Bump github.com/google/trillian from 1.5.3 to 1.6.0

[dependabot]

Bumps github.com/google/trillian from 1.5.3 to 1.6.0.

Release notes

Sourced from github.com/google/trillian's releases.

v1.6.0

What's Changed

Storage

• Support for skipping subtree revisions to increase read performance and reduce disk usage by @​mhutchinson in google/trillian#3201
• Skip SELECTing revision that isn't used by @​mhutchinson in google/trillian#3207
• Inlined storage/sql.go into both implementations that use it by @​mhutchinson in google/trillian#3235

CI

• Disable the OS package patches to bypass the mysql8 gpg key rotation issue by @​roger2hk in google/trillian#3270
• Switch from using unmaintained Google Cloud mysql db image to dockerhub official image by @​patflynn in google/trillian#3272
• Strip unused docker image manipulation from cloudbuild by @​mhutchinson in google/trillian#3278
• Updated all MySQL deps to 8.0 #3182 by @​mhutchinson in google/trillian#3183
• Do vuln scanning with a version of Go not subject to GO-2023-2185 by @​mhutchinson in google/trillian#3202
• Increase some timeouts in integration tests by @​mhutchinson in google/trillian#3203
• Move golangci-lint from Cloud Build to GitHub Action by @​roger2hk in google/trillian#3188

Misc

• Updated Slack channel details by @​mhutchinson in google/trillian#3214
• Make uninitializedBegin test accurately test its intention by @​mhutchinson in google/trillian#3244
• Disable race condition checking for beam code by @​mhutchinson in google/trillian#3249
• Changelog for v1.6.0 release by @​mhutchinson in google/trillian#3285

Dependency updates

• Bump golangci-lint from 1.51.1 to 1.55.1 by @​roger2hk in google/trillian#3177
• Bump k8s.io/klog/v2 from 2.100.1 to 2.110.1 by @​dependabot in google/trillian#3175
• Bump golang from 20f9ab5 to deebfda in /integration/cloudbuild/testbase by @​dependabot in google/trillian#3178
• Bump golang from 20f9ab5 to deebfda in /examples/deployment/docker/db_client by @​dependabot in google/trillian#3179
• Bump golang from 20f9ab5 to deebfda in /examples/deployment/docker/log_server by @​dependabot in google/trillian#3180
• Bump golang from 20f9ab5 to deebfda in /examples/deployment/docker/log_signer by @​dependabot in google/trillian#3181
• Bump golang from deebfda to 5bafbbb in /examples/deployment/docker/log_signer by @​dependabot in google/trillian#3184
• Bump golang from deebfda to 5bafbbb in /integration/cloudbuild/testbase by @​dependabot in google/trillian#3186
• Bump golang from deebfda to 5bafbbb in /examples/deployment/docker/log_server by @​dependabot in google/trillian#3185
• Bump golang from deebfda to 5bafbbb in /examples/deployment/docker/db_client by @​dependabot in google/trillian#3187
• Bump golang.org/x/sys from 0.13.0 to 0.14.0 by @​dependabot in google/trillian#3191
• Bump golang.org/x/sync from 0.4.0 to 0.5.0 by @​dependabot in google/trillian#3190
• Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /examples/deployment/docker/log_server by @​dependabot in google/trillian#3195
• Bump MariaDB image from 10.3 to 11.1 in Cloud Build by @​roger2hk in google/trillian#3189
• Bump google.golang.org/api from 0.149.0 to 0.150.0 by @​dependabot in google/trillian#3193
• Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /integration/cloudbuild/testbase by @​dependabot in google/trillian#3192
• Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /examples/deployment/docker/log_signer by @​dependabot in google/trillian#3194
• Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /examples/deployment/docker/db_client by @​dependabot in google/trillian#3196
• Bump golang from 932f877 to 85aacbe in /integration/cloudbuild/testbase by @​dependabot in google/trillian#3197
• Bump golang from f559da8 to 85aacbe in /examples/deployment/docker/log_server by @​dependabot in google/trillian#3198
• Bump golang.org/x/tools from 0.14.0 to 0.15.0 by @​dependabot in google/trillian#3204
• Bump golang from f559da8 to 85aacbe in /examples/deployment/docker/log_signer by @​dependabot in google/trillian#3199

