Update google.golang.org/api to latest #3288
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ignore the vendor/ tree created if someone runs "go mod vendor" Signed-off-by: Christian Stewart <[email protected]>
Updating protobuf runtime library as a dependency of eventually updating google.golang.org/api in a future commit. Signed-off-by: Christian Stewart <[email protected]>
Updating grpc library as a dependency of eventually updating google.golang.org/api in a future commit. Signed-off-by: Christian Stewart <[email protected]>
Updating x/net library as a dependency of eventually updating google.golang.org/api in a future commit. Signed-off-by: Christian Stewart <[email protected]>
Updating x/oauth2 library as a dependency of eventually updating google.golang.org/api in a future commit. Signed-off-by: Christian Stewart <[email protected]>
…test Updating testify library as a dependency of eventually updating google.golang.org/api in a future commit. Signed-off-by: Christian Stewart <[email protected]>
Updating otel library as a dependency of eventually updating google.golang.org/api in a future commit. Signed-off-by: Christian Stewart <[email protected]>
Updating x/time library as a dependency of eventually updating google.golang.org/api in a future commit. Signed-off-by: Christian Stewart <[email protected]>
Updating google.golang.org/api library to fix indirect dependency issues with older versions of OpenTelemetry. See: netbirdio#3240 Signed-off-by: Christian Stewart <[email protected]>
paralin
force-pushed
the
update-google-api
branch
from
0f24111 to
31c1ac2
Compare
|
|
I can't see what dependency made snyk fail - any guidance? @lixmal Thanks! |
|
This is what it's complaining about |
|
@lixmal Those say that it was fixed in protobuf version 1.33.0 but we are using version 1.36.4 here. So, the fix should already be included. Any ideas why snyk is thinking we have google.golang.org/protobuf less than 1.33.0? I think this is a false positive: https://github.com/googleapis/google-cloud-go/blob/main/compute/metadata/go.mod cloud.google.com/go/compute/metadata does not import google.golang.org/protobuf at all. |
|
@mlsmaycon do you know how to fix these? I think we had that before |
lixmal
approved these changes
Feb 21, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updating google.golang.org/api library to fix indirect dependency issues with older versions of OpenTelemetry.
See: #3240
This PR also includes required updates to dependencies of google.golang.org/api separated into one commit per dependency.