	github.com/ProtonMail/go-crypto/openpgp/internal/ecc imports
	github.com/cloudflare/circl/dh/x25519 imports
	golang.org/x/sys/cpu: missing go.sum entry for module providing package golang.org/x/sys/cpu (imported by github.com/cloudflare/circl/dh/x25519); to add:
	go get github.com/cloudflare/circl/dh/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/go-git/go-git/v5/plumbing/transport/client imports
	github.com/go-git/go-git/v5/plumbing/transport/ssh imports
	github.com/skeema/knownhosts imports
	golang.org/x/crypto/ssh/knownhosts: missing go.sum entry for module providing package golang.org/x/crypto/ssh/knownhosts (imported by github.com/skeema/knownhosts); to add:
	go get github.com/skeema/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/go-git/go-git/v5/plumbing/transport/client imports
	github.com/go-git/go-git/v5/plumbing/transport/ssh imports
	github.com/xanzy/ssh-agent imports
	golang.org/x/crypto/ssh/agent: missing go.sum entry for module providing package golang.org/x/crypto/ssh/agent (imported by github.com/xanzy/ssh-agent); to add:
	go get github.com/xanzy/[email protected]
go: github.com/bitrise-io/bitrise/v2/integrationtests/cli tested by
	github.com/bitrise-io/bitrise/v2/integrationtests/cli.test imports
	github.com/bitrise-io/bitrise/v2/cli imports
	github.com/bitrise-io/bitrise/v2/configmerge imports
	github.com/go-git/go-git/v5 imports
	github.com/ProtonMail/go-crypto/openpgp imports
	github.com/ProtonMail/go-crypto/openpgp/ed25519 imports
	github.com/cloudflare/circl/sign/ed25519 imports
	github.com/cloudflare/circl/internal/conv imports
	golang.org/x/crypto/cryptobyte: missing go.sum entry for module providing package golang.org/x/crypto/cryptobyte (imported by github.com/cloudflare/circl/internal/conv); to add:
	go get github.com/cloudflare/circl/internal/[email protected]

[bitrise]

Summary

Security update for golang.org/x/crypto from v0.43.0 to v0.45.0, addressing CVE-2025-58181 and CVE-2025-47914. Also updates golang.org/x/sys, golang.org/x/net, and golang.org/x/term dependencies.

Walkthrough

File	Summary
go.mod, go.sum, integrationtests/go.mod	Updated golang.org/x package dependencies: golang.org/x/sys (v0.37.0→v0.38.0), golang.org/x/crypto (v0.43.0→v0.45.0), golang.org/x/net (v0.45.0→v0.47.0), golang.org/x/term (v0.36.0→v0.37.0)
vendor/golang.org/x/crypto/ssh/*	Updated SSH implementation with security fixes for GSSAPI authentication validation and SSH Agent message handling
vendor/golang.org/x/crypto/sha3/*	Refactored SHA3 implementation: renamed sha3.go→legacy_hash.go, keccakf.go→legacy_keccakf.go, removed assembly files and noasm variants
vendor/golang.org/x/crypto/argon2/, chacha20/	Updated cryptographic primitives for Argon2 and ChaCha20
vendor/golang.org/x/sys/, vendor/golang.org/x/net/, vendor/golang.org/x/term/*	Updated system, network, and terminal packages with platform-specific improvements
vendor/github.com/bitrise-io/*/version.go, vendor/modules.txt	Updated vendor manifest and third-party dependency versions