Merge pull request #15018 from ahrtr/deps_3.5_20221219

[3.5] Security: address HIGH Vulnerabilities

.github/workflows/e2e.yaml

@@ -13,7 +13,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.16.15"
+        go-version: "1.17.13"
     - run: date
     - env:
         TARGET: ${{ matrix.target }}

.github/workflows/functional.yaml

@@ -12,7 +12,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.16.15"
+        go-version: "1.17.13"
     - run: date
     - env:
         TARGET: ${{ matrix.target }}

.github/workflows/grpcproxy.yaml

@@ -12,7 +12,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.16.15"
+        go-version: "1.17.13"
     - run: date
     - env:
         TARGET: ${{ matrix.target }}

.github/workflows/release.yaml

@@ -7,7 +7,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.16.15"
+        go-version: "1.17.13"
     - run: |
         git config --global user.email "github-action@etcd.io"
         git config --global user.name "Github Action"

.github/workflows/tests.yaml

@@ -18,7 +18,7 @@ jobs:
     - uses: actions/checkout@v2
     - uses: actions/setup-go@v2
       with:
-        go-version: "1.16.15"
+        go-version: "1.17.13"
     - run: date
     - env:
         TARGET: ${{ matrix.target }}

Makefile

@@ -55,7 +55,7 @@ docker-remove:
 
 
 
-GO_VERSION ?= 1.16.15
+GO_VERSION ?= 1.17.13
 ETCD_VERSION ?= $(shell git rev-parse --short HEAD || echo "GitNotFound")
 
 TEST_SUFFIX = $(shell date +%s | base64 | head -c 15)

api/go.mod

@@ -1,6 +1,6 @@
 module go.etcd.io/etcd/api/v3
 
-go 1.16
+go 1.17
 
 require (
 	github.com/coreos/go-semver v0.3.0
@@ -9,6 +9,13 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway v1.16.0
 	google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c
 	google.golang.org/grpc v1.41.0
+)
+
+require (
+	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 // indirect
+	golang.org/x/sys v0.0.0-20210510120138-977fb7262007 // indirect
+	golang.org/x/text v0.3.5 // indirect
+	google.golang.org/protobuf v1.26.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 

bill-of-materials.json

@@ -27,25 +27,25 @@
 		]
 	},
 	{
-		"project": "github.com/certifi/gocertifi",
+		"project": "github.com/cespare/xxhash/v2",
 		"licenses": [
 			{
-				"type": "Mozilla Public License 2.0",
+				"type": "MIT License",
 				"confidence": 1
 			}
 		]
 	},
 	{
-		"project": "github.com/cespare/xxhash/v2",
+		"project": "github.com/cockroachdb/datadriven",
 		"licenses": [
 			{
-				"type": "MIT License",
+				"type": "Apache License 2.0",
 				"confidence": 1
 			}
 		]
 	},
 	{
-		"project": "github.com/cockroachdb/datadriven",
+		"project": "github.com/cockroachdb/errors",
 		"licenses": [
 			{
 				"type": "Apache License 2.0",
@@ -54,7 +54,7 @@
 		]
 	},
 	{
-		"project": "github.com/cockroachdb/errors",
+		"project": "github.com/cockroachdb/logtags",
 		"licenses": [
 			{
 				"type": "Apache License 2.0",
@@ -63,7 +63,7 @@
 		]
 	},
 	{
-		"project": "github.com/cockroachdb/logtags",
+		"project": "github.com/cockroachdb/redact",
 		"licenses": [
 			{
 				"type": "Apache License 2.0",
@@ -135,11 +135,11 @@
 		]
 	},
 	{
-		"project": "github.com/getsentry/raven-go",
+		"project": "github.com/getsentry/sentry-go",
 		"licenses": [
 			{
-				"type": "BSD 3-clause \"New\" or \"Revised\" License",
-				"confidence": 0.9663865546218487
+				"type": "BSD 2-clause \"Simplified\" License",
+				"confidence": 1
 			}
 		]
 	},
@@ -251,6 +251,24 @@
 			}
 		]
 	},
+	{
+		"project": "github.com/kr/pretty",
+		"licenses": [
+			{
+				"type": "MIT License",
+				"confidence": 0.9891304347826086
+			}
+		]
+	},
+	{
+		"project": "github.com/kr/text",
+		"licenses": [
+			{
+				"type": "MIT License",
+				"confidence": 0.9891304347826086
+			}
+		]
+	},
 	{
 		"project": "github.com/mattn/go-runewidth",
 		"licenses": [
@@ -350,6 +368,15 @@
 			}
 		]
 	},
+	{
+		"project": "github.com/rogpeppe/go-internal/fmtsort",
+		"licenses": [
+			{
+				"type": "BSD 3-clause \"New\" or \"Revised\" License",
+				"confidence": 0.9663865546218487
+			}
+		]
+	},
 	{
 		"project": "github.com/russross/blackfriday/v2",
 		"licenses": [

build.sh

@@ -97,7 +97,7 @@ tools_build() {
     run env GO_BUILD_FLAGS="${GO_BUILD_FLAGS}" CGO_ENABLED=0 go build ${GO_BUILD_FLAGS} \
       -trimpath \
       -installsuffix=cgo \
-      "-ldflags='${GO_LDFLAGS[*]}'" \
+      "-ldflags=${GO_LDFLAGS[*]}" \
       -o="${out}/${tool}" "./${tool}" || return 2
   done
   tests_build "${@}"
@@ -120,7 +120,7 @@ tests_build() {
       # shellcheck disable=SC2086
       run env CGO_ENABLED=0 GO_BUILD_FLAGS="${GO_BUILD_FLAGS}" go build ${GO_BUILD_FLAGS} \
         -installsuffix=cgo \
-        "-ldflags='${GO_LDFLAGS[*]}'" \
+        "-ldflags=${GO_LDFLAGS[*]}" \
         -o="../${out}/${tool}" "./${tool}" || return 2
     done
   ) || return 2

client/pkg/go.mod

@@ -1,10 +1,18 @@
 module go.etcd.io/etcd/client/pkg/v3
 
-go 1.16
+go 1.17
 
 require (
 	github.com/coreos/go-systemd/v22 v22.3.2
 	github.com/stretchr/testify v1.7.0
 	go.uber.org/zap v1.17.0
 	golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57
 )
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+)

client/v2/go.mod

@@ -1,6 +1,6 @@
 module go.etcd.io/etcd/client/v2
 
-go 1.16
+go 1.17
 
 require (
 	github.com/json-iterator/go v1.1.11
@@ -9,6 +9,11 @@ require (
 	go.etcd.io/etcd/client/pkg/v3 v3.5.6
 )
 
+require (
+	github.com/coreos/go-semver v0.3.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
+)
+
 replace (
 	go.etcd.io/etcd/api/v3 => ../../api
 	go.etcd.io/etcd/client/pkg/v3 => ../pkg

client/v3/go.mod

@@ -1,6 +1,6 @@
 module go.etcd.io/etcd/client/v3
 
-go 1.16
+go 1.17
 
 require (
 	github.com/dustin/go-humanize v1.0.0
@@ -13,6 +13,27 @@ require (
 	sigs.k8s.io/yaml v1.2.0
 )
 
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.1 // indirect
+	github.com/coreos/go-semver v0.3.0 // indirect
+	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.26.0 // indirect
+	github.com/prometheus/procfs v0.6.0 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 // indirect
+	golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 // indirect
+	golang.org/x/text v0.3.5 // indirect
+	google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
+	google.golang.org/protobuf v1.26.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+)
+
 replace (
 	go.etcd.io/etcd/api/v3 => ../../api
 	go.etcd.io/etcd/client/pkg/v3 => ../pkg

etcdctl/go.mod

@@ -1,6 +1,6 @@
 module go.etcd.io/etcd/etcdctl/v3
 
-go 1.16
+go 1.17
 
 require (
 	github.com/bgentry/speakeasy v0.1.0
@@ -21,6 +21,46 @@ require (
 	gopkg.in/cheggaaa/pb.v1 v1.0.28
 )
 
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.1 // indirect
+	github.com/coreos/go-semver v0.3.0 // indirect
+	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/btree v1.0.1 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/jonboulle/clockwork v0.2.2 // indirect
+	github.com/json-iterator/go v1.1.11 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/prometheus/client_golang v1.11.1 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.26.0 // indirect
+	github.com/prometheus/procfs v0.6.0 // indirect
+	github.com/russross/blackfriday/v2 v2.0.1 // indirect
+	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
+	github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
+	go.etcd.io/bbolt v1.3.6 // indirect
+	go.etcd.io/etcd/raft/v3 v3.5.6 // indirect
+	go.etcd.io/etcd/server/v3 v3.5.6 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.25.0 // indirect
+	go.opentelemetry.io/otel v1.0.1 // indirect
+	go.opentelemetry.io/otel/trace v1.0.1 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
+	golang.org/x/net v0.4.0 // indirect
+	golang.org/x/sys v0.3.0 // indirect
+	golang.org/x/text v0.5.0 // indirect
+	google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+)
+
 replace (
 	go.etcd.io/etcd/api/v3 => ../api
 	go.etcd.io/etcd/client/pkg/v3 => ../client/pkg