chore(deps): update salamandre cluster #24
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.15.3
->v1.16.2
0.22.0
->0.23.0
v1.24.0
->v1.25.0
24.04.7.2.1
->24.04.11.1.1
27.3.1-dind-rootless
->27.4.1-dind-rootless
5.2.3
->5.7.0
6.0.3
->6.6.2
0.28.1
->0.29.1
1.32.0-alpine
->1.32.7-alpine
8.5.0
->8.11.1
Release Notes
cert-manager/cert-manager (cert-manager)
v1.16.2
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This patch release of cert-manager 1.16 makes several changes to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data which is being parsed.
This is to prevent an unacceptable slow-down in parsing specially crafted PEM data. The issue was found by Google's OSS-Fuzz project.
The issue is low severity; to exploit the PEM issue would require privileged access which would likely allow Denial-of-Service through other methods.
Note also that since most PEM data parsed by cert-manager comes from
ConfigMap
orSecret
resources which have a max size limit of approximately 1MB, it's difficult to force cert-manager to parse large amounts of PEM data.Further information is available in GHSA-r4pg-vg54-wxx4
In addition, the version of Go used to build cert-manager 1.16 was updated along with the base images.
Changes by Kind
Bug or Regression
Other (Cleanup or Flake)
v1.16.1
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
The cert-manager 1.16 release includes: new Helm chart features, more Prometheus metrics, memory optimizations, and various improvements and bug fixes for the ACME issuer and Venafi Issuer.
📖 Read the complete 1.16 release notes before upgrading.
📜Changes since
v1.16.0
Bug or Regression
@inteon
)podDisruptionBudget.minAvailable
andpodDisruptionBudget.maxAvailable
values. (#7345,@inteon
)enabled
to be set as a value to toggle cert-manager as a dependency. (#7356,@inteon
)v1.16.0
caused cert-manager's ACME ClusterIssuer to look in the wrong namespace for resources required for the issuance (e.g. credential Secrets). This is now fixed inv1.16.1
. (#7342,@inteon
)v1.16.0
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
The cert-manager 1.16 release includes: new Helm chart features, more Prometheus metrics, memory optimizations, and various improvements and bug fixes for the ACME issuer and Venafi Issuer.
📖 Read the complete 1.16 release notes at cert-manager.io.
❗ Breaking changes
📖 Read the complete 1.16 release notes at cert-manager.io.
📜 Changes since v1.15.0
📖 Read the complete 1.16 release notes at cert-manager.io.
Feature
SecretRef
support for Venafi TPP issuer CA Bundle (#7036,@sankalp-at-gh
)renewBeforePercentage
alternative torenewBefore
(#6987,@cbroglie
)@wallrj
)@wallrj
)@joshmue
)@mindw
)app.kubernetes.io/managed-by: cert-manager
label to the cert-manager-webhook-ca Secret (#7154,@jrcichra
)@ThatsMrTalbot
)@Jasper-Ben
)@wallrj
)@wallrj
)AWS_REGION
environment variable.Feature: The Route53 DNS solver of the ACME Issuer now uses the "ambient" region (
AWS_REGION
orAWS_DEFAULT_REGION
) ifissuer.spec.acme.solvers.dns01.route53.region
is empty; regardless of the flags--issuer-ambient-credentials
and--cluster-issuer-ambient-credentials
. (#7299,@wallrj
)@inteon
)--controllers
flag only specifies disabled controllers, the default controllers are now enabled implicitly.Added
disableAutoApproval
andapproveSignerNames
Helm chart options. (#7049,@inteon
)config.apiVersion
andconfig.kind
within the Helm chart. (#7126,@ThatsMrTalbot
)@Guitarkalle
)cainjector
, by only caching the metadata of Secret resources.Reduce the load on the K8S API server when
cainjector
starts up, by only listing the metadata of Secret resources. (#7161,@wallrj
)AWS_REGION
andAWS_DEFAULT_REGION
environment variables, which is set by the IAM for Service Accounts (IRSA) webhook and by the Pod Identity webhook.The
issuer.spec.acme.solvers.dns01.route53.region
field is now optional.The API documentation of the
region
field has been updated to explain when and how the region value is used. (#7287,@wallrj
)Breaking: cert-manager will no longer use the API Key authentication method which was deprecated in 20.2 and since removed in 24.1 of TPP. (#7084,
@hawksight
)@aidy
)webhook.extraEnv
, allows you to set custom environment variables in the webhook Pod.Helm: New value
cainjector.extraEnv
, allows you to set custom environment variables in the cainjector Pod.Helm: New value
startupapicheck.extraEnv
, allows you to set custom environment variables in the startupapicheck Pod. (#7319,@wallrj
)Bug or Regression
metadata.finalizers: "finalizer.acme.cert-manager.io": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers
(#7273,@jsoref
)aws-global
STS region which is now required by thegithub.com/aws/aws-sdk-go-v2
library. (#7108,@inteon
)@inteon
)@inteon
)@wallrj
)@wallrj
)grpc-go
to fixGHSA-xr7q-jx4m-x55m
(#7164,@SgtCoDFish
)go-retryablehttp
dependency to fixCVE-2024-6104
(#7125,@SgtCoDFish
)@eplightning
)endpointAdditionalProperties
in thePodMonitor
template of the Helm chart (#7190,@wallrj
)@miguelvr
)@bdols
)@inteon
)@inteon
)KeyUsages
X.509 extension is no longer added when there are no key usages set (in accordance to RFC 5280 Section 4.2.1.3) (#7250,@inteon
)github.com/Azure/azure-sdk-for-go/sdk/azidentity
to addressCVE-2024-35255
(#7087,@dependabot[bot]
)Other (Cleanup or Flake)
Removed:
(acme.)cert-manager.io/v1alpha2
(acme.)cert-manager.io/v1alpha3
(acme.)cert-manager.io/v1beta1 (#7278,
@inteon
)v0.31.0
removes a lot of noisyreflector.go: unable to sync list result: internal error: cannot cast object DeletedFinalStateUnknown
errors from logs. (#7237,@inteon
)v1.23.2
(#7324,@cert-manager-bot
)v1.15.4
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This patch release of cert-manager 1.15 makes several changes to how PEM input is validated, adding maximum sizes appropriate to the type of PEM data which is being parsed.
