Skip to content

chore(deps): Bump golang.org/x/sys from 0.43.0 to 0.45.0#586

Merged
brunodam merged 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/sys-0.44.0
May 29, 2026
Merged

chore(deps): Bump golang.org/x/sys from 0.43.0 to 0.45.0#586
brunodam merged 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/sys-0.44.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 15, 2026
edited
Loading

Bumps golang.org/x/sys from 0.43.0 to 0.45.0.

Commits
  • 397d5f8 unix: update to Linux kernel 7.0
  • 0a387f7 cpu: detect zbc extension on riscv64
  • 758f71c cpu: add LLACQ_SCREL, SCQ, DBAR_HINTS detection for loong64
  • 99666ae unix: merge Linux readv/writev implementation with Darwin/OpenBSD
  • e4444cb windows: add NtSetEaFile, NtQueryEaFile and NtQueryInformationFile
  • 04396e8 unix: add Readv, Writev, Preadv, Pwritev for OpenBSD
  • fb1facd windows: avoid uint16 overflow in NewNTUnicodeString
  • 94ad893 windows: add GetIfTable2Ex, GetIpInterface{Entry,Table}, GetUnicastIpAddressT...
  • 54fe89f cpu: use IsProcessorFeaturePresent to calculate ARM64 on windows
  • df7d5d7 unix: automatically remove container created by mkall.sh
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 15, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 15, 2026 02:24
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 15, 2026
@dependabot dependabot Bot requested a review from crypto-pablo May 15, 2026 02:24
@dependabot dependabot Bot added the go Pull requests that update go code label May 15, 2026
@swirlds-automation
Copy link
Copy Markdown

swirlds-automation commented May 15, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@brunodam
Copy link
Copy Markdown
Contributor

brunodam commented May 29, 2026

@dependabot rebase

@dependabot
chore(deps): Bump golang.org/x/sys from 0.43.0 to 0.45.0
6e0f8db 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.43.0 to 0.45.0.
- [Commits](golang/sys@v0.43.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): Bump golang.org/x/sys from 0.43.0 to 0.44.0 chore(deps): Bump golang.org/x/sys from 0.43.0 to 0.45.0 May 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/sys-0.44.0 branch from 31b1839 to 6e0f8db Compare May 29, 2026 06:19
@brunodam
Copy link
Copy Markdown
Contributor

brunodam commented May 29, 2026

Dependabot review — no supply-chain concerns, one correctness note

Reviewed the diff for golang.org/x/sys: v0.43.0 -> v0.45.0 (Go module, direct dependency).

Supply-chain checks (clean):

  • Author is app/dependabot; branch is dependabot/go_modules/golang.org/x/sys-0.44.0.
  • Diff is scoped to go.mod and go.sum only — no unexpected file changes.
  • go mod verify passes on the new checksums.
  • Upstream v0.43.0...v0.45.0 compare (12 commits, 90 files): all changes are typical golang.org/x/sys content — syscall plumbing, generated zerrors_* / zsyscall_* / ztypes_* tables, new Linux affinity helpers (unix/readv_unix.go, unix/affinity_linux.go), and new Windows CPU/xattr support (cpu/cpu_windows.go, windows/xattr_test.go). No new network calls, no init-time side effects, no obfuscated payloads.
  • This is a Google-maintained golang.org/x/* module — commits flow through the standard Go review process.
  • Snyk + Wiz security scanners on this PR are green.

Note (non-security, correctness):

The PR updates go.mod/go.sum but does not update the vendored source. Per CLAUDE.md, the repo vendors all dependencies and vendor/golang.org/x/sys/ still contains the v0.43.0 sources. Build appears to pass, but the binary may not actually pick up the new code until go mod vendor is run on the branch. Worth regenerating the vendor tree before merging so the changes actually land.

Recommendation: Safe from a supply-chain standpoint. Run go mod vendor on the PR branch before merging.

Automated review by Claude. Findings flagged for human verification — this is a second pair of eyes, not a replacement for human review.

brunodam
brunodam approved these changes May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@brunodam brunodam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@brunodam brunodam merged commit f40e2bb into main May 29, 2026
16 checks passed
@brunodam brunodam deleted the dependabot/go_modules/golang.org/x/sys-0.44.0 branch May 29, 2026 21:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brunodam brunodam brunodam approved these changes

@crypto-pablo crypto-pablo Awaiting requested review from crypto-pablo crypto-pablo is a code owner automatically assigned from hashgraph/release-engineering

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@swirlds-automation @brunodam