Bump protobuf version #208

Merged

fyrchik merged 2 commits from dstepanov-yadro/frostfs-sdk-go:fix/protobuf_vuln into master

2024-03-06 10:43:20 +00:00

dstepanov-yadro commented

2024-03-06 10:22:41 +00:00

Collaborator

Found by vulncheck:

Vulnerability #1: GO-2024-2611
    Infinite loop in JSON unmarshaling in google.golang.org/protobuf
  More info: https://pkg.go.dev/vuln/GO-2024-2611
  Module: google.golang.org/protobuf
    Found in: google.golang.org/protobuf@v1.32.0
    Fixed in: google.golang.org/protobuf@v1.33.0

Despite the fact that version 1.30.0 is used, I suggest making one version as in frostfs-node.

Found by vulncheck: ``` Vulnerability #1: GO-2024-2611 Infinite loop in JSON unmarshaling in google.golang.org/protobuf More info: https://pkg.go.dev/vuln/GO-2024-2611 Module: google.golang.org/protobuf Found in: google.golang.org/protobuf@v1.32.0 Fixed in: google.golang.org/protobuf@v1.33.0 ``` Despite the fact that version 1.30.0 is used, I suggest making one version as in frostfs-node.

dstepanov-yadro added 1 commit 2024-03-06 10:22:49 +00:00

DCO / DCO (pull_request) Successful in 3m24s Details

Tests and linters / Tests (1.21) (pull_request) Successful in 3m38s Details

Tests and linters / Tests (1.20) (pull_request) Successful in 3m59s Details

Tests and linters / Lint (pull_request) Successful in 5m58s Details

ad9997e3d7 [#9999 ] go.mod: Bump protobuf version

Found by vulncheck:
Vulnerability #1: GO-2024-2611
    Infinite loop in JSON unmarshaling in google.golang.org/protobuf
  More info: https://pkg.go.dev/vuln/GO-2024-2611
  Module: google.golang.org/protobuf
    Found in: google.golang.org/protobuf@v1.32.0
    Fixed in: google.golang.org/protobuf@v1.33.0

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>

dstepanov-yadro force-pushed fix/protobuf_vuln from ad9997e3d7 to 6a7ef9d8c3

2024-03-06 10:24:08 +00:00

Compare

fyrchik commented

2024-03-06 10:30:25 +00:00

Owner

Can we also bump api version here?

dstepanov-yadro added 1 commit 2024-03-06 10:34:33 +00:00

DCO / DCO (pull_request) Successful in 1m5s Details

Tests and linters / Tests (1.20) (pull_request) Successful in 1m34s Details

Tests and linters / Tests (1.21) (pull_request) Successful in 1m30s Details

Tests and linters / Lint (pull_request) Successful in 2m56s Details

8081445ff2 [#208 ] go.mod: Bump frostfs-api-go version

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>

dstepanov-yadro commented

2024-03-06 10:34:38 +00:00

Poster

Collaborator

Can we also bump api version here?

Done

> Can we also bump api version here? Done

dstepanov-yadro requested review from storage-core-committers 2024-03-06 10:39:39 +00:00

dstepanov-yadro requested review from storage-core-developers 2024-03-06 10:39:39 +00:00

acid-ant approved these changes 2024-03-06 10:39:57 +00:00

fyrchik approved these changes 2024-03-06 10:43:15 +00:00

fyrchik merged commit 8081445ff2 into master

2024-03-06 10:43:20 +00:00

fyrchik referenced this issue from a commit

2024-03-06 10:43:22 +00:00

[#208] go.mod: Bump protobuf version

fyrchik referenced this issue from a commit

2024-03-06 10:43:22 +00:00

[#208] go.mod: Bump frostfs-api-go version

No reviewers

TrueCloudLab/storage-core-developers

No Label

No Milestone

No Assignees

3 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-sdk-go#208

There is no content yet.