Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update module github.com/hashicorp/consul to v1.20.0 [security] (release-2.8.x) #119

Open
wants to merge 1 commit into
base: release-2.8.x
Choose a base branch
from
Open

chore(deps): update module github.com/hashicorp/consul to v1.20.0 [security] (release-2.8.x) #119

wants to merge 1 commit into from
+1 −1

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 25, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/hashicorp/consul v1.5.1 -> v1.20.0 age adoption passing confidence

Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

BIT-consul-2020-7955 / CVE-2020-7955 / GHSA-r9w6-rhh9-7v53 / GO-2022-0874

More information

Details

Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

BIT-consul-2020-7219 / CVE-2020-7219 / GHSA-23jv-v6qj-3fhh / GO-2022-0776

More information

Details

Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Incorrect Authorization in HashiCorp Consul

BIT-consul-2020-7955 / CVE-2020-7955 / GHSA-r9w6-rhh9-7v53 / GO-2022-0874

More information

Details

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Denial of Service (DoS) in HashiCorp Consul

BIT-consul-2020-7219 / CVE-2020-7219 / GHSA-23jv-v6qj-3fhh / GO-2022-0776

More information

Details

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

Specific Go Packages Affected

github.com/hashicorp/consul/agent/consul

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Allocation of Resources Without Limits or Throttling in Hashicorp Consul

BIT-consul-2020-13250 / CVE-2020-13250 / GHSA-rqjq-mrgx-85hp / GO-2022-0879

More information

Details

HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service.

Specific Go Packages Affected

github.com/hashicorp/consul/agent/config

Fix

The vulnerability is fixed in versions 1.6.6 and 1.7.4.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

BIT-consul-2020-13250 / CVE-2020-13250 / GHSA-rqjq-mrgx-85hp / GO-2022-0879

More information

Details

Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Privilege Escalation in HashiCorp Consul

BIT-consul-2020-28053 / CVE-2020-28053 / GHSA-6m72-467w-94rh / GO-2024-2505

More information

Details

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

BIT-consul-2020-28053 / CVE-2020-28053 / GHSA-6m72-467w-94rh / GO-2024-2505

More information

Details

Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul Cross-site Scripting vulnerability

BIT-consul-2020-25864 / CVE-2020-25864 / GHSA-8xmx-h8rq-h94j / GO-2023-1851

More information

Details

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

BIT-consul-2020-25864 / CVE-2020-25864 / GHSA-8xmx-h8rq-h94j / GO-2023-1851

More information

Details

HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

BIT-consul-2021-37219 / CVE-2021-37219 / GHSA-ccw8-7688-vqx4 / GO-2022-0593

More information

Details

HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul Privilege Escalation Vulnerability

BIT-consul-2021-37219 / CVE-2021-37219 / GHSA-ccw8-7688-vqx4 / GO-2022-0593

More information

Details

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

Severity

  • CVSS Score: 8.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

BIT-consul-2021-38698 / CVE-2021-38698 / GHSA-6hw5-6gcx-phmw / GO-2022-0559

More information

Details

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.

BIT-consul-2021-38698 / CVE-2021-38698 / GHSA-6hw5-6gcx-phmw / GO-2022-0559

More information

Details

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

BIT-consul-2022-29153 / CVE-2022-29153 / GHSA-q6h7-4qgw-2j9p / GO-2022-0615

More information

Details

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector

BIT-consul-2022-29153 / CVE-2022-29153 / GHSA-q6h7-4qgw-2j9p / GO-2022-0615

More information

Details

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

BIT-consul-2021-36213 / CVE-2021-36213 / GHSA-8h2g-r292-j8xh / GO-2022-0895

More information

Details

HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Hashicorp Consul Missing SSL Certificate Validation

BIT-consul-2021-32574 / CVE-2021-32574 / GHSA-25gf-8qrr-g78r / GO-2022-0894

More information

Details

HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

BIT-consul-2021-32574 / CVE-2021-32574 / GHSA-25gf-8qrr-g78r / GO-2022-0894

More information

Details

Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul L7 deny intention results in an allow action

