MatthiasScholz / cos

Basic Cluster Orchestration Setup
GNU Lesser General Public License v3.0
34 stars 11 forks source link

Bump github.com/hashicorp/nomad from 1.0.0 to 1.0.18 in /test #93

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps github.com/hashicorp/nomad from 1.0.0 to 1.0.18.

Release notes

Sourced from github.com/hashicorp/nomad's releases.

v1.0.15

1.0.15 (December 13, 2021)

SECURITY:

  • Updated to Go 1.16.12. Earlier versions of Go contained 2 CVEs. CVE-2021-44717 could allow a task on a Unix system with exhausted file handles to misdirect I/O. CVE-2021-44716 could create unbounded memory growth in HTTP2 servers. Nomad servers do not use HTTP2. [GH-11662]

v1.0.11

IMPROVEMENTS:

  • deps: Updated go-memdb to v1.3.2 [GH-11185]

BUG FIXES:

  • audit (Enterprise): Don't timestamp active audit log file. [GH-11198]
  • cli: Display all possible scores in the allocation status table [GH-11128]
  • cli: Fixed a bug where the NOMAD_CLI_NO_COLOR environment variable was not always applied [GH-11168]
  • client: Task vars should take precedence over host vars when performing interpolation. [GH-11206]

Binaries - https://releases.hashicorp.com/nomad/1.0.11/

v1.0.6

https://github.com/hashicorp/nomad/blob/release-1.0.6/CHANGELOG.md

1.0.6 (May 18, 2021)

BUG FIXES:

  • core (Enterprise): Update licensing library to v0.0.11 to include race condition fix. [GH-10253]
  • agent: Only allow querying Prometheus formatted metrics if Prometheus is enabled within the config [GH-10140]
  • api: Ensured that api.LicenseGet returned response meta data [GH-10276]
  • api: Added missing devices block to AllocatedTaskResources [GH-10064]
  • api: Fixed a panic that may occur on concurrent access to an SDK client [GH-10302]
  • cli: Fixed a bug where non-int proxy port would panic CLI [GH-10072]
  • cli: Fixed a bug where snapshot agent command panics on launch [GH-10276]
  • cli: Remove extra linefeeds in monitor.log files written by nomad operator debug. [GH-10252]
  • cli: Fixed a bug where parsing HCLv2 may panic on some variable interpolation syntax [GH-10326] [GH-10419]
  • cli: Fixed a bug where nomad operator debug incorrectly parsed https Consul API URLs. [GH-10082]
  • cli: Fixed a panic where nomad job run or plan would crash when supplied with non-existent -var-file files. [GH-10569]
  • client: Fixed log formatting when killing tasks. [GH-10135]
  • client: Added handling for cgroup-v2 memory metrics [GH-10286]
  • client: Only publish measured allocation memory metrics [GH-10376]
  • client: Fixed a bug where small files would be assigned the wrong content type. [GH-10348]
  • consul/connect: Fixed a bug where job plan always different when using expose checks. [GH-10492]
  • consul/connect: Fixed a bug where HTTP ingress gateways could not use wildcard names. [GH-10457]
  • cni: Fallback to an interface with an IP address if sandbox interface lacks one. [GH-9895]
  • csi: Fixed a bug where volume with IDs that are a substring prefix of another volume could use the wrong volume for feasibility checking. [GH-10158]
  • drivers/docker: Fixed a bug where Dockerfile STOPSIGNAL was not honored. [GH-10441]
  • drivers/raw_exec: Fixed a bug where exit codes could be dropped and return a spurious error. [GH-10494]
  • scheduler: Fixed a bug where Nomad reports negative or incorrect running children counts for periodic jobs. [GH-10145]
  • scheduler: Fixed a bug where jobs requesting multiple CSI volumes could be incorrectly scheduled if only one of the volumes passed feasibility checking. [GH-10143]

... (truncated)

Changelog

Sourced from github.com/hashicorp/nomad's changelog.

1.0.18 (February 9, 2022)

BACKWARDS INCOMPATIBILITIES:

  • ACL authentication is now required for the Nomad API job parse endpoint to address a potential security vulnerability

SECURITY:

  • Add ACL requirement and HCL validation to the job parse API endpoint to prevent excessive CPU usage. CVE-2022-24685 [GH-12038]
  • Fix race condition in use of go-getter that could cause a client agent to download the wrong artifact into the wrong destination. CVE-2022-24686 [GH-12036]
  • Prevent panic in spread iterator during allocation stop. CVE-2022-24684 [GH-12039]
  • Resolve symlinks to prevent unauthorized access to files outside the allocation directory. CVE-2022-24683 [GH-12037]

1.0.17 (February 1, 2022)

BUG FIXES:

  • csi: Fixed a bug where garbage collected allocations could block new claims on a volume [GH-11890]
  • csi: Fixed a bug where releasing volume claims would fail with ACL errors after leadership transitions. [GH-11891]
  • csi: Fixed a bug where volume claim releases that were not fully processed before a leadership transition would be ignored [GH-11776]
  • csi: Unmount volumes from the client before sending unpublish RPC [GH-11892]

1.0.16 (January 18, 2022)

BUG FIXES:

  • agent: Validate reserved_ports are valid to prevent unschedulable nodes. [GH-11830]
  • cli: Fixed a bug where the -stale flag was not respected by nomad operator debug [GH-11678]
  • client: Fixed a bug where clients would ignore the client_auto_join setting after losing connection with the servers, causing them to incorrectly fallback to Consul discovery if it was set to false. [GH-11585]
  • client: Fixed a memory and goroutine leak for batch tasks and any task that exits without being shut down from the server [GH-11741]
  • client: Fixed host network reserved port fingerprinting [GH-11728]
  • core: Fix missing fields in Node.Copy() [GH-11744]
  • csi: Fixed a bug where deregistering volumes would attempt to deregister the wrong volume if the ID was a prefix of the intended volume [GH-11852]
  • drivers: Fixed a bug where the resolv.conf copied from the system was not readable to unprivileged processes within the task [GH-11856]
  • quotas (Enterprise): Fixed a bug quotas can be incorrectly calculated when nodes fail ranking. [GH-11848]
  • rpc: Fixed scaling policy get index response when the policy is found [GH-11579]
  • scheduler: detect, log, and emit nomad.nomad.plan.node_rejected metric when an unexpected port collision is detected [GH-11793]
  • scheduler: Fixed a performance bug where spread and node affinity can cause a job to take longer than the nack timeout to be evaluated. [GH-11712]
  • template: Fixed a bug where templates did not receive an updated vault token if change_mode = "noop" was set in the job definition's vault stanza. [GH-11783]

1.0.15 (December 13, 2021)

SECURITY:

  • Updated to Go 1.16.12. Earlier versions of Go contained 2 CVEs. CVE-2021-44717 could allow a task on a Unix system with exhausted file handles to misdirect I/O. CVE-2021-44716 could create unbounded memory growth in HTTP2 servers. Nomad servers do not use HTTP2. [GH-11662]

1.0.14 (November 19, 2021)

SECURITY:

... (truncated)

Commits
  • 7eb2ad2 Release v1.0.18
  • c46dfd8 Generate files for 1.0.18 release
  • 0146d33 ci: set macos build xcode to a support version
  • 53b2709 chore: go mod tidy
  • bb96eb8 docs: add 1.0.18 to changelog
  • 83e9de5 scheduler: prevent panic in spread iterator during alloc stop
  • 321c221 api: prevent excessice CPU load on job parse
  • 1aa46c3 client: check escaping of alloc dir using symlinks
  • e5c7638 client: fix race condition in use of go-getter
  • c19be8d Release v1.0.17
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/MatthiasScholz/cos/network/alerts).