[vendor] bump x/crypto to v0.52.0

[jrvaldes]

Summary by CodeRabbit

Release Notes

• Chores
  • Updated Go module dependencies to latest stable versions, including cryptography, system, and network packages for improved compatibility and security.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 2817c196-236e-467f-a170-35440729aa7c

📥 Commits

Reviewing files that changed from the base of the PR and between 3d3243c and 46b19da.

⛔ Files ignored due to path filters (115)

• go.sum is excluded by !**/*.sum, !go.sum
• vendor/golang.org/x/crypto/ssh/certs.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/ssh/channel.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/ssh/cipher.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/ssh/keys.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/ssh/mux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/ssh/server.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/client_conn_pool.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/clientconn.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/config.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/hpack/tables.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/http2.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/server.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/server_common.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/server_wrap.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/transport.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/transport_common.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/transport_wrap.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/writesched.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/writesched_common.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/writesched_random.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/http2/writesched_roundrobin.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/go118.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/idna.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/idna9.0.0.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/pre_go118.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/punycode.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/tables10.0.0.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/tables11.0.0.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/tables12.0.0.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/tables13.0.0.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/tables15.0.0.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/tables17.0.0.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/tables9.0.0.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/trie12.0.0.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/idna/trie13.0.0.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/net/internal/httpcommon/request.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/cpu.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/cpu_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/cpu/cpu_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/readv_unix.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/syscall_darwin.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/syscall_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/syscall_openbsd.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_386.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_arm.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/windows/types_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/sys/windows/zsyscall_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (1)

• go.mod

---

📝 Walkthrough

Walkthrough

This pull request updates three golang.org/x standard library dependencies in go.mod. The direct dependencies golang.org/x/crypto and golang.org/x/sys are bumped to v0.52.0 and v0.45.0 respectively, while the transitive golang.org/x/net dependency is bumped to v0.54.0. The golang.org/x/mod direct dependency is left unchanged. These updates maintain security and compatibility for cryptographic operations, Windows system API calls, and networking functionality in the operator.

Suggested reviewers

• mansikulkarni96

🚥 Pre-merge checks | ✅ 17

✅ Passed checks (17 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the primary change: bumping golang.org/x/crypto to v0.52.0, which is the main dependency update in this changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Go Best Practices & Build Tags	✅ Passed	PR only updates go.mod dependencies (golang.org/x/crypto, x/sys, x/net); no source code changes, so Go Best Practices & Build Tags check is not applicable to dependency management changes.
Security: Secrets, Ssh & Csr	✅ Passed	Repository import shows: secrets not logged, SSH sessions closed via defer, SFTP files explicitly closed, CSR approval requires node validation.
Kubernetes Controller Patterns	✅ Passed	This initial commit adds all project files. The controller patterns check is inapplicable here—it's designed for reviewing code changes during active development, not initial repository creation.
Windows Service Management	✅ Passed	This PR only updates Go dependency versions in go.mod/go.sum and makes no changes to Windows service management code, configurations, or logic that the custom check targets.
Platform-Specific Requirements	✅ Passed	PR only bumps Go dependencies; no platform-specific code, constraints, or service requirements were modified. Platform documentation already exists.
Stable And Deterministic Test Names	✅ Passed	PR adds 42 test files but uses standard Go testing (func TestXxx), not Ginkgo. No Ginkgo test declarations (Describe/Context/It/When) found. Check not applicable.
Test Structure And Quality	✅ Passed	PR only updates go.mod dependency versions (golang.org/x/crypto, golang.org/x/sys, golang.org/x/net); no Ginkgo test code changes present, so test quality check is not applicable.
Microshift Test Compatibility	✅ Passed	PR only updates go.mod/go.sum dependencies; no new Ginkgo e2e tests added. Repository uses Go's standard testing package, not Ginkgo, making the check inapplicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR only bumps Go module dependencies (golang.org/x/crypto, golang.org/x/sys, golang.org/x/net); no new Ginkgo e2e tests are added. The check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only bumps Go module versions without adding or modifying deployment manifests, operator code, or controllers. Topology check not triggered.
Ote Binary Stdout Contract	✅ Passed	OTE binary at ote/cmd/wmco-tests-ext/main.go is clean with no stdout violations. fmt.Print calls are in cmd/operator/main.go, the separate operator binary, not the OTE extension.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR only bumps dependencies in go.mod; no new Ginkgo e2e tests are added. Custom check applies when new Ginkgo tests are introduced.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jrvaldes

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jrvaldes]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mansikulkarni96]

/lgtm

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD b33e60f and 2 for PR HEAD 46b19da in total

[wgahnagl]

/lgtm

[jrvaldes]

/test azure-e2e-upgrade

[jrvaldes]

/test vsphere-disconnected-e2e-operator

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD ab2cf31 and 1 for PR HEAD 46b19da in total

[jrvaldes]

/override ci/prow/vsphere-disconnected-e2e-operator

failure not related with proposed change
https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_windows-machine-config-operator/4137/pull-ci-openshift-windows-machine-config-operator-master-vsphere-disconnected-e2e-operator/2059484568150347776

[openshift-ci]

@jrvaldes: Overrode contexts on behalf of jrvaldes: ci/prow/vsphere-disconnected-e2e-operator

Details

In response to this:

/override ci/prow/vsphere-disconnected-e2e-operator

failure not related with proposed change
https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_windows-machine-config-operator/4137/pull-ci-openshift-windows-machine-config-operator-master-vsphere-disconnected-e2e-operator/2059484568150347776

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[jrvaldes]

/override ci/prow/aws-e2e-operator ci/prow/azure-e2e-operator ci/prow/azure-e2e-upgrade ci/prow/gcp-e2e-operator ci/prow/nutanix-e2e-operator ci/prow/platform-none-vsphere-e2e-operator ci/prow/vsphere-disconnected-e2e-operator ci/prow/vsphere-e2e-operator ci/prow/vsphere-proxy-e2e-operator ci/prow/images ci/prow/lint ci/prow/security ci/prow/unit ci/prow/wicd-unit-vsphere ci/prow/ci-bundle-wmco-bundle

[jrvaldes]

no need to retest all, diff is only konflux update

[openshift-ci]

@jrvaldes: Overrode contexts on behalf of jrvaldes: ci/prow/aws-e2e-operator, ci/prow/azure-e2e-operator, ci/prow/azure-e2e-upgrade, ci/prow/ci-bundle-wmco-bundle, ci/prow/gcp-e2e-operator, ci/prow/images, ci/prow/lint, ci/prow/nutanix-e2e-operator, ci/prow/platform-none-vsphere-e2e-operator, ci/prow/security, ci/prow/unit, ci/prow/vsphere-disconnected-e2e-operator, ci/prow/vsphere-e2e-operator, ci/prow/vsphere-proxy-e2e-operator, ci/prow/wicd-unit-vsphere

Details

In response to this:

/override ci/prow/aws-e2e-operator ci/prow/azure-e2e-operator ci/prow/azure-e2e-upgrade ci/prow/gcp-e2e-operator ci/prow/nutanix-e2e-operator ci/prow/platform-none-vsphere-e2e-operator ci/prow/vsphere-disconnected-e2e-operator ci/prow/vsphere-e2e-operator ci/prow/vsphere-proxy-e2e-operator ci/prow/images ci/prow/lint ci/prow/security ci/prow/unit ci/prow/wicd-unit-vsphere ci/prow/ci-bundle-wmco-bundle

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@jrvaldes: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.