[mce-2.4] upgrade google.golang.org/protobuf to 1.33.0

...to address these snyk-found vulns: ``` ✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json Description: Infinite loop Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704 Introduced through: google.golang.org/api/[email protected], github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, google.golang.org/api/cloudresourcemanager/[email protected], google.golang.org/api/compute/[email protected], google.golang.org/api/dns/[email protected], google.golang.org/api/serviceusage/[email protected], github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd From: google.golang.org/api/[email protected] > google.golang.org/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/protobuf/encoding/[email protected] > google.golang.org/protobuf/internal/encoding/[email protected] From: github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd > google.golang.org/api/[email protected] > google.golang.org/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/protobuf/encoding/[email protected] > google.golang.org/protobuf/internal/encoding/[email protected] From: google.golang.org/api/cloudresourcemanager/[email protected] > google.golang.org/api/transport/[email protected] > google.golang.org/api/[email protected] > google.golang.org/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/protobuf/encoding/[email protected] > google.golang.org/protobuf/internal/encoding/[email protected] and 5 more... Fixed in: 1.33.0 ✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson Description: Infinite loop Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703 Introduced through: google.golang.org/api/cloudresourcemanager/[email protected], google.golang.org/api/compute/[email protected], google.golang.org/api/dns/[email protected], google.golang.org/api/serviceusage/[email protected], github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd, google.golang.org/api/[email protected], github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f From: google.golang.org/api/cloudresourcemanager/[email protected] > google.golang.org/api/internal/[email protected] > github.com/googleapis/gax-go/v2/[email protected] > google.golang.org/protobuf/encoding/[email protected] From: google.golang.org/api/compute/[email protected] > google.golang.org/api/internal/[email protected] > github.com/googleapis/gax-go/v2/[email protected] > google.golang.org/protobuf/encoding/[email protected] From: google.golang.org/api/dns/[email protected] > google.golang.org/api/internal/[email protected] > github.com/googleapis/gax-go/v2/[email protected] > google.golang.org/protobuf/encoding/[email protected] and 28 more... Fixed in: 1.33.0 ``` Note that in this branch we also had to bump google.golang.org/golang/protobuf to v1.5.4 due to golang/protobuf#1596. Why this wasn't necessary in the other branches... no idea. :shakes-fist-at-golang-deps: Manual cherry-pick of openshift#2239 / f7cf469 which was a Manual cherry-pick of openshift#2231 / 2efba4b
2uasimojo · Mar 13, 2024 · 0e128fe · 0e128fe
1 parent 2c6406e
commit 0e128fe
Show file tree

Hide file tree

Showing 34 changed files with 1,587 additions and 782 deletions.
diff --git a/go.mod b/go.mod
@@ -181,7 +181,7 @@ require (
 	github.com/gofrs/flock v0.8.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 // indirect
 	github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect
 	github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe // indirect
@@ -322,7 +322,7 @@ require (
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect
 	google.golang.org/grpc v1.59.0 // indirect
-	google.golang.org/protobuf v1.32.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/gcfg.v1 v1.2.3 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect

diff --git a/go.sum b/go.sum
@@ -560,8 +560,9 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 h1:23T5iq8rbUYlhpt5DB4XJkc6BU31uODLD1o1gKvZmD0=
 github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
@@ -1869,8 +1870,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
-google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

diff --git a/vendor/github.com/golang/protobuf/jsonpb/decode.go b/vendor/github.com/golang/protobuf/jsonpb/decode.go
diff --git a/vendor/github.com/golang/protobuf/jsonpb/encode.go b/vendor/github.com/golang/protobuf/jsonpb/encode.go
diff --git a/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go b/vendor/github.com/golang/protobuf/protoc-gen-go/descriptor/descriptor.pb.go
diff --git a/vendor/github.com/golang/protobuf/ptypes/any.go b/vendor/github.com/golang/protobuf/ptypes/any.go
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go b/vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go
diff --git a/...reflect/protodesc/editions_defaults.binpb → ...l/editiondefaults/editions_defaults.binpb b/...reflect/protodesc/editions_defaults.binpb → ...l/editiondefaults/editions_defaults.binpb
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go