Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the security group across 1 directory with 17 updates #1709

Merged
merged 3 commits into from
Dec 30, 2024
Merged

chore(deps): bump the security group across 1 directory with 17 updates #1709

merged 3 commits into from
Dec 30, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 23, 2024

Bumps the security group with 13 updates in the / directory:

Package From To
github.com/cilium/ebpf 0.16.0 0.17.1
github.com/containerd/cgroups/v3 3.0.4 3.0.5
github.com/jackc/pgx/v5 5.7.1 5.7.2
github.com/microsoft/go-mssqldb 1.7.2 1.8.0
go.opentelemetry.io/otel 1.32.0 1.33.0
go.opentelemetry.io/otel/sdk 1.32.0 1.33.0
k8s.io/api 0.31.3 0.32.0
k8s.io/apiextensions-apiserver 0.31.3 0.32.0
k8s.io/cli-runtime 0.31.3 0.32.0
golang.org/x/net 0.31.0 0.33.0
helm.sh/helm/v3 3.16.3 3.16.4
k8s.io/kubelet 0.31.3 0.32.0
k8s.io/metrics 0.31.3 0.32.0

Updates github.com/cilium/ebpf from 0.16.0 to 0.17.1

Release notes

Sourced from github.com/cilium/ebpf's releases.

Hotfix: don't retry endlessly on verifier errors on kernels <6.4

During the prior removal of ProgramOptions.LogSize in v0.16, the tests weren't updated to exercise the retry logic. With the last-minute addition of ProgramOptions.LogSizeStart, a bug was introduced that would cause program loads to retry indefinitely without ever growing the buffer in case of a verifier error on kernels before 6.4. This is now fixed, and the tests were updated to exercise the retry logic.

Global Variables, Decl Tags, and package pin

Note: the hotfix release 0.17.1 is out. Users are highly encouraged to upgrade.

As we close the door on the year 2024, we're also wrapping up the ebpf-go v0.17 development cycle. This release represents a large body of work and is our largest feature release since BTF.

Users are, as always, highly encouraged to upgrade, and we're looking forward to hearing your feedback on the new Global Variables API. We've been putting this interface trough its paces internally, along with a few eager community members, and we're ready to let the wider community make use of it.

This release also marks the end of our Go 1.21 support; Go 1.22 is required going forward.

Breaking Changes

Before we get to the fun stuff, we need to call out a few breaking changes:

  • Global variables with a static qualifier can no longer be rewritten using CollectionSpec.RewriteConstants()! See the section on global variables under major features below.

  • program: remove LogSize and VerifierError.Truncated by @​lmb in cilium/ebpf#1526

  • prog: add ProgramOptions.LogSizeStart to obtain full log after verifier bug by @​ti-mo in cilium/ebpf#1630

    The ProgramOptions.LogSize field was deprecated and a no-op since 0.16 and has now been removed completely. In its place, a new field was added to obtain full verifier logs when the verifier hits an internal bug. The ProgramOptions.LogSizeStart field controls the starting size of the log buffer. Use this if you have a good understanding of the log size you're expecting, or if you're trying to pull out the full log when the verifier hits an internal bug. The error string now also contains some hints about what happened and how to handle this situation.

  • map: remove MapSpec.Freeze field by @​ti-mo in cilium/ebpf#1558

  • elf_reader: don't use BPF_F_RDONLY_PROG flag to trigger map freezing by @​ti-mo in cilium/ebpf#1568

    The Freeze field was ambiguous from the start, and has been a source of subtle bugs over the years. Automatic map freezing is now done based solely on map name (.(ro)data prefix). If you were manually setting this flag, consider using a conventional map name instead.

  • info: expose ksym info and func info by ProgramInfo by @​Asphaltt in cilium/ebpf#1576

  • info: expose more prog jited info by @​Asphaltt in cilium/ebpf#1598

    Some ext_info types in package btf were redefined to enable pulling raw func and line infos out of Program.Info(). These were all types without methods and all unexported fields, but calling them out regardless in case someone's doing unintended advanced things with BTF.

  • kallsyms: change Modules caching strategy, cache address lookups by @​ti-mo in cilium/ebpf#1590

    Users attaching bpf programs to kernel symbols should see a marked decrease in allocations made in the library during program creation in the general case. Only used entries are now cached, making kallsyms lookups on subsequent program loads free. In the pathological case (new kernel symbols on every load), scanning is repeated, resulting in more CPU time being used instead of holding on to all kallsyms symbols indefinitely. ProgramSpec.KernelModule() was unexported until further notice.

    Also, bpf2go users should now be able to generate Go bindings as unprivileged users once again. Oops!

Major Features

Easy global variables: introducing ebpf.VariableSpec and ebpf.Variable

This has been a frequent ask in the community for years, so we finally bit the bullet and committed to an API to interact with global bpf variables through CollectionSpec.Variables and CollectionSpec.Variables. We've published a small guide over on ebpf-go.dev/concepts/global-variables that details how to use them, so we're not going to reiterate here.

... (truncated)

Commits
  • e439d37 prog: fix shadowing log size variable in verifier log retry loop
  • 228bb4e examples: tcx: use Variable API
  • 580ff21 bpf2go: generate Go types used in global variables
  • 1e8f079 bpf2go: generate assignment structs for Variables and VariableSpecs
  • c37b7af bpf2go: test: remove unused typesEqualComparer function
  • 97cfce5 map: automatically set CPUMap MaxEntries based on possible CPUs
  • e8b05c5 prog: add ProgramOptions.LogSizeStart to obtain full log after verifier bug
  • f283106 internal: add Between function for clamping a value between min and max
  • 6546014 README.md: add pin package to the overview
  • 60405bb examples: annotate ringbuf and perf event arrays with value type information
  • Additional commits viewable in compare view

Updates github.com/containerd/cgroups/v3 from 3.0.4 to 3.0.5

Release notes

Sourced from github.com/containerd/cgroups/v3's releases.

v3.0.5

What's Changed

New Contributors

Full Changelog: containerd/cgroups@v3.0.4...v3.0.5

Commits
  • bce3c7e Merge pull request #358 from thaJeztah/handle_domain_threaded
  • 2236eb0 cgroup2: Manager.Delete: handle both "threaded" and "domain threaded"
  • d4e976d Merge pull request #355 from akhilerm/return-error-from-inotify
  • 05bb490 add InotifyInit err to custom err message
  • See full diff in compare view

Updates github.com/jackc/pgx/v5 from 5.7.1 to 5.7.2

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.7.2 (December 21, 2024)

  • Fix prepared statement already exists on batch prepare failure
  • Add commit query to tx options (Lucas Hild)
  • Fix pgtype.Timestamp json unmarshal (Shean de Montigny-Desautels)
  • Add message body size limits in frontend and backend (zene)
  • Add xid8 type
  • Ensure planning encodes and scans cannot infinitely recurse
  • Implement pgtype.UUID.String() (Konstantin Grachev)
  • Switch from ExecParams to Exec in ValidateConnectTargetSessionAttrs functions (Alexander Rumyantsev)
  • Update golang.org/x/crypto
Commits
  • 24fbe35 Create changelog for v5.7.2
  • 3a1593b Merge pull request #2198 from alexandear/fix-nilness
  • 9d851d7 Fix integration benchmarks
  • dacffdc Merge pull request #2196 from alexandear/docs-improve-links
  • bc7c840 Merge pull request #2195 from LucasHild/master
  • 0436851 Handle errors in generate_certs
  • 2532927 Improve links in README
  • ad87d47 Merge pull request #2194 from alexandear/refactor/pgconn-tests
  • 7cf7bc6 Simplify pgconn tests by using T.TempDir
  • 3e6c719 Merge pull request #2189 from pankona/update-crypto
  • Additional commits viewable in compare view

Updates github.com/microsoft/go-mssqldb from 1.7.2 to 1.8.0

Release notes

Sourced from github.com/microsoft/go-mssqldb's releases.

v1.8.0

What's Changed

New Contributors

Full Changelog: microsoft/go-mssqldb@v1.7.2...v1.8.0

Commits
  • dad23d2 Feat: Add tracing data to prelogin and login7 packets (#228)
  • 2521238 Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#229)
  • 4b95a0f Fix error checks during certificatePath reading and parsing in azuread (#227)
  • 573423d Fix: Connection not closed when database name is incorrect #173 fix (#224)
  • 02deabf Support for UDT (hierarchyid, geometry and geography) (#216)
  • 9b84d9b Vulnerabilty dependency x/net (#203)
  • 2395b78 Migrate managed identity example to azidentity (#199)
  • See full diff in compare view

Updates go.opentelemetry.io/otel from 1.32.0 to 1.33.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.33.0/0.55.0/0.9.0/0.0.12] 2024-12-12

Added

  • Add Reset method to SpanRecorder in go.opentelemetry.io/otel/sdk/trace/tracetest. (#5994)
  • Add EnabledInstrument interface in go.opentelemetry.io/otel/sdk/metric/internal/x. This is an experimental interface that is implemented by synchronous instruments provided by go.opentelemetry.io/otel/sdk/metric. Users can use it to avoid performing computationally expensive operations when recording measurements. It does not fall within the scope of the OpenTelemetry Go versioning and stability policy and it may be changed in backwards incompatible ways or removed in feature releases. (#6016)

Changed

  • The default global API now supports full auto-instrumentation from the go.opentelemetry.io/auto package. See that package for more information. (#5920)
  • Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#5929)
  • Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#5929)
  • Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#5929)
  • Performance improvements for attribute value AsStringSlice, AsFloat64Slice, AsInt64Slice, AsBoolSlice. (#6011)
  • Change EnabledParameters to have a Severity field instead of a getter and setter in go.opentelemetry.io/otel/log. (#6009)

Fixed

  • Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#5954)
  • Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#5954)
  • Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#5954)
  • Fix invalid exemplar keys in go.opentelemetry.io/otel/exporters/prometheus. (#5995)
  • Fix attribute value truncation in go.opentelemetry.io/otel/sdk/trace. (#5997)
  • Fix attribute value truncation in go.opentelemetry.io/otel/sdk/log. (#6032)
Commits
  • 8c38f80 Release v1.33.0 (#6035)
  • aa95895 Fix sdk/log record attr value limit (#6032)
  • 58fdf2a Cache successful requests in lychee (#6030)
  • ac386f3 fix(deps): update golang.org/x/exp digest to 1829a12 (#6031)
  • dd83cac chore(deps): update googleapis to e6fa225 (#6028)
  • de4ff31 fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to ca80a...
  • 0598dae sdk/metric: Add experimental Enabled method to synchronous instruments (#6016)
  • 3bb224b chore(deps): update google.golang.org/genproto/googleapis/rpc digest to a4fef...
  • 13da554 chore(deps): update codecov/codecov-action action to v5.1.1 (#6026)
  • b4a91a2 chore(deps): update module go.opentelemetry.io/auto/sdk to v1.1.0 (#6025)
  • Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.32.0 to 1.33.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.33.0/0.55.0/0.9.0/0.0.12] 2024-12-12

Added

  • Add Reset method to SpanRecorder in go.opentelemetry.io/otel/sdk/trace/tracetest. (#5994)
  • Add EnabledInstrument interface in go.opentelemetry.io/otel/sdk/metric/internal/x. This is an experimental interface that is implemented by synchronous instruments provided by go.opentelemetry.io/otel/sdk/metric. Users can use it to avoid performing computationally expensive operations when recording measurements. It does not fall within the scope of the OpenTelemetry Go versioning and stability policy and it may be changed in backwards incompatible ways or removed in feature releases. (#6016)

Changed

  • The default global API now supports full auto-instrumentation from the go.opentelemetry.io/auto package. See that package for more information. (#5920)
  • Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#5929)
  • Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#5929)
  • Propagate non-retryable error messages to client in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#5929)
  • Performance improvements for attribute value AsStringSlice, AsFloat64Slice, AsInt64Slice, AsBoolSlice. (#6011)
  • Change EnabledParameters to have a Severity field instead of a getter and setter in go.opentelemetry.io/otel/log. (#6009)

Fixed

  • Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#5954)
  • Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#5954)
  • Fix inconsistent request body closing in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#5954)
  • Fix invalid exemplar keys in go.opentelemetry.io/otel/exporters/prometheus. (#5995)
  • Fix attribute value truncation in go.opentelemetry.io/otel/sdk/trace. (#5997)
  • Fix attribute value truncation in go.opentelemetry.io/otel/sdk/log. (#6032)
Commits
  • 8c38f80 Release v1.33.0 (#6035)
  • aa95895 Fix sdk/log record attr value limit (#6032)
  • 58fdf2a Cache successful requests in lychee (#6030)
  • ac386f3 fix(deps): update golang.org/x/exp digest to 1829a12 (#6031)
  • dd83cac chore(deps): update googleapis to e6fa225 (#6028)
  • de4ff31 fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to ca80a...
  • 0598dae sdk/metric: Add experimental Enabled method to synchronous instruments (#6016)
  • 3bb224b chore(deps): update google.golang.org/genproto/googleapis/rpc digest to a4fef...
  • 13da554 chore(deps): update codecov/codecov-action action to v5.1.1 (#6026)
  • b4a91a2 chore(deps): update module go.opentelemetry.io/auto/sdk to v1.1.0 (#6025)
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.31.3 to 0.32.0

Commits
  • e622342 Update dependencies to v0.32.0 tag
  • b0543a3 Merge remote-tracking branch 'origin/master' into release-1.32
  • f6bae9a Drop use of winreadlinkvolume godebug option
  • ea815d5 Merge remote-tracking branch 'origin/master' into release-1.32
  • c331a79 Revert to go1.22 windows filesystem stdlib behavior
  • f8e5e36 Merge pull request #128407 from ndixita/pod-level-resources
  • 84e0db8 Merge pull request #127857 from Jefftree/cle-v1alpha2
  • cbaf5a0 Merge pull request #128686 from thockin/take_over_pr-125233
  • a503a4f Merge pull request #128687 from tallclair/allocated-status
  • 3f43b5a Merge pull request #128240 from LionelJouin/KEP-4817
  • Additional commits viewable in compare view

Updates k8s.io/apiextensions-apiserver from 0.31.3 to 0.32.0

Commits
  • 7215469 Update dependencies to v0.32.0 tag
  • 887679f Merge remote-tracking branch 'origin/master' into release-1.32
  • bd027a4 Drop use of winreadlinkvolume godebug option
  • 919f42b Merge remote-tracking branch 'origin/master' into release-1.32
  • a4e1034 Revert to go1.22 windows filesystem stdlib behavior
  • 89d6021 Run codegen
  • 2a91f8a Merge pull request #127513 from tkashem/delete-undecryptable
  • 06dc95a api: run codegen
  • 19f7123 Merge pull request #128639 from jpbetz/fix-cost-test
  • 66631b6 Fix flake in CEL cost stability tests
  • Additional commits viewable in compare view

Updates k8s.io/apimachinery from 0.31.3 to 0.32.0

Commits
  • 59e9003 Merge remote-tracking branch 'origin/master' into release-1.32
  • 639247c Drop use of winreadlinkvolume godebug option
  • 220d7c3 Merge remote-tracking branch 'origin/master' into release-1.32
  • c199d3b Revert to go1.22 windows filesystem stdlib behavior
  • 16af2ff implement unsafe deletion, and wire it
  • 6ff8305 api: run codegen
  • ca9b8b2 api: add a new field to meta/v1 DeleteOptions
  • d941d9f Merge pull request #128503 from benluddy/cbor-codecs-featuregate
  • 3b4250f Wire serving codecs to CBOR feature gate.
  • daaad09 Merge pull request #128501 from benluddy/watch-cbor-seq
  • Additional commits viewable in compare view

Updates k8s.io/apiserver from 0.31.3 to 0.32.0

Commits
  • 9d86305 Update dependencies to v0.32.0 tag
  • 34b7cc9 Merge remote-tracking branch 'origin/master' into release-1.32
  • 5945d46 Drop use of winreadlinkvolume godebug option
  • adee259 Merge remote-tracking branch 'origin/master' into release-1.32
  • fbba927 Merge pull request #129081 from stlaz/fg_remote_uid
  • b3c0cb6 Merge remote-tracking branch 'origin/master' into release-1.32
  • bf14697 Revert to go1.22 windows filesystem stdlib behavior
  • f76e404 featuregate UID in RequestHeader authenticator
  • 1f546ee Possible fix for alpha CI jobs failing with AllowUnsafeMalformedObjectDeletio...
  • 3423727 Merge pull request #127581 from richabanker/flagz-apiserver
  • Additional commits viewable in compare view

Updates k8s.io/cli-runtime from 0.31.3 to 0.32.0

Commits
  • 49dbc54 Update dependencies to v0.32.0 tag
  • f8c45be Merge remote-tracking branch 'origin/master' into release-1.32
  • f750fa0 Drop use of winreadlinkvolume godebug option
  • 9da77ec Merge remote-tracking branch 'origin/master' into release-1.32
  • 15e0912 Revert to go1.22 windows filesystem stdlib behavior
  • 3a2a8b4 hack/pin-dependency.sh k8s.io/kube-openapi 32ad38e42d3faf1ce94eb29f4ea6d76333...
  • 8ceafc0 Merge pull request #128396 from ritazh/deprecate-EnforceMountableSecretsAnnot...
  • f78772d deprecate EnforceMountableSecretsAnnotation in 1.32
  • 44c3029 Merge pull request #128507 from dims/use-k8s.io/utils/lru-instead-of-github.c...
  • 16fbedb Use k8s.io/utils/lru instead of github.com/golang/groupcache/lru
  • Additional commits viewable in compare view

Updates k8s.io/client-go from 0.31.3 to 0.32.0

Commits
  • 0d55461 Update dependencies to v0.32.0 tag
  • 4765ade Merge remote-tracking branch 'origin/master' into release-1.32
  • 692a511 Drop use of winreadlinkvolume godebug option
  • 9df5099 Merge remote-tracking branch 'origin/master' into release-1.32
  • 120beb2 Revert to go1.22 windows filesystem stdlib behavior
  • 55d23e2 Align fake client-go clients with the main interface
  • 646e79b Run codegen
  • c475fe0 Generify fake clientsets
  • 955401c Merge pull request #128407 from ndixita/pod-level-resources
  • eddb107 Merge pull request #127857 from Jefftree/cle-v1alpha2
  • Additional commits viewable in compare view

Updates golang.org/x/net from 0.31.0 to 0.33.0

Commits
  • dfc720d go.mod: update golang.org/x dependencies
  • 8e66b04 html: use strings.EqualFold instead of lowering ourselves
  • b935f7b html: avoid endless loop on error token
  • 9af49ef route: remove unused sizeof* consts
  • 6705db9 quic: clean up crypto streams when dropping packet protection keys
  • 4ef7588 quic: handle ACK frame in packet which drops number space
  • 552d8ac Revert "route: change from syscall to x/sys/unix"
  • 13a7c01 Revert "route: remove unused sizeof* consts on freebsd"
  • 285e1cf go.mod: update golang.org/x dependencies
  • d0a1049 route: remove unused sizeof* consts on freebsd
  • Additional commits viewable in compare view

Updates helm.sh/helm/v3 from 3.16.3 to 3.16.4

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.16.4 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.16.4. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.17.0 is the next feature release and will be on January 15, 2025

Changelog

  • Bump golang.org/x/crypto from 0.30.0 to 0.31.0 7877b45b63f95635153b29a42c0c2f4273ec45ca (dependabot[bot])
  • Bump the k8s-io group with 7 updates 848e586c27f05d84bc19d082f395098aba0b7619 (dependabot[bot])
Commits
  • 7877b45 Bump golang.org/x/crypto from 0.30.0 to 0.31.0
  • 848e586 Bump the k8s-io group with 7 updates
  • See full diff in compare view

Updates k8s.io/kubelet from 0.31.3 to 0.32.0

Commits
  • ab6d6c0 Update dependencies to v0.32.0 tag
  • 78330cb Merge remote-tracking branch 'origin/master' into release-1.32
  • 9aa82a6 Drop use of winreadlinkvolume godebug option
  • 351b167 Merge remote-tracking branch 'origin/master' into release-1.32
  • 97885c0 Revert to go1.22 windows filesystem stdlib behavior
  • de4c476 DRA kubelet: use unique protobuf package name
  • 3b14f64 KEP-4603: Node specific kubelet config for maximum backoff down to 1 second (...
  • 353a4bc Merge pull request #126503 from skitt/generic-fake-client
  • 35e9b33 Generify fake clientsets
  • 2466f75 Merge pull request #128646 from pohly/dra-kubelet-separate-beta-api
  • Additional commits viewable in compare view

Updates k8s.io/metrics from 0.31.3 to 0.32.0

Commits
  • 747abc1 Update dependencies to v0.32.0 tag
  • 5d76b1a Merge remote-tracking branch 'origin/master' into release-1.32
  • 54a1c04 Drop use of winreadlinkvolume godebug option
  • f4ebf54 Merge remote-tracking branch 'origin/master' into release-1.32
  • 140b464 Revert to go1.22 windows filesystem stdlib behavior
  • 5197509 Run codegen
  • 0eafb3f Merge pull request #128580 from jpbetz/bump-kube-openapi
  • 4175bc6 hack/pin-dependency.sh k8s.io/kube-openapi 32ad38e42d3faf1ce94eb29f4ea6d76333...
  • 7658283 Merge pull request #128507 from dims/use-k8s.io/utils/lru-instead-of-github.c...
  • 3f92891 Use k8s.io/utils/lru instead of github.com/golang/groupcache/lru
  • Additional commits viewable in compare view

Updates k8s.io/utils from 0.0.0-20240711033017-18e509b52bc8 to 0.0.0-20241104100929-3ea5e8cea738

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the security group across 1 directory with 17 updates
289cb7f 
Bumps the security group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/cilium/ebpf](https://github.com/cilium/ebpf) | `0.16.0` | `0.17.1` |
| [github.com/containerd/cgroups/v3](https://github.com/containerd/cgroups) | `3.0.4` | `3.0.5` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.1` | `5.7.2` |
| [github.com/microsoft/go-mssqldb](https://github.com/microsoft/go-mssqldb) | `1.7.2` | `1.8.0` |
| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.32.0` | `1.33.0` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.31.3` | `0.32.0` |
| [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.31.3` | `0.32.0` |
| [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.31.3` | `0.32.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.31.0` | `0.33.0` |
| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.16.3` | `3.16.4` |
| [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.31.3` | `0.32.0` |
| [k8s.io/metrics](https://github.com/kubernetes/metrics) | `0.31.3` | `0.32.0` |



Updates `github.com/cilium/ebpf` from 0.16.0 to 0.17.1
- [Release notes](https://github.com/cilium/ebpf/releases)
- [Commits](cilium/ebpf@v0.16.0...v0.17.1)

Updates `github.com/containerd/cgroups/v3` from 3.0.4 to 3.0.5
- [Release notes](https://github.com/containerd/cgroups/releases)
- [Commits](containerd/cgroups@v3.0.4...v3.0.5)

Updates `github.com/jackc/pgx/v5` from 5.7.1 to 5.7.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](jackc/pgx@v5.7.1...v5.7.2)

Updates `github.com/microsoft/go-mssqldb` from 1.7.2 to 1.8.0
- [Release notes](https://github.com/microsoft/go-mssqldb/releases)
- [Changelog](https://github.com/microsoft/go-mssqldb/blob/main/CHANGELOG.md)
- [Commits](microsoft/go-mssqldb@v1.7.2...v1.8.0)

Updates `go.opentelemetry.io/otel` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.32.0...v1.33.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.32.0...v1.33.0)

Updates `k8s.io/api` from 0.31.3 to 0.32.0
- [Commits](kubernetes/api@v0.31.3...v0.32.0)

Updates `k8s.io/apiextensions-apiserver` from 0.31.3 to 0.32.0
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.31.3...v0.32.0)

Updates `k8s.io/apimachinery` from 0.31.3 to 0.32.0
- [Commits](kubernetes/apimachinery@v0.31.3...v0.32.0)

Updates `k8s.io/apiserver` from 0.31.3 to 0.32.0
- [Commits](kubernetes/apiserver@v0.31.3...v0.32.0)

Updates `k8s.io/cli-runtime` from 0.31.3 to 0.32.0
- [Commits](kubernetes/cli-runtime@v0.31.3...v0.32.0)

Updates `k8s.io/client-go` from 0.31.3 to 0.32.0
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.31.3...v0.32.0)

Updates `golang.org/x/net` from 0.31.0 to 0.33.0
- [Commits](golang/net@v0.31.0...v0.33.0)

Updates `helm.sh/helm/v3` from 3.16.3 to 3.16.4
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.16.3...v3.16.4)

Updates `k8s.io/kubelet` from 0.31.3 to 0.32.0
- [Commits](kubernetes/kubelet@v0.31.3...v0.32.0)

Updates `k8s.io/metrics` from 0.31.3 to 0.32.0
- [Commits](kubernetes/metrics@v0.31.3...v0.32.0)

Updates `k8s.io/utils` from 0.0.0-20240711033017-18e509b52bc8 to 0.0.0-20241104100929-3ea5e8cea738
- [Commits](https://github.com/kubernetes/utils/commits)

---
updated-dependencies:
- dependency-name: github.com/cilium/ebpf
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: github.com/containerd/cgroups/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: github.com/jackc/pgx/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: github.com/microsoft/go-mssqldb
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/apiserver
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/cli-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/kubelet
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/metrics
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/utils
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
...

Signed-off-by: dependabot[bot] <[email protected]>
@DexterYan DexterYan requested a review from a team as a code owner December 30, 2024 03:28
@DexterYan DexterYan merged commit 3f1314c into main Dec 30, 2024
24 checks passed
@DexterYan DexterYan deleted the dependabot/go_modules/security-e7bac8122a branch December 30, 2024 04:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xavpaice xavpaice xavpaice approved these changes

Assignees
No one assigned
Labels
dependencies go type::security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xavpaice @DexterYan