Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault Dependency Upgrades [VAULT-871] #10903

Merged
merged 22 commits into from
Feb 18, 2021
Merged

Vault Dependency Upgrades [VAULT-871] #10903

merged 22 commits into from
Feb 18, 2021

Conversation

HridoyRoy
Copy link
Contributor

@HridoyRoy HridoyRoy commented Feb 11, 2021
edited
Loading

This set of dependency upgrades fixes the known CVEs in our libraries: https://hashicorp.atlassian.net/browse/VAULT-871 . The only dependency not upgraded is github.com/opencontainers/runc which I believe is only used in our docker tests. The reason I couldn't upgrade runc is in a comment below.

This change is large, but should not be too risky, as the major changes are mostly changes to our testing. There seem to be a few rabbitmq changes as well, that should be tested manually, and vault on windows should also be tested manually due to the winio upgrade.

@vercel vercel bot temporarily deployed to Preview – vault February 11, 2021 19:51 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 11, 2021 19:51 Inactive
@HridoyRoy
Copy link
Contributor Author

HridoyRoy commented Feb 11, 2021
edited
Loading

This manually fixes the version for:

github.com/coreos/etcd go.etcd.io/bbolt go.etcd.io/etcd google.golang.org/grpc

due to: etcd-io/etcd#12569 .

It also does not upgrade the version of:

github.com/mitchellh/copystructure v1.0.0 github.com/mitchellh/go-homedir v1.1.0 github.com/mitchellh/go-testing-interface v1.0.0

as these remove the testing.TB interface of the testing library, which requires some changes in this code.

@HridoyRoy HridoyRoy changed the title Vault Dependency Upgrades, Take 2 [VAULT-871] Vault Dependency Upgrades [VAULT-871] Feb 11, 2021
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 12, 2021 04:40 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 12, 2021 04:40 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 12, 2021 05:37 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 12, 2021 05:37 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 12, 2021 16:39 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 12, 2021 16:39 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 12, 2021 17:33 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 12, 2021 17:33 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 12, 2021 17:51 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 12, 2021 17:51 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 12, 2021 18:04 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 12, 2021 18:04 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 15, 2021 13:34 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 15, 2021 13:34 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 17, 2021 18:58 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 17, 2021 18:58 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 17, 2021 19:09 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 17, 2021 19:09 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 17, 2021 19:23 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 17, 2021 19:23 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 17, 2021 19:36 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 17, 2021 19:36 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 17, 2021 20:02 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 17, 2021 20:02 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 17, 2021 20:12 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 17, 2021 20:12 Inactive
@HridoyRoy HridoyRoy requested review from ncabatoff and removed request for sgmiller February 17, 2021 20:26
ncabatoff
ncabatoff approved these changes Feb 17, 2021
View reviewed changes
Copy link
Collaborator

@ncabatoff ncabatoff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One outstanding comment I don't feel too strongly about. Probably best to have another approver before merging though.

@HridoyRoy HridoyRoy merged commit eb74ca6 into master Feb 18, 2021
HridoyRoy added a commit that referenced this pull request Feb 18, 2021
@HridoyRoy
Revert "Vault Dependency Upgrades [VAULT-871] (#10903)"
fed3637 
This reverts commit eb74ca6.
@HridoyRoy HridoyRoy mentioned this pull request Feb 18, 2021
Merged
mladlow pushed a commit that referenced this pull request Feb 18, 2021
Revert "Vault Dependency Upgrades [VAULT-871] (#10903)" (#10939)
d04b88d 
This reverts commit eb74ca6.
@HridoyRoy HridoyRoy mentioned this pull request Feb 18, 2021
Closed
catsby added a commit that referenced this pull request Feb 19, 2021
@catsby
Merge branch 'master' into f-bundle-plugin-secrets-terraform
1d90dad 
* master:
  Adds API docs for max_age role parameter of JWT/OIDC auth method (#10916)
  UI/Database Secrets Engine cleanup (#10949)
  helper/metricsutil: Prevent potential Ticker leak (#10913)
  core/expiration: Add backoff jitter to the expiration retries (#10937)
  Revert "Vault Dependency Upgrades [VAULT-871] (#10903)" (#10939)
  Vault Dependency Upgrades [VAULT-871] (#10903)
  Add docs for Agent's template_retry option added in #10644, based on those from consul-template configuration.  Also fix some existing config docs that weren't adhering to our conventions. (#10911)
  UI Database Secrets Engine (MongoDB) (#10655)
  OpenAPI - Don't panic if field isn't found (#10929)
  Vault-1403 Switch Expiration Manager to use Fairsharing Backpressure (#1709) (#10932)
  Update KV Secrets Engine index (#10933)
@eli-kaplan eli-kaplan mentioned this pull request Jul 13, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ncabatoff ncabatoff ncabatoff approved these changes

@briankassouf briankassouf Awaiting requested review from briankassouf

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HridoyRoy @ncabatoff