Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[mce-2.2] upgrade google.golang.org/protobuf to 1.33.0
...to address these snyk-found vulns: ``` ✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json Description: Infinite loop Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704 Introduced through: google.golang.org/api/option@0.149.0, github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, google.golang.org/api/cloudresourcemanager/v1@0.149.0, google.golang.org/api/compute/v1@0.149.0, google.golang.org/api/dns/v1@0.149.0, google.golang.org/api/serviceusage/v1@0.149.0, github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd From: google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0 From: github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd > google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0 From: google.golang.org/api/cloudresourcemanager/v1@0.149.0 > google.golang.org/api/transport/http@0.149.0 > google.golang.org/api/option@0.149.0 > google.golang.org/grpc@1.61.0 > google.golang.org/grpc/internal/transport@1.61.0 > google.golang.org/grpc/internal/pretty@1.61.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 > google.golang.org/protobuf/internal/encoding/json@1.32.0 and 5 more... Fixed in: 1.33.0 ✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson Description: Infinite loop Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703 Introduced through: google.golang.org/api/cloudresourcemanager/v1@0.149.0, google.golang.org/api/compute/v1@0.149.0, google.golang.org/api/dns/v1@0.149.0, google.golang.org/api/serviceusage/v1@0.149.0, github.com/openshift/installer/pkg/asset/machines/gcp@#f168b97656bd, github.com/openshift/installer/pkg/destroy/gcp@#f168b97656bd, google.golang.org/api/option@0.149.0, github.com/openshift/generic-admission-server/pkg/cmd@#8dcc3c9b298f From: google.golang.org/api/cloudresourcemanager/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 From: google.golang.org/api/compute/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 From: google.golang.org/api/dns/v1@0.149.0 > google.golang.org/api/internal/gensupport@0.149.0 > github.com/googleapis/gax-go/v2/apierror@2.12.0 > google.golang.org/protobuf/encoding/protojson@1.32.0 and 28 more... Fixed in: 1.33.0 ``` Note that in this branch we also had to bump google.golang.org/golang/protobuf to v1.5.4 due to golang/protobuf#1596. Why this wasn't necessary in the other branches... no idea. :shakes-fist-at-golang-deps: Manual cherry-pick of openshift#2241 / d8c9a5d which was a Manual cherry-pick of openshift#2240 / 0e128fe which was a Manual cherry-pick of openshift#2239 / f7cf469 which was a Manual cherry-pick of openshift#2231 / 2efba4b
- Loading branch information
