Cherry-pick #5029 #5096 #5097 #5099 #5108 #5113 #5114 #5115 #5116 #5118

#5126 #5128 #5130 (#5132)

* Register otel TracerProvider to send traces (#5029)

* Register otel TracerProvider to send traces

Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>

* Bump gRPC version

Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>

* Upgrade google.golang.org/grpc

Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>

---------

Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* Set fetch-depth to 0 to create correct patches during git cherry-pick as much as possible (#5096)

Signed-off-by: Yoshiki Fujikane <ffjlabo@gmail.com>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* Bump github.com/docker/docker from 24.0.9+incompatible to 26.1.4+incompatible (#5097)

* Bump github.com/docker/docker

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.9+incompatible to 26.1.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v24.0.9...v26.1.4)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Manually update docker/cli to pass the tests build errors

Signed-off-by: khanhtc1202 <khanhtc1202@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: khanhtc1202 <khanhtc1202@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: khanhtc1202 <khanhtc1202@gmail.com>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* Bump postcss from 7.0.39 to 8.4.40 in /docs (#5099)

Bumps [postcss](https://github.com/postcss/postcss) from 7.0.39 to 8.4.40.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@7.0.39...8.4.40)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* Use LRUCache for Application Manifests Cache (#5108)

* Use LRUCache for Application Manifests Cache

Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>

* Use not constant but config value

Co-authored-by: Yoshiki Fujikane <40124947+ffjlabo@users.noreply.github.com>
Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>

---------

Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>
Co-authored-by: Yoshiki Fujikane <40124947+ffjlabo@users.noreply.github.com>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* Fix UI dependecies deprecated (#5113)

Signed-off-by: khanhtc1202 <khanhtc1202@gmail.com>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* Bump postcss and autoprefixer in /docs (#5114)

Bumps [postcss](https://github.com/postcss/postcss) to 8.4.40 and updates ancestor dependency [autoprefixer](https://github.com/postcss/autoprefixer). These dependencies need to be updated together.

Updates `postcss` from 7.0.39 to 8.4.40
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@7.0.39...8.4.40)

Updates `autoprefixer` from 9.8.8 to 10.4.20
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md)
- [Commits](postcss/autoprefixer@9.8.8...10.4.20)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: indirect
- dependency-name: autoprefixer
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* fix: upgrade google-protobuf from 3.21.0 to 3.21.4 (#5115)

Snyk has created this PR to upgrade google-protobuf from 3.21.0 to 3.21.4.

See this package in yarn:
google-protobuf

See this project in Snyk:
https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr

Signed-off-by: t-kikuc <tkikuchi07f@gmail.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* fix: upgrade react-markdown from 6.0.2 to 6.0.3 (#5116)

Snyk has created this PR to upgrade react-markdown from 6.0.2 to 6.0.3.

See this package in yarn:
react-markdown

See this project in Snyk:
https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr

Signed-off-by: t-kikuc <tkikuchi07f@gmail.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* fix: tool/actions-gh-release/Dockerfile to reduce vulnerabilities (#5118)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7413532
- https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7413532

Signed-off-by: khanhtc1202 <khanhtc1202@gmail.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* fix: upgrade dayjs from 1.8.28 to 1.11.12 (#5126)

Snyk has created this PR to upgrade dayjs from 1.8.28 to 1.11.12.

See this package in yarn:
dayjs

See this project in Snyk:
https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr

Signed-off-by: t-kikuc <tkikuchi07f@gmail.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* Bump github.com/docker/docker (#5128)

Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

* Update RELEASE to v0.48.5 (#5130)

Signed-off-by: Yoshiki Fujikane <ffjlabo@gmail.com>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>

---------

Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>
Signed-off-by: pipecd-bot <pipecd.dev@gmail.com>
Signed-off-by: Yoshiki Fujikane <ffjlabo@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: khanhtc1202 <khanhtc1202@gmail.com>
Signed-off-by: t-kikuc <tkikuchi07f@gmail.com>
Co-authored-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>
Co-authored-by: Yoshiki Fujikane <40124947+ffjlabo@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: khanhtc1202 <khanhtc1202@gmail.com>
Co-authored-by: Khanh Tran <32532742+khanhtc1202@users.noreply.github.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Chris Aniszczyk <caniszczyk@gmail.com>

.github/workflows/cherry_pick.yaml

@@ -16,6 +16,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
       - name: make a cherry-pick PR
         run: |
           git config user.name "pipecd-bot"

RELEASE

@@ -1,4 +1,4 @@
-tag: v0.48.4
+tag: v0.48.5
 
 releaseNoteGenerator:
   showCommitter: false

docs/package.json

@@ -17,7 +17,7 @@
   },
   "homepage": "https://github.com/google/docsy-example#readme",
   "devDependencies": {
-    "autoprefixer": "^9.8.6",
+    "autoprefixer": "^10.4.20",
     "postcss": "^8.4.31",
     "postcss-cli": "^8.3.1"
   }