... (truncated)

Changelog

Sourced from github.com/google/trillian's changelog.

v1.6.0 (Jan 2024)

MySQL: Changes to Subtree Revisions

Support for skipping subtree revisions to increase read performance and reduce disk usage: added in #3201

TL;DR: existing trees will continue to be stored and queried as they were before, but new trees created with the MySQL storage layer will be stored and queried in a way that uses less space and allows for simpler and faster queries. No schema changes are required by log operators.

The Trillian MySQL implementation stores the internal state of the log as Subtrees in the database. These are essentially tiles as described by tlog: Tiling a log. Trees created with previous versions of Trillian stored a different revision of each Subtree when the tree was updated. This is somewhat redundant for append-only logs because an earlier version of a Subtree can always be derived from a later one by simply removing entries from the right of the Subtree. PR #3201 removes this Subtree revision history, and updates Subtrees in place when they are updated.

Measurements from @​n-canter show that revisionless storage saves around 75% storage costs for the Subtree table, and queries over this table are more than 15% faster.

The same schema is used for both revisioned and unrevisioned subtrees. The difference is that we always write a revision of 0 in the unrevisioned case, which still means that there will only be a single entry per subtree.

Support is maintained for the old way of revisioning Subtrees in order to avoid breaking changes to existing trees. There is no simple code change that would safely allow a previously revisioned tree to start becoming a revisionless tree. This new revisionless Subtree feature is only available for trees created with new versions of Trillian.

Users with legacy revisioned trees that wish to take advantage of smaller storage costs and faster queries of the new revisionless storage should come speak to us on transparency-dev Slack. The safest option we have available is to use migrillian to create a new copy of trees, but this will be quite a manual process and will only work for CT logs. Other migration options are conceivable and we're eager to work with the community to develop and test tools for upgrading trees in place.

Notable Changes

• CI now runs with MySQL 8.2 instead of MySQL 5.7
• Bump golangci-lint from 1.51.1 to 1.55.1 (developers should update to this version)

All Changes (ignoring dependabot)

• Strip unused docker image manipulation from cloudbuild by @​mhutchinson in google/trillian#3278
• Switch from using unmaintained Google Cloud mysql db image to dockerhub official image by @​patflynn in google/trillian#3272
• Disable the OS package patches to bypass the mysql8 gpg key rotation issue by @​roger2hk in google/trillian#3270
• Disable race condition checking for beam code by @​mhutchinson in google/trillian#3249
• Make uninitializedBegin test accurately test its intention by @​mhutchinson in google/trillian#3244

... (truncated)

Commits

• aa8c9dc Changelog for v1.6.0 release (#3285)
• 416f1b7 Bump cloud.google.com/go/spanner from 1.54.0 to 1.55.0 (#3284)
• 0bef27d Bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#3267)
• 0b9d726 Bump mysql from 8.0 to 8.2 in /examples/deployment/docker/db_server (#3279)
• a18bfa3 Bump google-auth-library from 9.4.1 to 9.4.2 in /scripts/gcb2slack (#3280)
• cc36ccd Bump k8s.io/klog/v2 from 2.110.1 to 2.120.0 (#3282)
• de9ed6f Bump golang.org/x/sync from 0.5.0 to 0.6.0 (#3283)
• 3fa7309 Strip unused docker image manipulation from cloudbuild (#3278)
• 00cc0b0 Switch from using unmaintained Google Cloud mysql db image to dockerhub offic...
• 00ca9ab Bump distroless/base-debian12 in /examples/deployment/docker/log_signer (#3258)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)