Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update all gomod dependencies #60

Merged
merged 1 commit into from
Jan 12, 2025
Merged

Update all gomod dependencies #60

merged 1 commit into from
Jan 12, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 16, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
github.com/cert-manager/cert-manager v1.16.1 -> v1.16.2 age adoption passing confidence require patch
github.com/external-secrets/external-secrets v0.10.5 -> v0.12.1 age adoption passing confidence require minor
github.com/go-co-op/gocron/v2 v2.12.1 -> v2.14.2 age adoption passing confidence require minor
github.com/goccy/go-yaml v1.12.0 -> v1.15.13 age adoption passing confidence require minor
github.com/minio/minio-go/v7 v7.0.79 -> v7.0.83 age adoption passing confidence require patch
github.com/prometheus/client_golang v1.20.3 -> v1.20.5 age adoption passing confidence require patch
github.com/traefik/traefik/v3 v3.1.6 -> v3.3.1 age adoption passing confidence require minor
go (source) 1.23.2 -> 1.23.4 age adoption passing confidence toolchain patch
go.universe.tf/metallb v0.14.8 -> v0.14.9 age adoption passing confidence require patch
golang.org/x/exp f66d83c -> 7588d65 age adoption passing confidence require digest
k8s.io/api v0.31.2 -> v0.32.0 age adoption passing confidence require minor
k8s.io/apiextensions-apiserver v0.31.2 -> v0.32.0 age adoption passing confidence require minor
k8s.io/apimachinery v0.31.2 -> v0.32.0 age adoption passing confidence require minor
k8s.io/client-go v0.31.2 -> v0.32.0 age adoption passing confidence require minor
k8s.io/utils 49e7df5 -> 24370be age adoption passing confidence require digest

Release Notes

cert-manager/cert-manager (github.com/cert-manager/cert-manager)

v1.16.2

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This patch release of cert-manager 1.16 makes several changes to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data which is being parsed.

This is to prevent an unacceptable slow-down in parsing specially crafted PEM data. The issue was found by Google's OSS-Fuzz project.

The issue is low severity; to exploit the PEM issue would require privileged access which would likely allow Denial-of-Service through other methods.

Note also that since most PEM data parsed by cert-manager comes from ConfigMap or Secret resources which have a max size limit of approximately 1MB, it's difficult to force cert-manager to parse large amounts of PEM data.

Further information is available in GHSA-r4pg-vg54-wxx4

In addition, the version of Go used to build cert-manager 1.16 was updated along with the base images.

Changes by Kind

Bug or Regression
  • Set a maximum size for PEM inputs which cert-manager will accept to remove possibility of taking a long time to process an input (#​7401, @​SgtCoDFish)
Other (Cleanup or Flake)
external-secrets/external-secrets (github.com/external-secrets/external-secrets)

v0.12.1

Compare Source

RELEASE VERSION

My apologies, when creating the release, 0.12.0 failed. The branch and tag however, have been created and I was unable to delete them. Thus, the version has been increased to 0.12.1 after the fix and now that's the current version. I hand updated the release notes to include everyone into the changes.

BREAKING CHANGES

The following breaking changes have been introduced into this release:

  • Permission update for AWS provider adding BulkFetch when getting multiple secrets ( significant API reduce but comes with adding a permission for bulk endpoint )
  • fixed a typo for a generator in the json tag where before it was ecrRAuthorizationTokenSpec with an extra R
  • We standardized the GCP Secrets Manager Metadata structure for PushSecrets ( be aware that existing manifests will stop working until updated to the standardized version ) for more info see https://github.com/external-secrets/external-secrets/pull/4210

Images

Image: ghcr.io/external-secrets/external-secrets:v0.12.1
Image: ghcr.io/external-secrets/external-secrets:v0.12.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.12.1-ubi-boringssl

What's Changed

Full Changelog: external-secrets/external-secrets@v0.11.0...v0.12.1

v0.12.0

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.12.0
Image: ghcr.io/external-secrets/external-secrets:v0.12.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.12.0-ubi-boringssl

v0.11.0

Compare Source

Deprecation of OLM Releases

As of 0.11.0 is the last release available for OLM until further notice. Depending on the way this goes, we might still have OLM support (ideally with a properly built operator for that), but for sure in a different support scheme as to not overload maintainers anymore.
Also a valid note - you can still use 0.11.0 OLM release and the newest ESO images, you just need to set image.tag appropriately in your setup.

Kubernetes API load and significant decrease

A new way of reconciling external secrets has been added with pull request #​4086.

This significantly reduces the number of API calls that we make to the kubernetes API server.

  1. Memory usage might increase if you are not already using --enable-secrets-caching
    1. If you are using --enable-secrets-caching and want to decrease memory usage at the expense of slightly higher API usage, you can disable it and only enable --enable-managed-secrets-caching (which is the new default)
  2. In ALL cases (even when CreationPolicy is Merge), if a data key in the target Secret was created by the ExternalSecret, and it no longer exists in the template (or data/dataFrom), it will be removed from the target secret:
    1. This might cause some peoples secrets to be "cleaned of data keys" when updating to 0.11.
    2. Previously, the behaviour was undefined, and confusing because it was sort of broken when the template feature was added.
    3. The one exception is that ALL the data suddenly becomes empty and the DeletionPolicy is retain, in which case we will not even report and error, just change the SecretSynced message to explain that the secret was retained.
  3. When CreationPolicy is Owner, we now will NEVER retain any keys and fully calculate the "desired state" of the target secret each loop:
    1. This means that some peoples secrets might have keys removed when updating to 0.11.

Generators and ClusterGenerator

We added ClusterGenerators and Generator caching as well. This might create some problems in the way generators are defined now.

CRD Admission Restrictions

All of the CRDs now have proper kubebuilder markers for validation. This might surprise someone leaving out some data that was essentially actually required or expected in a certain format. This is now validated in #​4104.

Images

Image: ghcr.io/external-secrets/external-secrets:v0.11.0
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.11.0-ubi-boringssl

What's Changed

New Contributors

Full Changelog: external-secrets/external-secrets@v0.10.7...v0.11.0

v0.10.7

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.7
Image: ghcr.io/external-secrets/external-secrets:v0.10.7-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.7-ubi-boringssl

What's Changed

New Contributors

Full Changelog: external-secrets/external-secrets@v0.10.6...v0.10.7

v0.10.6

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.10.6
Image: ghcr.io/external-secrets/external-secrets:v0.10.6-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.10.6-ubi-boringssl

What's Changed

New Contributors

Full Changelog: external-secrets/external-secrets@v0.10.5...v0.10.6

go-co-op/gocron (github.com/go-co-op/gocron/v2)

v2.14.2

Compare Source

What's Changed

New Contributors

Full Changelog: go-co-op/gocron@v2.14.1...v2.14.2

v2.14.1

Compare Source

What's Changed

Full Changelog: go-co-op/gocron@v2.14.0...v2.14.1

v2.14.0

Compare Source

What's Changed

  • parse time.Time from AtTime by @​JohnRoesler in [https://github.com/go-co-o

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/all-gomod branch from f2e65c2 to e73cb5a Compare September 16, 2024 23:00
@renovate renovate bot changed the title Update module github.com/traefik/traefik/v3 to v3.1.3 Update all gomod dependencies Sep 16, 2024
@renovate renovate bot force-pushed the renovate/all-gomod branch 4 times, most recently from f464438 to 4c03d03 Compare September 21, 2024 04:54
@renovate renovate bot force-pushed the renovate/all-gomod branch 2 times, most recently from ac731f6 to 731c8d0 Compare September 25, 2024 14:05
@renovate renovate bot force-pushed the renovate/all-gomod branch 4 times, most recently from 95a80ec to bcde470 Compare October 9, 2024 14:05
@renovate renovate bot force-pushed the renovate/all-gomod branch 4 times, most recently from d174d38 to 845b60f Compare October 15, 2024 13:38
@renovate renovate bot force-pushed the renovate/all-gomod branch 4 times, most recently from 55ba946 to 18cc8fd Compare October 25, 2024 09:52
@renovate renovate bot changed the title Update all gomod dependencies Update module github.com/prometheus/client_golang to v1.20.5 Oct 26, 2024
@renovate renovate bot force-pushed the renovate/all-gomod branch 2 times, most recently from ef3f231 to 7ff330c Compare October 28, 2024 14:23
@renovate renovate bot changed the title Update module github.com/prometheus/client_golang to v1.20.5 Update all gomod dependencies Oct 28, 2024
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Oct 28, 2024
edited
Loading

ℹ Artifact update notice

File name: go-k8s-sidecar/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 13 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.22.2 -> 1.23.4
github.com/go-openapi/jsonpointer v0.19.6 -> v0.21.0
github.com/go-openapi/swag v0.22.4 -> v0.23.0
golang.org/x/net v0.26.0 -> v0.30.0
golang.org/x/oauth2 v0.21.0 -> v0.23.0
golang.org/x/sys v0.21.0 -> v0.26.0
golang.org/x/term v0.21.0 -> v0.25.0
golang.org/x/text v0.16.0 -> v0.19.0
golang.org/x/time v0.3.0 -> v0.7.0
google.golang.org/protobuf v1.34.2 -> v1.35.1
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 -> v0.0.0-20241105132330-32ad38e42d3f
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 -> v0.0.0-20241104100929-3ea5e8cea738
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd -> v0.0.0-20241010143419-9aa6b5e7a4b3
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 -> v4.4.2
File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 13 additional dependencies were updated

Details:

Package Change
github.com/go-acme/lego/v4 v4.18.0 -> v4.21.0
github.com/google/gnostic-models v0.6.8 -> v0.6.9
github.com/http-wasm/http-wasm-host-go v0.7.0 -> v0.7.0
github.com/klauspost/compress v1.17.11-0.20241004063537-dbd6c381492a -> v1.17.11
github.com/mailru/easyjson v0.7.7 -> v0.9.0
github.com/prometheus/client_golang v1.20.4 -> v1.20.5
github.com/prometheus/common v0.60.0 -> v0.61.0
k8s.io/client-go v0.31.2 -> v0.32.0
k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 -> v0.0.0-20241212222426-2c72e554b1e7
sigs.k8s.io/controller-runtime v0.19.0 -> v0.19.3
sigs.k8s.io/gateway-api v1.1.0 -> v1.2.1
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd -> v0.0.0-20241014173422-cfa47c3a1cc8
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 -> v4.5.0
File name: pg-backuper/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 6 additional dependencies were updated

Details:

Package Change
github.com/goccy/go-json v0.10.3 -> v0.10.4
github.com/klauspost/cpuid/v2 v2.2.8 -> v2.2.9
golang.org/x/crypto v0.28.0 -> v0.31.0
golang.org/x/net v0.30.0 -> v0.33.0
golang.org/x/sys v0.26.0 -> v0.28.0
golang.org/x/text v0.19.0 -> v0.21.0

@renovate renovate bot force-pushed the renovate/all-gomod branch 5 times, most recently from 305f5e3 to 08490e2 Compare October 31, 2024 22:41
@renovate renovate bot force-pushed the renovate/all-gomod branch 14 times, most recently from 2b72640 to 5820811 Compare December 18, 2024 02:33
@renovate renovate bot force-pushed the renovate/all-gomod branch 6 times, most recently from 9e50171 to 5762f36 Compare December 23, 2024 20:03
@renovate renovate bot force-pushed the renovate/all-gomod branch 6 times, most recently from 7aa9ddb to d050e85 Compare January 10, 2025 14:02
@renovate renovate bot force-pushed the renovate/all-gomod branch from d050e85 to 4ed73cc Compare January 10, 2025 17:49
@blesswinsamuel blesswinsamuel merged commit a5f2940 into main Jan 12, 2025
2 checks passed
@blesswinsamuel blesswinsamuel deleted the renovate/all-gomod branch January 12, 2025 19:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@blesswinsamuel