search

uniget-org / tools

Tool definitions for uniget
https://tools.uniget.dev
MIT License
3 stars 3 forks source link

chore(deps): update dependency falcosecurity/falco to v0.39.0 #7465

Closed uniget-bot closed 2 days ago

uniget-bot commented 2 days ago

This PR contains the following updates:

Package Update Change
falcosecurity/falco minor 0.38.2 -> 0.39.0

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

falcosecurity/falco (falcosecurity/falco) ### [`v0.39.0`](https://togithub.com/falcosecurity/falco/blob/HEAD/CHANGELOG.md#v0390) [Compare Source](https://togithub.com/falcosecurity/falco/compare/0.38.2...0.39.0) Released on 2024-10-01 ##### Breaking Changes :warning: - fix(falco_metrics)!: split tags label into multiple `tag_`-prefixed labels \[[#​3337](https://togithub.com/falcosecurity/falco/pull/3337)] - [@​ekoops](https://togithub.com/ekoops) - fix(falco_metrics)!: use full name for configs and rules files \[[#​3337](https://togithub.com/falcosecurity/falco/pull/3337)] - [@​ekoops](https://togithub.com/ekoops) - update(falco_metrics)!: rearrange `n_evts_cpu` and `n_drops_cpu` Prometheus metrics to follow best practices \[[#​3319](https://togithub.com/falcosecurity/falco/pull/3319)] - [@​incertum](https://togithub.com/incertum) - cleanup(userspace/falco)!: drop deprecated -t,-T,-D options. \[[#​3311](https://togithub.com/falcosecurity/falco/pull/3311)] - [@​FedeDP](https://togithub.com/FedeDP) ##### Major Changes - feat(stats): add host_netinfo networking information stats family \[[#​3344](https://togithub.com/falcosecurity/falco/pull/3344)] - [@​ekoops](https://togithub.com/ekoops) - new(falco): add json_include_message_property to have a message field without date and priority \[[#​3314](https://togithub.com/falcosecurity/falco/pull/3314)] - [@​LucaGuerra](https://togithub.com/LucaGuerra) - new(userspace/falco,userspace/engine): rule json schema validation \[[#​3313](https://togithub.com/falcosecurity/falco/pull/3313)] - [@​FedeDP](https://togithub.com/FedeDP) - new(falco): introduce append_output configuration \[[#​3308](https://togithub.com/falcosecurity/falco/pull/3308)] - [@​LucaGuerra](https://togithub.com/LucaGuerra) - new(userspace/falco): added --config-schema action to print config schema \[[#​3312](https://togithub.com/falcosecurity/falco/pull/3312)] - [@​FedeDP](https://togithub.com/FedeDP) - new(falco): enable CLI options with -o key={object} \[[#​3310](https://togithub.com/falcosecurity/falco/pull/3310)] - [@​LucaGuerra](https://togithub.com/LucaGuerra) - new(config): add `container_engines` config to falco.yaml \[[#​3266](https://togithub.com/falcosecurity/falco/pull/3266)] - [@​incertum](https://togithub.com/incertum) - new(metrics): add host_ifinfo metric \[[#​3253](https://togithub.com/falcosecurity/falco/pull/3253)] - [@​incertum](https://togithub.com/incertum) - new(userspace,unit_tests): validate configs against schema \[[#​3302](https://togithub.com/falcosecurity/falco/pull/3302)] - [@​FedeDP](https://togithub.com/FedeDP) ##### Minor Changes - update(falco): upgrade libs to 0.18.1 \[[#​3349](https://togithub.com/falcosecurity/falco/pull/3349)] - [@​LucaGuerra](https://togithub.com/LucaGuerra) - update(systemd): users can refer to systemd falco services with a consistent unique alias falco.service \[[#​3332](https://togithub.com/falcosecurity/falco/pull/3332)] - [@​ekoops](https://togithub.com/ekoops) - update(cmake): bump libs to 0.18.0 and driver to 7.3.0+driver. \[[#​3330](https://togithub.com/falcosecurity/falco/pull/3330)] - [@​FedeDP](https://togithub.com/FedeDP) - chore(userspace/falco): deprecate `cri` related CLI options. \[[#​3329](https://togithub.com/falcosecurity/falco/pull/3329)] - [@​FedeDP](https://togithub.com/FedeDP) - update(cmake): bumped falcoctl to v0.10.0 and rules to 3.2.0 \[[#​3327](https://togithub.com/falcosecurity/falco/pull/3327)] - [@​FedeDP](https://togithub.com/FedeDP) - update(falco_metrics): change prometheus rules metric naming \[[#​3324](https://togithub.com/falcosecurity/falco/pull/3324)] - [@​incertum](https://togithub.com/incertum) ##### Bug Fixes - fix(falco): allow disable_cri_async from both CLI and config \[[#​3353](https://togithub.com/falcosecurity/falco/pull/3353)] - [@​LucaGuerra](https://togithub.com/LucaGuerra) - fix(engine): sync outputs before printing stats at shutdown \[[#​3338](https://togithub.com/falcosecurity/falco/pull/3338)] - [@​LucaGuerra](https://togithub.com/LucaGuerra) - fix(falco): allow plugin init_config map in json schema \[[#​3335](https://togithub.com/falcosecurity/falco/pull/3335)] - [@​LucaGuerra](https://togithub.com/LucaGuerra) - fix(userspace/falco): properly account for plugin with CAP_PARSING when computing interesting sc set \[[#​3334](https://togithub.com/falcosecurity/falco/pull/3334)] - [@​FedeDP](https://togithub.com/FedeDP) ##### Non user-facing changes - feat(cmake): add conditional builds for falcoctl and rules paths \[[#​3305](https://togithub.com/falcosecurity/falco/pull/3305)] - [@​tembleking](https://togithub.com/tembleking) - cleanup(falco): ignore lint commit \[[#​3354](https://togithub.com/falcosecurity/falco/pull/3354)] - [@​LucaGuerra](https://togithub.com/LucaGuerra) - chore(falco): apply code formatting \[[#​3350](https://togithub.com/falcosecurity/falco/pull/3350)] - [@​poiana](https://togithub.com/poiana) - chore: ignore_some_files for clang format \[[#​3351](https://togithub.com/falcosecurity/falco/pull/3351)] - [@​Andreagit97](https://togithub.com/Andreagit97) - sync: release 0.39.x \[[#​3340](https://togithub.com/falcosecurity/falco/pull/3340)] - [@​FedeDP](https://togithub.com/FedeDP) - fix(userspace/engine): improve rule json schema to account for `source` and `required_plugin_versions` \[[#​3328](https://togithub.com/falcosecurity/falco/pull/3328)] - [@​FedeDP](https://togithub.com/FedeDP) - cleanup(falco): use header file for json schema \[[#​3325](https://togithub.com/falcosecurity/falco/pull/3325)] - [@​LucaGuerra](https://togithub.com/LucaGuerra) - update(engine): modify append_output format \[[#​3322](https://togithub.com/falcosecurity/falco/pull/3322)] - [@​LucaGuerra](https://togithub.com/LucaGuerra) - chore: scaffolding for enabling code formatting \[[#​3321](https://togithub.com/falcosecurity/falco/pull/3321)] - [@​Andreagit97](https://togithub.com/Andreagit97) - update(cmake): bump libs and driver to 0.18.0-rc1. \[[#​3320](https://togithub.com/falcosecurity/falco/pull/3320)] - [@​FedeDP](https://togithub.com/FedeDP) - fix(ci): restore master and release CI workflow permissions. \[[#​3317](https://togithub.com/falcosecurity/falco/pull/3317)] - [@​FedeDP](https://togithub.com/FedeDP) - fixed the token-permission and pinned-dependencies issue \[[#​3299](https://togithub.com/falcosecurity/falco/pull/3299)] - [@​harshitasao](https://togithub.com/harshitasao) - update(cmake): bump falcoctl to v0.10.0-rc1 \[[#​3316](https://togithub.com/falcosecurity/falco/pull/3316)] - [@​alacuku](https://togithub.com/alacuku) - ci(insecure-api): update semgrep docker image \[[#​3315](https://togithub.com/falcosecurity/falco/pull/3315)] - [@​francesco-furlan](https://togithub.com/francesco-furlan) - Add demo environment instructions and docker-config files \[[#​3295](https://togithub.com/falcosecurity/falco/pull/3295)] - [@​bbl232](https://togithub.com/bbl232) - chore(deps): Bump submodules/falcosecurity-rules from `baecf18` to `b6ad373` \[[#​3301](https://togithub.com/falcosecurity/falco/pull/3301)] - [@​dependabot\[bot\]](https://togithub.com/apps/dependabot) - update(cmake): bump libs and driver to latest master \[[#​3283](https://togithub.com/falcosecurity/falco/pull/3283)] - [@​jasondellaluce](https://togithub.com/jasondellaluce) - chore(deps): Bump submodules/falcosecurity-rules from `342b20d` to `baecf18` \[[#​3298](https://togithub.com/falcosecurity/falco/pull/3298)] - [@​dependabot\[bot\]](https://togithub.com/apps/dependabot) - chore(deps): Bump submodules/falcosecurity-rules from `068f0f2` to `342b20d` \[[#​3288](https://togithub.com/falcosecurity/falco/pull/3288)] - [@​dependabot\[bot\]](https://togithub.com/apps/dependabot) - vote: add sgaist to OWNERS \[[#​3264](https://togithub.com/falcosecurity/falco/pull/3264)] - [@​sgaist](https://togithub.com/sgaist) - Add Tulip Retail to adopters list \[[#​3291](https://togithub.com/falcosecurity/falco/pull/3291)] - [@​bbl232](https://togithub.com/bbl232) - chore(deps): Bump submodules/falcosecurity-rules from `28b98b6` to `068f0f2` \[[#​3282](https://togithub.com/falcosecurity/falco/pull/3282)] - [@​dependabot\[bot\]](https://togithub.com/apps/dependabot) - chore(deps): Bump submodules/falcosecurity-rules from `c0a9bf1` to `28b98b6` \[[#​3267](https://togithub.com/falcosecurity/falco/pull/3267)] - [@​dependabot\[bot\]](https://togithub.com/apps/dependabot) - Added the OpenSSF Scorecard Badge \[[#​3250](https://togithub.com/falcosecurity/falco/pull/3250)] - [@​harshitasao](https://togithub.com/harshitasao) - chore(deps): Bump submodules/falcosecurity-rules from `ea57e78` to `c0a9bf1` \[[#​3247](https://togithub.com/falcosecurity/falco/pull/3247)] - [@​dependabot\[bot\]](https://togithub.com/apps/dependabot) - update(cmake,userspace): bump libs and driver to latest master. \[[#​3263](https://togithub.com/falcosecurity/falco/pull/3263)] - [@​FedeDP](https://togithub.com/FedeDP) - If rule compilation fails, return immediately \[[#​3260](https://togithub.com/falcosecurity/falco/pull/3260)] - [@​mstemm](https://togithub.com/mstemm) - new(userspace/engine): generalize indexable ruleset \[[#​3251](https://togithub.com/falcosecurity/falco/pull/3251)] - [@​mstemm](https://togithub.com/mstemm) - update(cmake): bump libs to master. \[[#​3249](https://togithub.com/falcosecurity/falco/pull/3249)] - [@​FedeDP](https://togithub.com/FedeDP) - chore(deps): Bump submodules/falcosecurity-rules from `df963b6` to `ea57e78` \[[#​3240](https://togithub.com/falcosecurity/falco/pull/3240)] - [@​dependabot\[bot\]](https://togithub.com/apps/dependabot) - chore(ci): enable dummy tests on the testing framework. \[[#​3233](https://togithub.com/falcosecurity/falco/pull/3233)] - [@​FedeDP](https://togithub.com/FedeDP) - chore(deps): Bump submodules/falcosecurity-rules from `679a50a` to `df963b6` \[[#​3231](https://togithub.com/falcosecurity/falco/pull/3231)] - [@​dependabot\[bot\]](https://togithub.com/apps/dependabot) - update(cmake): bump libs and driver to master. \[[#​3225](https://togithub.com/falcosecurity/falco/pull/3225)] - [@​FedeDP](https://togithub.com/FedeDP) - chore(deps): Bump submodules/falcosecurity-rules from `9e56293` to `679a50a` \[[#​3222](https://togithub.com/falcosecurity/falco/pull/3222)] - [@​dependabot\[bot\]](https://togithub.com/apps/dependabot) - update(docs): update CHANGELOG for 0.38.0 (master branch) \[[#​3224](https://togithub.com/falcosecurity/falco/pull/3224)] - [@​LucaGuerra](https://togithub.com/LucaGuerra) ##### Statistics | MERGED PRS | NUMBER | |-----------------|--------| | Not user-facing | 35 | | Release note | 22 | | Total | 57 |

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

github-actions[bot] commented 2 days ago

:mag: Vulnerabilities of ghcr.io/uniget-org/tools/falco:0.39.0

:package: Image Reference ghcr.io/uniget-org/tools/falco:0.39.0
digestsha256:d71e63df0ea9b0525a09b3209673329686ff0559f8a528a228708caf587c2886
vulnerabilitiescritical: 0 high: 3 medium: 1 low: 1 unspecified: 1
platformlinux/amd64
size36 MB
packages288
critical: 0 high: 3 medium: 0 low: 0 unspecified: 1stdlib 1.22.5 (golang) pkg:golang/stdlib@1.22.5
high : CVE--2024--34158
Affected range<1.22.7
Fixed version1.22.7
Description
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
high : CVE--2024--34156
Affected range<1.22.7
Fixed version1.22.7
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
high : CVE--2022--30635
Affected range<1.22.7
Fixed version1.22.7
Description
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
unspecified : CVE--2024--34155
Affected range<1.22.7
Fixed version1.22.7
Description
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
critical: 0 high: 0 medium: 1 low: 1 github.com/aws/aws-sdk-go 1.53.10 (golang) pkg:golang/github.com/aws/aws-sdk-go@1.53.10
medium : CVE--2020--8911
Affected range>=0
Fixed versionNot Fixed
Description
The Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket. Files encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client.
low : CVE--2020--8912
Affected range>=0
Fixed versionNot Fixed
Description
The Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket. Files encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client.
github-actions[bot] commented 2 days ago

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/11139789380.

github-actions[bot] commented 2 days ago

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/11139789380.