3.5: upgrade gRPC-go to 1.58.3

The last step with gRPC update behavior changes auditing to resolve CVE #16740 in 3.5 This PR backports #14922, #16338, #16587, #16630, #16636 and #16739 to release-3.5. Signed-off-by: Chao Chen <chaochn@amazon.com>
2024-09-27 06:25:44 +00:00 · 2023-10-17 11:07:03 -07:00
parent 4cf9ef8574
commit 1aa4aa8a96
22 changed files with 230 additions and 143 deletions
--- a/pkg/go.mod
+++ b/pkg/go.mod
@@ -10,12 +10,12 @@ require (
 	github.com/stretchr/testify v1.8.1
 	go.etcd.io/etcd/client/pkg/v3 v3.5.9
 	go.uber.org/zap v1.17.0
-	google.golang.org/grpc v1.52.0
+	google.golang.org/grpc v1.58.3
 )

 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
@@ -23,8 +23,8 @@ require (
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/sys v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
-	google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )