You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@dubbo.apache.org by GitBox <gi...@apache.org> on 2021/10/18 12:15:48 UTC
[GitHub] [dubbo-go] dependabot[bot] opened a new pull request #1524: build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.0 to 3.5.1
dependabot[bot] opened a new pull request #1524:
URL: https://github.com/apache/dubbo-go/pull/1524
Bumps [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) from 3.5.0 to 3.5.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/etcd-io/etcd/releases">go.etcd.io/etcd/client/v3's releases</a>.</em></p>
<blockquote>
<h2>v3.5.1</h2>
<p>Please see <a href="https://etcd.io/blog/2021/announcing-etcd-3.5/">Announcing etcd 3.5 blog post</a>.</p>
<p>Please check out <a href="https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.5.md">CHANGELOG</a> for a full list of changes. And make sure to read <a href="https://github.com/etcd-io/website/blob/main/content/en/docs/v3.5/upgrades/upgrade_3_5.md">upgrade guide</a> before upgrading etcd (there may be breaking changes).</p>
<p>For installation guides, please check out <a href="http://play.etcd.io">play.etcd.io</a> and <a href="https://github.com/etcd-io/etcd/tree/master/Documentation#operating-etcd-clusters">operating etcd</a>. Latest support status for common architectures and operating systems can be found at <a href="https://github.com/etcd-io/website/blob/main/content/en/docs/next/op-guide/supported-platform.md">supported platforms</a>.</p>
<h6>Linux</h6>
<pre lang="bash"><code>ETCD_VER=v3.5.1
<h1>choose either URL</h1>
<p>GOOGLE_URL=<a href="https://storage.googleapis.com/etcd">https://storage.googleapis.com/etcd</a>
GITHUB_URL=<a href="https://github.com/etcd-io/etcd/releases/download">https://github.com/etcd-io/etcd/releases/download</a>
DOWNLOAD_URL=${GOOGLE_URL}</p>
<p>rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test</p>
<p>curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz</p>
<p>/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version
</code></pre></p>
<pre lang="bash"><code># start a local etcd server
/tmp/etcd-download-test/etcd
# write,read to etcd
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 put foo bar
/tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 get foo
</code></pre>
<h6>macOS (Darwin)</h6>
<pre lang="bash"><code>ETCD_VER=v3.5.1
<h1>choose either URL</h1>
<p>GOOGLE_URL=<a href="https://storage.googleapis.com/etcd">https://storage.googleapis.com/etcd</a>
GITHUB_URL=<a href="https://github.com/etcd-io/etcd/releases/download">https://github.com/etcd-io/etcd/releases/download</a>
DOWNLOAD_URL=${GOOGLE_URL}</p>
<p>rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
</tr></table>
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/etcd-io/etcd/blob/main/CHANGELOG-3.5.md">go.etcd.io/etcd/client/v3's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/etcd-io/etcd/releases/tag/v3.5.1">v3.5.1</a> (2021-10-15)</h2>
<p>See <a href="https://github.com/etcd-io/etcd/compare/v3.5.0...v3.5.1">code changes</a> and <a href="https://etcd.io/docs/latest/upgrades/upgrade_3_5/">v3.5 upgrade guide</a> for any breaking changes.</p>
<h3>etcd server</h3>
<ul>
<li>Fix <a href="https://github-redirect.dependabot.com/etcd-io/etcd/pull/13237">self-signed-cert-validity parameter cannot be specified in the config file</a>.</li>
<li>Fix <a href="https://github-redirect.dependabot.com/etcd-io/etcd/pull/13348">ensure that cluster members stored in v2store and backend are in sync</a></li>
</ul>
<h3>etcd client</h3>
<ul>
<li><a href="https://github-redirect.dependabot.com/etcd-io/etcd/issues/13192">Fix etcd client sends invalid :authority header</a></li>
</ul>
<h3>package clientv3</h3>
<ul>
<li>Endpoints self identify now as <code>etcd-endpoints://{id}/{authority}</code> where authority is based on first endpoint passed, for example <code>etcd-endpoints://0xc0009d8540/localhost:2079</code></li>
</ul>
<h3>tools/benchmark</h3>
<ul>
<li><a href="https://github-redirect.dependabot.com/etcd-io/etcd/pull/13416">Add etcd client autoSync flag</a></li>
</ul>
<h3>Other</h3>
<ul>
<li>Updated <a href="https://github-redirect.dependabot.com/etcd-io/etcd/pull/13386">base image</a> from <code>debian:buster-v1.4.0</code> to <code>debian:bullseye-20210927</code> to fix the following critical CVEs:
<ul>
<li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3711">CVE-2021-3711</a>: miscalculation of a buffer size in openssl's SM2 decryption</li>
<li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-35942">CVE-2021-35942</a>: integer overflow flaw in glibc</li>
<li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-9893">CVE-2019-9893</a>: incorrect syscall argument generation in libseccomp</li>
<li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36159">CVE-2021-36159</a>: libfetch in apk-tools mishandles numeric strings in FTP and HTTP protocols to allow out of bound reads.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/etcd-io/etcd/commit/d42e8589e1305d893eeec9e7db746f6f4a76c250"><code>d42e858</code></a> version: 3.5.1</li>
<li><a href="https://github.com/etcd-io/etcd/commit/ec562294f7c20f9c3c9bbbc14c6231e97515670b"><code>ec56229</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/etcd-io/etcd/issues/13380">#13380</a> from hexfusion/cp-13376</li>
<li><a href="https://github.com/etcd-io/etcd/commit/bad9a52c4c8c63c67eda5946c1eca8c07b219f24"><code>bad9a52</code></a> Dockerfile: bump debian bullseye-20210927</li>
<li><a href="https://github.com/etcd-io/etcd/commit/edb3b5a7946d8be38588f8071ef8c92a4bde3300"><code>edb3b5a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/etcd-io/etcd/issues/13375">#13375</a> from serathius/authority-3.5</li>
<li><a href="https://github.com/etcd-io/etcd/commit/79f9a4557461783f467679e869bd143228d9d406"><code>79f9a45</code></a> client: Use first endpoint as http2 authority header</li>
<li><a href="https://github.com/etcd-io/etcd/commit/7f25a500e35ff91f7ebe097dcdfcd226b4950314"><code>7f25a50</code></a> tests: Add grpc authority e2e tests</li>
<li><a href="https://github.com/etcd-io/etcd/commit/58d2b12a5016956fa9b451c77c3779f7c03f13fd"><code>58d2b12</code></a> client: Add grpc authority header integration tests</li>
<li><a href="https://github.com/etcd-io/etcd/commit/6e04e8ae42e62959afc59ae0238beb2fed270601"><code>6e04e8a</code></a> tests: Allow configuring integration tests to use TCP</li>
<li><a href="https://github.com/etcd-io/etcd/commit/7272a9585db16af8b83fa2b7d893aaf4a61a98c7"><code>7272a95</code></a> test: Use unique number for grpc port</li>
<li><a href="https://github.com/etcd-io/etcd/commit/0bac49bda46d20bf2845e8f7eec47d36ea8658eb"><code>0bac49b</code></a> tests: Cleanup member interface by exposing Bridge directly</li>
<li>Additional commits viewable in <a href="https://github.com/etcd-io/etcd/compare/v3.5.0...v3.5.1">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo-go] AlexStocks closed pull request #1524: build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.0 to 3.5.1
Posted by GitBox <gi...@apache.org>.
AlexStocks closed pull request #1524:
URL: https://github.com/apache/dubbo-go/pull/1524
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo-go] dependabot[bot] commented on pull request #1524: build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.0 to 3.5.1
Posted by GitBox <gi...@apache.org>.
dependabot[bot] commented on pull request #1524:
URL: https://github.com/apache/dubbo-go/pull/1524#issuecomment-945829871
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting `@dependabot ignore this major version` or `@dependabot ignore this minor version`. You can also ignore all major, minor, or patch releases for a dependency by adding an [`ignore` condition](https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#ignore) with the desired `update_types` to your config file.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo-go] codecov-commenter commented on pull request #1524: build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.0 to 3.5.1
Posted by GitBox <gi...@apache.org>.
codecov-commenter commented on pull request #1524:
URL: https://github.com/apache/dubbo-go/pull/1524#issuecomment-945716276
# [Codecov](https://codecov.io/gh/apache/dubbo-go/pull/1524?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#1524](https://codecov.io/gh/apache/dubbo-go/pull/1524?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (96b6587) into [3.0](https://codecov.io/gh/apache/dubbo-go/commit/267c06efa9acdf5dc3b8bf8dd7d7bd0f1585a088?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (267c06e) will **decrease** coverage by `0.04%`.
> The diff coverage is `n/a`.
[](https://codecov.io/gh/apache/dubbo-go/pull/1524?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
```diff
@@ Coverage Diff @@
## 3.0 #1524 +/- ##
==========================================
- Coverage 41.81% 41.77% -0.05%
==========================================
Files 259 259
Lines 15132 15132
==========================================
- Hits 6328 6321 -7
- Misses 8063 8068 +5
- Partials 741 743 +2
```
| [Impacted Files](https://codecov.io/gh/apache/dubbo-go/pull/1524?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [...tocol/rest/server/server\_impl/go\_restful\_server.go](https://codecov.io/gh/apache/dubbo-go/pull/1524/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-cHJvdG9jb2wvcmVzdC9zZXJ2ZXIvc2VydmVyX2ltcGwvZ29fcmVzdGZ1bF9zZXJ2ZXIuZ28=) | `41.37% <0.00%> (-3.45%)` | :arrow_down: |
| [remoting/kubernetes/watch.go](https://codecov.io/gh/apache/dubbo-go/pull/1524/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-cmVtb3Rpbmcva3ViZXJuZXRlcy93YXRjaC5nbw==) | `76.85% <0.00%> (-1.86%)` | :arrow_down: |
| [remoting/kubernetes/registry\_controller.go](https://codecov.io/gh/apache/dubbo-go/pull/1524/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-cmVtb3Rpbmcva3ViZXJuZXRlcy9yZWdpc3RyeV9jb250cm9sbGVyLmdv) | `50.64% <0.00%> (-0.98%)` | :arrow_down: |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/dubbo-go/pull/1524?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/dubbo-go/pull/1524?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [267c06e...96b6587](https://codecov.io/gh/apache/dubbo-go/pull/1524?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org