Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release-1.10] Upgrade to latest dependencies #431

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ require (
k8s.io/api v0.25.4
k8s.io/apimachinery v0.25.4
k8s.io/client-go v0.25.4
knative.dev/eventing v0.37.3
knative.dev/eventing v0.37.4
knative.dev/hack v0.0.0-20230417170854-f591fea109b3
knative.dev/pkg v0.0.0-20231011201526-df28feae6d34
knative.dev/serving v0.37.3
knative.dev/pkg v0.0.0-20231023160942-0c39ce4b3a7f
knative.dev/serving v0.37.4
)

require (
Expand Down Expand Up @@ -105,7 +105,7 @@ require (
k8s.io/klog/v2 v2.80.2-0.20221028030830-9ae4992afb54 // indirect
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 // indirect
knative.dev/networking v0.0.0-20230419144338-e5d04e805e50 // indirect
knative.dev/networking v0.0.0-20231012063223-0b0f2107abef // indirect
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
Expand Down
16 changes: 8 additions & 8 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -979,16 +979,16 @@ k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+O
k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8=
k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
knative.dev/eventing v0.37.3 h1:TFJS/bcWJbcY4YvGg+LNEm0qdmeaMAHdUGHKuOmnX9E=
knative.dev/eventing v0.37.3/go.mod h1:DFZEmPkisDkr3jbTQd6mK+Dno3k9yacSgbkJGIDWg3c=
knative.dev/eventing v0.37.4 h1:JPgz4VvYY0/YO9O+5Y4FNUhuZKNxE1Soo8zKs7JdTBU=
knative.dev/eventing v0.37.4/go.mod h1:oGwuBilJ14D1AJyRnsVR3iujY8aw2mhhPSDFCfUaTis=
knative.dev/hack v0.0.0-20230417170854-f591fea109b3 h1:+W4WBOq83tfGXKhtv8OB/uJeYqze3zh69GKiz1ucuqk=
knative.dev/hack v0.0.0-20230417170854-f591fea109b3/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
knative.dev/networking v0.0.0-20230419144338-e5d04e805e50 h1:X9rPBYr7Vrm075q0iXTr7/0oklkYoyqvlnrUwNzcUhI=
knative.dev/networking v0.0.0-20230419144338-e5d04e805e50/go.mod h1:o2MyGpGfU5DoSAWCE2f/jnSC9GjGOplCslbA99yDkGo=
knative.dev/pkg v0.0.0-20231011201526-df28feae6d34 h1:H+K37bEBZ2STSWMjCgrdilj38KKZGVxBbob22K99Y50=
knative.dev/pkg v0.0.0-20231011201526-df28feae6d34/go.mod h1:ZRgzFBFmdBsARm6+Pkr9WRG8bXys8rYq64ELfLG6+9w=
knative.dev/serving v0.37.3 h1:ebJCVLb3ZHnrJHNKDw/v5eO2Yz6F3l6lpRgAuNo4KE8=
knative.dev/serving v0.37.3/go.mod h1:v0Xbfp7olb0Gljm5l4qNuLsIf8/2p1rIt/mphxvx1z0=
knative.dev/networking v0.0.0-20231012063223-0b0f2107abef h1:FSEKaGc2ztb65VPn4EiTsjAFsmmHlYHUq+j+CCPlDtU=
knative.dev/networking v0.0.0-20231012063223-0b0f2107abef/go.mod h1:rMVkShVT/14rtscYC4ZfC0hXghOXqj3EheFUDKYEqns=
knative.dev/pkg v0.0.0-20231023160942-0c39ce4b3a7f h1:XCH1qZqW1riR8cjhMGjewxQXlWPrfgxeUorBjpC6lE4=
knative.dev/pkg v0.0.0-20231023160942-0c39ce4b3a7f/go.mod h1:ZRgzFBFmdBsARm6+Pkr9WRG8bXys8rYq64ELfLG6+9w=
knative.dev/serving v0.37.4 h1:EEd5hAT9GKDQXK/smngt8p4P0P8WW50WJyF09A5QT9M=
knative.dev/serving v0.37.4/go.mod h1:zrzvt9L6RjUFcwcY4o3uSqFIEjWHc2hAPvpBenmUt6w=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
Expand Down
18 changes: 18 additions & 0 deletions vendor/knative.dev/pkg/webhook/webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,17 @@ type Options struct {
// GracePeriod is how long to wait after failing readiness probes
// before shutting down.
GracePeriod time.Duration

