prepare 6.7.14 release (launchdarkly#206)

* fix broken link in Markdown docs (launchdarkly#246)

* make sure newly added credentials for existing environments are accepted in requests (launchdarkly#244)

* don't return 503 if SDK initialization has timed out

* add in-repo docs about error/503 behavior (launchdarkly#249)

* [ch102255] BigSegments DynamoDB (launchdarkly#245)

* add init timeout config option + better test coverage + misc refactoring (launchdarkly#250)

* fix example build command

* use public prerelease tags instead of private dependencies

* fix Go installation in CI

* update SDK dependencies for JSON number parsing bugfix

* update gorilla/mux to 1.8.0

* update OpenCensus packages

* add Go 1.16 CI + "latest Go" CI + use latest 1.15 patch for release

* cimg images use "current", not "latest"

* seems there isn't any cimg/go "latest" or "current"

* add daily package build test in CI

* job names

* bump SDK version for traffic allocation feature

* [ch113491] update alpine base image (launchdarkly#258)

* use latest prerelease SDK

* fix enabling of test tags in CI

* add DynamoDB docker image in CI

* set a polling base URI in end-to-end tests since big segments logic will use it

* fix initialization logic so SDK client creation errors aren't lost when big segments are enabled

* fix use of prefix key in DynamoDB + improve tests (launchdarkly#260)

* more debug logging, less info logging for big segments logic

* make logging of big segments patch version mismatch clearer and use Warn level

* fix log parameter

* fix DynamoDB updates for big segments metadata

* add test to make sure sync time and cursor can be updated independently

* only start big seg synchronizer if necessary

* use SDK GA releases

* change applyPatch to exit early on version mismatch; go back to restarting stream in this case

* add unit tests for version mismatch behavior + DRY tests

* add log assertion

* fix retry logic on big segments stream failure

* add more logging for big segments connection status

* fix logging assertion

* add more big segments integration tests

* fix overly-time-sensitive file data tests

* fix more flaky tests

* run big segments tests with DynamoDB too

* Migrate transitive dep (jwt-go) to use modern version without vulnerability.

* Edit doc

* move Relay release logic to .ldrelease script

* suppress SDK big segments status query if we've never synced big segments

* dump Relay logs including debug logs if integration test fails

* include environment prefix in BigSegmentSynchronizer logging

* increase big segment integration test timeout (launchdarkly#274)

* generate client-side stream pings if big segments have changed

* clear big segments cache as needed + simplify state management

* fix tests and simplify component creation

* use GA releases of SDK packages

* disable CI package-build-test in Go 1.16+

* Migrate Relay release to Releaser v2 and support dry run (launchdarkly#278)

* Adding degraded doc blurb for big segments (launchdarkly#280)

* respect Redis password & TLS options for big segments; add Redis password integration tests

* redact Redis URL password in logs and status resource

* update go-server-sdk-redis-redigo to 1.2.1 for Redis URL logging fix

* Part 1, add the config and the documentation for the new config

* Part 2, Add the configuration validation and test

* Part 3, the actual logic to include the headers in the CORS Access-Control-Allow-Headers

* Linter

* update Alpine version to 3.14.2 to fix openssl CVEs

* Fix the global variable modification

* Go format

* turn off unnecessary metrics integrations in config for Docker smoke test

* rename test.env to smoke-test.env to clarify what it's for

* fix setting of custom Access-Control-Allow-Origin and add test (launchdarkly#285)

* add more explanatory test output and more verbose debugging for big segments integration tests (launchdarkly#287)

* update to Go 1.16.10 + Alpine 3.14.3; add some docs about releases (launchdarkly#288)

* update go-server-sdk-consul version for Consul API version update

* override x/crypto dependency version for CVE-2020-29652

* bump Prometheus dependency to eliminate jwt-go vulnerability

* drop support for Go 1.14 & 1.15

* make sure defaults are always applied for base URL properties

* rm unused

* rm unnecessary linter directive

* add separate configuration for server-side/client-side SDK base URLs & update the defaults

* remove Whitesource CI job + remove obsolete dependency issue note

* don't include any big segment status info in status resource unless that feature is active (launchdarkly#296)

* don't include any big segment status info in status resource unless that feature is active

* fix Big Segments staleness logic in status resource

* documentation

* update x/text package for vulnerability GO-2021-0113

* add Trivy security scan to CI (launchdarkly#297)

* add daily re-scan with Trivy

* use long timeout when awaiting changes related to file mod watching

* update Go version to 1.17.6 (launchdarkly#301)

* always terminate if auto-config stream fails with a fatal error

* pass along tags header when proxying events

* comments, rm debugging

* fix auth header logic

* fix auth header logic some more

* comments

* add tags header to CORS header whitelist (launchdarkly#304)

* update to Alpine 3.14.4 for CVE-2022-0778 fix

* force upgrade of openssl in Alpine

* also upgrade libretls

* fix it in both files

* update to Alpine 3.14.5 for CVE-2022-0778/CVE-2018-25032 (launchdarkly#308)

* update to Alpine 3.14.5 for CVE-2022-0778

* revert patches that are now included in Alpine 3.14.5

* add scripts for checking and updating Go/Alpine versions (launchdarkly#309)

* update to Alpine 3.14.5 for CVE-2022-0778

* add scripts for checking and updating Go/Alpine versions

* also make sure the Docker images really exist

* update CONTRIBUTING.md

* fix file rename

* revert patches that are now included in Alpine 3.14.5

* update Alpine to 3.14.6 for CVE-2022-28391

* update SDK packages (includes sc-136333 fix)

* don't include "v" prefix in Docker image version

* update go-server-sdk-dynamodb for data size error fix & add docs (launchdarkly#316)

* update builds to use Go 1.17.9 and fix the update script

* update go-server-sdk-consul to latest release

* update remote Docker version

* update golang.org/x/crypto for CVE-2022-27191 (launchdarkly#321)

* update golang.org/x/crypto for CVE-2022-27191

* fix go.sum

* update eventsource for SSE output efficiency fix (launchdarkly#322)

* Cache the replay event in case we get multiple new client connections (launchdarkly#189)

* Cache the replay event in case we get multiple new client connections

* Use singleflight to ensure only one replay event is generated at a time

Co-authored-by: Moshe Good <[email protected]>

* don't install curl in Docker images

* fix makefile logic for lint step

* remove indirect curl-based request logic in integration tests

* fix linter installation

* update Go to 1.17.11, Alpine to 3.16.0

* improve concurrency test to verify that the data is or isn't from a separate query

* fix lint warnings and remove unnecessary error return

* update libssl & libcrypto versions for CVE-2022-2097

* add security scan of already-published Docker image (launchdarkly#328)

* update Alpine version and some Go libraries to address CVEs (launchdarkly#329)

* use Alpine 3.16.1

* update golang.org/x/net and golang.org/x/sync patch versions for CVEs

* update golang.org/x/sys patch version for CVE

* update Prometheus client library for CVE-2022-21698

* ensure that DynamoDB config is consistent between Big Segments and regular data store

* comment

* update Alpine to 3.16.2

* update golangci-lint and go-junit-report

* fix CI

* prevent traversal of directories outside target path when expanding archive

* enforce TLS >= 1.2 for secure Redis

* misc linter updates

* fix test message

* add Go 1.18 & 1.19 jobs

* make test expectation less Go-version-dependent

* linting

* revert unnecessary change

* fix installation of test coverage tool

* migrate to AWS Go SDK v2 for DynamoDB (launchdarkly#333)

* update to Go 1.19.2

* update golang.org/x/net for CVE-2022-27664

* update golang.org/x/text for CVE-2022-32149

* update Consul API dependency to avoid false report of CVE-2022-40716

* switch to fork of Stackdriver metrics client to remove AWS transitive dependency (launchdarkly#343)

Co-authored-by: Eli Bishop <[email protected]>
Co-authored-by: LaunchDarklyCI <[email protected]>
Co-authored-by: hroederld <[email protected]>
Co-authored-by: LaunchDarklyReleaseBot <[email protected]>
Co-authored-by: Dan Richelson <[email protected]>
Co-authored-by: Dan Richelson <[email protected]>
Co-authored-by: Ben Woskow <[email protected]>
Co-authored-by: Ben Woskow <[email protected]>
Co-authored-by: Louis Chan <[email protected]>
Co-authored-by: Louis Chan <[email protected]>
Co-authored-by: Moshe Good <[email protected]>
Co-authored-by: Moshe Good <[email protected]>

.circleci/config.yml

@@ -9,7 +9,7 @@ parameters:
   # override it in any parameterized builds, but just as a convenient shareable constant
   go-release-version:
     type: string
-    default: "1.17.11"
+    default: "1.19.2"
 
   # We use a remote Docker host in some CI jobs that need to run Docker containers.
   # As of 2022-04-15, the default Docker daemon version was 17.09.0-ce, which started
@@ -35,8 +35,14 @@ workflows:
           # This build has a deliberately unpinned version so that if a new Go major version
           # is released before we have updated the build, we can detect any problems early
           docker-image: circleci/golang:latest
+      - go-test:
+          name: Go 1.19
+          docker-image: cimg/go:1.19
           run-lint: true
           test-coverage: true
+      - go-test:
+          name: Go 1.18
+          docker-image: cimg/go:1.18
       - go-test:
           name: Go 1.17
           docker-image: cimg/go:1.17
@@ -135,7 +141,7 @@ jobs:
       - run: go version && go env
       - run:
           name: install go-junit-report
-          command: go install github.com/jstemmer/go-junit-report@v0.9.1
+          command: go install github.com/jstemmer/go-junit-report/[email protected]
       - when:
           condition: <<parameters.run-lint>>
           steps:

.golangci.yml

@@ -20,7 +20,6 @@ linters:
     - godox
     - gofmt
     - goimports
-    - golint
     - gosec
     - gosimple
     - govet
@@ -32,7 +31,6 @@ linters:
     - nolintlint
     - prealloc
     - staticcheck
-    - structcheck
     - stylecheck
     - typecheck
     - unconvert
@@ -56,12 +54,9 @@ issues:
         - bodyclose
         - goconst
         - gochecknoglobals
-        - golint
-    - path: enterprise/ld-relay-enterprise.go  # temporary exclusion because linter is confused by two command-line entry points
+    - path: integrationtests
       linters:
-        - deadcode
-        - golint
-        - unused
+        - stylecheck
   exclude-use-default: false
   max-same-issues: 1000
   max-per-linter: 1000

.ldrelease/config.yml

@@ -38,7 +38,7 @@ repo:
 
 jobs:
   - docker:
-      image: cimg/go:1.17.11   # See "Runtime platform versions" in CONTRIBUTING.md
+      image: cimg/go:1.19.2   # See "Runtime platform versions" in CONTRIBUTING.md
       copyGitHistory: true
     template:
       name: go

Dockerfile

@@ -1,6 +1,6 @@
 # This is a standalone Dockerfile that does not depend on goreleaser building the binary
 # It is NOT the version that is pushed to dockerhub
-FROM golang:1.17.11-alpine3.16 as builder
+FROM golang:1.19.2-alpine3.16 as builder
 # See "Runtime platform versions" in CONTRIBUTING.md
 
 RUN apk --no-cache add \

Makefile

@@ -1,5 +1,5 @@
 
-GOLANGCI_LINT_VERSION=v1.27.0
+GOLANGCI_LINT_VERSION=v1.48.0
 
 LINTER=./bin/golangci-lint
 LINTER_VERSION_FILE=./bin/.golangci-lint-version-$(GOLANGCI_LINT_VERSION)
@@ -32,7 +32,7 @@ test:
 	go test -race -v $(OPTIONAL_TAGS_PARAM) ./...
 
 test-coverage: $(COVERAGE_PROFILE_RAW)
-	if [ ! -x "$(GOPATH)/bin/go-coverage-enforcer)" ]; then go get -u github.com/launchdarkly-labs/go-coverage-enforcer; fi
+	if [ ! -x "$(GOPATH)/bin/go-coverage-enforcer)" ]; then go install github.com/launchdarkly-labs/go-coverage-enforcer@latest; fi
 	$(GOPATH)/bin/go-coverage-enforcer $(COVERAGE_ENFORCER_FLAGS) -outprofile $(COVERAGE_PROFILE_FILTERED) $(COVERAGE_PROFILE_RAW) || true
 	@# added || true because we don't currently want go-coverage-enforcer to stop the build due to coverage gaps
 	go tool cover -html $(COVERAGE_PROFILE_FILTERED) -o $(COVERAGE_PROFILE_FILTERED_HTML)

_testservice/processes.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"strconv"
@@ -29,7 +28,7 @@ func startProcess(serviceName string, serviceArgs []string) error {
 	}
 	pid := cmd.Process.Pid
 
-	if err := ioutil.WriteFile(pidFile, []byte(strconv.Itoa(pid)), 0644); err != nil {
+	if err := os.WriteFile(pidFile, []byte(strconv.Itoa(pid)), 0644); err != nil {
 		fmt.Fprintln(os.Stderr, "couldn't write PID file - killing process")
 		_ = cmd.Process.Kill()
 		return err
@@ -40,7 +39,7 @@ func startProcess(serviceName string, serviceArgs []string) error {
 
 func stopProcess(serviceName string) error {
 	pidFile := pidFileName(serviceName)
-	data, err := ioutil.ReadFile(pidFile)
+	data, err := os.ReadFile(pidFile)
 	if err != nil {
 		return fmt.Errorf("%s not found", pidFile)
 	}

config/config_from_file_test.go

@@ -1,7 +1,7 @@
 package config
 
 import (
-	"io/ioutil"
+	"os"
 	"testing"
 	"time"
 
