Skip to content

Commit

Permalink
CVE-2023-44487: Bump grpc for indirect usages
Browse files Browse the repository at this point in the history 
We still have potential indirect uses
of affected google.golang.org/grpc.
For example cloud.google.com/go v0.97.0 (and many more according Synk).

Hence bump grpc to a fixed version.

GHSA-qppj-fm5r-hxr3

Signed-off-by: Or Shoval <[email protected]>
  • Loading branch information
@oshoval
oshoval committed Nov 13, 2023
1 parent 69b2631 commit b0cb370
Show file tree
Hide file tree
Showing 25 changed files with 3,172 additions and 771 deletions.
11 changes: 7 additions & 4 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ require (
)

require (
cloud.google.com/go v0.97.0 // indirect
cloud.google.com/go/compute v1.21.0 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest v0.11.27 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
Expand All @@ -26,7 +27,7 @@ require (
github.com/PuerkitoBio/purell v1.1.1 // indirect
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.8.0 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
Expand All @@ -42,7 +43,7 @@ require (
github.com/google/gnostic v0.5.7-v3refs // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/google/uuid v1.1.2 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
Expand All @@ -55,7 +56,7 @@ require (
github.com/pborman/uuid v1.2.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus/client_golang v1.12.2 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/common v0.32.1 // indirect
github.com/prometheus/procfs v0.7.3 // indirect
github.com/spf13/pflag v1.0.5 // indirect
Expand Down Expand Up @@ -85,3 +86,5 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

replace google.golang.org/grpc => google.golang.org/grpc v1.58.3
1,214 changes: 1,158 additions & 56 deletions go.sum
View file

Large diffs are not rendered by default.

0 vendor/cloud.google.com/go/LICENSE → vendor/cloud.google.com/go/compute/LICENSE
View file
File renamed without changes.
18 changes: 18 additions & 0 deletions vendor/cloud.google.com/go/compute/internal/version.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 19 additions & 0 deletions vendor/cloud.google.com/go/compute/metadata/CHANGES.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

202 changes: 202 additions & 0 deletions vendor/cloud.google.com/go/compute/metadata/LICENSE
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

27 changes: 27 additions & 0 deletions vendor/cloud.google.com/go/compute/metadata/README.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

31 changes: 19 additions & 12 deletions vendor/cloud.google.com/go/compute/metadata/metadata.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit b0cb370

Please sign in to comment.