Bump protobuf version #208

Merged

fyrchik merged 1 commit from dstepanov-yadro/frostfs-sdk-go:fix/protobuf_vuln into master 2024-09-04 19:51:15 +00:00

Conversation 2 Commits 1 Files changed 2 +1 -1

dstepanov-yadro commented 2024-03-06 10:22:41 +00:00

Member

Copy link

Found by vulncheck:

Vulnerability #1: GO-2024-2611
    Infinite loop in JSON unmarshaling in google.golang.org/protobuf
  More info: https://pkg.go.dev/vuln/GO-2024-2611
  Module: google.golang.org/protobuf
    Found in: google.golang.org/protobuf@v1.32.0
    Fixed in: google.golang.org/protobuf@v1.33.0

Despite the fact that version 1.30.0 is used, I suggest making one version as in frostfs-node.

Found by vulncheck: ``` Vulnerability #1: GO-2024-2611 Infinite loop in JSON unmarshaling in google.golang.org/protobuf More info: https://pkg.go.dev/vuln/GO-2024-2611 Module: google.golang.org/protobuf Found in: google.golang.org/protobuf@v1.32.0 Fixed in: google.golang.org/protobuf@v1.33.0 ``` Despite the fact that version 1.30.0 is used, I suggest making one version as in frostfs-node.

dstepanov-yadro force-pushed fix/protobuf_vuln from ad9997e3d7 to 6a7ef9d8c3 2024-03-06 10:24:08 +00:00 Compare

fyrchik commented 2024-03-06 10:30:25 +00:00

Owner

Copy link

Can we also bump api version here?

Can we also bump api version here?

dstepanov-yadro added 1 commit 2024-03-06 10:34:33 +00:00

[#208] go.mod: Bump frostfs-api-go version ... 8081445ff2

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>

dstepanov-yadro commented 2024-03-06 10:34:38 +00:00

Author

Member

Copy link

Can we also bump api version here?

Done

> Can we also bump api version here? Done

dstepanov-yadro requested review from storage-core-committers 2024-03-06 10:39:39 +00:00

dstepanov-yadro requested review from storage-core-developers 2024-03-06 10:39:39 +00:00

acid-ant approved these changes 2024-03-06 10:39:57 +00:00

fyrchik approved these changes 2024-03-06 10:43:15 +00:00

fyrchik merged commit 8081445ff2 into master 2024-03-06 10:43:20 +00:00

fyrchik referenced this pull request from a commit 2024-03-06 10:43:22 +00:00

[#208] go.mod: Bump protobuf version

fyrchik referenced this pull request from a commit 2024-03-06 10:43:22 +00:00

[#208] go.mod: Bump frostfs-api-go version

Sign in to join this conversation.

Reviewers

No reviewers

acid-ant

fyrchik

TrueCloudLab/storage-core-developers

Labels

Clear labels   

P0

Highest

  

P1

High

  

P2

Medium

  

P3

Low

  

good first issue

Good for newcomers

  

pool

Tasks related to client pool

  

Infrastructure

Infrastructure, Automation, CI/CD or DevOps related stuff

  

blocked

The issue or PR is blocked by something

  

bug

Something is not working

  

config

Configuration format update or breaking change

  

discussion

Talking about something in order to reach a decision or to exchange ideas

  

documentation

Documentation related

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

go

Language features adoption

  

help wanted

Extra attention is needed

  

internal

  

invalid

Something is wrong

  

kludge

This is a kludge and we know it

  

observability

Related to metrics, tracing and logs

  

perfomance

Perfomance related

  

question

More information is needed

  

refactoring

Refactoring

  

wontfix

This won't be fixed

No labels

P0

P1

P2

P3

good first issue

pool

Infrastructure

blocked

bug

config

discussion

documentation

duplicate

enhancement

go

help wanted

internal

invalid

kludge

observability

perfomance

question

refactoring

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

3 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-sdk-go#208

No description provided.