Skip to content

build(deps): bump golang.org/x/crypto from 0.17.0 to 0.31.0 in /gokrazy/tsapp/builddir/github.com/gokrazy/breakglass#2

Open
dependabot[bot] wants to merge 11 commits intoprod-stagingfrom
dependabot/go_modules/gokrazy/tsapp/builddir/github.com/gokrazy/breakglass/golang.org/x/crypto-0.31.0
Open

build(deps): bump golang.org/x/crypto from 0.17.0 to 0.31.0 in /gokrazy/tsapp/builddir/github.com/gokrazy/breakglass#2
dependabot[bot] wants to merge 11 commits intoprod-stagingfrom
dependabot/go_modules/gokrazy/tsapp/builddir/github.com/gokrazy/breakglass/golang.org/x/crypto-0.31.0

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 4, 2025
edited
Loading

Bumps golang.org/x/crypto from 0.17.0 to 0.31.0.

Commits
  • b4f1988 ssh: make the public key cache a 1-entry FIFO cache
  • 7042ebc openpgp/clearsign: just use rand.Reader in tests
  • 3e90321 go.mod: update golang.org/x dependencies
  • 8c4e668 x509roots/fallback: update bundle
  • 6018723 go.mod: update golang.org/x dependencies
  • 71ed71b README: don't recommend go get
  • 750a45f sha3: add MarshalBinary, AppendBinary, and UnmarshalBinary
  • 36b1725 sha3: avoid trailing permutation
  • 80ea76e sha3: fix padding for long cSHAKE parameters
  • c17aa50 sha3: avoid buffer copy
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 4, 2025
barnstar and others added 10 commits May 21, 2025 15:10
@barnstar
VERSION.txt: this is v1.84.0 (tailscale#16041)
0b36774 
Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
@barnstar
ipn: set RouteAll=true by default for new accounts on iOS and Android (
914acdc 
…tailscale#16110)

fixes tailscale#16082

RouteAll should be true by default on iOS and Android.

Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
(cherry picked from commit 842df37)
@barnstar
net/dns: cache dns.Config for reuse when compileConfig fails (tailsca…
c417248 
…le#16059)

fixes tailscale/corp#25612

We now keep track of any dns configurations which we could not
compile. This gives RecompileDNSConfig a configuration to
attempt to recompile and apply when the OS pokes us to indicate
that the interface dns servers have changed/updated.   The manager config
will remain unset until we have the required information to compile
it correctly which should eliminate the problematic SERVFAIL
responses (especially on macOS 15).

This also removes the missingUpstreamRecovery func in the forwarder
which is no longer required now that we have proper error handling
and recovery manager and the client.

Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
(cherry picked from commit 5e54819)
@barnstar
VERSION.txt: this is v1.84.1
72ec281
@irbekrm
cmd/containerboot: allow setting --accept-dns via TS_EXTRA_ARGS again (
f1b8c4a 
…tailscale#16129) (tailscale#16140)

In 1.84 we made 'tailscale set'/'tailscale up' error out if duplicate
command line flags are passed.
This broke some container configurations as we have two env vars that
can be used to set --accept-dns flag:
- TS_ACCEPT_DNS- specifically for --accept-dns
- TS_EXTRA_ARGS- accepts any arbitrary 'tailscale up'/'tailscale set'
flag.

We default TS_ACCEPT_DNS to false (to make the container behaviour more
declarative), which with the new restrictive CLI behaviour resulted in
failure for users who had set --accept-dns via TS_EXTRA_ARGS as the flag would be
provided twice.

This PR re-instates the previous behaviour by checking if TS_EXTRA_ARGS
contains --accept-dns flag and if so using its value to override TS_ACCEPT_DNS.

Updates tailscale#16108


(cherry picked from commit 5b670eb)

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
@ChaosInTheCRD
cmd/k8s-operator: explicitly set tcp on VIPService port configuration…
2e915f4 
… for Ingress with ProxyGroup (tailscale#16199) (tailscale#16226)

Updates tailscale/corp#24795


(cherry picked from commit 4456f77)

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
@nickoneill
VERSION.txt: this is v1.84.2 (tailscale#16232)
5f702f4 
Signed-off-by: Nick O'Neill <nick@tailscale.com>
@craciunoiuc
net/netmon: Do not populate interfaces with 'ukp' ones
155e346 
Signed-off-by: Cezar Craciunoiu <cezar.craciunoiu@gmail.com>
@craciunoiuc
build_dist.sh: Statically link binaries
d5dc6f7 
Signed-off-by: Cezar Craciunoiu <cezar.craciunoiu@gmail.com>
@craciunoiuc
release: Add nfpm for releasing debian packages
35e8e36 
Signed-off-by: Cezar Craciunoiu <cezar.craciunoiu@gmail.com>
Signed-off-by: Simon Kuenzer <simon@unikraft.io>
@nderjung
Copy link
Member

nderjung commented Jun 16, 2025

@dependabot rebase

@dependabot
build(deps): bump golang.org/x/crypto
ba548ab 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.17.0 to 0.31.0.
- [Commits](golang/crypto@v0.17.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/gokrazy/tsapp/builddir/github.com/gokrazy/breakglass/golang.org/x/crypto-0.31.0 branch from eba1081 to ba548ab Compare June 16, 2025 20:51
@skuenzer skuenzer force-pushed the prod-staging branch 7 times, most recently from 12f1937 to bd45376 Compare October 30, 2025 14:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@nderjung @barnstar @irbekrm @ChaosInTheCRD @nickoneill @craciunoiuc