Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gcs/v2: bump cloud.google.com/go/storage to 1.34.0 #488

Merged
merged 3 commits into from
May 17, 2024

Conversation

lbajolet-hashicorp
Copy link

The storage library that gcs depends on transitively imports grpc in version 1.50.0, which is vulnerable to GHSA-m425-mq94-257g.

While this is a server-side vulnerability, therefore the package is not directly vulnerable (nor its clients), this dependency still causes advisories to be produced against this package, so we update those now.

The storage library that gcs depends on transitively imports grpc in
version 1.50.0, which is vulnerable to GHSA-m425-mq94-257g.

While this is a server-side vulnerability, therefore the package is not
directly vulnerable (nor its clients), this dependency still causes
advisories to be produced against this package, so we update those now.
Sicne we require go v1.19 now at minimum, we cannot run tests on go
v1.17 or v1.18 anymore.

Since there are more recent versions of Go available as well, we start
testing the packages on those versions in addition to 1.19.
Copy link

@JenGoldstrich JenGoldstrich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, we should document the removal of go 1.17 and 1.18 support in the release notes but it makes sense that we need to remove those as the tests no longer work on newer dependency versions.

Copy link
Contributor

@nywilken nywilken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nywilken nywilken merged commit bd0bfb5 into v2 May 17, 2024
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants