Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,814 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

146 Commits

Author SHA1 Message Date
dependabot[bot]
7dfd29b0cc build(deps): bump github.com/mikefarah/yq/v4 in /tools/mod 
Bumps [github.com/mikefarah/yq/v4](https://github.com/mikefarah/yq) from 4.30.8 to 4.31.1.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.30.8...v4.31.1)

---
updated-dependencies:
- dependency-name: github.com/mikefarah/yq/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-21 07:50:45 +08:00
dependabot[bot]
66efadb8fb build(deps): bump honnef.co/go/tools from 0.4.0 to 0.4.2 in /tools/mod 
Bumps [honnef.co/go/tools](https://github.com/dominikh/go-tools) from 0.4.0 to 0.4.2.
- [Release notes](https://github.com/dominikh/go-tools/releases)
- [Commits](https://github.com/dominikh/go-tools/compare/v0.4.0...v0.4.2)

---
updated-dependencies:
- dependency-name: honnef.co/go/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-21 05:23:04 +08:00
Benjamin Wang
a7e94c4843 security: bump golang.org/x/net to v0.7.0 to address CVE GO-2023-1571 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-02-17 11:29:47 +08:00
dependabot[bot]
8f54d38b6c build(deps): bump honnef.co/go/tools from 0.3.3 to 0.4.0 in /tools/mod 
Bumps [honnef.co/go/tools](https://github.com/dominikh/go-tools) from 0.3.3 to 0.4.0.
- [Release notes](https://github.com/dominikh/go-tools/releases)
- [Commits](https://github.com/dominikh/go-tools/compare/v0.3.3...v0.4.0)

---
updated-dependencies:
- dependency-name: honnef.co/go/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-07 06:29:36 +08:00
dependabot[bot]
aba0f91167 build(deps): bump github.com/mgechev/revive in /tools/mod 
Bumps [github.com/mgechev/revive](https://github.com/mgechev/revive) from 1.2.4 to 1.2.5.
- [Release notes](https://github.com/mgechev/revive/releases)
- [Changelog](https://github.com/mgechev/revive/blob/master/.goreleaser.yml)
- [Commits](https://github.com/mgechev/revive/compare/v1.2.4...v1.2.5)

---
updated-dependencies:
- dependency-name: github.com/mgechev/revive
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 05:43:34 +08:00
Benjamin Wang
0d7b624fae dependency: bump github.com/google/addlicense from 1.1.0 to 1.1.1 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-24 16:59:37 +08:00
Benjamin Wang
b2d482e6da dependency: bump gotest.tools/gotestsum from v1.8.2 to v1.9.0 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-17 06:39:26 +08:00
Benjamin Wang
575ceed1c7 dependency: bump github.com/mikefarah/yq/v4 from v4.30.6 to v4.30.8 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-17 06:33:05 +08:00
Wei Fu
4d0b91947e chore: delete // +build buildtag by go fix 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2022-12-29 14:17:05 +08:00
dependabot[bot]
6f522f657d
build(deps): bump github.com/mikefarah/yq/v4 in /tools/mod 
Bumps [github.com/mikefarah/yq/v4](https://github.com/mikefarah/yq) from 4.30.5 to 4.30.6.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](https://github.com/mikefarah/yq/compare/v4.30.5...v4.30.6)

---
updated-dependencies:
- dependency-name: github.com/mikefarah/yq/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-19 17:03:52 +00:00
Benjamin Wang
3b9086009d
Merge pull request #14982 from etcd-io/dependabot/go_modules/tools/mod/github.com/alexkohler/nakedret-1.0.1 
build(deps): bump github.com/alexkohler/nakedret from 1.0.0 to 1.0.1 in /tools/mod
 2022-12-14 08:56:47 +08:00
dependabot[bot]
17d1761fbd
build(deps): bump github.com/alexkohler/nakedret in /tools/mod 
Bumps [github.com/alexkohler/nakedret](https://github.com/alexkohler/nakedret) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/alexkohler/nakedret/releases)
- [Commits](https://github.com/alexkohler/nakedret/compare/v1.0...v1.0.1)

---
updated-dependencies:
- dependency-name: github.com/alexkohler/nakedret
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-14 00:19:18 +00:00
dependabot[bot]
042022390d
build(deps): bump honnef.co/go/tools from 0.3.0 to 0.3.3 in /tools/mod 
Bumps [honnef.co/go/tools](https://github.com/dominikh/go-tools) from 0.3.0 to 0.3.3.
- [Release notes](https://github.com/dominikh/go-tools/releases)
- [Commits](https://github.com/dominikh/go-tools/compare/v0.3.0...v0.3.3)

---
updated-dependencies:
- dependency-name: honnef.co/go/tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-14 00:18:23 +00:00
Benjamin Wang
8b34906b1d deps: bump github.com/mikefarah/yq/v4 from 4.24.2 to 4.30.5 in /tools/mod 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:17:21 +08:00
Benjamin Wang
6845168182 deps: bump github.com/google/addlicense from 1.0.0 to 1.1.0 in /tools/mod 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:15:44 +08:00
Benjamin Wang
feeb703b06 deps: bump gotest.tools/v3 from 3.1.0 to 3.4.0 in /tools/mod 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:13:08 +08:00
Benjamin Wang
40e85f6bee deps: bump github.com/mgechev/revive from 1.2.1 to 1.2.4 in /tools/mod 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:09:35 +08:00
Benjamin Wang
c51540bdd2 deps: bump google.golang.org/protobuf from 1.28.0 to 1.28.1 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 04:07:52 +08:00
Benjamin Wang
642a451165 deps: bump gotest.tools/gotestsum from 1.7.0 to 1.8.2 in /tools/mod 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:53:44 +08:00
Benjamin Wang
259a73d67a deps: bump github.com/spf13/cobra from 1.4.0 to 1.6.1 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-14 03:33:24 +08:00
Marek Siarkowicz
1bb4c9558d tests: Update gofail to v0.1.0 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2022-12-10 14:49:20 +01:00
Benjamin Wang
1ba246e1d8 bump golang.org/x/ to v0.4.0 
Found 1 known vulnerability.

Vulnerability #1: GO-2022-1144
  An attacker can cause excessive memory growth in a Go server
  accepting HTTP/2 requests. HTTP/2 server connections contain a
  cache of HTTP header keys sent by the client. While the total
  number of entries in this cache is capped, an attacker sending
  very large keys can cause the server to allocate approximately
  64 MiB per open connection.

  Call stacks in your code:
Error:       tools/etcd-dump-metrics/main.go:158:5: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.Server.ServeConn

  Found in: golang.org/x/net/http2@v0.2.0
  Fixed in: golang.org/x/net/http2@v0.4.0
  More info: https://pkg.go.dev/vuln/GO-2022-1144
Error: Process completed with exit code 3.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-09 08:54:48 +08:00
Benjamin Wang
cc58edecf2 raft: add raft into the tools/mod 
Previously etcdservers depends on raft/raftpb/raft.proto directly.
After moving raft to a separate repo, we need to add raft to the
tools/mod, and get raft included in the -I protc flags.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-02 15:36:41 +08:00
Benjamin Wang
3f86db5e53 bump golang.org/x imports to address CVEs 
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-11-30 05:03:43 +08:00
Marek Siarkowicz
dd4d69ca91 tests: Cleanup gofail 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2022-11-27 20:35:39 +01:00
Benjamin Wang
150ea9d880 tool: bump gofail version 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-11-18 15:19:18 +08:00
Marek Siarkowicz
837819860b tests: Add linearizability tests scenario for #14370 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2022-10-24 13:36:12 +02:00
Benjamin Wang
7f10dccbaf Bump go 1.19: update all the dependencies and go.sum files 
1. run ./scripts/fix.sh;
2. cd tools/mod; gofmt -w . & go mod tidy;

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-09-22 08:47:46 +08:00
Benjamin Wang
cd0b1d0c66 Bump go 1.19: upgrade go version to 1.19 in all go.mod files 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-09-22 08:47:46 +08:00
Piotr Tabor
55a7c91de9 test.sh: Tools run correctly on OsX 
- The location of installed tools is found using `go list`
- ETCD_VERIFY env variable is printed in repro command line.
 2022-04-17 23:28:26 +02:00
Manuel Rüger
dedb661d92 tools/mod: Update tools 
github.com/google/addlicense v0.0.0-20210428195630-6d92264d7170 -> v1.0.0
github.com/gordonklaus/ineffassign v0.0.0-20200809085317-e36bfde3bb78 -> v0.0.0-20210914165742-4cc7213b9bc8
github.com/grpc-ecosystem/grpc-gateway v1.14.6 -> v1.16.0
github.com/hexfusion/schwag v0.0.0-20170606222847-b7d0fc9aadaa -> v0.0.0-20211117114134-3ceb0191ccbf
github.com/mgechev/revive v1.0.2 -> v1.2.0
github.com/mikefarah/yq/v3 v3.0.0-20201125113350-f42728eef735 -> v4.24.2
gotest.tools v2.2.0+incompatible -> v3.1.0
gotest.tools/gotestsum v0.3.5 -> v1.7.0
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc -> v0.3.0
mvdan.cc/unparam v0.0.0-20200501210554-b37ab49443f7 -> v0.0.0-20220316160445-06cc5682983b

Signed-off-by: Manuel Rüger <manuel@rueg.eu>
 2022-04-07 14:27:51 +02:00
ahrtr
900fc8dd7e replace gobin with go install 
The repository github.com/myitcv/gobin has already been archived,
and the `go install` command accepts arguments with version suffixs
starting from 1.16 (for example, go install example.com/cmd@v1.0.0).
So there is no reason to continue to use gobin.
 2022-02-08 05:41:21 +08:00
Marek Siarkowicz
6d808e5d7d *: Add static validation to etcd_version proto annotation 2022-01-26 15:50:14 +01:00
Manuel Rüger
cf7e8b3535 go.mod: Bump golang.org/x/net dependency; regenerate go.sum 
Bumps golang.org/x/net dependency due to fix CVE-2021-44716
as requested in https://github.com/etcd-io/etcd/pull/13487#issuecomment-997065540

Signed-off-by: Manuel Rüger <manuel@rueg.eu>
 2022-01-12 03:00:08 +01:00
Lili Cosic
e6e279a14d *: Bump go to go v1.17.2 2021-10-27 13:44:54 +02:00
Haimantika Mitra
c10d50c4b3 Replace github.com/form3tech-oss/jwt-go with https://github.com/golang-jwt/jwt 
Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>

Made required adjustments to the go.sum file

Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>

Changed go.sum file in the server directory

Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>

Removed the white space

Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>

Made required changes

Signed-off-by: Haimantika Mitra <haimantikamitra@gmail.com>

Trying to fix the fails

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>

Removed error

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>

Fixed bill-of-materials.json file

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>

Changed go.mod with recent version

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>

Newer version changes

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>

Changes to etcdutl directory

Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>
 2021-08-03 13:49:47 +05:30
Marek Siarkowicz
86f68b9374 *: Add missing file licenses and Fix static analysis prevent skipping them in future 2021-06-29 12:52:02 +02:00
Rajalakshmi-Girish
8bfce5dc01 Add option to generate junit xml reports 2021-06-16 07:25:50 +00:00
Piotr Tabor
ffea1537d4 ClientV3 tests use integration.NewClient that configures proper logger. 2021-04-29 18:18:34 +02:00
Piotr Tabor
3423a949c0 Update go for 3.5: 1.15 -> 1.16.(3). 
https://github.com/etcd-io/etcd/issues/12732
 2021-04-19 16:50:54 +02:00
Joel Smith
19f7c6ef3e *: Update gogo/protobuf to v1.3.2, rerun ./scripts/genproto.sh 
While it appears that etcd is not vulnerable to CVE-2021-3121,
it is a good idea to update to the new generator so that new
vulnerable code isn't generated in any future APIs. Also, this
lays the issue to rest of whether there is any issue with
etcd and CVE-2021-3121.
 2021-03-23 11:48:06 -06:00
Piotr Tabor
577c898fee scripts: Integrate ./scripts/release with new code for tagging modules. 
Changes:
  - signing tags.
  - allows to override BRANCH and REPOSITORY using env variables.

Tested by a release in my private fork:
  BRANCH="20201126-ptabor-release" REPOSITORY="git@github.com:ptabor/etcd.git" ./scripts/release 3.5.0-alpha.20
 2021-01-15 12:31:44 +01:00
Piotr Tabor
b7f0f52a16
*: Refresh of dependencies (#12399) 
This PR focuses on dependencies that have new stable versions.
 2020-10-15 15:32:00 -07:00
Piotr Tabor
da5ca2c0d5 tools: Update of go.mod for protos (gogo/protobuf 1.3.1, grpc 1.29.1, grpc-gateway 1.14.6) 
This brings consistency between proto-generation code and actual versions of libraries being used in runtime:

github.com/gogo/protobuf                        v1.2.1,v1.0.0 -> v1.3.1
github.com/golang/protobuf                             v1.3.2 -> v1.3.5
github.com/grpc-ecosystem/grpc-gateway  v1.9.5,v1.4.1,v1.15.2 -> v1.14.6
google.golang.org/grpc                                v1.26.0 -> v1.29.1

Moved as far as possible, without bumping on grpc 1.30.0 "naming" decomissioning.
Please also notice that gogo/protobuf is likely to reach EOL: https://github.com/gogo/protobuf/issues/691
 2020-10-14 18:46:38 +02:00
Piotr Tabor
bc9e433ca2 tools: Migrate remaining tools to gobin 
Replace ./scripts/install_tool.sh with `gobin`, such that we have
consistent handling for all tools needed for build and consistent
versioning within ./tools/mod/go.mod.

Side changes:
  - Expose /scripts/fix.sh that fixes formatting and bom across modules
  - Expose *.sh variants of scripts like build and ./test (first step
towards replacement).
  - Make stderr output of commands explicit and make commands use
different color than callouts.
 2020-10-13 19:33:01 +02:00
Piotr Tabor
dfdda47bd8 script/genproto.sh: Refactor to be explicit about versions. 
Refactoring script/genproto.sh around state-of-the-art techniques of
managing tooling in go:
  - https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module
  - uses https://github.com/myitcv/gobin instead of customly created gopath.proto dir
  - caches tools between executions
  - guaratees hermetics runs (it was not guaranteed for protoc_grpc_gateway that used latest)

The change is no-op for the generated code.

The commit reveals a few 'worring things':
  1  We depend on : github.com/grpc-ecosystem/grpc-gateway/@v/v1.4.1/protoc-gen-grpc-gateway
  2. And also     : github.com/grpc-ecosystem/grpc-gateway/@v/v1.15.0/protoc-gen-swagger/protoc-gen-swagger
  3. And on extremely old: github.com/gogo/protobuf@v1.0.0 protoc-gen-gofast that is out of sync with the library linked to binaries: github.com/gogo/protobuf@v1.2.1
 2020-10-08 19:52:27 +02:00