build: Update to go1.22 to address Go standard library vulnerabilities CVE-2024-24783, CVE-2023-45290, and CVE-2024-24785. [GH-20066]
deps: Upgrade protobuf library to 1.33.0 to avoid scan alerts for CVE-2024-24786, which Nomad is not vulnerable to [GH-20100]
IMPROVEMENTS:
cli: Added -json option on job status command [GH-18925]
fingerprint: Added a fingerprint for Consul DNS address and port [GH-19969]
BUG FIXES:
cli: Fixed a bug where the nomad job restart command could crash if the job type was not present in a response from the server [GH-20049]
client: Fixed a bug where corrupt client state could panic the client [GH-19972]
cni: Fixed a bug where DNS set by CNI plugins was not provided to task drivers [GH-20007]
connect: Fixed a bug where expose blocks would not appear in job plan diff output [GH-19990]
server: Prevent NPE when service lacks identity [GH-19986]
v1.7.5
1.7.5 (February 13, 2024)
SECURITY:
windows: Remove LazyDLL calls for system modules to harden Nomad against attacks from the host [GH-19925]
IMPROVEMENTS:
api: emit JobDeregistered event when job is deregistered with purge [GH-19903]
BUG FIXES:
cli: Fix return code when nomad job run succeeds after a blocked eval [GH-19876]
cli: Fixed a bug where the nomad tls ca create command failed when the -domain was used without other values [GH-19892]
client: Ensure the value for CPU shares are within the allowed range [GH-19935]
client: Prevent client from starting if cgroup initialization fails [GH-19915]
connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
driver/java: Ensure the OOM killed response is populated when the task exits [GH-19818]
driver/qemu: Ensure the OOM killed response is populated when the task exits [GH-19830]
driver/rawexec: Ensure the OOM killed response is populated when the task exits [GH-19829]
exec: Fixed a bug in alloc exec where closing websocket streams could cause a panic [GH-19932]
scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]
build: Update to go1.22 to address Go standard library vulnerabilities CVE-2024-24783, CVE-2023-45290, and CVE-2024-24785. [GH-20066]
deps: Upgrade protobuf library to 1.33.0 to avoid scan alerts for CVE-2024-24786, which Nomad is not vulnerable to [GH-20100]
IMPROVEMENTS:
cli: Added -json option on job status command [GH-18925]
fingerprint: Added a fingerprint for Consul DNS address and port [GH-19969]
BUG FIXES:
cli: Fixed a bug where the nomad job restart command could crash if the job type was not present in a response from the server [GH-20049]
client: Fixed a bug where corrupt client state could panic the client [GH-19972]
cni: Fixed a bug where DNS set by CNI plugins was not provided to task drivers [GH-20007]
connect: Fixed a bug where expose blocks would not appear in job plan diff output [GH-19990]
server: Prevent NPE when service lacks identity [GH-19986]
1.7.5 (February 13, 2024)
SECURITY:
windows: Remove LazyDLL calls for system modules to harden Nomad against attacks from the host [GH-19925]
IMPROVEMENTS:
api: emit JobDeregistered event when job is deregistered with purge [GH-19903]
BUG FIXES:
cli: Fix return code when nomad job run succeeds after a blocked eval [GH-19876]
cli: Fixed a bug where the nomad tls ca create command failed when the -domain was used without other values [GH-19892]
client: Ensure the value for CPU shares are within the allowed range [GH-19935]
client: Prevent client from starting if cgroup initialization fails [GH-19915]
connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
driver/java: Ensure the OOM killed response is populated when the task exits [GH-19818]
driver/qemu: Ensure the OOM killed response is populated when the task exits [GH-19830]
driver/rawexec: Ensure the OOM killed response is populated when the task exits [GH-19829]
exec: Fixed a bug in alloc exec where closing websocket streams could cause a panic [GH-19932]
scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]
1.7.4 (February 08, 2024)
SECURITY:
deps: Updated runc to 1.1.12 to address CVE-2024-21626 [GH-19851]
migration: Fixed a bug where archives used for migration were not checked for symlinks that escaped the allocation directory [GH-19887]
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/hashicorp/nomad from 1.7.3 to 1.7.6.
Release notes
Sourced from github.com/hashicorp/nomad's releases.
... (truncated)
Changelog
Sourced from github.com/hashicorp/nomad's changelog.
... (truncated)
Commits
594fedb
Generate files for 1.7.6 release6822b1d
backport of commit 5f5b34db0ea6e761b5c988a06923014b0cc4c308 (#20114)c44c308
Backport of -json option on jobs status command into release/1.7.x (#20109)60b195a
Backport of Bump consul-template to 0.37.2 into release/1.7.x (#20108)f040818
Backport of deps: upgrade protobuf lib to 1.33.0 into release/1.7.x (#20103)20eeea4
backport of commit 3193ac204f6564711004e00948e43146ce1399c4 (#20087)a08a86f
backport of commit 55b07958666dedfc156a56edd91e76f2bf5f183e (#20082)74b11b3
backport of commit 3e7191ccb7028d40fcaed9b6010474b0dd136927 (#20078)e74f0b6
Backport of Avoid NPE in nomad/command/job_restart.go into release/1.7.x (#20...47a326e
backport of commit 8f3f2a8c5c9e71447078863003fc863a7a7c7385 (#20052)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show