chore(deps): update all github action dependencies (master) (minor) #1138
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.12.5
->v1.13.4
v3.10.3
->v3.12.2
v0.17.0
->v0.20.0
Release Notes
cilium/cilium (cilium/cilium)
v1.13.4
: 1.13.4Compare Source
We are pleased to release Cilium v1.13.4.
This release addresses the following security issue:
It aslso contains fixes related to IPsec, datapath drop notifications, CPU overhead, downgrade path, RevSNAT for ICMPv6, as well as a range of other regular bugfixes.
See the notes below for a full description of the changes.
Do NOT upgrade to this release if you are using IPsec.
Summary of Changes
Minor Changes:
enable-ipsec-key-watcher
to allow users to disable the IPsec key watcher and thus require an agent restart for the key rotation to take effect. (Backport PR #25977, Upstream PR #25893, @pchaigno)Bugfixes:
x-forwarded-for
header by adding an explicituse_remote_address: true
config to Envoy HTTP configuration to always use the actual remote address of the incoming connection rather than the value ofx-forwarded-for
header, which may originate from an untrusted source. This change has no effect on Cilium policy enforcement where the source security identity is always resolved before HTTP headers are parsed. Previous Cilium behavior of not addingx-forwarded-for
headers is retained via an explicitskip_xff_append: true
config setting, except for Cilium Ingress where the source IP address is now appended tox-forwarded-for
header. (Backport PR #25731, Upstream PR #25674, @jrajahalme)cluster-pool
,kubernetes
, andcrd
when nodes are deleted. Fix incorrect catch-all default-drop XFRM OUT policy for IPsec IPv6 traffic that could lead to leaking plain-text IPv6 traffic if combined with some other bug. (Backport PR #26079, Upstream PR #25953, @pchaigno)CI Changes:
Misc Changes:
ac58ff7
(v1.13) (#25547, @renovate[bot])Other Changes:
Docker Manifests
cilium
docker.io/cilium/cilium:v1.13.4@​sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b
quay.io/cilium/cilium:v1.13.4@​sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b
docker.io/cilium/cilium:stable@sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b
quay.io/cilium/cilium:stable@sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.13.4@​sha256:3f2bb561ddcf45bd7c598b6846439518c6f4fc735a08e518587da8849496235a
quay.io/cilium/clustermesh-apiserver:v1.13.4@​sha256:3f2bb561ddcf45bd7c598b6846439518c6f4fc735a08e518587da8849496235a
docker.io/cilium/clustermesh-apiserver:stable@sha256:3f2bb561ddcf45bd7c598b6846439518c6f4fc735a08e518587da8849496235a
quay.io/cilium/clustermesh-apiserver:stable@sha256:3f2bb561ddcf45bd7c598b6846439518c6f4fc735a08e518587da8849496235a
docker-plugin
docker.io/cilium/docker-plugin:v1.13.4@​sha256:1a11d2f643b92ff4ece29adf7c945795c3faacbc9a47e0089bf6fb6e944c0ae1
quay.io/cilium/docker-plugin:v1.13.4@​sha256:1a11d2f643b92ff4ece29adf7c945795c3faacbc9a47e0089bf6fb6e944c0ae1
docker.io/cilium/docker-plugin:stable@sha256:1a11d2f643b92ff4ece29adf7c945795c3faacbc9a47e0089bf6fb6e944c0ae1
quay.io/cilium/docker-plugin:stable@sha256:1a11d2f643b92ff4ece29adf7c945795c3faacbc9a47e0089bf6fb6e944c0ae1
hubble-relay
docker.io/cilium/hubble-relay:v1.13.4@​sha256:bac057a5130cf75adf5bc363292b1f2642c0c460ac9ff018fcae3daf64873871
quay.io/cilium/hubble-relay:v1.13.4@​sha256:bac057a5130cf75adf5bc363292b1f2642c0c460ac9ff018fcae3daf64873871
docker.io/cilium/hubble-relay:stable@sha256:bac057a5130cf75adf5bc363292b1f2642c0c460ac9ff018fcae3daf64873871
quay.io/cilium/hubble-relay:stable@sha256:bac057a5130cf75adf5bc363292b1f2642c0c460ac9ff018fcae3daf64873871
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.13.4@​sha256:6938be50749205631c02d72277e35199a1adec1323c9310dc2d96911784b1a69
quay.io/cilium/operator-alibabacloud:v1.13.4@​sha256:6938be50749205631c02d72277e35199a1adec1323c9310dc2d96911784b1a69
