Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump go-jose from 3.0.1 to 3.0.3 #18102

Merged
merged 1 commit into from
May 7, 2024

Conversation

jparsai
Copy link
Contributor

@jparsai jparsai commented May 7, 2024

Description

This PR is to update version of go-jose from 3.0.1 to 3.0.3. This closes issue #18115

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Toolchain Guide
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).
  • My new feature complies with the feature status guidelines.
  • I have added a brief description of why this PR is necessary and/or what this PR solves.
  • Optional. My organization is added to USERS.md.
  • Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

@jparsai jparsai requested a review from a team as a code owner May 7, 2024 08:52
@blakepettersson
Copy link
Member

Hi @jparsai

IMO for auditability, it would be preferable if you instead cherry-picked the commit from #17442 (fa1006a) into the 2.10 branch.

@jparsai
Copy link
Contributor Author

jparsai commented May 7, 2024

Hello @blakepettersson, thanks for review.
Cherry-pick from #17442 causes conflicts in go.mod and accepting changes from this PR to resolve conflicts, is modifying few other dependencies as well. Would it be Okay?

Copy link
Member

@crenshaw-dev crenshaw-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No worries, this works. Thanks!

@crenshaw-dev crenshaw-dev merged commit 1466755 into argoproj:release-2.10 May 7, 2024
18 of 19 checks passed
pasha-codefresh added a commit to codefresh-io/argo-cd that referenced this pull request May 14, 2024
* fix: elements should be optional (argoproj#17424) (argoproj#17510)

A bug was reported, where an applicationset with an empty elements
array, when created with `argocd appset create <filename>.yaml` gets a
`...list.elements: Required value` error.

My hypothesis is that when calling the K8s API, golang JSON marshalling
mangles the empty `elements` array to `nil`, rather than creating an
empty array when submitting the `POST`.

Still need to figure out why the same setup seemingly works fine when
the same appset is in an app-of-apps.

Signed-off-by: Blake Pettersson <[email protected]>
Co-authored-by: Blake Pettersson <[email protected]>

* Merge pull request from GHSA-jhwx-mhww-rgc3

* sec: limit helm index max size

Signed-off-by: pashakostohrys <[email protected]>

* sec: limit helm index max size

Signed-off-by: pashakostohrys <[email protected]>

* feat: fix tests and linter

Signed-off-by: pashakostohrys <[email protected]>

---------

Signed-off-by: pashakostohrys <[email protected]>

* Bump version to 2.10.5 (argoproj#17654)

Signed-off-by: GitHub <[email protected]>
Co-authored-by: pasha-codefresh <[email protected]>

* fix cosign (argoproj#17656)

Signed-off-by: Justin Marquis <[email protected]>

* chore(deps): bump webpack-dev-middleware from 5.3.1 to 5.3.4 in /ui (argoproj#17598) (argoproj#17686)

Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.1 to 5.3.4.
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v5.3.1...v5.3.4)

---
updated-dependencies:
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(ui): Fix color generation for pod name in logs viewer. Fixes argoproj#17704 (argoproj#17706) (argoproj#17710)

* Fix color generation for pod name in logs viewer



* Add rebuy to users.md



---------

Signed-off-by: Philipp Trulson <[email protected]>
Co-authored-by: Philipp Trulson <[email protected]>

* fix: fix calculating patch for respect ignore diff feature (argoproj#17693)

* test: unit test for respectIgnoreDifferences bug

Signed-off-by: Jesse Suen <[email protected]>

* test: simplify unit test

Signed-off-by: Jesse Suen <[email protected]>

* fix: fix calculating patch for respect ignore diff feature

Signed-off-by: Alexander Matyushentsev <[email protected]>

---------

Signed-off-by: Jesse Suen <[email protected]>
Signed-off-by: Alexander Matyushentsev <[email protected]>
Co-authored-by: Jesse Suen <[email protected]>

* fix(security): use Chainguard fork of git-urls (argoproj#17732) (argoproj#17735)

Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Michael Crenshaw <[email protected]>

* Bump version to 2.10.6 (argoproj#17744)

Signed-off-by: GitHub <[email protected]>
Co-authored-by: alexmt <[email protected]>

* Merge pull request from GHSA-2gvw-w6fj-7m3c

Signed-off-by: pashakostohrys <[email protected]>

* Bump version to 2.10.7 (argoproj#17831)

Signed-off-by: GitHub <[email protected]>
Co-authored-by: pasha-codefresh <[email protected]>

* fix: docker build fails due to "The repository 'http://deb.debian.org/debian buster-backports Release' does not have a Release file."

Signed-off-by: pashakostohrys <[email protected]>

* fix: codegen and e2e tests in release-2.10 (argoproj#17844)

* fix: codegen and e2e tests

Signed-off-by: pashakostohrys <[email protected]>

* fix: codegen and e2e tests

Signed-off-by: pashakostohrys <[email protected]>

---------

Signed-off-by: pashakostohrys <[email protected]>

* chore: upgrade redis to 7.0.15 (argoproj#17666)

Upgrade to latest stable 7.0.x version to fix CVEs:

CVE-2023-41056

Signed-off-by: Tais P. Hansen <[email protected]>

* Merge pull request from GHSA-9m6p-x4h2-6frq

* feat: limit jq.Run with timeout

Signed-off-by: pashakostohrys <[email protected]>

* feat: ignore normalizer jq execution timeout as env variable

Signed-off-by: pashakostohrys <[email protected]>

* feat: customize error message and add doc section

Signed-off-by: pashakostohrys <[email protected]>

* feat: improve log and change a way how to get variable

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import`s order

Signed-off-by: pashakostohrys <[email protected]>

* chore: rename variable inside sts

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import order

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import`s order

Signed-off-by: pashakostohrys <[email protected]>

---------

Signed-off-by: pashakostohrys <[email protected]>

* Merge pull request from GHSA-9m6p-x4h2-6frq

* feat: limit jq.Run with timeout

Signed-off-by: pashakostohrys <[email protected]>

* feat: ignore normalizer jq execution timeout as env variable

Signed-off-by: pashakostohrys <[email protected]>

* feat: customize error message and add doc section

Signed-off-by: pashakostohrys <[email protected]>

* feat: improve log and change a way how to get variable

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import`s order

Signed-off-by: pashakostohrys <[email protected]>

* chore: rename variable inside sts

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import order

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import`s order

Signed-off-by: pashakostohrys <[email protected]>

---------

Signed-off-by: pashakostohrys <[email protected]>

* fix: codegen after security fix - 2.10 (argoproj#17985)

* fix: codegen after security fix

Signed-off-by: pashakostohrys <[email protected]>

* fix: codegen after security fix

Signed-off-by: pashakostohrys <[email protected]>

---------

Signed-off-by: pashakostohrys <[email protected]>

* Bump version to 2.10.8 (argoproj#17990)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: pasha-codefresh <[email protected]>

* fix: enable sha256 and sha512 for git ssh (argoproj#18028) (argoproj#18029)

* fix: bumping the knownhosts to v1.2.2 since this contains a fix that allows for sha256 and sha512 algorithms when using git ssh




* chore: remove older version of module from go sum



---------

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>

* Bump version to 2.10.9 (argoproj#18033)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: jannfis <[email protected]>

* fix: status.sync.comparedTo should use replace patch strategy (argoproj#18061) (argoproj#18075)

* fix: status.sync.comparedTo should use replace patch strategy



* add e2e tests



---------

Signed-off-by: Alexander Matyushentsev <[email protected]>

* chore: bump go-jose from 3.0.1 to 3.0.3 (argoproj#18102)

Signed-off-by: Jayendra Parsai <[email protected]>
Co-authored-by: Jayendra Parsai <[email protected]>

* docs: fix 404 styling (argoproj#18094) (argoproj#18105)

* docs: fix 404 styling



* hack around custom tag destruction



---------

Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Michael Crenshaw <[email protected]>

* chore: update gitops engine for force sync option (argoproj#5882) - 2.10 (argoproj#18123)

Signed-off-by: pashakostohrys <[email protected]>

* fix: Enable Redis authentication in the default installation

* fix: linter issue

* fix: linter issue

---------

Signed-off-by: Blake Pettersson <[email protected]>
Signed-off-by: pashakostohrys <[email protected]>
Signed-off-by: GitHub <[email protected]>
Signed-off-by: Justin Marquis <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Philipp Trulson <[email protected]>
Signed-off-by: Jesse Suen <[email protected]>
Signed-off-by: Alexander Matyushentsev <[email protected]>
Signed-off-by: Michael Crenshaw <[email protected]>
Signed-off-by: Tais P. Hansen <[email protected]>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Jayendra Parsai <[email protected]>
Co-authored-by: gcp-cherry-pick-bot[bot] <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com>
Co-authored-by: Blake Pettersson <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: pasha-codefresh <[email protected]>
Co-authored-by: Justin Marquis <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Philipp Trulson <[email protected]>
Co-authored-by: Alexander Matyushentsev <[email protected]>
Co-authored-by: Jesse Suen <[email protected]>
Co-authored-by: Michael Crenshaw <[email protected]>
Co-authored-by: alexmt <[email protected]>
Co-authored-by: Tais P. Hansen <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
Co-authored-by: jannfis <[email protected]>
Co-authored-by: Jayendra Parsai <[email protected]>
Co-authored-by: Jayendra Parsai <[email protected]>
Co-authored-by: May Zhang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants