hack/pin-dependency.sh golang.org/x/crypto release-branch.go1.15
hack/pin-dependency.sh golang.org/x/mod release-branch.go1.15
hack/pin-dependency.sh golang.org/x/net release-branch.go1.15
hack/pin-dependency.sh golang.org/x/text v0.3.3
hack/pin-dependency.sh golang.org/x/tools release-branch.go1.15
hack/pin-dependency.sh golang.org/x/xerrors release-branch.go1.15
Did not pin golang.org/x/sys to release-branch.go1.15 because we require a newer level
Updated etcd to v3.4.10 to include this fix:
- change protobuf field type from int to int64
This should fix increased flakyness in a lot of node e2e tests.
when the systemd cgroup manager is used, controllers not handled by
systemd are created manually afterwards.
libcontainer didn't correctly cleanup these cgroups that were leaked
on cgroup v1.
Closes: https://github.com/kubernetes/kubernetes/issues/92766
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
last CNI library release is 0.7.1 from Jun 11, 2019.
Since then, there was introduced new feature and bugfixes.
Currently, this library is only being used by dockershim,
the other CRI plugins are vendoring it directly
However, this will help also to mitigate some of the issues with the
CI jobs that are still using dockershim.
Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
Hello gophers,
Version v0.3.3 of golang.org/x/text fixes a vulnerability in the golang.org/x/text/encoding/unicode package which could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory.
An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
transform.String has also been hardened not to enter an infinite loop if a Transformer keeps returning ErrShortSrc even if atEOF is true.
This issue was first filed as Issue 39491 by GitHub user abacabadabacaba and reported to the security team by Anton Gyllenberg. It is tracked as CVE-2020-14040.
Cheers,
Katie for the Go team