This is to prevent an unacceptable slow-down in parsing specially crafted PEM data. The issue was found by Google's OSS-Fuzz project.
The issue is low severity; to exploit the PEM issue would require privileged access which would likely allow Denial-of-Service through other methods.
Note also that since most PEM data parsed by cert-manager comes from
ConfigMap
orSecret
resources which have a max size limit of approximately 1MB, it's difficult to force cert-manager to parse large amounts of PEM data.Further information is available in GHSA-r4pg-vg54-wxx4
In addition, the version of Go used to build cert-manager 1.15 was updated along with the base images, and a Route53 bug fix was backported.
Changes by Kind
Bug or Regression
Other (Cleanup or Flake)
cloudnative-pg/charts (cloudnative-pg)
v0.23.0
Compare Source
CloudNativePG Operator Helm Chart
What's Changed
New Contributors
Full Changelog: cloudnative-pg/charts@cloudnative-pg-v0.23.0-rc1...cloudnative-pg-v0.23.0
v0.22.1
Compare Source
CloudNativePG Operator Helm Chart
What's Changed
postgresql
in places where inferred by defaulttype
by @philippemnoel in https://github.com/cloudnative-pg/charts/pull/3854959ce0
by @renovate in https://github.com/cloudnative-pg/charts/pull/403New Contributors
Full Changelog: cloudnative-pg/charts@cluster-v0.0.11...cloudnative-pg-v0.22.1
cloudnative-pg/cloudnative-pg (cloudnative-pg-source)
v1.25.0
Compare Source
Release Date: December 23, 2024
Features
Declarative Database Management: Introduce the
Database
Custom Resource Definition (CRD), enabling users to create and manage PostgreSQL databases declaratively within a cluster. (#5325)Logical Replication Management: Add
Publication
andSubscription
CRDs for declarative management of PostgreSQL logical replication. These simplify replication setup and facilitate online migrations to CloudNativePG. (#5329)Experimental Support for CNPG-I: Introducing CNPG-I (CloudNativePG Interface), a standardized framework designed to extend CloudNativePG functionality through third-party plugins and foster the growth of the CNPG ecosystem. The Barman Cloud Plugin serves as a live example, illustrating how plugins can be developed to enhance backup and recovery workflows. Although CNPG-I support is currently experimental, it offers a powerful approach to extending CloudNativePG without modifying the operator’s core code—akin to PostgreSQL extensions. We welcome community feedback and contributions to shape this exciting new capability.
