Skip to content

Bump github.com/hashicorp/nomad from 0.9.0-rc2 to 1.0.18 #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump github.com/hashicorp/nomad from 0.9.0-rc2 to 1.0.18 #39

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 21, 2022

Bumps github.com/hashicorp/nomad from 0.9.0-rc2 to 1.0.18.

Release notes

Sourced from github.com/hashicorp/nomad's releases.

v1.0.15

1.0.15 (December 13, 2021)

SECURITY:

  • Updated to Go 1.16.12. Earlier versions of Go contained 2 CVEs. CVE-2021-44717 could allow a task on a Unix system with exhausted file handles to misdirect I/O. CVE-2021-44716 could create unbounded memory growth in HTTP2 servers. Nomad servers do not use HTTP2. [GH-11662]

v1.0.11

IMPROVEMENTS:

  • deps: Updated go-memdb to v1.3.2 [GH-11185]

BUG FIXES:

  • audit (Enterprise): Don't timestamp active audit log file. [GH-11198]
  • cli: Display all possible scores in the allocation status table [GH-11128]
  • cli: Fixed a bug where the NOMAD_CLI_NO_COLOR environment variable was not always applied [GH-11168]
  • client: Task vars should take precedence over host vars when performing interpolation. [GH-11206]

Binaries - https://releases.hashicorp.com/nomad/1.0.11/

v1.0.6

https://github.com/hashicorp/nomad/blob/release-1.0.6/CHANGELOG.md

1.0.6 (May 18, 2021)

BUG FIXES:

  • core (Enterprise): Update licensing library to v0.0.11 to include race condition fix. [GH-10253]
  • agent: Only allow querying Prometheus formatted metrics if Prometheus is enabled within the config [GH-10140]
  • api: Ensured that api.LicenseGet returned response meta data [GH-10276]
  • api: Added missing devices block to AllocatedTaskResources [GH-10064]
  • api: Fixed a panic that may occur on concurrent access to an SDK client [GH-10302]
  • cli: Fixed a bug where non-int proxy port would panic CLI [GH-10072]
  • cli: Fixed a bug where snapshot agent command panics on launch [GH-10276]
  • cli: Remove extra linefeeds in monitor.log files written by nomad operator debug. [GH-10252]
  • cli: Fixed a bug where parsing HCLv2 may panic on some variable interpolation syntax [GH-10326] [GH-10419]
  • cli: Fixed a bug where nomad operator debug incorrectly parsed https Consul API URLs. [GH-10082]
  • cli: Fixed a panic where nomad job run or plan would crash when supplied with non-existent -var-file files. [GH-10569]
  • client: Fixed log formatting when killing tasks. [GH-10135]
  • client: Added handling for cgroup-v2 memory metrics [GH-10286]
  • client: Only publish measured allocation memory metrics [GH-10376]
  • client: Fixed a bug where small files would be assigned the wrong content type. [GH-10348]
  • consul/connect: Fixed a bug where job plan always different when using expose checks. [GH-10492]
  • consul/connect: Fixed a bug where HTTP ingress gateways could not use wildcard names. [GH-10457]
  • cni: Fallback to an interface with an IP address if sandbox interface lacks one. [GH-9895]
  • csi: Fixed a bug where volume with IDs that are a substring prefix of another volume could use the wrong volume for feasibility checking. [GH-10158]
  • drivers/docker: Fixed a bug where Dockerfile STOPSIGNAL was not honored. [GH-10441]
  • drivers/raw_exec: Fixed a bug where exit codes could be dropped and return a spurious error. [GH-10494]
  • scheduler: Fixed a bug where Nomad reports negative or incorrect running children counts for periodic jobs. [GH-10145]
  • scheduler: Fixed a bug where jobs requesting multiple CSI volumes could be incorrectly scheduled if only one of the volumes passed feasibility checking. [GH-10143]

... (truncated)

Changelog

Sourced from github.com/hashicorp/nomad's changelog.

1.0.18 (February 9, 2022)

BACKWARDS INCOMPATIBILITIES:

  • ACL authentication is now required for the Nomad API job parse endpoint to address a potential security vulnerability

SECURITY:

  • Add ACL requirement and HCL validation to the job parse API endpoint to prevent excessive CPU usage. CVE-2022-24685 [GH-12038]
  • Fix race condition in use of go-getter that could cause a client agent to download the wrong artifact into the wrong destination. CVE-2022-24686 [GH-12036]
  • Prevent panic in spread iterator during allocation stop. CVE-2022-24684 [GH-12039]
  • Resolve symlinks to prevent unauthorized access to files outside the allocation directory. CVE-2022-24683 [GH-12037]

1.0.17 (February 1, 2022)

BUG FIXES:

  • csi: Fixed a bug where garbage collected allocations could block new claims on a volume [GH-11890]
  • csi: Fixed a bug where releasing volume claims would fail with ACL errors after leadership transitions. [GH-11891]
  • csi: Fixed a bug where volume claim releases that were not fully processed before a leadership transition would be ignored [GH-11776]
  • csi: Unmount volumes from the client before sending unpublish RPC [GH-11892]

1.0.16 (January 18, 2022)

BUG FIXES:

  • agent: Validate reserved_ports are valid to prevent unschedulable nodes. [GH-11830]
  • cli: Fixed a bug where the -stale flag was not respected by nomad operator debug [GH-11678]
  • client: Fixed a bug where clients would ignore the client_auto_join setting after losing connection with the servers, causing them to incorrectly fallback to Consul discovery if it was set to false. [GH-11585]
  • client: Fixed a memory and goroutine leak for batch tasks and any task that exits without being shut down from the server [GH-11741]
  • client: Fixed host network reserved port fingerprinting [GH-11728]
  • core: Fix missing fields in Node.Copy() [GH-11744]
  • csi: Fixed a bug where deregistering volumes would attempt to deregister the wrong volume if the ID was a prefix of the intended volume [GH-11852]
  • drivers: Fixed a bug where the resolv.conf copied from the system was not readable to unprivileged processes within the task [GH-11856]
  • quotas (Enterprise): Fixed a bug quotas can be incorrectly calculated when nodes fail ranking. [GH-11848]
  • rpc: Fixed scaling policy get index response when the policy is found [GH-11579]
  • scheduler: detect, log, and emit nomad.nomad.plan.node_rejected metric when an unexpected port collision is detected [GH-11793]
  • scheduler: Fixed a performance bug where spread and node affinity can cause a job to take longer than the nack timeout to be evaluated. [GH-11712]
  • template: Fixed a bug where templates did not receive an updated vault token if change_mode = "noop" was set in the job definition's vault stanza. [GH-11783]

1.0.15 (December 13, 2021)

SECURITY:

  • Updated to Go 1.16.12. Earlier versions of Go contained 2 CVEs. CVE-2021-44717 could allow a task on a Unix system with exhausted file handles to misdirect I/O. CVE-2021-44716 could create unbounded memory growth in HTTP2 servers. Nomad servers do not use HTTP2. [GH-11662]

1.0.14 (November 19, 2021)

SECURITY:

... (truncated)

Commits
  • 7eb2ad2 Release v1.0.18
  • c46dfd8 Generate files for 1.0.18 release
  • 0146d33 ci: set macos build xcode to a support version
  • 53b2709 chore: go mod tidy
  • bb96eb8 docs: add 1.0.18 to changelog
  • 83e9de5 scheduler: prevent panic in spread iterator during alloc stop
  • 321c221 api: prevent excessice CPU load on job parse
  • 1aa46c3 client: check escaping of alloc dir using symlinks
  • e5c7638 client: fix race condition in use of go-getter
  • c19be8d Release v1.0.17
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump github.com/hashicorp/nomad from 0.9.0-rc2 to 1.0.18
cc5c854 
Bumps [github.com/hashicorp/nomad](https://github.com/hashicorp/nomad) from 0.9.0-rc2 to 1.0.18.
- [Release notes](https://github.com/hashicorp/nomad/releases)
- [Changelog](https://github.com/hashicorp/nomad/blob/main/CHANGELOG.md)
- [Commits](hashicorp/nomad@v0.9.0-rc2...v1.0.18)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/nomad
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 21, 2022
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jun 3, 2022

Superseded by #40.

@dependabot dependabot bot closed this Jun 3, 2022
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/hashicorp/nomad-1.0.18 branch June 3, 2022 23:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant