Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/hashicorp/nomad from 1.0.4 to 1.1.14 #63

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 3, 2022

Bumps github.com/hashicorp/nomad from 1.0.4 to 1.1.14.

Release notes

Sourced from github.com/hashicorp/nomad's releases.

v1.1.14

1.1.14 (May 19, 2022)

SECURITY:

  • A vulnerability was identified in the go-getter library that Nomad uses for its artifacts such that a specially crafted Nomad jobspec can be used for privilege escalation onto client agent hosts. CVE-2022-30324 [GH-13057]

v1.1.13

1.1.13 (May 10, 2022)

SECURITY:

  • server: validate mTLS certificate names on agent to agent endpoints [GH-11956]

IMPROVEMENTS:

  • api: Updated the CSI volumes list API to respect wildcard namespaces [GH-11724]
  • build: upgrade and speedup circleci configuration [GH-11889]

BUG FIXES:

  • Fixed a bug where successful poststart tasks were marked as unhealthy [GH-11945]
  • api: Apply prefix filter when querying CSI volumes in all namespaces [GH-12184]
  • cleanup: prevent leaks from time.After [GH-11983]
  • client: Fixed a bug that could prevent a preempting alloc from ever starting. [GH-12779]
  • client: Fixed a bug where clients that retry blocking queries would not reset the correct blocking duration [GH-12593]
  • config: Fixed a bug where the reservable_cores setting was not respected [GH-12044]
  • core: Fixed auto-promotion of canaries in jobs with at least one task group without canaries. [GH-11878]
  • core: prevent malformed plans from crashing leader [GH-11944]
  • csi: Fixed a bug where plugin status commands could choose the incorrect plugin if a plugin with a name that matched the same prefix existed. [GH-12194]
  • csi: Fixed a bug where volume snapshot list did not correctly filter by plugin IDs. The -plugin parameter is required. [GH-12197]
  • csi: Fixed a bug where allocations with volume claims would fail their first placement after a reschedule [GH-12113]
  • csi: Fixed a bug where allocations with volume claims would fail to restore after a client restart [GH-12113]
  • csi: Fixed a bug where creating snapshots required a plugin ID instead of falling back to the volume's plugin ID [GH-12195]
  • csi: Fixed a bug where fields were missing from the Read Volume API response [GH-12178]
  • csi: Fixed a bug where garbage collected nodes would block releasing a volume [GH-12350]
  • csi: Fixed a bug where per-alloc volumes used the incorrect ID when querying for alloc status -verbose [GH-12573]
  • csi: Fixed a bug where plugin configuration updates were not considered destructive [GH-12774]
  • csi: Fixed a bug where plugins would not restart if they failed any time after a client restart [GH-12752]
  • csi: Fixed a bug where plugins written in NodeJS could fail to fingerprint [GH-12359]
  • csi: Fixed a bug where purging a job with a missing plugin would fail [GH-12114]
  • csi: Fixed a bug where single-use access modes were not enforced during validation [GH-12337]
  • csi: Fixed a bug where the maximum number of volume claims was incorrectly enforced when an allocation claims a volume [GH-12112]
  • csi: Fixed a bug where the plugin instance manager would not retry the initial gRPC connection to plugins [GH-12057]
  • csi: Fixed a bug where the plugin supervisor would not restart the task if it failed to connect to the plugin [GH-12057]
  • csi: Fixed a bug where volume snapshot timestamps were always zero values [GH-12352]
  • csi: Fixed bug where accessing plugins was subject to a data race [GH-12553]
  • csi: fixed a bug where volume detach, volume deregister, and volume status commands did not accept an exact ID if multiple volumes matched the prefix [GH-12051]
  • csi: provide CSI_ENDPOINT environment variable to plugin tasks [GH-12050]
  • jobspec: Fixed a bug where connect sidecar resources were ignored when using HCL1 [GH-11927]

... (truncated)

Changelog

Sourced from github.com/hashicorp/nomad's changelog.

1.1.14 (May 19, 2022)

SECURITY:

  • A vulnerability was identified in the go-getter library that Nomad uses for its artifacts such that a specially crafted Nomad jobspec can be used for privilege escalation onto client agent hosts. CVE-2022-30324 [GH-13057]

1.1.13 (May 10, 2022)

SECURITY:

  • server: validate mTLS certificate names on agent to agent endpoints [GH-11956]

IMPROVEMENTS:

  • api: Updated the CSI volumes list API to respect wildcard namespaces [GH-11724]
  • build: upgrade and speedup circleci configuration [GH-11889]

BUG FIXES:

  • Fixed a bug where successful poststart tasks were marked as unhealthy [GH-11945]
  • api: Apply prefix filter when querying CSI volumes in all namespaces [GH-12184]
  • cleanup: prevent leaks from time.After [GH-11983]
  • client: Fixed a bug that could prevent a preempting alloc from ever starting. [GH-12779]
  • client: Fixed a bug where clients that retry blocking queries would not reset the correct blocking duration [GH-12593]
  • config: Fixed a bug where the reservable_cores setting was not respected [GH-12044]
  • core: Fixed auto-promotion of canaries in jobs with at least one task group without canaries. [GH-11878]
  • core: prevent malformed plans from crashing leader [GH-11944]
  • csi: Fixed a bug where plugin status commands could choose the incorrect plugin if a plugin with a name that matched the same prefix existed. [GH-12194]
  • csi: Fixed a bug where volume snapshot list did not correctly filter by plugin IDs. The -plugin parameter is required. [GH-12197]
  • csi: Fixed a bug where allocations with volume claims would fail their first placement after a reschedule [GH-12113]
  • csi: Fixed a bug where allocations with volume claims would fail to restore after a client restart [GH-12113]
  • csi: Fixed a bug where creating snapshots required a plugin ID instead of falling back to the volume's plugin ID [GH-12195]
  • csi: Fixed a bug where fields were missing from the Read Volume API response [GH-12178]
  • csi: Fixed a bug where garbage collected nodes would block releasing a volume [GH-12350]
  • csi: Fixed a bug where per-alloc volumes used the incorrect ID when querying for alloc status -verbose [GH-12573]
  • csi: Fixed a bug where plugin configuration updates were not considered destructive [GH-12774]
  • csi: Fixed a bug where plugins would not restart if they failed any time after a client restart [GH-12752]
  • csi: Fixed a bug where plugins written in NodeJS could fail to fingerprint [GH-12359]
  • csi: Fixed a bug where purging a job with a missing plugin would fail [GH-12114]
  • csi: Fixed a bug where single-use access modes were not enforced during validation [GH-12337]
  • csi: Fixed a bug where the maximum number of volume claims was incorrectly enforced when an allocation claims a volume [GH-12112]
  • csi: Fixed a bug where the plugin instance manager would not retry the initial gRPC connection to plugins [GH-12057]
  • csi: Fixed a bug where the plugin supervisor would not restart the task if it failed to connect to the plugin [GH-12057]
  • csi: Fixed a bug where volume snapshot timestamps were always zero values [GH-12352]
  • csi: Fixed bug where accessing plugins was subject to a data race [GH-12553]
  • csi: fixed a bug where volume detach, volume deregister, and volume status commands did not accept an exact ID if multiple volumes matched the prefix [GH-12051]
  • csi: provide CSI_ENDPOINT environment variable to plugin tasks [GH-12050]
  • jobspec: Fixed a bug where connect sidecar resources were ignored when using HCL1 [GH-11927]
  • scheduler: fixed a bug where in-place updates on ineligible nodes would be ignored [GH-12264]
  • ui: Fix the link target for CSI volumes on the task detail page [GH-11896]

... (truncated)

Commits
  • c53e48c Generate files for 1.1.14 release
  • 1fb608d prepare release 1.1.14
  • a46240b backport of commit f85202d07140f31d7585b08d7a1a12e816493663 (#13072)
  • c36c5f4 artifact: fix numerous go-getter security issues
  • 62d0be6 Generate files for 1.1.13 release
  • 9f33848 Merge pull request #12913 from hashicorp/mdrake/svc-acct-codeowner
  • efe5188 ci: revert file changes and add some checks (#12873)
  • 1474e10 website: fix package-lock
  • be4ba5f website: remove source code and related CI jobs (#12596)
  • 4ed0d75 Merge pull request #12890 from hashicorp/backport/docs-set-contains-any/adequ...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/hashicorp/nomad](https://github.com/hashicorp/nomad) from 1.0.4 to 1.1.14.
- [Release notes](https://github.com/hashicorp/nomad/releases)
- [Changelog](https://github.com/hashicorp/nomad/blob/main/CHANGELOG.md)
- [Commits](hashicorp/nomad@v1.0.4...v1.1.14)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/nomad
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 3, 2022
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Oct 12, 2022

Superseded by #64.

@dependabot dependabot bot closed this Oct 12, 2022
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/hashicorp/nomad-1.1.14 branch October 12, 2022 20:04
@github-actions
Copy link

CLA Signature Action:

Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you read and sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just by adding a comment to this pull request with this exact sentence:

I have read the CLA Document and I hereby sign the CLA

By commenting with the above message you are agreeing to the terms of the CLA. Your account will be recorded as agreeing to our CLA so you don't need to sign it again for future contributions to our company's repositories.

0 out of 1 committers have signed the CLA.
@dependabot[bot]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants