Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 Bump the dependencies group in /hack/tools with 2 updates #4771

Merged
merged 1 commit into from
Feb 5, 2024
Merged

🌱 Bump the dependencies group in /hack/tools with 2 updates #4771

merged 1 commit into from
Feb 5, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 5, 2024

Bumps the dependencies group in /hack/tools with 2 updates: sigs.k8s.io/kind and sigs.k8s.io/promo-tools/v4.

Updates sigs.k8s.io/kind from 0.20.0 to 0.21.0

Release notes

Sourced from sigs.k8s.io/kind's releases.

v0.21.0

This release patches the recent runc CVEs, as well as an issue with kind build node-image and docker v25.0.0+

  • The default node image is a Kubernetes v1.29.1 image: kindest/node:v1.29.1@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144

If you haven't already, please see also v0.20.0 release notes which had important announcements that still apply going forward.

  • Upgraded go to 1.20.13
  • Upgraded crictl to 1.28
  • Upgraded containerd fuse overlayfs to 1.0.6
  • Began marking some core images pinned in containerd, which may eventually make enabling imageGC safer
  • kindnetd will ignore nodes with empty podCIDR, enabling some niche use-cases

Images pre-built for this release:

  • v1.29.1: kindest/node:v1.29.1@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144
  • v1.28.6: kindest/node:v1.28.6@sha256:b7e1cf6b2b729f604133c667a6be8aab6f4dde5bb042c1891ae248d9154f665b
  • v1.27.10: kindest/node:v1.27.10@sha256:3700c811144e24a6c6181065265f69b9bf0b437c45741017182d7c82b908918f
  • v1.26.13: kindest/node:v1.26.13@sha256:15ae92d507b7d4aec6e8920d358fc63d3b980493db191d7327541fbaaed1f789
  • v1.25.16: kindest/node:v1.25.16@sha256:9d0a62b55d4fe1e262953be8d406689b947668626a357b5f9d0cfbddbebbc727
  • v1.24.17: kindest/node:v1.24.17@sha256:ea292d57ec5dd0e2f3f5a2d77efa246ac883c051ff80e887109fabefbd3125c7
  • v1.23.17: kindest/node:v1.23.17@sha256:fbb92ac580fce498473762419df27fa8664dbaa1c5a361b5957e123b4035bdcf

NOTE: You must use the @sha256 digest to guarantee an image built for this release, until such a time as we switch to a different tagging scheme. Even then we will highly encourage digest pinning for security and reproducibility reasons.

See also:

NOTE: These node images support amd64 and arm64, both of our supported platforms. You must use the same platform as your host, for more context see kubernetes-sigs/kind#2718

  • Updated runc to v1.1.12, containerd to v1.7.13 including the fix for GHSA-xr7r-f8xq-vfvv
  • Fixed kind build node-image with docker v25.0.0+
    • NOTE: kind load docker-image is still broken with Docker v25.0.0 due to a docker bug, which has a fix merged that should be included in Docker v25.0.1+
  • Assorted docs fixes

Thank you to everyone who contributed to this release! ❤️

Users whose commits are in this release (alphabetically by user name)

... (truncated)

Commits

Updates sigs.k8s.io/promo-tools/v4 from 4.0.4 to 4.0.5

Release notes

Sourced from sigs.k8s.io/promo-tools/v4's releases.

v4.0.5

Changes by Kind

Feature

  • Group dependabot updates
    • use go1.21
    • update dependecies
    • update zeitgeist and golangci-lint (#1099, @​cpanato) [SIG Release]
  • Kpromo gh: use --org/--repo as new default for --release-dir (#1043, @​saschagrunert) [SIG Release]

Bug or Regression

  • Fixed regression to include digest for normalized edges on image signing. (#940, @​saschagrunert) [SIG Release]

Other (Cleanup or Flake)

  • Update release-sdk and update preparefork function (#1172, @​cpanato) [SIG Release]

