chore(deps): bump github.com/Azure/go-ntlmssp from 0.0.0-20211209120228-48547f28849e to 0.1.1

[dependabot]

Bumps github.com/Azure/go-ntlmssp from 0.0.0-20211209120228-48547f28849e to 0.1.1.

Release notes

Sourced from github.com/Azure/go-ntlmssp's releases.

v0.1.1

Fix CVE-2026-32952: A malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport.

v0.1.0

What's Changed

• Bump minimum required version to Go 1.24 by @​qmuntal in Azure/go-ntlmssp#53
• Fix OOM in NTLM negotiator by avoiding buffering of seekable request bodies by @​Copilot in Azure/go-ntlmssp#54
• Don't modify the rountripped request by @​qmuntal in Azure/go-ntlmssp#57
• Fix a race occurring when the wrapped Rountripper closes the request body in another goroutine by @​qmuntal in Azure/go-ntlmssp#58
• Fix a race occurring when the wrapped Rountripper reads request fields in another goroutine by @​qmuntal in Azure/go-ntlmssp#59
• Only perform basic auth if requested by the server by @​qmuntal in Azure/go-ntlmssp#60
• Don't pass the original body in the client handshake request by @​qmuntal in Azure/go-ntlmssp#61
• Return latest server response in case there is an error processing the handshake by @​qmuntal in Azure/go-ntlmssp#63
• Send body on client NTLM handshake by @​qmuntal in Azure/go-ntlmssp#64
• Support user accounts not living in server's domain by @​qmuntal in Azure/go-ntlmssp#65
• Implement NewAuthenticateMessage and deprecate ProcessChallenge by @​qmuntal in Azure/go-ntlmssp#67
• Make basic authentication support opt-in by @​qmuntal in Azure/go-ntlmssp#66
• Allow passing custom client domain and workstation name by @​qmuntal in Azure/go-ntlmssp#68
• set NEGOTIATE_NTLM and NEGOTIATE_ALWAYS_SIGN capabilities by @​qmuntal in Azure/go-ntlmssp#69
• testing: add e2e tests by @​gdams in Azure/go-ntlmssp#56

New Contributors

• @​qmuntal made their first contribution in Azure/go-ntlmssp#53
• @​Copilot made their first contribution in Azure/go-ntlmssp#54

Full Changelog: Azure/go-ntlmssp@v0.0.1...v0.1.0

v0.0.1

What's Changed

• Commit to Go 1.6 by @​boumenot in Azure/go-ntlmssp#5
• Handle http redirect by @​nqv in Azure/go-ntlmssp#4
• drain request body for connection reuse by @​paulmey in Azure/go-ntlmssp#6
• Add CoC notice by @​paulmey in Azure/go-ntlmssp#7
• Support for auth when server responds with Www-Authenticate: NTLM by @​lafriks in Azure/go-ntlmssp#8
• update README with example by @​PaluMacil in Azure/go-ntlmssp#11
• add version, domain and workstation fields by @​justdan96 in Azure/go-ntlmssp#13
• move to a current version of Go by @​boumenot in Azure/go-ntlmssp#19
• (BUG) Negotiation fails for servers where 'NTLMv2 session security' i… by @​davejohnston in Azure/go-ntlmssp#18
• Update negotiator.go by @​mszuyev in Azure/go-ntlmssp#24
• Fix golint import path by @​paulmey in Azure/go-ntlmssp#25
• add ProcessChallengeWithHash function by @​ropnop in Azure/go-ntlmssp#27
• Set workstation to empty string in authenticate_message.go by @​Catbuttes in Azure/go-ntlmssp#30
• Change of the negociator working, to handle several identical header by @​Resousse in Azure/go-ntlmssp#31
• Support for UPN by @​tirupatibg in Azure/go-ntlmssp#32
• Adding Microsoft SECURITY.MD by @​microsoft-github-policy-service[bot] in Azure/go-ntlmssp#39
• Handle 3rd return value from GetDomain by @​opoplawski in Azure/go-ntlmssp#41
• initial refactor by @​gdams in Azure/go-ntlmssp#48
• fix linter errors by @​gdams in Azure/go-ntlmssp#49
• add dependabot/codeowners + installation instructions by @​gdams in Azure/go-ntlmssp#50

... (truncated)

Commits

• See full diff in compare view

[Gearheads]

This change breaks kconnect. This dependency is an indirect dependency, and is required by https://github.com/Versent/saml2aws/blob/master/go.mod#L10. The maintainers of that project will need to create a new release that supports this new version of github.com/Azure/go-ntlmssp. Therefore, until we have a new version of Versent/saml2aws I think we can close out this PR.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.