Skip to content

Bump github.com/go-acme/lego/v4 from 4.25.2 to 4.31.0#36

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/go-acme/lego/v4-4.31.0
Open

Bump github.com/go-acme/lego/v4 from 4.25.2 to 4.31.0#36
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/go-acme/lego/v4-4.31.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 12, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/go-acme/lego/v4 from 4.25.2 to 4.31.0.

Release notes

Sourced from github.com/go-acme/lego/v4's releases.

v4.31.0

lego is an independent, free, and open-source project, if you value it, consider supporting it! ❤️

Everybody thinks that the others will donate, but in the end, nobody does.

So if you think that lego is worth it, please consider donating.

For key updates, see the changelog.

Changelog

  • 8b327005b3105a5a70c8ace5cfe7e1f83e148f7c Add DNS Provider for ISPConfig (DDNS Module) (#2760)
  • c5a259564fe8e0b183fe12fb926f5b3634497967 Add DNS provider for 35.com/三五互联 (#2779)
  • a6a73754af31fb65963f53845bb9ce55d09466a1 Add DNS provider for Alwaysdata (#2770)
  • 96168f78ded8a0db96b80d083834bf05d2bde313 Add DNS provider for ISPConfig (#2762)
  • dd6ab7ca95c90bde76719e9c8121ec8274f3aff8 Add DNS provider for JDCloud (#2782)
  • 1b634097c13285c9829dc9c16b74a9c86c4ff81e docs: remove email from examples (#2773)
  • ee616417a181239b0b77f6fe00acff3a22ae35b9 f5xc: add an option to configure the domain of the server (#2767)
  • a5cc0e155518e825ec2ec017610822f06aebb767 feat: improve ACME error types (#2761)
  • ff885d99c2e45f166a0c9592ea047d8c938604d3 gandiv5: fix API Key header (#2769)
  • 2eede6d6206a06e0b16fb3de45b8fa7aa0807de3 hetzner: fix compatibility with _FILE suffix (#2775)
  • b77b8709b6802da29a702b44bb0a5279c35eb337 namedotcom: follow CNAME (#2390)

v4.30.1

lego is an independent, free, and open-source project, if you value it, consider supporting it! ❤️

Everybody thinks that the others will donate, but in the end, nobody does.

So if you think that lego is worth it, please consider donating.

For key updates, see the changelog.

Changelog

  • 9e2dffe8d222ceaeb8aa9b681263fd87189982b2 Add DNS Provider for Neodigit (#2747)
  • dea97e4dfaf3024edcbc959c3efa3556cdfa267c Add DNS provider for Gravity (#2738)
  • e21ba75da8da148f9b0cff3b298fdd63d151e51f Add DNS provider for Ionos Cloud (#2752)
  • 02dd7152f03ed630889e98a0ca2225495c4a13e7 Add DNS provider for Syse.no (#2742)
  • e54598536ba25fb754bb2c0d68d77e61ea6ce6f5 Add DNS provider for Virtualname (#2748)
  • 465d7918a80d1887d84f6eeb8aaee2e71622114c Add DNS provider for hosting.nl (#1967)
  • cc83c025b547f7aba231316cbe0f711c669dfb70 autodns: use the right response structure (#2737)
  • bc163db9edd23bbfc3521086c0b570f468b9a87b feat: remove email requirement (#2736)
  • 5574de68cd9dc3364cb03cf9951f5f28c21881be fix: downgrade aliyun credentials to v1.4.7 (#2756)

v4.29.0

lego is an independent, free, and open-source project, if you value it, consider supporting it! ❤️

Everybody thinks that the others will donate, but in the end, nobody does.

So if you think that lego is worth it, please consider donating.

... (truncated)

Changelog

Sourced from github.com/go-acme/lego/v4's changelog.

v4.31.0

  • Release date: 2026-01-08
  • Tag: v4.31.0

Added

  • [dnsprovider] Add DNS provider for ISPConfig
  • [dnsprovider] Add DNS Provider for ISPConfig (DDNS Module)
  • [dnsprovider] Add DNS provider for Alwaysdata
  • [dnsprovider] Add DNS provider for JDCloud
  • [dnsprovider] Add DNS provider for 35.com/三五互联
  • [dnsprovider] f5xc: add an option to configure the domain of the server

Changed

  • [lib] feat: improve ACME error types
  • [dnsprovider,cname] namedotcom: follow CNAME

Fixed

  • [dnsprovider] hetzner: fix compatibility with _FILE suffix
  • [dnsprovider] gandiv5: fix API Key header

v4.30.1

  • Release date: 2025-12-16
  • Tag: v4.30.1

Due to an error related to aliyun/credentials-go, some artifacts of the v4.30.0 release have not been published.

This release contains the same things as v4.30.0.

v4.30.0

  • Release date: 2025-12-16
  • Tag: v4.30.0

Added

  • [dnsprovider] Add DNS provider for Ionos Cloud
  • [dnsprovider] Add DNS provider for Virtualname
  • [dnsprovider] Add DNS Provider for Neodigit
  • [dnsprovider] Add DNS provider for Syse.no
  • [dnsprovider] Add DNS provider for Gravity
  • [dnsprovider] Add DNS provider for hosting.nl

Changed

  • [cli] feat: remove email requirement

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github.com/go-acme/lego/v4 from 4.25.2 to 4.31.0
997bab6 
Bumps [github.com/go-acme/lego/v4](https://github.com/go-acme/lego) from 4.25.2 to 4.31.0.
- [Release notes](https://github.com/go-acme/lego/releases)
- [Changelog](https://github.com/go-acme/lego/blob/master/CHANGELOG.md)
- [Commits](go-acme/lego@v4.25.2...v4.31.0)

---
updated-dependencies:
- dependency-name: github.com/go-acme/lego/v4
  dependency-version: 4.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jan 12, 2026
@dependabot dependabot Bot mentioned this pull request Jan 12, 2026
Closed
@socket-security

socket-security Bot commented Jan 12, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedgithub.com/​go-acme/​lego/​v4@​v4.25.2 ⏵ v4.31.063 -10100100100100

View full report

@socket-security

socket-security Bot commented Jan 12, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: golang github.com/go-acme/lego/v4 is 98.0% likely obfuscated

Confidence: 0.98

Location: Package overview

From: go.modgolang/github.com/go-acme/lego/v4@v4.31.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/go-acme/lego/v4@v4.31.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang github.com/go-acme/lego/v4 is 98.0% likely obfuscated

Confidence: 0.98

Location: Package overview

From: go.modgolang/github.com/go-acme/lego/v4@v4.31.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/go-acme/lego/v4@v4.31.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang github.com/go-acme/lego/v4 is 98.0% likely obfuscated

Confidence: 0.98

Location: Package overview

From: go.modgolang/github.com/go-acme/lego/v4@v4.31.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/go-acme/lego/v4@v4.31.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: golang github.com/go-acme/lego/v4 is 98.0% likely obfuscated

Confidence: 0.98

Location: Package overview

From: go.modgolang/github.com/go-acme/lego/v4@v4.31.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/go-acme/lego/v4@v4.31.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants