search

uniget-org / tools

Tool definitions for uniget
https://tools.uniget.dev
MIT License
3 stars 3 forks source link

chore(deps): update dependency daytonaio/daytona to v0.35.1 #7447

Closed uniget-bot closed 2 days ago

uniget-bot commented 2 days ago

This PR contains the following updates:

Package Update Change
daytonaio/daytona patch 0.35.0 -> 0.35.1

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

daytonaio/daytona (daytonaio/daytona) ### [`v0.35.1`](https://togithub.com/daytonaio/daytona/releases/tag/v0.35.1) [Compare Source](https://togithub.com/daytonaio/daytona/compare/v0.35.0...v0.35.1) #### What's Changed ##### Fixes - fix: version flag cmd RunE by [@​idagelic](https://togithub.com/idagelic) in [https://github.com/daytonaio/daytona/pull/1173](https://togithub.com/daytonaio/daytona/pull/1173) - fix: correctly check for server running in install script by [@​idagelic](https://togithub.com/idagelic) in [https://github.com/daytonaio/daytona/pull/1181](https://togithub.com/daytonaio/daytona/pull/1181) - fix: stop server as user on install by [@​Tpuljak](https://togithub.com/Tpuljak) in [https://github.com/daytonaio/daytona/pull/1183](https://togithub.com/daytonaio/daytona/pull/1183) - fix: properly check if git provider can handle repo url by [@​Tpuljak](https://togithub.com/Tpuljak) in [https://github.com/daytonaio/daytona/pull/1184](https://togithub.com/daytonaio/daytona/pull/1184) - fix: inconsistency with non-follow log reading by [@​Tpuljak](https://togithub.com/Tpuljak) in [https://github.com/daytonaio/daytona/pull/1182](https://togithub.com/daytonaio/daytona/pull/1182) - fix: entry not visible in initial screen by [@​idagelic](https://togithub.com/idagelic) in [https://github.com/daytonaio/daytona/pull/1180](https://togithub.com/daytonaio/daytona/pull/1180) - fix: prevent purge if server is active by [@​idagelic](https://togithub.com/idagelic) in [https://github.com/daytonaio/daytona/pull/1186](https://togithub.com/daytonaio/daytona/pull/1186) ##### Chores and tests - refactor: add health check route to api client by [@​idagelic](https://togithub.com/idagelic) in [https://github.com/daytonaio/daytona/pull/1185](https://togithub.com/daytonaio/daytona/pull/1185) #### Breaking changes ##### [#​1182](https://togithub.com/daytonaio/daytona/issues/1182) Removed `continue-on-completed` flag from the `build logs` command. Because the logs are now read correctly, the flag becomes obsolete. **Full Changelog**: https://github.com/daytonaio/daytona/compare/v0.35.0...v0.35.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

github-actions[bot] commented 2 days ago

:mag: Vulnerabilities of ghcr.io/uniget-org/tools/daytona:0.35.1

:package: Image Reference ghcr.io/uniget-org/tools/daytona:0.35.1
digestsha256:179793faf39ba63c324ca207104475671bb11eddbce0ac95940bd836d53d9749
vulnerabilitiescritical: 0 high: 3 medium: 1 low: 1 unspecified: 1
platformlinux/amd64
size54 MB
packages281
critical: 0 high: 3 medium: 0 low: 0 unspecified: 1stdlib 1.23.0 (golang) pkg:golang/stdlib@1.23.0
high : CVE--2024--34158
Affected range>=1.23.0-0
<1.23.1
Fixed version1.23.1
Description
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
high : CVE--2024--34156
Affected range>=1.23.0-0
<1.23.1
Fixed version1.23.1
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
high : CVE--2022--30635
Affected range>=1.23.0-0
<1.23.1
Fixed version1.23.1
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
unspecified : CVE--2024--34155
Affected range>=1.23.0-0
<1.23.1
Fixed version1.23.1
Description
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
critical: 0 high: 0 medium: 1 low: 1 github.com/aws/aws-sdk-go 1.54.19 (golang) pkg:golang/github.com/aws/aws-sdk-go@1.54.19
medium : CVE--2020--8911
Affected range>=0
Fixed versionNot Fixed
Description
The Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket. Files encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client.
low : CVE--2020--8912
Affected range>=0
Fixed versionNot Fixed
Description
The Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket. Files encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client.
github-actions[bot] commented 2 days ago

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/11139771774.

github-actions[bot] commented 2 days ago

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/11139771774.