bump(deps): bump github.com/pion/dtls from v2.2.12 to v3.1.1#1406
bump(deps): bump github.com/pion/dtls from v2.2.12 to v3.1.1#1406kongfei605 merged 1 commit intoflashcatcloud:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the DTLS dependency to the v3 major version and adapts the x509_cert input’s DTLS/UDP certificate retrieval to the new API.
Changes:
- Switch
github.com/pion/dtlsimport from/v2to/v3and update the DTLS client call site. - Update UDP handling to resolve/dial using
net.ResolveUDPAddr+net.DialUDP, and adjust how peer certificates are read from DTLS connection state. - Refresh Go module dependencies (
go.mod/go.sum) to reflect the new DTLS/transports versions.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| inputs/x509_cert/x509_cert.go | Migrates DTLS client usage to v3 API and updates UDP connection setup/cert extraction. |
| go.mod | Bumps DTLS to v3 and updates related indirect dependencies (logging/transport); reclassifies go-sysinfo as direct. |
| go.sum | Updates checksums to match the new DTLS/logging/transport versions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| raddr, err := net.ResolveUDPAddr(u.Scheme, u.Host) | ||
| if err != nil { | ||
| return nil, nil, err | ||
| } | ||
| ipConn, err := net.DialUDP(u.Scheme, nil, raddr) | ||
| if err != nil { |
There was a problem hiding this comment.
The timeout parameter is no longer applied for the UDP/DTLS path: ResolveUDPAddr + DialUDP don’t enforce any timeout, which can cause the DTLS handshake/cert fetch to hang indefinitely. Apply the timeout by setting deadlines on ipConn (e.g., SetDeadline(time.Now().Add(timeout)) for the handshake), or use a net.Dialer{Timeout: timeout} approach and ensure the resulting conn is a *net.UDPConn for dtls.Client.
| defer conn.Close() | ||
|
|
||
| rawCerts := conn.ConnectionState().PeerCertificates | ||
| state, _ := conn.ConnectionState() |
There was a problem hiding this comment.
conn.ConnectionState() returns a second value that is being discarded. If that value indicates an error (or handshake not completed), the current code will silently proceed and likely return an empty cert chain with a nil error. Handle the second return value and propagate a failure so callers get a clear error when the DTLS connection state can’t be retrieved.
| state, _ := conn.ConnectionState() | |
| state, err := conn.ConnectionState() | |
| if err != nil { | |
| return nil, nil, err | |
| } |
| github.com/opencontainers/selinux v1.13.0 | ||
| github.com/percona/percona-toolkit v0.0.0-20211210121818-b2860eee3152 | ||
| github.com/pion/dtls/v2 v2.2.12 | ||
| github.com/pion/dtls/v3 v3.1.2 |
There was a problem hiding this comment.
PR title says the dependency is bumped to github.com/pion/dtls v3.1.1, but go.mod is requiring v3.1.2 (and go.sum matches v3.1.2). Please align the PR title (or the module version) so the metadata matches what’s actually being vendored.
https://github.com/flashcatcloud/categraf/security/dependabot/48