Add hash and signature checks for cached providers. #3055
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ovider-cache-module-requests
levkohimins
changed the title
levkohimins
changed the title
levkohimins
changed the title
brikis98
reviewed
Apr 23, 2024
cli/provider_cache.go
Outdated
| @@ -69,7 +69,7 @@ func InitProviderCacheServer(opts *options.TerragruntOptions) (*ProviderCacheSer | |||
| if opts.ProviderCacheToken == "" { | |||
| opts.ProviderCacheToken = uuid.New().String() | |||
| } | |||
| // Currently, the cache server only supports the `x-api-key` token. | |||
| // Currently, the cache cache only supports the `x-api-key` token. | |||
There was a problem hiding this comment.
NIT: Search & replace issue? Says "cache cache."
There was a problem hiding this comment.
Yes, fixed, thanks.
cli/provider_cache.go
Outdated
Comment on lines
154
to
155
| // We don't want to use Terraform's `plugin_cache_dir` feature because the cache is populated by our Terragrunt Provider Cache cache, and to make sure that no Terraform process ever overwrites the global cache, we clear this value. | ||
| // In order to force Terraform to queries our cache cache instead of the original one, we use the section below. |
There was a problem hiding this comment.
More search/replace issues resulting in "cache cache," it seems. I won't highlight others; do a scan through, as there are prob more!
There was a problem hiding this comment.
Fixed everywhere, thanks.
cli/provider_cache.go
Outdated
| // This func doesn't change the default CLI config file, only creates a new one at the given path `filename`. Ultimately, we can assign this path to `TF_CLI_CONFIG_FILE`. | ||
| // | ||
| // It creates two types of configuration depending on the `cacheRequestID` variable set. | ||
| // 1. If `cacheRequestID` is set, `terraform init` does _not_ use the provider cache directory, the cache server creates a cache for requested providers and returns HTTP status 423. Since for each module we create the CLI config, using `cacheRequestID` we have opprotuenty later retrieve from the cache server exactly those cached providers that were requested by `terraform init` using this configuration. |
There was a problem hiding this comment.
Suggested change
| // 1. If `cacheRequestID` is set, `terraform init` does _not_ use the provider cache directory, the cache server creates a cache for requested providers and returns HTTP status 423. Since for each module we create the CLI config, using `cacheRequestID` we have opprotuenty later retrieve from the cache server exactly those cached providers that were requested by `terraform init` using this configuration. | |
| // 1. If `cacheRequestID` is set, `terraform init` does _not_ use the provider cache directory, the cache server creates a cache for requested providers and returns HTTP status 423. Since for each module we create the CLI config, using `cacheRequestID` we have the opportunity later retrieve from the cache server exactly those cached providers that were requested by `terraform init` using this configuration. |
| * The Terragrunt Provider Cache server will download the provider from the remote registry, unpack and store it into the cache directory or [create a symlink](#reusing-providers-from-the-user-plugins-directory) if the required provider exists in the user plugins directory. Note that the Terragrunt Provider Cache server will ensure that each unique provider is only ever downloaded and stored on disk once, handling concurrency (from multiple Terraform and Terragrunt instances) correctly. | ||
| * The Terragrunt Provider Cache server returns the HTTP status _429 Locked_ to Terraform. This is because we do _not_ want Terraform to actually download any providers as a result of calling `terraform providers lock` (as that command does _not_ use any caching); we only use that command to get the list of required providers. | ||
| * At this point, all providers are downloaded and cached, so finally, we run `terragrunt init`, which will find all the providers it needs in the cache, and it'll create symlinks to them nearly instantly, with no additional downloading. | ||
| * The Terragrunt Provider Cache server returns the HTTP status _429 Locked_ to Terraform. This is because we do _not_ want Terraform to actually download any providers as a result of calling `terraform init` (as that command does _not_ use any caching); we only use that command to get the list of required providers. |
There was a problem hiding this comment.
NIT: "as that command does not use any caching" isn't accurate for init...
There was a problem hiding this comment.
Ah, indeed. Fixed.
| * [provider-installation](https://developer.hashicorp.com/terraform/cli/config/config-file#provider-installation) forces Terraform to look for for the required providers in the cache directory and create symbolic links to them, if not found, then request them from the remote registry. | ||
| * [host](https://github.com/hashicorp/terraform/issues/28309) forces Terraform to [forward](#how-forwarding-terraform-requests-through-the-terragrunt-Provider-cache-works) all provider requests through the Terragrunt Provider Cache server. | ||
| * Set environment variables: | ||
| * [TF_PLUGIN_CACHE_MAY_BREAK_DEPENDENCY_LOCK_FILE](https://developer.hashicorp.com/terraform/cli/config/config-file#allowing-the-provider-plugin-cache-to-break-the-dependency-lock-file) allows to generate `.terraform.lock.hcl` files based only on provider hashes from the cache directory. | ||
| * [TF_CLI_CONFIG_FILE](https://developer.hashicorp.com/terraform/cli/config/environment-variables#tf_plugin_cache_dir) sets to use just created local CLI config `.terragrunt-cache/.terraformrc` | ||
| * [TF_TOKEN_*](https://developer.hashicorp.com/terraform/cli/config/config-file#environment-variable-credentials) sets per-remote-registry tokens for authentication to Terragrunt Provider Cache server. | ||
| * Any time Terragrunt is going to run `init`: | ||
| * Call `terraform providers lock -platform=cache_provider`. This gets Terraform to request all the providers it needs from the Terragrunt Provider Cache server. | ||
| * Call `terraform init`. This gets Terraform to request all the providers it needs from the Terragrunt Provider Cache server. |
There was a problem hiding this comment.
The docs need to be updated to call out where we do hash/signature checking.
There was a problem hiding this comment.
Understood. I mentioned this in the docs.
| @@ -0,0 +1,58 @@ | |||
| package provider | |||
There was a problem hiding this comment.
Is this all novel code you wrote yourself? Or is it based on the hash/signature checks in Terraform? Or OpenTofu? Due to TF's switch to BSL, we have to be careful about what code we use or copy here!
This question applies to hash.go, package_authentication.go, etc.
There was a problem hiding this comment.
I took the needed code from Terraform 1.5 and changed it by about 10%. Since we are already importing some terraform code as a package, I'm not sure if I need to additionally specify this in these files.
There was a problem hiding this comment.
As long as it is MPL TF, that is fine.
We have unit tests that cover 100% of this functionality. For e2e/integration tests we need to implement a test private registry server to simulate the invalid providers. It's quite time-consuming, but if necessary, I'll do it. Or maybe you can recommend a better approach? Thanks for the review! |
I don't want to spend a ton of time on this, but I do want to build confidence the hashes and signatures are really checked. We can prob merge this PR as-is. That said, is there some compromise solution that you could add in a follow up PR in a few hours? Could you re-use your own code to run a mock registry on localhost? So you execute |
Very interesting idea! I'll think about it, I'm sure I'll come up with something. Thank you! |
levkohimins
changed the title
renovate bot
added a commit
to scottames/dots
that referenced
this pull request
Apr 26, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [aquaproj/aqua-registry](https://togithub.com/aquaproj/aqua-registry) | minor | `v4.163.0` -> `v4.166.0` | | [cue-lang/cue](https://togithub.com/cue-lang/cue) | patch | `v0.8.1` -> `v0.8.2` | | [eza-community/eza](https://togithub.com/eza-community/eza) | patch | `v0.18.11` -> `v0.18.13` | | [gruntwork-io/terragrunt](https://togithub.com/gruntwork-io/terragrunt) | patch | `v0.57.5` -> `v0.57.11` | | [hashicorp/packer](https://togithub.com/hashicorp/packer) | patch | `v1.10.2` -> `v1.10.3` | | [kubernetes/minikube](https://togithub.com/kubernetes/minikube) | minor | `v1.32.0` -> `v1.33.0` | | [marcosnils/bin](https://togithub.com/marcosnils/bin) | patch | `v0.17.4` -> `v0.17.5` | | [rhysd/hgrep](https://togithub.com/rhysd/hgrep) | patch | `v0.3.6` -> `v0.3.7` | | [smallstep/certificates](https://togithub.com/smallstep/certificates) | patch | `v0.26.0` -> `v0.26.1` | | [smallstep/cli](https://togithub.com/smallstep/cli) | patch | `v0.26.0` -> `v0.26.1` | | [weaveworks/eksctl](https://togithub.com/weaveworks/eksctl) | minor | `v0.175.0` -> `v0.176.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>aquaproj/aqua-registry (aquaproj/aqua-registry)</summary> ### [`v4.166.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.166.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.165.0...v4.166.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.166.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.166.0) | aquaproj/aqua-registry@v4.165.0...v4.166.0 #### 🎉 New Packages [#​22190](https://togithub.com/aquaproj/aqua-registry/issues/22190) [gabeduke/kubectl-iexec](https://togithub.com/gabeduke/kubectl-iexec): Kubectl plugin to interactively exec into a pod [@​ponkio-o](https://togithub.com/ponkio-o) #### Fixes [#​22191](https://togithub.com/aquaproj/aqua-registry/issues/22191) dagu-dev/dagu: Rename the package to hotaruswarm/dagu [#​22223](https://togithub.com/aquaproj/aqua-registry/issues/22223) tstack/lnav: Follow up changes of lnav v0.12.1 [#​22225](https://togithub.com/aquaproj/aqua-registry/issues/22225) Orange-OpenSource/hurl: Regenerate the setting ### [`v4.165.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.165.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.164.0...v4.165.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.165.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.165.0) | aquaproj/aqua-registry@v4.164.0...v4.165.0 #### 🎉 New Packages [#​22188](https://togithub.com/aquaproj/aqua-registry/issues/22188) [Checkmarx/kics](https://togithub.com/Checkmarx/kics): Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx #### Fixes [#​22183](https://togithub.com/aquaproj/aqua-registry/issues/22183) sarub0b0/kubetui: Follow up changes of kubetui v1.5.1 [#​22111](https://togithub.com/aquaproj/aqua-registry/issues/22111) gefyrahq/gefyra: Follow up changes of gefyra 2.1.0 ### [`v4.164.0`](https://togithub.com/aquaproj/aqua-registry/releases/tag/v4.164.0) [Compare Source](https://togithub.com/aquaproj/aqua-registry/compare/v4.163.0...v4.164.0) [Issues](https://togithub.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.164.0) | [Pull Requests](https://togithub.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.164.0) | aquaproj/aqua-registry@v4.163.0...v4.164.0 #### 🎉 New Packages [#​21993](https://togithub.com/aquaproj/aqua-registry/issues/21993) [pnpm/pnpm](https://togithub.com/pnpm/pnpm): Fast, disk space efficient package manager [@​tomoyamachi](https://togithub.com/tomoyamachi) #### Fixes [#​22023](https://togithub.com/aquaproj/aqua-registry/issues/22023) golangci/misspell: Follow up changes of misspell v0.5.0 [#​22024](https://togithub.com/aquaproj/aqua-registry/issues/22024) vmware/govmomi/govc: Remove a release v0.17.0 [#​22068](https://togithub.com/aquaproj/aqua-registry/issues/22068) pnpm/pnpm: Support old versions #### 🎉 New Contributors Thank you for your contribution! [@​tomoyamachi](https://togithub.com/tomoyamachi) [#​21993](https://togithub.com/aquaproj/aqua-registry/issues/21993) </details> <details> <summary>cue-lang/cue (cue-lang/cue)</summary> ### [`v0.8.2`](https://togithub.com/cue-lang/cue/releases/tag/v0.8.2) [Compare Source](https://togithub.com/cue-lang/cue/compare/v0.8.1...v0.8.2) This release includes a single fix for `cue get go`: [CL 1193892](https://cuelang.org/cl/1193892) fixes a regression introduced in `cue get go` in `v0.8.1` which caused transitive package dependencies to no longer be generated. </details> <details> <summary>eza-community/eza (eza-community/eza)</summary> ### [`v0.18.13`](https://togithub.com/eza-community/eza/releases/tag/v0.18.13): eza v0.18.13 [Compare Source](https://togithub.com/eza-community/eza/compare/v0.18.11...v0.18.13) ### Description So tiny :3 ### Changelog #### \[0.18.13] - 2024-04-25 ##### Features - Generate completion/manpage tarballs on release ##### Miscellaneous Tasks - Release eza v0.18.13 ### Checksums #### sha256sum 6c131105f340dca8673c9b719b12fc38ed3dca563dfe364a9d593d23b16531f1 ./target/bin-0.18.13/eza_aarch64-unknown-linux-gnu.tar.gz 4aeca286e099af02fc61956c3fd86139eb99e939be97978b20c21f425272ca03 ./target/bin-0.18.13/eza_aarch64-unknown-linux-gnu.zip 5ee6341617d26df3531bd404bd1bed6b438dca778828539b98c244fe7a3a6899 ./target/bin-0.18.13/eza_arm-unknown-linux-gnueabihf.tar.gz a54181ca9df0f617312f5ad7e27fd835fbdb0b78e3b1a1f27e22802f7afc91b5 ./target/bin-0.18.13/eza_arm-unknown-linux-gnueabihf.zip 9fc1593a9a8d9b86a2d5f7b596765ccf73c5fc67a824d891e832a2c634eca29a ./target/bin-0.18.13/eza.exe_x86_64-pc-windows-gnu.tar.gz 55f6456ff3371c19945f24619a490f2387b0dcc3a98272f4040b33f5a046d953 ./target/bin-0.18.13/eza.exe_x86_64-pc-windows-gnu.zip 0ec56b9f2b26626d171c7088f36172229d209d7142acacb60c64b35395765ec1 ./target/bin-0.18.13/eza_x86_64-unknown-linux-gnu.tar.gz 212d7d52b4fa8bfce5f9c89a0f46a3ba589ec27ffb1f2617e0c9611243296eab ./target/bin-0.18.13/eza_x86_64-unknown-linux-gnu.zip c0e1f181e6b477bd0efb3cdd8a0704c20743eb6ee590ff2177a1e243cbd684a5 ./target/bin-0.18.13/eza_x86_64-unknown-linux-musl.tar.gz 46be33b7d4edcfd36707502ba0432ce3ffb355a7b2c75fa0b8ac05d24e076b25 ./target/bin-0.18.13/eza_x86_64-unknown-linux-musl.zip #### md5sum 4872b19fefb1de6c04d1476dfcb2faa5 ./target/bin-0.18.13/eza_aarch64-unknown-linux-gnu.tar.gz 9b8020fe8cd2aedd344af16f62afce81 ./target/bin-0.18.13/eza_aarch64-unknown-linux-gnu.zip 7025bd9202c23ff2c6e9d7ba92d172c7 ./target/bin-0.18.13/eza_arm-unknown-linux-gnueabihf.tar.gz ea72a1a7a2a7e053128d26f2349e1156 ./target/bin-0.18.13/eza_arm-unknown-linux-gnueabihf.zip 99f766d9793aabb9a8177e7f9e0d9eff ./target/bin-0.18.13/eza.exe_x86_64-pc-windows-gnu.tar.gz 0b12ff03ff4a210102b3d094f79e07cd ./target/bin-0.18.13/eza.exe_x86_64-pc-windows-gnu.zip 86f39a404b3dbed94137db83cc5aab2d ./target/bin-0.18.13/eza_x86_64-unknown-linux-gnu.tar.gz 7ae49188edac0dceeb9391389764fc84 ./target/bin-0.18.13/eza_x86_64-unknown-linux-gnu.zip 6200b504b469c9efae48efc0617f8fc7 ./target/bin-0.18.13/eza_x86_64-unknown-linux-musl.tar.gz 1a5c3bf4c5bf139e590c7a3195602ea8 ./target/bin-0.18.13/eza_x86_64-unknown-linux-musl.zip #### blake3sum 1f5380c6a24c91c4160195e365e4ae304cbb7340d348b8df1bdc3c1cfb095314 ./target/bin-0.18.13/eza_aarch64-unknown-linux-gnu.tar.gz 62335ae8bcf7d29ff30519550ea966f7ac8884e700fccf4e4106fdb558ed23f2 ./target/bin-0.18.13/eza_aarch64-unknown-linux-gnu.zip 56763e95ebe41588f84a14affcdf72b8be39c3377c861e4efb2ae7dde1145ebb ./target/bin-0.18.13/eza_arm-unknown-linux-gnueabihf.tar.gz 47c96f8f02d7e3253b5f0dc6b92bc24855f9d4a23994bb9c6dc6c74f733e5fd0 ./target/bin-0.18.13/eza_arm-unknown-linux-gnueabihf.zip 702441baab68ec34bbdc1baf49aa9fde9787e5fb1a4c78bd3f2443e3b256cd40 ./target/bin-0.18.13/eza.exe_x86_64-pc-windows-gnu.tar.gz b41e1f042544a56bcf9dddb4b5e2c6f4a11317f7a36481af9f4ebe32cc2561e1 ./target/bin-0.18.13/eza.exe_x86_64-pc-windows-gnu.zip e79f39138a8eb227d3416a935c15948371e0526fda5ba1c938d2c96f13920946 ./target/bin-0.18.13/eza_x86_64-unknown-linux-gnu.tar.gz 25f2d26d53a6dd10d52fb08bada2b0da29067ec3c1bf8250576cfe4339828229 ./target/bin-0.18.13/eza_x86_64-unknown-linux-gnu.zip 0552905466e3a3ec9451aaebad0dcadca93ecdf704387a1d91342c8e85be6334 ./target/bin-0.18.13/eza_x86_64-unknown-linux-musl.tar.gz 2cf1b5cf9674bf00604c09050be5ec9f3debcdb5e4ef12d6d85a9fb7970dfebf ./target/bin-0.18.13/eza_x86_64-unknown-linux-musl.zip </details> <details> <summary>gruntwork-io/terragrunt (gruntwork-io/terragrunt)</summary> ### [`v0.57.11`](https://togithub.com/gruntwork-io/terragrunt/releases/tag/v0.57.11) [Compare Source](https://togithub.com/gruntwork-io/terragrunt/compare/v0.57.10...v0.57.11) #### Updated CLI args, config attributes and blocks - `run-all show` - `show` #### Updated CLI args, config attributes and blocks - Synced Terraform CLI args for `show` command by [@​ignatenkobrain](https://togithub.com/ignatenkobrain) #### Related links - [gruntwork-io/terragrunt#3075 ### [`v0.57.10`](https://togithub.com/gruntwork-io/terragrunt/releases/tag/v0.57.10) [Compare Source](https://togithub.com/gruntwork-io/terragrunt/compare/v0.57.9...v0.57.10) #### Updated CLI args, config attributes and blocks - OpenTelemetry traces reporting #### Description - Added `TRACEPARENT` environment variable support for reporting parent traces in OpenTelemetry trace collection. #### Related links - [gruntwork-io/terragrunt#3098 ### [`v0.57.9`](https://togithub.com/gruntwork-io/terragrunt/releases/tag/v0.57.9) [Compare Source](https://togithub.com/gruntwork-io/terragrunt/compare/v0.57.8...v0.57.9) #### Description - Added hash and signature checks for cached providers. #### Related links - [gruntwork-io/terragrunt#3055 ### [`v0.57.8`](https://togithub.com/gruntwork-io/terragrunt/releases/tag/v0.57.8) [Compare Source](https://togithub.com/gruntwork-io/terragrunt/compare/v0.57.7...v0.57.8) #### Updated CLI args, config attributes and blocks - `run-all` - `--terragrunt-out-dir` - `--terragrunt-json-out-dir` #### Description - Updated `--terragrunt-out-dir` to use plan from directory hierarchy. - Added new flag `--terragrunt-json-out-dir` to save plan in JSON format. #### Related links - [gruntwork-io/terragrunt#3084 ### [`v0.57.7`](https://togithub.com/gruntwork-io/terragrunt/releases/tag/v0.57.7) [Compare Source](https://togithub.com/gruntwork-io/terragrunt/compare/v0.57.6...v0.57.7) #### Description - Updated `github.com/hashicorp/go-getter` dependency to `1.7.4` #### Special thanks Special thanks to [@​jdaftari-confluent](https://togithub.com/jdaftari-confluent) for their contribution! #### Related links - [gruntwork-io/terragrunt#3088 ### [`v0.57.6`](https://togithub.com/gruntwork-io/terragrunt/releases/tag/v0.57.6) [Compare Source](https://togithub.com/gruntwork-io/terragrunt/compare/v0.57.5...v0.57.6) #### Description - Removed example with destroy execution. - Got rid of code under BUSL license. #### Related links - [gruntwork-io/terragrunt#3074 - [gruntwork-io/terragrunt#3085 </details> <details> <summary>hashicorp/packer (hashicorp/packer)</summary> ### [`v1.10.3`](https://togithub.com/hashicorp/packer/releases/tag/v1.10.3) [Compare Source](https://togithub.com/hashicorp/packer/compare/v1.10.2...v1.10.3) ##### 1.10.3 (April 22, 2024) ##### NOTES - A LICENSE.txt file has been added to the Packer release artifacts. [12981](https://togithub.com/hashicorp/packer/pull/12931) ##### FEATURES - Packer users can now track Packer version and plugin versions used for each build artifact in HCP Packer. [GH-12891](https://togithub.com/hashicorp/packer/pull/12891) [GH-12910](https://togithub.com/hashicorp/packer/pull/12910) [GH-12923](https://togithub.com/hashicorp/packer/pull/12923) [GH-12926](https://togithub.com/hashicorp/packer/pull/12926) ##### SECURITY - Bump github.com/go-jose/go-jose/v3 to address GHSA-c5q2-7r4c-mv6g. [GH-12928](https://togithub.com/hashicorp/packer/pull/12928) - Bump golang.org/x/net to v0.24.0 to address GO-2024-2687. [GH-12924](https://togithub.com/hashicorp/packer/pull/12924) ##### BUG FIXES - cmd/fmt: Display information error when Packer `fmt` fails due to HCL2 parsing error. [GH-12870](https://togithub.com/hashicorp/packer/pull/12870) </details> <details> <summary>kubernetes/minikube (kubernetes/minikube)</summary> ### [`v1.33.0`](https://togithub.com/kubernetes/minikube/releases/tag/v1.33.0) [Compare Source](https://togithub.com/kubernetes/minikube/compare/v1.32.0...v1.33.0-beta.0) 📣😀 **Please fill out our [fast 5-question survey](https://forms.gle/Gg3hG5ZySw8c1C24A)** so that we can learn how & why you use minikube, and what improvements we should make. Thank you! 💃🎉 #### Release Notes #### Version 1.33.0 - 2024-04-19 Features: - Support multi-control plane - HA clusters `--ha` [#​17909](https://togithub.com/kubernetes/minikube/pull/17909) [Tutorial](https://minikube.sigs.k8s.io/docs/tutorials/multi_control_plane_ha_clusters/) - Add support for Kubernetes v1.30 [#​18669](https://togithub.com/kubernetes/minikube/pull/18669) - Support exposing clusterIP services via `minikube service` [#​17877](https://togithub.com/kubernetes/minikube/pull/17877) - Addon gvisor: Add arm64 support [#​18063](https://togithub.com/kubernetes/minikube/pull/18063) [#​18453](https://togithub.com/kubernetes/minikube/pull/18453) - New Addon: YAKD - Kubernetes Dashboard addon [#​17775](https://togithub.com/kubernetes/minikube/pull/17775) Minor Improvements: - Add active kubecontext to `minikube profile list` output [#​17735](https://togithub.com/kubernetes/minikube/pull/17735) - CNI calico: support kubeadm.pod-network-cidr [#​18233](https://togithub.com/kubernetes/minikube/pull/18233) - CNI bridge: Ensure pod communications are allowed [#​16143](https://togithub.com/kubernetes/minikube/pull/16143) - Addon auto-pause: Remove memory leak & add configurable interval [#​17936](https://togithub.com/kubernetes/minikube/pull/17936) - image build: Add `docker.io/library` to image short names [#​16214](https://togithub.com/kubernetes/minikube/pull/16214) - cp: Create directory if not present [#​17715](https://togithub.com/kubernetes/minikube/pull/17715) - Move errors getting logs into log output itself [#​18007](https://togithub.com/kubernetes/minikube/pull/18007) - Add default sysctls to allow privileged ports with no capabilities [#​18421](https://togithub.com/kubernetes/minikube/pull/18421) - Include extended attributes in preload tarballs [#​17829](https://togithub.com/kubernetes/minikube/pull/17829) - Apply `kubeadm.applyNodeLabels` label to all nodes [#​16416](https://togithub.com/kubernetes/minikube/pull/16416) - Limit driver status check to 20s [#​17553](https://togithub.com/kubernetes/minikube/pull/17553) - Include journalctl logs if systemd service fails to start [#​17659](https://togithub.com/kubernetes/minikube/pull/17659) - Fix "Failed to enable container runtime: sudo systemctl restart cri-docker" [#​17907](https://togithub.com/kubernetes/minikube/pull/17907) - Fix containerd redownloading existing images on start [#​17671](https://togithub.com/kubernetes/minikube/pull/17671) - Fix kvm2 not detecting containerd preload [#​17658](https://togithub.com/kubernetes/minikube/pull/17658) - Fix modifying Docker binfmt config [#​17830](https://togithub.com/kubernetes/minikube/pull/17830) - Fix auto-pause addon [#​17866](https://togithub.com/kubernetes/minikube/pull/17866) - Fix not using preload with overlayfs storage driver [#​18333](https://togithub.com/kubernetes/minikube/pull/18333) - Fix image repositories not allowing subdomains with numbers [#​17496](https://togithub.com/kubernetes/minikube/pull/17496) - Fix stopping cluster when using kvm2 with containerd [#​17967](https://togithub.com/kubernetes/minikube/pull/17967) - Fix starting more than one cluster on kvm2 arm64 [#​18241](https://togithub.com/kubernetes/minikube/pull/18241) - Fix starting kvm2 clusters using Linux on arm64 Mac [#​18239](https://togithub.com/kubernetes/minikube/pull/18239) - Fix displaying error when deleting non-existing cluster [#​17713](https://togithub.com/kubernetes/minikube/pull/17713) - Fix no-limit not being respected on restart [#​17598](https://togithub.com/kubernetes/minikube/pull/17598) - Fix not applying `kubeadm.applyNodeLabels` label to nodes added after inital start [#​16416](https://togithub.com/kubernetes/minikube/pull/16416) - Fix logs delimiter output [#​17734](https://togithub.com/kubernetes/minikube/pull/17734) Bugs: - Fix unescaped local host regex [#​18617](https://togithub.com/kubernetes/minikube/pull/18617) - Fix regex on validateNetwork to support special characters [#​18158](https://togithub.com/kubernetes/minikube/pull/18158) Version Upgrades: - Bump Kubernetes version default: v1.30.0 and latest: v1.30.0 [#​18669](https://togithub.com/kubernetes/minikube/pull/18669) - Addon headlamp: Update headlamp-k8s/headlamp image from v0.23.0 to 0.23.1 [#​18517](https://togithub.com/kubernetes/minikube/pull/18517) - Addon inspektor-gadget: Update inspektor-gadget image from v0.26.0 to v0.27.0 [#​18588](https://togithub.com/kubernetes/minikube/pull/18588) - Addon istio-provisioner: Update istio/operator image from 1.21.0 to 1.21.1 [#​18644](https://togithub.com/kubernetes/minikube/pull/18644) - Addon metrics-server: Update metrics-server/metrics-server image from v0.7.0 to v0.7.1 [#​18551](https://togithub.com/kubernetes/minikube/pull/18551) - CNI: Update calico from v3.27.0 to v3.27.3 [#​18206](https://togithub.com/kubernetes/minikube/pull/18206) - CNI: Update flannel from v0.24.4 to v0.25.1 [#​18641](https://togithub.com/kubernetes/minikube/pull/18641) - Kicbase/ISO: Update buildkit from v0.13.0 to v0.13.1 [#​18566](https://togithub.com/kubernetes/minikube/pull/18566) - Kicbase/ISO: Update containerd from v1.7.14 to v1.7.15 [#​18621](https://togithub.com/kubernetes/minikube/pull/18621) - Kicbase/ISO: Update cri-dockerd from v0.3.3 to v0.3.12 [#​18585](https://togithub.com/kubernetes/minikube/pull/18585) - Kicbase/ISO: Update crun from 1.14 to 1.14.4 [#​18610](https://togithub.com/kubernetes/minikube/pull/18610) - Kicbase/ISO: Update docker from 25.0.4 to 26.0.1 [#​18485](https://togithub.com/kubernetes/minikube/pull/18485) [#​18649](https://togithub.com/kubernetes/minikube/pull/18649) - Kicbase/ISO: Update nerdctl from 1.7.4 to 1.7.5 [#​18634](https://togithub.com/kubernetes/minikube/pull/18634) - Kicbase: Update nerdctld from 0.5.1 to 0.6.0 [#​18647](https://togithub.com/kubernetes/minikube/pull/18647) For a more detailed changelog, including changes occurring in pre-release versions, see [CHANGELOG.md](https://togithub.com/kubernetes/minikube/blob/master/CHANGELOG.md). Thank you to our contributors for this release! - Jan Klippel - Jeff MAURY - Jesse Hathaway - Maxime Brunet - Medya Ghazizadeh - Paul Rey - Predrag Rogic - Skalador - Steven Powell - alessandrocapanna - depthlending - guangwu - joaquimrocha - nikitakurakin - racequite - shixiuguo - skoenig - sunyuxuan - syxunion - Товарищ программист Thank you to our PR reviewers for this release! - medyagh (5 comments) - spowelljr (4 comments) - Shubham82 (2 comments) Thank you to our triage members for this release! - afbjorklund (21 comments) - T-Lakshmi (15 comments) - Ritikaa96 (12 comments) - kundan2707 (8 comments) - medyagh (7 comments) #### Installation See [Getting Started](https://minikube.sigs.k8s.io/docs/start/) #### Binary Checksums darwin-amd64: `3aa579e09014c25a1a8e813f3d003eff450a809a04f229d89cd8ed70de81f791` darwin-arm64: `548994f025ed36f91b9a24ff282674b8534c4745535c0511bbbf3112a603a632` linux-s390x: `b20e76e2f3c707e25de9e9acef30329959a30a4dfb3e6a71018179a6f96497ed` linux-amd64: `4bfdc17f0dce678432d5c02c2a681c7a72921cb72aa93ccc00c112070ec5d2bc` linux-arm: `70c1e67533f4866f2f27068a86c6b51341e1de7a130e04ec78eddacdefc57467` linux-arm64: `d7afb43f87190331b2aee451eef0bae699c93d0acb7b57404cc6b6d3698033a7` linux-ppc64le: `e54b521a962696fd07bc0be494a50430efd8c4723761038bc57b59fc1161f19f` windows-amd64.exe: `966c0121e207faa6d2ead6b4710e29675fee362a5a69f71269ef6a8018b84036` #### ISO Checksums amd64: `04eb7bfc98d1d3a6d4995731c3da9e8c0eccc89030d018a6eeea9ea1e3eb08ee`\ arm64: `c93349356c628948e90034e80ae4988a92dd39a7003d5c72cacfc26e0f86b6a9` </details> <details> <summary>marcosnils/bin (marcosnils/bin)</summary> ### [`v0.17.5`](https://togithub.com/marcosnils/bin/releases/tag/v0.17.5) [Compare Source](https://togithub.com/marcosnils/bin/compare/v0.17.4...v0.17.5) #### Changelog - [`24eae61`](https://togithub.com/marcosnils/bin/commit/24eae61) feat: improves `bin ls` output ([#​196](https://togithub.com/marcosnils/bin/issues/196)) </details> <details> <summary>rhysd/hgrep (rhysd/hgrep)</summary> ### [`v0.3.7`](https://togithub.com/rhysd/hgrep/blob/HEAD/CHANGELOG.md#v037---21-Apr-2024) [Compare Source](https://togithub.com/rhysd/hgrep/compare/v0.3.6...v0.3.7) - Support many text encodings. Previously only UTF-8 was supported. ([#​21](https://togithub.com/rhysd/hgrep/issues/21)) - Add `--encoding` (`-E`) command line option to specify file encoding of matched files. For example, the following command searches files encoded in Shift JIS. ```sh hgrep --encoding sjis pattern path/to/dir ``` - Detect file encodings from [BOM](https://en.wikipedia.org/wiki/Byte_order_mark). hgrep can automatically detect UTF-16LE, UTF-16BE, and UTF-8 if BOM exists in the file. - Fix some syntax detection fails when BOM is inserted at the head of file. ([#​20](https://togithub.com/rhysd/hgrep/issues/20)) - Improve performance by removing redundant `read` system calls on detecting syntax. - Improve error messages when failing to read files \[Changes]\[v0.3.7] </details> <details> <summary>smallstep/certificates (smallstep/certificates)</summary> ### [`v0.26.1`](https://togithub.com/smallstep/certificates/releases/tag/v0.26.1): Step CA v0.26.1 (24-04-22) [Compare Source](https://togithub.com/smallstep/certificates/compare/v0.26.0...v0.26.1) #### Official Release Artifacts ##### Linux - 📦 [step-ca_linux\_0.26.1\_amd64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.26.1/step-ca_linux\_0.26.1\_amd64.tar.gz) - 📦 [step-ca\_0.26.1\_amd64.deb](https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.26.1/step-ca\_0.26.1\_amd64.deb) ##### OSX Darwin - 📦 [step-ca_darwin\_0.26.1\_amd64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.26.1/step-ca_darwin\_0.26.1\_amd64.tar.gz) - 📦 [step-ca_darwin\_0.26.1\_arm64.tar.gz](https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.26.1/step-ca_darwin\_0.26.1\_arm64.tar.gz) ##### Windows - 📦 [step-ca_windows\_0.26.1\_amd64.zip](https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.26.1/step-ca_windows\_0.26.1\_amd64.zip) For more builds across platforms and architectures, see the `Assets` section below. And for packaged versions (Docker, k8s, Homebrew), see our [installation docs](https://smallstep.com/docs/step-ca/installation). Don't see the artifact you need? Open an issue [here](https://togithub.com/smallstep/certificates/issues/new/choose). #### Signatures and Checksums `step-ca` uses [sigstore/cosign](https://togithub.com/sigstore/cosign) for signing and verifying release artifacts. Below is an example using `cosign` to verify a release artifact: cosign verify-blob \ --certificate step-ca_darwin_0.26.1_amd64.tar.gz.sig.pem \ --signature step-ca_darwin_0.26.1_amd64.tar.gz.sig \ --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ step-ca_darwin_0.26.1_amd64.tar.gz The `checksums.txt` file (in the `Assets` section below) contains a checksum for every artifact in the release. #### Changelog - [`9cbab5a`](https://togithub.com/smallstep/certificates/commit/9cbab5a5) Add changelog for 0.26.1 ([#​1812](https://togithub.com/smallstep/certificates/issues/1812)) - [`d6bf551`](https://togithub.com/smallstep/certificates/commit/d6bf551f) Merge pull request [#​1803](https://togithub.com/smallstep/certificates/issues/1803) from smallstep/herman/fix-scep-vault-ra - [`f4d506f`](https://togithub.com/smallstep/certificates/commit/f4d506f6) Merge pull request [#​1811](https://togithub.com/smallstep/certificates/issues/1811) from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.13.0 - [`1e5e267`](https://togithub.com/smallstep/certificates/commit/1e5e267b) Remove leftover debug print - [`760014c`](https://togithub.com/smallstep/certificates/commit/760014c6) go mod tidy - [`2561a72`](https://togithub.com/smallstep/certificates/commit/2561a727) Dedupe CA and SCEP client creation logic - [`3965305`](https://togithub.com/smallstep/certificates/commit/39653050) Bump github.com/hashicorp/vault/api from 1.12.2 to 1.13.0 - [`65cfee5`](https://togithub.com/smallstep/certificates/commit/65cfee56) Merge pull request [#​1810](https://togithub.com/smallstep/certificates/issues/1810) from smallstep/dependabot/go_modules/google.golang.org/api-0.176.0 - [`8d4effc`](https://togithub.com/smallstep/certificates/commit/8d4effcc) Bump google.golang.org/api from 0.172.0 to 0.176.0 - [`4a37559`](https://togithub.com/smallstep/certificates/commit/4a375592) Merge pull request [#​1809](https://togithub.com/smallstep/certificates/issues/1809) from smallstep/dependabot/go_modules/go.step.sm/crypto-0.44.6 - [`d7ed031`](https://togithub.com/smallstep/certificates/commit/d7ed0312) Merge pull request [#​1808](https://togithub.com/smallstep/certificates/issues/1808) from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.16.0 - [`8720200`](https://togithub.com/smallstep/certificates/commit/87202001) Rewrite SCEP integration tests to only use the HTTPS endpoint - [`57a6b85`](https://togithub.com/smallstep/certificates/commit/57a6b853) Bump go.step.sm/crypto from 0.44.4 to 0.44.6 - [`0ba61c5`](https://togithub.com/smallstep/certificates/commit/0ba61c58) Bump cloud.google.com/go/security from 1.15.6 to 1.16.0 - [`b0fabe1`](https://togithub.com/smallstep/certificates/commit/b0fabe13) Add some SCEP integration tests - [`113a6dd`](https://togithub.com/smallstep/certificates/commit/113a6dd8) Remove reporting the CA mode from startup logs - [`6bc0a86`](https://togithub.com/smallstep/certificates/commit/6bc0a862) Fix CA startup with Vault RA configuration - [`07279dd`](https://togithub.com/smallstep/certificates/commit/07279dd2) Merge pull request [#​1801](https://togithub.com/smallstep/certificates/issues/1801) from smallstep/herman/upgrade-crypto-v0.44.4 - [`4c6b0b3`](https://togithub.com/smallstep/certificates/commit/4c6b0b31) Upgrade `go.step.sm/crypto` to `v0.44.4` - [`f1a2c68`](https://togithub.com/smallstep/certificates/commit/f1a2c68f) Merge pull request [#​1798](https://togithub.com/smallstep/certificates/issues/1798) from smallstep/herman/fix-instrumented-key-manager - [`7df3ad0`](https://togithub.com/smallstep/certificates/commit/7df3ad05) Merge pull request [#​1797](https://togithub.com/smallstep/certificates/issues/1797) from smallstep/mariano/init-scep - [`4202d66`](https://togithub.com/smallstep/certificates/commit/4202d667) Remove debug statement - [`d6bbe5b`](https://togithub.com/smallstep/certificates/commit/d6bbe5b0) Add support for `kmsapi.Decrypter` to instrumented key manager - [`721345e`](https://togithub.com/smallstep/certificates/commit/721345ee) Merge pull request [#​1793](https://togithub.com/smallstep/certificates/issues/1793) from verytrap/master - [`db92404`](https://togithub.com/smallstep/certificates/commit/db924043) chore: fix function names in comment - [`725a913`](https://togithub.com/smallstep/certificates/commit/725a913f) Allow custom SCEP key manager - [`397877a`](https://togithub.com/smallstep/certificates/commit/397877a7) Merge pull request [#​1795](https://togithub.com/smallstep/certificates/issues/1795) from smallstep/herman/fix-scep-failinfo-oid - [`b226b6e`](https://togithub.com/smallstep/certificates/commit/b226b6eb) Prevent exposing any internal details in SCEP failure message - [`02956ad`](https://togithub.com/smallstep/certificates/commit/02956ad0) Merge pull request [#​1794](https://togithub.com/smallstep/certificates/issues/1794) from smallstep/herman/fix-scep-failinfo-oid - [`037554e`](https://togithub.com/smallstep/certificates/commit/037554e7) Fix the `id-scep-failInfoText` OID - [`1513152`](https://togithub.com/smallstep/certificates/commit/1513152c) Merge pull request [#​1791](https://togithub.com/smallstep/certificates/issues/1791) from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.32.0 - [`c9ba31a`](https://togithub.com/smallstep/certificates/commit/c9ba31ae) Bump github.com/newrelic/go-agent/v3 from 3.31.0 to 3.32.0 - [`1f69ff8`](https://togithub.com/smallstep/certificates/commit/1f69ff84) Merge pull request [#​1792](https://togithub.com/smallstep/certificates/issues/1792) from smallstep/dependabot/go_modules/google.golang.org/grpc-1.63.2 - [`a76f071`](https://togithub.com/smallstep/certificates/commit/a76f0714) Bump google.golang.org/grpc from 1.62.1 to 1.63.2 - [`08ef9fe`](https://togithub.com/smallstep/certificates/commit/08ef9fe2) Merge pull request [#​1789](https://togithub.com/smallstep/certificates/issues/1789) from smallstep/dependabot/go_modules/golang.org/x/net-0.24.0 - [`57d6285`](https://togithub.com/smallstep/certificates/commit/57d62851) Bump golang.org/x/net from 0.22.0 to 0.24.0 - [`d5758ba`](https://togithub.com/smallstep/certificates/commit/d5758ba3) Merge pull request [#​1784](https://togithub.com/smallstep/certificates/issues/1784) from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.31.0 - [`166c496`](https://togithub.com/smallstep/certificates/commit/166c4968) Merge pull request [#​1785](https://togithub.com/smallstep/certificates/issues/1785) from smallstep/dependabot/go_modules/google.golang.org/api-0.172.0 - [`1be0932`](https://togithub.com/smallstep/certificates/commit/1be0932a) Merge pull request [#​1786](https://togithub.com/smallstep/certificates/issues/1786) from smallstep/carl/winget-fix - [`f04a5e3`](https://togithub.com/smallstep/certificates/commit/f04a5e39) Fix winget release URL - [`d1523c9`](https://togithub.com/smallstep/certificates/commit/d1523c93) Bump google.golang.org/api from 0.171.0 to 0.172.0 - [`44c48a7`](https://togithub.com/smallstep/certificates/commit/44c48a74) Bump github.com/newrelic/go-agent/v3 from 3.30.0 to 3.31.0 - [`188e4e3`](https://togithub.com/smallstep/certificates/commit/188e4e3f) Add version number to winget branch name ([#​1783](https://togithub.com/smallstep/certificates/issues/1783)) #### Thanks! Those were the changes on v0.26.1! Come join us on [Discord](https://discord.gg/X2RKGwEbV9) to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes. </details> <details> <summary>smallstep/cli (smallstep/cli)</summary> ### [`v0.26.1`](https://togithub.com/smallstep/cli/releases/tag/v0.26.1): Step CLI v0.26.1 (24-04-23) [Compare Source](https://togithub.com/smallstep/cli/compare/v0.26.0...v0.26.1) #### Official Release Artifacts Below are the most popular artifacts for `step` on each platform. For packaged versions (Homebrew, Scoop, etc.), see our [installation docs](https://smallstep.com/docs/step-cli/installation). ##### Linux - 📦 [step_linux\_0.26.1\_amd64.tar.gz](https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.26.1/step_linux\_0.26.1\_amd64.tar.gz) - 📦 [step_linux\_0.26.1\_arm64.tar.gz](https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.26.1/step_linux\_0.26.1\_arm64.tar.gz) - 📦 [step_linux\_0.26.1\_armv7.tar.gz](https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.26.1/step_linux\_0.26.1\_armv7.tar.gz) - 📦 [step-cli\_0.26.1\_amd64.deb](https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.26.1/step-cli\_0.26.1\_amd64.deb) - 📦 [step-cli\_0.26.1\_amd64.rpm](https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.26.1/step-cli\_0.26.1\_amd64.rpm) - 📦 [step-cli\_0.26.1\_arm64.deb](https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.26.1/step-cli\_0.26.1\_arm64.deb) - 📦 [step-cli\_0.26.1\_arm64.rpm](https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.26.1/step-cli\_0.26.1\_arm64.rpm) - see `Assets` below for more builds ##### macOS Darwin - 📦 [step_darwin\_0.26.1\_amd64.tar.gz](https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.26.1/step_darwin\_0.26.1\_amd64.tar.gz) - 📦 [step_darwin\_0.26.1\_arm64.tar.gz](https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.26.1/step_darwin\_0.26.1\_arm64.tar.gz) ##### Windows - 📦 [step_windows\_0.26.1\_amd64.zip](https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.26.1/step_windows\_0.26.1\_amd64.zip) - 📦 [step_windows\_0.26.1\_arm64.zip](https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.26.1/step_windows\_0.26.1\_arm64.zip) #### Signatures and Checksums `step` uses [sigstore/cosign](https://togithub.com/sigstore/cosign) for signing and verifying release artifacts. Below is an example using `cosign` to verify a release artifact: cosign verify-blob \ --certificate ~/Download/step_darwin_0.26.1_amd64.tar.gz.pem \ --signature ~/Downloads/step_darwin_0.26.1_amd64.tar.gz.sig \ --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ ~/Downloads/step_darwin_0.26.1_amd64.tar.gz The `checksums.txt` file (in the 'Assets' section below) contains a checksum for every artifact in the release. #### Changelog - [`576d8ad`](https://togithub.com/smallstep/cli/commit/576d8adb) Fix certificate inspect ([#​1153](https://togithub.com/smallstep/cli/issues/1153)) - [`6236b6e`](https://togithub.com/smallstep/cli/commit/6236b6ef) Merge pull request [#​1159](https://togithub.com/smallstep/cli/issues/1159) from smallstep/dependabot/go_modules/github.com/Microsoft/go-winio-0.6.2 - [`7cba07f`](https://togithub.com/smallstep/cli/commit/7cba07fb) Merge branch 'master' into dependabot/go_modules/github.com/Microsoft/go-winio-0.6.2 - [`1e37e72`](https://togithub.com/smallstep/cli/commit/1e37e722) Merge pull request [#​1160](https://togithub.com/smallstep/cli/issues/1160) from smallstep/dependabot/go_modules/go.step.sm/crypto-0.44.6 - [`0a178ea`](https://togithub.com/smallstep/cli/commit/0a178ea4) Bump go.step.sm/crypto from 0.44.3 to 0.44.6 - [`ddcae60`](https://togithub.com/smallstep/cli/commit/ddcae602) Bump github.com/Microsoft/go-winio from 0.6.1 to 0.6.2 - [`31e62a0`](https://togithub.com/smallstep/cli/commit/31e62a07) Bump go version to 1.21 in go.mod ([#​1155](https://togithub.com/smallstep/cli/issues/1155)) - [`60484c9`](https://togithub.com/smallstep/cli/commit/60484c93) Merge pull request [#​1152](https://togithub.com/smallstep/cli/issues/1152) from smallstep/dependabot/go_modules/go.step.sm/crypto-0.44.3 - [`555602c`](https://togithub.com/smallstep/cli/commit/555602c5) Bump go.step.sm/crypto from 0.44.2 to 0.44.3 - [`dc731e0`](https://togithub.com/smallstep/cli/commit/dc731e08) Merge pull request [#​1148](https://togithub.com/smallstep/cli/issues/1148) from smallstep/dependabot/go_modules/golang.org/x/crypto-0.22.0 - [`cb86d05`](https://togithub.com/smallstep/cli/commit/cb86d05e) Bump golang.org/x/crypto from 0.21.0 to 0.22.0 - [`b3c4df5`](https://togithub.com/smallstep/cli/commit/b3c4df58) Merge pull request [#​1143](https://togithub.com/smallstep/cli/issues/1143) from smallstep/carl/winget-fix - [`8b88dc4`](https://togithub.com/smallstep/cli/commit/8b88dc4a) Fix winget release URL - [`b838891`](https://togithub.com/smallstep/cli/commit/b8388911) Add version number to winget branch name ([#​1142](https://togithub.com/smallstep/cli/issues/1142)) - [`6e0fba5`](https://togithub.com/smallstep/cli/commit/6e0fba57) Merge pull request [#​1141](https://togithub.com/smallstep/cli/issues/1141) from smallstep/herman/improve-plugin-not-found-error - [`2ee14c5`](https://togithub.com/smallstep/cli/commit/2ee14c5a) Improve error message when a known plugin is not found #### Thanks! Those were the changes on v0.26.1! Come join us on [Discord](https://discord.gg/X2RKGwEbV9) to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes. </details> <details> <summary>weaveworks/eksctl (weaveworks/eksctl)</summary> ### [`v0.176.0`](https://togithub.com/eksctl-io/eksctl/releases/tag/v0.176.0): eksctl 0.176.0 [Compare Source](https://togithub.com/weaveworks/eksctl/compare/0.175.0...0.176.0-rc.0) ### Release v0.176.0 #### 🚀 Features - Add support for AMIs based on AmazonLinux2023 ([#​7684](https://togithub.com/weaveworks/eksctl/issues/7684)) #### 🎯 Improvements - Display full draft release notes in PR description ([#​7686](https://togithub.com/weaveworks/eksctl/issues/7686)) #### 🐛 Bug Fixes - Enforce `authenticationMode:CONFIG\_MAP` on Outposts ([#​7699](https://togithub.com/weaveworks/eksctl/issues/7699)) - \[EKSCTL create cluster command] Authorise self-managed nodes via `aws-auth configmap` when EKS access entries are disabled ([#​7698](https://togithub.com/weaveworks/eksctl/issues/7698)) - Allow GPU instance types for Windows nodes ([#​7681](https://togithub.com/weaveworks/eksctl/issues/7681)) - Include MixedInstancesPolicy LaunchTemplate for validation ([#​7661](https://togithub.com/weaveworks/eksctl/issues/7661)) - Aim for namespace uniqueness across parallel integration tests specs ([#​7680](https://togithub.com/weaveworks/eksctl/issues/7680)) #### 🧰 Maintenance - Bump mkdocs version ([#​7696](https://togithub.com/weaveworks/eksctl/issues/7696)) - Bump dependencies ([#​7668](https://togithub.com/weaveworks/eksctl/issues/7668)) #### Acknowledgments The eksctl maintainers would like to sincerely thank [@​qclaogui](https://togithub.com/qclaogui). </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 4pm on thursday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/scottames/dots). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMjEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjMyMS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: scottames-github-bot[bot] <162828115+scottames-github-bot[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
terraform providers lock -platform=xxx_xxxxwithterraform init.Fixes #3047.
TODOs
Read the Gruntwork contribution guidelines.
Release Notes (draft)
Added[X] / Removed / Updated.
Check hash and signature of cached providers
Migration Guide