GitHub
10/03/2023, 2:17 AMalpine:3.15
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/a12db2a15d0d5de3a37af33b40450d72a0ea77b1edd104c9ebef301acede92e8/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694a684f4749354d6a4e6a5a433077596a6c694c5451794d4449744f47517a4d5330324d4467795a6a5133593259324f4455694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496d4534596a6b794d324e6b4c5442694f5749744e4449774d6930345a444d784c5459774f444a6d4e44646a5a6a59344e534a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/datacatalog
GitHub Actions: Goreleaser
GitHub Actions: Build & Push Datacatalog Image
GitHub Actions: Bump Version
GitHub Actions: Unit Tests / Run Unit Test
GitHub Actions: Lint / Run Lint
GitHub Actions: Check Go Gennerate / Go Generate
DCO: DCO
✅ 2 other checks have passed
2/9 successful checksGitHub
10/03/2023, 2:17 AMalpine:3.17
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/370c71aba1c21dc1bef49fbde9eb50f5c7baac9e57e3ec9f5b325a499218746c/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694933597a55784e574d784d53307a4f4455794c54526c5a5459744f4449784d79307a4e6a4e6b4e7a41324e6a67324d3245694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a646a4e544531597a45784c544d344e5449744e47566c4e6930344d6a457a4c544d324d3251334d4459324f44597a59534a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/datacatalog
GitHub Actions: Goreleaser
GitHub Actions: Build & Push Datacatalog Image
GitHub Actions: Bump Version
DCO: DCO
✅ 7 other checks have passed
7/11 successful checksGitHub
10/03/2023, 2:17 AMalpine:3
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/dbd075cbff7aa8d8763cba68b5e90076cf3227ad8e2b6670eb8dc4a81ca9a1ea/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694a684e5451774e544178595330775a5468684c5451334d544174595755785a433035596a566d4d5455334d4467345a5445694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496d45314e4441314d4446684c54426c4f4745744e4463784d4331685a54466b4c546c694e5759784e5463774f44686c4d534a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/datacatalog
GitHub Actions: Goreleaser
GitHub Actions: Build & Push Datacatalog Image
GitHub Actions: Bump Version
DCO: DCO
✅ 7 other checks have passed
7/11 successful checksGitHub
10/03/2023, 2:17 AMalpine:3
, as this image has only 1 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/d203acf8a39b74c57ab47b197aad5cf8d57b9338782af1a5c90aa4b72d2fd472/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694a6d4d4756694d4445345a43316d5a4463334c5451774d5455744f5749784f53316a4e325135596d5a6b4e6d4d784d7a55694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496d59775a5749774d54686b4c575a6b4e7a63744e4441784e533035596a45354c574d335a446c695a6d5132597a457a4e534a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/datacatalog
GitHub Actions: Build & Push Datacatalog Image
GitHub Actions: Goreleaser
GitHub Actions: Bump Version
DCO: DCO
✅ 7 other checks have passed
7/11 successful checksGitHub
10/03/2023, 2:19 AMalpine:3.15
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/7e0ba5d264eeaf9aa67af0e7854bb454c92e7bc0a477c4e1492c4d5286e87dde/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694a6d597a63314d7a59334d53316a5a47566c4c545135597a45744f4463324e4331694f545a6c595452684d4455335a6d45694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496d5a6a4e7a557a4e6a63784c574e6b5a5755744e446c6a4d5330344e7a59304c5749354e6d56684e4745774e54646d59534a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/flytecopilot
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Goreleaser
GitHub Actions: Bump Version
GitHub Actions: Dry run goreleaser
DCO: DCO
✅ 7 other checks have passed
7/12 successful checksGitHub
10/03/2023, 2:19 AMalpine:3.15
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/c9cdff725f093ad66b3398ddbb9b0310e9f82a1c76bcac2c6c412a346b0c9173/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694a6b59544a684e7a5a685969307a5a4445314c5451785a5449744f4449775a5330334e4455784d3259305a544d344e6a6b694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496d52684d6d45334e6d46694c544e6b4d5455744e44466c4d6930344d6a426c4c5463304e54457a5a6a526c4d7a67324f534a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/flytecopilot
GitHub Actions: Goreleaser
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Bump Version
Codecov: 16.80% (-1.00%) compared to 378c9d2
GitHub Actions: Dry run goreleaser
DCO: DCO
✅ 6 other checks have passed
6/12 successful checksGitHub
10/03/2023, 2:19 AMalpine:3.15
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/5b90cc8efbf5c2cff3c1aaf3fece04219f147445af8a8f7e00844da110388156/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f6949354e4464694f4467315a6931685a5467794c54526a4e325974595463325a6930354d6d45304e54597a4f4751324e6a6b694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a6b304e3249344f44566d4c57466c4f4449744e474d335a6931684e7a5a6d4c546b79595451314e6a4d345a4459324f534a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/flytecopilot
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Goreleaser
GitHub Actions: Bump Version
GitHub Actions: Dry run goreleaser
DCO: DCO
✅ 7 other checks have passed
7/12 successful checksGitHub
10/03/2023, 2:19 AMalpine:3.15
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/a61a939bd211e59ffa10a4be381c855f02d9a4c11fa7de05fa36f92e3b81cb83/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f6949344e54526b4e545a6d4e6930794d7a63304c5451324d5441744f54557a5969316b5a44466c4e7a4d304d7a5179597a67694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a67314e4751314e6d59324c54497a4e7a51744e4459784d4330354e544e694c57526b4d5755334d7a517a4e444a6a4f434a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/flytecopilot
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Goreleaser
GitHub Actions: Bump Version
GitHub Actions: Dry run goreleaser
DCO: DCO
✅ 7 other checks have passed
7/12 successful checksGitHub
10/03/2023, 2:19 AMalpine:3.16
, as this image has only 1 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/3b9c5f09a18418eeed3bebe90bf9e6718391de585a68b91af0383c637489ced1/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f6949354e32466c593245354e5330325a5759354c5451774e6d5974595467794f5330345a6a4a6c5957466a595467774d4751694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a6b335957566a59546b314c545a6c5a6a6b744e4441325a6931684f4449354c54686d4d6d566859574e684f4441775a434a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/flytecopilot
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Goreleaser
GitHub Actions: Bump Version
DCO: DCO
✅ 6 other checks have passed
6/10 successful checksGitHub
10/03/2023, 2:19 AMalpine:3
, as this image has only 1 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/9dca67ad0f0cd527b0858bec1e1136815d16ab6b4e16fd8c327a5cff704e945e/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f6949784e6a6c6b5a6a67344f5331694d324a684c545134597a67744f444a6c5a6931684d4441345a6a67314d57457a593259694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a45324f57526d4f4467354c57497a596d45744e44686a4f4330344d6d566d4c5745774d44686d4f44557859544e6a5a694a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/flytecopilot
GitHub Actions: Goreleaser
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Bump Version
DCO: DCO
✅ 8 other checks have passed
8/12 successful checksGitHub
10/03/2023, 2:19 AMalpine:3
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/e13f3c226645686f5ad3eedfe86e3a20c85bb45cc288187e7d41af33a5523297/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694933597a68685a574e6a4d6930304e7a417a4c54526a4d324974595745324f5330794e5459784e6a417a4e4441314e5745694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a646a4f47466c59324d794c5451334d444d744e474d7a59693168595459354c5449314e6a45324d444d304d44553159534a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/flytecopilot
GitHub Actions: Goreleaser
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Bump Version
DCO: DCO
✅ 8 other checks have passed
8/12 successful checksGitHub
10/03/2023, 2:19 AM1.11.1 / 2022-02-15
• [SECURITY FIX] promhttp: Check validity of method and code label values prometheus/client_golang#987 (Addressed `CVE-2022-21698`)
What's Changed
• promhttp: Check validity of method and code label values by `@bwplotka` and `@kakkoyun` in prometheus/client_golang#987
Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1
v1.11.0 / 2021-06-07
• [CHANGE] Add new collectors package. #862
• [CHANGE]is deprecated, useprometheus.NewExpvarCollector
instead. #862collectors.NewExpvarCollector
• [CHANGE]is deprecated, useprometheus.NewGoCollector
instead. #862collectors.NewGoCollector
• [CHANGE]is deprecated, useprometheus.NewBuildInfoCollector
instead. #862collectors.NewBuildInfoCollector
• [FEATURE] Add new collector for database/sql#DBStats. #866
• [FEATURE] API client: Add exemplars API support. #861
• [ENHANCEMENT] API client: Add newer fields to Rules API. #855
• [ENHANCEMENT] API client: Add missing fields to Targets API. #856
What's Changed
• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#846
• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#849
• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#853
• Add newer fields to Rules API by `@gouthamve` in prometheus/client_golang#855
• Add missing fields to targets API by `@yeya24` in prometheus/client_golang#856
• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#857
• Add exemplars API support by `@yeya24` in prometheus/client_golang#861
• Improve description of MaxAge in summary docs by `@Dean-Coakley` in prometheus/client_golang#864
• Add new collectors package by `@johejo` in prometheus/client_golang#862
• Add collector for database/sql#DBStats by `@johejo` in prometheus/client_golang#866
• Make dbStatsCollector more DRY by `@beorn7` in prometheus/client_golang#867
• Change maintainers from `@beorn7` to @bwplotka/`@kakkoyun` by `@beorn7` in prometheus/client_golang#873
• Document implications of negative observations by `@beorn7` in prometheus/client_golang#871
• Update Go modules by `@SuperQ` in prometheus/client_golang#875
New Contributors
• `@gouthamve` made their first contribution in prometheus/client_golang#855
Full Changelog: prometheus/client_golang@v1.10.0...v1.11.0
1.10.0 / 2021-03-18
• [CHANGE] Minimum required Go version is now 1.13.
• [CHANGE] API client: Add matchers toandLabelNames
. #828LabesValues
• [FEATURE] API client: Add buildinfo call. #841
• [BUGFIX] Fix build on riscv64. #833
What's Changed
• Add SECURITY.md by `@roidelapluie` in prometheus/client_golang#831
• Bump prometheus/procfs to 0.3.0 to fix building on riscv64 by `@zhsj` in prometheus/client_golang#833
• Fix typo in comments in prometheus/client_golang#835... (truncated) Changelog _Sourced from github.com/prometheus/client_golang's changelog._
Unreleased
1.14.0 / 2022-11-08
• [FEATURE] Add Support for Native Histograms. #1150
• [CHANGE] Extendto implementprometheus.Registry
interface. #1103prometheus.Collector
1.13.1 / 2022-11-01
• [BUGFIX] Fix race condition with Exemplar in Counter. #1146
• [BUGFIX] Fixvalue ofCumulativeCount
bucket created from exemplar. #1148+Inf
• [BUGFIX] Fix double-counting bug in. #1118promhttp.InstrumentRoundTripperCounter
1.13.0 / 2022-08-05
• [CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).
• [ENHANCEMENT] Addedflyteorg/flytecopilot GitHub Actions: Build & Push Flyte copilot Image GitHub Actions: Goreleaser GitHub Actions: Bump Version GitHub Actions: Build & Push Flyte copilot Image / Push to Github Registry ✅ 8 other checks have passed 8/12 successful checksinterface forprometheus.TransactionalGatherer
use which allows using low allocation update techniques for custom colle…promhttp.Handler
GitHub
10/03/2023, 2:19 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
flyteorg/flytecopilot
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Goreleaser
GitHub Actions: Bump Version
GitHub Actions: Build & Push Flyte copilot Image / Push to Github Registry
✅ 8 other checks have passed
8/12 successful checksGitHub
10/03/2023, 2:19 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
flyteorg/flytecopilot
GitHub Actions: Goreleaser
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Bump Version
GitHub Actions: Build & Push Flyte copilot Image / Push to Github Registry
✅ 8 other checks have passed
8/12 successful checksGitHub
10/03/2023, 2:19 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
flyteorg/flytecopilot
GitHub Actions: Goreleaser
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Bump Version
GitHub Actions: Build & Push Flyte copilot Image / Push to Github Registry
✅ 6 other checks have passed
6/10 successful checksGitHub
10/03/2023, 2:19 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
flyteorg/flytecopilot
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Goreleaser
GitHub Actions: Bump Version
GitHub Actions: Build & Push Flyte copilot Image / Push to Github Registry
✅ 8 other checks have passed
8/12 successful checksGitHub
10/03/2023, 2:19 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
flyteorg/flytecopilot
GitHub Actions: Goreleaser
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Bump Version
GitHub Actions: Build & Push Flyte copilot Image / Push to Github Registry
✅ 8 other checks have passed
8/12 successful checksGitHub
10/03/2023, 2:19 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
flyteorg/flytecopilot
GitHub Actions: Goreleaser
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Bump Version
GitHub Actions: Build & Push Flyte copilot Image / Push to Github Registry
GitHub Actions: Check Go Gennerate / Go Generate
✅ 7 other checks have passed
7/12 successful checksGitHub
10/03/2023, 2:19 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
flyteorg/flytecopilot
GitHub Actions: Build & Push Flyte copilot Image
GitHub Actions: Goreleaser
GitHub Actions: Bump Version
GitHub Actions: Build & Push Flyte copilot Image / Push to Github Registry
✅ 8 other checks have passed
8/12 successful checksGitHub
10/03/2023, 2:20 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
Note > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.flyteorg/flyteadmin GitHub Actions: Build & Push Flytescheduler Image GitHub Actions: Build & Push Flyteadmin Image GitHub Actions: Goreleaser GitHub Actions: Bump Version ✅ 10 other checks have passed 10/14 successful checks
GitHub
10/03/2023, 2:20 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
flyteorg/flyteadmin
GitHub Actions: Build & Push Flyteadmin Image
GitHub Actions: Goreleaser
GitHub Actions: Build & Push Flytescheduler Image
GitHub Actions: Bump Version
✅ 10 other checks have passed
10/14 successful checksGitHub
10/03/2023, 2:20 AM1.11.1 / 2022-02-15
• [SECURITY FIX] promhttp: Check validity of method and code label values prometheus/client_golang#987 (Addressed `CVE-2022-21698`)
What's Changed
• promhttp: Check validity of method and code label values by `@bwplotka` and `@kakkoyun` in prometheus/client_golang#987
Full Changelog: prometheus/client_golang@v1.11.0...v1.11.1
v1.11.0 / 2021-06-07
• [CHANGE] Add new collectors package. #862
• [CHANGE]is deprecated, useprometheus.NewExpvarCollector
instead. #862collectors.NewExpvarCollector
• [CHANGE]is deprecated, useprometheus.NewGoCollector
instead. #862collectors.NewGoCollector
• [CHANGE]is deprecated, useprometheus.NewBuildInfoCollector
instead. #862collectors.NewBuildInfoCollector
• [FEATURE] Add new collector for database/sql#DBStats. #866
• [FEATURE] API client: Add exemplars API support. #861
• [ENHANCEMENT] API client: Add newer fields to Rules API. #855
• [ENHANCEMENT] API client: Add missing fields to Targets API. #856
What's Changed
• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#846
• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#849
• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#853
• Add newer fields to Rules API by `@gouthamve` in prometheus/client_golang#855
• Add missing fields to targets API by `@yeya24` in prometheus/client_golang#856
• Synchronize common files from prometheus/prometheus by `@prombot` in prometheus/client_golang#857
• Add exemplars API support by `@yeya24` in prometheus/client_golang#861
• Improve description of MaxAge in summary docs by `@Dean-Coakley` in prometheus/client_golang#864
• Add new collectors package by `@johejo` in prometheus/client_golang#862
• Add collector for database/sql#DBStats by `@johejo` in prometheus/client_golang#866
• Make dbStatsCollector more DRY by `@beorn7` in prometheus/client_golang#867
• Change maintainers from `@beorn7` to @bwplotka/`@kakkoyun` by `@beorn7` in prometheus/client_golang#873
• Document implications of negative observations by `@beorn7` in prometheus/client_golang#871
• Update Go modules by `@SuperQ` in prometheus/client_golang#875
New Contributors
• `@gouthamve` made their first contribution in prometheus/client_golang#855
Full Changelog: prometheus/client_golang@v1.10.0...v1.11.0
1.10.0 / 2021-03-18
• [CHANGE] Minimum required Go version is now 1.13.
• [CHANGE] API client: Add matchers toandLabelNames
. #828LabesValues
• [FEATURE] API client: Add buildinfo call. #841
• [BUGFIX] Fix build on riscv64. #833
What's Changed
• Add SECURITY.md by `@roidelapluie` in prometheus/client_golang#831
• Bump prometheus/procfs to 0.3.0 to fix building on riscv64 by `@zhsj` in prometheus/client_golang#833
• Fix typo in comments in prometheus/client_golang#835... (truncated) Changelog _Sourced from github.com/prometheus/client_golang's changelog._
Unreleased
1.14.0 / 2022-11-08
• [FEATURE] Add Support for Native Histograms. #1150
• [CHANGE] Extendto implementprometheus.Registry
interface. #1103prometheus.Collector
1.13.1 / 2022-11-01
• [BUGFIX] Fix race condition with Exemplar in Counter. #1146
• [BUGFIX] Fixvalue ofCumulativeCount
bucket created from exemplar. #1148+Inf
• [BUGFIX] Fix double-counting bug in. #1118promhttp.InstrumentRoundTripperCounter
1.13.0 / 2022-08-05
• [CHANGE] Minimum required Go version is now 1.17 (we also test client_golang against new 1.19 version).
• [ENHANCEMENT] Addedflyteorg/flyteadmin GitHub Actions: Goreleaser GitHub Actions: Build & Push Flyteadmin Image GitHub Actions: Build & Push Flytescheduler Image GitHub Actions: Bump Version Codecov: 60.14% (-0.04%) compared to dea5b2a ✅ 9 other checks have passed 9/14 successful checksinterface forprometheus.TransactionalGatherer
use which allows using low allocation update techniques for custom colle…promhttp.Handler
GitHub
10/03/2023, 2:20 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
Note > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.flyteorg/flyteadmin GitHub Actions: Build & Push Flyteadmin Image GitHub Actions: Goreleaser GitHub Actions: Build & Push Flytescheduler Image GitHub Actions: Bump Version ✅ 10 other checks have passed 10/14 successful checks
GitHub
10/03/2023, 2:20 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
Note > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.flyteorg/flyteadmin GitHub Actions: Goreleaser GitHub Actions: Build & Push Flyteadmin Image GitHub Actions: Build & Push Flytescheduler Image GitHub Actions: Bump Version GitHub Actions: Unit Tests / Run Unit Test ✅ 7 other checks have passed 7/12 successful checks
GitHub
10/03/2023, 2:20 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
Note > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.flyteorg/flyteadmin GitHub Actions: Build & Push Flyteadmin Image GitHub Actions: Goreleaser GitHub Actions: Build & Push Flytescheduler Image GitHub Actions: Bump Version GitHub Actions: Check Go Generate / Go Generate ✅ 9 other checks have passed 9/14 successful checks
GitHub
10/03/2023, 2:20 AM@dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels
will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
Note > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.flyteorg/flyteadmin GitHub Actions: Goreleaser GitHub Actions: Build & Push Flyteadmin Image GitHub Actions: Build & Push Flytescheduler Image GitHub Actions: Bump Version ✅ 10 other checks have passed 10/14 successful checks
GitHub
10/03/2023, 2:20 AM[SECURITY] v1.2.26
```
v1.2.26 - 14 Jun 2023
[Security]
* Potential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability
for JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10,
all v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by
@shogo82148.
Please note that v0 versions will NOT receive fixes.
This release fixes these vulnerabilities for the v1 series.
```
v1.2.25
```
v1.2.25 23 May 2022
[Bug Fixes][Security]
* [jwe] An old bug from at least 7 years ago existed in handling AES-CBC unpadding,
where the unpad operation might remove more bytes than necessary ([#744](https://github.com/lestrrat-go/jwx/issues/744))
This affects all jwx code that is available before v2.0.2 and v1.2.25.
```
v1.2.24
```
v1.2.24 05 May 2022
[Security]
* Upgrade golang.org/x/crypto ([#724](https://github.com/lestrrat-go/jwx/issues/724))
```
v1.2.23
```
v1.2.23 13 Apr 2022
[Bug fixes]
* [jwk] jwk.AutoRefresh had a race condition whenwasConfigure()
called concurrently ([#686](https://github.com/lestrrat-go/jwx/issues/686))
(It has been patched correctly, but we may come back to revisit
the design choices in the near future)
```
v1.2.22
```
v1.2.22 08 Apr 2022
[Bug fixes]
* [jws] jws.Verify was ignoring theheader when it was presentb64
in the protected headers ([#681](https://github.com/lestrrat-go/jwx/issues/681)). Now the following should work:
jws.Sign(..., jws.WithDetachedPayload(payload))
// previously payload had to be base64 encoded
jws.Verify(..., jws.WithDetachedPayload(payload))
```... (truncated) Changelog Sourced from github.com/lestrrat-go/jwx's changelog.
v1.2.26 - 14 Jun 2023 [Security]
• Potential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability for JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10, all v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by `@shogo82148`.
Please note that v0 versions will NOT receive fixes. This release fixes these vulnerabilities for the v1 series.
