-
Notifications
You must be signed in to change notification settings - Fork 289
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): upgrade protobuf #3155
Conversation
Blocked on golang/protobuf#1596 |
govulncheck is still failing because we need to bump to Go 1.22.1 which I'll do in a separate PR. |
WalkthroughWalkthroughThe update focuses on upgrading dependencies related to Protocol Buffers in a Go project, enhancing compatibility, performance, and security by incorporating the latest improvements and fixes from Changes
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving this as it appears the other PR for updating Go is already submitted, so this one can be merged subsequently.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to bump it in the test ground go mod as well?
I'm not observing any changes when I run:
since they're indirect deps in testground I guess they don't need to be explicitly bumped 🤷♂️ |
4ff10f2
oh strange, after I merged in main and re-ran |
Fixes an issue discovered by govulncheck ``` Vulnerability celestiaorg#1: GO-2024-2611 Infinite loop in JSON unmarshaling in google.golang.org/protobuf More info: https://pkg.go.dev/vuln/GO-2024-2611 Module: google.golang.org/protobuf Found in: google.golang.org/protobuf@v1.32.0 Fixed in: google.golang.org/protobuf@v1.33.0 ```
Fixes an issue discovered by govulncheck