upgrade google.golang.org/protobuf to 1.33.0

...to address these snyk-found vulns: ``` ✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json Description: Infinite loop Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704 Introduced through: google.golang.org/api/[email protected], github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, google.golang.org/api/cloudresourcemanager/[email protected], google.golang.org/api/compute/[email protected], google.golang.org/api/dns/[email protected], google.golang.org/api/serviceusage/[email protected], github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd From: google.golang.org/api/[email protected] > google.golang.org/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/protobuf/encoding/[email protected] > google.golang.org/protobuf/internal/encoding/[email protected] From: github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd > google.golang.org/api/[email protected] > google.golang.org/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/protobuf/encoding/[email protected] > google.golang.org/protobuf/internal/encoding/[email protected] From: google.golang.org/api/cloudresourcemanager/[email protected] > google.golang.org/api/transport/[email protected] > google.golang.org/api/[email protected] > google.golang.org/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/grpc/internal/[email protected] > google.golang.org/protobuf/encoding/[email protected] > google.golang.org/protobuf/internal/encoding/[email protected] and 5 more... Fixed in: 1.33.0 ✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson Description: Infinite loop Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703 Introduced through: google.golang.org/api/cloudresourcemanager/[email protected], google.golang.org/api/compute/[email protected], google.golang.org/api/dns/[email protected], google.golang.org/api/serviceusage/[email protected], github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd, google.golang.org/api/[email protected], github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f From: google.golang.org/api/cloudresourcemanager/[email protected] > google.golang.org/api/internal/[email protected] > github.com/googleapis/gax-go/v2/[email protected] > google.golang.org/protobuf/encoding/[email protected] From: google.golang.org/api/compute/[email protected] > google.golang.org/api/internal/[email protected] > github.com/googleapis/gax-go/v2/[email protected] > google.golang.org/protobuf/encoding/[email protected] From: google.golang.org/api/dns/[email protected] > google.golang.org/api/internal/[email protected] > github.com/googleapis/gax-go/v2/[email protected] > google.golang.org/protobuf/encoding/[email protected] and 28 more... Fixed in: 1.33.0 ```
2uasimojo · Mar 11, 2024 · 2efba4b · 2efba4b
1 parent 8c95b6a
commit 2efba4b
Show file tree

Hide file tree

Showing 30 changed files with 1,451 additions and 774 deletions.
diff --git a/go.mod b/go.mod
@@ -342,7 +342,7 @@ require (
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect
 	google.golang.org/grpc v1.61.0 // indirect
-	google.golang.org/protobuf v1.32.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/gcfg.v1 v1.2.3 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
@@ -364,7 +364,7 @@ require (
 	sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 // indirect
 	sigs.k8s.io/kustomize/api v0.14.0 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.14.3 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -3026,8 +3026,8 @@ google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
 google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
-google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
diff --git a/vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go b/vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go
diff --git a/...reflect/protodesc/editions_defaults.binpb → ...l/editiondefaults/editions_defaults.binpb b/...reflect/protodesc/editions_defaults.binpb → ...l/editiondefaults/editions_defaults.binpb
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc.go
diff --git a/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go b/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go