Skip to content

fix(deps): bump github.com/Azure/go-ntlmssp from 0.0.0-20221128193559-754e69321358 to 0.1.1 in /service#3388

Merged
elizabethhealy merged 1 commit into
mainfrom
dependabot/go_modules/service/github.com/Azure/go-ntlmssp-0.1.1
Apr 27, 2026
Merged

fix(deps): bump github.com/Azure/go-ntlmssp from 0.0.0-20221128193559-754e69321358 to 0.1.1 in /service#3388
elizabethhealy merged 1 commit into
mainfrom
dependabot/go_modules/service/github.com/Azure/go-ntlmssp-0.1.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/Azure/go-ntlmssp from 0.0.0-20221128193559-754e69321358 to 0.1.1.

Release notes

Sourced from github.com/Azure/go-ntlmssp's releases.

v0.1.1

Fix CVE-2026-32952: A malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport.

v0.1.0

What's Changed

New Contributors

Full Changelog: Azure/go-ntlmssp@v0.0.1...v0.1.0

v0.0.1

What's Changed

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/Azure/go-ntlmssp](https://github.com/Azure/go-ntlmssp) from 0.0.0-20221128193559-754e69321358 to 0.1.1.
- [Release notes](https://github.com/Azure/go-ntlmssp/releases)
- [Commits](https://github.com/Azure/go-ntlmssp/commits/v0.1.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/go-ntlmssp
  dependency-version: 0.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 23, 2026
@dependabot
dependabot Bot requested review from a team as code owners April 23, 2026 21:25
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 23, 2026
@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 203.295898ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 105.096058ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 408.906673ms
Throughput 244.55 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 43.430702149s
Average Latency 432.532832ms
Throughput 115.13 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

  • examples
  • otdfctl
  • sdk
  • service
  • lib/fixtures
  • tests-bdd

See the workflow run for details.

@elizabethhealy
elizabethhealy added this pull request to the merge queue Apr 27, 2026
Merged via the queue into main with commit ef79989 Apr 27, 2026
41 checks passed
@elizabethhealy
elizabethhealy deleted the dependabot/go_modules/service/github.com/Azure/go-ntlmssp-0.1.1 branch April 27, 2026 15:54
JBCongdon pushed a commit to JBCongdon/platform that referenced this pull request May 24, 2026
🤖 I have created a release *beep* *boop*
---


##
[0.15.0](opentdf/platform@service/v0.14.0...service/v0.15.0)
(2026-05-06)


### Features

* **core:** pass access token verifier down to registered services
([opentdf#3428](opentdf#3428))
([b8abf17](opentdf@b8abf17))
* **policy:** add sort support to listkaskeys
([opentdf#3344](opentdf#3344))
([de1fe92](opentdf@de1fe92))
* **policy:** support inline obligation triggers on attribute value
create ([opentdf#3432](opentdf#3432))
([876f512](opentdf@876f512))


### Bug Fixes

* **core:** infer JWT algorithms for JWKS keys without alg
([opentdf#3434](opentdf#3434))
([83285e7](opentdf@83285e7))
* **deps:** bump github.com/Azure/go-ntlmssp from
0.0.0-20221128193559-754e69321358 to 0.1.1 in /service
([opentdf#3388](opentdf#3388))
([ef79989](opentdf@ef79989))
* **deps:** bump github.com/jackc/pgx/v5 from 5.9.0 to 5.9.2 in /service
([opentdf#3371](opentdf#3371))
([ab0974b](opentdf@ab0974b))
* **deps:** bump github.com/opentdf/platform/lib/identifier from 0.3.0
to 0.4.0 in /service
([opentdf#3366](opentdf#3366))
([4650e9b](opentdf@4650e9b))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.25.0 to
0.26.0 in /service
([opentdf#3381](opentdf#3381))
([ebc65f6](opentdf@ebc65f6))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.26.0 to
0.27.0 in /service
([opentdf#3392](opentdf#3392))
([0c36cfa](opentdf@0c36cfa))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.27.0 to
0.28.0 in /service
([opentdf#3416](opentdf#3416))
([bc137f6](opentdf@bc137f6))
* **deps:** bump github.com/opentdf/platform/sdk from 0.16.0 to 0.17.0
in /service ([opentdf#3395](opentdf#3395))
([0382742](opentdf@0382742))
* **deps:** bump github.com/opentdf/platform/sdk from 0.17.0 to 0.19.0
in /service ([opentdf#3423](opentdf#3423))
([969ac33](opentdf@969ac33))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code size/xs

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant