From 0ab94c9b7ac53ca9ab56febcf5cc3f26959e8b8a Mon Sep 17 00:00:00 2001
From: Matěj Cepl <mcepl@cepl.eu>
Date: Tue, 18 Mar 2025 04:40:02 +0100
Subject: deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix
 for CVE-2024-45337) (#1312)

To avoid CVE-2024-45337 ("Misuse of ServerConfig.PublicKeyCallback may
cause authorization bypass in golang.org/x/crypto")

Related is also moving from the abandoned github.com/xanzy/go-gitlab to
the maintained gitlab.com/gitlab-org/api/client-go.
---
 bridge/gitlab/gitlab.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'bridge/gitlab/gitlab.go')

diff --git a/bridge/gitlab/gitlab.go b/bridge/gitlab/gitlab.go
index 864d60c90..2bcd2c7d8 100644
--- a/bridge/gitlab/gitlab.go
+++ b/bridge/gitlab/gitlab.go
@@ -3,7 +3,7 @@ package gitlab
 import (
 	"time"
 
-	"github.com/xanzy/go-gitlab"
+	"gitlab.com/gitlab-org/api/client-go"
 
 	"github.com/git-bug/git-bug/bridge/core"
 	"github.com/git-bug/git-bug/bridge/core/auth"
-- 
cgit v1.2.3