Update github.com/google/certificate-transparency-go from v1.1.6 to
v1.3.1. This updates the loglist file schema to recognize logs which are
tagged as being tiled logs / implementing the static CT API.
Transitively update:
- github.com/go-sql-driver/mysql from v1.7.1 to v1.8.1
- github.com/prometheus/client_golang from v1.15.1 to v1.22.0
- github.com/prometheus/client_model from v0.4.0 to v0.6.1
- go.opentelemetry.io/otel from v1.30.0 to v1.31.0
- google.golang.org/grpc from v1.66.1 to v1.69.4
- google.golang.org/protobuf from v1.34.2 to v1.36.5
- and a variety of indirect dependencies
Remove one indirect dependency:
- github.com/matttproud/golang_protobuf_extensions
Add two new indirect dependencies:
- filippo.io/edwards25519@v1.1.0 (used by go-sql-driver to handle
mariadb's custom encryption implementation)
- github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822
(previously inlined into prometheus/common)
Also fix two unit tests which need minor modifications to work with
updated type signatures and behavior.
Part of https://github.com/letsencrypt/boulder/issues/7872
Version v1.5.0 was released in January 2020, over five years ago. We
have attempted to update this package several times since then -- first
to v1.6.0, later to v1.7.1 -- but have reverted the change due to
nigh-inexplicable performance regressions each time. Since our last
attempt, we believe we have addressed the underlying issue by truncating
timestamps when we talk to the database (see
https://github.com/letsencrypt/boulder/pull/7556) so that our indices
don't try to track nanosecond precision.
We are now ready to reattempt updating this package to v1.7.1 again. If
that goes well, we will further update it to the newest version.
Fixes https://github.com/letsencrypt/boulder/issues/5437
Part of https://github.com/letsencrypt/boulder/issues/7872
This reverts commit fdfea0d469.
With a Go security release out this week we prefer to do a single
release on the new Go version rather than trying to deploy the new
go-sql-driver version.
In 0804e97 we updated `github.com/go-sql-driver/mysql` to a pinned
commit (b4242bab7dc5) newer than the latest tagged release (v1.4.1) to
avoid needing to pull in an extra dep. that was removed since v1.4.1.
Unfortunately for reasons that are not perfectly clear updating
`github.com/google/certificate-transparency-go` is preferring v1.4.1
over the pseudo-version made from the commit newer than v1.4.1 that we
previously pinned.
Since there is movement on making a v1.5.0 go-sql-driver mysql release
tag and we can likely get ct-go to use that we'll temporarily accept
this downgrade to update ct-go.
Unit tests are confirmed to pass:
```
~/go/src/github.com/go-sql-driver/mysql$ git log --pretty=format:'%h' -n 1
72cd26f
~/go/src/github.com/go-sql-driver/mysql$ go test ./...
ok github.com/go-sql-driver/mysql 0.081s
```
The most recent tagged release of mysql is v1.4.1, from a year ago. It
also happens to pull in an unwanted dependency (appengine) that the
latest commit does not.
Tests pass:
$ go test -count=1 github.com/go-sql-driver/mysql
ok github.com/go-sql-driver/mysql 0.068s
Fixes#4530
Aaron Gable
Jacob Hoffman-Andrews
dependabot[bot]
Samantha
Jacob Hoffman-Andrews
Daniel McCarney