3.5: upgrade gRPC-go to 1.58.3

The last step with gRPC update behavior changes auditing to resolve CVE #16740 in 3.5 This PR backports #14922, #16338, #16587, #16630, #16636 and #16739 to release-3.5. Signed-off-by: Chao Chen <chaochn@amazon.com>
2024-09-27 06:25:44 +00:00 · 2023-10-17 11:07:03 -07:00
parent 4cf9ef8574
commit 1aa4aa8a96
22 changed files with 230 additions and 143 deletions
--- a/api/go.mod
+++ b/api/go.mod
@@ -5,17 +5,19 @@ go 1.20
 require (
 	github.com/coreos/go-semver v0.3.0
 	github.com/gogo/protobuf v1.3.2
-	github.com/golang/protobuf v1.5.2
+	github.com/golang/protobuf v1.5.3
 	github.com/grpc-ecosystem/grpc-gateway v1.16.0
-	google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6
-	google.golang.org/grpc v1.52.0
+	google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98
+	google.golang.org/grpc v1.58.3
 )

 require (
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/sys v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )