Skip to content

OCPBUGS-86831: Bump to etcd v3.5.31 in openshift 4.20#380

Open
JSampsonIV wants to merge 78 commits into
openshift:openshift-4.20from
JSampsonIV:4.20-merge
Open

OCPBUGS-86831: Bump to etcd v3.5.31 in openshift 4.20#380
JSampsonIV wants to merge 78 commits into
openshift:openshift-4.20from
JSampsonIV:4.20-merge

Conversation

@JSampsonIV
Copy link
Copy Markdown

@JSampsonIV JSampsonIV commented Jun 2, 2026

Bump from etcd v3.5.26 to v3.5.31

ahrtr and others added 30 commits January 30, 2026 10:15
@ahrtr
Bump go version to 1.24.12
d0fe9f5 
Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#21217 from ahrtr/20260130_go_3.5
c880a59 
[release-3.5] Bump go version to 1.24.12
@ahrtr
Remove the use of grpc-go's Metadata field
b0e2819 
We also revoke the deprecation of the Metadata field, Users
can store whatever information related to each endpoint. We
just don't need to pass the value to grpc-go's Metadata.

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@fuweid
Merge pull request etcd-io#21242 from ahrtr/20260203_metadata_3.5
79966bb
Bump go version to 1.24.13
67d47c8 
Signed-off-by: Nont <nont@duck.com>
@ahrtr
Merge pull request etcd-io#21258 from nwnt/bump-3.5-to-gov1.24.3
6b9c711 
[release-3.5] Bump go version to 1.24.13
@ivanvc
version: bump up to 3.5.27
62d8759 
Signed-off-by: Ivan Valdes <iv@a.ki>
@henrybear327
dependency: bump go.opentelemetry.io/otel/sdk from v1.34.0 to v1.40.0
0b23de0 
Reference:
- etcd-io#21337

Signed-off-by: Chun-Hung Tseng <henrytseng@google.com>
@ahrtr
Merge pull request etcd-io#21338 from henrybear327/dependency/release…
256a0d1 
…-3.5/go.opentelemetry.io/otel/sdk

[Release-3.5] Bump go.opentelemetry.io/otel/sdk to v1.40.0 to resolve https://pkg.go.dev/vuln/GO-2026-4394
@ahrtr
server/etcdserver/api/v3rpc: run metrics interceptors before handlers
8dc01dd 
Move server metrics unary/stream interceptors ahead of request interceptors so
metrics are collected before handler-specific interception logic runs.

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@ahrtr
Merge pull request etcd-io#21336 from ahrtr/20260221_metrics
0865cd0 
[release-3.5] server/etcdserver/api/v3rpc: run metrics interceptors before handlers
@fuweid
server/etcdmain: fix deadlock issue for grpcproxy
a2467fc 
This differs slightly from the original patch.

* In cluster_proxy runs, use the embedded etcd member endpoint (Config().Acurl)
  instead of proxy endpoints for grpc-proxy --endpoints.
* Keep TLS version coverage and health-check flow unchanged.
* Use SpawnCmd because SpawnWithExpectsContext is not available
* Use --max-time for curl to avoid stuck
* `started gRPC proxy` is the signal that the server is ready

(cherry picked from commit 5037a98)
Signed-off-by: Wei Fu <fuweid89@gmail.com>
@fuweid
Merge pull request etcd-io#21356 from fuweid/cherry-pick-21339
85c7d38 
[release-3.5] server/etcdmain: fix deadlock issue in grpcproxy
@ahrtr
Print the endpoint the grpc request was actually sent to in unary int…
ae37d46 
…erceptor

Signed-off-by: Benjamin Wang <benjamin.ahrtr@gmail.com>
@fuweid
Merge pull request etcd-io#21380 from ahrtr/20260226_grpc_real_dp_3.5
5476771 
[release-3.5] Print the endpoint the grpc request was actually sent to in unary int…
@serathius
Fix race berween read index and leader change causing a stale read
9868620 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
@serathius
Merge pull request etcd-io#21387 from serathius/stale-read-fix-releas…
d2c82b2 
…e-3.5-2

