dependabot[bot] opened a new pull request #1523: URL: https://github.com/apache/dubbo-go/pull/1523
Bumps [go.etcd.io/etcd/api/v3](https://github.com/etcd-io/etcd) from 3.5.0 to 3.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/etcd-io/etcd/releases";>go.etcd.io/etcd/api/v3's releases</a>.</em></p> <blockquote> <h2>v3.5.1</h2> <p>Please see <a href="https://etcd.io/blog/2021/announcing-etcd-3.5/";>Announcing etcd 3.5 blog post</a>.</p> <p>Please check out <a href="https://github.com/etcd-io/etcd/blob/master/CHANGELOG-3.5.md";>CHANGELOG</a> for a full list of changes. And make sure to read <a href="https://github.com/etcd-io/website/blob/main/content/en/docs/v3.5/upgrades/upgrade_3_5.md";>upgrade guide</a> before upgrading etcd (there may be breaking changes).</p> <p>For installation guides, please check out <a href="http://play.etcd.io";>play.etcd.io</a> and <a href="https://github.com/etcd-io/etcd/tree/master/Documentation#operating-etcd-clusters";>operating etcd</a>. Latest support status for common architectures and operating systems can be found at <a href="https://github.com/etcd-io/website/blob/main/content/en/docs/next/op-guide/supported-platform.md";>supported platforms</a>.</p> <h6>Linux</h6> <pre lang="bash"><code>ETCD_VER=v3.5.1 <h1>choose either URL</h1> <p>GOOGLE_URL=<a href="https://storage.googleapis.com/etcd";>https://storage.googleapis.com/etcd</a> GITHUB_URL=<a href="https://github.com/etcd-io/etcd/releases/download";>https://github.com/etcd-io/etcd/releases/download</a> DOWNLOAD_URL=${GOOGLE_URL}</p> <p>rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test</p> <p>curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1 rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz</p> <p>/tmp/etcd-download-test/etcd --version /tmp/etcd-download-test/etcdctl version /tmp/etcd-download-test/etcdutl version </code></pre></p> <pre lang="bash"><code># start a local etcd server /tmp/etcd-download-test/etcd # write,read to etcd /tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 put foo bar /tmp/etcd-download-test/etcdctl --endpoints=localhost:2379 get foo </code></pre> <h6>macOS (Darwin)</h6> <pre lang="bash"><code>ETCD_VER=v3.5.1 <h1>choose either URL</h1> <p>GOOGLE_URL=<a href="https://storage.googleapis.com/etcd";>https://storage.googleapis.com/etcd</a> GITHUB_URL=<a href="https://github.com/etcd-io/etcd/releases/download";>https://github.com/etcd-io/etcd/releases/download</a> DOWNLOAD_URL=${GOOGLE_URL}</p> <p>rm -f /tmp/etcd-${ETCD_VER}-darwin-amd64.zip rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test </tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/etcd-io/etcd/blob/main/CHANGELOG-3.5.md";>go.etcd.io/etcd/api/v3's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/etcd-io/etcd/releases/tag/v3.5.1";>v3.5.1</a> (2021-10-15)</h2> <p>See <a href="https://github.com/etcd-io/etcd/compare/v3.5.0...v3.5.1";>code changes</a> and <a href="https://etcd.io/docs/latest/upgrades/upgrade_3_5/";>v3.5 upgrade guide</a> for any breaking changes.</p> <h3>etcd server</h3> <ul> <li>Fix <a href="https://github-redirect.dependabot.com/etcd-io/etcd/pull/13237";>self-signed-cert-validity parameter cannot be specified in the config file</a>.</li> <li>Fix <a href="https://github-redirect.dependabot.com/etcd-io/etcd/pull/13348";>ensure that cluster members stored in v2store and backend are in sync</a></li> </ul> <h3>etcd client</h3> <ul> <li><a href="https://github-redirect.dependabot.com/etcd-io/etcd/issues/13192";>Fix etcd client sends invalid :authority header</a></li> </ul> <h3>package clientv3</h3> <ul> <li>Endpoints self identify now as <code>etcd-endpoints://{id}/{authority}</code> where authority is based on first endpoint passed, for example <code>etcd-endpoints://0xc0009d8540/localhost:2079</code></li> </ul> <h3>tools/benchmark</h3> <ul> <li><a href="https://github-redirect.dependabot.com/etcd-io/etcd/pull/13416";>Add etcd client autoSync flag</a></li> </ul> <h3>Other</h3> <ul> <li>Updated <a href="https://github-redirect.dependabot.com/etcd-io/etcd/pull/13386";>base image</a> from <code>debian:buster-v1.4.0</code> to <code>debian:bullseye-20210927</code> to fix the following critical CVEs: <ul> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3711";>CVE-2021-3711</a>: miscalculation of a buffer size in openssl's SM2 decryption</li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-35942";>CVE-2021-35942</a>: integer overflow flaw in glibc</li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-9893";>CVE-2019-9893</a>: incorrect syscall argument generation in libseccomp</li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36159";>CVE-2021-36159</a>: libfetch in apk-tools mishandles numeric strings in FTP and HTTP protocols to allow out of bound reads.</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/etcd-io/etcd/commit/d42e8589e1305d893eeec9e7db746f6f4a76c250";><code>d42e858</code></a> version: 3.5.1</li> <li><a href="https://github.com/etcd-io/etcd/commit/ec562294f7c20f9c3c9bbbc14c6231e97515670b";><code>ec56229</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/etcd-io/etcd/issues/13380";>#13380</a> from hexfusion/cp-13376</li> <li><a href="https://github.com/etcd-io/etcd/commit/bad9a52c4c8c63c67eda5946c1eca8c07b219f24";><code>bad9a52</code></a> Dockerfile: bump debian bullseye-20210927</li> <li><a href="https://github.com/etcd-io/etcd/commit/edb3b5a7946d8be38588f8071ef8c92a4bde3300";><code>edb3b5a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/etcd-io/etcd/issues/13375";>#13375</a> from serathius/authority-3.5</li> <li><a href="https://github.com/etcd-io/etcd/commit/79f9a4557461783f467679e869bd143228d9d406";><code>79f9a45</code></a> client: Use first endpoint as http2 authority header</li> <li><a href="https://github.com/etcd-io/etcd/commit/7f25a500e35ff91f7ebe097dcdfcd226b4950314";><code>7f25a50</code></a> tests: Add grpc authority e2e tests</li> <li><a href="https://github.com/etcd-io/etcd/commit/58d2b12a5016956fa9b451c77c3779f7c03f13fd";><code>58d2b12</code></a> client: Add grpc authority header integration tests</li> <li><a href="https://github.com/etcd-io/etcd/commit/6e04e8ae42e62959afc59ae0238beb2fed270601";><code>6e04e8a</code></a> tests: Allow configuring integration tests to use TCP</li> <li><a href="https://github.com/etcd-io/etcd/commit/7272a9585db16af8b83fa2b7d893aaf4a61a98c7";><code>7272a95</code></a> test: Use unique number for grpc port</li> <li><a href="https://github.com/etcd-io/etcd/commit/0bac49bda46d20bf2845e8f7eec47d36ea8658eb";><code>0bac49b</code></a> tests: Cleanup member interface by exposing Bridge directly</li> <li>Additional commits viewable in <a href="https://github.com/etcd-io/etcd/compare/v3.5.0...v3.5.1";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
