From 712ab886ceb87a19630d6b4c3d2f14f526082b48 Mon Sep 17 00:00:00 2001 From: nginx-bot <68849795+nginx-bot@users.noreply.github.com> Date: Fri, 17 Jan 2025 01:49:39 -0800 Subject: [PATCH 1/4] [cherry-pick] chore(deps): bump the actions group with 3 updates (#7134) chore(deps): bump the actions group with 3 updates (#7123) Bumps the actions group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) and [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint). Updates `github/codeql-action` from 3.28.0 to 3.28.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/48ab28a6f5dbc2a99bf1e0131198dd8f1df78169...b6a472f63d85b9c78a3ac5e89422239fc15e9b3c) Updates `stefanzweifel/git-auto-commit-action` from 5.0.1 to 5.1.0 - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/8621497c8c39c72f3e2a999a26b4ca1b5058a842...e348103e9026cc0eee72ae06630dbe30c8bf7a79) Updates `reviewdog/action-actionlint` from 1.62.0 to 1.63.0 - [Release notes](https://github.com/reviewdog/action-actionlint/releases) - [Commits](https://github.com/reviewdog/action-actionlint/compare/af17f9e3640ac863dbcc515d45f5f35d708d0faf...f3dcc52bc6039e5d736486952379dce3e869e8a2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: stefanzweifel/git-auto-commit-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: reviewdog/action-actionlint dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/dependabot-hugo.yml | 2 +- .github/workflows/image-promotion.yml | 8 ++++---- .github/workflows/lint-format.yml | 2 +- .github/workflows/scorecards.yml | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index de64d6d9ad..4a6847e3b2 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -70,7 +70,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -89,7 +89,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -102,6 +102,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependabot-hugo.yml b/.github/workflows/dependabot-hugo.yml index 834cfffc2a..fb8bc52c21 100644 --- a/.github/workflows/dependabot-hugo.yml +++ b/.github/workflows/dependabot-hugo.yml @@ -46,6 +46,6 @@ jobs: - name: Commit changes if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'go_modules' && contains(steps.dependabot-metadata.outputs.dependency-names, 'hugo') }} id: commit - uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 + uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0 with: commit_message: "Update docs go.mod" diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml index a35b6be007..560d5b3c6f 100644 --- a/.github/workflows/image-promotion.yml +++ b/.github/workflows/image-promotion.yml @@ -143,7 +143,7 @@ jobs: fi - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 if: steps.check-sarif.outputs.sarif_has_results == 'true' with: sarif_file: govulncheck.sarif @@ -468,7 +468,7 @@ jobs: overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: "${{ steps.directory.outputs.directory }}/" @@ -557,7 +557,7 @@ jobs: overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: "${{ steps.directory.outputs.directory }}/" @@ -653,7 +653,7 @@ jobs: overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: "${{ steps.directory.outputs.directory }}/" continue-on-error: true diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index b5c85f65e8..73fddd8348 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -63,7 +63,7 @@ jobs: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: reviewdog/action-actionlint@af17f9e3640ac863dbcc515d45f5f35d708d0faf # v1.62.0 + - uses: reviewdog/action-actionlint@f3dcc52bc6039e5d736486952379dce3e869e8a2 # v1.63.0 with: actionlint_flags: -shellcheck "" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index df42c6ae88..05d1896576 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif From 266066767249b1d51c4a9c4d0cc941247db50aa4 Mon Sep 17 00:00:00 2001 From: nginx-bot <68849795+nginx-bot@users.noreply.github.com> Date: Fri, 17 Jan 2025 01:53:14 -0800 Subject: [PATCH 2/4] [cherry-pick] [pre-commit.ci] pre-commit autoupdate (#7147) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [pre-commit.ci] pre-commit autoupdate (#7124) updates: - [github.com/python-jsonschema/check-jsonschema: 0.30.0 → 0.31.0](https://github.com/python-jsonschema/check-jsonschema/compare/0.30.0...0.31.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 106ce7bff0..79f85b18ae 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -78,7 +78,7 @@ repos: ] - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.30.0 + rev: 0.31.0 hooks: - id: check-jsonschema name: "Check Helm Chart JSON Schema" From 5f8feb0cdbd2823864bbef917e63df549c1c2745 Mon Sep 17 00:00:00 2001 From: nginx-bot <68849795+nginx-bot@users.noreply.github.com> Date: Fri, 17 Jan 2025 01:56:20 -0800 Subject: [PATCH 3/4] update master/minion allowed ingress annotations (#7153) --- .../mergeable-ingress-types/README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/examples/ingress-resources/mergeable-ingress-types/README.md b/examples/ingress-resources/mergeable-ingress-types/README.md index 43035fbbfc..0e27a03e0e 100644 --- a/examples/ingress-resources/mergeable-ingress-types/README.md +++ b/examples/ingress-resources/mergeable-ingress-types/README.md @@ -17,6 +17,7 @@ Masters cannot contain the following annotations: - nginx.org/ssl-services - nginx.org/grpc-services - nginx.org/websocket-services +- nginx.org/use-cluster-ip - nginx.com/sticky-cookie-services - nginx.com/health-checks - nginx.com/health-checks-mandatory @@ -40,11 +41,17 @@ Minions cannot contain the following annotations: - nginx.org/listen-ports - nginx.org/listen-ports-ssl - nginx.org/server-snippets +- appprotect.f5.com/app_protect_enable +- appprotect.f5.com/app_protect_policy +- appprotect.f5.com/app_protect_security_log_enable +- appprotect.f5.com/app_protect_security_log +- appprotectdos.f5.com/app-protect-dos-resource Minions inherent the following annotations from the master, unless they override them: - nginx.org/proxy-connect-timeout - nginx.org/proxy-read-timeout +- nginx.org/proxy-send-timeout - nginx.org/client-max-body-size - nginx.org/proxy-buffering - nginx.org/proxy-buffers @@ -54,7 +61,18 @@ Minions inherent the following annotations from the master, unless they override - nginx.org/lb-method - nginx.org/keepalive - nginx.org/max-fails +- nginx.org/max-conns - nginx.org/fail-timeout +- nginx.org/limit-req-rate +- nginx.org/limit-req-key +- nginx.org/limit-req-zone-size +- nginx.org/limit-req-delay +- nginx.org/limit-req-no-delay +- nginx.org/limit-req-burst +- nginx.org/limit-req-dry-run +- nginx.org/limit-req-log-level +- nginx.org/limit-req-reject-code +- nginx.org/limit-req-scale Note: Ingress Resources with more than one host cannot be used. From 623cada6c1a48de9e4820d088d3492cf5b53d777 Mon Sep 17 00:00:00 2001 From: nginx-bot <68849795+nginx-bot@users.noreply.github.com> Date: Fri, 17 Jan 2025 01:59:58 -0800 Subject: [PATCH 4/4] [cherry-pick] chore(deps): bump the go group across 1 directory with 2 updates (#7148) chore(deps): bump the go group across 1 directory with 2 updates (#7138) * chore(deps): bump the go group across 1 directory with 2 updates Bumps the go group with 2 updates in the / directory: [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) and [sigs.k8s.io/controller-tools](https://github.com/kubernetes-sigs/controller-tools). Updates `github.com/aws/aws-sdk-go-v2/config` from 1.28.9 to 1.28.11 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.9...config/v1.28.11) Updates `sigs.k8s.io/controller-tools` from 0.17.0 to 0.17.1 - [Release notes](https://github.com/kubernetes-sigs/controller-tools/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-tools/blob/main/envtest-releases.yaml) - [Commits](https://github.com/kubernetes-sigs/controller-tools/compare/v0.17.0...v0.17.1) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: sigs.k8s.io/controller-tools dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go ... * fix crds --------- Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 3c3db4dd77..4e56e7a76f 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/nginx/kubernetes-ingress go 1.23.4 require ( - github.com/aws/aws-sdk-go-v2/config v1.28.10 + github.com/aws/aws-sdk-go-v2/config v1.28.11 github.com/aws/aws-sdk-go-v2/service/marketplacemetering v1.25.9 github.com/cert-manager/cert-manager v1.16.2 github.com/dlclark/regexp2 v1.11.4 @@ -37,7 +37,7 @@ require ( github.com/Microsoft/go-winio v0.6.2 // indirect github.com/aws/aws-sdk-go-v2 v1.32.8 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.51 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.52 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 // indirect github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.41 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 // indirect @@ -68,7 +68,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssm v1.56.0 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.7 // indirect github.com/aws/smithy-go v1.22.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect diff --git a/go.sum b/go.sum index 1a2e5bd320..0885bf2e2d 100644 --- a/go.sum +++ b/go.sum @@ -15,10 +15,10 @@ github.com/aws/aws-sdk-go-v2 v1.32.8 h1:cZV+NUS/eGxKXMtmyhtYPJ7Z4YLoI/V8bkTdRZfY github.com/aws/aws-sdk-go-v2 v1.32.8/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc= -github.com/aws/aws-sdk-go-v2/config v1.28.10 h1:fKODZHfqQu06pCzR69KJ3GuttraRJkhlC8g80RZ0Dfg= -github.com/aws/aws-sdk-go-v2/config v1.28.10/go.mod h1:PvdxRYZ5Um9QMq9PQ0zHHNdtKK+he2NHtFCUFMXWXeg= -github.com/aws/aws-sdk-go-v2/credentials v1.17.51 h1:F/9Sm6Y6k4LqDesZDPJCLxQGXNNHd/ZtJiWd0lCZKRk= -github.com/aws/aws-sdk-go-v2/credentials v1.17.51/go.mod h1:TKbzCHm43AoPyA+iLGGcruXd4AFhF8tOmLex2R9jWNQ= +github.com/aws/aws-sdk-go-v2/config v1.28.11 h1:7Ekru0IkRHRnSRWGQLnLN6i0o1Jncd0rHo2T130+tEQ= +github.com/aws/aws-sdk-go-v2/config v1.28.11/go.mod h1:x78TpPvBfHH16hi5tE3OCWQ0pzNfyXA349p5/Wp82Yo= +github.com/aws/aws-sdk-go-v2/credentials v1.17.52 h1:I4ymSk35LHogx2Re2Wu6LOHNTRaRWkLVoJgWS5Wd40M= +github.com/aws/aws-sdk-go-v2/credentials v1.17.52/go.mod h1:vAkqKbMNUcher8fDXP2Ge2qFXKMkcD74qvk1lJRMemM= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23 h1:IBAoD/1d8A8/1aA8g4MBVtTRHhXRiNAgwdbo/xRM2DI= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.23/go.mod h1:vfENuCM7dofkgKpYzuzf1VT1UKkA/YL3qanfBn7HCaA= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.41 h1:hqcxMc2g/MwwnRMod9n6Bd+t+9Nf7d5qRg7RaXKPd6o= @@ -81,8 +81,8 @@ github.com/aws/aws-sdk-go-v2/service/sso v1.24.9 h1:YqtxripbjWb2QLyzRK9pByfEDvgg github.com/aws/aws-sdk-go-v2/service/sso v1.24.9/go.mod h1:lV8iQpg6OLOfBnqbGMBKYjilBlf633qwHnBEiMSPoHY= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8 h1:6dBT1Lz8fK11m22R+AqfRsFn8320K0T5DTGxxOQBSMw= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.8/go.mod h1:/kiBvRQXBc6xeJTYzhSdGvJ5vm1tjaDEjH+MSeRJnlY= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.6 h1:VwhTrsTuVn52an4mXx29PqRzs2Dvu921NpGk7y43tAM= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.6/go.mod h1:+8h7PZb3yY5ftmVLD7ocEoE98hdc8PoKS0H3wfx1dlc= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.7 h1:qwGa9MA8G7mBq2YphHFaygdPe5t9OA7SvaJdwWTlEds= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.7/go.mod h1:+8h7PZb3yY5ftmVLD7ocEoE98hdc8PoKS0H3wfx1dlc= github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro= github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=