[mce-2.4] upgrade google.golang.org/protobuf to 1.33.0 #2240
Commits on Mar 13, 2024
-
[mce-2.4] upgrade google.golang.org/protobuf to 1.33.0
...to address these snyk-found vulns: ``` ✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json Description: Infinite loop Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704 Introduced through: google.golang.org/api/option@0.149.0, github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, google.golang.org/api/cloudresourcemanager/v1@0.149.0, google.golang.org/api/compute/v1@0.149.0, google.golang.org/api/dns/v1@0.149.0, google.golang.org/api/serviceusage/v1@0.149.0, github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd From: google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0 From: github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd > google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0 From: google.golang.org/api/cloudresourcemanager/v1@0.149.0 > google.golang.org/api/transport/http@0.149.0 > google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0 and 5 more... Fixed in: 1.33.0 ✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson Description: Infinite loop Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703 Introduced through: google.golang.org/api/cloudresourcemanager/v1@0.149.0, google.golang.org/api/compute/v1@0.149.0, google.golang.org/api/dns/v1@0.149.0, google.golang.org/api/serviceusage/v1@0.149.0, github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd, google.golang.org/api/option@0.149.0, github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f From: google.golang.org/api/cloudresourcemanager/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 From: google.golang.org/api/compute/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 From: google.golang.org/api/dns/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 and 28 more... Fixed in: 1.33.0 ``` Note that in this branch we also had to bump google.golang.org/golang/protobuf to v1.5.4 due to golang/protobuf#1596. Why this wasn't necessary in the other branches... no idea. :shakes-fist-at-golang-deps: Manual cherry-pick of openshift#2239 / f7cf469 which was a Manual cherry-pick of openshift#2231 / 2efba4b
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.