Commit Graph

26 Commits

Author SHA1 Message Date
dependabot[bot] 400cb88e77
Bump the go_modules group across 24 directories with 1 update ()
Bumps the go_modules group with 1 update in the
/tests/integration/backend/diy/project directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/construct_component_methods_provider/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/construct_component_unknown/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/deleted_with/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/empty/go directory: google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/empty/gorun directory: google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/empty/gorun_main/gorun_main_src directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/gather_plugin/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/get_resource/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/go/component-configure-panic/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/go/go-build-target directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/go/go-exit-5 directory: google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/go/go-exit-error directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/go/program-panic directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/large_resource/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/printf/go directory: google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/project_main/go/a/path/to/main directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/refresh/go directory: google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/resource_refs_get_resource/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/rotate_passphrase directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/stack_reference/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/state_rename_parent directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/transformations/go/simple directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/transforms/go/simple directory:
google.golang.org/protobuf.

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0

Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/pulumi/pulumi/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-14 07:52:34 +00:00
Fraser Waters 3be1b6289c
Remove deprecated Protobufs imports ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->

github.com/golang/protobuf is marked deprecated and I was getting
increasingly triggered by the inconsistency of importing the `Empty`
type from "github.com/golang/protobuf/ptypes/empty" or
"google.golang.org/protobuf/types/known/emptypb" as "pbempty" or "empty"
or "emptypb". Similar for the struct type.

So this replaces all the Protobufs imports with ones from
"google.golang.org/protobuf", normalises the import name to always just
be the module name (emptypb), and adds the depguard linter to ensure we
don't use the deprecated package anymore.

## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [x] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2024-01-17 09:35:20 +00:00
Fraser Waters 72bddd809f
Update github.com/cloudflare/circl to v1.3.7 ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->

Dependabot updated some references to this in
https://github.com/pulumi/pulumi/pull/15131. But missed a lot,
importantly it didn't update pkg or sdk which are the most important
modules in this repo.


## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [ ] I have run `make lint` to verify my code passes the lint check
  - [ ] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2024-01-16 08:59:57 +00:00
Justin Van Patten 37e6ad44d0
Upgrade go-git to v5.11.0 ()
Bumps github.com/go-git/go-git/v5 to 5.11.0 to address
https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r

Co-authored-by: Roy Reznik <roy@wiz.io>
2024-01-02 18:41:06 +00:00
Justin Van Patten 53244f09ae
Bump golang.org/x/crypto to 0.17.0 ()
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) to 0.17.0.

Replaces all the dependabot PRs in the repo with this single PR.

Also bumped `github.com/pulumi/pulumi/sdk/v3` in
`tests/integration/transformations/go/simple/go.mod` from v3.97.0 to
v3.98.0 to use esc v0.6.1, and avoid the appdash issue.
2023-12-20 09:14:29 +00:00
Justin Van Patten 7f2555444d
bump google.golang.org/grpc from 1.57.0 to 1.57.1 ()
This PR replaces all the dependabot PRs with a single commit that
updates all relevant go.mod files.

This resolves a high severity dependabot alert.
2023-10-28 15:56:28 +00:00
Justin Van Patten 86eee44bf8
bump golang.org/x/net from 0.10.0 to 0.17.0 ()
This PR replaces all the dependabot PRs with a single commit that
updates all relevant go.mod files.

This resolves 3 Dependabot alerts on golang.org/x/net including a
moderate severity alert.
2023-10-20 18:36:16 +00:00
Abhinav Gupta 91a079851b
deps: Upgrade google.golang.org/{genproto, grpc}
Updates to the latest versions of
google.golang.org/genproto and google.golang.org/grpc
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(https://github.com/googleapis/go-genproto/issues/1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/genproto@v0.0.0-20230410155749-daa745c078e1/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is a problem for codegen tests and ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by @thomas11 while attempting to upgrade
dependencies in pulumi-docker ().

The grpc upgrade is necessary because the current version of grpc
also pulls the outdated version of genproto.
2023-07-27 16:24:33 -07:00
Abhinav Gupta 975eaa6220
test(regress-13301): Avoid accidental tidying
The regression test for  needs an intentionally bad go.mod file.
This file was excluded from `make tidy`, allowing it to remain invalid,
but this doesn't protect it from bulk commands like the following
used in 

```bash
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (cd "$R" && ... && go mod tidy)
done
```

In fact,  accidentally tidied this go.mod file
(removing the extraneous dependencies critical to the regression test)
and failed in CI.

To prevent issues like this, rename the go.mod to go.mod.bad,
and rename it back to go.mod in the test environment at test time.

