Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Remove deprecated log package #306

Merged
merged 1 commit into from
Jun 3, 2021
Merged

Remove deprecated log package #306

merged 1 commit into from
Jun 3, 2021

Conversation

SuperQ
Copy link
Member

@SuperQ SuperQ commented Jun 3, 2021

This package has been deprecated since 2020-01-20.

Signed-off-by: SuperQ superq@gmail.com

@SuperQ
Remove deprecated log package
a184d5b 
This package has been deprecated since 2020-01-20.

Signed-off-by: SuperQ <superq@gmail.com>
@SuperQ SuperQ requested a review from roidelapluie June 3, 2021 12:08
@SuperQ SuperQ merged commit 6ef301f into main Jun 3, 2021
@SuperQ SuperQ deleted the superq/remove_old_log branch June 3, 2021 14:37
This was referenced Jun 4, 2021
Closed
Merged
@dgrove-oss dgrove-oss mentioned this pull request Jun 8, 2021
Closed
@mweinelt mweinelt mentioned this pull request Jul 22, 2021
Closed
@mihail-i4v mihail-i4v mentioned this pull request Aug 2, 2021
Closed
@ribasushi ribasushi mentioned this pull request Oct 7, 2021
Merged
@bboreham bboreham mentioned this pull request Oct 28, 2021
Closed
@ghost ghost mentioned this pull request Dec 5, 2021
Open
soapiestwaffles added a commit to soapiestwaffles/ping_exporter that referenced this pull request Dec 11, 2021
@soapiestwaffles
Update dependencies and golang version
fa248aa 
ℹ️ Note: prometheus/common: as of v0.27.0 / 2021-06-03, the deprecated `log` package was removed. see prometheus/common#306 for details.
As a result, it has been replaced with the existing logrus logger.
@bvwells bvwells mentioned this pull request Dec 14, 2021
Closed
@idoqo idoqo mentioned this pull request Mar 25, 2022
Closed
RoryCrispin pushed a commit to RoryCrispin/gcp-quota-exporter that referenced this pull request Jun 1, 2022
Update Go and package dependencies
362a190 
Go updated to 1.18

Packages updated to the lastes versions for each.

Upgrading `github.com/prometheus/common` encountered the breaking change in
which removed the Log package (prometheus/common#306),
so the logging code has also been updated to use promlog instead.

Mitigates security issues:

GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.
https://nvd.nist.gov/vuln/detail/CVE-2020-35380

GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.
https://nvd.nist.gov/vuln/detail/CVE-2020-36066

GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.
https://nvd.nist.gov/vuln/detail/CVE-2020-36067

GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
https://nvd.nist.gov/vuln/detail/CVE-2021-42836

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
https://nvd.nist.gov/vuln/detail/CVE-2020-14040
@RoryCrispin RoryCrispin mentioned this pull request Jun 1, 2022
Merged
@muety muety mentioned this pull request Jul 18, 2022
Open
@benjaminguttmann-avtq benjaminguttmann-avtq mentioned this pull request Aug 11, 2022
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@roidelapluie roidelapluie roidelapluie approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SuperQ @roidelapluie