Skip to content

Bump the all group with 12 updates #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jetstack-bot merged 1 commit into from
Feb 27, 2024
Merged

Bump the all group with 12 updates #25

jetstack-bot merged 1 commit into from
Feb 27, 2024

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 26, 2024

Bumps the all group with 12 updates:

Package From To
github.com/cert-manager/cert-manager 1.14.2 1.14.3
golang.org/x/crypto 0.19.0 0.20.0
helm.sh/helm/v3 3.14.0 3.14.2
k8s.io/api 0.29.1 0.29.2
k8s.io/apiextensions-apiserver 0.29.1 0.29.2
k8s.io/apimachinery 0.29.1 0.29.2
k8s.io/cli-runtime 0.29.1 0.29.2
k8s.io/client-go 0.29.1 0.29.2
k8s.io/component-base 0.29.1 0.29.2
k8s.io/kube-aggregator 0.29.1 0.29.2
k8s.io/kubectl 0.29.1 0.29.2
sigs.k8s.io/controller-runtime 0.17.1 0.17.2

Updates github.com/cert-manager/cert-manager from 1.14.2 to 1.14.3

Commits
  • 218e205 Merge pull request #6788 from inteon/release-1.14_deps
  • 646e592 run 'make update-licenses'
  • dafea03 bump base images and CVE dependencies
  • e1e9890 Merge pull request #6781 from jetstack-bot/cherry-pick-6779-to-release-1.14
  • fbb702c fix broken json logging
  • 1834103 Merge pull request #6774 from jetstack-bot/cherry-pick-6770-to-release-1.14
  • bf8c62c Fix a memory bug in ldap's ParseDN function by disabling part of the function...
  • 9d6ca31 Merge pull request #6742 from inteon/update-cmd/ctl/v1.14.2
  • c836e45 Update cmd/ctl's go.mod to v1.14.2
  • See full diff in compare view

Updates golang.org/x/crypto from 0.19.0 to 0.20.0

Commits
  • 0aab8d0 all: update go.mod x/net dependency
  • 5bead59 ocsp: don't use iota for externally defined constants
  • 1a86580 x/crypto/internal/poly1305: improve sum_ppc64le.s
  • 1c981e6 ssh/test: don't use DSA keys in integrations tests, update test RSA key
  • 62c9f17 x509roots/nss: manually exclude a confusingly constrained root
  • See full diff in compare view

Updates helm.sh/helm/v3 from 3.14.0 to 3.14.2

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.14.2 is a security (patch) release. Users are strongly recommended to update to this release.

A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.

Jakub Ciolek with AlphaSense discovered the vulnerability.

Installation and Upgrading

Download Helm v3.14.2. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.14.3 will contain only bug fixes and be released on March 13, 2024.
  • 3.15.0 is the next feature release and will be on May 08, 2024.

Helm v3.14.1 is a security (patch) release. Users are strongly recommended to update to this release.

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time.

Dominykas Blyžė with Nearform Ltd. discovered the vulnerability.

Installation and Upgrading

Download Helm v3.14.1. The common platform binaries are here:

... (truncated)

Commits

Updates k8s.io/api from 0.29.1 to 0.29.2

Commits
  • d473130 Update dependencies to v0.29.2 tag
  • f5eca04 Merge pull request #122959RomanBednar/automated-cherry-pick-of-#122728
  • fd1786f flag PersistentVolumeLastPhaseTransitionTime field as beta
  • See full diff in compare view

Updates k8s.io/apiextensions-apiserver from 0.29.1 to 0.29.2

Commits

Updates k8s.io/apimachinery from 0.29.1 to 0.29.2

Commits

Updates k8s.io/cli-runtime from 0.29.1 to 0.29.2

Commits

Updates k8s.io/client-go from 0.29.1 to 0.29.2

Commits

Updates k8s.io/component-base from 0.29.1 to 0.29.2

Commits

Updates k8s.io/kube-aggregator from 0.29.1 to 0.29.2

Commits

Updates k8s.io/kubectl from 0.29.1 to 0.29.2

Commits

Updates sigs.k8s.io/controller-runtime from 0.17.1 to 0.17.2

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.17.2

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.17.1...v0.17.2

Commits
  • d0396a3 Merge pull request #2688 from k8s-infra-cherrypick-robot/cherry-pick-2687-to-...
  • 565aa5b Fix lazy rest mapper cache invalidation
  • 59c26c0 Merge pull request #2681 from k8s-infra-cherrypick-robot/cherry-pick-2679-to-...
  • 984aee6 bug: Fakeclient: Do not consider an apply patch to be a strategic merge patch
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all group with 12 updates
ecef5f6 
Bumps the all group with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) | `1.14.2` | `1.14.3` |
| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.19.0` | `0.20.0` |
| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.14.0` | `3.14.2` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.29.1` | `0.29.2` |
| [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.29.1` | `0.29.2` |
| [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.29.1` | `0.29.2` |
| [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.29.1` | `0.29.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.29.1` | `0.29.2` |
| [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.29.1` | `0.29.2` |
| [k8s.io/kube-aggregator](https://github.com/kubernetes/kube-aggregator) | `0.29.1` | `0.29.2` |
| [k8s.io/kubectl](https://github.com/kubernetes/kubectl) | `0.29.1` | `0.29.2` |
| [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.17.1` | `0.17.2` |


Updates `github.com/cert-manager/cert-manager` from 1.14.2 to 1.14.3
- [Release notes](https://github.com/cert-manager/cert-manager/releases)
- [Commits](cert-manager/cert-manager@v1.14.2...v1.14.3)

Updates `golang.org/x/crypto` from 0.19.0 to 0.20.0
- [Commits](golang/crypto@v0.19.0...v0.20.0)

Updates `helm.sh/helm/v3` from 3.14.0 to 3.14.2
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.14.0...v3.14.2)

Updates `k8s.io/api` from 0.29.1 to 0.29.2
- [Commits](kubernetes/api@v0.29.1...v0.29.2)

Updates `k8s.io/apiextensions-apiserver` from 0.29.1 to 0.29.2
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.29.1...v0.29.2)

Updates `k8s.io/apimachinery` from 0.29.1 to 0.29.2
- [Commits](kubernetes/apimachinery@v0.29.1...v0.29.2)

Updates `k8s.io/cli-runtime` from 0.29.1 to 0.29.2
- [Commits](kubernetes/cli-runtime@v0.29.1...v0.29.2)

Updates `k8s.io/client-go` from 0.29.1 to 0.29.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.29.1...v0.29.2)

Updates `k8s.io/component-base` from 0.29.1 to 0.29.2
- [Commits](kubernetes/component-base@v0.29.1...v0.29.2)

Updates `k8s.io/kube-aggregator` from 0.29.1 to 0.29.2
- [Commits](kubernetes/kube-aggregator@v0.29.1...v0.29.2)

Updates `k8s.io/kubectl` from 0.29.1 to 0.29.2
- [Commits](kubernetes/kubectl@v0.29.1...v0.29.2)

Updates `sigs.k8s.io/controller-runtime` from 0.17.1 to 0.17.2
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.17.1...v0.17.2)

---
updated-dependencies:
- dependency-name: github.com/cert-manager/cert-manager
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/cli-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/component-base
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/kube-aggregator
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/kubectl
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 26, 2024
@jetstack-bot jetstack-bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Feb 26, 2024
@jetstack-bot
Copy link
Contributor

jetstack-bot commented Feb 26, 2024

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jetstack-bot jetstack-bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Feb 26, 2024
@inteon
Copy link
Member

inteon commented Feb 27, 2024

/approve
/lgtm

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Feb 27, 2024
@jetstack-bot
Copy link
Contributor

jetstack-bot commented Feb 27, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: inteon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 27, 2024
@jetstack-bot jetstack-bot merged commit 19f66bc into main Feb 27, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/all-85b4e54d74 branch February 27, 2024 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. dependencies Pull requests that update a dependency file go Pull requests that update Go code lgtm Indicates that a PR is ready to be merged. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jetstack-bot @inteon