Update crypto to address CVE-2022-27191.
The CVE fix is added in 0.0.0-20220315160706-3147a52a75dd but this
change updates to latest.
Backport of https://github.com/etcd-io/etcd/pull/13996
Signed-off-by: Bogdan Kanivets <bkanivets@apple.com>
Items resolved:
1. fix the vet error: possible misuse of reflect.SliceHeader;
2. fix the vet error: call to (*T).Fatal from a non-test goroutine;
3. bump package golang.org/x/crypto, net and sys;
4. bump boltdb from 1.3.3 to 1.3.6;
5. remove the vendor directory;
6. remove go 1.12.17 and 1.15.15, add go 1.16.15 into pipeline;
7. bump go version to 1.16 in go.mod;
8. fix the issue: compile: version go1.16.15 does not match go tool version go1.17.11,
refer to https://github.com/actions/setup-go/issues/107;
9. fix data race on compactMainRev and watcherGauge;
10. fix test failure for TestLeasingTxnOwnerGet in cluster_proxy mode.
Signed-off-by: Benjamin Wang <wachao@vmware.com>
github.com/dgrijalva/jwt-go has CVE https://github.com/advisories/GHSA-w73w-5m7g-f7qc
and is already archived. etcd v3.4 should use a community maintained fork
github.com/golang-jwt/jwt which provides the fixed version of the CVE.
Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
This fixes etcd being unable to send any message longer than 64 KB as
a notification over the websocket. This was because the older version
of grpc-websocket-proxy was used and WithMaxRespBodyBufferSize option
wasn't set.
* clientv3: fix grpc-go(v1.27.0) incompatible changes to balancer/resolver.
* vendor: upgrade gRPC Go to v1.24.0
Picking up some performance improvements and bug fixes.
https://github.com/grpc/grpc-go/releases/tag/v1.24.0
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
* vendor: update gRPC Go to v1.26.0 (#11522)
* GO111MODULE=on go mod vendor
* GO111MODULE=on go mod vendor go 1.14
Bump travis 2
Co-authored-by: EDDYCJY <313687982@qq.com>
Co-authored-by: Gyuho Lee <leegyuho@amazon.com>
Co-authored-by: Yuchen Zhou <yczhou@google.com>
The quorum package contains logic to reason about committed indexes as
well as vote outcomes for both majority and joint quorums. The package
is oblivious to the existence of learner replicas.
The plan is to hook this up to etcd/raft in subsequent commits.
To remove the dependency on ghodss/yaml. Replaced this dependency with sigs.k8s.io/yaml.
This wil help to remove the ghodss/yaml dependency from main kubernetes repository.
xref: https://github.com/kubernetes/kubernetes/issues/77024
etcd currently generates a few UUID style identifiers using approaches like `fmt.Sprintf("client-%s", strconv.FormatInt(time.Now().UnixNano(), 36))`.
But these can collide on machine architectures with larger timestamp steps (see https://github.com/etcd-io/etcd/issues/10035).
