chore(deps): update module golang.org/x/crypto to v0.35.0 [security] - autoclosed (!527) · Merge requests · The Tor Project / Anti-censorship / Pluggable Transports / Snowflake

This MR contains the following updates:

Package	Type	Update	Change
golang.org/x/crypto	require	minor	`v0.33.0` -> `v0.35.0`

Potential denial of service in golang.org/x/crypto

CVE-2025-22869 / GO-2025-3487

More information

Details

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

chore(deps): update module golang.org/x/crypto to v0.35.0 [security] - autoclosed

Potential denial of service in golang.org/x/crypto

Details

Severity

References

Configuration

Merge request reports