From 33aff642b146e6cebdecbf4278b5503b9c0c25fb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" Date: Sat, 21 Mar 2026 10:38:08 +0000 Subject: [PATCH] fix(deps): update module github.com/russellhaering/goxmldsig to v1.6.0 (#32) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/russellhaering/goxmldsig](https://github.com/russellhaering/goxmldsig) | `v1.5.0` → `v1.6.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2frussellhaering%2fgoxmldsig/v1.6.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2frussellhaering%2fgoxmldsig/v1.5.0/v1.6.0?slim=true) | --- ### Release Notes
russellhaering/goxmldsig (github.com/russellhaering/goxmldsig) ### [`v1.6.0`](https://github.com/russellhaering/goxmldsig/releases/tag/v1.6.0) [Compare Source](https://github.com/russellhaering/goxmldsig/compare/v1.5.0...v1.6.0) #### What's Changed - **Security:** Fix possible signature validation bypass caused by loop variable capture in `validateSignature` (GHSA-479m-364c-43vc) - Bump minimum Go version to 1.23 - Bump `github.com/beevik/etree` to v1.6.0 - Add fuzz tests for XML signature validation and canonicalization **Full Changelog**:
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://git.tainton.uk/repos/saml-oidc-bridge/pulls/32 Co-authored-by: renovate[bot] Co-committed-by: renovate[bot] --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 37612ed..cbb669f 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/coreos/go-oidc/v3 v3.17.0 github.com/crewjam/saml v0.5.1 github.com/fsnotify/fsnotify v1.9.0 - github.com/russellhaering/goxmldsig v1.5.0 + github.com/russellhaering/goxmldsig v1.6.0 golang.org/x/oauth2 v0.36.0 gopkg.in/yaml.v3 v3.0.1 ) diff --git a/go.sum b/go.sum index 565a248..3ddab91 100644 --- a/go.sum +++ b/go.sum @@ -46,6 +46,8 @@ github.com/russellhaering/goxmldsig v1.4.0 h1:8UcDh/xGyQiyrW+Fq5t8f+l2DLB1+zlhYz github.com/russellhaering/goxmldsig v1.4.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw= github.com/russellhaering/goxmldsig v1.5.0 h1:AU2UkkYIUOTyZRbe08XMThaOCelArgvNfYapcmSjBNw= github.com/russellhaering/goxmldsig v1.5.0/go.mod h1:x98CjQNFJcWfMxeOrMnMKg70lvDP6tE0nTaeUnjXDmk= +github.com/russellhaering/goxmldsig v1.6.0 h1:8fdWXEPh2k/NZNQBPFNoVfS3JmzS4ZprY/sAOpKQLks= +github.com/russellhaering/goxmldsig v1.6.0/go.mod h1:TrnaquDcYxWXfJrOjeMBTX4mLBeYAqaHEyUeWPxZlBM= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=