Commit Graph

11 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 5cbb4ca191
vendor: google.golang.org/protobuf v1.34.1
full diff: https://github.com/protocolbuffers/protobuf-go/compare/v1.33.0...v1.34.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 200225f530)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-14 13:31:11 +02:00
Sebastiaan van Stijn 2fc18b9874
vendor: google.golang.org/grpc v1.62.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit dccb8bfa5d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 23:59:44 +02:00
Jonathan A. Sternberg 89db01ef97
cli: add otel sdk tracing and metric providers to the core cli
This adds the code used by buildx and compose into the default CLI
program to help normalize the usage of these APIs and allow code reuse
between projects. It also allows these projects to benefit from
improvements or changes that may be made by another team.

At the moment, these APIs are a pretty thin layer on the OTEL SDK. It
configures an additional exporter to a docker endpoint that's used for
usage collection and is only active if the option is configured in
docker desktop.

This also upgrades the OTEL version to v1.19 which is the one being used
by buildkit, buildx, compose, etc.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-03-25 11:11:34 -05:00
Sebastiaan van Stijn a4a79d75c0
vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4
full diffs:

- https://github.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.33.0
- https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4

From the Go security announcement list;

> Version v1.33.0 of the google.golang.org/protobuf module fixes a bug in
> the google.golang.org/protobuf/encoding/protojson package which could cause
> the Unmarshal function to enter an infinite loop when handling some invalid
> inputs.
>
> This condition could only occur when unmarshaling into a message which contains
> a google.protobuf.Any value, or when the UnmarshalOptions.UnmarshalUnknown
> option is set. Unmarshal now correctly returns an error when handling these
> inputs.
>
> This is CVE-2024-24786.

In a follow-up post;

> A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown
> option is set (as well as when unmarshaling into any message which contains a
> google.protobuf.Any). There is no UnmarshalUnknown option.
>
> In addition, version 1.33.0 of google.golang.org/protobuf inadvertently
> introduced an incompatibility with the older github.com/golang/protobuf
> module. (https://github.com/golang/protobuf/issues/1596) Users of the older
> module should update to github.com/golang/protobuf@v1.5.4.

govulncheck results in our code shows that this does not affect the CLI:

    govulncheck ./...
    Scanning your code and 448 packages across 72 dependent modules for known vulnerabilities...

    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 1 vulnerability in packages you import and 0
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:41:42 +01:00
Sebastiaan van Stijn c2308ad6fb
vendor: google.golang.org/protobuf v1.31.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:36:23 +02:00
Sebastiaan van Stijn aacdca0fe6
vendor: google.golang.org/protobuf v1.30.0
full diff: https://github.com/protocolbuffers/protobuf-go/compare/v1.28.1...v1.30.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 00:30:58 +02:00
Sebastiaan van Stijn a51ce7ca9a
go.mod: github.com/google/certificate-transparency-go v1.1.4
Manually updating the indirect dependency to force go.etcd.io/etcd/server/v3
to v3.5.5 or up, which is now compatible with go.opentelemetry.io/otel v1.0.0.

With this, we can remove the replace rule for this module.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-21 21:13:58 +01:00
Sebastiaan van Stijn 86038fdb68
vendor: github.com/containerd/containerd v1.6.10
full diff: https://github.com/containerd/containerd/compare/v1.6.8...v1.6.10

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 16:32:17 +01:00
Sebastiaan van Stijn 16554e999a
vendor: github.com/containerd/containerd v1.5.10
full diff: https://github.com/containerd/containerd/compare/v1.5.5...v1.5.10

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:15:40 +01:00
CrazyMax 7e560ae76f
vendor with go mod
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-12-16 21:16:01 +01:00
Sebastiaan van Stijn 2ef71e502c
vendor: genproto 8816d57aaa9a, google.golang.org/protobuf v1.26.0, github.com/golang/protobuf v1.5.2
- full diff: 3f1135a288...8816d57aaa
- google.golang.org/protobuf is the new name for this package, and to use both,
  we also need the old github.com/golang/protobuf updated to v1.4.0 or above.
- github.com/golang/protobuf v1.5.2: full diff: https://github.com/golang/protobuf/compare/v1.3.5...v1.5.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-12 17:02:16 +02:00