From f0cbc94235f57397312cd4393a735d1ad0cd73f9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 15:04:56 +0000
Subject: [PATCH 1/3] Bump golang.org/x/sys from 0.35.0 to 0.36.0

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.35.0 to 0.36.0.
- [Commits](https://github.com/golang/sys/compare/v0.35.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 4 ++--
 go.sum | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index b61bb71..b2bddb7 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/smallstep/cli-utils
 
-go 1.23.7
+go 1.24.0
 
 require (
 	github.com/chzyer/readline v1.5.1
@@ -13,7 +13,7 @@ require (
 	github.com/urfave/cli v1.22.17
 	go.step.sm/crypto v0.70.0
 	golang.org/x/net v0.43.0
-	golang.org/x/sys v0.35.0
+	golang.org/x/sys v0.36.0
 )
 
 require (
diff --git a/go.sum b/go.sum
index 1f25666..febc460 100644
--- a/go.sum
+++ b/go.sum
@@ -92,8 +92,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=

From 1ae55e9c40a6d258b351311f2870eedf879b55d6 Mon Sep 17 00:00:00 2001
From: Herman Slatman <hermanslatman@hotmail.com>
Date: Tue, 9 Sep 2025 10:27:25 +0200
Subject: [PATCH 2/3] Fix `govet` non-constant format string issues

---
 usage/renderer.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/usage/renderer.go b/usage/renderer.go
index 52a6042..f904d3a 100644
--- a/usage/renderer.go
+++ b/usage/renderer.go
@@ -192,36 +192,36 @@ func (r *Renderer) RenderNode(w io.Writer, node *md.Node, entering bool) md.Walk
 			r.write(node.Literal)
 		} else {
 			s := strings.ReplaceAll(string(node.Literal), "\n", "\n"+strings.Repeat(" ", r.depth))
-			r.printf(s)
+			r.printf("%s", s)
 		}
 	case md.Heading:
 		if entering {
-			r.printf(ansi.ColorCode("default+bh"))
+			r.printf("%s", ansi.ColorCode("default+bh"))
 		} else {
 			r.printf(ansi.Reset)
 			r.printf("\n")
 		}
 	case md.Link:
 		if entering {
-			r.printf(ansi.ColorCode("default+b"))
+			r.printf("%s", ansi.ColorCode("default+b"))
 			//r.printf("\033[2m") // Dim
 		} else {
 			r.printf(ansi.Reset)
 		}
 	case md.Strong:
 		if entering {
-			r.printf(ansi.ColorCode("default+bh"))
+			r.printf("%s", ansi.ColorCode("default+bh"))
 		} else {
 			r.printf(ansi.Reset)
 		}
 	case md.Emph:
 		if entering {
-			r.printf(ansi.ColorCode("default+u"))
+			r.printf("%s", ansi.ColorCode("default+u"))
 		} else {
 			r.printf(ansi.Reset)
 		}
 	case md.Code:
-		r.printf(ansi.ColorCode("default+u"))
+		r.printf("%s", ansi.ColorCode("default+u"))
 		r.write(node.Literal)
 		r.printf(ansi.Reset)
 	case md.List:
@@ -323,7 +323,7 @@ func (r *Renderer) RenderNode(w io.Writer, node *md.Node, entering bool) md.Walk
 		if entering {
 			r.capture(r.out.mode)
 		} else {
-			// Markdown doens't have a way to create a table without headers.
+			// Markdown doesn't have a way to create a table without headers.
 			// We've opted to fix that here by not rendering headers at all if
 			// they're empty.
 			result := r.finishCapture().Bytes()
@@ -332,7 +332,7 @@ func (r *Renderer) RenderNode(w io.Writer, node *md.Node, entering bool) md.Walk
 				for i := 0; i < len(parts); i++ {
 					parts[i] = "\xff" + ansi.ColorCode("default+bh") + "\xff" + parts[i] + "\xff" + ansi.Reset + "\xff"
 				}
-				r.printf(strings.Join(parts, "\t") + "\t\n")
+				r.printf("%s\t\n", strings.Join(parts, "\t"))
 			}
 		}
 	case md.TableRow:

From ccd4446d082f52b5fba49be1304cc0d3fc635322 Mon Sep 17 00:00:00 2001
From: Herman Slatman <hermanslatman@hotmail.com>
Date: Tue, 9 Sep 2025 10:30:45 +0200
Subject: [PATCH 3/3] Render bad RSA key useless for signing by setting modulus

In more recent Go versions requirements for RSA keys have been
strengthened, resulting in errors when trying to generate insecure
keys. In this specific test case we need a bad RSA key.

Also see https://github.com/smallstep/cli/pull/1483.
---
 token/token_test.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/token/token_test.go b/token/token_test.go
index f7fe09c..74e05bb 100644
--- a/token/token_test.go
+++ b/token/token_test.go
@@ -4,6 +4,7 @@ import (
 	"crypto/ed25519"
 	"crypto/rand"
 	"crypto/rsa"
+	"math/big"
 	"reflect"
 	"testing"
 	"time"
@@ -95,10 +96,11 @@ func TestClaims_Sign(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	badKey, err := rsa.GenerateKey(rand.Reader, 123)
+	badKey, err := rsa.GenerateKey(rand.Reader, 1024)
 	if err != nil {
 		t.Fatal(err)
 	}
+	badKey.N = big.NewInt(10) // render key useless for signing
 
 	tests := []struct {
 		name    string