Skip to content

build(deps): bump github.com/sirosfoundation/go-cryptoutil from 0.5.0 to 0.6.0 in the go-deps group#22

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-deps-f01e5c0f73
Open

build(deps): bump github.com/sirosfoundation/go-cryptoutil from 0.5.0 to 0.6.0 in the go-deps group#22
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go-deps-f01e5c0f73

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 11, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-deps group with 1 update: github.com/sirosfoundation/go-cryptoutil.

Updates github.com/sirosfoundation/go-cryptoutil from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/sirosfoundation/go-cryptoutil's releases.

v0.6.0 — pkcs11pool stability fixes

Changes

Bug fixes

  • Pool slot leak on recovery failure (): When RecoverSession fails, the broken session is now returned to the pool via Release() instead of being closed directly via ctx.CloseSession(). This preserves the pool channel capacity — the next caller will trigger a new recovery attempt and replace the broken session properly.

  • CKA_ID double-encoding in ListECKeys (): GenerateECKey stores CKA_ID as the ASCII bytes of the hex kid string. ListECKeys was re-encoding those bytes with hex.EncodeToString, producing a hex-of-hex value. Fixed to use string(attrs[0].Value) for correct round-tripping.

  • General pkcs11pool robustness (PR #19): Acquire/Release/Close guards, login tolerance, session recovery ordering, token label trimming.

Tests

  • SoftHSM2 integration tests covering pool lifecycle, key generation, signing, ECDH, listing, recovery, and error paths (71.5% statement coverage).
Commits
  • c762f0c fix(pkcs11pool): address remaining Copilot review findings
  • c186cd7 fix(pkcs11pool): address Copilot code review findings (#19)
  • c328080 feat: add pkcs11pool shared PKCS#11 session pool library (#18)
  • c6b0d98 fix: standardize LICENSE to BSD-2-Clause attributed to SIROS Foundation (#17)
  • 3eb88fb fix: replace write-all with scoped workflow permissions (#15)
  • 9a4ca84 fix: replace read-all with specific permissions in scorecard workflow (#14)
  • e5cd310 ci: add SonarCloud and OpenSSF Scorecard workflows (#12)
  • 473ab79 chore(deps): bump the go-deps group in /brainpool with 2 updates (#6)
  • d238a57 chore(deps): bump the github-actions group with 4 updates (#7)
  • 95ee00e ci: use go-version-file instead of hardcoded version (#8)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-deps group with 1 update: [github.com/sirosfoundation/go-cryptoutil](https://github.com/sirosfoundation/go-cryptoutil).


Updates `github.com/sirosfoundation/go-cryptoutil` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/sirosfoundation/go-cryptoutil/releases)
- [Commits](sirosfoundation/go-cryptoutil@v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/sirosfoundation/go-cryptoutil
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants