v5: Bump Go and dependencies #1436

pjbgf · 2025-02-26T22:50:14Z

Bump Go and dependencies to mitigate GO-2025-3487.

This violates go-git's support for last 3 stable Go versions. Given that v5 is in maintainence mode, users that must be on Go 1.22 can wait to bump to a new release, while we can still provide a fix for users that don't have that requirement.

Signed-off-by: Paulo Gomes <pjbgf@linux.com>

Bumps overall dependencies for the v5 release. The x/crypto dependency requires toolchain above go1.22, which violates the current support for last 3 stable Go versions. Given that this is required to mitigate GO-2025-3487, we are going ahead with this change. Users that must be in older versions of Go can wait to bump if they so wish. Signed-off-by: Paulo Gomes <pjbgf@linux.com>

pjbgf added 2 commits February 26, 2025 18:01

8000 build: Bump Go versions

b2c1ec9

Signed-off-by: Paulo Gomes <pjbgf@linux.com>

pjbgf requested review from mcuadros and aymanbagabas February 26, 2025 22:50

pjbgf mentioned this pull request Feb 26, 2025

build: bump golang.org/x/crypto from 0.33.0 to 0.35.0 in the golang-org group across 1 directory #1435

Closed

aymanbagabas approved these changes Feb 27, 2025

View reviewed changes

pjbgf merged commit 863c621 into go-git:releases/v5.x Feb 27, 2025
12 of 13 checks passed

pjbgf deleted the v5-bumps branch February 27, 2025 13:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

v5: Bump Go and dependencies #1436

v5: Bump Go and dependencies #1436

Uh oh!

Uh oh!

Uh oh!

Uh oh!

v5: Bump Go and dependencies #1436

v5: Bump Go and dependencies #1436

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!