Skip to content

Bump github.com/ProtonMail/go-crypto from 0.0.0-20230217124315-7d5c6f04bbb8 to 1.4.1#97

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/ProtonMail/go-crypto-1.4.1
Open

Bump github.com/ProtonMail/go-crypto from 0.0.0-20230217124315-7d5c6f04bbb8 to 1.4.1#97
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/ProtonMail/go-crypto-1.4.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/ProtonMail/go-crypto from 0.0.0-20230217124315-7d5c6f04bbb8 to 1.4.1.

Release notes

Sourced from github.com/ProtonMail/go-crypto's releases.

Release v1.4.1

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.4.0...v1.4.1

Release v1.4.1-proton

This release is v1.4.1 with support for the following non-standardized features:

Release v1.4.0

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.3.0...v1.4.0

Release v1.4.0-proton

This release is v1.4.0 with support for the following non-standardized features:

Release v1.3.0

What's Changed

Full Changelog: ProtonMail/go-crypto@v1.2.0...v1.3.0

Release v1.3.0-proton

This release is v1.3.0 with support for the following non-standardized features:

... (truncated)

Commits

@dependabot dependabot Bot added area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Jul 2, 2026
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Major version update detected for github.com/ProtonMail/go-crypto (0.0.0-20230217124315-7d5c6f04bbb8 -> 1.4.1). Auto-merge is disabled; manual review required.

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@dependabot[bot], you've reached your PR review limit, so we couldn't start this review.

Next review available in: 19 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 7d7d8a13-c25e-44ba-bab1-89c874ee777e

📥 Commits

Reviewing files that changed from the base of the PR and between a50cc2d and 0177912.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod

Walkthrough

This PR updates go.mod to bump several direct and indirect Go module dependency versions.

Changes

Dependency version updates

Layer / File(s) Summary
Module version bumps
go.mod
Updates indirect golang.org/x/sync and golang.org/x/text, and bumps github.com/ProtonMail/go-crypto, github.com/cloudflare/circl, golang.org/x/crypto, golang.org/x/net, and golang.org/x/sys.

Estimated code review effort: 1 (Trivial) | ~5 minutes

Possibly related issues

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main dependency upgrade in the PR and matches the primary change.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed No Ginkgo/BDD test files or titles are present in this PR; it only updates dependency metadata and app code, so there are no unstable test names to flag.
Test Structure And Quality ✅ Passed PR only bumps go.mod/go.sum; repo has no Ginkgo/Gomega tests or Eventually/Consistently usage, so the test-quality check is not applicable.
Microshift Test Compatibility ✅ Passed PASS: PR only updates go.mod/go.sum dependency versions; no new Ginkgo e2e tests or MicroShift-relevant API usages were added.
Single Node Openshift (Sno) Test Compatibility ✅ Passed PR only bumps go-crypto in go.mod/go.sum; repo shows no added Ginkgo e2e tests or SNO-sensitive test code.
Topology-Aware Scheduling Compatibility ✅ Passed PR only bumps Go dependencies in go.mod/go.sum; no manifests, operators, controllers, or scheduling constraints were added or modified.
Ote Binary Stdout Contract ✅ Passed PASS: The PR’s process-level code has no stdout writes—main.go init only registers commands, and no TestMain/Ginkgo setup or stdout logging hooks exist.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Only go.mod dependency versions changed; no new Ginkgo e2e tests or network-using test code were added.
No-Weak-Crypto ✅ Passed PR only changes go.mod/go.sum dependency versions; no source code adds weak ciphers, custom crypto, or secret comparisons.
Container-Privileges ✅ Passed PR only updates go.mod; no container/K8s manifests or privileged settings (privileged, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalation) are present.
No-Sensitive-Data-In-Logs ✅ Passed PR only updates go.mod/go.sum dependency versions; no logging code or sensitive literals were added.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/github.com/ProtonMail/go-crypto-1.4.1

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from robotmaxtron and tnierman July 2, 2026 06:11
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign tnierman for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 46: The module dependency for golang.org/x/oauth2 is still pinned to an
affected version, so update the requirement in go.mod to the fixed release that
addresses GO-2025-3488 / CVE-2025-22868. Keep the change scoped to the oauth2
entry and make sure any related dependency metadata remains consistent after the
bump.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b8900df2-46d1-4842-acaa-f2a5f3232870

📥 Commits

Reviewing files that changed from the base of the PR and between 146ff7d and f207495.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod

Comment thread go.mod Outdated
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/ProtonMail/go-crypto-1.4.1 branch 2 times, most recently from a50cc2d to 2f207f8 Compare July 2, 2026 06:36
@codecov-commenter

codecov-commenter commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (12a81aa) to head (0177912).

Additional details and impacted files
@@          Coverage Diff          @@
##            main     #97   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files         34      34           
  Lines       1594    1594           
=====================================
  Misses      1594    1594           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Bumps [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) from 0.0.0-20230217124315-7d5c6f04bbb8 to 1.4.1.
- [Release notes](https://github.com/ProtonMail/go-crypto/releases)
- [Commits](https://github.com/ProtonMail/go-crypto/commits/v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/ProtonMail/go-crypto
  dependency-version: 1.4.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/ProtonMail/go-crypto-1.4.1 branch from 2f207f8 to 0177912 Compare July 2, 2026 06:50
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@dependabot[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant