Skip to content

Commit

Permalink
[mce-2.4] upgrade google.golang.org/protobuf to 1.33.0
Browse files Browse the repository at this point in the history 
...to address these snyk-found vulns:

```
✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json
  Description: Infinite loop
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704
  Introduced through: google.golang.org/api/[email protected], github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, google.golang.org/api/cloudresourcemanager/[email protected], google.golang.org/api/compute/[email protected], google.golang.org/api/dns/[email protected], google.golang.org/api/serviceusage/[email protected], github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd
  From: google.golang.org/api/[email protected] > google.golang.org/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/protobuf/encoding/[email protected] > google.golang.org/protobuf/internal/encoding/[email protected]
  From: github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd > google.golang.org/api/[email protected] > google.golang.org/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/protobuf/encoding/[email protected] > google.golang.org/protobuf/internal/encoding/[email protected]
  From: google.golang.org/api/cloudresourcemanager/[email protected] > google.golang.org/api/transport/[email protected] > google.golang.org/api/[email protected] > google.golang.org/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/protobuf/encoding/[email protected] > google.golang.org/protobuf/internal/encoding/[email protected]
  and 5 more...
  Fixed in: 1.33.0
✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson
  Description: Infinite loop
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703
  Introduced through: google.golang.org/api/cloudresourcemanager/[email protected], google.golang.org/api/compute/[email protected], google.golang.org/api/dns/[email protected], google.golang.org/api/serviceusage/[email protected], github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd, google.golang.org/api/[email protected], github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f
  From: google.golang.org/api/cloudresourcemanager/[email protected] > google.golang.org/api/internal/[email protected] > github.com/googleapis/gax-go/v2/[email protected] > google.golang.org/protobuf/encoding/[email protected]
  From: google.golang.org/api/compute/[email protected] > google.golang.org/api/internal/[email protected] > github.com/googleapis/gax-go/v2/[email protected] > google.golang.org/protobuf/encoding/[email protected]
  From: google.golang.org/api/dns/[email protected] > google.golang.org/api/internal/[email protected] > github.com/googleapis/gax-go/v2/[email protected] > google.golang.org/protobuf/encoding/[email protected]
  and 28 more...
  Fixed in: 1.33.0
```

Manual cherry-pick of #2239 / f7cf469
which was a
Manual cherry-pick of #2231 / 2efba4b
  • Loading branch information
@2uasimojo
2uasimojo committed Mar 13, 2024
1 parent 2c6406e commit 25d6846
Show file tree
Hide file tree
Showing 30 changed files with 1,450 additions and 773 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -322,7 +322,7 @@ require (
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect
google.golang.org/grpc v1.59.0 // indirect
google.golang.org/protobuf v1.32.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/gcfg.v1 v1.2.3 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1869,8 +1869,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
Expand Down
4 changes: 4 additions & 0 deletions vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion ...reflect/protodesc/editions_defaults.binpb → ...l/editiondefaults/editions_defaults.binpb
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

67 changes: 46 additions & 21 deletions vendor/google.golang.org/protobuf/internal/filedesc/desc.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

52 changes: 52 additions & 0 deletions vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

28 changes: 28 additions & 0 deletions vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 25d6846

Please sign in to comment.