Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,532 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

23 Commits

Author SHA1 Message Date
sharath sivakumar
f26074ae56 CVE-2023-47108: Backport go.opentelemetry.io/otel@v1.20.0 and go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 
Signed-off-by: sharath sivakumar <sharath.sivakumar@mollie.com>
 2023-11-15 14:09:07 +01:00
Benjamin Wang
88beb6ca47 bump bbolt to 1.3.8 for etcd 3.5 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-10-26 16:32:07 +01:00
Chao Chen
1aa4aa8a96 3.5: upgrade gRPC-go to 1.58.3 
The last step with gRPC update behavior changes auditing to resolve CVE #16740 in 3.5

This PR backports #14922, #16338, #16587, #16630, #16636 and #16739 to release-3.5.

Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-17 11:07:08 -07:00
Chao Chen
6f4fa5a27a [release-3.5]: upgrade gRPC-go to v1.52.0 
backport https://github.com/etcd-io/etcd/pull/14834 and https://github.com/etcd-io/etcd/pull/16324

Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-16 21:43:00 -07:00
Chao Chen
db16069588 backport #14125 to release-3.5: Update to grpc-1.47 (and fix the connection-string format) 
Signed-off-by: Chao Chen <chaochn@amazon.com>
 2023-10-12 09:46:49 -07:00
Allen Ray
24ee8e491f bump golang.org/x/net to 0.17.0 
Part of https://github.com/etcd-io/etcd/issues/16740

Signed-off-by: Allen Ray <alray@redhat.com>
 2023-10-11 10:43:51 -04:00
James Blair
1ea808b5ba
Backport go_srcs_in_module changes and fix goword failures. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-02-24 22:01:41 +13:00
James Blair
5996b5faa3
Bump golang.org/x/net to v0.7.0 to address CVE GO-2023-1571. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-02-20 12:51:17 +13:00
Paco Xu
2a0ecd4078 upgrade cockroachdb/datadriven to v1.0.2 to remove archived dependencies 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2023-01-31 14:42:15 +08:00
Benjamin Wang
747de58414 bump bbolt to v1.3.7 for release-3.5 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-01-31 07:12:46 +08:00
Benjamin Wang
3337f35f17 deps: bump golang.org/x/net to v0.4.0 to address CVEs 
CVE-2021-44716
CVE-2022-27664

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-12-19 09:28:07 +08:00
Haimantika Mitra
653d6e18c3
Replace github.com/form3tech-oss/jwt-go with https://github.com/golang-jwt/jwt/v4 
Signed-off-by: haimantika mitra <haimantikamitra@gmail.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-09-19 15:35:08 -04:00
Benjamin Wang
2751c61f24 update all related dependencies 
Upgrade grpc to 1.41.0;
Run ./script/fix.sh to fix all related issue.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-08-07 07:17:27 +08:00
Colleen Murphy
5c44c3022b Update golang.org/x/crypto to latest 
Update crypto to address CVE-2022-27191.

The CVE fix is added in 0.0.0-20220315160706-3147a52a75dd but this
change updates to latest.
 2022-04-28 09:27:02 -07:00
Marek Siarkowicz
383eceb885
Merge pull request #13669 from maxsokolovsky/upgrade-server-dependency-golang.org/x/crypto 
etcdserver: upgrade the golang.org/x/crypto dependency
 2022-04-09 09:44:05 +02:00
Manuel Rüger
3b8c6512df go.mod: Upgrade to prometheus/client_golang v1.11.1 2022-04-06 00:35:48 +02:00
Max Sokolovsky
f4708ae3d4 etcdserver: upgrade the golang.org/x/crypto dependency 
To rectify the vulnerability found in a version of golang.org/x/crypto
(https://avd.aquasec.com/nvd/cve-2020-29652), upgrade the dependency to
its latest version.
Alternatively, version v0.0.0-20201216223049-8b5274cf687f could be used,
where the fixed was introduced, but the latest is preferable.
 2022-02-07 10:11:46 -05:00
Lili Cosic
9fee8bf95e Update client_golang dependency to v1.11.0 2021-06-07 15:54:57 +02:00
Sam Batschelet
ab20aa29a0 version: 3.5.0-rc.0 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2021-06-03 21:39:37 -04:00
Piotr Tabor
a5523be415 Update of dependencies: 
- zap-1.17.0
  - bbolt-1.3.6
  - grpc -1.38
  - github.com/coreos/go-systemd/v22 v22.3.2
  - github.com/google/btree v1.0.1
  - github.com/json-iterator/go v1.1.11
 2021-06-03 15:19:33 +02:00
Piotr Tabor
4af7fc393c Expose clientv3.CreateDefaultZapLoggerConfig 
Need raised in
f3f4259d3f.

BTW: Alligned the implementation of grpclogs with what we use in embed server, so reduced the client code dependencies.
 2021-05-26 12:52:46 +02:00
Sam Batschelet
b3f16d6691 version: 3.5.0-beta.4 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2021-05-25 20:48:48 -04:00
Piotr Tabor
c09aca1ba4 Split etcdctl into etcdctl (public API access) & etcdutl (direct surgery on files) 
Motivation is as follows:

  - etcdctl we only depend on clientv3 APIs, no dependencies of bolt, backend, mvcc, file-layout
  - etcdctl can be officially supported across wide range of versions, while etcdutl is pretty specific to file format at particular version.
it's step towards desired modules layout, documented in: https://etcd.io/docs/next/dev-internal/modules/
 2021-05-17 11:54:03 +02:00