Skip to content

Bump the security group across 1 directory with 7 updates #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the security group across 1 directory with 7 updates #88

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 14, 2025
edited
Loading

Bumps the security group with 4 updates in the / directory: github.com/gofiber/fiber/v2, github.com/spf13/pflag, github.com/stretchr/testify and github.com/vmware-tanzu/velero.

Updates github.com/gofiber/fiber/v2 from 2.52.5 to 2.52.6

Release notes

Sourced from github.com/gofiber/fiber/v2's releases.

v2.52.6

🐛 Bug Fixes

📚 Documentation

🛠️ Maintenance

Full Changelog: gofiber/fiber@v2.52.5...v2.52.6

Commits
  • e04f815 prepare release v2.52.6
  • 7eb9d25 Support Square Bracket Notation in Multipart Form data (#3268)
  • 47be681 🧹 chore: Add parallel benchmark for Next() (#3259)
  • c9ff17d 🧹 chore: Update dependencies (#3254)
  • 56ff2de 🐛 fix: Respect Immutable config for Body() (#3246)
  • 8c84b0f 🩹 fix: Middleware/CORS Remove Scheme Restriction (#3168)
  • 6e74114 v2: Add CODEOWNERS file (#3124)
  • cb06bc5 🩹 Fix: handle un-matched open brackets in the query params (#3121)
  • bfcf91d fix template markdown
  • ca935c3 📚 Doc: Add detailed documentation for the templates guide (#3113)
  • Additional commits viewable in compare view

Updates github.com/spf13/pflag from 1.0.5 to 1.0.6

Release notes

Sourced from github.com/spf13/pflag's releases.

v1.0.6

What's Changed

New Contributors

Full Changelog: spf13/pflag@v1.0.5...v1.0.6

Commits

Updates github.com/stretchr/testify from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.10.0

What's Changed

Functional Changes

Fixes

Documentation, Build & CI

New Contributors

... (truncated)

Commits
  • 89cbdd9 Merge pull request #1626 from arjun-1/fix-functional-options-diff-indirect-calls
  • 07bac60 Merge pull request #1667 from sikehish/flaky
  • 716de8d Increase timeouts in Test_Mock_Called_blocks to reduce flakiness in CI
  • 118fb83 NotSame should fail if args are not pointers #1661 (#1664)
  • 7d99b2b attempt 2
  • 05f87c0 more similar
  • ea7129e better fmt
  • a1b9c9e Merge pull request #1663 from ybrustin/master
  • 8302de9 Merge branch 'master' into master
  • 89352f7 Merge pull request #1518 from hendrywiranto/adjust-readme-remove-v2
  • Additional commits viewable in compare view

Updates github.com/vmware-tanzu/velero from 1.14.1 to 1.16.0

Release notes

Sourced from github.com/vmware-tanzu/velero's releases.

v1.16.0

v1.16

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.16.0

Container Image

velero/velero:v1.16.0

Documentation

https://velero.io/docs/v1.16/

Upgrading

https://velero.io/docs/v1.16/upgrade-to-1.16/

Highlights

Windows cluster support

In v1.16, Velero supports to run in Windows clusters and backup/restore Windows workloads, either stateful or stateless:

  • Hybrid build and all-in-one image: the build process is enhanced to build an all-in-one image for hybrid CPU architecture and hybrid platform. For more information, check the design https://github.com/vmware-tanzu/velero/blob/main/design/multiple-arch-build-with-windows.md
  • Deployment in Windows clusters: Velero node-agent, data mover pods and maintenance jobs now support to run in both linux and Windows nodes
  • Data mover backup/restore Windows workloads: Velero built-in data mover supports Windows workloads throughout its full cycle, i.e., discovery, backup, restore, pre/post hook, etc. It automatically identifies Windows workloads and schedules data mover pods to the right group of nodes

Check the epic issue vmware-tanzu/velero#8289 for more information.

Parallel Item Block backup

v1.16 now supports to back up item blocks in parallel. Specifically, during backup, correlated resources are grouped in item blocks and Velero backup engine creates a thread pool to back up the item blocks in parallel. This significantly improves the backup throughput, especially when there are large scale of resources.
Pre/post hooks also belongs to item blocks, so will also run in parallel along with the item blocks.
Users are allowed to configure the parallelism through the --item-block-worker-count Velero server parameter. If not configured, the default parallelism is 1.

For more information, check issue vmware-tanzu/velero#8334.

Data mover restore enhancement in scalability

In previous releases, for each volume of WaitForFirstConsumer mode, data mover restore is only allowed to happen in the node that the volume is attached. This severely degrades the parallelism and the balance of node resource(CPU, memory, network bandwidth) consumption for data mover restore (vmware-tanzu/velero#8044).

In v1.16, users are allowed to configure data mover restores running and spreading evenly across all nodes in the cluster. The configuration is done through a new flag ignoreDelayBinding in node-agent configuration (vmware-tanzu/velero#8242).

Data mover enhancements in observability

In 1.16, some observability enhancements are added:

The outputs are in the same node-agent log and enabled automatically.

CSI snapshot backup/restore enhancement in usability

In previous releases, a unnecessary VolumeSnapshotContent object is retained for each backup and synced to other clusters sharing the same backup storage location. And during restore, the retained VolumeSnapshotContent is also restored unnecessarily.

In 1.16, the retained VolumeSnapshotContent is removed from the backup, so no unnecessary CSI objects are synced or restored.

For more information, check issue vmware-tanzu/velero#8725.

... (truncated)

Commits
  • 8f31599 Merge pull request #8849 from Lyndon-Li/release-1.16
  • f8ae149 Merge branch 'release-1.16' into release-1.16
  • b469d9f Bump base image to 0.2.57 to fix CVEs. (#8853)
  • 87084ce issue 8847: inherit pod info from node-agent-windows
  • 3df026f Merge pull request #8834 from Lyndon-Li/release-1.16
  • 406a730 pin velero image
  • e5c7c7f Merge pull request #8829 from blackpiglet/align_upgrade_cli_and_image_version
  • 6002d56 Align the E2E upgrade test's CLI and image version.
  • 6df1424 Merge pull request #8828 from blackpiglet/bump_e2e_upgrade_migration_source_v...
  • 07fd98e Merge pull request #8824 from Lyndon-Li/1.16-change-log
  • Additional commits viewable in compare view

Updates k8s.io/api from 0.31.1 to 0.31.3

Commits

Updates k8s.io/apimachinery from 0.31.1 to 0.31.3

Commits

Updates k8s.io/client-go from 0.31.1 to 0.31.3

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the security group across 1 directory with 7 updates
50af5b7 
Bumps the security group with 4 updates in the / directory: [github.com/gofiber/fiber/v2](https://github.com/gofiber/fiber), [github.com/spf13/pflag](https://github.com/spf13/pflag), [github.com/stretchr/testify](https://github.com/stretchr/testify) and [github.com/vmware-tanzu/velero](https://github.com/vmware-tanzu/velero).


Updates `github.com/gofiber/fiber/v2` from 2.52.5 to 2.52.6
- [Release notes](https://github.com/gofiber/fiber/releases)
- [Commits](gofiber/fiber@v2.52.5...v2.52.6)

Updates `github.com/spf13/pflag` from 1.0.5 to 1.0.6
- [Release notes](https://github.com/spf13/pflag/releases)
- [Commits](spf13/pflag@v1.0.5...v1.0.6)

Updates `github.com/stretchr/testify` from 1.9.0 to 1.10.0
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.9.0...v1.10.0)

Updates `github.com/vmware-tanzu/velero` from 1.14.1 to 1.16.0
- [Release notes](https://github.com/vmware-tanzu/velero/releases)
- [Changelog](https://github.com/vmware-tanzu/velero/blob/main/CHANGELOG.md)
- [Commits](vmware-tanzu/velero@v1.14.1...v1.16.0)

Updates `k8s.io/api` from 0.31.1 to 0.31.3
- [Commits](kubernetes/api@v0.31.1...v0.31.3)

Updates `k8s.io/apimachinery` from 0.31.1 to 0.31.3
- [Commits](kubernetes/apimachinery@v0.31.1...v0.31.3)

Updates `k8s.io/client-go` from 0.31.1 to 0.31.3
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.31.1...v0.31.3)

---
updated-dependencies:
- dependency-name: github.com/gofiber/fiber/v2
  dependency-version: 2.52.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: github.com/spf13/pflag
  dependency-version: 1.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: github.com/stretchr/testify
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: github.com/vmware-tanzu/velero
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security
- dependency-name: k8s.io/api
  dependency-version: 0.31.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.31.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/client-go
  dependency-version: 0.31.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/security-a1a9d5fabd branch from f0a420b to 50af5b7 Compare April 24, 2025 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependabot go type::security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants