search

cisco-open / flame

flame is a federated learning system for edge with flexibility and scalability at the core of its design.
Apache License 2.0
56 stars 28 forks source link

chore(deps): bump the go_modules group across 1 directory with 10 updates #575

Closed dependabot[bot] closed 5 months ago

dependabot[bot] commented 5 months ago

Bumps the go_modules group with 6 updates in the / directory:

Package From To
google.golang.org/grpc 1.58.3 1.64.0
helm.sh/helm/v3 3.14.3 3.15.0
github.com/containerd/containerd 1.7.12 1.7.17
github.com/cyphar/filepath-securejoin 0.2.4 0.2.5
github.com/docker/distribution 2.8.2+incompatible 2.8.3+incompatible
github.com/prometheus/client_golang 1.16.0 1.19.1

Updates google.golang.org/grpc from 1.58.3 to 1.64.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.64.0

API Changes

  • stats: Deprecate InPayload.Data and OutPayload.Data; they were experimental and will be deleted in the next release (#7121)

Behavior Changes

  • codec: Remove handling of environment variable GRPC_GO_ADVERTISE_COMPRESSORS to suppress setting supported compressors in grpc-accept-encoding header. Compressors will always be advertised, as they have been by default for some time (#7203)

New Features

  • resolver/dns: Add SetMinResolutionInterval to set the minimum interval at which DNS re-resolutions may occur (#6962)
  • peer/peer: Implement the fmt.Stringer interface for pretty printing Peer, and
  • metadata/metadata: Implement the fmt.Stringer interface for pretty printing MD (#7137)

Performance Improvements

  • client: Improve RPC performance by reducing work while holding a lock (#7132)

Bug Fixes

  • transport/server: Display the proper timeout value when keepalive pings are not ack'd in time (#7038)
  • channelz: Fix bug that was causing the subchannel's target to be unset (#7189)
  • stats: Fix bug where peer was not set in context when calling stats handler for OutPayload, InPayload, and End (#7096)

Dependencies

  • deps: Remove dependency on deprecated github.com/golang/protobuf module (#7122)

Documentation

  • grpc: Deprecate WithBlock, WithReturnConnectionError, FailOnNonTempDialError which are ignored by NewClient (#7097)
  • grpc: Deprecate Dial and DialContext. These will continue to be supported throughout 1.x, but are deprecated to direct users to NewClient (See #7090 for more information)
  • examples: Add custom lb example (#6691)

Release 1.63.2

Bugs

  • Fix the user agent string

Release 1.63.1

Bugs

  • grpc: fixed subchannel log messages to properly reference the parent channel (#7101)

API Changes

... (truncated)

Commits
  • fa274d7 Change version to 1.64.0 (#7218)
  • 6b413c8 xds: Surround two Infof calls that use pretty.ToJSON with V(2) checks (...
  • 2dbbcef resolver/dns: Add docstring to SetMinResolutionInterval (#7217)
  • 070d9c7 codes: replace %q to %d in error string when invalid code is an integer (#7188)
  • 5d24ee2 xds: store server config for LRS server in xdsresource.ClusterUpdate (#7191)
  • c76f686 advancedTLS: Rename get root certs related pieces (#7207)
  • f591e3b codec: remove option to suppress setting supported compressors in headers (#7...
  • b4f7947 github: remove dependabot (#7208)
  • 0561c78 client: add user-friendly error message of LB policy update timed out (#7206)
  • 9d9c1fb peer: remove change detector test (#7204)
  • Additional commits viewable in compare view


Updates google.golang.org/protobuf from 1.31.0 to 1.33.0

Updates helm.sh/helm/v3 from 3.14.3 to 3.15.0

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.15.0 is a feature release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

  • Opt-in to hiding secrets when running dry-run for install and upgrade
  • Added robustness to wait checks

Installation and Upgrading

Download Helm v3.15.0. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.15.1 is the next patch release and will be on June 12, 2024.
  • 3.16.0 is the next feature release and will be on September 11, 2024.

Changelog

  • Updating to k8s 1.30 c4e37b39dbb341cb3f716220df9f9d306d123a58 (Matt Farina)
  • bump version to v3.15.0 d7afa3b6b432c09a02cd07342e908ba5bed34940 (Matt Farina)
  • bump version to 774346777c5b311251d8252cd470d56bdd23a403 (Matt Farina)
  • Fix namespace on kubeconfig error 214fb6eff393f1c17890d45e9eaee86f6b37ea17 (Calvin Krist)
  • Update testdata PKI with keys that have validity until 3393 (Fixes #12880) 1b75d48189c2484cb5904f7996933d8d85315adb (Dirk Müller)
  • chore(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 dac23c82ce3bc05b6e72a1571bea48e424494fb0 (dependabot[bot])
  • chore(deps): bump github/codeql-action from 3.24.7 to 3.24.10 167d57676d22ea10fa7869e6f85c6fe2e46b3292 (dependabot[bot])
  • chore: remove repetitive words dd37787ffd25419cf5f76222e682fbba47d289eb (deterclosed)
  • Modified how created annotation is populated based on package creation time 0a69a0dea6b1dcebaaf5d5b67c9a56eade463a71 (Andrew Block)
  • chore(deps): bump github.com/docker/docker aaaf1128d2dd2ce3e119472cae0bd9da3d62eb89 (dependabot[bot])

... (truncated)

Commits
  • c4e37b3 Updating to k8s 1.30
  • d7afa3b bump version to v3.15.0
  • 7743467 bump version to
  • cf823d4 Merge pull request #12971 from dirkmueller/cert_extended_range
  • 1df0064 Merge pull request #12966 from helm/dependabot/go_modules/golang.org/x/net-0....
  • c6beb16 Merge pull request #12979 from CalvinKrist/fix-namespace-on-kube-error
  • 214fb6e Fix namespace on kubeconfig error
  • 1b75d48 Update testdata PKI with keys that have validity until 3393 (Fixes #12880)
  • dac23c8 chore(deps): bump golang.org/x/net from 0.17.0 to 0.23.0
  • 14d0c13 Merge pull request #11569 from alex-petrov-vt/iss-11553
  • Additional commits viewable in compare view


Updates k8s.io/apimachinery from 0.29.0 to 0.30.0

Commits
  • 37988e5 Merge remote-tracking branch 'origin/master' into release-1.30
  • c857a38 Update x/net for CVE-2023-45288
  • 0407311 followup to allow special characters
  • 25164f7 Merge pull request #123435 from tallclair/apparmor-ga
  • cbfe0a1 Merge pull request #123758 from liggitt/protobump
  • 21d26b6 Bump github.com/golang/protobuf v1.5.4, google.golang.org/protobuf v1.33.0
  • 0c29f84 Merge pull request #123385 from HirazawaUi/allow-special-characters
  • 60d24f2 Merge pull request #123708 from p0lyn0mial/upstream-const-watchlist-bookmark-...
  • 513d23a apimachinery/meta/types.go: define InitialEventsAnnotationKey const
  • 67cb3a8 Merge pull request #123413 from seans3/tunneling-spdy-websockets
  • Additional commits viewable in compare view


Updates github.com/containerd/containerd from 1.7.12 to 1.7.17

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.17

Welcome to the v1.7.17 release of containerd!

The seventeenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

  • Use LOOP_CONFIGURE when creating loop devices (#10209)
  • Update unpacker to fetch all provided content (#10233)
  • Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts (#10210)
  • Update metadata snapshotter to lease on already exists (#10198)
  • Handle unsupported config versions (#10165)
  • Fix deadlock when writing to pipe blocks (containerd/ttrpc#168)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Stefan Berger
  • Derek McGowan
  • Austin Vazquez
  • Alexandru Matei
  • Maksym Pavlenko
  • Akihiro Suda
  • Bryant Biggs
  • Kevin Parsons
  • Kirtana Ashok
  • Phil Estes
  • Kazuyoshi Kato
  • Kohei Tokunaga
  • Swagat Bora

Changes

  • Prepare release notes for v1.7.17 (#10235)
    • 114b07b97 Prepare release notes for v1.7.17
  • Use LOOP_CONFIGURE when creating loop devices (#10209)
    • 803aaa680 Remove internal LoopConfig struct
    • 7bd3be948 Swap internal ioctl implementation with golang.org/x/sys
    • a0739dc0e Use LOOP_CONFIGURE when creating loop devices
  • Update unpacker to fetch all provided content (#10233)
    • 1573ea598 Update ctr image pull all platforms
    • 32b594f1b Update unpacker to always fetch all
  • Update hcsshim tag to v0.11.5 (#10232)
  • Update ttrpc tag to 1.2.4 (#10221)

... (truncated)

Commits
  • 3a4de45 Merge pull request #10235 from dmcgowan/prepare-v1.7.17
  • 114b07b Prepare release notes for v1.7.17
  • 2441c2d Merge pull request #10209 from austinvazquez/cherry-pick-a782fd6da2fa9fa350ef...
  • 62af107 Merge pull request #10233 from dmcgowan/1.7-unpack-fetch-all
  • a3c0f2f Merge pull request #10232 from kiashok/update-shim-0.11.4
  • 1573ea5 Update ctr image pull all platforms
  • 32b594f Update unpacker to always fetch all
  • 5a03a3a Update hcsshim tag to v0.11.5
  • b5aec32 Merge pull request #10221 from kiashok/update-ttrpc-release-1.7
  • 36bbb4d Merge pull request #10210 from swagatbora90/preserve-flags-cherry-pick-1.7
  • Additional commits viewable in compare view


Updates github.com/cyphar/filepath-securejoin from 0.2.4 to 0.2.5

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.2.5

This release makes some minor improvements to SecureJoin:

  • Some changes were made to how lexical components are handled during resolution. There is no change in behaviour, and both implementations are safe, however the newer implementation is much easier to reason about.

  • The error returned when a symlink loop has been detected will now reference the correct path. #10

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Commits
  • d861a11 VERSION: release v0.2.5
  • 87bc53a join: fix ELOOP error path
  • e9be397 join: don't allow .. and . in working path during resolution
  • 75cdbea gha: update Go versions
  • b69b737 VERSION: back to development
  • See full diff in compare view


Updates github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible

Release notes

Sourced from github.com/docker/distribution's releases.

v2.8.3

What's Changed

New Contributors

Full Changelog: https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3

Commits
  • 4772604 Merge pull request #4088 from distribution/2.8.3-release-notes
  • a4fa699 Add v2.8.3 release notes
  • 1eb2c30 Merge pull request #4068 from milosgajdos/2_8-dont-close-request-body
  • 5e6b1b5 Do not close HTTP request body in HTTP handler
  • 2b76378 Merge pull request #4064 from thaJeztah/2.8_backport_nodigestset
  • 29b00e8 digestset: deprecate package in favor of go-digest/digestset
  • d1ab243 [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0
  • 11eb419 Merge pull request #4063 from thaJeztah/2.8_backport_switch_reference
  • 3dda067 deprecate reference package, migrate to github.com/distribution/reference
  • da05539 Merge pull request #4053 from thaJeztah/2.8_backport_set-content-type-client-...
  • Additional commits viewable in compare view


Updates github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v24.0.9

24.0.9

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains security fixes for the following CVEs affecting Docker Engine and its components.

CVE Component Fix version Severity
CVE-2024-21626 runc 1.1.12 High, CVSS 8.6
CVE-2024-24557 Docker Engine 24.0.9 Medium, CVSS 6.9

Important ⚠️

Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:

To address these vulnerabilities, upgrade to Docker Engine v25.0.2.

For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the blog post. For details about each vulnerability, see the relevant security advisory:

Packaging updates

v24.0.8

24.0.8

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Live restore: Containers with auto remove (docker run --rm) are no longer forcibly removed on engine restart. moby/moby#46857

... (truncated)

Commits
  • fca702d Merge pull request from GHSA-xw73-rw38-6vjc
  • f78a772 Merge pull request #47281 from thaJeztah/24.0_backport_bump_containerd_binary...
  • 61afffe Merge pull request #47270 from thaJeztah/24.0_backport_bump_runc_binary_1.1.12
  • b38e74c Merge pull request #47276 from thaJeztah/24.0_backport_bump_runc_1.1.12
  • dac5663 update containerd binary to v1.7.13
  • 20e1af3 vendor: github.com/opencontainers/runc v1.1.12
  • 858919d update runc binary to v1.1.12
  • 141ad39 Merge pull request #47266 from vvoland/ci-fix-makeps1-templatefail-24
  • db968c6 hack/make.ps1: Fix go list pattern
  • 61c51fb Merge pull request #47221 from vvoland/pkg-pools-close-noop-24
  • Additional commits viewable in compare view


Updates github.com/prometheus/client_golang from 1.16.0 to 1.19.1

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.19.1

What's Changed

  • Security patches for golang.org/x/sys and google.golang.org/protobuf

New Contributors

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1

v1.19.0

What's Changed

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

  • [CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449
  • [FEATURE] collectors: Add version collector. #1422 #1427

New Contributors

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.0

v1.18.0

What's Changed

  • [FEATURE] promlint: Allow creation of custom metric validations. #1311
  • [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
  • [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
  • [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
  • [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

New Contributors

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.17.0...v1.18.0

v1.17.0

What's Changed

  • [CHANGE] Minimum required go version is now 1.19 (we also test client_golang against new 1.21 version). #1325
  • [FEATURE] Add support for Created Timestamps in Counters, Summaries and Historams. #1313
  • [ENHANCEMENT] Enable detection of a native histogram without observations. #1314

... (truncated)

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

1.19.0 / 2023-02-27

The module prometheus/common v0.48.0 introduced an incompatibility when used together with client_golang (See prometheus/client_golang#1448 for more details). If your project uses client_golang and you want to use prometheus/common v0.48.0 or higher, please update client_golang to v1.19.0.

  • [CHANGE] Minimum required go version is now 1.20 (we also test client_golang against new 1.22 version). #1445 #1449
  • [FEATURE] collectors: Add version collector. #1422 #1427

1.18.0 / 2023-12-22

  • [FEATURE] promlint: Allow creation of custom metric validations. #1311
  • [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
  • [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
  • [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
  • [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

1.17.0 / 2023-09-27

  • [CHANGE] Minimum required go version is now 1.19 (we also test client_golang against new 1.21 version). #1325
  • [FEATURE] Add support for Created Timestamps in Counters, Summaries and Historams. #1313
  • [ENHANCEMENT] Enable detection of a native histogram without observations. #1314
Commits


Updates golang.org/x/net from 0.21.0 to 0.23.0

Commits
  • c48da13 http2: fix TestServerContinuationFlood flakes
  • 762b58d http2: fix tipos in comment
  • ba87210 http2: close connections when receiving too many headers
  • ebc8168 all: fix some typos
  • 3678185 http2: make TestCanonicalHeaderCacheGrowth faster
  • 448c44f http2: remove clientTester
  • c7877ac http2: convert the remaining clientTester tests to testClientConn
  • d8870b0 http2: use synthetic time in TestIdleConnTimeout
  • d73acff http2: only set up deadline when Server.IdleTimeout is positive
  • 89f602b http2: validate client/outgoing trailers
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cisco-open/flame/network/alerts).
myungjin commented 5 months ago

@dependabot rebase

dependabot[bot] commented 5 months ago

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

dependabot[bot] commented 5 months ago

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml