Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/gogo/protobuf to v1.3.2 in .bingo #3853

Merged
merged 1 commit into from
Mar 3, 2021

Conversation

simonpasquier
Copy link
Contributor

@simonpasquier simonpasquier commented Mar 1, 2021

  • I added CHANGELOG entry for this change.
  • Change is not relevant to the end user.

Changes

In practice, the recent bump of github.com/gogo/protobuf (introduced by #3804) changes the generated code to fix CVE-20213121.

Verification

No functional change.

Sorry, something went wrong.

@simonpasquier simonpasquier force-pushed the proto-gen-ci branch 2 times, most recently from 378d9fc to 44431b0 Compare March 1, 2021 09:22
Copy link
Member

@onprem onprem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I just have a small nit but not a blocker.

- name: Format
run: make format

- name: Format
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- name: Format
- name: Check proto

Nit: Something like this?

Copy link
Member

@bwplotka bwplotka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Copy link
Member

@squat squat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

v nice :) thanks!

.github/workflows/go.yaml Outdated Show resolved Hide resolved
@simonpasquier simonpasquier changed the title *: add GitHub action to check protobuf generated code Bump github.com/gogo/protobuf to v1.3.2 in .bingo Mar 1, 2021
Copy link
Member

@kakkoyun kakkoyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Only one problem I have seen.

.github/workflows/go.yaml Outdated Show resolved Hide resolved
It is consistent with the version used in the root go.mod and helps with
CVE-2021-3121.

Signed-off-by: Simon Pasquier <spasquie@redhat.com>
@simonpasquier simonpasquier requested a review from kakkoyun March 3, 2021 12:38
@kakkoyun kakkoyun enabled auto-merge (squash) March 3, 2021 13:26
@kakkoyun kakkoyun merged commit 28b6657 into thanos-io:main Mar 3, 2021
@codefromthecrypt
Copy link
Contributor

FYI: I think you accidentally missed .bingo/Variables.mk and variables.env

@simonpasquier simonpasquier deleted the proto-gen-ci branch March 9, 2021 10:51
@simonpasquier
Copy link
Contributor Author

@codefromthecrypt correct although it doesn't change anything in practice: the code has been generated with gogo/protobuf v1.3.2. I won't have time to submit a follow-up PR so go ahead if you wish :)

@codefromthecrypt
Copy link
Contributor

@simonpasquier sure why not. #3902

andrejbranch pushed a commit to andrejbranch/thanos that referenced this pull request Mar 11, 2021
It is consistent with the version used in the root go.mod and helps with
CVE-2021-3121.

Signed-off-by: Simon Pasquier <spasquie@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

6 participants