Skip to content
This repository was archived by the owner on Apr 17, 2026. It is now read-only.

chore(deps): bump github.com/emmansun/gmsm from 0.41.0 to 0.41.1#4

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/emmansun/gmsm-0.41.1
Open

chore(deps): bump github.com/emmansun/gmsm from 0.41.0 to 0.41.1#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/emmansun/gmsm-0.41.1

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps github.com/emmansun/gmsm from 0.41.0 to 0.41.1.

Release notes

Sourced from github.com/emmansun/gmsm's releases.

v0.41.1

This patch release focuses on security hardening and compatibility improvements since v0.41.0, with a key fix for SM9 input validation in decryption, key unwrapping, signature verification, and key exchange flows.

Highlights

  • Hardened SM9 by rejecting infinity points in decrypt, unwrap, verify, and key exchange operations
  • Improved DRBG robustness
  • Added warnings for broken or weak cryptographic algorithms
  • Improved certificate compatibility with support for explicit curve parameters in ECDSA certificates
  • Refined documentation for SM2 and updated project README files
  • Updated dependencies and CI tooling

Security

  • Fixed SM9 validation to reject infinity points in sensitive cryptographic paths
  • Hardened DRBG behavior
  • Added warning messages for broken or weak cryptographic algorithms

Compatibility and X.509

  • Added support for explicit curve parameters as defined in RFC 3279 for ECDSA certificates
  • Improved SM2-related certificate handling and test coverage
  • Expanded smx509 test coverage

Internal Improvements

  • Refactored KDF implementation
  • Switched internal random utility usage to math/rand/v2
  • Cleaned up package comments for SLH-DSA, ML-DSA, and ML-KEM packages
  • Removed go1.24-specific build tag constraints from several PQC packages

Documentation

  • Rewrote the SM2 documentation
  • Updated the English SM2 documentation
  • Refreshed README and README-EN content

Dependencies and CI

  • Updated golang.org/x/crypto to 0.48.0
  • Updated github/codeql-action through 4.32.6
  • Updated step-security/harden-runner to 2.15.1
  • Updated actions/setup-go to 6.3.0
  • Updated actions/upload-artifact to 7.0.0
  • Updated docker/setup-qemu-action to 4.0.0

Contributors

Thanks to all contributors in this release:

... (truncated)

Commits
  • 3ffef87 Merge pull request #453 from emmansun/develop
  • 44e0ea0 Merge pull request #452 from emmansun/main
  • 1085b2e SM9: reject infinity points in decrypt, unwrap, verify, and key exchange
  • 38d3d93 Merge pull request #450 from emmansun/dependabot/github_actions/develop/step-...
  • a92f3ce Merge pull request #449 from emmansun/dependabot/github_actions/develop/githu...
  • 1b8ef15 build(deps): bump step-security/harden-runner from 2.15.0 to 2.15.1
  • 3b46343 build(deps): bump github/codeql-action from 4.32.5 to 4.32.6
  • 0d2c3e6 Merge pull request #448 from emmansun/dependabot/github_actions/develop/docke...
  • b04963c build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0
  • bf38540 Merge pull request #447 from emmansun/dependabot/github_actions/develop/githu...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 16, 2026
@Kevin-layerV Kevin-layerV mentioned this pull request Apr 3, 2026
Open
8 tasks
@dependabot
build(deps): Bump github.com/emmansun/gmsm from 0.41.0 to 0.41.1
3eb91b6 
Bumps [github.com/emmansun/gmsm](https://github.com/emmansun/gmsm) from 0.41.0 to 0.41.1.
- [Release notes](https://github.com/emmansun/gmsm/releases)
- [Commits](emmansun/gmsm@v0.41.0...v0.41.1)

---
updated-dependencies:
- dependency-name: github.com/emmansun/gmsm
  dependency-version: 0.41.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): Bump github.com/emmansun/gmsm from 0.41.0 to 0.41.1 chore(deps): bump github.com/emmansun/gmsm from 0.41.0 to 0.41.1 Apr 11, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/emmansun/gmsm-0.41.1 branch from 539a7bc to 3eb91b6 Compare April 11, 2026 04:58
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants