Commit Graph

7 Commits

Author SHA1 Message Date
dependabot[bot] 426482781c
build(deps): bump the otel group (#7968)
Update:
- https://github.com/open-telemetry/opentelemetry-go-contrib from 0.55.0 to 0.61.0
- https://github.com/open-telemetry/opentelemetry-go from 1.30.0 to 1.36.0
- several golang.org/x/ packages
- their transitive dependencies
2025-06-06 17:22:48 -07:00
Matthew McPherrin b26b116861
Update certificate-transparency-go for bugfix (#8160)
This updates to current `master`,
bc7acd89f703743d050f5cd4a3b9746808e0fdae

Notably, it includes a bug-fix to error handling in the HTTP client,
which we found was hiding errors from CT logs, hindering our debugging.

That fix is
https://github.com/google/certificate-transparency-go/pull/1695

No release has been tagged since this PR merged, so using the `master`
commit.

A few mutual dependencies used by both Boulder and ct-go are updated,
including mysql, otel, and grpc.
2025-05-06 12:10:53 -07:00
Matthew McPherrin e8d382aec0
Upgrade the protobuf and grpc dependencies in Boulder (#7232)
Protobuf v1.32 fixes a potential stack overflow crash. Boulder doesn't
expose grpc externally so the risk is minimal, but it seems prudent to
upgrade on a regular cadence.  IE, this is not a security fix for Boulder.
2024-01-08 11:23:23 -08:00
Aaron Gable 617b6edea4
Update google.golang.org/grpc to v1.59.0 (#7130)
This version contains mitigations for the HTTP/2 rapid-reset DoS vector.
See https://github.com/advisories/GHSA-m425-mq94-257g for details.

Changelog: https://github.com/grpc/grpc-go/compare/v1.54.0...v1.59.0
2023-11-02 10:20:14 -04:00
Aaron Gable c706609e79
Update grpc from v1.36.1 to v1.49.0 (#6336)
Changelog: https://github.com/grpc/grpc-go/compare/v1.36.1...v1.49.0

The biggest change for us is that grpc.WithBalancerName has
transitioned from deprecated to fully removed. The fix is to replace
it with a JSON-formatted "default config" object, as demonstrated in
https://github.com/grpc/grpc-go/pull/5232#issuecomment-1106921140.

This should unblock updating other dependencies which want to
transitively update gRPC as well.
2022-09-01 13:29:06 -07:00
Aaron Gable 32973392de
Revert "Bump google.golang.org/grpc from 1.36.1 to 1.44.0" (#5981)
Reverts letsencrypt/boulder#5963

Turns out the tests are still flaky -- using the `grpc.WaitForReady(true)`
connection option results in sometimes seeing 9 entries added to the
purger queue, and sometimes 10 entries. Reverting because flakiness
on main should not be tolerated.
2022-03-08 10:32:30 -08:00
dependabot[bot] 2ec03b377b
Bump google.golang.org/grpc from 1.36.1 to 1.44.0 (#5963)
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.36.1 to 1.44.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.36.1...v1.44.0)

Also update akamai-purger integration test to avoid experimental API.

The `conn.GetState()` API is marked experimental and may change behavior
at any time. It appears to have changed between v1.36.1 and v1.44.0,
and so the akamai-purger integration tests which rely on it break.

Rather than writing our own loop which polls `conn.GetState()`, just
use the stable `WaitForReady(true)` connection option, and apply it to
all connections by setting it as a default option in the dial options.
2022-03-07 17:00:20 -08:00