Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of [NET-8367] security: upgrade google.golang.org/protobuf to 1.33.0 into release/1.16.x #20804

Merged
merged 2 commits into from
Mar 6, 2024
Merged

Backport of [NET-8367] security: upgrade google.golang.org/protobuf to 1.33.0 into release/1.16.x #20804

merged 2 commits into from
Mar 6, 2024

Conversation

hc-github-team-consul-core
Copy link
Collaborator

Backport

This PR is auto-generated from #20801 to be assessed for backporting due to the inclusion of the label backport/1.16.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@zalimeni
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: POST https://api.github.com/repos/hashicorp/consul/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

Resolves CVE-2024-24786.

Description

Change made by running

make go-mod-get DEP_VERSION=google.golang.org/protobuf@v1.33.0
make go-mod-get DEP_VERSION=github.com/golang/protobuf@v1.5.4

to bump dependency across submodules, then

make --always-make proto

to update proto files (comments only).

Will likely require manual fixes to backport but possible it'll inline, so starting w/ the labels.

Testing & Reproduction steps

CI continues to pass.

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern
Overview of commits

@hashicorp-cla
Copy link

hashicorp-cla commented Mar 6, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

github-team-consul-core-pr-approver
github-team-consul-core-pr-approver approved these changes Mar 6, 2024
View reviewed changes
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto approved Consul Bot automated PR

@vercel vercel bot temporarily deployed to Preview – consul March 6, 2024 23:10 Inactive
@zalimeni zalimeni force-pushed the backport/zalimeni/bump-protobuf/deadly-happy-salmon branch from fe21f5a to 7bcdaac Compare March 6, 2024 23:42
@zalimeni zalimeni marked this pull request as ready for review March 6, 2024 23:43
@zalimeni zalimeni requested a review from a team as a code owner March 6, 2024 23:43
@zalimeni zalimeni enabled auto-merge (squash) March 6, 2024 23:43
@zalimeni zalimeni merged commit 6350270 into release/1.16.x Mar 6, 2024
91 of 92 checks passed
@zalimeni zalimeni deleted the backport/zalimeni/bump-protobuf/deadly-happy-salmon branch March 6, 2024 23:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver github-team-consul-core-pr-approver approved these changes

@zalimeni zalimeni zalimeni approved these changes

Assignees

@zalimeni zalimeni

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hc-github-team-consul-core @hashicorp-cla @zalimeni @github-team-consul-core-pr-approver