Skip to content

Commit e6d91d8

Browse files
thaJeztahthaJeztah
committed
vendor: github.com/golang/protobuf v1.5.4
commit 10c7f03 updated google.golang.org/protobuf to v1.33.0, which addresses CVE-2024-24786, however a follow-up post on the Golang security list issued a warning that the v1.33.0 update introduced a breaking change, causing compatibility with github.com/golang/protobuf to be broken; > A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown > option is set (as well as when unmarshaling into any message which contains a > google.protobuf.Any). There is no UnmarshalUnknown option. > > In addition, version 1.33.0 of google.golang.org/protobuf inadvertently > introduced an incompatibility with the older github.com/golang/protobuf > module. (golang/protobuf#1596) Users of the older > module should update to github.com/golang/[email protected]. Signed-off-by: Sebastiaan van Stijn <[email protected]> (cherry picked from commit 45e425c) Signed-off-by: Sebastiaan van Stijn <[email protected]>
1 parent 2d136c5 commit e6d91d8

8 files changed

Lines changed: 14 additions & 10 deletions

File tree

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ require (
9999
github.com/godbus/dbus/v5 v5.1.0 // indirect
100100
github.com/gogo/protobuf v1.3.2 // indirect
101101
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
102-
github.com/golang/protobuf v1.5.3 // indirect
102+
github.com/golang/protobuf v1.5.4 // indirect
103103
github.com/google/gofuzz v1.2.0 // indirect
104104
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
105105
github.com/hashicorp/errwrap v1.1.0 // indirect

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -514,8 +514,8 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
514514
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
515515
github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
516516
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
517-
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
518-
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
517+
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
518+
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
519519
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
520520
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
521521
github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=

integration/client/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ require (
4242
github.com/godbus/dbus/v5 v5.1.0 // indirect
4343
github.com/gogo/protobuf v1.3.2 // indirect
4444
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
45-
github.com/golang/protobuf v1.5.3 // indirect
45+
github.com/golang/protobuf v1.5.4 // indirect
4646
github.com/google/go-cmp v0.5.9 // indirect
4747
github.com/klauspost/compress v1.16.0 // indirect
4848
github.com/moby/locker v1.0.1 // indirect

integration/client/go.sum

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1120,8 +1120,9 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
11201120
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
11211121
github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
11221122
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
1123-
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
11241123
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
1124+
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
1125+
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
11251126
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
11261127
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
11271128
github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0=

vendor/github.com/golang/protobuf/jsonpb/decode.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/golang/protobuf/jsonpb/encode.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/golang/protobuf/ptypes/any.go

Lines changed: 4 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/modules.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -235,8 +235,8 @@ github.com/gogo/protobuf/types
235235
# github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
236236
## explicit
237237
github.com/golang/groupcache/lru
238-
# github.com/golang/protobuf v1.5.3
239-
## explicit; go 1.9
238+
# github.com/golang/protobuf v1.5.4
239+
## explicit; go 1.17
240240
github.com/golang/protobuf/jsonpb
241241
github.com/golang/protobuf/proto
242242
github.com/golang/protobuf/ptypes

0 commit comments

Comments
 (0)