Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,750 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

94 Commits

Author SHA1 Message Date
Chun-Hung Tseng
f9907859e5 Bump go toolchain to 1.22.6 
Reference:
- https://github.com/etcd-io/etcd/issues/18443

Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
 2024-08-14 23:55:33 +02:00
Chun-Hung Tseng
8748e5199d
[release-3.5] go version bump from 1.21.12 to 1.21.13 
Reference: https://github.com/etcd-io/etcd/issues/18419
Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
 2024-08-08 21:30:30 +02:00
Benjamin Wang
5a437a3c55 Cleanup github.com/etcd-io/gofail 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
 2024-08-02 13:21:59 +01:00
Marek Siarkowicz
1a18275a2d Upgrade gofail to v0.2.0 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2024-08-02 09:32:37 +02:00
Wenjia Zhang
9a5533382d version: bump up to 3.5.15 2024-07-19 20:13:00 +00:00
D Tripp
e2c6c4754a Bump Go version to 1.21.12: GO-2024-2963 fix 
Signed-off-by: D Tripp <38776199+thedtripp@users.noreply.github.com>
 2024-07-03 05:17:11 +00:00
Chun-Hung Tseng
26769754ad
dependency: bump golang.org/x/net from 0.17.0 to 0.23.0 
Extracted log from govulncheck, suggesting that we should bump the
version of golang.org/x/net

=== Symbol Results ===

Vulnerability #1: GO-2024-2687
    HTTP/2 CONTINUATION flood in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2687
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.17.0
    Fixed in: golang.org/x/net@v0.23.0

Reference:
- https://github.com/etcd-io/etcd/pull/17708

Signed-off-by: Chun-Hung Tseng <henrybear327@gmail.com>
 2024-06-14 11:33:21 +02:00
ArkaSaha30
a64ddefe00
Bump Go version to 1.21.11: CVE 2024-24790 fix 
Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
 2024-06-05 13:48:25 +05:30
James Blair
bf51a53a7e
version: bump up to 3.5.14 2024-05-30 06:33:09 +12:00
Madhav Jivrajani
474031588a .*: sync go toolchain version and add ability to verify versions 
This commit adds a script to sync the version present in .go-version
across all go.mod files as the toolchain directive. As part of that,
this commit also modifies go.mod files that did not have synced toolchain
directives.

Additionally, this also adds a script to verify all toolchain and go
directives against the version present in .go-version as follows:
(1) The go directive <= version in .go-version
(2) The toolchain directive == version in .go-version

This script runs as part of the `make verify` target, making it run
as a presbumit by default.

Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
 2024-05-16 14:45:42 +05:30
Benjamin Wang
f2cbef2379
Merge pull request #17931 from siyuanfoundation/3.5-downgrade-test 
[3.5] Backport cluster downgrade test.
 2024-05-06 19:47:56 +01:00
Siyuan Zhang
99a64341f2 Add cluster downgrade test. 
Signed-off-by: Siyuan Zhang <sizhang@google.com>
 2024-05-06 10:31:18 -07:00
Thomas Jungblut
a5eec4d78d Bump bbolt to 1.3.10 for 3.5 
Signed-off-by: Thomas Jungblut <tjungblu@redhat.com>
 2024-05-06 12:02:49 +02:00
Wei Fu
94a1d0c1b5 *: LeaseTimeToLive returns error if leader changed 
The old leader demotes lessor and all the leases' expire time will be
updated. Instead of returning incorrect remaining TTL, we should return
errors to force client retry.

Cherry-pick: d3bb6f688b4643155b4a9924cec726bdc76a1306

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2024-04-04 22:33:05 +08:00
James Blair
c9063a0dcd
version: bump up to 3.5.13 2024-03-30 07:27:31 +13:00
Ivan Valdes
e6d95c8457
dependency: bump google.golang.org/protobuf to v1.33.0 
Signed-off-by: Ivan Valdes <ivan@vald.es>
 2024-03-07 16:03:12 -08:00
Benjamin Wang
d76d8479ee Bump bbolt to 1.3.9 for 3.5 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
 2024-02-24 15:38:49 +00:00
vivekpatani
f1d1029cc2 dependency: bump github.com/sirupsen/logrus to v1.9.3 
Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
 2024-02-23 16:24:13 -08:00
Allen Ray
3d64877dc2 [3.5] Update to go1.21 
Signed-off-by: Allen Ray <alray@redhat.com>
 2024-02-02 14:25:53 -05:00
Marek Siarkowicz
e7b3bb6cca version: bump up to 3.5.12 2024-01-31 11:32:22 +01:00
Marek Siarkowicz
8599d48f80 Bump golang.org/x/crypto to v0.17+ to address CVE-2023-48795 
This is the minimal set of package updates I get after running:

./scripts/update_dep.sh golang.org/x/crypto v0.17.0
make

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2024-01-30 12:02:49 +01:00
Marek Siarkowicz
3b252db4f6 version: bump up to 3.5.11 2023-12-07 11:29:12 +01:00
James Blair
f952197890
Backport embed: Add tracing integration test. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-11-26 10:30:49 +13:00
sharath sivakumar
f26074ae56 CVE-2023-47108: Backport go.opentelemetry.io/otel@v1.20.0 and go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 
Signed-off-by: sharath sivakumar <sharath.sivakumar@mollie.com>
 2023-11-15 14:09:07 +01:00
Marek Siarkowicz
0223ca52b8 version: bump up to 3.5.10 2023-10-27 12:33:25 +02:00
Benjamin Wang
88beb6ca47 bump bbolt to 1.3.8 for etcd 3.5 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-10-26 16:32:07 +01:00
Chao Chen
1aa4aa8a96 3.5: upgrade gRPC-go to 1.58.3 
The last step with gRPC update behavior changes auditing to resolve CVE #16740 in 3.5

This PR backports #14922, #16338, #16587, #16630, #16636 and #16739 to release-3.5.

Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-17 11:07:08 -07:00
Chao Chen
6f4fa5a27a [release-3.5]: upgrade gRPC-go to v1.52.0 
backport https://github.com/etcd-io/etcd/pull/14834 and https://github.com/etcd-io/etcd/pull/16324

Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-16 21:43:00 -07:00
Chao Chen
db16069588 backport #14125 to release-3.5: Update to grpc-1.47 (and fix the connection-string format) 
Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-12 09:46:49 -07:00
Allen Ray
24ee8e491f bump golang.org/x/net to 0.17.0 
Part of https://github.com/etcd-io/etcd/issues/16740

Signed-off-by: Allen Ray <alray@redhat.com>
 2023-10-11 10:43:51 -04:00
James Blair
9c7c8c6b3f
Backport update to golang 1.20 minor release. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-08-11 21:16:01 +12:00
Marek Siarkowicz
bdbbde998b version: bump up to 3.5.9 2023-05-11 13:39:43 +02:00
Marek Siarkowicz
217d183e5a version: bump up to 3.5.8 2023-04-13 12:08:47 +02:00
Marek Siarkowicz
eb614c35f7 tests: Add connection muiltiplexer testing 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2023-03-17 10:51:35 +01:00
James Blair
1bd835383b
Bump to go 1.19.6 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-02-20 12:52:43 +13:00
James Blair
5996b5faa3
Bump golang.org/x/net to v0.7.0 to address CVE GO-2023-1571. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-02-20 12:51:17 +13:00
Benjamin Wang
747de58414 bump bbolt to v1.3.7 for release-3.5 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-31 07:12:46 +08:00
Marek Siarkowicz
215b53cf3b version: bump up to 3.5.7 2023-01-20 11:15:12 +01:00
Benjamin Wang
a612b9285f format the source code and tidy the dependencies using go 1.17.13 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-19 13:26:59 +08:00
Benjamin Wang
69ee8a83ab bump go version to 1.17.13 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-19 13:23:16 +08:00
Benjamin Wang
3337f35f17 deps: bump golang.org/x/net to v0.4.0 to address CVEs 
CVE-2021-44716
CVE-2022-27664

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-19 09:28:07 +08:00
Marek Siarkowicz
cecbe35ce0 version: bump up to 3.5.6 2022-11-21 15:54:14 +01:00
Marek Siarkowicz
19002cfc68 version: bump up to 3.5.5 2022-09-15 14:02:30 +02:00
Marek Siarkowicz
8d4ca10ece tests: Move CorruptBBolt to testutil 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2022-09-07 15:11:55 +02:00
Benjamin Wang
2751c61f24 update all related dependencies 
Upgrade grpc to 1.41.0;
Run ./script/fix.sh to fix all related issue.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-08-07 07:17:27 +08:00
Colleen Murphy
5c44c3022b Update golang.org/x/crypto to latest 
Update crypto to address CVE-2022-27191.

The CVE fix is added in 0.0.0-20220315160706-3147a52a75dd but this
change updates to latest.
 2022-04-28 09:27:02 -07:00
Marek Siarkowicz
08407ff760 version: bump up to 3.5.4 2022-04-24 12:44:36 +02:00
Marek Siarkowicz
0452feec71 version: bump up to 3.5.3 2022-04-13 17:17:51 +02:00
Marek Siarkowicz
383eceb885
Merge pull request #13669 from maxsokolovsky/upgrade-server-dependency-golang.org/x/crypto 
etcdserver: upgrade the golang.org/x/crypto dependency
 2022-04-09 09:44:05 +02:00
Manuel Rüger
3b8c6512df go.mod: Upgrade to prometheus/client_golang v1.11.1 2022-04-06 00:35:48 +02:00