82 Commits

Author SHA1 Message Date
Marek Siarkowicz
be7be34800 client: Hide v2 client package
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
2023-03-31 10:26:11 +02:00
Benjamin Wang
8c4bbcc8c7 dependency: bump golang.org/x/ to 0.7.0
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-03-21 08:36:39 +08:00
Benjamin Wang
7ed1219861 dependency: bump golang.org/x/net to v0.8.0
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-03-07 06:52:07 +08:00
Benjamin Wang
56423eacd2 dependency: bump go.opentelemetry.io/otel to v1.14.0
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-03-03 15:44:47 +08:00
Benjamin Wang
6af2c9dbfa dependency: bump golang.org/x/crypto to v0.6.0
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-28 06:51:55 +08:00
Benjamin Wang
f333148da9 dependency: bump golang.org/x/time to v0.3.0
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-28 06:49:39 +08:00
Benjamin Wang
d8b8127084 dependency: bump github.com/stretchr/testify from 1.8.1 to 1.8.2
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-28 06:44:33 +08:00
Benjamin Wang
de9c0f8fea dependency: bump github.com/golang-jwt/jwt/v4 to v4.5.0
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-21 05:29:53 +08:00
Benjamin Wang
a7e94c4843 security: bump golang.org/x/net to v0.7.0 to address CVE GO-2023-1571
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-17 11:29:47 +08:00
Benjamin Wang
d0c3112d5a dependency: bump go.opentelemetry.io/otel from 1.11.2 to 1.13.0
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-15 18:33:00 +08:00
Benjamin Wang
1d8fe11ad9 dependency: bump golang.org/x/net from 0.5.0 to 0.6.0
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-14 17:40:47 +08:00
Benjamin Wang
cc47f7bc7c dependency: bump gopkg.in/natefinch/lumberjack.v2 from 2.0.0 to 2.2.1
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-14 17:40:47 +08:00
Benjamin Wang
23e89b98a3 bump bbolt to v1.3.7
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-01-31 07:04:29 +08:00
Benjamin Wang
5b8d7698c8 dependency: bump github.com/coreos/go-semver from 0.3.0 to 0.3.1
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-01-24 16:59:37 +08:00
Benjamin Wang
ac98432f0b dependency: bump github.com/dustin/go-humanize from v1.0.0 to v1.0.1
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-01-17 06:37:19 +08:00
dependabot[bot]
d104408036 build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 in /server
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-10 09:10:07 +08:00
Benjamin Wang
c4f7ac28a2 deps: bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.32.0 to 0.37.0 in /server
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 04:32:18 +08:00
Benjamin Wang
32840bae73 deps: bump go.opentelemetry.io/otel from 1.7.0 to 1.11.2
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 04:27:04 +08:00
Benjamin Wang
8f320bfa00 deps: bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 in /server
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 04:19:10 +08:00
Benjamin Wang
2c192f4205 deps: bump go.uber.org/multierr from 1.8.0 to 1.9.0 in /server
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 04:00:49 +08:00
Benjamin Wang
c2a7a5870d deps: bump github.com/prometheus/client_golang from 1.12.2 to 1.14.0
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 03:42:11 +08:00
Benjamin Wang
bc41c0963b deps: bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.5.0
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 03:38:55 +08:00
Benjamin Wang
259a73d67a deps: bump github.com/spf13/cobra from 1.4.0 to 1.6.1
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 03:33:24 +08:00
Benjamin Wang
1a0af6fee6 deps: bump go.uber.org/zap from 1.21.0 to 1.24.0
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 03:33:24 +08:00
Benjamin Wang
1ba246e1d8 bump golang.org/x/ to v0.4.0
Found 1 known vulnerability.

Vulnerability #1: GO-2022-1144
  An attacker can cause excessive memory growth in a Go server
  accepting HTTP/2 requests. HTTP/2 server connections contain a
  cache of HTTP header keys sent by the client. While the total
  number of entries in this cache is capped, an attacker sending
  very large keys can cause the server to allocate approximately
  64 MiB per open connection.

  Call stacks in your code:
Error:       tools/etcd-dump-metrics/main.go:158:5: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.Server.ServeConn

  Found in: golang.org/x/net/http2@v0.2.0
  Fixed in: golang.org/x/net/http2@v0.4.0
  More info: https://pkg.go.dev/vuln/GO-2022-1144
Error: Process completed with exit code 3.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-09 08:54:48 +08:00
Benjamin Wang
87e1ca2b9a etcdserver: cleanup go.mod and go.sum files
Executed commands below,
1. Removed go.etcd.io/raft/v3 => ../raft;
2. go get go.etcd.io/raft/v3@eaa6808e1f7ab2247c13778250f70520b0527ff1
3. go mod tidy

Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-02 12:59:23 +08:00
Benjamin Wang
e9aa275b36 etcdserver: update etcdserver to use the new raft module go.etcd.io/raft/v3
Just replaced all go.etcd.io/etcd/raft/v3 with go.etcd.io/raft/v3
under directory server.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-02 09:33:45 +08:00
Benjamin Wang
3f86db5e53 bump golang.org/x imports to address CVEs
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149

Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-11-30 05:03:43 +08:00
Benjamin Wang
285e44378f bump github.com/stretchr/testify from v1.7.2 to v1.8.1
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-11-26 10:51:32 +08:00
Wei Fu
cf285ea3c7 bump grpc to v1.51.0 from v1.47.0
Signed-off-by: Wei Fu <fuweid89@gmail.com>
2022-11-23 22:16:22 +08:00
Benjamin Wang
cd0b1d0c66 Bump go 1.19: upgrade go version to 1.19 in all go.mod files
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-09-22 08:47:46 +08:00
Benjamin Wang
5344085338
Merge pull request #14491 from ahrtr/bump_jwt_4.4.2
etcd: Bump golang-jwt/jwt/ version to 4.4.2
2022-09-20 10:18:44 +08:00
Colleen Murphy
7ea2a3d7cb *: Update golang.org/x/net to latest
Update golang.org/x/net to address CVE-2022-27664.

Signed-off-by: Colleen Murphy <colleen.murphy@suse.com>
2022-09-19 16:01:45 -07:00
Benjamin Wang
09db6ec1d7 etcd: Bump golang-jwt/jwt/ version to 4.4.2
github.com/golang-jwt/jwt adds go mod support startig from 4.0.0,
and it's backwards-compatible with existing v3.x.y tags.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-09-20 04:06:47 +08:00
Piotr Tabor
88cd0fe695 Refresh minor dependencies.
Signed-off-by: Piotr Tabor <ptab@google.com>
2022-06-17 10:23:03 +02:00
Piotr Tabor
e7a84b69c8 Update zap to 1.21.
Signed-off-by: Piotr Tabor <ptab@google.com>
2022-06-17 10:05:25 +02:00
Piotr Tabor
17c1dcd614 Update grpc to 1.47 and go-cmp to 0.5.8.
Signed-off-by: Piotr Tabor <ptab@google.com>
2022-06-17 08:57:22 +02:00
Colleen Murphy
27bd78f6ab Update golang.org/x/crypto to latest
Update crypto to address CVE-2022-27191.

The CVE fix is added in 0.0.0-20220315160706-3147a52a75dd but this
change updates to latest.
2022-04-25 09:52:12 -07:00
ahrtr
0dae4b3b1e rollback the opentelemetry bumpping to recover the pipeline failures 2022-04-14 16:13:28 +08:00
Will Beason
eab1e0c5d5 go.mod: upgrade opentelemetry deps
Downstream users of etcd experience build issues when using dependencies
which require more recent (incompatible) versions of opentelemetry. This
commit upgrades the dependencies so that downstream users stop
experiencing these issues.
2022-04-13 07:14:10 -07:00
Marek Siarkowicz
1bb59adb1e *: update golang.org/x/crypto 2022-04-08 16:27:52 +02:00
Manuel Rüger
f0f77fc14e go.mod: Bump prometheus/client_golang to v1.12.1
Signed-off-by: Manuel Rüger <manuel@rueg.eu>
2022-04-06 19:03:24 +02:00
Kay Yan
afecd3139c fix the api dependency in pkg, and update cobra to 1.4.0
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
2022-03-25 17:18:56 +08:00
Marek Siarkowicz
fb55910500 version: bump up to 3.6.0-alpha.0 2022-02-28 13:20:27 +01:00
Piotr Tabor
1237b3576c
Merge pull request #13487 from mrueg/go-1.17.3
*: Bump to go 1.17.6
2022-01-15 17:01:17 +01:00
Manuel Rüger
cf7e8b3535 go.mod: Bump golang.org/x/net dependency; regenerate go.sum
Bumps golang.org/x/net dependency due to fix CVE-2021-44716
as requested in https://github.com/etcd-io/etcd/pull/13487#issuecomment-997065540

Signed-off-by: Manuel Rüger <manuel@rueg.eu>
2022-01-12 03:00:08 +01:00
Your Name
77bf0a5a9e update cobra version to 1.2.1
Signed-off-by: yankay <kay.yan@daocloud.io>
2021-12-29 17:35:25 +08:00
Kushal Pisavadia
71493bde3e *: Upgrade to use go.opentelemetry.io/otel@v1.2.0
Upgrading from v1.0.1.

Upgrading related dependencies
------------------------------

The following dependencies also had to be upgraded:

- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.26.1
  From v0.25.0. This gets rid of a transitive dependency on go.opentelemetry.io/otel@v1.0.1.
- google.golang.org/genproto@v0.0.0-20211118181313-81c1377c94b1
2021-11-24 16:03:33 +00:00
Chao Chen
b5e4c2d3c4 client/v2: remove unsafe json-iterator/reflect2 2021-11-09 11:16:40 -08:00
Sam Batschelet
316e62b4e1 *: fixup go 1.17 bump
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
2021-10-27 14:26:55 -04:00