Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,566 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

94 Commits

Author SHA1 Message Date
Marek Siarkowicz
8599d48f80 Bump golang.org/x/crypto to v0.17+ to address CVE-2023-48795 
This is the minimal set of package updates I get after running:

./scripts/update_dep.sh golang.org/x/crypto v0.17.0
make

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2024-01-30 12:02:49 +01:00
sharath sivakumar
f26074ae56 CVE-2023-47108: Backport go.opentelemetry.io/otel@v1.20.0 and go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 
Signed-off-by: sharath sivakumar <sharath.sivakumar@mollie.com>
 2023-11-15 14:09:07 +01:00
Benjamin Wang
88beb6ca47 bump bbolt to 1.3.8 for etcd 3.5 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-10-26 16:32:07 +01:00
Chao Chen
1aa4aa8a96 3.5: upgrade gRPC-go to 1.58.3 
The last step with gRPC update behavior changes auditing to resolve CVE #16740 in 3.5

This PR backports #14922, #16338, #16587, #16630, #16636 and #16739 to release-3.5.

Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-17 11:07:08 -07:00
Chao Chen
6f4fa5a27a [release-3.5]: upgrade gRPC-go to v1.52.0 
backport https://github.com/etcd-io/etcd/pull/14834 and https://github.com/etcd-io/etcd/pull/16324

Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-16 21:43:00 -07:00
Chao Chen
db16069588 backport #14125 to release-3.5: Update to grpc-1.47 (and fix the connection-string format) 
Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-12 09:46:49 -07:00
Allen Ray
24ee8e491f bump golang.org/x/net to 0.17.0 
Part of https://github.com/etcd-io/etcd/issues/16740

Signed-off-by: Allen Ray <alray@redhat.com>
 2023-10-11 10:43:51 -04:00
James Blair
1ea808b5ba
Backport go_srcs_in_module changes and fix goword failures. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-02-24 22:01:41 +13:00
James Blair
5996b5faa3
Bump golang.org/x/net to v0.7.0 to address CVE GO-2023-1571. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-02-20 12:51:17 +13:00
Paco Xu
2a0ecd4078 upgrade cockroachdb/datadriven to v1.0.2 to remove archived dependencies 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2023-01-31 14:42:15 +08:00
Benjamin Wang
747de58414 bump bbolt to v1.3.7 for release-3.5 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-31 07:12:46 +08:00
Benjamin Wang
a612b9285f format the source code and tidy the dependencies using go 1.17.13 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-19 13:26:59 +08:00
Benjamin Wang
3337f35f17 deps: bump golang.org/x/net to v0.4.0 to address CVEs 
CVE-2021-44716
CVE-2022-27664

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-19 09:28:07 +08:00
Haimantika Mitra
653d6e18c3
Replace github.com/form3tech-oss/jwt-go with https://github.com/golang-jwt/jwt/v4 
Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-09-19 15:35:08 -04:00
Benjamin Wang
2751c61f24 update all related dependencies 
Upgrade grpc to 1.41.0;
Run ./script/fix.sh to fix all related issue.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-08-07 07:17:27 +08:00
Benjamin Wang
2d7e49002c etcdserver: bump OpenTelemetry to 1.0.1 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-08-07 07:16:08 +08:00
Colleen Murphy
5c44c3022b Update golang.org/x/crypto to latest 
Update crypto to address CVE-2022-27191.

The CVE fix is added in 0.0.0-20220315160706-3147a52a75dd but this
change updates to latest.
 2022-04-28 09:27:02 -07:00
Marek Siarkowicz
383eceb885
Merge pull request #13669 from maxsokolovsky/upgrade-server-dependency-golang.org/x/crypto 
etcdserver: upgrade the golang.org/x/crypto dependency
 2022-04-09 09:44:05 +02:00
Manuel Rüger
3b8c6512df go.mod: Upgrade to prometheus/client_golang v1.11.1 2022-04-06 00:35:48 +02:00
Max Sokolovsky
f4708ae3d4 etcdserver: upgrade the golang.org/x/crypto dependency 
To rectify the vulnerability found in a version of golang.org/x/crypto
(https://avd.aquasec.com/nvd/cve-2020-29652), upgrade the dependency to
its latest version.
Alternatively, version v0.0.0-20201216223049-8b5274cf687f could be used,
where the fixed was introduced, but the latest is preferable.
 2022-02-07 10:11:46 -05:00
Lili Cosic
9fee8bf95e Update client_golang dependency to v1.11.0 2021-06-07 15:54:57 +02:00
Sam Batschelet
ab20aa29a0 version: 3.5.0-rc.0 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2021-06-03 21:39:37 -04:00
Piotr Tabor
a5523be415 Update of dependencies: 
- zap-1.17.0
  - bbolt-1.3.6
  - grpc -1.38
  - github.com/coreos/go-systemd/v22 v22.3.2
  - github.com/google/btree v1.0.1
  - github.com/json-iterator/go v1.1.11
 2021-06-03 15:19:33 +02:00
Piotr Tabor
4af7fc393c Expose clientv3.CreateDefaultZapLoggerConfig 
Need raised in
f3f4259d3f.

BTW: Alligned the implementation of grpclogs with what we use in embed server, so reduced the client code dependencies.
 2021-05-26 12:52:46 +02:00
Sam Batschelet
b3f16d6691 version: 3.5.0-beta.4 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2021-05-25 20:48:48 -04:00
Piotr Tabor
c09aca1ba4 Split etcdctl into etcdctl (public API access) & etcdutl (direct surgery on files) 
Motivation is as follows:

  - etcdctl we only depend on clientv3 APIs, no dependencies of bolt, backend, mvcc, file-layout
  - etcdctl can be officially supported across wide range of versions, while etcdutl is pretty specific to file format at particular version.
it's step towards desired modules layout, documented in: https://etcd.io/docs/next/dev-internal/modules/
 2021-05-17 11:54:03 +02:00
Piotr Tabor
3ed0cb1dfc
Update modules to more stable versions. (#12975) 2021-05-15 23:32:27 -07:00
Piotr Tabor
00c6090110 Refactor common code from etcdctl (v2,v3) to pkg/corbautl. 
Preparation for etcdutl split.
 2021-05-14 14:16:53 +02:00
Lili Cosic
1a718a958e Add initial Tracing with OpenTelemetry 2021-05-10 10:44:40 +02:00
Sam Batschelet
82b2d5c67d server: add support for log rotation 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2021-05-07 08:39:51 -04:00
wpedrak
927b3a3152 server: replace mlockall with Mlock in --experimental-memory-mlock 
Implementation of `--experimental-memory-mlock` backed by `mlockall` syscall is replaced by `Mlock` flag (backed by mlock syscall) of bboltDB.
 2021-04-29 12:08:20 +02:00
Piotr Tabor
3423a949c0 Update go for 3.5: 1.15 -> 1.16.(3). 
https://github.com/etcd-io/etcd/issues/12732
 2021-04-19 16:50:54 +02:00
Piotr Tabor
eafbc8c57e Update zap logging dependency. 
In particular bring up zapgrpc V2 code:
89e382035d
https://pkg.go.dev/google.golang.org/grpc/grpclog#LoggerV2
 2021-04-14 12:15:48 +02:00
Piotr Tabor
3bb7acc8cf Migrate dependencies pkg/foo -> client/pkg/foo 2021-04-07 00:38:47 +02:00
Piotr Tabor
f290ab2e60 Update dependecies: 
github.com/grpc-ecosystem/grpc-gateway v1.14.6 -> grpc-gateway v1.16.0
  golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e->v0.0.0-20210220033141-f8bda1e9f3ba
 2021-03-27 20:48:33 +01:00
Piotr Tabor
c49807f59e Update cmux to 1.5.0. 
Executed using:
```
./scripts/update_dep.sh github.com/soheilhy/cmux v0.1.5
```
 2021-03-27 11:18:13 +01:00
Piotr Tabor
a60676686b Update dep: grpc: 1.32.0 -> 1.36.0. 2021-03-24 22:27:55 +01:00
Piotr Tabor
45fb7b41d6 Update dep: github.com/golang/protobuf v1.3.5 ->  v1.5.1 
Thanks to https://go-review.googlesource.com/c/protobuf/+/300869/ its
feasible now.
 2021-03-24 22:27:12 +01:00
Piotr Tabor
a84bd093b0 Integration with grpc-settable logger. 2021-03-16 22:50:41 +01:00
Sam Batschelet
d3aa3fb486 vendor: bump gogo/proto to v1.3.2 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2021-03-11 11:27:25 -05:00
Piotr Tabor
a46a358577 --experimental-memory-mlock support 
The flag protects etcd memory from being swapped out to disk.
This can happen in memory constrained systems where mmaped bbolt
area is natural condidate for swapping out.

This flag should provide better tail latency on the cost of higher RSS
ram usage. If the experiment is successful, the logic should get moved
into bbolt layer, where we can protect specific bbolt instances
(e.g. avoid protecting both during defragmentation).
 2021-03-07 12:32:57 +01:00
Piotr Tabor
f7a2389992 Update version of certifi/gocertifi to get rid of WTF Public license 
Seems old versions of https://github.com/certifi/gocertifi where
categorized as "Do What The F*ck You Want To Public License".

Update to newer version that is explicit `Mozilla Public License` 2.0 (MPL 2.0).
 2021-03-04 09:48:34 +01:00
Piotr Tabor
1a9c81abda Update grpc dependency to 1.32. 
Simplify grpc testing infrastructure to align with upstream changes.
 2021-02-23 11:31:50 +01:00
Piotr Tabor
0b75fede64 Replace client/v3/balancer with standard components: resolver + round_robin LB 
This commit significantly reduces volume of custom code
in etcd client v3, while preserving full existing functionality.
 2021-02-08 18:50:31 +01:00
Dan Lorenc
5b90402082 Switch from dgrijalva/jwt-go to form3tech-oss/jwt-go. 
dgrijalva/jwt-go has been abandoned and contains several serious
security issues. Most projects are now switching to the form3tech fork.

See https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515 for
info on the issues.

Signed-off-by: Dan Lorenc <dlorenc@google.com>
 2021-01-10 08:04:20 -06:00
Piotr Tabor
6c1efd6ba5 server: Update go.mod 2020-10-26 13:02:32 +01:00
Piotr Tabor
4a5e9d1261 server: Move server files to 'server' directory. 
26  git mv mvcc wal auth etcdserver etcdmain proxy embed/ lease/ server
   36  git mv go.mod go.sum server
 2020-10-26 12:57:19 +01:00
Piotr Tabor
df48e499ea etcdctl: Make etcdctl a module (go.mod, LICENSE) 2020-10-20 12:07:27 +02:00
Piotr Tabor
cf795c0ae6 client/v3: Create and update go.mod 2020-10-20 10:09:12 +02:00
Piotr Tabor
b7f0f52a16
*: Refresh of dependencies (#12399) 
This PR focuses on dependencies that have new stable versions.
 2020-10-15 15:32:00 -07:00