docker.io/cilium/operator-alibabacloud:stable@sha256:6938be50749205631c02d72277e35199a1adec1323c9310dc2d96911784b1a69
quay.io/cilium/operator-alibabacloud:stable@sha256:6938be50749205631c02d72277e35199a1adec1323c9310dc2d96911784b1a69
operator-aws
docker.io/cilium/operator-aws:v1.13.4@​sha256:c6bde19bbfe1483577f9ef375ff6de19402ac20277c451fe05729fcb9bc02a84
quay.io/cilium/operator-aws:v1.13.4@​sha256:c6bde19bbfe1483577f9ef375ff6de19402ac20277c451fe05729fcb9bc02a84
docker.io/cilium/operator-aws:stable@sha256:c6bde19bbfe1483577f9ef375ff6de19402ac20277c451fe05729fcb9bc02a84
quay.io/cilium/operator-aws:stable@sha256:c6bde19bbfe1483577f9ef375ff6de19402ac20277c451fe05729fcb9bc02a84
operator-azure
docker.io/cilium/operator-azure:v1.13.4@​sha256:55bb91b96c2e3361b3e622b42c8925a31f2f7124150666696030f15d718cd83e
quay.io/cilium/operator-azure:v1.13.4@​sha256:55bb91b96c2e3361b3e622b42c8925a31f2f7124150666696030f15d718cd83e
docker.io/cilium/operator-azure:stable@sha256:55bb91b96c2e3361b3e622b42c8925a31f2f7124150666696030f15d718cd83e
quay.io/cilium/operator-azure:stable@sha256:55bb91b96c2e3361b3e622b42c8925a31f2f7124150666696030f15d718cd83e
operator-generic
docker.io/cilium/operator-generic:v1.13.4@​sha256:09ab77d324ef4d31f7d341f97ec5a2a4860910076046d57a2d61494d426c6301
quay.io/cilium/operator-generic:v1.13.4@​sha256:09ab77d324ef4d31f7d341f97ec5a2a4860910076046d57a2d61494d426c6301
docker.io/cilium/operator-generic:stable@sha256:09ab77d324ef4d31f7d341f97ec5a2a4860910076046d57a2d61494d426c6301
quay.io/cilium/operator-generic:stable@sha256:09ab77d324ef4d31f7d341f97ec5a2a4860910076046d57a2d61494d426c6301
operator
docker.io/cilium/operator:v1.13.4@​sha256:f2068be1706717d0e0b29489dc0b93bf7f1940d18e0bea2def937286beb48464
quay.io/cilium/operator:v1.13.4@​sha256:f2068be1706717d0e0b29489dc0b93bf7f1940d18e0bea2def937286beb48464
docker.io/cilium/operator:stable@sha256:f2068be1706717d0e0b29489dc0b93bf7f1940d18e0bea2def937286beb48464
quay.io/cilium/operator:stable@sha256:f2068be1706717d0e0b29489dc0b93bf7f1940d18e0bea2def937286beb48464
v1.13.3
: 1.13.3Compare Source
We are pleased to release Cilium v1.13.3. This release fixes bugs in ipsec and policy implementations and is recommended for all users.
Summary of Changes
Major Changes:
Minor Changes:
Bugfixes:
CI Changes:
STATUS
commands from upstream tests' Jenkinsfile (Backport PR #25137, Upstream PR #25046, @nbusseneau)Misc Changes:
9f2dd04
(v1.13) (#25421, @renovate[bot])socketLB.hostNamespaceOnly
also needed for gVisor (Backport PR #25346, Upstream PR #25322, @pchaigno)Other Changes:
Docker Manifests
cilium
docker.io/cilium/cilium:v1.13.3@​sha256:77176464a1e11ea7e89e984ac7db365e7af39851507e94f137dcf56c87746314
quay.io/cilium/cilium:v1.13.3@​sha256:77176464a1e11ea7e89e984ac7db365e7af39851507e94f137dcf56c87746314
docker.io/cilium/cilium:stable@sha256:77176464a1e11ea7e89e984ac7db365e7af39851507e94f137dcf56c87746314
quay.io/cilium/cilium:stable@sha256:77176464a1e11ea7e89e984ac7db365e7af39851507e94f137dcf56c87746314
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.13.3@​sha256:5ad8e9dc17f5677d1d75b53a4e80ec2e5c4fcf4973ced8b30f8ad53933c6969a
quay.io/cilium/clustermesh-apiserver:v1.13.3@​sha256:5ad8e9dc17f5677d1d75b53a4e80ec2e5c4fcf4973ced8b30f8ad53933c6969a
docker.io/cilium/clustermesh-apiserver:stable@sha256:5ad8e9dc17f5677d1d75b53a4e80ec2e5c4fcf4973ced8b30f8ad53933c6969a
quay.io/cilium/clustermesh-apiserver:stable@sha256:5ad8e9dc17f5677d1d75b53a4e80ec2e5c4fcf4973ced8b30f8ad53933c6969a
docker-plugin
docker.io/cilium/docker-plugin:v1.13.3@​sha256:e94d344c8e059ce87453dff579086bd0bed9d65e69434ad60eef783380c4e860
quay.io/cilium/docker-plugin:v1.13.3@​sha256:e94d344c8e059ce87453dff579086bd0bed9d65e69434ad60eef783380c4e860
