Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
19,218 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

46 Commits

Author SHA1 Message Date
Benjamin Wang
23e89b98a3 bump bbolt to v1.3.7 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-31 07:04:29 +08:00
Benjamin Wang
5b8d7698c8 dependency: bump github.com/coreos/go-semver from 0.3.0 to 0.3.1 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-24 16:59:37 +08:00
Benjamin Wang
ac98432f0b dependency: bump github.com/dustin/go-humanize from v1.0.0 to v1.0.1 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-17 06:37:19 +08:00
Benjamin Wang
30fc7611e2 tidy up dependencies 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-10 09:11:34 +08:00
Benjamin Wang
c4f7ac28a2 deps: bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.32.0 to 0.37.0 in /server 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:32:18 +08:00
Benjamin Wang
32840bae73 deps: bump go.opentelemetry.io/otel from 1.7.0 to 1.11.2 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:27:04 +08:00
Benjamin Wang
8f320bfa00 deps: bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 in /server 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:19:10 +08:00
Benjamin Wang
2c192f4205 deps: bump go.uber.org/multierr from 1.8.0 to 1.9.0 in /server 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:00:49 +08:00
Benjamin Wang
c2a7a5870d deps: bump github.com/prometheus/client_golang from 1.12.2 to 1.14.0 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:42:11 +08:00
Benjamin Wang
bc41c0963b deps: bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.5.0 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:38:55 +08:00
Benjamin Wang
259a73d67a deps: bump github.com/spf13/cobra from 1.4.0 to 1.6.1 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:33:24 +08:00
Benjamin Wang
1a0af6fee6 deps: bump go.uber.org/zap from 1.21.0 to 1.24.0 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:33:24 +08:00
Benjamin Wang
1ba246e1d8 bump golang.org/x/ to v0.4.0 
Found 1 known vulnerability.

Vulnerability #1: GO-2022-1144
  An attacker can cause excessive memory growth in a Go server
  accepting HTTP/2 requests. HTTP/2 server connections contain a
  cache of HTTP header keys sent by the client. While the total
  number of entries in this cache is capped, an attacker sending
  very large keys can cause the server to allocate approximately
  64 MiB per open connection.

  Call stacks in your code:
Error:       tools/etcd-dump-metrics/main.go:158:5: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.Server.ServeConn

  Found in: golang.org/x/net/http2@v0.2.0
  Fixed in: golang.org/x/net/http2@v0.4.0
  More info: https://pkg.go.dev/vuln/GO-2022-1144
Error: Process completed with exit code 3.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-09 08:54:48 +08:00
Benjamin Wang
f54752b977 etcdutl: cleanup go.mod and go.sum files 
Executed commands below,
1. Removed go.etcd.io/raft/v3 => ../raft;
2. go get go.etcd.io/raft/v3@eaa6808e1f7ab2247c13778250f70520b0527ff1
3. go mod tidy

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-02 13:06:59 +08:00
Benjamin Wang
3f86db5e53 bump golang.org/x imports to address CVEs 
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-11-30 05:03:43 +08:00
Benjamin Wang
72b9d1d31b fix release pipeline failure 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-11-26 18:40:54 +08:00
Wei Fu
cf285ea3c7 bump grpc to v1.51.0 from v1.47.0 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2022-11-23 22:16:22 +08:00
Benjamin Wang
7f10dccbaf Bump go 1.19: update all the dependencies and go.sum files 
1. run ./scripts/fix.sh;
2. cd tools/mod; gofmt -w . & go mod tidy;

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-09-22 08:47:46 +08:00
Benjamin Wang
5344085338
Merge pull request #14491 from ahrtr/bump_jwt_4.4.2 
etcd: Bump golang-jwt/jwt/ version to 4.4.2
 2022-09-20 10:18:44 +08:00
Colleen Murphy
7ea2a3d7cb *: Update golang.org/x/net to latest 
Update golang.org/x/net to address CVE-2022-27664.

Signed-off-by: Colleen Murphy <colleen.murphy@suse.com>
 2022-09-19 16:01:45 -07:00
Benjamin Wang
09db6ec1d7 etcd: Bump golang-jwt/jwt/ version to 4.4.2 
github.com/golang-jwt/jwt adds go mod support startig from 4.0.0,
and it's backwards-compatible with existing v3.x.y tags.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-09-20 04:06:47 +08:00
Piotr Tabor
88cd0fe695 Refresh minor dependencies. 
Signed-off-by: Piotr Tabor <ptab@google.com>
 2022-06-17 10:23:03 +02:00
Piotr Tabor
e7a84b69c8 Update zap to 1.21. 
Signed-off-by: Piotr Tabor <ptab@google.com>
 2022-06-17 10:05:25 +02:00
Piotr Tabor
17c1dcd614 Update grpc to 1.47 and go-cmp to 0.5.8. 
Signed-off-by: Piotr Tabor <ptab@google.com>
 2022-06-17 08:57:22 +02:00
Colleen Murphy
27bd78f6ab Update golang.org/x/crypto to latest 
Update crypto to address CVE-2022-27191.

The CVE fix is added in 0.0.0-20220315160706-3147a52a75dd but this
change updates to latest.
 2022-04-25 09:52:12 -07:00
ahrtr
0dae4b3b1e rollback the opentelemetry bumpping to recover the pipeline failures 2022-04-14 16:13:28 +08:00
Will Beason
eab1e0c5d5 go.mod: upgrade opentelemetry deps 
Downstream users of etcd experience build issues when using dependencies
which require more recent (incompatible) versions of opentelemetry. This
commit upgrades the dependencies so that downstream users stop
experiencing these issues.
 2022-04-13 07:14:10 -07:00
Marek Siarkowicz
1bb59adb1e *: update golang.org/x/crypto 2022-04-08 16:27:52 +02:00
Manuel Rüger
f0f77fc14e go.mod: Bump prometheus/client_golang to v1.12.1 
Signed-off-by: Manuel Rüger <manuel@rueg.eu>
 2022-04-06 19:03:24 +02:00
Kay Yan
afecd3139c fix the api dependency in pkg, and update cobra to 1.4.0 
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
 2022-03-25 17:18:56 +08:00
Piotr Tabor
1237b3576c
Merge pull request #13487 from mrueg/go-1.17.3 
*: Bump to go 1.17.6
 2022-01-15 17:01:17 +01:00
Manuel Rüger
cf7e8b3535 go.mod: Bump golang.org/x/net dependency; regenerate go.sum 
Bumps golang.org/x/net dependency due to fix CVE-2021-44716
as requested in https://github.com/etcd-io/etcd/pull/13487#issuecomment-997065540

Signed-off-by: Manuel Rüger <manuel@rueg.eu>
 2022-01-12 03:00:08 +01:00
Your Name
77bf0a5a9e update cobra version to 1.2.1 
Signed-off-by: yankay <kay.yan@daocloud.io>
 2021-12-29 17:35:25 +08:00
Kushal Pisavadia
71493bde3e *: Upgrade to use go.opentelemetry.io/otel@v1.2.0 
Upgrading from v1.0.1.

Upgrading related dependencies
------------------------------

The following dependencies also had to be upgraded:

- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.26.1
  From v0.25.0. This gets rid of a transitive dependency on go.opentelemetry.io/otel@v1.0.1.
- google.golang.org/genproto@v0.0.0-20211118181313-81c1377c94b1
 2021-11-24 16:03:33 +00:00
Chao Chen
b5e4c2d3c4 client/v2: remove unsafe json-iterator/reflect2 2021-11-09 11:16:40 -08:00
Vladimir Ermakov
49a8aa7f49
run fix.sh 
To fix dependencies.

Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
 2021-10-13 14:08:27 +03:00
Marek Siarkowicz
1b4e54c238 api: Annotate proto messages and use it to detect etcd version that generated wal 
Co-authored-by: Lili Cosic <cosiclili@gmail.com>
 2021-08-04 13:36:08 +02:00
Haimantika Mitra
c10d50c4b3 Replace github.com/form3tech-oss/jwt-go with https://github.com/golang-jwt/jwt 
Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>

Made required adjustments to the go.sum file

Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>

Changed go.sum file in the server directory

Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>

Removed the white space

Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>

Made required changes

Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>

Trying to fix the fails

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>

Removed error

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>

Fixed bill-of-materials.json file

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>

Changed go.mod with recent version

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>

Newer version changes

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>

Changes to etcdutl directory

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>
 2021-08-03 13:49:47 +05:30
Lili Cosic
16477a8270 Update client_golang dependency to v1.11.0 2021-06-07 14:49:57 +02:00
Piotr Tabor
404efd70f7 Upgrade of prometheous deps. 
For now we need to depend on unstable: prometheus/client_golang
 2021-06-03 16:07:01 +02:00
Piotr Tabor
edcfe575cf Update dependencies: 
- github.com/coreos/go-systemd/v22 v22.3.2
  - github.com/google/btree v1.0.1
  - github.com/json-iterator/go v1.1.11
  - github.com/mattn/go-runewidth v0.0.13
  - github.com/prometheus/client_golang v1.10.0
  - github.com/prometheus/common v0.26.0
  - github.com/sirupsen/logrus v1.8.1
 2021-06-03 13:03:01 +02:00
Piotr Tabor
b240625d21 Update bbolt to v1.3.6. 
`./scripts/update_dep.sh go.etcd.io/bbolt v1.3.6`
 2021-06-03 12:39:53 +02:00
Piotr Tabor
90cea7d4e7 Update zap to v1.17.0. 2021-06-03 12:37:43 +02:00
Piotr Tabor
bda32db121 Expose clientv3.CreateDefaultZapLoggerConfig 
Need raised in
f3f4259d3f.

BTW: Alligned the implementation of grpclogs with what we use in embed
server, so reduced the client code dependencies.
 2021-05-25 22:59:08 +02:00
Pavan BG
d9c5e1f0a2 *: Replace internal testutil AssertEqual function in favour of github.com/stretchr/testify/assert.Equals 
To maintain uniformity in testing methodology, assert.Equals has been used everywhere while replacing testutil.AssertEqual

Fixes #13015
 2021-05-20 19:55:45 +05:30
Piotr Tabor
c09aca1ba4 Split etcdctl into etcdctl (public API access) & etcdutl (direct surgery on files) 
Motivation is as follows:

  - etcdctl we only depend on clientv3 APIs, no dependencies of bolt, backend, mvcc, file-layout
  - etcdctl can be officially supported across wide range of versions, while etcdutl is pretty specific to file format at particular version.
it's step towards desired modules layout, documented in: https://etcd.io/docs/next/dev-internal/modules/
 2021-05-17 11:54:03 +02:00