chore(deps): bump github.com/Azure/go-ntlmssp from 0.0.0-20221128193559-754e69321358 to 0.1.1 in /components/backend in the go_modules group across 1 directory

[dependabot]

Bumps the go_modules group with 1 update in the /components/backend directory: github.com/Azure/go-ntlmssp.

Updates github.com/Azure/go-ntlmssp from 0.0.0-20221128193559-754e69321358 to 0.1.1

Release notes

Sourced from github.com/Azure/go-ntlmssp's releases.

v0.1.1

Fix CVE-2026-32952: A malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport.

v0.1.0

What's Changed

• Bump minimum required version to Go 1.24 by @​qmuntal in Azure/go-ntlmssp#53
• Fix OOM in NTLM negotiator by avoiding buffering of seekable request bodies by @​Copilot in Azure/go-ntlmssp#54
• Don't modify the rountripped request by @​qmuntal in Azure/go-ntlmssp#57
• Fix a race occurring when the wrapped Rountripper closes the request body in another goroutine by @​qmuntal in Azure/go-ntlmssp#58
• Fix a race occurring when the wrapped Rountripper reads request fields in another goroutine by @​qmuntal in Azure/go-ntlmssp#59
• Only perform basic auth if requested by the server by @​qmuntal in Azure/go-ntlmssp#60
• Don't pass the original body in the client handshake request by @​qmuntal in Azure/go-ntlmssp#61
• Return latest server response in case there is an error processing the handshake by @​qmuntal in Azure/go-ntlmssp#63
• Send body on client NTLM handshake by @​qmuntal in Azure/go-ntlmssp#64
• Support user accounts not living in server's domain by @​qmuntal in Azure/go-ntlmssp#65
• Implement NewAuthenticateMessage and deprecate ProcessChallenge by @​qmuntal in Azure/go-ntlmssp#67
• Make basic authentication support opt-in by @​qmuntal in Azure/go-ntlmssp#66
• Allow passing custom client domain and workstation name by @​qmuntal in Azure/go-ntlmssp#68
• set NEGOTIATE_NTLM and NEGOTIATE_ALWAYS_SIGN capabilities by @​qmuntal in Azure/go-ntlmssp#69
• testing: add e2e tests by @​gdams in Azure/go-ntlmssp#56

New Contributors

• @​qmuntal made their first contribution in Azure/go-ntlmssp#53
• @​Copilot made their first contribution in Azure/go-ntlmssp#54

Full Changelog: Azure/go-ntlmssp@v0.0.1...v0.1.0

v0.0.1

What's Changed

• Commit to Go 1.6 by @​boumenot in Azure/go-ntlmssp#5
• Handle http redirect by @​nqv in Azure/go-ntlmssp#4
• drain request body for connection reuse by @​paulmey in Azure/go-ntlmssp#6
• Add CoC notice by @​paulmey in Azure/go-ntlmssp#7
• Support for auth when server responds with Www-Authenticate: NTLM by @​lafriks in Azure/go-ntlmssp#8
• update README with example by @​PaluMacil in Azure/go-ntlmssp#11
• add version, domain and workstation fields by @​justdan96 in Azure/go-ntlmssp#13
• move to a current version of Go by @​boumenot in Azure/go-ntlmssp#19
• (BUG) Negotiation fails for servers where 'NTLMv2 session security' i… by @​davejohnston in Azure/go-ntlmssp#18
• Update negotiator.go by @​mszuyev in Azure/go-ntlmssp#24
• Fix golint import path by @​paulmey in Azure/go-ntlmssp#25
• add ProcessChallengeWithHash function by @​ropnop in Azure/go-ntlmssp#27
• Set workstation to empty string in authenticate_message.go by @​Catbuttes in Azure/go-ntlmssp#30
• Change of the negociator working, to handle several identical header by @​Resousse in Azure/go-ntlmssp#31
• Support for UPN by @​tirupatibg in Azure/go-ntlmssp#32
• Adding Microsoft SECURITY.MD by @​microsoft-github-policy-service[bot] in Azure/go-ntlmssp#39
• Handle 3rd return value from GetDomain by @​opoplawski in Azure/go-ntlmssp#41
• initial refactor by @​gdams in Azure/go-ntlmssp#48
• fix linter errors by @​gdams in Azure/go-ntlmssp#49
• add dependabot/codeowners + installation instructions by @​gdams in Azure/go-ntlmssp#50

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[netlify]

✅ Deploy Preview for cheerful-kitten-f556a0 canceled.

Name	Link
🔨 Latest commit	01d0dff
🔍 Latest deploy log	https://app.netlify.com/projects/cheerful-kitten-f556a0/deploys/69ea8e968908c2000876735e

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-04-23 21:40 UTC · Rule: default
• ✅ Checks skipped · PR is already up-to-date
• ✅ Merged — 2026-04-23 21:40 UTC · at 01d0dff77d7b5a587459633846c46bd609bfd349 · squash

This pull request spent 9 seconds in the queue, including 1 second running CI.

Required conditions to merge