Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-2.10: Update grpc-go and golang.org/x/net libraries #6349

Merged
merged 9 commits into from
Oct 12, 2023
Merged

release-2.10: Update grpc-go and golang.org/x/net libraries #6349

merged 9 commits into from
Oct 12, 2023

Conversation

pstibrany
Copy link
Member

@pstibrany pstibrany commented Oct 12, 2023
edited
Loading

What this PR does

This PR updates grpc-go library to 1.57.1 and golang.org/x/net to 0.17. These versions include fix for CVE-2023-44487.

Checklist

  • [na] Tests updated
  • [na] Documentation added
  • CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

@pstibrany
Update gRPC-go library
4aed35c 
Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany pstibrany requested review from grafanabot and a team as code owners October 12, 2023 07:28
@pstibrany pstibrany mentioned this pull request Oct 12, 2023
Merged
1 task
@pstibrany
Fix changelog entry.
1c3e5de 
Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
ying-jeanne
ying-jeanne approved these changes Oct 12, 2023
View reviewed changes
Copy link
Contributor

@ying-jeanne ying-jeanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pstibrany
Increase timeout for writes to ingesters to give tests bit more room …
4efc767 
…to succeed.

Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany
Increase timeout for writes to ingesters to give tests bit more room …
19c065f 
…to succeed.

Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany
Increase timeout for writes to ingesters to give tests bit more room …
a0eff4f 
…to succeed.

Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany
Increase timeout for writes to ingesters to give tests bit more room …
fcb5730 
…to succeed.

Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany
Copy link
Member Author

Failing integration tests are passing just fine locally, so I'm trying to increase timeouts in the tests. (Write timeout in distributor, timeout for updated metrics)

@pstibrany
Disable flaky tests.
4daceec 
Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany
Update golang.org/x/net as well.
474c20e 
Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany pstibrany changed the title release-2.10: Update grpc-go library release-2.10: Update grpc-go and golang.org/x/net libraries Oct 12, 2023
@pstibrany
Copy link
Member Author

I've updated this PR to also update golang.org/x/net library, because it has yet another http2 server. Even though Mimir doesn't use it, scanners would flag that version as vulnerable.

@pstibrany
Ignore flaky test.
71b6651 
Signed-off-by: Peter Štibraný <pstibrany@gmail.com>
@pstibrany pstibrany merged commit f84b504 into release-2.10 Oct 12, 2023
28 checks passed
@pstibrany pstibrany deleted the update-grpc branch October 12, 2023 19:34
@sviatlo
Copy link
Contributor

sviatlo commented Oct 15, 2023

Failing integration tests are passing just fine locally, so I'm trying to increase timeouts in the tests. (Write timeout in distributor, timeout for updated metrics)

It happened to us today when we deployed 2.10.2 in production. Ended up rolling back.

@sviatlo sviatlo mentioned this pull request Oct 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pracucci pracucci pracucci approved these changes

@ying-jeanne ying-jeanne ying-jeanne approved these changes

@grafanabot grafanabot Awaiting requested review from grafanabot grafanabot is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pstibrany @sviatlo @pracucci @ying-jeanne