BIT-consul-2021-36213 / CVE-2021-36213 / GHSA-8h2g-r292-j8xh / GO-2022-0895

More information

Details

In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

BIT-consul-2022-40716 / CVE-2022-40716 / GHSA-m69r-9g56-7mv8 / GO-2022-1029

More information

Details

HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

HashiCorp Consul vulnerable to authorization bypass

BIT-consul-2022-40716 / CVE-2022-40716 / GHSA-m69r-9g56-7mv8 / GO-2022-1029

More information

Details

HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names. This issue has been fixed in versions 1.11.9, 1.12.5, and 1.13.2. There are no known workarounds.

Severity

  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul vulnerable to denial of service

BIT-consul-2023-1297 / CVE-2023-1297 / GHSA-c57c-7hrj-6q6v / GO-2023-1827

More information

Details

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

Severity

  • CVSS Score: 4.9 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

BIT-consul-2023-1297 / CVE-2023-1297 / GHSA-c57c-7hrj-6q6v / GO-2023-1827

More information

Details

Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Hashicorp Consul Cross-site Scripting vulnerability

BIT-consul-2024-10086 / CVE-2024-10086 / GHSA-99wr-c2px-grmh / GO-2024-3242

More information

Details

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

BIT-consul-2024-10086 / CVE-2024-10086 / GHSA-99wr-c2px-grmh / GO-2024-3242

More information

Details

Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Severity

Unknown

References

This data is provided by OSV and the Go Vulnerability Database (CC-BY 4.0).

Release Notes

hashicorp/consul (github.com/hashicorp/consul)

v1.20.0

Compare Source

1.20.0 (October 14, 2024)

SECURITY:

  • Explicitly set 'Content-Type' header to mitigate XSS vulnerability. [GH-21704]
  • Implement HTML sanitization for user-generated content to prevent XSS attacks in the UI. [GH-21711]
  • UI: Remove codemirror linting due to package dependency [GH-21726]
  • Upgrade Go to use 1.22.7. This addresses CVE
    CVE-2024-34155 [GH-21705]
  • Upgrade to support aws/aws-sdk-go v1.55.5 or higher. This resolves CVEs
    CVE-2020-8911 and
    CVE-2020-8912. [GH-21684]
  • ui: Pin a newer resolution of Braces [GH-21710]
  • ui: Pin a newer resolution of Codemirror [GH-21715]
  • ui: Pin a newer resolution of Markdown-it [GH-21717]
  • ui: Pin a newer resolution of ansi-html [GH-21735]

FEATURES:

  • grafana: added the dashboards service-to-service dashboard, service dashboard, and consul dataplane dashboard [GH-21806]
  • server: remove v2 tenancy, catalog, and mesh experiments [GH-21592]

IMPROVEMENTS:

  • security: upgrade ubi base image to 9.4 [GH-21750]
  • connect: Add Envoy 1.31 and 1.30 to support matrix [GH-21616]

BUG FIXES:

  • jwt-provider: change dns lookup family from the default of AUTO which would prefer ipv6 to ALL if LOGICAL_DNS is used or PREFER_IPV4 if STRICT_DNS is used to gracefully handle transitions to ipv6. [GH-21703]

v1.19.2

Compare Source

1.19.2 (August 26, 2024)

SECURITY:

  • ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0 [GH-21588]

IMPROVEMENTS:

  • Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [GH-21587]

BUG FIXES:

  • api-gateway: (Enterprise only) ensure clusters are properly created for JWT providers with a remote URI for the JWKS endpoint [GH-21604]

v1.19.1

Compare Source

1.19.1 (July 11, 2024)

SECURITY:

IMPROVEMENTS:

  • mesh: update supported envoy version 1.29.5 in addition to 1.28.4, 1.27.6. [GH-21277]

BUG FIXES:

