github.com/dgrijalva/jwt-go has CVE https://github.com/advisories/GHSA-w73w-5m7g-f7qc
and is already archived. etcd v3.4 should use a community maintained fork
github.com/golang-jwt/jwt which provides the fixed version of the CVE.
Signed-off-by: Yusuke Suzuki <yusuke-suzuki@cybozu.co.jp>
This fixes etcd being unable to send any message longer than 64 KB as
a notification over the websocket. This was because the older version
of grpc-websocket-proxy was used and WithMaxRespBodyBufferSize option
wasn't set.
* clientv3: fix grpc-go(v1.27.0) incompatible changes to balancer/resolver.
* vendor: upgrade gRPC Go to v1.24.0
Picking up some performance improvements and bug fixes.
https://github.com/grpc/grpc-go/releases/tag/v1.24.0
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
* vendor: update gRPC Go to v1.26.0 (#11522)
* GO111MODULE=on go mod vendor
* GO111MODULE=on go mod vendor go 1.14
Bump travis 2
Co-authored-by: EDDYCJY <313687982@qq.com>
Co-authored-by: Gyuho Lee <leegyuho@amazon.com>
Co-authored-by: Yuchen Zhou <yczhou@google.com>
The quorum package contains logic to reason about committed indexes as
well as vote outcomes for both majority and joint quorums. The package
is oblivious to the existence of learner replicas.
The plan is to hook this up to etcd/raft in subsequent commits.
To remove the dependency on ghodss/yaml. Replaced this dependency with sigs.k8s.io/yaml.
This wil help to remove the ghodss/yaml dependency from main kubernetes repository.
xref: https://github.com/kubernetes/kubernetes/issues/77024
etcd currently generates a few UUID style identifiers using approaches like `fmt.Sprintf("client-%s", strconv.FormatInt(time.Now().UnixNano(), 36))`.
But these can collide on machine architectures with larger timestamp steps (see https://github.com/etcd-io/etcd/issues/10035).
