chore(deps): add gomoddirectives replace-allow-list for crypto

mrz1836 · mrz1836 · commit 29148541ae79 · 2025-11-20T17:02:19.000-05:00
diff --git a/.golangci.json b/.golangci.json
@@ -147,6 +147,11 @@
                     "ATTENTION"
                 ]
             },
+            "gomoddirectives": {
+                "replace-allow-list": [
+                    "golang.org/x/crypto"
+                ]
+            },
             "govet": {
                 "enable": [
                     "atomicalign",
diff --git a/go.mod b/go.mod
@@ -18,3 +18,6 @@ require (
 	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
+
+// Security: Force golang.org/x/crypto to v0.45.0 to fix CVE-2025-47914 and CVE-2025-58181
+replace golang.org/x/crypto => golang.org/x/crypto v0.45.0

Original file line number	Diff line number	Diff line change
`@@ -18,3 +18,6 @@ require (`
`18`	`18`	`google.golang.org/protobuf v1.36.10 // indirect`
`19`	`19`	`gopkg.in/yaml.v3 v3.0.1 // indirect`
`20`	`20`	`)`
	`21`	`+`
	`22`	`+// Security: Force golang.org/x/crypto to v0.45.0 to fix CVE-2025-47914 and CVE-2025-58181`
	`23`	`+replace golang.org/x/crypto => golang.org/x/crypto v0.45.0`