Bump the security group with 6 updates

[dependabot[bot]]

Bumps the security group with 6 updates:

Package	From	To
github.com/sirupsen/logrus	1.9.0	1.9.3
github.com/stretchr/testify	1.8.0	1.8.4
github.com/vmware-tanzu/velero	1.9.2	1.13.0
k8s.io/api	0.25.3	0.25.6
k8s.io/apimachinery	0.25.3	0.25.6
k8s.io/client-go	0.25.3	0.25.6

Updates github.com/sirupsen/logrus from 1.9.0 to 1.9.3

Release notes

Sourced from github.com/sirupsen/logrus's releases.

v1.9.3

• Fix a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines https://github.com/sirupsen/logrus/commit/f9291a534cac1466d26414fd9e326381cd64ecef (re-apply sirupsen/logrus#1376)
• Fix panic in Writer https://github.com/sirupsen/logrus/commit/d40e25cd45ed9c6b2b66e6b97573a0413e4c23bd

Full Changelog: https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3

v1.9.2

• Revert sirupsen/logrus#1376, which introduced a regression in v1.9.1

Full Changelog: https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2

v1.9.1

What's Changed

• Fix data race in hooks.test package by @​FrancoisWagner in sirupsen/logrus#1362
• Add instructions to use different log levels for local and syslog by @​tommyblue in sirupsen/logrus#1372
• This commit fixes a potential denial of service vulnerability in logrus.Writer() that could be triggered by logging text longer than 64kb without newlines. by @​ozfive in sirupsen/logrus#1376
• Use text when shows the logrus output by @​xieyuschen in sirupsen/logrus#1339

New Contributors

• @​FrancoisWagner made their first contribution in sirupsen/logrus#1362
• @​tommyblue made their first contribution in sirupsen/logrus#1372
• @​ozfive made their first contribution in sirupsen/logrus#1376
• @​xieyuschen made their first contribution in sirupsen/logrus#1339

Full Changelog: https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1

Commits

• d40e25c fix panic in Writer
• f9291a5 Revert "Revert "Merge pull request #1376 from ozfive/master""
• 352781d Revert "Merge pull request #1376 from ozfive/master"
• b30aa27 Merge pull request #1339 from xieyuschen/patch-1
• 6acd903 Merge pull request #1376 from ozfive/master
• 105e63f Merge pull request #1 from ashmckenzie/ashmckenzie/fix-writer-scanner
• c052ba6 Scan text in 64KB chunks
• e59b167 Merge pull request #1372 from tommyblue/syslog_different_loglevels
• 766cfec This commit fixes a potential denial of service vulnerability in logrus.Write...
• 70234da Add instructions to use different log levels for local and syslog
• Additional commits viewable in compare view

Updates github.com/stretchr/testify from 1.8.0 to 1.8.4

Commits

• f97607b Create GitHub release when new release tag is pushed (#1354)
• 4c93d8f EqualExportedValues: Handle nested pointer, slice and map fields (#1379)
• 4b2f4d2 add EventuallyWithT assertion (#1264)
• b3106d7 allow testing for functional options (#1023)
• 437071b assert: fix error message formatting for NotContains (#1362)
• c5fc9d6 Compare public elements of struct (#1309)
• f36bfe3 Fix Subset/NotSubset when map is missing keys from the subset (#1261)
• 0ab3ce1 Fix CallerInfo() source file paths (#1288)
• 2b00d33 Fix Call.Unset() panic (issue #1236) (#1250)
• 9acc222 fix: fix bug for check unsafe.Pointer isNil (#1319)
• Additional commits viewable in compare view

Updates github.com/vmware-tanzu/velero from 1.9.2 to 1.13.0

Release notes

Sourced from github.com/vmware-tanzu/velero's releases.

v1.13.0

v1.13

2024-01-29

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.13.0

Container Image

velero/velero:v1.13.0

Documentation

https://velero.io/docs/v1.13/

Upgrading

https://velero.io/docs/v1.13/upgrade-to-1.13/

Highlights

Resource Modifier Enhancement

Velero introduced the Resource Modifiers in v1.12.0. This feature allows users to specify a ConfigMap with a set of rules to modify the resources during restoration. However, only the JSON Patch is supported when creating the rules, and JSON Patch has some limitations, which cannot cover all use cases. In v1.13.0, Velero adds new support for JSON Merge Patch and Strategic Merge Patch, which provide more power and flexibility and allow users to use the same ConfigMap to apply patches on the resources. More design details can be found in Support JSON Merge Patch and Strategic Merge Patch in Resource Modifiers design. For instructions on how to use the feature, please refer to the Resource Modifiers doc.

Node-Agent Concurrency

Velero data movement activities from fs-backups and CSI snapshot data movements run in Velero node-agent, so may be hosted by every node in the cluster and consume resources (i.e. CPU, memory, network bandwidth) from there. With v1.13, users are allowed to configure how many data movement activities (a.k.a, loads) run in each node globally or by node, so that users can better leverage the performance of Velero data movement activities and the resource consumption in the cluster. For more information, check the Node-Agent Concurrency document.

Parallel Files Upload Options

Velero now supports configurable options for parallel files upload when using Kopia uploader to do fs-backups or CSI snapshot data movements which makes speed up backup possible. For more information, please check Here.

Write Sparse Files Options

If using fs-restore or CSI snapshot data movements, it’s supported to write sparse files during restore. For more information, please check Here.

Backup Describe

In v1.13, the Backup Volume section is added to the velero backup describe command output. The backup Volumes section describes information for all the volumes included in the backup of various backup types, i.e. native snapshot, fs-backup, CSI snapshot, and CSI snapshot data movement. Particularly, the velero backup description now supports showing the information of CSI snapshot data movements, which is not supported in v1.12.

Additionally, backup describe command will not check EnableCSI feature gate from client side, so if a backup has volumes with CSI snapshot or CSI snapshot data movement, backup describe command always shows the corresponding information in its output.

Backup's new VolumeInfo metadata

Create a new metadata file in the backup repository's backup name sub-directory to store the backup-including PVC and PV information. The information includes the backing-up method of the PVC and PV data, snapshot information, and status. The VolumeInfo metadata file determines how the PV resource should be restored. The Velero downstream software can also use this metadata file to get a summary of the backup's volume data information.

Enhancement for CSI Snapshot Data Movements when Velero Pod Restart

When performing backup and restore operations, enhancements have been implemented for Velero server pods or node agents to ensure that the current backup or restore process is not stuck or interrupted after restart due to certain exceptional circumstances.

New status fields added to show hook execution details

Hook execution status is now included in the backup/restore CR status and displayed in the backup/restore describe command output. Specifically, it will show the number of hooks which attempted to execute under the HooksAttempted field and the number of hooks which failed to execute under the HooksFailed field.

AWS SDK Bump Up

Bump up AWS SDK for Go to version 2, which offers significant performance improvements in CPU and memory utilization over version 1.

Azure AD/Workload Identity Support

Azure AD/Workload Identity is the recommended approach to do the authentication with Azure services/AKS, Velero has introduced support for Azure AD/Workload Identity on the Velero Azure plugin side in previous releases, and in v1.13.0 Velero adds new support for Kopia operations(file system backup/data mover/etc.) with Azure AD/Workload Identity.

... (truncated)

Commits

• 76670e9 Merge pull request #7351 from ywk253100/240124_log
• 25d977e Log the error details
• 94c7d4b Merge pull request #7346 from ywk253100/240122_changelog
• 09401c8 Check whether the API resource exists before creating the informer cache
• 981d64a Merge pull request #7338 from ywk253100/240122_changelog
• 16b8b8d Move unreleased changelogs to 1.13 changelog
• 9fd73b2 Merge pull request #7339 from ywk253100/240122_log_erro
• c377e47 Log the error got from the discovery helper
• f5714cb [cherry-pick]Do not attempt restore resource with no available GVK in cluster...
• 5ffa121 Merge pull request #7328 from ywk253100/240118_release_node
• Additional commits viewable in compare view

Updates k8s.io/api from 0.25.3 to 0.25.6

Commits

• 7e90817 Update dependencies to v0.25.6 tag
• be0bf1d Merge pull request #114320 from liggitt/net-1.25
• 81c9a74 Update golang.org/x/net 1e63c2f
• 70abe33 Merge pull request #113425aimuz/automated-cherry-pick-of-#112693
• 8bf119c Fixed (CVE-2022-27664) Bump golang.org/x/net to v0.1.1-0.20221027164007-c6301...
• See full diff in compare view

Updates k8s.io/apimachinery from 0.25.3 to 0.25.6

Commits

• 11eb99b Merge pull request #1145203point2/automated-cherry-pick-of-#113283
• e392607 Fix SPDY proxy authentication with special chars
• d27b4d4 Improve error message when proxy connection fails
• 526d075 Merge pull request #114320 from liggitt/net-1.25
• 9dfe992 Update golang.org/x/net 1e63c2f
• 0cb034a Merge pull request #113425aimuz/automated-cherry-pick-of-#112693
• 8e45274 Fixed (CVE-2022-27664) Bump golang.org/x/net to v0.1.1-0.20221027164007-c6301...
• 4fbe8e4 Merge pull request #112218haoruan/automated-cherry-pick-of-#111936
• b4db414 Marshal MicroTime to json and proto at the same precision
• See full diff in compare view

Updates k8s.io/client-go from 0.25.3 to 0.25.6

Commits

• 2c8128c Update dependencies to v0.25.6 tag
• ab9a2e8 Merge pull request #113990liggitt/automated-cherry-pick-of-#113933
• b2883ba Merge pull request #114320 from liggitt/net-1.25
• fcb591b Update golang.org/x/net 1e63c2f
• b63afdf Merge pull request #113425aimuz/automated-cherry-pick-of-#112693
• 9c1395e Limit request retrying to []byte request bodies
• 5aa9be7 Fixed (CVE-2022-27664) Bump golang.org/x/net to v0.1.1-0.20221027164007-c6301...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[dependabot[bot]]

The following labels could not be found: go.