Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

web: Update moment for CVE-2022-31129 #8856

Merged
merged 1 commit into from
Jul 13, 2022
Merged

web: Update moment for CVE-2022-31129 #8856

merged 1 commit into from
Jul 13, 2022

Conversation

adleong
Copy link
Member

@adleong adleong commented Jul 13, 2022

Moment 2.29.4 fixes moment/moment#6015 (comment)

Signed-off-by: Alex Leong alex@buoyant.io

Signed-off-by: Alex Leong <alex@buoyant.io>
@adleong adleong requested a review from a team as a code owner July 13, 2022 00:00
@olix0r olix0r enabled auto-merge (squash) July 13, 2022 13:48
@olix0r olix0r merged commit e6a3eb1 into main Jul 13, 2022
@olix0r olix0r deleted the alex/this-is-my-moment branch July 13, 2022 13:48
olix0r added a commit that referenced this pull request Jul 13, 2022
* Policy controller suggestions

* core: Use `http` crate instead of `hyper`'s re-export. `http` is just
  the core types. `hyper` includes client/server infrastructure which
  isn't needed. We already pull in both so there's practically no
  functional difference.
* core: Rename `Hostname` to `HostMatch` to be consistent with API
  types.
* core: Rename `HttpRoute`, `HttpFilter`, etc to `Inbound*`. These types
  are specific to inbound policies. We wouldn't use the same types for
  outbound policies.
* core: Split individual filter types from the `InboundFilter` type so
  that the `InboundFilter` type doesn't hold all of the details for all
  of the filters.
* core: Make `HeaderMatch` hold `HeaderName` and `HeaderValue` so that
  we can rely on the validation from these libraries. Notably,
  `Headervalue` does not necessarily hold a string.
* core: Make `QueryParamMatch` an enum, since the `Value` type would
  only have that one use now.

* index: Rename `RouteBinding` to `InboundRouteBinding`, as it holds
  inbound-specific route configuration.
* index: Add a `InboundParentRef` type that describes a validated parent
  reference.
* index: Update `InboundRouteBinding::try_from` to validate parent
  references and fail reading routes that do not reference servers.

* grpc: Move general `http_route` conversions into a dedicated module
  (to simplify inbound coverters).

* Cleanup imports as much as possible, shortening module names with
  aliases where possible. Because we're frequently converting between
  different representations of the same types, it's helpful to reference
  the modules explicitly rather than relying on large sets of imports.
* Where possible, we destructure types to document that we are handling
  all fields on a type.
* Update deny.toml for git dependency

Signed-off-by: Oliver Gould <ver@buoyant.io>

* Upgrade to moment 2.29.4 (#8856)

Signed-off-by: Alex Leong <alex@buoyant.io>

* build(deps): bump google.golang.org/grpc from 1.47.0 to 1.48.0 (#8857)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.47.0 to 1.48.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.47.0...v1.48.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add port to helm Values (#8855)

Fix `linkerd-viz` helm chart documentation for jaeger integration.

Adds miss port to jaeger url example in `value.yaml`. This port is required to
allow the dashboard to proxy to the jaeger instance. This brings the example
given in the `values.yaml` file in line with the web docs.

Closes #8851

Signed-off-by: Harry Walter <harry@bluebamboostudios.com>

* policy: Index authorization policies with no authentications (#8865)

In 1a0c1c3 we updated the admission controller to allow
`AuthorizationPolicy` resources with an empty
`requiredAuthenticationRefs`. But we did NOT update the indexer, so we
would allow these resources to be created but then fail to honor them in
the API.

To fix this:

1. The `AuthorizationPolicy` admission controller is updated to exercise
   the indexer's validation so that it is impossible to admit resources
   that will be discarded by the indexer;
2. An e2e test is added to exercise this configuration;
3. The indexer's validation is updated to accept resources with no
   authentications.

Signed-off-by: Oliver Gould <ver@buoyant.io>

* Simply ignore non-server parent refs when indexing

Signed-off-by: Oliver Gould <ver@buoyant.io>

Co-authored-by: Alex Leong <alex@buoyant.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Harry Walter <harry.walter@lqdinternet.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants