[deps] Update golang.org/x/crypto from v0.49.0 to v0.50.0

[github-actions]

Summary

Update golang.org/x/crypto dependency from v0.49.0 to v0.50.0. This is a security-sensitive cryptographic package maintained by the Go team.

Current State

• Package: golang.org/x/crypto
• Current Version: v0.49.0
• Proposed Version: v0.50.0
• Update Type: Minor version update (single increment)
• Released: April 9, 2026

Why Separate Issue

⚠️ Minor version update for a security-critical package

• This is a minor version update (v0.49.0 → v0.50.0)
• Security-sensitive cryptographic library requires careful review
• New Go release cycle update — may add new APIs or behavior changes
• The package has had past security vulnerabilities (GO-2025-4116, GO-2025-4134, GO-2025-4135) in older versions — v0.49.0 was already patched, but staying current is important

Safety Assessment

⚠️ Requires careful review

• Minor version update to a cryptographic package
• golang.org/x packages are released monthly in sync with Go release cycles
• Typically backward compatible, but security-sensitive packages warrant individual attention
• Previous versions (≤v0.47.0) contained SSH vulnerabilities (GO-2025-4134, GO-2025-4135) — v0.49.0 and v0.50.0 are both patched
• Verify no API changes affect existing usage of ssh, bcrypt, or other crypto primitives

Changes

• Monthly Go team release (April 9, 2026)
• Part of the regular golang.org/x release cycle aligned with Go toolchain updates
• Likely includes bug fixes, performance improvements, and support for new Go standard library functions
• Full changes available at the commit history link below

Links

• [Source Repository]((go.googlesource.com/redacted)
• [Commit History]((go.googlesource.com/redacted)
• Go Package (v0.50.0)
• Vulnerability History

Note: This package is hosted on Google's Git (go.googlesource.com), not GitHub. There are no GitHub release pages.

Recommended Action

go get -u golang.org/x/crypto@v0.50.0
go mod tidy

Testing Notes

• Run all tests: make test
• Verify SSH/crypto functionality if used
• Check for any deprecation warnings
• Run security scan: make test-security

Warning

⚠️ Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• go.googlesource.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "go.googlesource.com"

See Network Configuration for more information.

Note

🔒 Integrity filter blocked 20 items

The following items were blocked because they don't meet the GitHub integrity level.

• golang/mod@03901d3 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/mod@1ac721d list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/mod@fb1fac8 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/mod@27761a2 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/mod@4c04067 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/term@52b71d3 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/term@9d2dc07 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/term@d954e03 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/term@3aff304 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/term@a7e5b04 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/crypto@03ca0dc list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/crypto@8400f4a list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/crypto@81c6cb3 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/crypto@982eaa6 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/crypto@159944f list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• golang/crypto@a408498 list_commits: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• ... and 4 more items

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by Dependabot Dependency Checker · ● 1.1M · ◷

• expires on Apr 15, 2026, 10:08 AM UTC