Bumps the go_modules group with 1 update in the
/tests/integration/backend/diy/project directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/construct_component_methods_provider/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/construct_component_unknown/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/deleted_with/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/empty/go directory: google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/empty/gorun directory: google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/empty/gorun_main/gorun_main_src directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/gather_plugin/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/get_resource/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/go/component-configure-panic/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/go/go-build-target directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/go/go-exit-5 directory: google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/go/go-exit-error directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/go/program-panic directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/large_resource/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/printf/go directory: google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/project_main/go/a/path/to/main directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/refresh/go directory: google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/resource_refs_get_resource/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/rotate_passphrase directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/stack_reference/go directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/state_rename_parent directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/transformations/go/simple directory:
google.golang.org/protobuf.
Bumps the go_modules group with 1 update in the
/tests/integration/transforms/go/simple directory:
google.golang.org/protobuf.
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/pulumi/pulumi/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
Dependabot updated some references to this in
https://github.com/pulumi/pulumi/pull/15131. But missed a lot,
importantly it didn't update pkg or sdk which are the most important
modules in this repo.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [ ] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) to 0.17.0.
Replaces all the dependabot PRs in the repo with this single PR.
Also bumped `github.com/pulumi/pulumi/sdk/v3` in
`tests/integration/transformations/go/simple/go.mod` from v3.97.0 to
v3.98.0 to use esc v0.6.1, and avoid the appdash issue.
This PR replaces all the dependabot PRs with a single commit that
updates all relevant go.mod files.
This resolves 3 Dependabot alerts on golang.org/x/net including a
moderate severity alert.
Updates to the latest versions of
google.golang.org/genproto and google.golang.org/grpc
in all submodules in the repository.
This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(https://github.com/googleapis/go-genproto/issues/1015)
As a result of this, some users may see the error:
```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/genproto@v0.0.0-20230410155749-daa745c078e1/googleapis/rpc/status)
google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```
Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.
This is a problem for codegen tests and ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by @thomas11 while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).
The grpc upgrade is necessary because the current version of grpc
also pulls the outdated version of genproto.
Upgrades all go.mod files to v0.7.0 of golang.org/x/net.
This will take care of the disparate dependabot updates we're receiving
for these files.
See also https://github.com/pulumi/pulumi/security/dependabot/151
Refs CVE-2022-41723
This PR deduplicates error messages for the Go SDK on program failures and uses exit status 32 for pulumi Go programs to indicate that an error has been logged and that the engine should Bail and not print any more output.