Dependencies

Added

  • cloud.google.com/go/dataproc/v2: v2.3.0
  • dario.cat/mergo: v1.0.0
  • github.com/AdaLogics/go-fuzz-headers: ced1acd
  • github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys: v1.0.1
  • github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal: v1.0.0
  • github.com/Azure/azure-sdk-for-go/sdk/storage/azblob: v1.2.0
  • github.com/DATA-DOG/go-sqlmock: v1.5.0
  • github.com/DrJosh9000/zzglob: v0.0.17
  • github.com/Khan/genqlient: v0.6.0
  • github.com/Microsoft/hcsshim: v0.11.4
  • github.com/alecthomas/kingpin/v2: v2.3.2
  • github.com/alessio/shellescape: v1.4.1
  • github.com/alexflint/go-arg: v1.4.2
  • github.com/alexflint/go-scalar: v1.0.0
  • github.com/aws/aws-sdk-go-v2/feature/s3/manager: v1.11.76
  • github.com/bufbuild/protocompile: v0.6.0
  • github.com/buildkite/go-pipeline: v0.2.0
  • github.com/cavaliergopher/cpio: v1.0.1
  • github.com/cockroachdb/apd/v3: v3.2.1
  • github.com/containerd/log: v0.1.0
  • github.com/decred/dcrd/dcrec/secp256k1/v4: v4.2.0
  • github.com/dustinkirkland/golang-petname: 6a283f1
  • github.com/ebitengine/purego: v0.5.0-alpha.1
  • github.com/go-kit/log: v0.2.1
  • github.com/go-quicktest/qt: v1.100.0
  • github.com/goccy/go-json: v0.10.2
  • github.com/golang-jwt/jwt/v5: v5.0.0
  • github.com/google/gnostic-models: c7be7c7

... (truncated)

Commits
  • f08f0f2 Merge pull request #1198 from xmudrii/relprep-v4.0.5
  • cb7f105 Merge pull request #1196 from ameukam/add-africa-south1
  • 69b97fa Bump promo-tools to v4.0.5
  • ce886cf Add AR regions for image promotion
  • 1318ed3 Merge pull request #1195 from kubernetes-sigs/dependabot/go_modules/actions-7...
  • 8741437 build(deps): bump the actions group with 1 update
  • f6d47e4 Merge pull request #1194 from kubernetes-sigs/dependabot/go_modules/actions-d...
  • 0762b70 build(deps): bump the actions group with 1 update
  • 534e02c Merge pull request #1193 from kubernetes-sigs/dependabot/go_modules/google.go...
  • f609f73 Merge pull request #1192 from kubernetes-sigs/dependabot/go_modules/actions-c...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
🌱 Bump the dependencies group in /hack/tools with 2 updates
52a7abf 
Bumps the dependencies group in /hack/tools with 2 updates: [sigs.k8s.io/kind](https://github.com/kubernetes-sigs/kind) and [sigs.k8s.io/promo-tools/v4](https://github.com/kubernetes-sigs/promo-tools).


Updates `sigs.k8s.io/kind` from 0.20.0 to 0.21.0
- [Release notes](https://github.com/kubernetes-sigs/kind/releases)
- [Commits](kubernetes-sigs/kind@v0.20.0...v0.21.0)

Updates `sigs.k8s.io/promo-tools/v4` from 4.0.4 to 4.0.5
- [Release notes](https://github.com/kubernetes-sigs/promo-tools/releases)
- [Changelog](https://github.com/kubernetes-sigs/promo-tools/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/promo-tools@v4.0.4...v4.0.5)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/kind
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: sigs.k8s.io/promo-tools/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Feb 5, 2024
@k8s-ci-robot
Copy link
Contributor

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Feb 5, 2024
@k8s-ci-robot k8s-ci-robot added needs-priority needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Feb 5, 2024
@k8s-ci-robot
Copy link
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@Ankitasw Ankitasw added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. area/release Issues or PRs related to releasing and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Feb 5, 2024
@Ankitasw
Copy link
Member

Ankitasw commented Feb 5, 2024

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 5, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Ankitasw

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 5, 2024
@k8s-ci-robot k8s-ci-robot merged commit f1d1d05 into main Feb 5, 2024
25 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/hack/tools/dependencies-827b761841 branch February 5, 2024 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ankitasw Ankitasw Awaiting requested review from Ankitasw

@richardcase richardcase Awaiting requested review from richardcase

Assignees

@Ankitasw Ankitasw

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/release Issues or PRs related to releasing cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@k8s-ci-robot @Ankitasw