Enhancements
dataDurability
option to the.spec.postgresql.synchronous
stanza, allowing users to choose betweenrequired
(default) orpreferred
durability in synchronous replication. (#5878).spec.probes
stanza. (#6266)pg_dump
andpg_restore
options to enhance database import flexibility. (#6214)maxConcurrentReconciles
in the CloudNativePG controller and set the default to 10, improving the operator's ability to efficiently manage larger deployments out of the box. (#5678)cnpg.io/userType
label to secrets generated for predefined users, specificallysuperuser
andapp
. (#4392)spec.schedule
field in ScheduledBackups, raising warnings for potential misconfigurations. (#5396)cnpg
plugin:backup
command to support plugins. (#6045)User-Agent
header in HTTP requests with the API server. (#6153)Bug Fixes
PGDATA
volume during bootstrap. (#6265)Unrecoverable
when all previously generatedPersistentVolumeClaims
are missing. (#6170)synchronous_standby_names
GUC when.spec.postgresql.synchronous.method
is set tofirst
. (#5955)primary_slot_name
definition from theoverride.conf
file on the primary to ensure it is always empty. (#6219)PGHOST
, in PgBouncer pods to enable seamless access to thepgbouncer
virtual database usingpsql
from within the container. (#6247)cnpg
plugin:kubectl
context is properly passed in thepsql
command. (#6257)status
command. (#5998)Supported Versions
v1.24.2
Compare Source
Release Date: December 23, 2024
Enhancements
.spec.probes
stanza. (#6266)cnpg.io/userType
label to secrets generated for predefined users, specificallysuperuser
andapp
. (#4392)spec.schedule
field in ScheduledBackups, raising warnings for potential misconfigurations. (#5396)cnpg
plugin:User-Agent
header in HTTP requests with the API server. (#6153)Bug Fixes
PGDATA
volume during bootstrap. (#6265)Unrecoverable
when all previously generatedPersistentVolumeClaims
are missing. (#6170)synchronous_standby_names
GUC when.spec.postgresql.synchronous.method
is set tofirst
. (#5955)primary_slot_name
definition from theoverride.conf
file on the primary to ensure it is always empty. (#6219)PGHOST
, in PgBouncer pods to enable seamless access to thepgbouncer
virtual database usingpsql
from within the container. (#6247)cnpg
plugin:kubectl
context is properly passed in thepsql
command. (#6257)status
command. (#5998)v1.24.1
Compare Source
Release date: Oct 16, 2024
Enhancements:
pg_database_size
from the status probe, as it caused high resource utilization by scanning the entirePGDATA
directory to compute database sizes. Thekubectl status
plugin will now rely ondu
to provide detailed size information retrieval (#5689).full_page_writes
parameter in PostgreSQL. This setting defaults toon
, in line with PostgreSQL's recommendations (#5516).logs pretty
command in thecnpg
plugin to read a log stream from standard input and output a human-readable format, with options to filter log entries (#5770)status
command by allowing multiple-v
options to increase verbosity for more detailed output (#5765).--image
flag in thepgadmin4
plugin command, giving users control over the Docker image used for pgAdmin4 deployments (#5515).Fixes:
.spec.postgresql.synchronous
, ensure that thesynchronous_standby_names
parameter is correctly set, even when no replicas are reachable (#5831).TMPDIR
andPSQL_HISTORY
environment variables for pods and jobs, improving temporary file and history management (#5503).logs cluster
command (#5775).potential
sync status in thestatus
plugin (#5533).pgadmin4
command didn’t have a writable home directory (#5800).Supported versions
codecentric/helm-charts (mailhog)
v5.7.0
Compare Source
An e-mail testing tool for developers
v5.6.0
Compare Source
An e-mail testing tool for developers
v5.5.0
Compare Source
An e-mail testing tool for developers
v5.4.0
Compare Source
An e-mail testing tool for developers
v5.3.0
Compare Source
An e-mail testing tool for developers
nextcloud/helm (nextcloud)
v6.6.2
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
New Contributors
Full Changelog: nextcloud/helm@nextcloud-6.5.2...nextcloud-6.6.2
v6.5.2
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
New Contributors
Full Changelog: nextcloud/helm@nextcloud-6.5.1...nextcloud-6.5.2
v6.5.1
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-6.5.0...nextcloud-6.5.1
v6.5.0
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-6.4.1...nextcloud-6.5.0
v6.4.1
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
New Contributors
Full Changelog: nextcloud/helm@nextcloud-6.3.2...nextcloud-6.4.1
v6.3.2
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-6.3.1...nextcloud-6.3.2
v6.3.1
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-6.3.0...nextcloud-6.3.1
v6.3.0
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-6.2.4...nextcloud-6.3.0
v6.2.4
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-6.2.3...nextcloud-6.2.4
v6.2.3
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
New Contributors
Full Changelog: nextcloud/helm@nextcloud-6.2.2...nextcloud-6.2.3
v6.2.2
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-6.2.1...nextcloud-6.2.2
v6.2.1
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-6.2.0...nextcloud-6.2.1
v6.2.0
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
New Contributors
Full Changelog: nextcloud/helm@nextcloud-6.1.1...nextcloud-6.2.0
v6.1.1
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
Full Changelog: nextcloud/helm@nextcloud-6.1.0...nextcloud-6.1.1
v6.1.0
Compare Source
A file sharing server that puts the control and security of your own data back into your hands.
What's Changed
New Contributors
Full Changelog: nextcloud/helm@nextcloud-6.0.3...nextcloud-6.1.0
hashicorp/vault-helm (vault)
v0.29.1
Compare Source
Bugs:
v0.29.0
Compare Source
Changes:
vault
version updated to 1.18.1vault-k8s
version updated to 1.5.0vault-csi-provider
version updated to 1.5.0Features:
Bugs:
dani-garcia/vaultwarden (vaultwarden/server)
v1.32.7
Compare Source
Security Fixes
This release contains a security fix for the following CVE GHSA-g65h-982x-4m5m.
This vulnerability affects any installations that have the
ORG_GROUPS_ENABLED
setting enabled, and we urge anyone doing so to update as soon as possible.What's Changed
Full Changelog: dani-garcia/vaultwarden@1.32.6...1.32.7
v1.32.6
Compare Source
What's Changed
Configuration
📅 Schedule: Branch creation - "* 0-3 1 * *" in timezone Europe/Paris, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.