Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-v1.16][gomod]: Bump the minor group across 1 directory with 10 updates #1204

Open
wants to merge 2 commits into
base: release-v1.16
Choose a base branch
from
Open

[release-v1.16][gomod]: Bump the minor group across 1 directory with 10 updates #1204

wants to merge 2 commits into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 17, 2025
edited
Loading

Bumps the minor group with 5 updates in the / directory:

Package From To
github.com/cert-manager/cert-manager 1.13.3 1.17.1
github.com/google/go-containerregistry 0.13.0 0.20.3
github.com/influxdata/influxdb-client-go/v2 2.9.0 2.14.0
go.uber.org/atomic 1.10.0 1.11.0
golang.org/x/sync 0.10.0 0.11.0

Updates github.com/cert-manager/cert-manager from 1.13.3 to 1.17.1

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.17.1

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This release is primarily intended to address a breaking change in Cloudflare's API which impacted ACME DNS-01 challenges using Cloudflare.

Many thanks to the community members who reported this issue!

Changes by Kind

Bug or Regression

v1.17.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.17.0 is a feature release with several improvements, including:

  • A helpful compliance change to RSA signatures on certificates
  • An easier way to specify passwords for PKCS#12 and JKS keystores
  • A few feature flag promotions (and a deprecation)
  • Dependency bumps and other smaller improvements

Major Themes

RSA Certificate Compliance

The United States Department of Defense published a memo in 2022 which introduced some requirements on the kinds of cryptography they require to be supported in software they use.

In effect, the memo requires that software be able to support larger RSA keys (3072-bit and 4096-bit) and hashing algorithms (SHA-384 at a minimum).

cert-manager supported large RSA keys long before the memo was published, but a quirk in implementation meant that cert-manager always used SHA-256 when signing with RSA.

In v1.17.0, cert-manager will choose a hash algorithm based on the RSA key length: 3072-bit keys will use SHA-384, and 4096-bit keys will use SHA-512. This matches similar behavior already present for ECDSA signatures.

Our expectation is that this change will have minimal impact beyond a slight increase to security and better compliance; we're not aware of Kubernetes based environments which support RSA 2048 with SHA-256 but fail with RSA 4096 and SHA-512. However, if you're using larger RSA keys, you should be aware of the change.

Easier Keystore Passwords for PKCS#12 and JKS

Specifying passwords on PKCS#12 and JKS keystores is supported in cert-manager for compatibility reasons with software which expects or requires passwords to be set; however, these passwords are not relevant to security and never have been in cert-manager.

The initial implementation of the keystores feature required these "passwords" to be stored in a Kubernetes secret, which would then be read by cert-manager when creating the keystore after a certificate was issued. This is cumbersome, especially when many passwords are set to default values such as changeit or password.

In cert-manager v1.17, it's now possible to set a keystore password using a literal string value inside the Certificate resource itself, making this process much easier with no change to security.

For example:

</tr></table>

... (truncated)

Commits
  • c658224 Merge pull request #7565 from cert-manager-bot/cherry-pick-7549-to-release-1.17
  • 47828f2 Add comment explaining change
  • 2121860 chore(issuer/cloudflare): ensure we set ZoneID
  • bec3f95 Merge pull request #7563 from SgtCoDFish/release-1.17-bumpgo
  • a79a663 [release-1.17] disable klone generation step (see #7431)
  • 69a514e [release-1.17] bump go to v1.23.6
  • 4562b9a Merge pull request #6657 from rquinio1A/feature/keystore-password-litteral
  • c6f3f0c Merge pull request #7527 from SgtCoDFish/upgrade-test-tweaks
  • 40cd2a0 Add support for setting literal keystore passwords in Certificates
  • 1747743 Merge pull request #7530 from SgtCoDFish/dns-test-integration
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.13.0 to 0.20.3

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.3

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.20.2...v0.20.3

v0.20.2

What's Changed

Full Changelog: google/go-containerregistry@v0.20.1...v0.20.2

v0.20.1

What's Changed

Full Changelog: google/go-containerregistry@v0.20.0...v0.20.1

v0.20.0

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.19.2...v0.20.0

v0.19.2

What's Changed

... (truncated)

Commits

Updates github.com/influxdata/influxdb-client-go/v2 from 2.9.0 to 2.14.0

Release notes

Sourced from github.com/influxdata/influxdb-client-go/v2's releases.

2.14.0

Features

  • #404 Expose HTTP response headers in the Error type to aid analysis and debugging of error results. Add selected response headers to the error log.

Also, unified errors returned by WriteAPI, which now always returns http.Error

Fixes

  • #403 Custom checks de/serialization to allow calling server Check API

2.13.0

Features

  • #394 Add DataToPoint utility to convert a struct to a write.Point

Dependencies

  • #393 Replace deprecated io/ioutil
  • #392 Upgrade deepmap/oapi-codegen to new major version

v2.12.4

2.12.4 [2023-11-03]

Bug fixes

  • #386 Remove deprecated pkg/errors
  • #387 Upgrade deepmap/oapi-codegen

v2.12.3

2.12.3 [2023-03-29]

Bug fixes

  • Update golang.org/x/net from 0.0.0-20210119194325-5f4716e94777 to 0.7.0

v2.12.2

2.12.2 [2023-01-26]

Bug fixes

  • #368 Allowing proxy from environment variable

v2.12.1

2.12.1 [2022-12-01]

Bug fixes

  • #363 Generated server stubs return also error message from InfluxDB 1.x forward compatible API.
  • #364 Fixed panic when retrying over a long period without a server connection.

Documentation

  • #366 Readme improvements:

... (truncated)

Changelog

Sourced from github.com/influxdata/influxdb-client-go/v2's changelog.

2.14.0 [2024-08-12]

Features

  • #404 Expose HTTP response headers in the Error type to aid analysis and debugging of error results. Add selected response headers to the error log.

Also, unified errors returned by WriteAPI, which now always returns http.Error

Fixes

  • #403 Custom checks de/serialization to allow calling server Check API

2.13.0 [2023-12-05]

Features

  • #394 Add DataToPoint utility to convert a struct to a write.Point

Dependencies

  • #393 Replace deprecated io/ioutil
  • #392 Upgrade deepmap/oapi-codegen to new major version

2.12.4 [2023-11-03]

Bug fixes

  • #386 Remove deprecated pkg/errors
  • #387 Upgrade deepmap/oapi-codegen

2.12.3 [2023-03-29]

Bug fixes

  • Update golang.org/x/net from 0.0.0-20210119194325-5f4716e94777 to 0.7.0

2.12.2 [2023-01-26]

Bug fixes

  • #368 Allowing proxy from environment variable

2.12.1 [2022-12-01]

Bug fixes

  • #363 Generated server stubs return also error message from InfluxDB 1.x forward compatible API.
  • #364 Fixed panic when retrying over a long period without a server connection.

Documentation

... (truncated)

Commits
  • 3a279a8 chore(release): release version 2.14.0 [skip ci]
  • 017c8c8 Merge pull request #404 from influxdata/feat/httpErrorHeaders
  • 5858f61 docs: update CHANGELOG.md
  • 40eaebb test: use t.Run for data driven test, exec goimports
  • 584c614 chore: refactor - rm write/Error, exec goimports, simplify return from Servic...
  • 580d1ea docs: update ExampleWriteAPI_errors
  • 767aeb8 Merge branch 'feat/httpErrorHeaders' of github.com:influxdata/influxdb-client...
  • 20a74f5 chore: remove case used in investigating http.Error and add test of http.Erro...
  • 5e83bf6 Merge branch 'master' into feat/httpErrorHeaders
  • af74d7a feat: create write/Error wrapper to better handle http/Error with Headers.
  • Additional commits viewable in compare view

Updates go.uber.org/atomic from 1.10.0 to 1.11.0

Release notes

Sourced from go.uber.org/atomic's releases.

v1.11.0

Fixed

  • Fix Swap and CompareAndSwap for Value wrappers without initialization.

Added

  • Add String method to atomic.Pointer[T] type allowing users to safely print underlying values of pointers.
Changelog

Sourced from go.uber.org/atomic's changelog.

1.11.0 - 2023-05-02

Fixed

  • Fix Swap and CompareAndSwap for Value wrappers without initialization.

Added

  • Add String method to atomic.Pointer[T] type allowing users to safely print underlying values of pointers.
Commits

Updates golang.org/x/net from 0.30.0 to 0.34.0

Commits
  • 8da7ed1 go.mod: update golang.org/x dependencies
  • 2124140 all: make function and struct comments match the names
  • e9d95ba http2: do not surface errors from a conn's idle timer expiring
  • c2be992 quic: remember which remote connection IDs have been retired
  • dfc720d go.mod: update golang.org/x dependencies
  • 8e66b04 html: use strings.EqualFold instead of lowering ourselves
  • b935f7b html: avoid endless loop on error token
  • 9af49ef route: remove unused sizeof* consts
  • 6705db9 quic: clean up crypto streams when dropping packet protection keys
  • 4ef7588 quic: handle ACK frame in packet which drops number space
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.10.0 to 0.11.0

Commits
  • fe3591b sync/errgroup: improve documentation for semaphore limit behavior
  • See full diff in compare view

Updates golang.org/x/sys from 0.28.0 to 0.29.0

Commits
  • d4ac05d windows: update NewLazyDLL, LoadDLL docs to point to NewLazySystemDLL
  • 680bd24 windows: remove unused errString type
  • a7f19e9 unix: add Dup3 on dragonfly
  • See full diff in compare view

Updates golang.org/x/time from 0.6.0 to 0.8.0

Commits

Updates google.golang.org/api from 0.183.0 to 0.198.0

Release notes

Sourced from google.golang.org/api's releases.

v0.198.0

0.198.0 (2024-09-19)

Features

v0.197.0

0.197.0 (2024-09-10)

Features

Bug Fixes

  • transport: Set UniverseDomain in http.NewClient for new auth (#2773) (140d0a5)

v0.196.0

0.196.0 (2024-09-03)

Features

v0.195.0

0.195.0 (2024-08-28)

Features

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.198.0 (2024-09-19)

Features

0.197.0 (2024-09-10)

Features

Bug Fixes

  • transport: Set UniverseDomain in http.NewClient for new auth (#2773) (140d0a5)

0.196.0 (2024-09-03)

Features

0.195.0 (2024-08-28)

Features

... (truncated)

Commits

Updates google.golang.org/grpc from 1.67.1 to 1.69.2

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.69.2

Bug Fixes

  • stats/experimental: add type aliases for symbols (Metrics/etc) that were moved to the stats package (#7929).
  • client: set user-agent string to the correct version.

Release 1.69.0

Known Issues

  • The recently added grpc.NewClient function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. A fix is expected to be a part of grpc-go v1.70. (#7556)

New Features

  • stats/opentelemetry: Introduce new APIs to enable OpenTelemetry instrumentation for metrics on servers and clients (#7874)
  • xdsclient: add support to fallback to lower priority servers when higher priority ones are down (#7701)
  • dns: Add support for link local IPv6 addresses (#7889)
  • The new experimental pickfirst LB policy (disabled by default) supports Happy Eyeballs, interleaving IPv4 and IPv6 address as described in RFC-8305 section 4, to attempt connections to multiple backends concurrently. The experimental pickfirst policy can be enabled by setting the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST to true. (#7725, #7742)
  • balancer/pickfirst: Emit metrics from the pick_first load balancing policy (#7839)
  • grpc: export MethodHandler, which is the type of an already-exported field in MethodDesc (#7796)

Bug Fixes

  • credentials/google: set scope for application default credentials (#7887)
  • xds: fix edge-case issues where some clients or servers would not initialize correctly or would not receive errors when resources are invalid or unavailable if another channel or server with the same target was already in use . (#7851, #7853)
  • examples: fix the debugging example, which was broken by a recent change (#7833)

Behavior Changes

  • client: update retry attempt backoff to apply jitter per updates to gRFC A6. (#7869)
  • balancer/weightedroundrobin: use the pick_first LB policy to manage connections (#7826)

API Changes

  • balancer: An internal method is added to the balancer.SubConn interface to force implementors to embed a delegate implementation. This requirement is present in the interface documentation, but wasn't enforced earlier. (#7840)

Performance Improvements

  • mem: implement a ReadAll() method for more efficient io.Reader consumption (#7653)
  • mem: use slice capacity instead of length to determine whether to pool buffers or directly allocate them (#7702)

Documentation

  • examples/csm_observability: Add xDS Credentials and switch server to be xDS enabled (#7875)

Release 1.68.2

Dependencies

... (truncated)

Commits
  • b615b35 Change version to 1.69.2 (#7947)
  • 6b36a3e experimental/stats: re-add type aliases for migration (#7929) (#7941)
  • 4535c6d Change version to 1.69.2-dev (#7928)
  • b6e7c72 examples/features/csm_observability: Make CSM Observability example server li...
  • 9355fbc Change version to 1.69.1 (#7927)
  • 927a1e1 Change version to 1.69.1-dev (#7902)
  • 97d633a Change version to 1.69.0 (#7901)
  • 317271b pickfirst: Register a health listener when used as a leaf policy (#7832)
  • 5565631 balancer/pickfirst: replace grpc.Dial with grpc.NewClient in tests (#7879)
  • 634497b test: Split import paths for generated message and service code (#7891)
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
[release-v1.16][gomod]: Bump the minor group across 1 directory with …
0b96cc4 
…10 updates

Bumps the minor group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) | `1.13.3` | `1.17.1` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.13.0` | `0.20.3` |
| [github.com/influxdata/influxdb-client-go/v2](https://github.com/influxdata/influxdb-client-go) | `2.9.0` | `2.14.0` |
| [go.uber.org/atomic](https://github.com/uber-go/atomic) | `1.10.0` | `1.11.0` |
| [golang.org/x/sync](https://github.com/golang/sync) | `0.10.0` | `0.11.0` |



Updates `github.com/cert-manager/cert-manager` from 1.13.3 to 1.17.1
- [Release notes](https://github.com/cert-manager/cert-manager/releases)
- [Changelog](https://github.com/cert-manager/cert-manager/blob/master/RELEASE.md)
- [Commits](cert-manager/cert-manager@v1.13.3...v1.17.1)

Updates `github.com/google/go-containerregistry` from 0.13.0 to 0.20.3
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](google/go-containerregistry@v0.13.0...v0.20.3)

Updates `github.com/influxdata/influxdb-client-go/v2` from 2.9.0 to 2.14.0
- [Release notes](https://github.com/influxdata/influxdb-client-go/releases)
- [Changelog](https://github.com/influxdata/influxdb-client-go/blob/master/CHANGELOG.md)
- [Commits](influxdata/influxdb-client-go@v2.9.0...v2.14.0)

Updates `go.uber.org/atomic` from 1.10.0 to 1.11.0
- [Release notes](https://github.com/uber-go/atomic/releases)
- [Changelog](https://github.com/uber-go/atomic/blob/master/CHANGELOG.md)
- [Commits](uber-go/atomic@v1.10.0...v1.11.0)

Updates `golang.org/x/net` from 0.30.0 to 0.34.0
- [Commits](golang/net@v0.30.0...v0.34.0)

Updates `golang.org/x/sync` from 0.10.0 to 0.11.0
- [Commits](golang/sync@v0.10.0...v0.11.0)

Updates `golang.org/x/sys` from 0.28.0 to 0.29.0
- [Commits](golang/sys@v0.28.0...v0.29.0)

Updates `golang.org/x/time` from 0.6.0 to 0.8.0
- [Commits](golang/time@v0.6.0...v0.8.0)

Updates `google.golang.org/api` from 0.183.0 to 0.198.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.183.0...v0.198.0)

Updates `google.golang.org/grpc` from 1.67.1 to 1.69.2
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.67.1...v1.69.2)

---
updated-dependencies:
- dependency-name: github.com/cert-manager/cert-manager
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: github.com/influxdata/influxdb-client-go/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: go.uber.org/atomic
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: golang.org/x/time
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 17, 2025
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 17, 2025

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci openshift-ci bot requested review from mvinkler and rhuss February 17, 2025 01:26
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Feb 17, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign skonto for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@dsimansk
Copy link

dsimansk commented Mar 4, 2025

/ok-to-test

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Mar 12, 2025

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/417-images d233eab link true /test 417-images
ci/prow/417-test-e2e d233eab link true /test 417-test-e2e
ci/prow/417-test-e2e-tls d233eab link true /test 417-test-e2e-tls

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mvinkler mvinkler Awaiting requested review from mvinkler

@rhuss rhuss Awaiting requested review from rhuss

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file ok-to-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dsimansk