Bump k8s.io/client-go from 0.20.1 to 0.21.0 in /k8s #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
…aa@sha256:b690567322e472a2c3edb33e25129bcba0d97caa00c16bce6375244ce11f7000
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.20.1 to 0.20.2. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](kubernetes/api@v0.20.1...v0.20.2) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…aa@sha256:fbb538ec49088e7d1077e083348ef1eda4c0de84ec7bbf0a636733812778fa95
* Add multiple client secret support for uaa.yml * Add test for multiple client secrets in uaa.yml * Type conversion and update client handling * Prevent NullPointer if existing password is null
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.20.1 to 0.20.2. - [Release notes](https://github.com/kubernetes/client-go/releases) - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.20.1...v0.20.2) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…aa@sha256:66f04df3439eae35373850d29b88b5cd3981f51e3811133d0279a86f1409a008
Bumps [jasmine](https://github.com/jasmine/jasmine-npm) from 3.6.1 to 3.6.3. - [Release notes](https://github.com/jasmine/jasmine-npm/releases) - [Commits](jasmine/jasmine-npm@v3.6.1...v3.6.3) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…aa@sha256:40b74a03b4fc897cc1404a38b69b03fb82a46e16e0f199f619c76541a5efd0fb
* Bump - spring boot 2.4.1 - framework 5.3.2 * adaptions for upgrade: - adapt template invite - test build in statsd-lib - test expectation string in MfaUiRequiredFilterTests * adapt authentication manager use info from https://stackoverflow.com/questions/56866472/spring-mvc-authenticationmanager-expected-single-matching-bean-but-found-4 * adapt test compare
* fix leftover from spring boot update * retrigger * retrigger * retrigger
* Bump jasmine from 3.6.3 to 3.6.4 in /uaa Bumps [jasmine](https://github.com/jasmine/jasmine-npm) from 3.6.3 to 3.6.4. - [Release notes](https://github.com/jasmine/jasmine-npm/releases) - [Commits](jasmine/jasmine-npm@v3.6.3...v3.6.4) Signed-off-by: dependabot[bot] <[email protected]> * Update package.json Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Markus Strehle <[email protected]>
…aa@sha256:63157b274647127a4a50ecd940bbe52439a63297130fbe80d5a2a14bb7220117
* Bump version spring oauth 2.5.0.RELEASE * Refactoring of test code: copy RandomValueStringGenerator from oauth 2.4.0 and replace usage in tests where ASCII random is needed, e.g. zone creation.bump/spring-oauth * Update RandomValueStringGenerator.java
* use test class * Update MfaProviderEndpointDocs.java
slow down, check client before useing
…aa@sha256:cc0d315b3652468fdd1f34c2a13fb1be41ef43c5e982ed11bdc15d1e15817b8a
…aa@sha256:18b29dff62b549b4cd399a00ad6cda9e875cbae4af140fc5d10c47f7ac5e1b58
…aa@sha256:0298579a5c4d3a9cbe4712f7c348ddc17e125aa188387b876f8fdf7de0a31e52
…sue1340 Update jQuery version to v3.5.1
…aa@sha256:2290834a460787995cd0cde47c0238dcb38b1b56d2e3bdbd4e9b28b66c4df431
- and update test to point to new repo - to be consistent with other CF components - to resolve rate-limiting issue reported by relint team [#176486720]
temporarily so that CI would go through [#176486720]
…/uaa@sha256:7b76095c9848216b4871b7120fe5366ab560d20635027c17833267d5e425197f
This reverts commit 46cc261.
…/uaa@sha256:37fcf63a156b75174fbc7be0e3809d64cda6851de0bfe6fa7f12793d919de96a
…/uaa@sha256:c1d54700f1e6b8fabe49917a8e4ca59f381a11c69982439525f9af8a08f29e0c
* the previous version of mime has a vulnerability https://nvd.nist.gov/vuln/detail/CVE-2017-16138
…/uaa@sha256:7fd48f08134e279a4fe2b8a200ecfdca8cda847175df38f1293e9818d7dd53cc
- and print out the DB boot log if fail to start [#177100664]
by change I found warnings in log. in total 3 warnings found [THYMELEAF][Test worker] Template Mode 'HTML5' is deprecated. Using Template Mode 'HTML' instead. [THYMELEAF][Test worker] Template Mode 'HTML5' is deprecated. Using Template Mode 'HTML' instead. Initializing Spring TestDispatcherServlet '' Initializing Servlet '' Completed initialization in 3 ms The layout:decorator/data-layout-decorator processor has been deprecated and will be removed in the next major version of the layout dialect. Please use layout:decorate/data-layout-decorate instead to future-proof your code. See ultraq/thymeleaf-layout-dialect#95 for more information. Fragment expression "layouts/main" is being wrapped as a Thymeleaf 3 fragment expression (~{...}) for backwards compatibility purposes. This wrapping will be dropped in the next major version of the expression processor, so please rewrite as a Thymeleaf 3 fragment expression to future-proof your code. See thymeleaf/thymeleaf#451 for more information. ## ultraq/thymeleaf-layout-dialect#95 , changed layout:decorator to layout:decorate ## use template mode HTML instead of HTML5 ## swtiched back to from th:with="isLdap which was removed with spring update
* spring boot 2.4.4 * spring framework 5.3.5 * tomcat 9.0.41
…ry#1532) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.10.4 to 1.11.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.10.4...v1.11.0) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.20.2 to 0.20.5. - [Release notes](https://github.com/kubernetes/api/releases) - [Commits](kubernetes/api@v0.20.2...v0.20.5) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ry#1535) Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.14.2 to 1.15.2. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v1.14.2...v1.15.2) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.20.2 to 0.20.5. - [Release notes](https://github.com/kubernetes/client-go/releases) - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.20.2...v0.20.5) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot
bot
added
dependencies
jonty-uk-gov-mirror
force-pushed
the
dependabot/go_modules/k8s/k8s.io/client-go-0.21.0
branch
from
ef07147
to
f78e8db
Compare
At the moment, when the user visits: ``` /invitations/accept?code=some-code ``` the invitation code from their email is immediately expired and replaced with a newly generated code which is put in a hidden input in the HTML form. Each time the user submits the form, the code is expired and (if necessary - e.g. if there's a validation issue) replaced with a new one. This is fine so long as the user fills the form in immediately, but there are a number of edge cases where this approach causes usability problems: 1) If the user refreshes the page it will tell them their invitation has expired. 2) If the user closes the tab without submitting the form, and then follows the invitation link from their email later it will show as expired. 3) If the user's email client or web browser pre-fetches the link for any reason (e.g. virus scanning / spam detection / performance optimisation) then the link will not work when they follow it for real. The third issue is the most serious. We (GOV.UK PaaS) have had some very users working in places that pre-fetch links in emails (for some reason or other), and this means they're completely unable to accept invitations. Judging from the irate support tickets we've had from these users the experience is pretty frustrating. This commit changes the GET request to /invitations/accept so that it does not expire the token (unless the invitation is being auto-accepted). The POST handler is unchanged, so if the user actually submits the form then the token will change (as it did before), even if there's a validation issue that prevents the invitation being accepted. This change fixes the usability issues, and makes the behaviour more consistent with HTTP's semantics (in the sense that GET requests should be "safe" - should not modify the state of the server). Signed-off-by: Toby Lorne <[email protected]>
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.20.1 to 0.21.0. - [Release notes](https://github.com/kubernetes/client-go/releases) - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.20.1...v0.21.0) Signed-off-by: dependabot[bot] <[email protected]>
jonty-uk-gov-mirror
force-pushed
the
dependabot/go_modules/k8s/k8s.io/client-go-0.21.0
branch
from
f78e8db
to
47f239a
Compare
|
A newer version of k8s.io/client-go exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps k8s.io/client-go from 0.20.1 to 0.21.0.
Commits
b09a9ceUpdate dependencies to v0.21.0 tag307e3a3Merge pull request #100718 from dims/automated-cherry-pick-of-#100606-#100660...a124236Common auth plugins should always be availableac49e87providerless tag for client-go auth plugins6be0785Merge pull request #100156 from ehashman/issue-1001555f0702fMerge pull request #99375 from ehashman/probe-kep-2238e5c17fcBump klog to 2.8.0, fixing nil panics in KObj2407de6Generated changes for probe terminationGracePeriodSecondsa5722b4Merge pull request #99759 from jpbetz/apply-extract476d5f9Generated apply configurationsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)