-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Collected dependabot security upgrades #700
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Does the PR have any schema changes?Does the PR have any schema changes?Looking good! No breaking changes found. Maintainer note: consult the runbook for dealing with any breaking changes. |
It looks like this is causing some test failures. |
thomas11
force-pushed
the
tkappler/dependabot
branch
from
July 26, 2023 15:33
e10d398
to
f0439ac
Compare
abhinav
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 26, 2023
Updates to the latest version of google.golang.org/genproto in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is specifically a problem for ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by @thomas11 while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). --- The contents of this commit were generated with the following command: ``` find . -name go.mod -exec dirname '{}' ';' | while read R; do (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break done ``` This failed for tests/integration/go/go-build-target which had an old `go 1.17` directive. This was changed to `go 1.20`.
thomas11
force-pushed
the
tkappler/dependabot
branch
from
July 26, 2023 18:38
a8903ec
to
d9d3cc8
Compare
abhinav
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 26, 2023
Updates to the latest version of google.golang.org/genproto in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is specifically a problem for ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by @thomas11 while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). --- The contents of this commit were generated with the following command: ``` find . -name go.mod -exec dirname '{}' ';' | while read R; do (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break done ``` This failed for tests/integration/go/go-build-target which had an old `go 1.17` directive. This was changed to `go 1.20`. This also accidentally tidied up go/regress-13301 which was reverted. A follow-up is incoming to prevent issues like that in the future.
bors bot
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 26, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav Updates to the latest version of google.golang.org/genproto in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is specifically a problem for ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by `@thomas11` while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). --- The contents of this commit were generated with the following command: ``` find . -name go.mod -exec dirname '{}' ';' | while read R; do (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break done ``` This failed for tests/integration/go/go-build-target which had an old `go 1.17` directive. This was changed to `go 1.20`. This also accidentally tidied up go/regress-13301 which was reverted. PR #13596 aims to prevent mistakes like this in the future. Co-authored-by: Abhinav Gupta <[email protected]>
bors bot
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 26, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav Updates to the latest version of google.golang.org/genproto in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is specifically a problem for ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by `@thomas11` while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). --- The contents of this commit were generated with the following command: ``` find . -name go.mod -exec dirname '{}' ';' | while read R; do (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break done ``` This failed for tests/integration/go/go-build-target which had an old `go 1.17` directive. This was changed to `go 1.20`. This also accidentally tidied up go/regress-13301 which was reverted. PR #13596 aims to prevent mistakes like this in the future. 13598: Changelog and go.mod updates for v3.76.1 r=pulumi-bot a=pulumi-bot bors merge Co-authored-by: Abhinav Gupta <[email protected]> Co-authored-by: github-actions <[email protected]>
abhinav
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 26, 2023
Updates to the latest version of google.golang.org/genproto in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is specifically a problem for ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by @thomas11 while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). --- The contents of this commit were generated with the following command: ``` find . -name go.mod -exec dirname '{}' ';' | while read R; do (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break done ``` This failed for tests/integration/go/go-build-target which had an old `go 1.17` directive. This was changed to `go 1.20`. This also accidentally tidied up go/regress-13301 which was reverted. A follow-up is incoming to prevent issues like that in the future.
bors bot
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 26, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav Updates to the latest version of google.golang.org/genproto in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is specifically a problem for ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by `@thomas11` while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). --- The contents of this commit were generated with the following command: ``` find . -name go.mod -exec dirname '{}' ';' | while read R; do (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break done ``` This failed for tests/integration/go/go-build-target which had an old `go 1.17` directive. This was changed to `go 1.20`. This also accidentally tidied up go/regress-13301 which was reverted. PR #13596 aims to prevent mistakes like this in the future. 13596: test(regress-13301): Avoid accidental tidying r=abhinav a=abhinav The regression test for #13301 needs an intentionally bad go.mod file. This file was excluded from `make tidy`, allowing it to remain invalid, but this doesn't protect it from bulk commands like the following used in #13593 ```bash find . -name go.mod -exec dirname '{}' ';' | while read R; do (cd "$R" && ... && go mod tidy) done ``` In fact, #13593 accidentally tidied this go.mod file (removing the extraneous dependencies critical to the regression test) and failed in CI. To prevent issues like this, rename the go.mod to go.mod.bad, and rename it back to go.mod in the test environment at test time. This also lets us revert the `make tidy` exclusion support in tidy.sh. Co-authored-by: Abhinav Gupta <[email protected]>
bors bot
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 27, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav Updates to the latest version of google.golang.org/genproto in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is specifically a problem for ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by `@thomas11` while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). --- The contents of this commit were generated with the following command: ``` find . -name go.mod -exec dirname '{}' ';' | while read R; do (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break done ``` This failed for tests/integration/go/go-build-target which had an old `go 1.17` directive. This was changed to `go 1.20`. This also accidentally tidied up go/regress-13301 which was reverted. PR #13596 aims to prevent mistakes like this in the future. Co-authored-by: Abhinav Gupta <[email protected]>
bors bot
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 27, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav Updates to the latest version of google.golang.org/genproto in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is specifically a problem for ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by `@thomas11` while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). --- The contents of this commit were generated with the following command: ``` find . -name go.mod -exec dirname '{}' ';' | while read R; do (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break done ``` This failed for tests/integration/go/go-build-target which had an old `go 1.17` directive. This was changed to `go 1.20`. This also accidentally tidied up go/regress-13301 which was reverted. PR #13596 aims to prevent mistakes like this in the future. 13596: test(regress-13301): Avoid accidental tidying r=abhinav a=abhinav The regression test for #13301 needs an intentionally bad go.mod file. This file was excluded from `make tidy`, allowing it to remain invalid, but this doesn't protect it from bulk commands like the following used in #13593 ```bash find . -name go.mod -exec dirname '{}' ';' | while read R; do (cd "$R" && ... && go mod tidy) done ``` In fact, #13593 accidentally tidied this go.mod file (removing the extraneous dependencies critical to the regression test) and failed in CI. To prevent issues like this, rename the go.mod to go.mod.bad, and rename it back to go.mod in the test environment at test time. This also lets us revert the `make tidy` exclusion support in tidy.sh. Co-authored-by: Abhinav Gupta <[email protected]>
bors bot
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 27, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav Updates to the latest version of google.golang.org/genproto in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is specifically a problem for ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by `@thomas11` while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). --- The contents of this commit were generated with the following command: ``` find . -name go.mod -exec dirname '{}' ';' | while read R; do (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break done ``` This failed for tests/integration/go/go-build-target which had an old `go 1.17` directive. This was changed to `go 1.20`. This also accidentally tidied up go/regress-13301 which was reverted. PR #13596 aims to prevent mistakes like this in the future. Co-authored-by: Abhinav Gupta <[email protected]>
abhinav
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 27, 2023
Updates to the latest versions of google.golang.org/genproto and google.golang.org/grpc in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is a problem for codegen tests and ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by @thomas11 while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). The grpc upgrade is necessary because the current version of grpc also pulls the outdated version of genproto.
abhinav
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 27, 2023
Updates to the latest versions of google.golang.org/genproto and google.golang.org/grpc in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is a problem for codegen tests and ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by @thomas11 while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). The grpc upgrade is necessary because the current version of grpc also pulls the outdated version of genproto.
bors bot
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 28, 2023
13593: deps: Upgrade google.golang.org/{genproto, grpc} r=abhinav a=abhinav Updates to the latest versions of google.golang.org/genproto and google.golang.org/grpc in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is a problem for codegen tests and ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by `@thomas11` while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). The grpc upgrade is necessary because the current version of grpc also pulls the outdated version of genproto. Co-authored-by: Abhinav Gupta <[email protected]>
bors bot
added a commit
to pulumi/pulumi
that referenced
this pull request
Jul 28, 2023
13593: deps: Upgrade google.golang.org/{genproto, grpc} r=abhinav a=abhinav Updates to the latest versions of google.golang.org/genproto and google.golang.org/grpc in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (googleapis/go-genproto#1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is a problem for codegen tests and ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by `@thomas11` while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). The grpc upgrade is necessary because the current version of grpc also pulls the outdated version of genproto. Co-authored-by: Abhinav Gupta <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.