Net 10288 bump go to resolve CVE 2024 24791 #572
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
sarahalsmiller
commented
Jul 2, 2024
sarahalsmiller
commented
- Bump go version
…ease/1.1.x (#75) * backport of commit b2fbd96 * backport of commit 28ee351 --------- Co-authored-by: Curt Bushko <[email protected]>
* backport of commit c24b2fd * backport of commit daa84e4 * backport of commit 96d9d83 * backport of commit 5602ac0 * backport of commit 6d0bd65 * backport of commit 0207daf * backport of commit 8efb859 * backport of commit ac257fc * backport of commit a77836c * backport of commit 86aee49 --------- Co-authored-by: Curt Bushko <[email protected]>
* backport of commit b39530a * backport of commit a7631d9 --------- Co-authored-by: Curt Bushko <[email protected]>
Co-authored-by: DanStough <[email protected]>
Co-authored-by: DanStough <[email protected]>
…#103) * backport of commit e16c0bb * backport of commit c0c1a3f --------- Co-authored-by: freddygv <[email protected]>
--------- Co-authored-by: Jeff <[email protected]> Co-authored-by: woz5999 <[email protected]> Co-authored-by: DanStough <[email protected]>
…nto release/1.1.x (#114) * backport of commit 8fd981f * backport of commit d03729c --------- Co-authored-by: DanStough <[email protected]>
* backport of commit 20b4f3e * backport of commit 0d4fd5d * backport of commit 422fdc6 * backport of commit fa7977e --------- Co-authored-by: Chris Chapman <[email protected]>
Co-authored-by: DanStough <[email protected]>
…se/1.1.x (#132) * backport of commit 7e628f8 * backport of commit ca3ddd9 --------- Co-authored-by: Chris Chapman <[email protected]>
Co-authored-by: Bryan Eastes <[email protected]>
Co-authored-by: Curt Bushko <[email protected]>
…gs annotation : NET-2190 into release/1.1.x (#150) * backport of commit 112da6e * backport of commit 10ce884 * backport of commit 8320373 * backport of commit bfe2057 * backport of commit 5f693b8 * backport of commit 65ba8a3 * backport of commit befaf13 * backport commit --------- Co-authored-by: Ashesh Vidyut <[email protected]> Co-authored-by: Curt Bushko <[email protected]>
… lifecycle shutdown into release/1.1.x (#181) * backport of commit 937d893 * backport of commit 722f263 * backport of commit 2af6219 * backport of commit a1c21c9 * backport of commit 68f206d * backport of commit 892392d * backport of commit bb0f87a * backport of commit cde897a * backport of commit 471a087 * backport of commit 5b54f12 * backport of commit 2852040 * backport of commit bbb3785 * backport of commit c7e8f86 * backport of commit ae041fc * backport of commit 52e5fd5 * backport of commit 095aaf0 * backport of commit 2b0f0ee * backport of commit bf9acdb * backport of commit 9833553 * backport of commit f0dfd78 * backport of commit 7f9b0f0 * backport of commit 8c8141c * backport of commit f98ce24 * backport of commit 91a5b81 * backport of commit bfea751 * backport of commit aadfeed * backport of commit 496d196 * backport of commit 4340c2f * backport of commit 52b4557 * backport of commit 21595f0 * backport of commit b5e3aea * backport of commit bf8f0c8 * backport of commit 790881e * fix missing method --------- Co-authored-by: Mike Morris <[email protected]> Co-authored-by: Curt Bushko <[email protected]>
…183) * makefile: bump default integration tests server image to hashicorppreview/consul:1.15-dev * integration-tests: add upstream for frontend service to backend * integration-tests: run frontend service and setup two-way allow intentions * cmd: initiate graceful shutdown from SIGTERM * add TODOs for testing container termination handling * test: add graceful shutdown CLI flags to RunContainer integration test helper * test: configure graceful shutdown for frontend in integration tests remove k8s-specific lifecycle TODOs that differentiate container shutdown from pod termination * test: make graceful shutdown configuration optional in dataplane helper * restore SIGINT and SIGTERM handling * pkg/consuldp: cancel parent context and exit if proxy lifecycle manager never started * test: fixup ShutdownDrainListeners bool config, send SIGTERM to frontend sidecar container * pkg/envoy: start Envoy in its own process group to avoid directly sending SIGTERM Let consul-dataplane handle the signal and control graceful shutdown. * ci: set DOCKER_API_VERSION to avoid error * test: negotiate Docker API version * pkg/consuldp/lifecycle: call gracefulShutdown from HTTP endpoint handler in a separate goroutine to avoid blocking test: check proxy manager mock async now that HTTP endpoint is non-blocking test: add shutdownTimeout var for shutdownGracePeriod plus fuzzy allowance * integration-tests: skip deleting suite.volume if it has already been cleaned up integration-tests: lock mutex in Volume t.Cleanup * integration-tests: fixup -shutdown-grace-period-seconds CLI arg * integration-tests: update config to ShutdownDrainListenersEnabled for consistency * Update integration-tests/main_test.go * add changelog * pkg/envoy: add DumpConfig method and plumbing to optionally dump Envoy config to STDOUT on Envoy container during consul-dataplane shutdown * integration-tests: remove t.Cleanup attempt to dump Envoy config, proxy will already be terminated in current integration tests * cmd: abstract main logic into new run() func to handle context cancellation with fatal logging * test: implement DumpConfig stub on mock ProxyManager --------- Co-authored-by: Mike Morris <[email protected]> Co-authored-by: Paul Glass <[email protected]>
…cfg into release/1.1.x (#197) * backport of commit 244265c * backport of commit 67aa49b * backport of commit 955e2c6 --------- Co-authored-by: josh <[email protected]>
… into release/1.1.x (#206) * backport of commit 9989ce4 * backport of commit cf8e466 --------- Co-authored-by: DanStough <[email protected]>
Upgrade to Go 1.20.6 and `net/http` 1.12.0 to resolve CVE-2023-29406.
Avoid testcontainers breakage due to validation added in Go 1.20.6 until that issue is resolved. Keep the global version bump to 1.20.6 to resolve CVEs.
prepare next release
Stage release 1.1.8
…dev into release/1.1.x (#400) backport of commit 0ae75a8 Co-authored-by: Curt Bushko <[email protected]>
backport of commit 999fac0 Co-authored-by: skpratt <[email protected]>
security: update Envoy to 1.26.7 Update from 1.25.11 to 1.26.7 to address multiple CVEs. Envoy 1.25 has reached EOL, so upgrade to 1.26 is necessary to receive critical security patches.
…ches into release/1.1.x (#444) backport of commit add57af Co-authored-by: Michael Zalimeni <[email protected]>
…oss all modules into release/1.1.x (#452) backport of commit d2111b8 Co-authored-by: Michael Zalimeni <[email protected]>
…o 1.33.0 into release/1.1.x (#461) * backport of commit fd3cefd * backport of commit 021f21f --------- Co-authored-by: Michael Wilkerson <[email protected]>
* backport of commit adfb763 * backport of commit b290189 * Update indirect dependencies --------- Co-authored-by: Chris S. Kim <[email protected]>
… envoy versions into release/1.1.x (#475) * backport for commit 4f9f58e --------- Co-authored-by: dduzgun-security <[email protected]>
…480) copy the license file into artifacts (#479) Co-authored-by: Author Name <[email protected]>
backport of commit 8b7ca33 Co-authored-by: dduzgun-security <[email protected]>
* build: tsccr action updates * build: update hashicorp github actions --------- Co-authored-by: DanStough <[email protected]>
security: update Envoy to 1.27.5 Resolves CVE-2024-32475. Note that Envoy 1.26 is EOL, therefore this change updates the minor version to 1.27. Previously, `consul-dataplane` 1.1.x tracked Envoy 1.26.
* backport of commit 76d200b * backport of commit a3566fb --------- Co-authored-by: Dhia Ayachi <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.