// EnableHTTP2 enables HTTP2 for webhooks.
// Mitigate CVE-2023-44487 by disabling HTTP2 by default until the Go
// standard library and golang.org/x/net are fully fixed.
// Right now, it is possible for authenticated and unauthenticated users to
// hold open HTTP2 connections and consume huge amounts of memory.
// See:
// * https://github.com/kubernetes/kubernetes/pull/121120
// * https://github.com/kubernetes/kubernetes/issues/121197
// * https://github.com/golang/go/issues/63417#issuecomment-1758858612
EnableHTTP2 bool
}

// Operation is the verb being operated on
Expand Down Expand Up @@ -219,11 +230,18 @@ func (wh *Webhook) Run(stop <-chan struct{}) error {
QuietPeriod: wh.Options.GracePeriod,
}

// If TLSNextProto is not nil, HTTP/2 support is not enabled automatically.
nextProto := map[string]func(*http.Server, *tls.Conn, http.Handler){}
if wh.Options.EnableHTTP2 {
nextProto = nil
}

server := &http.Server{
Handler: drainer,
Addr: fmt.Sprint(":", wh.Options.Port),
TLSConfig: wh.tlsConfig,
ReadHeaderTimeout: time.Minute, //https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
TLSNextProto: nextProto,
}

eg, ctx := errgroup.WithContext(ctx)
Expand Down
8 changes: 4 additions & 4 deletions vendor/modules.txt
Original file line number Diff line number Diff line change
Expand Up @@ -951,7 +951,7 @@ k8s.io/utils/net
k8s.io/utils/pointer
k8s.io/utils/strings/slices
k8s.io/utils/trace
# knative.dev/eventing v0.37.3
# knative.dev/eventing v0.37.4
## explicit; go 1.19
knative.dev/eventing/pkg/adapter/v2
knative.dev/eventing/pkg/adapter/v2/test
Expand Down Expand Up @@ -998,12 +998,12 @@ knative.dev/eventing/pkg/observability/client
# knative.dev/hack v0.0.0-20230417170854-f591fea109b3
## explicit; go 1.18
knative.dev/hack
# knative.dev/networking v0.0.0-20230419144338-e5d04e805e50
# knative.dev/networking v0.0.0-20231012063223-0b0f2107abef
## explicit; go 1.18
knative.dev/networking/pkg/apis/networking
knative.dev/networking/pkg/apis/networking/v1alpha1
knative.dev/networking/pkg/config
# knative.dev/pkg v0.0.0-20231011201526-df28feae6d34
# knative.dev/pkg v0.0.0-20231023160942-0c39ce4b3a7f
## explicit; go 1.18
knative.dev/pkg/apis
knative.dev/pkg/apis/duck
Expand Down Expand Up @@ -1067,7 +1067,7 @@ knative.dev/pkg/webhook/psbinding
knative.dev/pkg/webhook/resourcesemantics
knative.dev/pkg/webhook/resourcesemantics/defaulting
knative.dev/pkg/webhook/resourcesemantics/validation
# knative.dev/serving v0.37.3
# knative.dev/serving v0.37.4
## explicit; go 1.18
knative.dev/serving/pkg/apis/autoscaling
knative.dev/serving/pkg/apis/autoscaling/v1alpha1
Expand Down
Loading