docker.io/cilium/docker-plugin:stable@sha256:e94d344c8e059ce87453dff579086bd0bed9d65e69434ad60eef783380c4e860
quay.io/cilium/docker-plugin:stable@sha256:e94d344c8e059ce87453dff579086bd0bed9d65e69434ad60eef783380c4e860
hubble-relay
docker.io/cilium/hubble-relay:v1.13.3@​sha256:19e4aae5ff72cd9fbcb7d2d16a1570533320a478acc015fc91a4d41a177cadf6
quay.io/cilium/hubble-relay:v1.13.3@​sha256:19e4aae5ff72cd9fbcb7d2d16a1570533320a478acc015fc91a4d41a177cadf6
docker.io/cilium/hubble-relay:stable@sha256:19e4aae5ff72cd9fbcb7d2d16a1570533320a478acc015fc91a4d41a177cadf6
quay.io/cilium/hubble-relay:stable@sha256:19e4aae5ff72cd9fbcb7d2d16a1570533320a478acc015fc91a4d41a177cadf6
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.13.3@​sha256:8dba4795cb38200746a2236623f5b84742ee2c56a8afda724c85f5027ea854eb
quay.io/cilium/operator-alibabacloud:v1.13.3@​sha256:8dba4795cb38200746a2236623f5b84742ee2c56a8afda724c85f5027ea854eb
docker.io/cilium/operator-alibabacloud:stable@sha256:8dba4795cb38200746a2236623f5b84742ee2c56a8afda724c85f5027ea854eb
quay.io/cilium/operator-alibabacloud:stable@sha256:8dba4795cb38200746a2236623f5b84742ee2c56a8afda724c85f5027ea854eb
operator-aws
docker.io/cilium/operator-aws:v1.13.3@​sha256:394c40d156235d3c2004f77bb73402457092351cc6debdbc5727ba36fbd863ae
quay.io/cilium/operator-aws:v1.13.3@​sha256:394c40d156235d3c2004f77bb73402457092351cc6debdbc5727ba36fbd863ae
docker.io/cilium/operator-aws:stable@sha256:394c40d156235d3c2004f77bb73402457092351cc6debdbc5727ba36fbd863ae
quay.io/cilium/operator-aws:stable@sha256:394c40d156235d3c2004f77bb73402457092351cc6debdbc5727ba36fbd863ae
operator-azure
docker.io/cilium/operator-azure:v1.13.3@​sha256:7749b732d510954d9fb74f7e675b31b49100fd773e588c6fbbf42529acfb1be8
quay.io/cilium/operator-azure:v1.13.3@​sha256:7749b732d510954d9fb74f7e675b31b49100fd773e588c6fbbf42529acfb1be8
docker.io/cilium/operator-azure:stable@sha256:7749b732d510954d9fb74f7e675b31b49100fd773e588c6fbbf42529acfb1be8
quay.io/cilium/operator-azure:stable@sha256:7749b732d510954d9fb74f7e675b31b49100fd773e588c6fbbf42529acfb1be8
operator-generic
docker.io/cilium/operator-generic:v1.13.3@​sha256:fa7003cbfdf8358cb71786afebc711b26e5e44a2ed99bd4944930bba915b8910
quay.io/cilium/operator-generic:v1.13.3@​sha256:fa7003cbfdf8358cb71786afebc711b26e5e44a2ed99bd4944930bba915b8910
docker.io/cilium/operator-generic:stable@sha256:fa7003cbfdf8358cb71786afebc711b26e5e44a2ed99bd4944930bba915b8910
quay.io/cilium/operator-generic:stable@sha256:fa7003cbfdf8358cb71786afebc711b26e5e44a2ed99bd4944930bba915b8910
operator
docker.io/cilium/operator:v1.13.3@​sha256:70245141d9c38df09c4c3884f61af81036672059b1ae45e8b1e2175b6cc0998c
quay.io/cilium/operator:v1.13.3@​sha256:70245141d9c38df09c4c3884f61af81036672059b1ae45e8b1e2175b6cc0998c
docker.io/cilium/operator:stable@sha256:70245141d9c38df09c4c3884f61af81036672059b1ae45e8b1e2175b6cc0998c
quay.io/cilium/operator:stable@sha256:70245141d9c38df09c4c3884f61af81036672059b1ae45e8b1e2175b6cc0998c
v1.13.2
: 1.13.2Compare Source
We are pleased to release Cilium v1.13.2.
This release addresses the following security issue:
Note: When updating to this release, make sure that you are using new helm chart version.
Summary of Changes
Known Issues:
kube-apiserver
entity unreliable. Until this is resolved, it is recommended to remain on Cilium v1.12 or earlier if you are using thekube-apiserver
entity in your CiliumNetworkPolicies.Minor Changes:
Bugfixes:
lb4_backends
map and thereby connectivity issues. (Backport PR #24758, Upstream PR #24681, @aditighag)probe=l7-proxy msg="No response from probe within 15 seconds"
(Backport PR #24814, Upstream PR #24672, @bimmlerd)CI Changes:
TestRequestIPWithMismatchedLabel
LB-IPAM tests. (Backport PR #24547, Upstream PR #23297, @dylandreimerink)Configuration
📅 Schedule: Branch creation - "on friday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.