chore(deps): update all non-major dependencies #303
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.13.2
->v1.13.3
v1.23.1
->v1.24.0
v1.25.5
->v1.26.2
v1.16.4
->v1.16.13
v1.24.3
->v1.25.5
v1.27.3
->v1.28.6
v1.22.3
->v1.23.7
v1.25.4
->v1.26.6
v1.13.2
->v1.13.3
v1.3.0
->v1.4.1
1.21.4
->1.21.5
v0.28.4
->v0.29.0
v0.28.4
->v0.29.0
v0.28.4
->v0.29.0
cf03d44
->b307cd5
Release Notes
cert-manager/cert-manager (cert-manager/cert-manager)
v1.13.3
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This patch release contains fixes for the following security vulnerabilities in the cert-manager-controller:
GO-2023-2334
: Decryption of malicious PBES2 JWE objects can consume unbounded system resources.If you use ArtifactHub Security report or trivy, this patch will also silence the following warning about a vulnerability in code which is imported but not used by the cert-manager-controller:
CVE-2023-47108
: DoS vulnerability inotelgrpc
due to unbound cardinality metrics.An ongoing security audit of cert-manager suggested some changes to the webhook code to mitigate DoS attacks, and these are included in this patch release.
Changes
Bug or Regression
>= 3MiB
. This is to mitigate DoS attacks that attempt to crash the webhook process by sending large requests that exceed the available memory. (#6507, @inteon)ReadHeaderTimeout
in allhttp.Server
instances. (#6538, @wallrj)otel
,docker
, andjose
to fix CVE alerts. See GHSA-8pgv-569h-w5rw, GHSA-jq35-85cj-fj4p, and GHSA-2c7c-3mj9-8fqh. (#6514, @inteon)Dependencies
Added
Nothing has changed.
Changed
cloud.google.com/go/firestore
:v1.11.0 → v1.12.0
cloud.google.com/go
:v0.110.6 → v0.110.7
github.com/felixge/httpsnoop
:v1.0.3 → v1.0.4
github.com/go-jose/go-jose/v3
:v3.0.0 → v3.0.1
github.com/go-logr/logr
:v1.2.4 → v1.3.0
github.com/golang/glog
:v1.1.0 → v1.1.2
github.com/google/go-cmp
:v0.5.9 → v0.6.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
:v0.45.0 → v0.46.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
:v0.44.0 → v0.46.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
:v1.19.0 → v1.20.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace
:v1.19.0 → v1.20.0
go.opentelemetry.io/otel/metric
:v1.19.0 → v1.20.0
go.opentelemetry.io/otel/sdk
:v1.19.0 → v1.20.0
go.opentelemetry.io/otel/trace
:v1.19.0 → v1.20.0
go.opentelemetry.io/otel
:v1.19.0 → v1.20.0
go.uber.org/goleak
:v1.2.1 → v1.3.0
golang.org/x/sys
:v0.13.0 → v0.14.0
google.golang.org/genproto/googleapis/api
:f966b18 → b8732ec
google.golang.org/genproto
:f966b18 → b8732ec
google.golang.org/grpc
:v1.58.3 → v1.59.0
Removed
Nothing has changed.
aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)
v1.24.0
Compare Source
v1.23.5
Compare Source
v1.23.4
Compare Source
v1.23.3
Compare Source
v1.23.2
Compare Source
go-logr/logr (github.com/go-logr/logr)
v1.4.1
Compare Source
What's Changed
Full Changelog: go-logr/logr@v1.4.0...v1.4.1
v1.4.0
Compare Source
This release dramatically improves interoperability with Go's
log/slog
package. In particular,logr.NewContext
andlogr.NewContextWithSlogLogger
use the same context key, which allowslogr.FromContext
andlogr.FromContextAsSlogLogger
to returnlogr.Logger
or*slog.Logger
respectively, including transparently converting each to the other as needed.Functions
logr/slogr.NewLogr
andlogr/slogr.ToSlogHandler
have been superceded bylogr.FromSlogHandler
andlogr.ToSlogHandler
respectively, and typelogr/slogr.SlogSink
has been superceded bylogr.SlogSink
. All of the old names inlogr/slogr
remain, for compatibility.Package
logr/funcr
now supportslogr.SlogSink
, meaning that it's output passes all but one of the Slog conformance tests (that exception being thatfuncr
handles the timestamp itself).Users who have a
logr.Logger
and need a*slog.Logger
can callslog.New(logr.ToSlogHandler(...))
and all output will go through the same stack.Users who have a
*slog.Logger
orslog.Handler
can calllogr.FromSlogHandler(...)
and all output will go through the same stack.What's Changed
New Contributors
Full Changelog: go-logr/logr@v1.3.0...v1.4.0
kubernetes/api (k8s.io/api)
v0.29.0
Compare Source
v0.28.5
Compare Source
kubernetes/apimachinery (k8s.io/apimachinery)
v0.29.0
Compare Source
v0.28.5
Compare Source
kubernetes/client-go (k8s.io/client-go)
v0.29.0
Compare Source
v0.28.5
Compare Source
Configuration
📅 Schedule: Branch creation - "after 9am on Wednesday,before 12pm on Wednesday" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.