Commit Graph

14 Commits

Author SHA1 Message Date
Justin Van Patten 7f2555444d
bump google.golang.org/grpc from 1.57.0 to 1.57.1 ()
This PR replaces all the dependabot PRs with a single commit that
updates all relevant go.mod files.

This resolves a high severity dependabot alert.
2023-10-28 15:56:28 +00:00
Justin Van Patten 86eee44bf8
bump golang.org/x/net from 0.10.0 to 0.17.0 ()
This PR replaces all the dependabot PRs with a single commit that
updates all relevant go.mod files.

This resolves 3 Dependabot alerts on golang.org/x/net including a
moderate severity alert.
2023-10-20 18:36:16 +00:00
Abhinav Gupta 91a079851b
deps: Upgrade google.golang.org/{genproto, grpc}
Updates to the latest versions of
google.golang.org/genproto and google.golang.org/grpc
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(https://github.com/googleapis/go-genproto/issues/1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/genproto@v0.0.0-20230410155749-daa745c078e1/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is a problem for codegen tests and ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by @thomas11 while attempting to upgrade
dependencies in pulumi-docker ().

The grpc upgrade is necessary because the current version of grpc
also pulls the outdated version of genproto.
2023-07-27 16:24:33 -07:00
Abhinav Gupta f59ab49fc5
deps(go): Upgrade to grpc 1.56.1
Upgrades to gRPC Go 1.56.1 to resolve the influx of dependabot PRs.
Supersedes all dependabot PRs created for this.

Fixes CVE-2023-32731
2023-07-06 09:04:16 -07:00
Abhinav Gupta 52a47d6295
all: cloudflare/circl 1.1.0 => 1.3.3
Upgrade version of cloudflare/circl to pick up important fixes
and supersede a bunch of dependabot PRs.

Addresses CVE-2023-1732
2023-05-11 13:51:01 -07:00
Kyle Dixler 3af78f9ca7
Bump go-git to v5.6.0 to remove cgo dependency fixing
pulumi-docker-containers builds.
2023-02-28 16:01:31 -08:00
Abhinav Gupta 8614885326
all(go.mod): Upgrade golang.org/x/net to v0.7.0
Upgrades all go.mod files to v0.7.0 of golang.org/x/net.
This will take care of the disparate dependabot updates we're receiving
for these files.

See also https://github.com/pulumi/pulumi/security/dependabot/151

Refs CVE-2022-41723
2023-02-17 11:06:15 -08:00
Guillaume Truchot de868c8be3
chore: update `net` package to fix CVE-2022-27664
Upgrades golang.org/x/net to v0.5.0.
This addresses CVE-2022-27664
and switches to semver-ed releases of the package.
2023-02-08 12:32:32 -08:00
Aaron Friel 7e555cb6ab ci: Simplify test listing, update go dependencies to 1.18 compat 2022-09-21 09:51:59 -07:00
Fraser Waters 4a743df114
Revert "Update integration go mod ()" ()
This reverts commit 8d52c2facc.
2022-08-17 14:12:11 +01:00
Ian Wahbe 8d52c2facc
Update integration go mod ()
* Fix files of the form go/go.mod

```sh
for f in $(fd go.mod); do
    if [[ $(basename $(dirname $f)) = go ]]; then
        rg v3.29.2-0.20220418135911-b31c5b136c6e $f
        if [[ "$?" = 0 ]]; then
            echo "Fixing $f"
            cd $(dirname $f)
            go mod edit -replace github.com/pulumi/pulumi/sdk/v3=../../../../sdk/ -require=github.com/pulumi/pulumi/sdk/v3@v3.37.0
            go mod tidy
            cd -
        fi
    fi
done
```

* Fix other files with the bad version

* Fix files with different pinned version

Pinned version: `v3.0.0-20210322210933-10a6a2caf014`.
2022-08-17 10:55:45 +02:00
Paul Stack 8c37cf8347
[internal] Upgrade commit hash in acceptance tests to remove security vulnerability () 2022-04-19 10:07:20 +01:00
Anton Tayanovskyy 5ec0b2ffe6
Add `make tidy` command to apply `go mod tidy` on every go.mod ()
* Script to blanket-apply go mod tidy

* Run make tidy
2021-12-23 17:37:39 -05:00
Ian Wahbe b5bcc655e7 Add integration tests in each language 2021-08-27 13:39:49 -04:00