Comparing changes

Bumps [github.com/google/ko](https://github.com/google/ko) from 0.14.1 to 0.15.0. - [Release notes](https://github.com/google/ko/releases) - [Changelog](https://github.com/ko-build/ko/blob/main/.goreleaser.yml) - [Commits](ko-build/ko@v0.14.1...v0.15.0) --- updated-dependencies: - dependency-name: github.com/google/ko dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps the kubernetes group with 2 updates: [k8s.io/api](https://github.com/kubernetes/api) and [k8s.io/client-go](https://github.com/kubernetes/client-go). Updates `k8s.io/api` from 0.28.2 to 0.28.3 - [Commits](kubernetes/api@v0.28.2...v0.28.3) Updates `k8s.io/client-go` from 0.28.2 to 0.28.3 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.28.2...v0.28.3) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kubernetes - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kubernetes ... Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: Scott Andrews <andrewssc@vmware.com>

Bumps [github.com/vmware-tanzu/carvel-kbld](https://github.com/vmware-tanzu/carvel-kbld) from 0.38.0 to 0.38.1. - [Release notes](https://github.com/vmware-tanzu/carvel-kbld/releases) - [Changelog](https://github.com/carvel-dev/kbld/blob/develop/.goreleaser.yml) - [Commits](carvel-dev/kbld@v0.38.0...v0.38.1) --- updated-dependencies: - dependency-name: github.com/vmware-tanzu/carvel-kbld dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* disable http2 for metrics and webhooks by default It appears that mitigating the recent http2 vulnerabilities (see CVE-2023-44487 and CVE-2023-39325) requires [more than just a library update to golang.org/x/net][1]. Until better mitigations have been developed, disable http2 in both the metrics and webhooks servers. [1]: kubernetes/kubernetes#121197 Signed-off-by: Andy Sadler <ansadler@redhat.com> * cleanup http2 disabling methods Until better mitigations are in place, disable HTTP2 in all cases. Don't leave an option in place to re-enable it. Signed-off-by: Andy Sadler <ansadler@redhat.com> * fix generated drift Signed-off-by: Andy Sadler <ansadler@redhat.com> --------- Signed-off-by: Andy Sadler <ansadler@redhat.com>

ServiceBindings setup a validating webhook to watch for changes on the service resource. This was only watching for requests on the main resource and did not observe the status subresource. This meant that if a provisioned service rotated the secret name and made no other changes, the new secret would not be observed until the regular reconcile of the ServiceBinding (up to 10 hours later). This change watches the status subresource for tracked resources. Signed-off-by: Scott Andrews <andrewssc@vmware.com>

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.15.0 to 0.16.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Oct 17, 2023

Commits on Oct 19, 2023

Commits on Oct 25, 2023

Commits on Oct 27, 2023

Commits on Oct 31, 2023

Commits on Nov 7, 2023

Commits on Nov 9, 2023

Commits on Nov 16, 2023

Commits on Nov 27, 2023

Commits on Nov 28, 2023

This comparison is taking too long to generate.

Uh oh!