Commit Graph

13 Commits

Author SHA1 Message Date
Justin Van Patten 7f2555444d
bump google.golang.org/grpc from 1.57.0 to 1.57.1 ()
This PR replaces all the dependabot PRs with a single commit that
updates all relevant go.mod files.

This resolves a high severity dependabot alert.
2023-10-28 15:56:28 +00:00
Justin Van Patten 86eee44bf8
bump golang.org/x/net from 0.10.0 to 0.17.0 ()
This PR replaces all the dependabot PRs with a single commit that
updates all relevant go.mod files.

This resolves 3 Dependabot alerts on golang.org/x/net including a
moderate severity alert.
2023-10-20 18:36:16 +00:00
Abhinav Gupta 91a079851b
deps: Upgrade google.golang.org/{genproto, grpc}
Updates to the latest versions of
google.golang.org/genproto and google.golang.org/grpc
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(https://github.com/googleapis/go-genproto/issues/1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/genproto@v0.0.0-20230410155749-daa745c078e1/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is a problem for codegen tests and ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by @thomas11 while attempting to upgrade
dependencies in pulumi-docker ().

The grpc upgrade is necessary because the current version of grpc
also pulls the outdated version of genproto.
2023-07-27 16:24:33 -07:00
Abhinav Gupta f59ab49fc5
deps(go): Upgrade to grpc 1.56.1
Upgrades to gRPC Go 1.56.1 to resolve the influx of dependabot PRs.
Supersedes all dependabot PRs created for this.

Fixes CVE-2023-32731
2023-07-06 09:04:16 -07:00
Abhinav Gupta 52a47d6295
all: cloudflare/circl 1.1.0 => 1.3.3
Upgrade version of cloudflare/circl to pick up important fixes
and supersede a bunch of dependabot PRs.

Addresses CVE-2023-1732
2023-05-11 13:51:01 -07:00
Kyle Dixler 3af78f9ca7
Bump go-git to v5.6.0 to remove cgo dependency fixing
pulumi-docker-containers builds.
2023-02-28 16:01:31 -08:00
Abhinav Gupta 8614885326
all(go.mod): Upgrade golang.org/x/net to v0.7.0
Upgrades all go.mod files to v0.7.0 of golang.org/x/net.
This will take care of the disparate dependabot updates we're receiving
for these files.

See also https://github.com/pulumi/pulumi/security/dependabot/151

Refs CVE-2022-41723
2023-02-17 11:06:15 -08:00
Guillaume Truchot de868c8be3
chore: update `net` package to fix CVE-2022-27664
Upgrades golang.org/x/net to v0.5.0.
This addresses CVE-2022-27664
and switches to semver-ed releases of the package.
2023-02-08 12:32:32 -08:00
Aaron Friel 7e555cb6ab ci: Simplify test listing, update go dependencies to 1.18 compat 2022-09-21 09:51:59 -07:00
Fraser Waters 4a743df114
Revert "Update integration go mod ()" ()
This reverts commit 8d52c2facc.
2022-08-17 14:12:11 +01:00
Ian Wahbe 8d52c2facc
Update integration go mod ()
* Fix files of the form go/go.mod

```sh
for f in $(fd go.mod); do
    if [[ $(basename $(dirname $f)) = go ]]; then
        rg v3.29.2-0.20220418135911-b31c5b136c6e $f
        if [[ "$?" = 0 ]]; then
            echo "Fixing $f"
            cd $(dirname $f)
            go mod edit -replace github.com/pulumi/pulumi/sdk/v3=../../../../sdk/ -require=github.com/pulumi/pulumi/sdk/v3@v3.37.0
            go mod tidy
            cd -
        fi
    fi
done
```

* Fix other files with the bad version

* Fix files with different pinned version

Pinned version: `v3.0.0-20210322210933-10a6a2caf014`.
2022-08-17 10:55:45 +02:00
Justin Van Patten 684d7aad39
Fix duplicate go module name ()
This was preventing the gopls server from working correctly in vscode.
2022-01-05 13:33:28 -08:00
Joe Duffy 61f27fb51a
Fix , missing output which lacks newlines ()
* Fix , missing output which lacks newlines

If the last line printed to stdout or stderr was missing a
terminating newline, it would go entirely missing (in all languages).
The reason for this is a bug in the engine's handling of plugin
outputs: Go's Reader.ReadString('\n') returns a string containing what
was read and/or an error; if the string terminated in a '\n', the
error is nil, and the entire line is returned; if the stream ends,
however, a non-nil error is returned *and* what was read is returned,
even though it wasn't terminated in a newline. The fix is simple:
instead of ignoring that text, we use it, and *then* exit the read-loop.

Also added some test cases since this is subtle and easy to regress.

* Add a changelog entry
2022-01-03 14:39:10 -08:00