This updates to current `master`,
bc7acd89f703743d050f5cd4a3b9746808e0fdae
Notably, it includes a bug-fix to error handling in the HTTP client,
which we found was hiding errors from CT logs, hindering our debugging.
That fix is
https://github.com/google/certificate-transparency-go/pull/1695
No release has been tagged since this PR merged, so using the `master`
commit.
A few mutual dependencies used by both Boulder and ct-go are updated,
including mysql, otel, and grpc.
Update github.com/google/certificate-transparency-go from v1.1.6 to
v1.3.1. This updates the loglist file schema to recognize logs which are
tagged as being tiled logs / implementing the static CT API.
Transitively update:
- github.com/go-sql-driver/mysql from v1.7.1 to v1.8.1
- github.com/prometheus/client_golang from v1.15.1 to v1.22.0
- github.com/prometheus/client_model from v0.4.0 to v0.6.1
- go.opentelemetry.io/otel from v1.30.0 to v1.31.0
- google.golang.org/grpc from v1.66.1 to v1.69.4
- google.golang.org/protobuf from v1.34.2 to v1.36.5
- and a variety of indirect dependencies
Remove one indirect dependency:
- github.com/matttproud/golang_protobuf_extensions
Add two new indirect dependencies:
- filippo.io/edwards25519@v1.1.0 (used by go-sql-driver to handle
mariadb's custom encryption implementation)
- github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822
(previously inlined into prometheus/common)
Also fix two unit tests which need minor modifications to work with
updated type signatures and behavior.
Part of https://github.com/letsencrypt/boulder/issues/7872
Updates:
- go.opentelemetry.io/contrib/instrumentation (and subpackages) from 0.52.0 to 0.55.0
- go.opentelemetry.io/otel (and subpackages) from 1.27.0 to 1.30.0
Upstream release notes:
https://github.com/open-telemetry/opentelemetry-go-contrib/releases
Also transitively updates a few golang.org/x/ dependencies, and the grpc and protobuf
dependencies.
Protobuf v1.32 fixes a potential stack overflow crash. Boulder doesn't
expose grpc externally so the risk is minimal, but it seems prudent to
upgrade on a regular cadence. IE, this is not a security fix for Boulder.
Upgrade grpc to v1.53.0, as preparation for introducing OpenTelemetry,
which depends on that grpc version.
Two changes to our own code were necessitated by upstream changes:
1. Add a stub implementation of GetOrBuildProducer: this was added to
the balancer.SubConn interface by grpc v1.51.0
2. Change use of Endpoint field to Endpoint() method: the field was
removed and replaced by a method in
https://github.com/grpc/grpc-go/pull/5852. This also means that our
tests can't set the .Endpoint field, so the tests are updated to use the
.URL field instead, and a helper has been added to make that easy.
Part of #6361
This is part of #4116 since the modules system wants higher versions of these.
golang.org/x/text -> v0.3.0
google.golang.org/grpc -> v1.20.0
google.golang.org/genproto -> master
$ go test google.golang.org/genproto/googleapis/rpc/status
? google.golang.org/genproto/googleapis/rpc/status [no test
files]
$ go test golang.org/x/text/{secure/bidirule,transform,unicode/bidi,unicode/norm}
-count=1
ok golang.org/x/text/secure/bidirule 0.016s
ok golang.org/x/text/transform 0.041s
ok golang.org/x/text/unicode/bidi 0.007s
ok golang.org/x/text/unicode/norm 1.800s
$ go test google.golang.org/grpc/{,balancer{,/base,/roundrobin},codes,connectivity,credentials,encoding,encoding/proto,grpclog,internal{,/backoff,/channelz,/envconfig,/grpcrand,/transport},keepalive,metadata,naming,peer,resolver{,/dns,/passthrough},stats,status,tap}
ok google.golang.org/grpc 22.494s
? google.golang.org/grpc/balancer [no test files]
? google.golang.org/grpc/balancer/base [no test files]
ok google.golang.org/grpc/balancer/roundrobin (cached)
ok google.golang.org/grpc/codes (cached)
? google.golang.org/grpc/connectivity [no test files]
ok google.golang.org/grpc/credentials 0.015s
? google.golang.org/grpc/encoding [no test files]
ok google.golang.org/grpc/encoding/proto 0.056s
ok google.golang.org/grpc/grpclog 0.001s
? google.golang.org/grpc/internal [no test files]
? google.golang.org/grpc/internal/backoff [no test files]
ok google.golang.org/grpc/internal/channelz 0.034s
? google.golang.org/grpc/internal/envconfig [no test files]
? google.golang.org/grpc/internal/grpcrand [no test files]
ok google.golang.org/grpc/internal/transport 81.123s
? google.golang.org/grpc/keepalive [no test files]
ok google.golang.org/grpc/metadata 0.005s
ok google.golang.org/grpc/naming 0.187s
? google.golang.org/grpc/peer [no test files]
? google.golang.org/grpc/resolver [no test files]
ok google.golang.org/grpc/resolver/dns 1.594s
? google.golang.org/grpc/resolver/passthrough [no test files]
ok google.golang.org/grpc/stats 0.036s
ok google.golang.org/grpc/status 0.002s
? google.golang.org/grpc/tap [no test files]
Matthew McPherrin
Aaron Gable
dependabot[bot]
Matthew McPherrin
Jacob Hoffman-Andrews