Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Collected dependabot security upgrades #700

Merged
merged 3 commits into from
Jul 26, 2023
Merged

Conversation

thomas11
Copy link
Contributor

No description provided.

@github-actions
Copy link

Does the PR have any schema changes?

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

Maintainer note: consult the runbook for dealing with any breaking changes.

@thomas11 thomas11 enabled auto-merge July 26, 2023 13:49
@thomas11 thomas11 requested a review from a team July 26, 2023 13:49
@iwahbe
Copy link
Member

iwahbe commented Jul 26, 2023

It looks like this is causing some test failures.

@thomas11 thomas11 force-pushed the tkappler/dependabot branch from e10d398 to f0439ac Compare July 26, 2023 15:33
abhinav added a commit to pulumi/pulumi that referenced this pull request Jul 26, 2023
Updates to the latest version of google.golang.org/genproto
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is specifically a problem for ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by @thomas11 while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

---

The contents of this commit were generated with the following command:

```
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break
done
```

This failed for tests/integration/go/go-build-target
which had an old `go 1.17` directive. This was changed to `go 1.20`.
@thomas11 thomas11 force-pushed the tkappler/dependabot branch from a8903ec to d9d3cc8 Compare July 26, 2023 18:38
@thomas11 thomas11 merged commit 95af7d9 into master Jul 26, 2023
@thomas11 thomas11 deleted the tkappler/dependabot branch July 26, 2023 18:57
abhinav added a commit to pulumi/pulumi that referenced this pull request Jul 26, 2023
Updates to the latest version of google.golang.org/genproto
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is specifically a problem for ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by @thomas11 while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

---

The contents of this commit were generated with the following command:

```
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break
done
```

This failed for tests/integration/go/go-build-target
which had an old `go 1.17` directive. This was changed to `go 1.20`.

This also accidentally tidied up go/regress-13301 which was reverted.
A follow-up is incoming to prevent issues like that in the future.
bors bot added a commit to pulumi/pulumi that referenced this pull request Jul 26, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav

Updates to the latest version of google.golang.org/genproto
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is specifically a problem for ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by `@thomas11` while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

---

The contents of this commit were generated with the following command:

```
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break
done
```

This failed for tests/integration/go/go-build-target
which had an old `go 1.17` directive. This was changed to `go 1.20`.

This also accidentally tidied up go/regress-13301 which was reverted.
PR #13596 aims to prevent mistakes like this in the future.

Co-authored-by: Abhinav Gupta <[email protected]>
bors bot added a commit to pulumi/pulumi that referenced this pull request Jul 26, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav

Updates to the latest version of google.golang.org/genproto
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is specifically a problem for ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by `@thomas11` while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

---

The contents of this commit were generated with the following command:

```
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break
done
```

This failed for tests/integration/go/go-build-target
which had an old `go 1.17` directive. This was changed to `go 1.20`.

This also accidentally tidied up go/regress-13301 which was reverted.
PR #13596 aims to prevent mistakes like this in the future.

13598: Changelog and go.mod updates for v3.76.1 r=pulumi-bot a=pulumi-bot

bors merge

Co-authored-by: Abhinav Gupta <[email protected]>
Co-authored-by: github-actions <[email protected]>
abhinav added a commit to pulumi/pulumi that referenced this pull request Jul 26, 2023
Updates to the latest version of google.golang.org/genproto
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is specifically a problem for ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by @thomas11 while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

---

The contents of this commit were generated with the following command:

```
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break
done
```

This failed for tests/integration/go/go-build-target
which had an old `go 1.17` directive. This was changed to `go 1.20`.

This also accidentally tidied up go/regress-13301 which was reverted.
A follow-up is incoming to prevent issues like that in the future.
bors bot added a commit to pulumi/pulumi that referenced this pull request Jul 26, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav

Updates to the latest version of google.golang.org/genproto
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is specifically a problem for ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by `@thomas11` while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

---

The contents of this commit were generated with the following command:

```
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break
done
```

This failed for tests/integration/go/go-build-target
which had an old `go 1.17` directive. This was changed to `go 1.20`.

This also accidentally tidied up go/regress-13301 which was reverted.
PR #13596 aims to prevent mistakes like this in the future.

13596: test(regress-13301): Avoid accidental tidying r=abhinav a=abhinav

The regression test for #13301 needs an intentionally bad go.mod file.
This file was excluded from `make tidy`, allowing it to remain invalid,
but this doesn't protect it from bulk commands like the following
used in #13593

```bash
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (cd "$R" && ... && go mod tidy)
done
```

In fact, #13593 accidentally tidied this go.mod file
(removing the extraneous dependencies critical to the regression test)
and failed in CI.

To prevent issues like this, rename the go.mod to go.mod.bad,
and rename it back to go.mod in the test environment at test time.

This also lets us revert the `make tidy` exclusion support in tidy.sh.


Co-authored-by: Abhinav Gupta <[email protected]>
bors bot added a commit to pulumi/pulumi that referenced this pull request Jul 27, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav

Updates to the latest version of google.golang.org/genproto
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is specifically a problem for ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by `@thomas11` while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

---

The contents of this commit were generated with the following command:

```
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break
done
```

This failed for tests/integration/go/go-build-target
which had an old `go 1.17` directive. This was changed to `go 1.20`.

This also accidentally tidied up go/regress-13301 which was reverted.
PR #13596 aims to prevent mistakes like this in the future.

Co-authored-by: Abhinav Gupta <[email protected]>
bors bot added a commit to pulumi/pulumi that referenced this pull request Jul 27, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav

Updates to the latest version of google.golang.org/genproto
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is specifically a problem for ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by `@thomas11` while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

---

The contents of this commit were generated with the following command:

```
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break
done
```

This failed for tests/integration/go/go-build-target
which had an old `go 1.17` directive. This was changed to `go 1.20`.

This also accidentally tidied up go/regress-13301 which was reverted.
PR #13596 aims to prevent mistakes like this in the future.

13596: test(regress-13301): Avoid accidental tidying r=abhinav a=abhinav

The regression test for #13301 needs an intentionally bad go.mod file.
This file was excluded from `make tidy`, allowing it to remain invalid,
but this doesn't protect it from bulk commands like the following
used in #13593

```bash
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (cd "$R" && ... && go mod tidy)
done
```

In fact, #13593 accidentally tidied this go.mod file
(removing the extraneous dependencies critical to the regression test)
and failed in CI.

To prevent issues like this, rename the go.mod to go.mod.bad,
and rename it back to go.mod in the test environment at test time.

This also lets us revert the `make tidy` exclusion support in tidy.sh.


Co-authored-by: Abhinav Gupta <[email protected]>
bors bot added a commit to pulumi/pulumi that referenced this pull request Jul 27, 2023
13593: deps: Upgrade google.golang.org/genproto r=abhinav a=abhinav

Updates to the latest version of google.golang.org/genproto
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is specifically a problem for ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by `@thomas11` while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

---

The contents of this commit were generated with the following command:

```
find . -name go.mod -exec dirname '{}' ';' | while read R; do
  (echo "--- $R" && cd "$R" && go get google.golang.org/genproto@latest && go mod tidy) || break
done
```

This failed for tests/integration/go/go-build-target
which had an old `go 1.17` directive. This was changed to `go 1.20`.

This also accidentally tidied up go/regress-13301 which was reverted.
PR #13596 aims to prevent mistakes like this in the future.

Co-authored-by: Abhinav Gupta <[email protected]>
abhinav added a commit to pulumi/pulumi that referenced this pull request Jul 27, 2023
Updates to the latest versions of
google.golang.org/genproto and google.golang.org/grpc
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is a problem for codegen tests and ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by @thomas11 while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

The grpc upgrade is necessary because the current version of grpc
also pulls the outdated version of genproto.
abhinav added a commit to pulumi/pulumi that referenced this pull request Jul 27, 2023
Updates to the latest versions of
google.golang.org/genproto and google.golang.org/grpc
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is a problem for codegen tests and ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by @thomas11 while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

The grpc upgrade is necessary because the current version of grpc
also pulls the outdated version of genproto.
bors bot added a commit to pulumi/pulumi that referenced this pull request Jul 28, 2023
13593: deps: Upgrade google.golang.org/{genproto, grpc} r=abhinav a=abhinav

Updates to the latest versions of
google.golang.org/genproto and google.golang.org/grpc
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is a problem for codegen tests and ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by `@thomas11` while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

The grpc upgrade is necessary because the current version of grpc
also pulls the outdated version of genproto.

Co-authored-by: Abhinav Gupta <[email protected]>
bors bot added a commit to pulumi/pulumi that referenced this pull request Jul 28, 2023
13593: deps: Upgrade google.golang.org/{genproto, grpc} r=abhinav a=abhinav

Updates to the latest versions of
google.golang.org/genproto and google.golang.org/grpc
in all submodules in the repository.

This is necessary because in a recent change,
genproto split out some of its subpackages into independent submodules.
(googleapis/go-genproto#1015)

As a result of this, some users may see the error:

```
google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules:
    google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/[email protected]/googleapis/rpc/status)
    google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895
```

Because pu/pu is using 20230410155749,
which has googleapis/rpc as a subpackage,
but another dependency references the independent submodule (20230725213213),
so the system doesn't know which module to use for the import path,
google.golang.org/genproto/googleapis/rpc/status.

This is a problem for codegen tests and ProgramTest-based tests
for Pulumi Go programs that do not have a go.mod in the test directory.
This issue was encountered by `@thomas11` while attempting to upgrade
dependencies in pulumi-docker (pulumi/pulumi-docker#700).

The grpc upgrade is necessary because the current version of grpc
also pulls the outdated version of genproto.

Co-authored-by: Abhinav Gupta <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants