chore(all): update module golang.org/x/oauth2 to v0.27.0 [SECURITY]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
golang.org/x/oauth2	v0.25.0 -> v0.27.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2025-22868

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[forking-renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: auth/go.sum

Command failed: install-tool golang 1.21.13

File name: docs/go.sum

Command failed: install-tool golang 1.21.13

File name: endpoints/go.sum

Command failed: install-tool golang 1.21.13

File name: go.sum

Command failed: install-tool golang 1.21.13

File name: healthcare/go.sum

Command failed: install-tool golang 1.21.13

File name: iam/go.sum

Command failed: install-tool golang 1.21.13

File name: jobs/go.sum

Command failed: install-tool golang 1.21.13

[gemini-code-assist]

Summary of Changes

Hello @renovate-bot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request is an automated dependency update to upgrade the golang.org/x/oauth2 module. The primary motivation for this update is to mitigate a recently identified security vulnerability (CVE-2025-22868) that could impact the stability and security of applications relying on this module. The change involves updating the module version in several go.mod files across the repository to ensure all relevant components benefit from the security fix.

Highlights

• Dependency Update: The golang.org/x/oauth2 module has been updated from version v0.25.0 to v0.27.0.
• Security Fix: This update specifically addresses CVE-2025-22868, a security vulnerability where a malformed token could lead to unexpected memory consumption during parsing.
• Scope of Change: The version bump is applied across multiple go.mod files within the repository, ensuring consistent dependency management.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the golang.org/x/oauth2 dependency from v0.25.0 to v0.27.0 across multiple go.mod files. This is an important security update to address a vulnerability where a malformed token could cause excessive memory consumption. The changes are correct and necessary to patch the vulnerability. The update is approved.