[Miscellaneous]
• JWE tests now only run algorithms that are supported by the underlyingtooljose
v1.2.25 23 May 2022 [Bug Fixes][Security]
• [jwe] An old bug from at least 7 years ago existed in handling AES-CBC unpadding, where the unpad operation might remove more bytes than necessary (#744) This affects all jwx code that is available before v2.0.2 and v1.2.25.
v1.2.24 05 May 2022 [Security]
• Upgrade golang.org/x/crypto (#724)
v1.2.23 13 Apr 2022 [Bug fixes]
• [jwk] jwk.AutoRefresh had a race condition whenwas called concurrently (#686) (It has been patched correctly, but we may come back to revisit the design choices in the near future)Configure()
v1.2.22 08 Apr 2022 [Bug fixes]
• [jws] jws.Verify was ignoring theheader when it was present in the protected headers (#681). Now the following should work:b64
jws.Sign(..., jws.WithDetachedPayload(payload)) // previously payload had to be base64 encoded jws.Verify(..., jws.WithDetachedPayload(payload))
(note: v2 branch was not affected)
v1.2.21 30 Mar 2022 [Bug fixes]
• [jwk] RSA keys without p and q can now be parsed.
v1.2.20 03 Mar 2022 [Miscellaneous]
• Dependency on golang.org/x/crypto has been upgraded to v0.0.0-20220214200702-86341886e292 to address... (truncated) Commits • `d9ddbc8` merge v1 (#936) • `ad8c29d` merge develop/v1 (#747) • `e38f677` Merge develop/v1 (#727) • `baba561` Merge branch 'develop/v1' into v1 • `8ff6c75` Update Changes • `ea97e8c` Fix race in
jwk.AutoRefresh
(#686)
• `f4701e1` Update Changes
• `e831228` Fix jws.Verify not respecting the b64 header in the protected headers (#683)
• `b66a2cb` backport: Update golangci lint (#679) (#680)
• `4899c32` reword error
• Additional commits viewable in compare view
Dependabot compatibility score
You can trigger a rebase of this PR by commenting @dependabot rebase
.
* * *
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
• @dependabot rebase
will rebase this PR
• @dependabot recreate
will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge
will merge this PR after your CI passes on it
• @dependabot squash and merge
will squash and merge this PR after your CI passes on it
• @dependabot cancel merge
will cancel a previously requested merge and block automerging
• @dependabot reopen
will reopen this PR if it is closed
• @dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Note > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.flyteorg/flyteadmin GitHub Actions: Build & Push Flyteadmin Image GitHub Actions: Build & Push Flytescheduler Image GitHub Actions: Goreleaser GitHub Actions: Bump Version ✅ 8 other checks have passed 8/12 successful checks
GitHub
10/03/2023, 2:21 AMalpine:3.15
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/43035446bb7287edf9e64604992482e9a37c8d409b161bf694006a7c1087c614/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f694a685a5749355a44466d5953316a4e44566b4c5451324e6a4d74596a45344e5330314f5449335a6a4e6d4d444a684f4467694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496d466c596a6c6b4d575a684c574d304e5751744e4459324d7931694d5467314c5455354d6a646d4d3259774d6d45344f434a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/flyteadminGitHub
10/03/2023, 2:21 AMalpine:3.11
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/8551f8e5fbeef485e86998635af245f6ed8dc00db5ca07d3a31456c1a39a07e1/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f6949784d6a4d34595452685a4330304e4751774c5451344d5759744f47457a597930784e44426c4e4459774e44646c4f5751694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a45794d7a68684e47466b4c5451305a4441744e4467785a69303459544e6a4c5445304d4755304e6a41304e3255355a434a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
flyteorg/flyteadminGitHub
10/03/2023, 2:21 AMalpine:3.13
, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.
Some of the most important vulnerabilities in your base image include:
* * *
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: https://camo.githubusercontent.com/0e7a048470396de0deb2932b829508ae5f2507d3fe74f70ed027c29e318c15fa/68747470733a2f2f6170692e7365676d656e742e696f2f76312f706978656c2f747261636b3f646174613d65794a33636d6c305a55746c65534936496e4a79576d785a634564485932527954485a7362306c596430645563566734576b4652546e4e434f5545774969776959573576626e6c746233567a535751694f69493059545533597a566b4e69316d4e6a4a6b4c5451304f475974596d4e6b4e5330775a4751324f4451315a6d466c4e544d694c434a6c646d567564434936496c425349485a705a58646c5a434973496e42796233426c636e52705a584d694f6e736963484a4a5a434936496a52684e54646a4e5751324c5759324d6d51744e4451345a693169593251314c54426b5a4459344e44566d595755314d794a3966513d3d
🧐 View latest project report
🛠️ Adjust project settings
* * *
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
flyteorg/flyteadmin
GitHub Actions: Build & Push Flyteadmin Image
GitHub Actions: Build & Push Flytescheduler Image
GitHub Actions: Goreleaser
GitHub Actions: Bump Version
GitHub Actions: Lint / Run Lint
DCO: DCO
✅ 8 other checks have passed
8/14 successful checks