Upgrade github.com/mostynb/go-grpc-compression to avoid decompression bomb DoS

mostynb/go-grpc-compression#27

Author: mostynb

.bazelci/buildkite-install-go.sh

@@ -2,5 +2,5 @@
 
 set -euo pipefail
 
-wget -o $HOME/go1.16.7.linux-amd64.tar.gz https://golang.org/dl/go1.16.7.linux-amd64.tar.gz 1>&2
-tar -xv -C $HOME -f go1.16.7.linux-amd64.tar.gz 1>&2
+wget -o $HOME/go1.22.4.linux-amd64.tar.gz https://golang.org/dl/go1.22.4.linux-amd64.tar.gz 1>&2
+tar -xv -C $HOME -f go1.22.4.linux-amd64.tar.gz 1>&2

.bazelci/presubmit.yml

@@ -6,29 +6,35 @@ buildifier:
 tasks:
   ubuntu1604:
     platform: ubuntu1604
+    bazel: 4.2.2
     build_targets:
     - "..."
     test_targets:
     - "..."
   ubuntu1804:
     platform: ubuntu1804
+    bazel: 4.2.2
     build_targets:
     - "..."
     test_targets:
     - "..."
   ubuntu2004:
     platform: ubuntu2004
+    bazel: 4.2.2
     build_targets:
     - "..."
     test_targets:
     - "..."
-  macos:
-    platform: macos
-    build_targets:
-    # Skip the (linux) container image targets, just build the binary.
-    - "//:bazel-remote"
-    test_targets:
-    - "..."
+# MacOS builds for this old version no longer work on bazelci.
+#  macos:
+#    platform: macos
+#    xcode_version: "13.2.1"
+#    bazel: 4.2.2
+#    build_targets:
+#    # Skip the (linux) container image targets, just build the binary.
+#    - "//:bazel-remote"
+#    test_targets:
+#    - "..."
   # A series of checks, each in a separate job due to
   # https://github.com/bazelbuild/continuous-integration/issues/938
   check_gofmt:

.bazelci/system-test.sh

@@ -5,6 +5,8 @@ set -e
 set -u
 set -o pipefail
 
+export USE_BAZEL_VERSION=4.2.2
+
 SRC_ROOT=$(dirname "$0")/..
 SRC_ROOT=$(realpath "$SRC_ROOT")
 cd "$SRC_ROOT"
@@ -18,7 +20,7 @@ summary=""
 
 if [ ! -e minio ]
 then
-	wget https://dl.min.io/server/minio/release/linux-amd64/minio
+	wget -O minio https://dl.min.io/server/minio/release/linux-amd64/archive/minio.RELEASE.2021-12-29T06-49-06Z
 	chmod +x minio
 fi
 if [ ! -e mc ]

genproto/build/bazel/remote/execution/v2/remote_execution.pb.go

@@ -1,27 +1,26 @@
 module github.com/buchgr/bazel-remote
 
 require (
-	cloud.google.com/go v0.61.0 // indirect
 	github.com/abbot/go-http-auth v0.4.1-0.20181019201920-860ed7f246ff
-	github.com/bazelbuild/remote-apis v0.0.0-20200708200203-1252343900d9
 	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
 	github.com/djherbis/atime v1.0.0
-	github.com/golang/protobuf v1.4.2
-	github.com/google/go-cmp v0.5.0
-	github.com/google/uuid v1.1.1
+	github.com/golang/protobuf v1.5.4
+	github.com/google/go-cmp v0.6.0
+	github.com/google/uuid v1.6.0
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
 	github.com/klauspost/cpuid v1.3.1 // indirect
 	github.com/minio/minio-go/v7 v7.0.1
-	github.com/mostynb/go-grpc-compression v1.1.4
+	github.com/mostynb/go-grpc-compression v1.2.3
 	github.com/prometheus/client_golang v1.7.1
 	github.com/slok/go-http-metrics v0.8.0
 	github.com/smartystreets/goconvey v1.6.4 // indirect
 	github.com/urfave/cli/v2 v2.2.0
-	golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899 // indirect
-	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
-	golang.org/x/sys v0.0.0-20200720211630-cb9d2d5c5666 // indirect
-	google.golang.org/genproto v0.0.0-20200722002428-88e341933a54
-	google.golang.org/grpc v1.31.0
+	golang.org/x/oauth2 v0.18.0
+	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9
+	google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237
+	google.golang.org/genproto/googleapis/bytestream v0.0.0-20240304161311-37d4d3c04a78
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237
+	google.golang.org/grpc v1.64.0
 	gopkg.in/yaml.v2 v2.3.0
 )