Merge pull request #2 from retailnext/dependabot/go_modules/golang.org/x/crypto-0.47.0

dineshudayakumar · web-flow · commit 4bc7acedba6c · 2026-01-16T16:58:49.000-05:00
Bump golang.org/x/crypto from 0.45.0 to 0.47.0
diff --git a/go.mod b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/google/go-cmp v0.7.0
 	github.com/mattermost/xml-roundtrip-validator v0.1.0
 	github.com/russellhaering/goxmldsig v1.5.0
-	golang.org/x/crypto v0.45.0
+	golang.org/x/crypto v0.47.0
 	gotest.tools v2.2.0+incompatible
 )
 
diff --git a/go.sum b/go.sum
@@ -21,8 +21,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
-golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
+golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
diff --git a/service_provider_test.go b/service_provider_test.go
@@ -1433,8 +1433,8 @@ func TestXswPermutationSevenIsRejected(t *testing.T) {
 	req.PostForm.Set("SAMLResponse", string(respStr))
 	_, err = s.ParseResponse(&req, []string{"ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"})
 	// It's the assertion signature that can't be verified. The error message is generic and always mentions Response
-	assert.Check(t, is.Error(err.(*InvalidResponseError).PrivateErr,
-		"cannot validate signature on Assertion: Signature could not be verified"))
+	assert.Check(t, is.ErrorContains(err.(*InvalidResponseError).PrivateErr,
+		"cannot validate signature on Assertion:"))
 }
 
 func TestXswPermutationEightIsRejected(t *testing.T) {
@@ -1464,8 +1464,8 @@ func TestXswPermutationEightIsRejected(t *testing.T) {
 	req.PostForm.Set("SAMLResponse", string(respStr))
 	_, err = s.ParseResponse(&req, []string{"ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685"})
 	// It's the assertion signature that can't be verified. The error message is generic and always mentions Response
-	assert.Check(t, is.Error(err.(*InvalidResponseError).PrivateErr,
-		"cannot validate signature on Assertion: Signature could not be verified"))
+	assert.Check(t, is.ErrorContains(err.(*InvalidResponseError).PrivateErr,
+		"cannot validate signature on Assertion:"))
 }
 
 func TestXswPermutationNineIsRejected(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ require (`
`8`	`8`	`github.com/google/go-cmp v0.7.0`
`9`	`9`	`github.com/mattermost/xml-roundtrip-validator v0.1.0`
`10`	`10`	`github.com/russellhaering/goxmldsig v1.5.0`
`11`		`- golang.org/x/crypto v0.45.0`
	`11`	`+ golang.org/x/crypto v0.47.0`
`12`	`12`	`gotest.tools v2.2.0+incompatible`
`13`	`13`	`)`
`14`	`14`