build(deps): bump deps specifically CVE-2024-45338

2025-01-03 12:41:57 +01:00 · 2025-01-03 12:41:57 +01:00 · f41c764ca7
commit f41c764ca7
parent bdc755f71b
308 changed files with 72185 additions and 132790 deletions
--- a/vendor/github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/app_engine.go
+++ b/vendor/github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/app_engine.go
@ -14,6 +14,8 @@

 package gcp

+import "context"
+
 const (
 	// See https://cloud.google.com/appengine/docs/flexible/python/migrating#modules
 	// for the environment variables available in GAE environments.
@ -67,7 +69,7 @@ func (d *Detector) AppEngineFlexAvailabilityZoneAndRegion() (string, string, err

 // AppEngineStandardAvailabilityZone returns the zone the app engine service is running in.
 func (d *Detector) AppEngineStandardAvailabilityZone() (string, error) {
-	return d.metadata.Zone()
+	return d.metadata.ZoneWithContext(context.TODO())
 }

 // AppEngineStandardCloudRegion returns the region the app engine service is running in.
--- a/vendor/github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/detector.go
+++ b/vendor/github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/detector.go
@ -15,8 +15,10 @@
 package gcp

 import (
+	"context"
 	"errors"
 	"os"
+	"strings"

 	"cloud.google.com/go/compute/metadata"
 )
@ -68,27 +70,24 @@ func (d *Detector) CloudPlatform() Platform {

 // ProjectID returns the ID of the project in which this program is running.
 func (d *Detector) ProjectID() (string, error) {
-	return d.metadata.ProjectID()
+	// N.B. d.metadata.ProjectIDWithContext(context.TODO()) is cached globally, so if we use it here it's untestable.
+	s, err := d.metadata.GetWithContext(context.TODO(), "project/project-id")
+	return strings.TrimSpace(s), err
+}
+
+// instanceID returns the ID of the project in which this program is running.
+func (d *Detector) instanceID() (string, error) {
+	// N.B. d.metadata.InstanceIDWithContext(context.TODO()) is cached globally, so if we use it here it's untestable.
+	s, err := d.metadata.GetWithContext(context.TODO(), "instance/id")
+	return strings.TrimSpace(s), err
 }

 // Detector collects resource information for all GCP platforms.
 type Detector struct {
-	metadata metadataProvider
+	metadata *metadata.Client
 	os       osProvider
 }

-// metadataProvider contains the subset of the metadata.Client functions used
-// by this resource Detector to allow testing with a fake implementation.
-type metadataProvider interface {
-	ProjectID() (string, error)
-	InstanceID() (string, error)
-	Get(string) (string, error)
-	InstanceName() (string, error)
-	Hostname() (string, error)
-	Zone() (string, error)
-	InstanceAttributeValue(string) (string, error)
-}
-
 // osProvider contains the subset of the os package functions used by.
 type osProvider interface {
 	LookupEnv(string) (string, bool)
--- a/vendor/github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/faas.go
+++ b/vendor/github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/faas.go
@ -15,6 +15,7 @@
 package gcp

 import (
+	"context"
 	"strings"
 )

@ -89,7 +90,7 @@ func (d *Detector) CloudRunJobTaskIndex() (string, error) {

 // FaaSID returns the instance id of the Cloud Run or Cloud Function.
 func (d *Detector) FaaSID() (string, error) {
-	return d.metadata.InstanceID()
+	return d.instanceID()
 }

 // FaaSCloudRegion detects region from the metadata server.
@ -97,7 +98,7 @@ func (d *Detector) FaaSID() (string, error) {
 //
 // https://cloud.google.com/run/docs/reference/container-contract#metadata-server
 func (d *Detector) FaaSCloudRegion() (string, error) {
-	region, err := d.metadata.Get(regionMetadataAttr)
+	region, err := d.metadata.GetWithContext(context.TODO(), regionMetadataAttr)
 	if err != nil {
 		return "", err
 	}
--- a/vendor/github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/gce.go
+++ b/vendor/github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/gce.go
@ -15,52 +15,59 @@
 package gcp

 import (
+	"context"
 	"fmt"
+	"regexp"
 	"strings"
+
+	"cloud.google.com/go/compute/metadata"
 )

 // See the available GCE instance metadata:
-// https://cloud.google.com/compute/docs/metadata/default-metadata-values#vm_instance_metadata
+// https://cloud.google.com/compute/docs/metadata/predefined-metadata-keys#instance-metadata
 const machineTypeMetadataAttr = "instance/machine-type"

+// https://cloud.google.com/compute/docs/instance-groups/getting-info-about-migs#checking_if_a_vm_instance_is_part_of_a_mig
+const createdByInstanceAttr = "created-by"
+
 func (d *Detector) onGCE() bool {
-	_, err := d.metadata.Get(machineTypeMetadataAttr)
+	_, err := d.metadata.GetWithContext(context.TODO(), machineTypeMetadataAttr)
 	return err == nil
 }

 // GCEHostType returns the machine type of the instance on which this program is running.
 func (d *Detector) GCEHostType() (string, error) {
-	return d.metadata.Get(machineTypeMetadataAttr)
+	return d.metadata.GetWithContext(context.TODO(), machineTypeMetadataAttr)
 }

 // GCEHostID returns the instance ID of the instance on which this program is running.
 func (d *Detector) GCEHostID() (string, error) {
-	return d.metadata.InstanceID()
+	return d.instanceID()
 }

 // GCEHostName returns the instance name of the instance on which this program is running.
 // Recommended to use GCEInstanceName() or GCEInstanceHostname() to more accurately reflect which
 // value is returned.
 func (d *Detector) GCEHostName() (string, error) {
-	return d.metadata.InstanceName()
+	return d.metadata.InstanceNameWithContext(context.TODO())
 }

 // GCEInstanceName returns the instance name of the instance on which this program is running.
 // This is the value visible in the Cloud Console UI, and the prefix for the default hostname
 // of the instance as defined by the default internal DNS name (see https://cloud.google.com/compute/docs/internal-dns#instance-fully-qualified-domain-names).
 func (d *Detector) GCEInstanceName() (string, error) {
-	return d.metadata.InstanceName()
+	return d.metadata.InstanceNameWithContext(context.TODO())
 }

 // GCEInstanceHostname returns the full value of the default or custom hostname of the instance
 // on which this program is running. See https://cloud.google.com/compute/docs/instances/custom-hostname-vm.
 func (d *Detector) GCEInstanceHostname() (string, error) {
-	return d.metadata.Hostname()
+	return d.metadata.HostnameWithContext(context.TODO())
 }

 // GCEAvailabilityZoneAndRegion returns the zone and region in which this program is running.
 func (d *Detector) GCEAvailabilityZoneAndRegion() (string, string, error) {
-	zone, err := d.metadata.Zone()
+	zone, err := d.metadata.ZoneWithContext(context.TODO())
 	if err != nil {
 		return "", "", err
 	}
@ -73,3 +80,38 @@ func (d *Detector) GCEAvailabilityZoneAndRegion() (string, string, error) {
 	}
 	return zone, strings.Join(splitZone[0:2], "-"), nil
 }
+
+type ManagedInstanceGroup struct {
+	Name     string
+	Location string
+	Type     LocationType
+}
+
+var createdByMIGRE = regexp.MustCompile(`^projects/[^/]+/(zones|regions)/([^/]+)/instanceGroupManagers/([^/]+)$`)
+
+func (d *Detector) GCEManagedInstanceGroup() (ManagedInstanceGroup, error) {
+	createdBy, err := d.metadata.InstanceAttributeValueWithContext(context.TODO(), createdByInstanceAttr)
+	if _, ok := err.(metadata.NotDefinedError); ok {
+		return ManagedInstanceGroup{}, nil
+	} else if err != nil {
+		return ManagedInstanceGroup{}, err
+	}
+	matches := createdByMIGRE.FindStringSubmatch(createdBy)
+	if matches == nil {
+		// The "created-by" key exists, but it doesn't describe a MIG.
+		// Something else must have created this VM.
+		return ManagedInstanceGroup{}, nil
+	}
+
+	mig := ManagedInstanceGroup{
+		Name:     matches[3],
+		Location: matches[2],
+	}
+	switch matches[1] {
+	case "zones":
+		mig.Type = Zone
+	case "regions":
+		mig.Type = Region
+	}
+	return mig, nil
+}
--- a/vendor/github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/gke.go
+++ b/vendor/github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp/gke.go
@ -15,6 +15,7 @@
 package gcp

 import (
+	"context"
 	"fmt"
 	"strings"
 )
@ -31,8 +32,15 @@ const (
 )

 func (d *Detector) onGKE() bool {
+	// Check if we are on k8s first
 	_, found := d.os.LookupEnv(k8sServiceHostEnv)
-	return found
+	if !found {
+		return false
+	}
+	// If we are on k8s, make sure that we are actually on GKE, and not a
+	// different managed k8s platform.
+	_, err := d.metadata.InstanceAttributeValueWithContext(context.TODO(), clusterLocationMetadataAttr)
+	return err == nil
 }

 // GKEHostID returns the instance ID of the instance on which this program is running.
@ -42,7 +50,7 @@ func (d *Detector) GKEHostID() (string, error) {

 // GKEClusterName returns the name if the GKE cluster in which this program is running.
 func (d *Detector) GKEClusterName() (string, error) {
-	return d.metadata.InstanceAttributeValue(clusterNameMetadataAttr)
+	return d.metadata.InstanceAttributeValueWithContext(context.TODO(), clusterNameMetadataAttr)
 }

 type LocationType int64
@ -55,7 +63,7 @@ const (

 // GKEAvailabilityZoneOrRegion returns the location of the cluster and whether the cluster is zonal or regional.
 func (d *Detector) GKEAvailabilityZoneOrRegion() (string, LocationType, error) {
-	clusterLocation, err := d.metadata.InstanceAttributeValue(clusterLocationMetadataAttr)
+	clusterLocation, err := d.metadata.InstanceAttributeValueWithContext(context.TODO(), clusterLocationMetadataAttr)
 	if err != nil {
 		return "", UndefinedLocation, err
 	}