Skip to content

Bump golang.org/x/oauth2 from 0.35.0 to 0.36.0#93

Merged
RincewindsHat merged 5 commits intomainfrom
dependabot/go_modules/golang.org/x/oauth2-0.36.0
Mar 9, 2026
Merged

Bump golang.org/x/oauth2 from 0.35.0 to 0.36.0#93
RincewindsHat merged 5 commits intomainfrom
dependabot/go_modules/golang.org/x/oauth2-0.36.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026

Bumps golang.org/x/oauth2 from 0.35.0 to 0.36.0.

Commits
  • 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump golang.org/x/oauth2 from 0.35.0 to 0.36.0
19d1d22 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.35.0 to 0.36.0.
- [Commits](golang/oauth2@v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 9, 2026
@RincewindsHat
Copy link
Member

RincewindsHat commented Mar 9, 2026

@martialblog I updated the CI to use a more current go version and fixed some complains from the linter.
There is one remaining though, where it complains about SSRF. I guess it is not applicable in this scenario, but I am not sure and would like to have your opinion about the issue and whether we are going to ignore it or if there is a "proper" fix.

@martialblog
Copy link
Member

martialblog commented Mar 9, 2026

Yeah, not applicable I'd say, the user provides the URL.

@RincewindsHat RincewindsHat merged commit 1826489 into main Mar 9, 2026
2 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/golang.org/x/oauth2-0.36.0 branch March 9, 2026 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@martialblog martialblog

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RincewindsHat @martialblog