Skip to content

Commit

Permalink
upgrade google.golang.org/protobuf to 1.33.0
Browse files Browse the repository at this point in the history
...to address these snyk-found vulns:

```
✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json
  Description: Infinite loop
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704
  Introduced through: google.golang.org/api/option@0.149.0, github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, google.golang.org/api/cloudresourcemanager/v1@0.149.0, google.golang.org/api/compute/v1@0.149.0, google.golang.org/api/dns/v1@0.149.0, google.golang.org/api/serviceusage/v1@0.149.0, github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd
  From: google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0
  From: github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd > google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0
  From: google.golang.org/api/cloudresourcemanager/v1@0.149.0 > google.golang.org/api/transport/http@0.149.0 > google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0
  and 5 more...
  Fixed in: 1.33.0
✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson
  Description: Infinite loop
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703
  Introduced through: google.golang.org/api/cloudresourcemanager/v1@0.149.0, google.golang.org/api/compute/v1@0.149.0, google.golang.org/api/dns/v1@0.149.0, google.golang.org/api/serviceusage/v1@0.149.0, github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd, google.golang.org/api/option@0.149.0, github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f
  From: google.golang.org/api/cloudresourcemanager/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0
  From: google.golang.org/api/compute/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0
  From: google.golang.org/api/dns/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0
  and 28 more...
  Fixed in: 1.33.0
```
  • Loading branch information
2uasimojo committed Mar 11, 2024
1 parent 8c95b6a commit 2efba4b
Show file tree
Hide file tree
Showing 30 changed files with 1,451 additions and 774 deletions.
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -342,7 +342,7 @@ require (
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect
google.golang.org/grpc v1.61.0 // indirect
google.golang.org/protobuf v1.32.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/gcfg.v1 v1.2.3 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
Expand All @@ -364,7 +364,7 @@ require (
sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 // indirect
sigs.k8s.io/kustomize/api v0.14.0 // indirect
sigs.k8s.io/kustomize/kyaml v0.14.3 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
)

require (
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -3026,8 +3026,8 @@ google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

67 changes: 46 additions & 21 deletions vendor/google.golang.org/protobuf/internal/filedesc/desc.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

52 changes: 52 additions & 0 deletions vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 2efba4b

Please sign in to comment.