Skip to content

[release/1.7 backport] alias log package to github.com/containerd/log v0.1.0#9106

Merged
dmcgowan merged 4 commits intocontainerd:release/1.7from
thaJeztah:1.7_backport_swap_log_pkg_alias
Sep 21, 2023
Merged

[release/1.7 backport] alias log package to github.com/containerd/log v0.1.0#9106
dmcgowan merged 4 commits intocontainerd:release/1.7from
thaJeztah:1.7_backport_swap_log_pkg_alias

Conversation

@thaJeztah
Copy link
Copy Markdown
Member

@thaJeztah thaJeztah commented Sep 17, 2023

I also had to update some other dependencies, which I did in separate commits.

vendor: github.com/sirupsen/logrus v1.9.3

full diff: sirupsen/logrus@v1.9.0...v1.9.3

v1.9.3

  • Fix a potential denial of service vulnerability in logrus.Writer()
    that could be triggered by logging text longer than 64kb without newlines
  • Fix panic in Writer

v1.9.2

Reverts "Fix a potential denial of service vulnerability in logrus.Writer()",
which introduced a regression.

v1.9.1

  • Fix data race in hooks.test package
  • Add instructions to use different log levels for local and syslog
  • Fix a potential denial of service vulnerability in logrus.Writer()
    that could be triggered by logging text longer than 64kb without newlines
  • Use text when shows the logrus output

vendor: github.com/stretchr/testify v1.8.4

full diff: stretchr/testify@v1.8.2...v1.8.4

alias log package to github.com/containerd/log v0.1.0

This "soft" deprecates the package, but keeps the local uses of the package,
which can make backporting this to release-branches easier (we can
still move all uses in those branches as well though).

@k8s-ci-robot
Copy link
Copy Markdown

k8s-ci-robot commented Sep 17, 2023

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Sep 17, 2023

⚠️ Let me know if you think I should include the second commit as well (which marks the package as deprecated); I wasn't 100% sure to include that in a patch release.

@thaJeztah
vendor: github.com/sirupsen/logrus v1.9.3
7bd976a 
full diff: sirupsen/logrus@v1.9.0...v1.9.3

v1.9.3

- Fix a potential denial of service vulnerability in logrus.Writer()
  that could be triggered by logging text longer than 64kb without newlines
- Fix panic in Writer

v1.9.2

Reverts "Fix a potential denial of service vulnerability in logrus.Writer()",
which introduced a regression.

v1.9.1

- Fix data race in hooks.test package
- Add instructions to use different log levels for local and syslog
- Fix a potential denial of service vulnerability in logrus.Writer()
  that could be triggered by logging text longer than 64kb without newlines
- Use text when shows the logrus output

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
vendor: github.com/stretchr/testify v1.8.4
a5024e6 
full diff: stretchr/testify@v1.8.2...v1.8.4

Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
alias log package to github.com/containerd/log v0.1.0
cb20151 
This "soft" deprecates the package, but keeps the local uses of the package,
which can make backporting this to release-branches easier (we can
still move all uses in those branches as well though).

Signed-off-by: Sebastiaan van Stijn <[email protected]>
(cherry picked from commit d69ae81)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
(cherry picked from commit f1591cc)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah force-pushed the 1.7_backport_swap_log_pkg_alias branch from 559453c to cb20151 Compare September 19, 2023 06:55
@dmcgowan
Copy link
Copy Markdown
Member

dmcgowan commented Sep 20, 2023

@thaJeztah let's avoid the deprecation commit for now

@dmcgowan dmcgowan marked this pull request as ready for review September 20, 2023 00:57
@thaJeztah
deprecate logs package, but disable linter (for transitioning)
09633b5 
Deprecate the pacakge, but suppress linting errors for now. This is to allow
backporting these changes to release branches, which may still need to transition.

Signed-off-by: Sebastiaan van Stijn <[email protected]>
(cherry picked from commit 03b9ce5)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Sep 20, 2023

^^ after discussing, I included the deprecation for this (1.7) so that it can act as stepping-stone towards v2.0, but we're not backporting it to the 1.6 branch

@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Sep 20, 2023

@AkihiroSuda @cpuguy83 PTAL

@dmcgowan dmcgowan merged commit fb5868b into containerd:release/1.7 Sep 21, 2023
@thaJeztah thaJeztah deleted the 1.7_backport_swap_log_pkg_alias branch September 21, 2023 05:34
@dmcgowan dmcgowan mentioned this pull request Oct 5, 2023
Merged
@thaJeztah thaJeztah mentioned this pull request Jun 21, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmcgowan dmcgowan dmcgowan approved these changes

@cpuguy83 cpuguy83 cpuguy83 approved these changes

Assignees

No one assigned

Labels

impact/changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@thaJeztah @k8s-ci-robot @dmcgowan @cpuguy83