This also lets us revert the `make tidy` exclusion support in tidy.sh.
2023-07-26 13:05:31 -07:00
Abhinav Gupta 7165d1efb4
Add regression test for
Adds a regression of the bug using code provided by @phillipedwards.
The reproduction is a bit complicated because of the very specific
scenario we need to replicate here.

Additionally, we need an untidy go.mod file for this,
so we need to teach scripts/tidy.sh how to ignore files.
2023-07-11 16:22:15 -07:00
Abhinav Gupta f59ab49fc5
deps(go): Upgrade to grpc 1.56.1
Upgrades to gRPC Go 1.56.1 to resolve the influx of dependabot PRs.
Supersedes all dependabot PRs created for this.

Fixes CVE-2023-32731
2023-07-06 09:04:16 -07:00
Abhinav Gupta 991cd16b18
test(sdk/go): panicking programs and components should fail
Adds integration tests for the Go SDK verifying that
if we encounter a panic in a Pulumi Go program
or a Pulumi MLC's Configure step, we fail the program.

Intended to aid in root causing .
2023-05-19 11:11:40 -07:00
Abhinav Gupta 52a47d6295
all: cloudflare/circl 1.1.0 => 1.3.3
Upgrade version of cloudflare/circl to pick up important fixes
and supersede a bunch of dependabot PRs.

Addresses CVE-2023-1732
2023-05-11 13:51:01 -07:00
Kyle Dixler 3af78f9ca7
Bump go-git to v5.6.0 to remove cgo dependency fixing
pulumi-docker-containers builds.
2023-02-28 16:01:31 -08:00
Abhinav Gupta 8614885326
all(go.mod): Upgrade golang.org/x/net to v0.7.0
Upgrades all go.mod files to v0.7.0 of golang.org/x/net.
This will take care of the disparate dependabot updates we're receiving
for these files.

See also https://github.com/pulumi/pulumi/security/dependabot/151

Refs CVE-2022-41723
2023-02-17 11:06:15 -08:00
Guillaume Truchot de868c8be3
chore: update `net` package to fix CVE-2022-27664
Upgrades golang.org/x/net to v0.5.0.
This addresses CVE-2022-27664
and switches to semver-ed releases of the package.
2023-02-08 12:32:32 -08:00
Aaron Friel e81e6a62fe [yaml] Update Pulumi YAML to v0.5.8 2022-09-26 17:19:57 -07:00
bors[bot] 27960bf593
Merge
10731: add `buildTarget` option for pulumi go programs to compile/recompile to the specified path r=dixler a=dixler

<!--- 
Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. -->

Part of  

This implements the `buildTarget` option(Pulumi.yaml) for Pulumi Go programs to write the pulumi program out to a file. It has some performance benefits as Go can build a program faster when an existing program is provided.

## Checklist

<!--- Please provide details if the checkbox below is to be left unchecked. -->
- [x] I have added tests that prove my fix is effective or that my feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [x] I have updated the [CHANGELOG-PENDING](https://github.com/pulumi/pulumi/blob/master/CHANGELOG_PENDING.md) file with my change
<!--
If the change(s) in this PR is a modification of an existing call to the Pulumi Service,
then the service should honor older versions of the CLI where this change would not exist.
You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Service API version
  <!-- `@Pulumi` employees: If yes, you must submit corresponding changes in the service repo. -->


Co-authored-by: Kyle Dixler <kyle@pulumi.com>
2022-09-22 00:40:38 +00:00
Aaron Friel 7e555cb6ab ci: Simplify test listing, update go dependencies to 1.18 compat 2022-09-21 09:51:59 -07:00
github-actions aa28a436dc Update dependencies 2022-09-19 17:42:27 +00:00
Fraser Waters 735314d51a Handle nulls 2022-09-16 16:38:14 +01:00
Kyle Dixler 64fb821d25
first commit 2022-09-14 14:48:09 -07:00
Ian Wahbe a81edf8345 Release v3.39.2 2022-09-07 12:50:16 +02:00
Kyle Dixler f84c985b5f
[sdk/go] deduplicate go error logs ()
This PR deduplicates error messages for the Go SDK on program failures and uses exit status 32 for pulumi Go programs to indicate that an error has been logged and that the engine should Bail and not print any more output.
2022-09-06 16:44:29 -07:00
Aaron Friel df3e94d98f
[yaml] Update Pulumi YAML to v0.5.5 ()
* [yaml] Update Pulumi YAML to v0.5.5

* chore: changelog
2022-08-31 11:26:05 -07:00
Kyle Dixler 22430a0ebb
[sdk/go] enable direct compilation via `go build` ()
This PR modifies `pulumi-language-go` to attempt to compile and run user programs first. If env var `PULUMI_GO_USE_RUN=true` is set, we use the old behavior of using `go run`.
2022-08-26 07:16:48 -07:00