security: bump golang.org/x/crypto to v0.48.0

Fixes two moderate GitHub security alerts: - CVE: ssh allows unbounded memory consumption via GSSAPI OIDs - CVE: ssh/agent panic on malformed constraint (out of bounds read) Also bumps transitive deps: x/net v0.49.0, x/sys v0.41.0, x/text v0.34.0.
2026-03-21 23:22:34 +01:00 · 2026-02-16 19:10:18 +01:00
parent 10e09630a6
commit 5e0d578670
2 changed files with 12 additions and 12 deletions
--- a/go.mod
+++ b/go.mod
@@ -10,8 +10,8 @@ require (
 	github.com/lib/pq v1.10.9
 	github.com/spf13/viper v1.17.0
 	go.uber.org/zap v1.26.0
-	golang.org/x/crypto v0.36.0
-	golang.org/x/text v0.23.0
+	golang.org/x/crypto v0.48.0
+	golang.org/x/text v0.34.0
 )

 require (
@@ -31,8 +31,8 @@ require (
 	github.com/subosito/gotenv v1.6.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/net v0.49.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )