Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): update helm general non-major (#14784)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cert-manager](https://togithub.com/cert-manager/cert-manager) | patch | `v1.13.2` -> `v1.13.3` | | [clickhouse](https://truecharts.org/charts/dependency/clickhouse) ([source](https://togithub.com/truecharts/charts)) | patch | `7.0.25` -> `7.0.30` | | [common](https://togithub.com/truecharts/apps/tree/master/charts/common) ([source](https://togithub.com/truecharts/library-charts)) | minor | `14.3.5` -> `14.5.0` | | [common](https://togithub.com/truecharts/apps/tree/master/charts/common) ([source](https://togithub.com/truecharts/library-charts)) | minor | `15.0.1` -> `15.3.4` | | [common](https://togithub.com/truecharts/apps/tree/master/charts/common) ([source](https://togithub.com/truecharts/library-charts)) | minor | `16.0.0` -> `16.2.6` | | [common](https://togithub.com/truecharts/apps/tree/master/charts/common) ([source](https://togithub.com/truecharts/library-charts)) | minor | `15.2.0` -> `15.3.4` | | [common](https://togithub.com/truecharts/apps/tree/master/charts/common) ([source](https://togithub.com/truecharts/library-charts)) | minor | `14.3.3` -> `14.5.0` | | [common](https://togithub.com/truecharts/apps/tree/master/charts/common) ([source](https://togithub.com/truecharts/library-charts)) | patch | `15.3.1` -> `15.3.4` | | [kube-state-metrics](https://truecharts.org/charts/dependency/kube-state-metrics) ([source](https://togithub.com/truecharts/charts)) | patch | `3.0.38` -> `3.0.41` | | [mariadb](https://truecharts.org/charts/dependency/mariadb) ([source](https://togithub.com/truecharts/charts)) | patch | `9.0.40` -> `9.0.43` | | [node-exporter](https://truecharts.org/charts/dependency/node-exporter) ([source](https://togithub.com/truecharts/charts)) | patch | `3.0.40` -> `3.0.43` | | [redis](https://truecharts.org/charts/dependency/redis) ([source](https://togithub.com/truecharts/charts)) | patch | `8.0.44` -> `8.0.47` | | [velero](https://togithub.com/vmware-tanzu/velero) ([source](https://togithub.com/vmware-tanzu/helm-charts)) | minor | `5.1.4` -> `5.2.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>cert-manager/cert-manager (cert-manager)</summary> ### [`v1.13.3`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.3) [Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.13.2...v1.13.3) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. >⚠️ Read about the [**breaking changes in cert-manager 1.13**](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.0) before you upgrade from a < v1.13 version! This patch release contains fixes for the following security vulnerabilities in the cert-manager-controller: - [`GO-2023-2334`](https://pkg.go.dev/vuln/GO-2023-2334): Decryption of malicious PBES2 JWE objects can consume unbounded system resources. If you use [ArtifactHub Security report](https://artifacthub.io/packages/helm/cert-manager/cert-manager/1.13.2?modal=security-report) or [trivy](https://trivy.dev/), this patch will also silence the following warning about a vulnerability in code which is imported but **not used** by the cert-manager-controller: - [`CVE-2023-47108`](https://access.redhat.com/security/cve/CVE-2023-47108): DoS vulnerability in `otelgrpc` due to unbound cardinality metrics. An ongoing security audit of cert-manager suggested some changes to the webhook code to mitigate DoS attacks, and these are included in this patch release. ##### Changes ##### Bug or Regression - The webhook server now returns HTTP error 413 (Content Too Large) for requests with body size `>= 3MiB`. This is to mitigate DoS attacks that attempt to crash the webhook process by sending large requests that exceed the available memory. ([#​6507](https://togithub.com/cert-manager/cert-manager/pull/6507), [@​inteon](https://togithub.com/inteon)) - The webhook server now returns HTTP error 400 (Bad Request) if the request contains an empty body. ([#​6507](https://togithub.com/cert-manager/cert-manager/pull/6507), [@​inteon](https://togithub.com/inteon)) - The webhook server now returns HTTP error 500 (Internal Server Error) rather than crashing, if the code panics while handling a request. ([#​6507](https://togithub.com/cert-manager/cert-manager/pull/6507), [@​inteon](https://togithub.com/inteon)) - Mitigate potential "Slowloris" attacks by setting `ReadHeaderTimeout` in all `http.Server` instances. ([#​6538](https://togithub.com/cert-manager/cert-manager/pull/6538), [@​wallrj](https://togithub.com/wallrj)) - Upgrade Go modules: `otel`, `docker`, and `jose` to fix CVE alerts. See GHSA-8pgv-569h-w5rw, GHSA-jq35-85cj-fj4p, and GHSA-2c7c-3mj9-8fqh. ([#​6514](https://togithub.com/cert-manager/cert-manager/pull/6514), [@​inteon](https://togithub.com/inteon)) ##### Dependencies ##### Added *Nothing has changed.* ##### Changed - `cloud.google.com/go/firestore`: `v1.11.0 → v1.12.0` - `cloud.google.com/go`: `v0.110.6 → v0.110.7` - `github.com/felixge/httpsnoop`: [`v1.0.3 → v1.0.4`](https://togithub.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4) - `github.com/go-jose/go-jose/v3`: [`v3.0.0 → v3.0.1`](https://togithub.com/go-jose/go-jose/v3/compare/v3.0.0...v3.0.1) - `github.com/go-logr/logr`: [`v1.2.4 → v1.3.0`](https://togithub.com/go-logr/logr/compare/v1.2.4...v1.3.0) - `github.com/golang/glog`: [`v1.1.0 → v1.1.2`](https://togithub.com/golang/glog/compare/v1.1.0...v1.1.2) - `github.com/google/go-cmp`: [`v0.5.9 → v0.6.0`](https://togithub.com/google/go-cmp/compare/v0.5.9...v0.6.0) - `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc`: `v0.45.0 → v0.46.0` - `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp`: `v0.44.0 → v0.46.0` - `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`: `v1.19.0 → v1.20.0` - `go.opentelemetry.io/otel/exporters/otlp/otlptrace`: `v1.19.0 → v1.20.0` - `go.opentelemetry.io/otel/metric`: `v1.19.0 → v1.20.0` - `go.opentelemetry.io/otel/sdk`: `v1.19.0 → v1.20.0` - `go.opentelemetry.io/otel/trace`: `v1.19.0 → v1.20.0` - `go.opentelemetry.io/otel`: `v1.19.0 → v1.20.0` - `go.uber.org/goleak`: `v1.2.1 → v1.3.0` - `golang.org/x/sys`: `v0.13.0 → v0.14.0` - `google.golang.org/genproto/googleapis/api`: `f966b18 → b8732ec` - `google.golang.org/genproto`: `f966b18 → b8732ec` - `google.golang.org/grpc`: `v1.58.3 → v1.59.0` ##### Removed *Nothing has changed.* </details> <details> <summary>truecharts/charts (clickhouse)</summary> ### [`v7.0.30`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.30) [Compare Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.29...clickhouse-7.0.30) ClickHouse is a column-oriented database management system (DBMS) for online analytical processing of queries (OLAP). ### [`v7.0.29`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.29) [Compare Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.28...clickhouse-7.0.29) ClickHouse is a column-oriented database management system (DBMS) for online analytical processing of queries (OLAP). ### [`v7.0.28`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.28) [Compare Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.27...clickhouse-7.0.28) ClickHouse is a column-oriented database management system (DBMS) for online analytical processing of queries (OLAP). ### [`v7.0.27`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.27) [Compare Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.26...clickhouse-7.0.27) ClickHouse is a column-oriented database management system (DBMS) for online analytical processing of queries (OLAP). ### [`v7.0.26`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.26) [Compare Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.25...clickhouse-7.0.26) ClickHouse is a column-oriented database management system (DBMS) for online analytical processing of queries (OLAP). </details> <details> <summary>truecharts/library-charts (common)</summary> ### [`v14.5.0`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.5.0) [Compare Source](https://togithub.com/truecharts/library-charts/compare/common-14.4.0...common-14.5.0) Function library for TrueCharts ### [`v14.4.0`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.4.0) [Compare Source](https://togithub.com/truecharts/library-charts/compare/common-14.3.5...common-14.4.0) Function library for TrueCharts </details> <details> <summary>vmware-tanzu/helm-charts (velero)</summary> ### [`v5.2.0`](https://togithub.com/vmware-tanzu/helm-charts/releases/tag/velero-5.2.0) [Compare Source](https://togithub.com/vmware-tanzu/helm-charts/compare/velero-5.1.7...velero-5.2.0) A Helm chart for velero #### What's Changed - \[velero] Pass config trough tpl and implement reload trigger by [@​jkroepke](https://togithub.com/jkroepke) in [https://github.com/vmware-tanzu/helm-charts/pull/525](https://togithub.com/vmware-tanzu/helm-charts/pull/525) **Full Changelog**: vmware-tanzu/helm-charts@velero-5.1.7...velero-5.2.0 ### [`v5.1.7`](https://togithub.com/vmware-tanzu/helm-charts/releases/tag/velero-5.1.7) [Compare Source](https://togithub.com/vmware-tanzu/helm-charts/compare/velero-5.1.6...velero-5.1.7) A Helm chart for velero #### What's Changed - \[velero]: Feature push new charts to GHCR OCI registry as well by [@​ishuar](https://togithub.com/ishuar) in [https://github.com/vmware-tanzu/helm-charts/pull/523](https://togithub.com/vmware-tanzu/helm-charts/pull/523) - \[velero] feat: Add additional templating options for Velero upgrade CRDs job by [@​cbuto](https://togithub.com/cbuto) in [https://github.com/vmware-tanzu/helm-charts/pull/528](https://togithub.com/vmware-tanzu/helm-charts/pull/528) #### New Contributors - [@​cbuto](https://togithub.com/cbuto) made their first contribution in [https://github.com/vmware-tanzu/helm-charts/pull/528](https://togithub.com/vmware-tanzu/helm-charts/pull/528) **Full Changelog**: vmware-tanzu/helm-charts@velero-5.1.6...velero-5.1.7 ### [`v5.1.6`](https://togithub.com/vmware-tanzu/helm-charts/releases/tag/velero-5.1.6) [Compare Source](https://togithub.com/vmware-tanzu/helm-charts/compare/velero-5.1.5...velero-5.1.6) A Helm chart for velero #### What's Changed - \[velero]: Disable default values for upgradeJobResources by [@​ishuar](https://togithub.com/ishuar) in [https://github.com/vmware-tanzu/helm-charts/pull/524](https://togithub.com/vmware-tanzu/helm-charts/pull/524) **Full Changelog**: vmware-tanzu/helm-charts@velero-5.1.5...velero-5.1.6 ### [`v5.1.5`](https://togithub.com/vmware-tanzu/helm-charts/releases/tag/velero-5.1.5) [Compare Source](https://togithub.com/vmware-tanzu/helm-charts/compare/velero-5.1.4...velero-5.1.5) A Helm chart for velero #### What's Changed - Bump velero/velero from 1.12.1 to v1.12.2 in /charts/velero by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/vmware-tanzu/helm-charts/pull/522](https://togithub.com/vmware-tanzu/helm-charts/pull/522) **Full Changelog**: vmware-tanzu/helm-charts@velero-5.1.4...velero-5.1.5 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 10pm on tuesday" in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuOTEuNSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
- Loading branch information
1 parent
352b1ac
commit 45f50c7