diff --git a/ci/resources/stemcell-version-bump/go.mod b/ci/resources/stemcell-version-bump/go.mod index 397da198..f11fd28d 100644 --- a/ci/resources/stemcell-version-bump/go.mod +++ b/ci/resources/stemcell-version-bump/go.mod @@ -7,7 +7,7 @@ toolchain go1.24.1 require ( cloud.google.com/go/storage v1.58.0 github.com/stretchr/testify v1.11.1 - google.golang.org/api v0.257.0 + google.golang.org/api v0.258.0 ) require ( @@ -46,17 +46,17 @@ require ( go.opentelemetry.io/otel/sdk v1.38.0 // indirect go.opentelemetry.io/otel/sdk/metric v1.38.0 // indirect go.opentelemetry.io/otel/trace v1.38.0 // indirect - golang.org/x/crypto v0.45.0 // indirect - golang.org/x/net v0.47.0 // indirect - golang.org/x/oauth2 v0.33.0 // indirect - golang.org/x/sync v0.18.0 // indirect - golang.org/x/sys v0.38.0 // indirect - golang.org/x/text v0.31.0 // indirect + golang.org/x/crypto v0.46.0 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/oauth2 v0.34.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect golang.org/x/time v0.14.0 // indirect google.golang.org/genproto v0.0.0-20250922171735-9219d122eba9 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 // indirect google.golang.org/grpc v1.77.0 // indirect - google.golang.org/protobuf v1.36.10 // indirect + google.golang.org/protobuf v1.36.11 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/ci/resources/stemcell-version-bump/go.sum b/ci/resources/stemcell-version-bump/go.sum index 2893ad8c..6be4ffed 100644 --- a/ci/resources/stemcell-version-bump/go.sum +++ b/ci/resources/stemcell-version-bump/go.sum @@ -99,34 +99,34 @@ go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6 go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA= go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE= go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= -golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= -golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= -golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= -golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= -golang.org/x/oauth2 v0.33.0 h1:4Q+qn+E5z8gPRJfmRy7C2gGG3T4jIprK6aSYgTXGRpo= -golang.org/x/oauth2 v0.33.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= -golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= -golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= -golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= -golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= -golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= +golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= +golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/api v0.257.0 h1:8Y0lzvHlZps53PEaw+G29SsQIkuKrumGWs9puiexNAA= -google.golang.org/api v0.257.0/go.mod h1:4eJrr+vbVaZSqs7vovFd1Jb/A6ml6iw2e6FBYf3GAO4= +google.golang.org/api v0.258.0 h1:IKo1j5FBlN74fe5isA2PVozN3Y5pwNKriEgAXPOkDAc= +google.golang.org/api v0.258.0/go.mod h1:qhOMTQEZ6lUps63ZNq9jhODswwjkjYYguA7fA3TBFww= google.golang.org/genproto v0.0.0-20250922171735-9219d122eba9 h1:LvZVVaPE0JSqL+ZWb6ErZfnEOKIqqFWUJE2D0fObSmc= google.golang.org/genproto v0.0.0-20250922171735-9219d122eba9/go.mod h1:QFOrLhdAe2PsTp3vQY4quuLKTi9j3XG3r6JPPaw7MSc= google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba h1:B14OtaXuMaCQsl2deSvNkyPKIzq3BjfxQp8d00QyWx4= google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba/go.mod h1:G5IanEx8/PgI9w6CFcYQf7jMtHQhZruvfM1i3qOqk5U= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846 h1:Wgl1rcDNThT+Zn47YyCXOXyX/COgMTIdhJ717F0l4xk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 h1:2I6GHUeJ/4shcDpoUlLs/2WPnhg7yJwvXtqcMJt9liA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM= google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig= -google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= -google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/ci/resources/stemcell-version-bump/resource/gcs_client.go b/ci/resources/stemcell-version-bump/resource/gcs_client.go index e846a185..7db3cbb1 100644 --- a/ci/resources/stemcell-version-bump/resource/gcs_client.go +++ b/ci/resources/stemcell-version-bump/resource/gcs_client.go @@ -14,7 +14,7 @@ type GCSClient struct { } func NewGCSClient(jsonKey string) (GCSClient, error) { - client, err := storage.NewClient(context.TODO(), option.WithCredentialsJSON([]byte(jsonKey))) + client, err := storage.NewClient(context.TODO(), option.WithAuthCredentialsJSON(option.ServiceAccount, []byte(jsonKey))) if err != nil { return GCSClient{}, fmt.Errorf("failed to create GCS storage client: %w", err) } diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/net/http2/transport.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/net/http2/transport.go index 1965913e..ccb87e6d 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/net/http2/transport.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/net/http2/transport.go @@ -376,11 +376,24 @@ type ClientConn struct { // completely unresponsive connection. pendingResets int + // readBeforeStreamID is the smallest stream ID that has not been followed by + // a frame read from the peer. We use this to determine when a request may + // have been sent to a completely unresponsive connection: + // If the request ID is less than readBeforeStreamID, then we have had some + // indication of life on the connection since sending the request. + readBeforeStreamID uint32 + // reqHeaderMu is a 1-element semaphore channel controlling access to sending new requests. // Write to reqHeaderMu to lock it, read from it to unlock. // Lock reqmu BEFORE mu or wmu. reqHeaderMu chan struct{} + // internalStateHook reports state changes back to the net/http.ClientConn. + // Note that this is different from the user state hook registered by + // net/http.ClientConn.SetStateHook: The internal hook calls ClientConn, + // which calls the user hook. + internalStateHook func() + // wmu is held while writing. // Acquire BEFORE mu when holding both, to avoid blocking mu on network writes. // Only acquire both at the same time when changing peer settings. @@ -710,7 +723,7 @@ func canRetryError(err error) bool { func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse bool) (*ClientConn, error) { if t.transportTestHooks != nil { - return t.newClientConn(nil, singleUse) + return t.newClientConn(nil, singleUse, nil) } host, _, err := net.SplitHostPort(addr) if err != nil { @@ -720,7 +733,7 @@ func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse b if err != nil { return nil, err } - return t.newClientConn(tconn, singleUse) + return t.newClientConn(tconn, singleUse, nil) } func (t *Transport) newTLSConfig(host string) *tls.Config { @@ -772,10 +785,10 @@ func (t *Transport) expectContinueTimeout() time.Duration { } func (t *Transport) NewClientConn(c net.Conn) (*ClientConn, error) { - return t.newClientConn(c, t.disableKeepAlives()) + return t.newClientConn(c, t.disableKeepAlives(), nil) } -func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, error) { +func (t *Transport) newClientConn(c net.Conn, singleUse bool, internalStateHook func()) (*ClientConn, error) { conf := configFromTransport(t) cc := &ClientConn{ t: t, @@ -797,6 +810,7 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro pings: make(map[[8]byte]chan struct{}), reqHeaderMu: make(chan struct{}, 1), lastActive: time.Now(), + internalStateHook: internalStateHook, } if t.transportTestHooks != nil { t.transportTestHooks.newclientconn(cc) @@ -1037,10 +1051,7 @@ func (cc *ClientConn) idleStateLocked() (st clientConnIdleState) { maxConcurrentOkay = cc.currentRequestCountLocked() < int(cc.maxConcurrentStreams) } - st.canTakeNewRequest = cc.goAway == nil && !cc.closed && !cc.closing && maxConcurrentOkay && - !cc.doNotReuse && - int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32 && - !cc.tooIdleLocked() + st.canTakeNewRequest = maxConcurrentOkay && cc.isUsableLocked() // If this connection has never been used for a request and is closed, // then let it take a request (which will fail). @@ -1056,6 +1067,31 @@ func (cc *ClientConn) idleStateLocked() (st clientConnIdleState) { return } +func (cc *ClientConn) isUsableLocked() bool { + return cc.goAway == nil && + !cc.closed && + !cc.closing && + !cc.doNotReuse && + int64(cc.nextStreamID)+2*int64(cc.pendingRequests) < math.MaxInt32 && + !cc.tooIdleLocked() +} + +// canReserveLocked reports whether a net/http.ClientConn can reserve a slot on this conn. +// +// This follows slightly different rules than clientConnIdleState.canTakeNewRequest. +// We only permit reservations up to the conn's concurrency limit. +// This differs from ClientConn.ReserveNewRequest, which permits reservations +// past the limit when StrictMaxConcurrentStreams is set. +func (cc *ClientConn) canReserveLocked() bool { + if cc.currentRequestCountLocked() >= int(cc.maxConcurrentStreams) { + return false + } + if !cc.isUsableLocked() { + return false + } + return true +} + // currentRequestCountLocked reports the number of concurrency slots currently in use, // including active streams, reserved slots, and reset streams waiting for acknowledgement. func (cc *ClientConn) currentRequestCountLocked() int { @@ -1067,6 +1103,14 @@ func (cc *ClientConn) canTakeNewRequestLocked() bool { return st.canTakeNewRequest } +// availableLocked reports the number of concurrency slots available. +func (cc *ClientConn) availableLocked() int { + if !cc.canTakeNewRequestLocked() { + return 0 + } + return max(0, int(cc.maxConcurrentStreams)-cc.currentRequestCountLocked()) +} + // tooIdleLocked reports whether this connection has been been sitting idle // for too much wall time. func (cc *ClientConn) tooIdleLocked() bool { @@ -1091,6 +1135,7 @@ func (cc *ClientConn) closeConn() { t := time.AfterFunc(250*time.Millisecond, cc.forceCloseConn) defer t.Stop() cc.tconn.Close() + cc.maybeCallStateHook() } // A tls.Conn.Close can hang for a long time if the peer is unresponsive. @@ -1616,6 +1661,8 @@ func (cs *clientStream) cleanupWriteRequest(err error) { } bodyClosed := cs.reqBodyClosed closeOnIdle := cc.singleUse || cc.doNotReuse || cc.t.disableKeepAlives() || cc.goAway != nil + // Have we read any frames from the connection since sending this request? + readSinceStream := cc.readBeforeStreamID > cs.ID cc.mu.Unlock() if mustCloseBody { cs.reqBody.Close() @@ -1647,8 +1694,10 @@ func (cs *clientStream) cleanupWriteRequest(err error) { // // This could be due to the server becoming unresponsive. // To avoid sending too many requests on a dead connection, - // we let the request continue to consume a concurrency slot - // until we can confirm the server is still responding. + // if we haven't read any frames from the connection since + // sending this request, we let it continue to consume + // a concurrency slot until we can confirm the server is + // still responding. // We do this by sending a PING frame along with the RST_STREAM // (unless a ping is already in flight). // @@ -1659,7 +1708,7 @@ func (cs *clientStream) cleanupWriteRequest(err error) { // because it's short lived and will probably be closed before // we get the ping response. ping := false - if !closeOnIdle { + if !closeOnIdle && !readSinceStream { cc.mu.Lock() // rstStreamPingsBlocked works around a gRPC behavior: // see comment on the field for details. @@ -1693,6 +1742,7 @@ func (cs *clientStream) cleanupWriteRequest(err error) { } close(cs.donec) + cc.maybeCallStateHook() } // awaitOpenSlotForStreamLocked waits until len(streams) < maxConcurrentStreams. @@ -2745,6 +2795,7 @@ func (rl *clientConnReadLoop) streamByID(id uint32, headerOrData bool) *clientSt // See comment on ClientConn.rstStreamPingsBlocked for details. rl.cc.rstStreamPingsBlocked = false } + rl.cc.readBeforeStreamID = rl.cc.nextStreamID cs := rl.cc.streams[id] if cs != nil && !cs.readAborted { return cs @@ -2795,6 +2846,7 @@ func (rl *clientConnReadLoop) processSettings(f *SettingsFrame) error { func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { cc := rl.cc + defer cc.maybeCallStateHook() cc.mu.Lock() defer cc.mu.Unlock() @@ -2975,6 +3027,7 @@ func (cc *ClientConn) Ping(ctx context.Context) error { func (rl *clientConnReadLoop) processPing(f *PingFrame) error { if f.IsAck() { cc := rl.cc + defer cc.maybeCallStateHook() cc.mu.Lock() defer cc.mu.Unlock() // If ack, notify listener if any @@ -3198,9 +3251,13 @@ func registerHTTPSProtocol(t *http.Transport, rt noDialH2RoundTripper) (err erro } // noDialH2RoundTripper is a RoundTripper which only tries to complete the request -// if there's already has a cached connection to the host. +// if there's already a cached connection to the host. // (The field is exported so it can be accessed via reflect from net/http; tested // by TestNoDialH2RoundTripperType) +// +// A noDialH2RoundTripper is registered with http1.Transport.RegisterProtocol, +// and the http1.Transport can use type assertions to call non-RoundTrip methods on it. +// This lets us expose, for example, NewClientConn to net/http. type noDialH2RoundTripper struct{ *Transport } func (rt noDialH2RoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { @@ -3211,6 +3268,85 @@ func (rt noDialH2RoundTripper) RoundTrip(req *http.Request) (*http.Response, err return res, err } +func (rt noDialH2RoundTripper) NewClientConn(conn net.Conn, internalStateHook func()) (http.RoundTripper, error) { + tr := rt.Transport + cc, err := tr.newClientConn(conn, tr.disableKeepAlives(), internalStateHook) + if err != nil { + return nil, err + } + + // RoundTrip should block when the conn is at its concurrency limit, + // not return an error. Setting strictMaxConcurrentStreams enables this. + cc.strictMaxConcurrentStreams = true + + return netHTTPClientConn{cc}, nil +} + +// netHTTPClientConn wraps ClientConn and implements the interface net/http expects from +// the RoundTripper returned by NewClientConn. +type netHTTPClientConn struct { + cc *ClientConn +} + +func (cc netHTTPClientConn) RoundTrip(req *http.Request) (*http.Response, error) { + return cc.cc.RoundTrip(req) +} + +func (cc netHTTPClientConn) Close() error { + return cc.cc.Close() +} + +func (cc netHTTPClientConn) Err() error { + cc.cc.mu.Lock() + defer cc.cc.mu.Unlock() + if cc.cc.closed { + return errors.New("connection closed") + } + return nil +} + +func (cc netHTTPClientConn) Reserve() error { + defer cc.cc.maybeCallStateHook() + cc.cc.mu.Lock() + defer cc.cc.mu.Unlock() + if !cc.cc.canReserveLocked() { + return errors.New("connection is unavailable") + } + cc.cc.streamsReserved++ + return nil +} + +func (cc netHTTPClientConn) Release() { + defer cc.cc.maybeCallStateHook() + cc.cc.mu.Lock() + defer cc.cc.mu.Unlock() + // We don't complain if streamsReserved is 0. + // + // This is consistent with RoundTrip: both Release and RoundTrip will + // consume a reservation iff one exists. + if cc.cc.streamsReserved > 0 { + cc.cc.streamsReserved-- + } +} + +func (cc netHTTPClientConn) Available() int { + cc.cc.mu.Lock() + defer cc.cc.mu.Unlock() + return cc.cc.availableLocked() +} + +func (cc netHTTPClientConn) InFlight() int { + cc.cc.mu.Lock() + defer cc.cc.mu.Unlock() + return cc.cc.currentRequestCountLocked() +} + +func (cc *ClientConn) maybeCallStateHook() { + if cc.internalStateHook != nil { + cc.internalStateHook() + } +} + func (t *Transport) idleConnTimeout() time.Duration { // to keep things backwards compatible, we use non-zero values of // IdleConnTimeout, followed by using the IdleConnTimeout on the underlying diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/net/trace/events.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/net/trace/events.go index 3aaffdd1..c2b3c009 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/net/trace/events.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/net/trace/events.go @@ -58,8 +58,8 @@ func RenderEvents(w http.ResponseWriter, req *http.Request, sensitive bool) { Buckets: buckets, } - data.Families = make([]string, 0, len(families)) famMu.RLock() + data.Families = make([]string, 0, len(families)) for name := range families { data.Families = append(data.Families, name) } diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu.go index 34c9ae76..63541994 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu.go @@ -92,9 +92,6 @@ var ARM64 struct { HasSHA2 bool // SHA2 hardware implementation HasCRC32 bool // CRC32 hardware implementation HasATOMICS bool // Atomic memory operation instruction set - HasHPDS bool // Hierarchical permission disables in translations tables - HasLOR bool // Limited ordering regions - HasPAN bool // Privileged access never HasFPHP bool // Half precision floating-point instruction set HasASIMDHP bool // Advanced SIMD half precision instruction set HasCPUID bool // CPUID identification scheme registers diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_arm64.go index f449c679..af2aa99f 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_arm64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_arm64.go @@ -65,10 +65,10 @@ func setMinimalFeatures() { func readARM64Registers() { Initialized = true - parseARM64SystemRegisters(getisar0(), getisar1(), getmmfr1(), getpfr0()) + parseARM64SystemRegisters(getisar0(), getisar1(), getpfr0()) } -func parseARM64SystemRegisters(isar0, isar1, mmfr1, pfr0 uint64) { +func parseARM64SystemRegisters(isar0, isar1, pfr0 uint64) { // ID_AA64ISAR0_EL1 switch extractBits(isar0, 4, 7) { case 1: @@ -152,22 +152,6 @@ func parseARM64SystemRegisters(isar0, isar1, mmfr1, pfr0 uint64) { ARM64.HasI8MM = true } - // ID_AA64MMFR1_EL1 - switch extractBits(mmfr1, 12, 15) { - case 1, 2: - ARM64.HasHPDS = true - } - - switch extractBits(mmfr1, 16, 19) { - case 1: - ARM64.HasLOR = true - } - - switch extractBits(mmfr1, 20, 23) { - case 1, 2, 3: - ARM64.HasPAN = true - } - // ID_AA64PFR0_EL1 switch extractBits(pfr0, 16, 19) { case 0: diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_arm64.s index a4f24b3b..3b0450a0 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_arm64.s +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_arm64.s @@ -20,13 +20,6 @@ TEXT ·getisar1(SB),NOSPLIT,$0-8 MOVD R0, ret+0(FP) RET -// func getmmfr1() uint64 -TEXT ·getmmfr1(SB),NOSPLIT,$0-8 - // get Memory Model Feature Register 1 into x0 - MRS ID_AA64MMFR1_EL1, R0 - MOVD R0, ret+0(FP) - RET - // func getpfr0() uint64 TEXT ·getpfr0(SB),NOSPLIT,$0-8 // get Processor Feature Register 0 into x0 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go index e3fc5a8d..6ac6e1ef 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go @@ -8,6 +8,5 @@ package cpu func getisar0() uint64 func getisar1() uint64 -func getmmfr1() uint64 func getpfr0() uint64 func getzfr0() uint64 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go index 8df2079e..7f194678 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go @@ -8,5 +8,4 @@ package cpu func getisar0() uint64 { return 0 } func getisar1() uint64 { return 0 } -func getmmfr1() uint64 { return 0 } func getpfr0() uint64 { return 0 } diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go index 19aea063..ebfb3fc8 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go @@ -167,7 +167,7 @@ func doinit() { setMinimalFeatures() return } - parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64mmfr1, cpuid.aa64pfr0) + parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64pfr0) Initialized = true } diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go index 87fd3a77..85b64d5c 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go @@ -59,7 +59,7 @@ func doinit() { if !ok { return } - parseARM64SystemRegisters(isar0, isar1, 0, 0) + parseARM64SystemRegisters(isar0, isar1, 0) Initialized = true } diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/mkerrors.sh b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/mkerrors.sh index 42517077..fd39be4e 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -256,6 +256,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -613,7 +614,7 @@ ccflags="$@" $2 !~ /IOC_MAGIC/ && $2 ~ /^[A-Z][A-Z0-9_]+_MAGIC2?$/ || $2 ~ /^(VM|VMADDR)_/ || - $2 ~ /^IOCTL_VM_SOCKETS_/ || + $2 ~ /^(IOCTL_VM_SOCKETS_|IOCTL_MEI_)/ || $2 ~ /^(TASKSTATS|TS)_/ || $2 ~ /^CGROUPSTATS_/ || $2 ~ /^GENL_/ || diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux.go index d0a75da5..120a7b35 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -1615,6 +1615,8 @@ const ( IN_OPEN = 0x20 IN_Q_OVERFLOW = 0x4000 IN_UNMOUNT = 0x2000 + IOCTL_MEI_CONNECT_CLIENT = 0xc0104801 + IOCTL_MEI_CONNECT_CLIENT_VTAG = 0xc0144804 IPPROTO_AH = 0x33 IPPROTO_BEETPH = 0x5e IPPROTO_COMP = 0x6c diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 1c37f9fb..97a61fc5 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 6f54d34a..a0d6d498 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 783ec5c1..dd9c903f 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index ca83d3ba..384c61ca 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -120,6 +120,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 607e611c..6384c983 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index b9cb5bd3..553c1c6f 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 65b078a6..b3339f20 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 5298a303..177091d2 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 7bc557c8..c5abf156 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 152399bb..f1f3fadf 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 1a1ce240..203ad9c5 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 4231a1fb..4b9abcb2 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 21c0e952..f8798303 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index f00d1cd7..64347eb3 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index bc8d539e..7d719117 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -119,6 +119,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x400000 IN_NONBLOCK = 0x4000 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go index 439548ec..50e8e644 100644 --- a/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go +++ b/ci/resources/stemcell-version-bump/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go @@ -104,7 +104,7 @@ type Statvfs_t struct { Fsid uint32 Namemax uint32 Owner uint32 - Spare [4]uint32 + Spare [4]uint64 Fstypename [32]byte Mntonname [1024]byte Mntfromname [1024]byte diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/credentialstype/credentialstype.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/credentialstype/credentialstype.go new file mode 100644 index 00000000..0e2c4612 --- /dev/null +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/credentialstype/credentialstype.go @@ -0,0 +1,113 @@ +// Copyright 2024 Google LLC. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package credentialstype defines the CredType used for specifying the type of JSON credentials. +package credentialstype + +import ( + "encoding/json" + "fmt" + "slices" +) + +// CredType specifies the type of JSON credentials. +type CredType string + +const ( + // Unknown represents an unknown JSON file type. + Unknown CredType = "" + // ServiceAccount represents a service account file type. + ServiceAccount CredType = "service_account" + // AuthorizedUser represents an authorized user credentials file type. + AuthorizedUser CredType = "authorized_user" + // ImpersonatedServiceAccount represents an impersonated service account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ImpersonatedServiceAccount CredType = "impersonated_service_account" + // ExternalAccount represents an external account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ExternalAccount CredType = "external_account" + // GDCHServiceAccount represents a GDCH service account file type. + GDCHServiceAccount CredType = "gdc_service_account" + // ExternalAccountAuthorizedUser represents an external account authorized user file type. + ExternalAccountAuthorizedUser CredType = "external_account_authorized_user" +) + +var knownTypes = map[CredType]bool{ + ServiceAccount: true, + AuthorizedUser: true, + ImpersonatedServiceAccount: true, + ExternalAccount: true, + GDCHServiceAccount: true, + ExternalAccountAuthorizedUser: true, +} + +// GetCredType returns the credentials type or the Unknown type, +// or an error for empty data or failure to unmarshal JSON. +func GetCredType(data []byte) (CredType, error) { + var t CredType + if len(data) == 0 { + return t, fmt.Errorf("credential provided is 0 bytes") + } + var f struct { + Type string `json:"type"` + } + if err := json.Unmarshal(data, &f); err != nil { + return t, err + } + t = parseCredType(f.Type) + return t, nil +} + +// CheckCredentialType checks if the provided JSON bytes match the expected +// credential type and, if present, one of the allowed credential types. +// An error is returned if the JSON is invalid, the type field is missing, +// or the types do not match expected and (if present) allowed. +func CheckCredentialType(b []byte, expected CredType, allowed ...CredType) error { + var f struct { + Type string `json:"type"` + } + if err := json.Unmarshal(b, &f); err != nil { + return fmt.Errorf("unable to parse credential type: %w", err) + } + if f.Type == "" { + return fmt.Errorf("missing `type` field in credential") + } + credType := CredType(f.Type) + if credType != expected { + return fmt.Errorf("credential type mismatch: got %q, expected %q", credType, expected) + } + if len(allowed) == 0 { + return nil + } + if !slices.Contains(allowed, credType) { + return fmt.Errorf("credential type not allowed: %q", credType) + } + return nil +} + +// parseCredType returns the matching CredType for the JSON type string if +// it is in the list of publicly exposed types, otherwise Unknown. +func parseCredType(typeString string) CredType { + ct := CredType(typeString) + if knownTypes[ct] { + return ct + } + return Unknown +} diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/creds.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/creds.go index 92bb42c3..2172ba43 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/creds.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/creds.go @@ -20,6 +20,7 @@ import ( "cloud.google.com/go/auth/oauth2adapt" "golang.org/x/oauth2" "google.golang.org/api/internal/cert" + "google.golang.org/api/internal/credentialstype" "google.golang.org/api/internal/impersonate" "golang.org/x/oauth2/google" @@ -139,11 +140,13 @@ func detectDefaultFromDialSettings(settings *DialSettings) (*auth.Credentials, e aud = settings.DefaultAudience } + credsFile, _ := settings.GetAuthCredentialsFile() + credsJSON, _ := settings.GetAuthCredentialsJSON() return credentials.DetectDefault(&credentials.DetectOptions{ Scopes: scopes, Audience: aud, - CredentialsFile: settings.CredentialsFile, - CredentialsJSON: settings.CredentialsJSON, + CredentialsFile: credsFile, + CredentialsJSON: credsJSON, UseSelfSignedJWT: useSelfSignedJWT, Logger: settings.Logger, }) @@ -156,15 +159,15 @@ func baseCreds(ctx context.Context, ds *DialSettings) (*google.Credentials, erro if ds.Credentials != nil { return ds.Credentials, nil } - if len(ds.CredentialsJSON) > 0 { - return credentialsFromJSON(ctx, ds.CredentialsJSON, ds) + if credsJSON, checkCredType := ds.GetAuthCredentialsJSON(); len(credsJSON) > 0 { + return credentialsFromJSON(ctx, credsJSON, ds, checkCredType) } - if ds.CredentialsFile != "" { - data, err := os.ReadFile(ds.CredentialsFile) + if credsFile, checkCredType := ds.GetAuthCredentialsFile(); credsFile != "" { + data, err := os.ReadFile(credsFile) if err != nil { return nil, fmt.Errorf("cannot read credentials file: %v", err) } - return credentialsFromJSON(ctx, data, ds) + return credentialsFromJSON(ctx, data, ds, checkCredType) } if ds.TokenSource != nil { return &google.Credentials{TokenSource: ds.TokenSource}, nil @@ -174,7 +177,7 @@ func baseCreds(ctx context.Context, ds *DialSettings) (*google.Credentials, erro return nil, err } if len(cred.JSON) > 0 { - return credentialsFromJSON(ctx, cred.JSON, ds) + return credentialsFromJSON(ctx, cred.JSON, ds, credentialstype.Unknown) } // For GAE and GCE, the JSON is empty so return the default credentials directly. return cred, nil @@ -197,7 +200,12 @@ const ( // // - Otherwise, executes standard OAuth 2.0 flow // More details: google.aip.dev/auth/4111 -func credentialsFromJSON(ctx context.Context, data []byte, ds *DialSettings) (*google.Credentials, error) { +func credentialsFromJSON(ctx context.Context, data []byte, ds *DialSettings, checkCredType credentialstype.CredType) (*google.Credentials, error) { + if checkCredType != credentialstype.Unknown { + if err := credentialstype.CheckCredentialType(data, checkCredType); err != nil { + return nil, err + } + } var params google.CredentialsParams params.Scopes = ds.GetScopes() diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/settings.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/settings.go index a81d149a..2a8dae28 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/settings.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/settings.go @@ -17,6 +17,7 @@ import ( "cloud.google.com/go/auth" "golang.org/x/oauth2" "golang.org/x/oauth2/google" + "google.golang.org/api/internal/credentialstype" "google.golang.org/api/internal/impersonate" "google.golang.org/grpc" ) @@ -31,16 +32,18 @@ const ( // DialSettings holds information needed to establish a connection with a // Google API service. type DialSettings struct { - Endpoint string - DefaultEndpoint string - DefaultEndpointTemplate string - DefaultMTLSEndpoint string - Scopes []string - DefaultScopes []string - EnableJwtWithScope bool - TokenSource oauth2.TokenSource - Credentials *google.Credentials - CredentialsFile string // if set, Token Source is ignored. + Endpoint string + DefaultEndpoint string + DefaultEndpointTemplate string + DefaultMTLSEndpoint string + Scopes []string + DefaultScopes []string + EnableJwtWithScope bool + TokenSource oauth2.TokenSource + Credentials *google.Credentials + // Deprecated: Use AuthCredentialsFile instead, due to security risk. + CredentialsFile string + // Deprecated: Use AuthCredentialsJSON instead, due to security risk. CredentialsJSON []byte InternalCredentials *google.Credentials UserAgent string @@ -72,6 +75,9 @@ type DialSettings struct { // New Auth library Options AuthCredentials *auth.Credentials + AuthCredentialsJSON []byte + AuthCredentialsFile string + AuthCredentialsType credentialstype.CredType EnableNewAuthLibrary bool // TODO(b/372244283): Remove after b/358175516 has been fixed @@ -113,18 +119,48 @@ func (ds *DialSettings) IsNewAuthLibraryEnabled() bool { if ds.AuthCredentials != nil { return true } + if len(ds.AuthCredentialsJSON) > 0 { + return true + } + if ds.AuthCredentialsFile != "" { + return true + } if b, err := strconv.ParseBool(os.Getenv(newAuthLibEnvVar)); err == nil { return b } return false } +// GetAuthCredentialsJSON returns the AuthCredentialsJSON and AuthCredentialsType, if set. +// Otherwise it falls back to the deprecated CredentialsJSON with an Unknown type. +// +// Use AuthCredentialsJSON if provided, as it is the safer, recommended option. +// CredentialsJSON is populated by the deprecated WithCredentialsJSON. +func (ds *DialSettings) GetAuthCredentialsJSON() ([]byte, credentialstype.CredType) { + if len(ds.AuthCredentialsJSON) > 0 { + return ds.AuthCredentialsJSON, ds.AuthCredentialsType + } + return ds.CredentialsJSON, credentialstype.Unknown +} + +// GetAuthCredentialsFile returns the AuthCredentialsFile and AuthCredentialsType, if set. +// Otherwise it falls back to the deprecated CredentialsFile with an Unknown type. +// +// Use AuthCredentialsFile if provided, as it is the safer, recommended option. +// CredentialsFile is populated by the deprecated WithCredentialsFile. +func (ds *DialSettings) GetAuthCredentialsFile() (string, credentialstype.CredType) { + if ds.AuthCredentialsFile != "" { + return ds.AuthCredentialsFile, ds.AuthCredentialsType + } + return ds.CredentialsFile, credentialstype.Unknown +} + // Validate reports an error if ds is invalid. func (ds *DialSettings) Validate() error { if ds.SkipValidation { return nil } - hasCreds := ds.APIKey != "" || ds.TokenSource != nil || ds.CredentialsFile != "" || ds.Credentials != nil + hasCreds := ds.APIKey != "" || ds.TokenSource != nil || ds.CredentialsFile != "" || ds.Credentials != nil || ds.AuthCredentials != nil || len(ds.AuthCredentialsJSON) > 0 || ds.AuthCredentialsFile != "" if ds.NoAuth && hasCreds { return errors.New("options.WithoutAuthentication is incompatible with any option that provides credentials") } @@ -138,6 +174,15 @@ func (ds *DialSettings) Validate() error { if len(ds.CredentialsJSON) > 0 { nCreds++ } + if ds.AuthCredentials != nil { + nCreds++ + } + if len(ds.AuthCredentialsJSON) > 0 { + nCreds++ + } + if ds.AuthCredentialsFile != "" { + nCreds++ + } if ds.CredentialsFile != "" { nCreds++ } diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/version.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/version.go index 6368b1d5..ad4137f9 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/version.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/internal/version.go @@ -5,4 +5,4 @@ package internal // Version is the current tagged release of the library. -const Version = "0.257.0" +const Version = "0.258.0" diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/option/internaloption/internaloption.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/option/internaloption/internaloption.go index 931f093d..d67351a7 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/option/internaloption/internaloption.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/option/internaloption/internaloption.go @@ -290,7 +290,7 @@ func GetLogger(opts []option.ClientOption) *slog.Logger { // options, in this order: // // - [option.WithoutAuthentication] -// - [option.WithAuthCredentials] +// - [option.Credentials] // - [WithCredentials] (internal use only) // - [option.WithCredentials] // - [option.WithTokenSource] @@ -300,7 +300,9 @@ func GetLogger(opts []option.ClientOption) *slog.Logger { // returns the result: // // - [option.WithAudiences] +// - [option.WithAuthCredentialsFile] // - [option.WithCredentialsFile] +// - [option.WithAuthCredentialsJSON] // - [option.WithCredentialsJSON] // - [option.WithScopes] // - [WithDefaultScopes] (internal use only) diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/option/option.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/option/option.go index 1b134caa..4dbfc3a2 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/option/option.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/option/option.go @@ -14,10 +14,45 @@ import ( "golang.org/x/oauth2" "golang.org/x/oauth2/google" "google.golang.org/api/internal" + "google.golang.org/api/internal/credentialstype" "google.golang.org/api/internal/impersonate" "google.golang.org/grpc" ) +// CredentialsType specifies the type of JSON credentials being provided +// to a loading function such as [WithAuthCredentialsFile] or +// [WithAuthCredentialsJSON]. +type CredentialsType = credentialstype.CredType + +const ( + // ServiceAccount represents a service account file type. + ServiceAccount = credentialstype.ServiceAccount + // AuthorizedUser represents an authorized user credentials file type. + AuthorizedUser = credentialstype.AuthorizedUser + // ImpersonatedServiceAccount represents an impersonated service account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ImpersonatedServiceAccount = credentialstype.ImpersonatedServiceAccount + // ExternalAccount represents an external account file type. + // + // IMPORTANT: + // This credential type does not validate the credential configuration. A security + // risk occurs when a credential configuration configured with malicious urls + // is used. + // You should validate credential configurations provided by untrusted sources. + // See [Security requirements when using credential configurations from an external + // source] https://cloud.google.com/docs/authentication/external/externally-sourced-credentials + // for more details. + ExternalAccount = credentialstype.ExternalAccount +) + // A ClientOption is an option for a Google API client. type ClientOption interface { Apply(*internal.DialSettings) @@ -45,6 +80,36 @@ func (w withCredFile) Apply(o *internal.DialSettings) { // API calls with the given service account or refresh token JSON // credentials file. // +// Deprecated: This function is being deprecated because of a potential security risk. +// +// This function does not validate the credential configuration. The security +// risk occurs when a credential configuration is accepted from a source that +// is not under your control and used without validation on your side. +// +// If you know that you will be loading credential configurations of a +// specific type, it is recommended to use a credential-type-specific +// option function. +// This will ensure that an unexpected credential type with potential for +// malicious intent is not loaded unintentionally. You might still have to do +// validation for certain credential types. Please follow the recommendation +// for that function. For example, if you want to load only service accounts, +// you can use [WithAuthCredentialsFile] with [ServiceAccount]: +// +// option.WithAuthCredentialsFile(option.ServiceAccount, "/path/to/file.json") +// +// If you are loading your credential configuration from an untrusted source and have +// not mitigated the risks (e.g. by validating the configuration yourself), make +// these changes as soon as possible to prevent security risks to your environment. +// +// Regardless of the function used, it is always your responsibility to validate +// configurations received from external sources. +func WithCredentialsFile(filename string) ClientOption { + return withCredFile(filename) +} + +// WithAuthCredentialsFile returns a ClientOption that authenticates API calls +// with the given JSON credentials file and credential type. +// // Important: If you accept a credential configuration (credential // JSON/File/Stream) from an external source for authentication to Google // Cloud Platform, you must validate it before providing it to any Google @@ -52,8 +117,21 @@ func (w withCredFile) Apply(o *internal.DialSettings) { // Google APIs can compromise the security of your systems and data. For // more information, refer to [Validate credential configurations from // external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). -func WithCredentialsFile(filename string) ClientOption { - return withCredFile(filename) +func WithAuthCredentialsFile(credType CredentialsType, filename string) ClientOption { + return withAuthCredentialsFile{ + credsType: credType, + filename: filename, + } +} + +type withAuthCredentialsFile struct { + credsType CredentialsType + filename string +} + +func (w withAuthCredentialsFile) Apply(o *internal.DialSettings) { + o.AuthCredentialsFile = w.filename + o.AuthCredentialsType = w.credsType } // WithServiceAccountFile returns a ClientOption that uses a Google service @@ -67,15 +145,52 @@ func WithCredentialsFile(filename string) ClientOption { // more information, refer to [Validate credential configurations from // external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). // -// Deprecated: Use WithCredentialsFile instead. +// Deprecated: Use WithAuthCredentialsFile instead. func WithServiceAccountFile(filename string) ClientOption { - return WithCredentialsFile(filename) + return WithAuthCredentialsFile(ServiceAccount, filename) } // WithCredentialsJSON returns a ClientOption that authenticates // API calls with the given service account or refresh token JSON // credentials. // +// Deprecated: This function is being deprecated because of a potential security risk. +// +// This function does not validate the credential configuration. The security +// risk occurs when a credential configuration is accepted from a source that +// is not under your control and used without validation on your side. +// +// If you know that you will be loading credential configurations of a +// specific type, it is recommended to use a credential-type-specific +// option function. +// This will ensure that an unexpected credential type with potential for +// malicious intent is not loaded unintentionally. You might still have to do +// validation for certain credential types. Please follow the recommendation +// for that function. For example, if you want to load only service accounts, +// you can use [WithAuthCredentialsJSON] with [ServiceAccount]: +// +// option.WithAuthCredentialsJSON(option.ServiceAccount, json) +// +// If you are loading your credential configuration from an untrusted source and have +// not mitigated the risks (e.g. by validating the configuration yourself), make +// these changes as soon as possible to prevent security risks to your environment. +// +// Regardless of the function used, it is always your responsibility to validate +// configurations received from external sources. +func WithCredentialsJSON(p []byte) ClientOption { + return withCredentialsJSON(p) +} + +type withCredentialsJSON []byte + +func (w withCredentialsJSON) Apply(o *internal.DialSettings) { + o.CredentialsJSON = make([]byte, len(w)) + copy(o.CredentialsJSON, w) +} + +// WithAuthCredentialsJSON returns a ClientOption that authenticates API calls +// with the given JSON credentials and credential type. +// // Important: If you accept a credential configuration (credential // JSON/File/Stream) from an external source for authentication to Google // Cloud Platform, you must validate it before providing it to any Google @@ -83,15 +198,21 @@ func WithServiceAccountFile(filename string) ClientOption { // Google APIs can compromise the security of your systems and data. For // more information, refer to [Validate credential configurations from // external sources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials). -func WithCredentialsJSON(p []byte) ClientOption { - return withCredentialsJSON(p) +func WithAuthCredentialsJSON(credType CredentialsType, json []byte) ClientOption { + return withAuthCredentialsJSON{ + credsType: credType, + json: json, + } } -type withCredentialsJSON []byte +type withAuthCredentialsJSON struct { + credsType CredentialsType + json []byte +} -func (w withCredentialsJSON) Apply(o *internal.DialSettings) { - o.CredentialsJSON = make([]byte, len(w)) - copy(o.CredentialsJSON, w) +func (w withAuthCredentialsJSON) Apply(o *internal.DialSettings) { + o.AuthCredentialsJSON = w.json + o.AuthCredentialsType = w.credsType } // WithEndpoint returns a ClientOption that overrides the default endpoint diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/storage/v1/storage-api.json b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/storage/v1/storage-api.json index 22ab414c..6daf228a 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/storage/v1/storage-api.json +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/storage/v1/storage-api.json @@ -253,7 +253,7 @@ "location": "northamerica-south1" } ], - "etag": "\"3131343633323936333034313936343439353533\"", + "etag": "\"39373339343838363630393031393634343537\"", "icons": { "x16": "https://www.google.com/images/icons/product/cloud_storage-16.png", "x32": "https://www.google.com/images/icons/product/cloud_storage-32.png" @@ -4549,7 +4549,7 @@ } } }, - "revision": "20250925", + "revision": "20251118", "rootUrl": "https://storage.googleapis.com/", "schemas": { "AdvanceRelocateBucketOperationRequest": { @@ -5500,6 +5500,10 @@ "description": "A Compose request.", "id": "ComposeRequest", "properties": { + "deleteSourceObjects": { + "description": "If true, the source objects will be deleted.", + "type": "boolean" + }, "destination": { "$ref": "Object", "description": "Properties of the resulting object." diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/storage/v1/storage-gen.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/storage/v1/storage-gen.go index 6d4af390..cf95b1cb 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/storage/v1/storage-gen.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/storage/v1/storage-gen.go @@ -1732,6 +1732,8 @@ func (s Channel) MarshalJSON() ([]byte, error) { // ComposeRequest: A Compose request. type ComposeRequest struct { + // DeleteSourceObjects: If true, the source objects will be deleted. + DeleteSourceObjects bool `json:"deleteSourceObjects,omitempty"` // Destination: Properties of the resulting object. Destination *Object `json:"destination,omitempty"` // Kind: The kind of item this is. @@ -1739,15 +1741,15 @@ type ComposeRequest struct { // SourceObjects: The list of source objects that will be concatenated into a // single object. SourceObjects []*ComposeRequestSourceObjects `json:"sourceObjects,omitempty"` - // ForceSendFields is a list of field names (e.g. "Destination") to + // ForceSendFields is a list of field names (e.g. "DeleteSourceObjects") to // unconditionally include in API requests. By default, fields with empty or // default values are omitted from API requests. See // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more // details. ForceSendFields []string `json:"-"` - // NullFields is a list of field names (e.g. "Destination") to include in API - // requests with the JSON null value. By default, fields with empty values are - // omitted from API requests. See + // NullFields is a list of field names (e.g. "DeleteSourceObjects") to include + // in API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. See // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. NullFields []string `json:"-"` } diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/transport/grpc/dial.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/transport/grpc/dial.go index a6630a0e..5b277c2e 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/transport/grpc/dial.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/transport/grpc/dial.go @@ -220,6 +220,8 @@ func dialPoolNewAuth(ctx context.Context, secure bool, poolSize int, ds *interna defaultEndpointTemplate = ds.DefaultEndpoint } + credsJSON, _ := ds.GetAuthCredentialsJSON() + credsFile, _ := ds.GetAuthCredentialsFile() pool, err := dialContextNewAuth(ctx, secure, &grpctransport.Options{ DisableTelemetry: ds.TelemetryDisabled, DisableAuthentication: ds.NoAuth, @@ -233,8 +235,8 @@ func dialPoolNewAuth(ctx context.Context, secure bool, poolSize int, ds *interna DetectOpts: &credentials.DetectOptions{ Scopes: ds.Scopes, Audience: aud, - CredentialsFile: ds.CredentialsFile, - CredentialsJSON: ds.CredentialsJSON, + CredentialsFile: credsFile, + CredentialsJSON: credsJSON, Logger: ds.Logger, }, InternalOptions: &grpctransport.InternalOptions{ diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/transport/http/dial.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/transport/http/dial.go index a33df912..494de475 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/transport/http/dial.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/api/transport/http/dial.go @@ -108,6 +108,8 @@ func newClientNewAuth(ctx context.Context, base http.RoundTripper, ds *internal. if ds.UserAgent != "" { headers.Set("User-Agent", ds.UserAgent) } + credsJSON, _ := ds.GetAuthCredentialsJSON() + credsFile, _ := ds.GetAuthCredentialsFile() client, err := httptransport.NewClient(&httptransport.Options{ DisableTelemetry: ds.TelemetryDisabled, DisableAuthentication: ds.NoAuth, @@ -120,8 +122,8 @@ func newClientNewAuth(ctx context.Context, base http.RoundTripper, ds *internal. DetectOpts: &credentials.DetectOptions{ Scopes: ds.Scopes, Audience: aud, - CredentialsFile: ds.CredentialsFile, - CredentialsJSON: ds.CredentialsJSON, + CredentialsFile: credsFile, + CredentialsJSON: credsJSON, Logger: ds.Logger, }, InternalOptions: &httptransport.InternalOptions{ diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go index 669133d0..c96e4483 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go @@ -32,7 +32,7 @@ var byteType = reflect.TypeOf(byte(0)) func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescriptors) protoreflect.FieldDescriptor { f := new(filedesc.Field) f.L0.ParentFile = filedesc.SurrogateProto2 - f.L1.EditionFeatures = f.L0.ParentFile.L1.EditionFeatures + packed := false for len(tag) > 0 { i := strings.IndexByte(tag, ',') if i < 0 { @@ -108,7 +108,7 @@ func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescri f.L1.StringName.InitJSON(jsonName) } case s == "packed": - f.L1.EditionFeatures.IsPacked = true + packed = true case strings.HasPrefix(s, "def="): // The default tag is special in that everything afterwards is the // default regardless of the presence of commas. @@ -121,6 +121,13 @@ func Unmarshal(tag string, goType reflect.Type, evs protoreflect.EnumValueDescri tag = strings.TrimPrefix(tag[i:], ",") } + // Update EditionFeatures after the loop and after we know whether this is + // a proto2 or proto3 field. + f.L1.EditionFeatures = f.L0.ParentFile.L1.EditionFeatures + if packed { + f.L1.EditionFeatures.IsPacked = true + } + // The generator uses the group message name instead of the field name. // We obtain the real field name by lowercasing the group name. if f.L1.Kind == protoreflect.GroupKind { diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go index 099b2bf4..9aa7a9bb 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/encoding/text/decode.go @@ -424,27 +424,34 @@ func (d *Decoder) parseFieldName() (tok Token, err error) { return Token{}, d.newSyntaxError("invalid field name: %s", errId(d.in)) } -// parseTypeName parses Any type URL or extension field name. The name is -// enclosed in [ and ] characters. The C++ parser does not handle many legal URL -// strings. This implementation is more liberal and allows for the pattern -// ^[-_a-zA-Z0-9]+([./][-_a-zA-Z0-9]+)*`). Whitespaces and comments are allowed -// in between [ ], '.', '/' and the sub names. +// parseTypeName parses an Any type URL or an extension field name. The name is +// enclosed in [ and ] characters. We allow almost arbitrary type URL prefixes, +// closely following the text-format spec [1,2]. We implement "ExtensionName | +// AnyName" as follows (with some exceptions for backwards compatibility): +// +// char = [-_a-zA-Z0-9] +// url_char = char | [.~!$&'()*+,;=] | "%", hex, hex +// +// Ident = char, { char } +// TypeName = Ident, { ".", Ident } ; +// UrlPrefix = url_char, { url_char | "/" } ; +// ExtensionName = "[", TypeName, "]" ; +// AnyName = "[", UrlPrefix, "/", TypeName, "]" ; +// +// Additionally, we allow arbitrary whitespace and comments between [ and ]. +// +// [1] https://protobuf.dev/reference/protobuf/textformat-spec/#characters +// [2] https://protobuf.dev/reference/protobuf/textformat-spec/#field-names func (d *Decoder) parseTypeName() (Token, error) { - startPos := len(d.orig) - len(d.in) // Use alias s to advance first in order to use d.in for error handling. - // Caller already checks for [ as first character. + // Caller already checks for [ as first character (d.in[0] == '['). s := consume(d.in[1:], 0) if len(s) == 0 { return Token{}, ErrUnexpectedEOF } + // Collect everything between [ and ] in name. var name []byte - for len(s) > 0 && isTypeNameChar(s[0]) { - name = append(name, s[0]) - s = s[1:] - } - s = consume(s, 0) - var closed bool for len(s) > 0 && !closed { switch { @@ -452,23 +459,20 @@ func (d *Decoder) parseTypeName() (Token, error) { s = s[1:] closed = true - case s[0] == '/', s[0] == '.': - if len(name) > 0 && (name[len(name)-1] == '/' || name[len(name)-1] == '.') { - return Token{}, d.newSyntaxError("invalid type URL/extension field name: %s", - d.orig[startPos:len(d.orig)-len(s)+1]) - } + case s[0] == '/' || isTypeNameChar(s[0]) || isUrlExtraChar(s[0]): name = append(name, s[0]) - s = s[1:] - s = consume(s, 0) - for len(s) > 0 && isTypeNameChar(s[0]) { - name = append(name, s[0]) - s = s[1:] + s = consume(s[1:], 0) + + // URL percent-encoded chars + case s[0] == '%': + if len(s) < 3 || !isHexChar(s[1]) || !isHexChar(s[2]) { + return Token{}, d.parseTypeNameError(s, 3) } - s = consume(s, 0) + name = append(name, s[0], s[1], s[2]) + s = consume(s[3:], 0) default: - return Token{}, d.newSyntaxError( - "invalid type URL/extension field name: %s", d.orig[startPos:len(d.orig)-len(s)+1]) + return Token{}, d.parseTypeNameError(s, 1) } } @@ -476,15 +480,38 @@ func (d *Decoder) parseTypeName() (Token, error) { return Token{}, ErrUnexpectedEOF } - // First character cannot be '.'. Last character cannot be '.' or '/'. - size := len(name) - if size == 0 || name[0] == '.' || name[size-1] == '.' || name[size-1] == '/' { - return Token{}, d.newSyntaxError("invalid type URL/extension field name: %s", - d.orig[startPos:len(d.orig)-len(s)]) + // Split collected name on last '/' into urlPrefix and typeName (if '/' is + // present). + typeName := name + if i := bytes.LastIndexByte(name, '/'); i != -1 { + urlPrefix := name[:i] + typeName = name[i+1:] + + // urlPrefix may be empty (for backwards compatibility). + // If non-empty, it must not start with '/'. + if len(urlPrefix) > 0 && urlPrefix[0] == '/' { + return Token{}, d.parseTypeNameError(s, 0) + } } + // typeName must not be empty (note: "" splits to [""]) and all identifier + // parts must not be empty. + for _, ident := range bytes.Split(typeName, []byte{'.'}) { + if len(ident) == 0 { + return Token{}, d.parseTypeNameError(s, 0) + } + } + + // typeName must not contain any percent-encoded or special URL chars. + for _, b := range typeName { + if b == '%' || (b != '.' && isUrlExtraChar(b)) { + return Token{}, d.parseTypeNameError(s, 0) + } + } + + startPos := len(d.orig) - len(d.in) + endPos := len(d.orig) - len(s) d.in = s - endPos := len(d.orig) - len(d.in) d.consume(0) return Token{ @@ -496,16 +523,32 @@ func (d *Decoder) parseTypeName() (Token, error) { }, nil } +func (d *Decoder) parseTypeNameError(s []byte, numUnconsumedChars int) error { + return d.newSyntaxError( + "invalid type URL/extension field name: %s", + d.in[:len(d.in)-len(s)+min(numUnconsumedChars, len(s))], + ) +} + +func isHexChar(b byte) bool { + return ('0' <= b && b <= '9') || + ('a' <= b && b <= 'f') || + ('A' <= b && b <= 'F') +} + func isTypeNameChar(b byte) bool { - return (b == '-' || b == '_' || + return b == '-' || b == '_' || ('0' <= b && b <= '9') || ('a' <= b && b <= 'z') || - ('A' <= b && b <= 'Z')) + ('A' <= b && b <= 'Z') } -func isWhiteSpace(b byte) bool { +// isUrlExtraChar complements isTypeNameChar with extra characters that we allow +// in URLs but not in type names. Note that '/' is not included so that it can +// be treated specially. +func isUrlExtraChar(b byte) bool { switch b { - case ' ', '\n', '\r', '\t': + case '.', '~', '!', '$', '&', '(', ')', '*', '+', ',', ';', '=': return true default: return false diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/filedesc/desc.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/filedesc/desc.go index dbcf90b8..c775e583 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/filedesc/desc.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/filedesc/desc.go @@ -32,6 +32,7 @@ const ( EditionProto3 Edition = 999 Edition2023 Edition = 1000 Edition2024 Edition = 1001 + EditionUnstable Edition = 9999 EditionUnsupported Edition = 100000 ) diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go index dd31faae..78f02b1b 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go @@ -330,7 +330,6 @@ func (md *Message) unmarshalFull(b []byte, sb *strs.Builder) { md.L1.Extensions.List[extensionIdx].unmarshalFull(v, sb) extensionIdx++ case genid.DescriptorProto_Options_field_number: - md.unmarshalOptions(v) rawOptions = appendOptions(rawOptions, v) } default: @@ -356,27 +355,6 @@ func (md *Message) unmarshalFull(b []byte, sb *strs.Builder) { md.L2.Options = md.L0.ParentFile.builder.optionsUnmarshaler(&descopts.Message, rawOptions) } -func (md *Message) unmarshalOptions(b []byte) { - for len(b) > 0 { - num, typ, n := protowire.ConsumeTag(b) - b = b[n:] - switch typ { - case protowire.VarintType: - v, m := protowire.ConsumeVarint(b) - b = b[m:] - switch num { - case genid.MessageOptions_MapEntry_field_number: - md.L1.IsMapEntry = protowire.DecodeBool(v) - case genid.MessageOptions_MessageSetWireFormat_field_number: - md.L1.IsMessageSet = protowire.DecodeBool(v) - } - default: - m := protowire.ConsumeFieldValue(num, typ, b) - b = b[m:] - } - } -} - func unmarshalMessageReservedRange(b []byte) (r [2]protoreflect.FieldNumber) { for len(b) > 0 { num, typ, n := protowire.ConsumeTag(b) diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go index 950a6a32..65aaf4d2 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go @@ -26,6 +26,7 @@ const ( Edition_EDITION_PROTO3_enum_value = 999 Edition_EDITION_2023_enum_value = 1000 Edition_EDITION_2024_enum_value = 1001 + Edition_EDITION_UNSTABLE_enum_value = 9999 Edition_EDITION_1_TEST_ONLY_enum_value = 1 Edition_EDITION_2_TEST_ONLY_enum_value = 2 Edition_EDITION_99997_TEST_ONLY_enum_value = 99997 diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/codec_map.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/codec_map.go index 229c6980..4a3bf393 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/codec_map.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/codec_map.go @@ -113,6 +113,9 @@ func sizeMap(mapv reflect.Value, mapi *mapInfo, f *coderFieldInfo, opts marshalO } func consumeMap(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi *mapInfo, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { + if opts.depth--; opts.depth < 0 { + return out, errRecursionDepth + } if wtyp != protowire.BytesType { return out, errUnknown } @@ -170,6 +173,9 @@ func consumeMap(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi *mapInfo } func consumeMapOfMessage(b []byte, mapv reflect.Value, wtyp protowire.Type, mapi *mapInfo, f *coderFieldInfo, opts unmarshalOptions) (out unmarshalOutput, err error) { + if opts.depth--; opts.depth < 0 { + return out, errRecursionDepth + } if wtyp != protowire.BytesType { return out, errUnknown } diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/decode.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/decode.go index e0dd21fa..1228b5c8 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/decode.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/decode.go @@ -102,8 +102,7 @@ var errUnknown = errors.New("unknown") func (mi *MessageInfo) unmarshalPointer(b []byte, p pointer, groupTag protowire.Number, opts unmarshalOptions) (out unmarshalOutput, err error) { mi.init() - opts.depth-- - if opts.depth < 0 { + if opts.depth--; opts.depth < 0 { return out, errRecursionDepth } if flags.ProtoLegacy && mi.isMessageSet { diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/validate.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/validate.go index 7b2995dd..99a1eb95 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/validate.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/impl/validate.go @@ -68,9 +68,13 @@ func Validate(mt protoreflect.MessageType, in protoiface.UnmarshalInput) (out pr if in.Resolver == nil { in.Resolver = protoregistry.GlobalTypes } + if in.Depth == 0 { + in.Depth = protowire.DefaultRecursionLimit + } o, st := mi.validate(in.Buf, 0, unmarshalOptions{ flags: in.Flags, resolver: in.Resolver, + depth: in.Depth, }) if o.initialized { out.Flags |= protoiface.UnmarshalInitialized @@ -257,6 +261,9 @@ func (mi *MessageInfo) validate(b []byte, groupTag protowire.Number, opts unmars states[0].typ = validationTypeGroup states[0].endGroup = groupTag } + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } initialized := true start := len(b) State: @@ -451,6 +458,13 @@ State: mi: vi.mi, tail: b, }) + if vi.typ == validationTypeMessage || + vi.typ == validationTypeGroup || + vi.typ == validationTypeMap { + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } + } b = v continue State case validationTypeRepeatedVarint: @@ -499,6 +513,9 @@ State: mi: vi.mi, endGroup: num, }) + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } continue State case flags.ProtoLegacy && vi.typ == validationTypeMessageSetItem: typeid, v, n, err := messageset.ConsumeFieldValue(b, false) @@ -521,6 +538,13 @@ State: mi: xvi.mi, tail: b[n:], }) + if xvi.typ == validationTypeMessage || + xvi.typ == validationTypeGroup || + xvi.typ == validationTypeMap { + if opts.depth--; opts.depth < 0 { + return out, ValidationInvalid + } + } b = v continue State } @@ -547,12 +571,14 @@ State: switch st.typ { case validationTypeMessage, validationTypeGroup: numRequiredFields = int(st.mi.numRequiredFields) + opts.depth++ case validationTypeMap: // If this is a map field with a message value that contains // required fields, require that the value be present. if st.mi != nil && st.mi.numRequiredFields > 0 { numRequiredFields = 1 } + opts.depth++ } // If there are more than 64 required fields, this check will // always fail and we will report that the message is potentially diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/version/version.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/version/version.go index 77de0f23..763fd828 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/version/version.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/internal/version/version.go @@ -52,7 +52,7 @@ import ( const ( Major = 1 Minor = 36 - Patch = 10 + Patch = 11 PreRelease = "" ) diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/proto/decode.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/proto/decode.go index 4cbf1aea..889d8511 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/proto/decode.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/proto/decode.go @@ -121,9 +121,8 @@ func (o UnmarshalOptions) unmarshal(b []byte, m protoreflect.Message) (out proto out, err = methods.Unmarshal(in) } else { - o.RecursionLimit-- - if o.RecursionLimit < 0 { - return out, errors.New("exceeded max recursion depth") + if o.RecursionLimit--; o.RecursionLimit < 0 { + return out, errRecursionDepth } err = o.unmarshalMessageSlow(b, m) } @@ -220,6 +219,9 @@ func (o UnmarshalOptions) unmarshalSingular(b []byte, wtyp protowire.Type, m pro } func (o UnmarshalOptions) unmarshalMap(b []byte, wtyp protowire.Type, mapv protoreflect.Map, fd protoreflect.FieldDescriptor) (n int, err error) { + if o.RecursionLimit--; o.RecursionLimit < 0 { + return 0, errRecursionDepth + } if wtyp != protowire.BytesType { return 0, errUnknown } @@ -305,3 +307,5 @@ func (o UnmarshalOptions) unmarshalMap(b []byte, wtyp protowire.Type, mapv proto var errUnknown = errors.New("BUG: internal error (unknown)") var errDecode = errors.New("cannot parse invalid wire-format data") + +var errRecursionDepth = errors.New("exceeded maximum recursion depth") diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go index 4eacb523..0b23faa9 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go @@ -69,6 +69,8 @@ const ( // comparison. Edition_EDITION_2023 Edition = 1000 Edition_EDITION_2024 Edition = 1001 + // A placeholder edition for developing and testing unscheduled features. + Edition_EDITION_UNSTABLE Edition = 9999 // Placeholder editions for testing feature resolution. These should not be // used or relied on outside of tests. Edition_EDITION_1_TEST_ONLY Edition = 1 @@ -91,6 +93,7 @@ var ( 999: "EDITION_PROTO3", 1000: "EDITION_2023", 1001: "EDITION_2024", + 9999: "EDITION_UNSTABLE", 1: "EDITION_1_TEST_ONLY", 2: "EDITION_2_TEST_ONLY", 99997: "EDITION_99997_TEST_ONLY", @@ -105,6 +108,7 @@ var ( "EDITION_PROTO3": 999, "EDITION_2023": 1000, "EDITION_2024": 1001, + "EDITION_UNSTABLE": 9999, "EDITION_1_TEST_ONLY": 1, "EDITION_2_TEST_ONLY": 2, "EDITION_99997_TEST_ONLY": 99997, @@ -4793,11 +4797,11 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "\x18EnumValueDescriptorProto\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\x12\x16\n" + "\x06number\x18\x02 \x01(\x05R\x06number\x12;\n" + - "\aoptions\x18\x03 \x01(\v2!.google.protobuf.EnumValueOptionsR\aoptions\"\xa7\x01\n" + + "\aoptions\x18\x03 \x01(\v2!.google.protobuf.EnumValueOptionsR\aoptions\"\xb5\x01\n" + "\x16ServiceDescriptorProto\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\x12>\n" + "\x06method\x18\x02 \x03(\v2&.google.protobuf.MethodDescriptorProtoR\x06method\x129\n" + - "\aoptions\x18\x03 \x01(\v2\x1f.google.protobuf.ServiceOptionsR\aoptions\"\x89\x02\n" + + "\aoptions\x18\x03 \x01(\v2\x1f.google.protobuf.ServiceOptionsR\aoptionsJ\x04\b\x04\x10\x05R\x06stream\"\x89\x02\n" + "\x15MethodDescriptorProto\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\x12\x1d\n" + "\n" + @@ -5033,14 +5037,15 @@ const file_google_protobuf_descriptor_proto_rawDesc = "" + "\bSemantic\x12\b\n" + "\x04NONE\x10\x00\x12\a\n" + "\x03SET\x10\x01\x12\t\n" + - "\x05ALIAS\x10\x02*\xa7\x02\n" + + "\x05ALIAS\x10\x02*\xbe\x02\n" + "\aEdition\x12\x13\n" + "\x0fEDITION_UNKNOWN\x10\x00\x12\x13\n" + "\x0eEDITION_LEGACY\x10\x84\a\x12\x13\n" + "\x0eEDITION_PROTO2\x10\xe6\a\x12\x13\n" + "\x0eEDITION_PROTO3\x10\xe7\a\x12\x11\n" + "\fEDITION_2023\x10\xe8\a\x12\x11\n" + - "\fEDITION_2024\x10\xe9\a\x12\x17\n" + + "\fEDITION_2024\x10\xe9\a\x12\x15\n" + + "\x10EDITION_UNSTABLE\x10\x8fN\x12\x17\n" + "\x13EDITION_1_TEST_ONLY\x10\x01\x12\x17\n" + "\x13EDITION_2_TEST_ONLY\x10\x02\x12\x1d\n" + "\x17EDITION_99997_TEST_ONLY\x10\x9d\x8d\x06\x12\x1d\n" + diff --git a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go index 06d584c1..484c21fd 100644 --- a/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go +++ b/ci/resources/stemcell-version-bump/vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go @@ -172,13 +172,14 @@ import ( // ) to obtain a formatter capable of generating timestamps in this format. type Timestamp struct { state protoimpl.MessageState `protogen:"open.v1"` - // Represents seconds of UTC time since Unix epoch - // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - // 9999-12-31T23:59:59Z inclusive. + // Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must + // be between -315576000000 and 315576000000 inclusive (which corresponds to + // 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z). Seconds int64 `protobuf:"varint,1,opt,name=seconds,proto3" json:"seconds,omitempty"` - // Non-negative fractions of a second at nanosecond resolution. Negative - // second values with fractions must still have non-negative nanos values - // that count forward in time. Must be from 0 to 999,999,999 + // Non-negative fractions of a second at nanosecond resolution. This field is + // the nanosecond portion of the duration, not an alternative to seconds. + // Negative second values with fractions must still have non-negative nanos + // values that count forward in time. Must be between 0 and 999,999,999 // inclusive. Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"` unknownFields protoimpl.UnknownFields diff --git a/ci/resources/stemcell-version-bump/vendor/modules.txt b/ci/resources/stemcell-version-bump/vendor/modules.txt index 347044fd..6c948277 100644 --- a/ci/resources/stemcell-version-bump/vendor/modules.txt +++ b/ci/resources/stemcell-version-bump/vendor/modules.txt @@ -256,7 +256,7 @@ go.opentelemetry.io/otel/trace go.opentelemetry.io/otel/trace/embedded go.opentelemetry.io/otel/trace/internal/telemetry go.opentelemetry.io/otel/trace/noop -# golang.org/x/crypto v0.45.0 +# golang.org/x/crypto v0.46.0 ## explicit; go 1.24.0 golang.org/x/crypto/chacha20 golang.org/x/crypto/chacha20poly1305 @@ -265,7 +265,7 @@ golang.org/x/crypto/cryptobyte/asn1 golang.org/x/crypto/hkdf golang.org/x/crypto/internal/alias golang.org/x/crypto/internal/poly1305 -# golang.org/x/net v0.47.0 +# golang.org/x/net v0.48.0 ## explicit; go 1.24.0 golang.org/x/net/http/httpguts golang.org/x/net/http2 @@ -274,7 +274,7 @@ golang.org/x/net/idna golang.org/x/net/internal/httpcommon golang.org/x/net/internal/timeseries golang.org/x/net/trace -# golang.org/x/oauth2 v0.33.0 +# golang.org/x/oauth2 v0.34.0 ## explicit; go 1.24.0 golang.org/x/oauth2 golang.org/x/oauth2/authhandler @@ -286,16 +286,16 @@ golang.org/x/oauth2/google/internal/stsexchange golang.org/x/oauth2/internal golang.org/x/oauth2/jws golang.org/x/oauth2/jwt -# golang.org/x/sync v0.18.0 +# golang.org/x/sync v0.19.0 ## explicit; go 1.24.0 golang.org/x/sync/semaphore -# golang.org/x/sys v0.38.0 +# golang.org/x/sys v0.39.0 ## explicit; go 1.24.0 golang.org/x/sys/cpu golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry -# golang.org/x/text v0.31.0 +# golang.org/x/text v0.32.0 ## explicit; go 1.24.0 golang.org/x/text/secure/bidirule golang.org/x/text/transform @@ -304,13 +304,14 @@ golang.org/x/text/unicode/norm # golang.org/x/time v0.14.0 ## explicit; go 1.24.0 golang.org/x/time/rate -# google.golang.org/api v0.257.0 +# google.golang.org/api v0.258.0 ## explicit; go 1.24.0 google.golang.org/api/googleapi google.golang.org/api/googleapi/transport google.golang.org/api/iamcredentials/v1 google.golang.org/api/internal google.golang.org/api/internal/cert +google.golang.org/api/internal/credentialstype google.golang.org/api/internal/gensupport google.golang.org/api/internal/impersonate google.golang.org/api/internal/third_party/uritemplates @@ -336,7 +337,7 @@ google.golang.org/genproto/googleapis/api/expr/v1alpha1 google.golang.org/genproto/googleapis/api/label google.golang.org/genproto/googleapis/api/metric google.golang.org/genproto/googleapis/api/monitoredres -# google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20251213004720-97cd9d5aeac2 ## explicit; go 1.24.0 google.golang.org/genproto/googleapis/rpc/code google.golang.org/genproto/googleapis/rpc/errdetails @@ -496,7 +497,7 @@ google.golang.org/grpc/xds google.golang.org/grpc/xds/bootstrap google.golang.org/grpc/xds/csds google.golang.org/grpc/xds/googledirectpath -# google.golang.org/protobuf v1.36.10 +# google.golang.org/protobuf v1.36.11 ## explicit; go 1.23 google.golang.org/protobuf/encoding/protojson google.golang.org/protobuf/encoding/prototext