[release-3.5] Fix race berween read index and leader change causing a stale read
@huajianxiaowanzi
etcdctl: fix slice bounds trimming single-quoted args
c15a064 
Signed-off-by: A.D <1695316070@qq.com>
@huajianxiaowanzi
etcdctl: add unit test for Argify
11b330f 
Signed-off-by: A.D <1695316070@qq.com>
@huajianxiaowanzi
etcdctl: add license header
07e9a61 
Signed-off-by: A.D <1695316070@qq.com>
@huajianxiaowanzi
Apply suggestion from @Copilot
d741e38 
In release-3.5, argify is defined as an unexported (lowercase) function. Therefore, the unit test should call argify instead of Argify.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: A.D <1695316070@qq.com>
@shuan1026
[release-3.5] bump Go to 1.25.7
6b12c35 
Signed-off-by: Mark Tsai <111229657+shuan1026@users.noreply.github.com>
@ahrtr
Merge pull request etcd-io#21403 from huajianxiaowanzi/manual-backpor…
187061b 
…t-21307-to-release-3.5

[release-3.5] etcdctl: fix slice bounds trimming single-quoted args
@ahrtr
Merge pull request etcd-io#21405 from shuan1026/bump-3.5-to-gov1.25.7
93b40cf 
[release-3.5] bump Go to 1.25.7
@serathius
Don't reuse same ReadIndex
451c29f 
Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
@serathius
Merge pull request etcd-io#21421 from serathius/read-request-id-relea…
7198b2f 
…se-3.5

[release-3.5] Don't reuse same ReadIndex
@ArkaSaha30
Bump golang.org/x/net@ v0.51.0 fixes GO-2026-4559
902e81c 
This commit will bump golang.org/x/net to v0.51.0 to resolve GO-2026-4559

Signed-off-by: ArkaSaha30 <arkasaha30@gmail.com>
@ahrtr
Merge pull request etcd-io#21441 from ArkaSaha30/fix-cve-GO-2026-4559…
d5b5a2f 
…-3.5

[3.5] Bump golang.org/x/net@ v0.51.0 fixes GO-2026-4559
@ivanvc
Bump Go to 1.25.8
184258a 
Signed-off-by: Ivan Valdes <ivan@vald.es>
@ahrtr
Merge pull request etcd-io#21462 from ivanvc/release-3.5-go-1.25.8
762373e 
[release-3.5] Bump Go to 1.25.8
ahrtr and others added 10 commits May 11, 2026 19:58
@ahrtr
Merge pull request etcd-io#21737 from silentred/release-3.5-bugfix-me…
c7f74b6 
…mberupdate-learner

[release-3.5] bugfix: MemberUpdate implicitly and unexpectedly promotes a learner
@silentred
etcdutl: validate data file path and return consistent errors instead…
06bcace 
… of panic when given non-existent paths

Signed-off-by: shenmu.wy <shenmu.wy@antfin.com>
@fuweid
Merge pull request etcd-io#21769 from silentred/release-3.5-etcdutl-i…
70cf41a 
…nvalid-datadir

[release-3.5] etcdutl: validate data file path instead of panic
@vivekpatani
client/pkg/fileutil: use os.Getuid() to skip TestIsDirWriteable as root
017b4d5 
- replace user.Current().Name == "root" with os.Getuid() == 0.
- drop os/user import and user.Current() error path.
- backport of etcd-io#21788
- address: etcd-io#21787

Signed-off-by: vivekpatani <9080894+vivekpatani@users.noreply.github.com>
@ahrtr
Merge pull request etcd-io#21793 from vivekpatani/cherry-pick-21788-r…
a420637 
…elease-3.5

[release-3.5] client/pkg/fileutil: use os.Getuid() to skip TestIsDirWriteable as root
@Deln0r
[release-3.5] bump golang.org/x/crypto and golang.org/x/net to fix go…
7d17200 
…vulncheck

govulncheck on release-3.5 is currently failing with 17 vulnerabilities
in golang.org/x/crypto@v0.50.0 (GO-2026-5013..5033 plus older), all
listed as fixed in v0.52.0:

  https://prow.k8s.io/view/gs/kubernetes-ci-logs/pr-logs/pull/etcd-io_etcd/21815/pull-etcd-govulncheck/2059609075888427008

Bumping x/crypto to v0.52.0 transitively pulls x/net v0.55.0, which in
turn resolves GO-2026-5026 (idna.ToASCII Punycode-handling) reachable
from server/proxy/httpproxy. Both fixes are required for a clean
govulncheck pass.

Changes:
  - golang.org/x/crypto v0.50.0 -> v0.52.0
  - golang.org/x/net    v0.53.0 -> v0.55.0
  - golang.org/x/sys    v0.43.0 -> v0.45.0 (transitive)
  - golang.org/x/text   v0.36.0 -> v0.37.0 (transitive)

Plus minor tools/mod transitive bumps (x/mod, x/tools) picked up by
go mod tidy.

Followed the documented dependency_management.md workflow:
  - ./scripts/update_dep.sh golang.org/x/crypto v0.52.0
  - ./scripts/update_dep.sh golang.org/x/net    v0.55.0
  - go get on indirect-only modules (api, client/v3, pkg, client/pkg,
    tools/mod) to keep versions consistent across all modules
  - make fix
  - PASSES="dep" ./test.sh -> "SUCCESS: dependencies are consistent
    across modules"

Verified locally:
  - go build ./... clean in all 9 modules touched
  - govulncheck -mode source ./... reports "No vulnerabilities found"
    in all 5 modules that had the affected deps
  - go test ./auth/... (server) passes

Signed-off-by: Ian Chechin <ian00chechin@gmail.com>
@ahrtr
Merge pull request etcd-io#21820 from Deln0r/release-3.5-bump-x-crypto
75bb96d 
[release-3.5] bump golang.org/x/crypto and golang.org/x/net to fix govulncheck
@ivanvc
version: bump up to 3.5.31
5ddacc1 
Signed-off-by: Ivan Valdes <iv@a.ki>
@JSampsonIV
Merge branch 'openshift-4.20' into HEAD
8d9a9da
@JSampsonIV
UPSTREAM: <drop>: manually resolve conflicts
77a7dc8
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Jun 2, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Jun 2, 2026

@JSampsonIV: This pull request references Jira Issue OCPBUGS-86831, which is invalid:

  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
  • expected Jira Issue OCPBUGS-86831 to depend on a bug targeting a version in 4.21.0, 4.21.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Bump from etcd v3.5.26 to v3.5.31

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jun 2, 2026
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 6336491a-4a45-46af-87da-0f5e8cd2536e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested review from hexfusion and tjungblu June 2, 2026 17:27
@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Jun 2, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: JSampsonIV
Once this PR has been reviewed and has the lgtm label, please assign tjungblu for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jubittajohn
Copy link
Copy Markdown

jubittajohn commented Jun 3, 2026

/retest

2 similar comments
@jubittajohn
Copy link
Copy Markdown

jubittajohn commented Jun 3, 2026

/retest

@jubittajohn
Copy link
Copy Markdown

jubittajohn commented Jun 4, 2026

/retest

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Jun 4, 2026

@JSampsonIV: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-ovn e15c7b9 link true /test e2e-aws-ovn
ci/prow/e2e-aws-ovn-serial e15c7b9 link true /test e2e-aws-ovn-serial
ci/prow/configmap-scale e15c7b9 link true /test configmap-scale
ci/prow/images e15c7b9 link true /test images
ci/prow/e2e-aws-ovn-upgrade e15c7b9 link true /test e2e-aws-ovn-upgrade
ci/prow/unit e15c7b9 link true /test unit

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@tjungblu tjungblu mentioned this pull request Jun 5, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hexfusion hexfusion Awaiting requested review from hexfusion

@tjungblu tjungblu Awaiting requested review from tjungblu

Assignees

No one assigned

Labels

jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.