@@ -181,7 +181,7 @@ LogLevel = "wrong"`,
 
 func testFileWithValidConfig(t *testing.T, tdc testDataValidConfig) {
 	helpers.WithTempFile(func(filename string) {
-		require.NoError(t, ioutil.WriteFile(filename, []byte(tdc.fileContent), 0))
+		require.NoError(t, os.WriteFile(filename, []byte(tdc.fileContent), 0))
 
 		var c Config
 		mockLog := ldlogtest.NewMockLog()
@@ -193,7 +193,7 @@ func testFileWithValidConfig(t *testing.T, tdc testDataValidConfig) {
 
 func testFileWithInvalidConfig(t *testing.T, fileContent string, errMessage string) {
 	helpers.WithTempFile(func(filename string) {
-		require.NoError(t, ioutil.WriteFile(filename, []byte(fileContent), 0))
+		require.NoError(t, os.WriteFile(filename, []byte(fileContent), 0))
 
 		var c Config
 		err := LoadConfigFile(&c, filename, ldlog.NewDisabledLoggers())

go.mod

@@ -4,56 +4,47 @@ go 1.16
 
 require (
 	contrib.go.opencensus.io/exporter/prometheus v0.4.0
-	contrib.go.opencensus.io/exporter/stackdriver v0.13.6
 	github.com/DataDog/datadog-go v3.7.2+incompatible // indirect
 	github.com/DataDog/opencensus-go-exporter-datadog v0.0.0-20210527074920-9baf37265e83
 	github.com/antihax/optional v1.0.0
-	github.com/armon/go-metrics v0.3.9 // indirect
-	github.com/aws/aws-sdk-go v1.40.45
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/fatih/color v1.12.0 // indirect
-	github.com/fsnotify/fsnotify v1.4.9
-	github.com/go-kit/log v0.2.0 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.16.14
+	github.com/aws/aws-sdk-go-v2/config v1.17.5
+	github.com/aws/aws-sdk-go-v2/credentials v1.12.18
+	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.16.4
+	github.com/cyphar/filepath-securejoin v0.2.3
+	github.com/fsnotify/fsnotify v1.5.1
 	github.com/go-redis/redis/v8 v8.8.0
 	github.com/gomodule/redigo v1.8.2
-	github.com/google/go-cmp v0.5.6 // indirect
+	github.com/google/uuid v1.3.0 // indirect
 	github.com/gorilla/mux v1.8.0
-	github.com/gregjones/httpcache v0.0.0-20171119193500-2bcd89a1743f
-	github.com/hashicorp/consul/api v1.12.0
+	github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7
+	github.com/hashicorp/consul/api v1.15.3
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-hclog v0.16.2 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/kardianos/minwinsvc v0.0.0-20151122163309-cad6b2b879b0
-	github.com/kr/text v0.2.0 // indirect
 	github.com/launchdarkly/api-client-go v5.0.3+incompatible
 	github.com/launchdarkly/eventsource v1.7.1
 	github.com/launchdarkly/go-configtypes v1.1.0
 	github.com/launchdarkly/go-server-sdk-consul v1.0.2
-	github.com/launchdarkly/go-server-sdk-dynamodb v1.1.1
+	github.com/launchdarkly/go-server-sdk-dynamodb/v2 v2.0.0
 	github.com/launchdarkly/go-server-sdk-redis-redigo v1.2.1
 	github.com/launchdarkly/go-test-helpers/v2 v2.3.1
-	github.com/mattn/go-isatty v0.0.14 // indirect
-	github.com/miekg/dns v1.1.43 // indirect
-	github.com/mitchellh/mapstructure v1.4.2 // indirect
-	github.com/onsi/gomega v1.13.0 // indirect
+	github.com/launchdarkly/opencensus-go-exporter-stackdriver v0.14.2
 	github.com/pborman/uuid v1.2.0
-	github.com/prometheus/client_golang v1.11.1 // indirect
-	github.com/prometheus/common v0.30.0 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/stretchr/testify v1.7.0
+	github.com/prometheus/client_golang v1.11.1 // indirect; override to address CVE-2022-21698
+	github.com/stretchr/testify v1.7.1
 	go.opencensus.io v0.23.0
 	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
-	golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect; fixes CVE-2021-44716
-	golang.org/x/sync v0.0.0-20220513210516-0976fa681c29
-	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect; fixes CVE-2022-29526
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/net v0.0.0-20220906165146-f3363e06e74c // indirect; override to address CVE-2022-27664
+	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
+	golang.org/x/text v0.3.8 // indirect; override to address CVE-2022-32149
 	gopkg.in/gcfg.v1 v1.2.3
 	gopkg.in/launchdarkly/go-jsonstream.v1 v1.0.1
 	gopkg.in/launchdarkly/go-sdk-common.v2 v2.4.0
 	gopkg.in/launchdarkly/go-sdk-events.v1 v1.1.1
 	gopkg.in/launchdarkly/go-server-sdk-evaluation.v1 v1.5.0
 	gopkg.in/launchdarkly/go-server-sdk.v5 v5.9.0
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	gopkg.in/yaml.v3 v3.0.0 // indirect
 )