  • core: Fix multiple incorrect type conversion for potential overflows [GH-21251]
  • core: Fix panic runtime error on AliasCheck [GH-21339]
  • dns: Fix a regression where DNS SRV questions were returning duplicate hostnames instead of encoded IPs.
    This affected Nomad integrations with Consul. [GH-21361]
  • dns: Fix a regression where DNS tags using the standard lookup syntax, tag.name.service.consul, were being disregarded. [GH-21361]
  • dns: Fixes a spam log message "Failed to parse TTL for prepared query..."
    that was always being logged on each prepared query evaluation. [GH-21381]
  • terminating-gateway: (Enterprise Only) Fixed issue where enterprise metadata applied to linked services was the terminating-gateways enterprise metadata and not the linked services enterprise metadata. [GH-21382]
  • txn: Fix a bug where mismatched Consul server versions could result in undetected data loss for when using newer Transaction verbs. [GH-21519]

v1.19.0

Compare Source

1.19.0 (June 12, 2024)

BREAKING CHANGES:

  • telemetry: State store usage metrics with a double consul element in the metric name have been removed. Please use the same metric without the second consul instead. As an example instead of consul.consul.state.config_entries use consul.state.config_entries [GH-20674]

SECURITY:

FEATURES:

  • dns: queries now default to a refactored DNS server that is v1 and v2 Catalog compatible.
    Use v1dns in the experiments agent config to disable.
    The legacy server will be removed in a future release of Consul.
    See the Consul 1.19.x Release Notes for removed DNS features. [GH-20715]
  • gateways: api-gateway can leverage listener TLS certificates available on the gateway's local filesystem by specifying the public certificate and private key path in the new file-system-certificate configuration entry [GH-20873]

IMPROVEMENTS:

  • dns: new version was not supporting partition or namespace being set to 'default' in CE version. [GH-21230]
  • mesh: update supported envoy version 1.29.4 in addition to 1.28.3, 1.27.5, 1.26.8. [GH-21142]
  • upgrade go version to v1.22.4. [GH-21265]
  • Upgrade github.com/envoyproxy/go-control-plane to 0.12.0. [GH-20973]
  • dns: DNS-over-grpc when using consul-dataplane now accepts partition, namespace, token as metadata to default those query parameters.
    consul-dataplane v1.5+ will send this information automatically. [GH-20899]
  • snapshot: Add consul snapshot decode CLI command to output a JSON object stream of all the snapshots data. [GH-20824]
  • telemetry: Add telemetry.disable_per_tenancy_usage_metrics in agent configuration to disable setting tenancy labels on usage metrics. This significantly decreases CPU utilization in clusters with many admin partitions or namespaces.
  • telemetry: Improved the performance usage metrics emission by not outputting redundant metrics. [GH-20674]

DEPRECATIONS:

  • snapshot agent: (Enterprise only) Top level single snapshot destinations local_storage, aws_storage, azure_blob_storage, and google_storage in snapshot agent configuration files are now deprecated. Use the backup_destinations config object instead.

BUG FIXES:

v1.18.2

Compare Source

1.18.2 (May 14, 2024)

Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.

SECURITY:

IMPROVEMENTS:

  • gateways: service defaults configuration entries can now be used to set default upstream limits for mesh-gateways [GH-20945]
  • connect: Add ability to disable Auto Host Header Rewrite on Terminating Gateway at the service level [GH-20802]

BUG FIXES:

  • dns: fix a bug with sameness group queries in DNS where responses did not respect DefaultForFailover.
    DNS requests against sameness groups without this field set will now error as intended.
  • error running consul server in 1.18.0: failed to configure SCADA provider user's home directory path: $HOME is not defined [GH-20926]
  • server: fix Ent snapshot restore on CE when CE downgrade is enabled [GH-20977]
  • xds: Make TCP external service registered with terminating gateway reachable from peered cluster [GH-19881]

v1.18.1

Compare Source

1.18.1 (March 26, 2024)

Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.

BREAKING CHANGES:

  • ui: Adds a "Link to HCP Consul Central" modal with integration to side-nav and link to HCP banner. There will be an option to disable the Link to HCP banner from the UI in a follow-up release. [GH-20474]

SECURITY:

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the deps-update/release-2.8.x-go-github.aaakk.us.kg-hashicorp-consul-vulnerability branch from 0e40236 to 643f988 Compare November 2, 2024 14:41
@renovate renovate bot changed the title chore(deps): update module github.com/hashicorp/consul to v1.14.5 [security] (release-2.8.x) chore(deps): update module github.com/hashicorp/consul to v1.20.0 [security] (release-2.8.x) Nov 2, 2024
@renovate Renovate
Copy link
Author

renovate bot commented Nov 2, 2024

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -d -t ./...
go: -d flag is deprecated. -d=true is a no-op
go: downloading github.com/docker/docker v23.0.3+incompatible
go: downloading github.com/grafana/dskit v0.0.0-20230518162305-3c92c534827e
go: downloading github.com/prometheus/common v0.43.0
go: downloading github.com/weaveworks/common v0.0.0-20230511094633-334485600903
go: downloading github.com/oschwald/geoip2-golang v1.8.0
go: downloading github.com/prometheus/alertmanager v0.25.0
go: downloading github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749
go: downloading google.golang.org/api v0.126.0
go: downloading github.com/heroku/x v0.0.59
go: downloading github.com/imdario/mergo v0.3.15
go: downloading github.com/pierrec/lz4/v4 v4.1.17
go: downloading github.com/thanos-io/objstore v0.0.0-20230201072718-11ffbc490204
go: downloading github.com/oschwald/maxminddb-golang v1.10.0
go: downloading github.com/prometheus/exporter-toolkit v0.9.1
go: downloading github.com/digitalocean/godo v1.98.0
go: downloading github.com/miekg/dns v1.1.53
go: downloading k8s.io/api v0.26.2
go: downloading k8s.io/apimachinery v0.26.2
go: downloading github.com/gophercloud/gophercloud v1.2.0
go: downloading github.com/google/pprof v0.0.0-20230228050547-1710fef4ab10
go: downloading github.com/googleapis/gax-go/v2 v2.11.0
go: downloading cloud.google.com/go/compute v1.21.0
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azcore v1.2.0
go: downloading google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98
go: downloading github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.0
go: downloading k8s.io/utils v0.0.0-20230406110748-d93618cff8a2
go: downloading sigs.k8s.io/structured-merge-diff/v4 v4.2.3
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98
go: downloading github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.1
go: downloading github.com/AzureAD/microsoft-authentication-library-for-go v0.7.0
go: downloading github.com/googleapis/enterprise-certificate-proxy v0.2.3
go: downloading k8s.io/kube-openapi v0.0.0-20230303024457-afdc3dddf62d
go: downloading github.com/emicklei/go-restful/v3 v3.10.1
go: downloading go.opentelemetry.io v0.1.0
go: downloading go.opentelemetry.io/otel v1.31.0
go: downloading go.opentelemetry.io/otel/metric v1.31.0
go: github.com/grafana/loki/pkg/ruler/storage/instance imports
	github.com/prometheus/prometheus/storage/remote imports
	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp imports
	go.opentelemetry.io/otel/metric/global: cannot find module providing package go.opentelemetry.io/otel/metric/global
go: github.com/grafana/loki/pkg/ruler/storage/instance imports
	github.com/prometheus/prometheus/storage/remote imports
	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp imports
	go.opentelemetry.io/otel/metric/instrument: cannot find module providing package go.opentelemetry.io/otel/metric/instrument
go: module github.com/Azure/go-autorest/autorest/adal is deprecated: use github.com/Azure/azure-sdk-for-go/sdk/azidentity instead.
go: module github.com/Azure/go-autorest/autorest/azure/auth is deprecated: use github.com/Azure/azure-sdk-for-go/sdk/azidentity instead.
go: module github.com/golang/protobuf is deprecated: Use the "google.golang.org/protobuf" module instead.
go: warning: github.com/hashicorp/consul/[email protected]: retracted by module author: cut from incorrect branch
go: warning: github.com/hashicorp/[email protected]: retracted by module author: v1.1.5 merged upstream ugorji/go which breaks compatibility with previous versions.
go: to switch to the latest unretracted version, run:
	go get <module>@latest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/security dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants