Skip to content

Commit

Permalink
[mce-2.3] upgrade google.golang.org/protobuf to 1.33.0
Browse files Browse the repository at this point in the history 
...to address these snyk-found vulns:

```
✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json
  Description: Infinite loop
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704
  Introduced through: google.golang.org/api/option@0.149.0, github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, google.golang.org/api/cloudresourcemanager/v1@0.149.0, google.golang.org/api/compute/v1@0.149.0, google.golang.org/api/dns/v1@0.149.0, google.golang.org/api/serviceusage/v1@0.149.0, github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd
  From: google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0
  From: github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd > google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0
  From: google.golang.org/api/cloudresourcemanager/v1@0.149.0 > google.golang.org/api/transport/http@0.149.0 > google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0
  and 5 more...
  Fixed in: 1.33.0
✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson
  Description: Infinite loop
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703
  Introduced through: google.golang.org/api/cloudresourcemanager/v1@0.149.0, google.golang.org/api/compute/v1@0.149.0, google.golang.org/api/dns/v1@0.149.0, google.golang.org/api/serviceusage/v1@0.149.0, github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd, google.golang.org/api/option@0.149.0, github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f
  From: google.golang.org/api/cloudresourcemanager/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0
  From: google.golang.org/api/compute/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0
  From: google.golang.org/api/dns/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0
  and 28 more...
  Fixed in: 1.33.0
```

Note that in this branch we also had to bump
google.golang.org/golang/protobuf to v1.5.4 due to
golang/protobuf#1596. Why this wasn't
necessary in the other branches... no idea.
:shakes-fist-at-golang-deps:

Manual cherry-pick of openshift#2240 / 0e128fe
which was a
Manual cherry-pick of openshift#2239 / f7cf469
which was a
Manual cherry-pick of openshift#2231 / 2efba4b
  • Loading branch information
@2uasimojo
2uasimojo committed Mar 13, 2024
1 parent e79694f commit d8c9a5d
Show file tree
Hide file tree
Showing 34 changed files with 1,587 additions and 783 deletions.
4 changes: 2 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ require (
github.com/gofrs/flock v0.8.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 // indirect
github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect
github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe // indirect
Expand Down Expand Up @@ -322,7 +322,7 @@ require (
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect
google.golang.org/grpc v1.59.0 // indirect
google.golang.org/protobuf v1.32.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/gcfg.v1 v1.2.3 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
Expand Down
8 changes: 4 additions & 4 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -561,8 +561,8 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 h1:23T5iq8rbUYlhpt5DB4XJkc6BU31uODLD1o1gKvZmD0=
github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
Expand Down Expand Up @@ -1863,8 +1863,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
Expand Down
1 change: 1 addition & 0 deletions vendor/github.com/golang/protobuf/jsonpb/decode.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions vendor/github.com/golang/protobuf/jsonpb/encode.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

128 changes: 126 additions & 2 deletions vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 4 additions & 3 deletions vendor/github.com/golang/protobuf/ptypes/any.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion ...reflect/protodesc/editions_defaults.binpb → ...l/editiondefaults/editions_defaults.binpb
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit d8c9a5d

Please sign in to comment.