Benjamin Wang
7ed1219861
dependency: bump golang.org/x/net to v0.8.0
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-03-07 06:52:07 +08:00
Benjamin Wang
b53d63219a
dependency: bump github.com/cheggaaa/pb/v3 to v3.1.2
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-03-07 06:17:01 +08:00
Benjamin Wang
56423eacd2
dependency: bump go.opentelemetry.io/otel to v1.14.0
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-03-03 15:44:47 +08:00
Benjamin Wang
5f872589cd
dependency: bump golang.org/x/sync to v0.1.0
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-28 06:56:16 +08:00
Benjamin Wang
6af2c9dbfa
dependency: bump golang.org/x/crypto to v0.6.0
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-28 06:51:55 +08:00
Benjamin Wang
f333148da9
dependency: bump golang.org/x/time to v0.3.0
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-28 06:49:39 +08:00
Benjamin Wang
d8b8127084
dependency: bump github.com/stretchr/testify from 1.8.1 to 1.8.2
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-28 06:44:33 +08:00
Benjamin Wang
de9c0f8fea
dependency: bump github.com/golang-jwt/jwt/v4 to v4.5.0
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-21 05:29:53 +08:00
Benjamin Wang
a7e94c4843
security: bump golang.org/x/net to v0.7.0 to address CVE GO-2023-1571
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-17 11:29:47 +08:00
Benjamin Wang
d0c3112d5a
dependency: bump go.opentelemetry.io/otel from 1.11.2 to 1.13.0
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-15 18:33:00 +08:00
Benjamin Wang
1d8fe11ad9
dependency: bump golang.org/x/net from 0.5.0 to 0.6.0
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-14 17:40:47 +08:00
Benjamin Wang
cc47f7bc7c
dependency: bump gopkg.in/natefinch/lumberjack.v2 from 2.0.0 to 2.2.1
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-14 17:40:47 +08:00
Benjamin Wang
23e89b98a3
bump bbolt to v1.3.7
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-01-31 07:04:29 +08:00
Benjamin Wang
5b8d7698c8
dependency: bump github.com/coreos/go-semver from 0.3.0 to 0.3.1
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-01-24 16:59:37 +08:00
Benjamin Wang
ac98432f0b
dependency: bump github.com/dustin/go-humanize from v1.0.0 to v1.0.1
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-01-17 06:37:19 +08:00
Benjamin Wang
30fc7611e2
tidy up dependencies
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-01-10 09:11:34 +08:00
Benjamin Wang
6e42da26e4
Merge pull request #14981 from etcd-io/dependabot/go_modules/tests/github.com/anishathalye/porcupine-0.1.4
...
build(deps): bump github.com/anishathalye/porcupine from 0.1.2 to 0.1.4 in /tests
2022-12-14 08:46:34 +08:00
dependabot[bot]
c5d80b388b
build(deps): bump github.com/anishathalye/porcupine in /tests
...
Bumps [github.com/anishathalye/porcupine](https://github.com/anishathalye/porcupine ) from 0.1.2 to 0.1.4.
- [Release notes](https://github.com/anishathalye/porcupine/releases )
- [Commits](https://github.com/anishathalye/porcupine/compare/v0.1.2...v0.1.4 )
---
updated-dependencies:
- dependency-name: github.com/anishathalye/porcupine
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-12-13 22:32:23 +00:00
Benjamin Wang
c4f7ac28a2
deps: bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.32.0 to 0.37.0 in /server
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 04:32:18 +08:00
Benjamin Wang
32840bae73
deps: bump go.opentelemetry.io/otel from 1.7.0 to 1.11.2
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 04:27:04 +08:00
Benjamin Wang
8f320bfa00
deps: bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 in /server
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 04:19:10 +08:00
Benjamin Wang
b96be4f1d3
deps: bump github.com/cheggaaa/pb/v3 from 3.0.8 to 3.1.0 in /etcdctl
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 04:03:53 +08:00
Benjamin Wang
2c192f4205
deps: bump go.uber.org/multierr from 1.8.0 to 1.9.0 in /server
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 04:00:49 +08:00
Benjamin Wang
700ad0fdce
deps: bump github.com/creack/pty from 1.1.11 to 1.1.18 in /pkg
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 03:46:14 +08:00
Benjamin Wang
c2a7a5870d
deps: bump github.com/prometheus/client_golang from 1.12.2 to 1.14.0
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 03:42:11 +08:00
Benjamin Wang
bc41c0963b
deps: bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.5.0
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 03:38:55 +08:00
Benjamin Wang
259a73d67a
deps: bump github.com/spf13/cobra from 1.4.0 to 1.6.1
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 03:33:24 +08:00
Benjamin Wang
1a0af6fee6
deps: bump go.uber.org/zap from 1.21.0 to 1.24.0
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-14 03:33:24 +08:00
Benjamin Wang
1ba246e1d8
bump golang.org/x/ to v0.4.0
...
Found 1 known vulnerability.
Vulnerability #1 : GO-2022-1144
An attacker can cause excessive memory growth in a Go server
accepting HTTP/2 requests. HTTP/2 server connections contain a
cache of HTTP header keys sent by the client. While the total
number of entries in this cache is capped, an attacker sending
very large keys can cause the server to allocate approximately
64 MiB per open connection.
Call stacks in your code:
Error: tools/etcd-dump-metrics/main.go:158:5: go.etcd.io/etcd/v3/tools/etcd-dump-metrics.main calls go.etcd.io/etcd/server/v3/embed.StartEtcd, which eventually calls golang.org/x/net/http2.Server.ServeConn
Found in: golang.org/x/net/http2@v0.2.0
Fixed in: golang.org/x/net/http2@v0.4.0
More info: https://pkg.go.dev/vuln/GO-2022-1144
Error: Process completed with exit code 3.
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-09 08:54:48 +08:00
Benjamin Wang
5503a9484a
test: cleanup go.mod and go.sum files
...
Executed commands below,
1. Removed go.etcd.io/raft/v3 => ../raft;
2. go get go.etcd.io/raft/v3@eaa6808e1f7ab2247c13778250f70520b0527ff1;
3. go mod tidy
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-12-02 13:36:05 +08:00
Benjamin Wang
3f86db5e53
bump golang.org/x imports to address CVEs
...
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-11-30 05:03:43 +08:00
Benjamin Wang
285e44378f
bump github.com/stretchr/testify from v1.7.2 to v1.8.1
...
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-11-26 10:51:32 +08:00
Wei Fu
cf285ea3c7
bump grpc to v1.51.0 from v1.47.0
...
Signed-off-by: Wei Fu <fuweid89@gmail.com>
2022-11-23 22:16:22 +08:00
Marek Siarkowicz
069e26e284
tests: Validate etcd linearizability
...
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
2022-10-23 06:41:38 +02:00
Benjamin Wang
7f10dccbaf
Bump go 1.19: update all the dependencies and go.sum files
...
1. run ./scripts/fix.sh;
2. cd tools/mod; gofmt -w . & go mod tidy;
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-09-22 08:47:46 +08:00
Benjamin Wang
5344085338
Merge pull request #14491 from ahrtr/bump_jwt_4.4.2
...
etcd: Bump golang-jwt/jwt/ version to 4.4.2
2022-09-20 10:18:44 +08:00
Colleen Murphy
7ea2a3d7cb
*: Update golang.org/x/net to latest
...
Update golang.org/x/net to address CVE-2022-27664.
Signed-off-by: Colleen Murphy <colleen.murphy@suse.com>
2022-09-19 16:01:45 -07:00
Benjamin Wang
09db6ec1d7
etcd: Bump golang-jwt/jwt/ version to 4.4.2
...
github.com/golang-jwt/jwt adds go mod support startig from 4.0.0,
and it's backwards-compatible with existing v3.x.y tags.
Signed-off-by: Benjamin Wang <wachao@vmware.com>
2022-09-20 04:06:47 +08:00
Mikel Olasagasti Uranga
89637a4223
Tools/benchmark: migrate cheggaaa/pb.v1 to cheggaaa/pb/v3
...
etcdctl/ctlv3: migrate cheggaaa/pb.v1 to cheggaaa/pb/v3
This commit also changes the format of the progress bar, from using a
custom progress bar to the default provided by the library.
Old behaviour:
./benchmarkv1 put
0 / 10000 B ! 0.00%
3987 / 10000 Boooooooooooooom ! 39.87%
10000 / 10000 Boooooooooooooooooooooooooooooooooooooooooooo! 100.00% 1s
New behaviour:
./benchmark put
6536 / 10000 [----------------------->________________] 65.36% 7053 p/s
10000 / 10000 [---------------------------------------] 100.00% 7581 p/s
Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info>
2022-06-20 15:47:23 +02:00
Piotr Tabor
88cd0fe695
Refresh minor dependencies.
...
Signed-off-by: Piotr Tabor <ptab@google.com>
2022-06-17 10:23:03 +02:00
Piotr Tabor
e7a84b69c8
Update zap to 1.21.
...
Signed-off-by: Piotr Tabor <ptab@google.com>
2022-06-17 10:05:25 +02:00
Piotr Tabor
17c1dcd614
Update grpc to 1.47 and go-cmp to 0.5.8.
...
Signed-off-by: Piotr Tabor <ptab@google.com>
2022-06-17 08:57:22 +02:00
Vimal Kumar
55f0c96fa0
tests: Migrate Txn tests to common functional test framework
2022-05-11 10:33:47 +05:30
Colleen Murphy
27bd78f6ab
Update golang.org/x/crypto to latest
...
Update crypto to address CVE-2022-27191.
The CVE fix is added in 0.0.0-20220315160706-3147a52a75dd but this
change updates to latest.
2022-04-25 09:52:12 -07:00
ahrtr
0dae4b3b1e
rollback the opentelemetry bumpping to recover the pipeline failures
2022-04-14 16:13:28 +08:00
Will Beason
eab1e0c5d5
go.mod: upgrade opentelemetry deps
...
Downstream users of etcd experience build issues when using dependencies
which require more recent (incompatible) versions of opentelemetry. This
commit upgrades the dependencies so that downstream users stop
experiencing these issues.
2022-04-13 07:14:10 -07:00
Marek Siarkowicz
1bb59adb1e
*: update golang.org/x/crypto
2022-04-08 16:27:52 +02:00
Manuel Rüger
f0f77fc14e
go.mod: Bump prometheus/client_golang to v1.12.1
...
Signed-off-by: Manuel Rüger <manuel@rueg.eu>
2022-04-06 19:03:24 +02:00
Kay Yan
afecd3139c
fix the api dependency in pkg, and update cobra to 1.4.0
...
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
2022-03-25 17:18:56 +08:00
Piotr Tabor
fdd98477ef
Update dep: require gopkg.in/yaml.v2 v2.2.8 -> v2.4.0 due to: CVE-2019-11254
2022-01-17 16:52:58 +01:00