build(deps): bump setuptools from 75.1.0 to 78.1.1 in /tools/base #311
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=80&v=4){kind=small}
If the wasm plugin send a http call out and panic before the response. Then when the response is arrived, the clean up in the `addAfterVmCallAction` will bypassed. Then, a dirty pending request pointer will be kept in the Context object. When the Context is destroyed because configuration update or vm reload, the the dangling pointer will crash envoy. Risk Level: low. Testing: n/a. Docs Changes: n/a. Release Notes: added. Platform Specific Features: n/a. --------- Signed-off-by: wangbaiping(wbpcode) <[email protected]>
fix: envoyproxy/gateway#5496 (comment) We should use the initManager in the DualInfo because the Credential Injector can be used for both HCM filter and upstream filter. Using the initManger from the ServerFactoryContext for HCM filter causes the secret to be added to the server initManager when it's already in the initialized state. Change log should not be required as this fixes a bug introduced in [a RP](envoyproxy/envoy#38398) that just merged after v1.33.0 . @yanavlasov --------- Signed-off-by: Huabing (Robin) Zhao <[email protected]>
This PR introduces support for PKCE(Proof Key for Code Exchange) in the OAuth2 filter. This enhancement mitigates the risk of the authorization code interception attacks. Background: https://oauth.net/2/pkce/ RFC: [Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636) Commit Message: Additional Description: Risk Level: low Testing: unit and integrate test, also manually tested with AWS cognito Docs Changes: Release Notes: Yes Platform Specific Features: [Optional Runtime guard:] [Optional Fixes #35230] [Optional Fixes commit #PR or SHA] [Optional Deprecated:] [Optional [API Considerations](https://github.com/envoyproxy/envoy/blob/main/api/review_checklist.md):] CC @missBerg @arkodg @denniskniep --------- Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Huabing (Robin) Zhao <[email protected]>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.8 to 4.2.1. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@fa0a91b...95815c3) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.11 to 3.28.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@6bb031a...5f8171a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.1 to 4.6.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@4cec3d8...ea165f8) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.2 to 4.2.3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@d4323d4...5a3ec84) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Bumps [icalendar](https://github.com/collective/icalendar) from 6.1.1 to 6.1.2. - [Release notes](https://github.com/collective/icalendar/releases) - [Changelog](https://github.com/collective/icalendar/blob/main/CHANGES.rst) - [Commits](collective/icalendar@v6.1.1...v6.1.2) --- updated-dependencies: - dependency-name: icalendar dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.11.13 to 3.11.14. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.11.13...v3.11.14) --- updated-dependencies: - dependency-name: aiohttp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <[email protected]>
Bumps [orjson](https://github.com/ijl/orjson) from 3.10.14 to 3.10.15. - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.10.14...3.10.15) --- updated-dependencies: - dependency-name: orjson dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <[email protected]>
Bumps the contrib-golang group in /contrib/golang/filters/http/test/test_data with 1 update: google.golang.org/protobuf. Updates `google.golang.org/protobuf` from 1.36.5 to 1.36.6 --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch dependency-group: contrib-golang ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Bumps the contrib-golang group in /contrib/golang/router/cluster_specifier/test/test_data/simple with 1 update: google.golang.org/protobuf. Updates `google.golang.org/protobuf` from 1.36.5 to 1.36.6 --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch dependency-group: contrib-golang ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Bumps the contrib-golang group in /contrib/golang/upstreams/http/tcp/test/test_data with 1 update: google.golang.org/protobuf. Updates `google.golang.org/protobuf` from 1.36.5 to 1.36.6 --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-patch dependency-group: contrib-golang ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Bumps [setuptools](https://github.com/pypa/setuptools) from 76.0.0 to 78.1.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v76.0.0...v78.1.0) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fix #38639 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com> Co-authored-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Fix #38901 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com> Co-authored-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Fix #38729 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com> Co-authored-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Fix #38760 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com> Co-authored-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Jacek Ewertowski <[email protected]>
Fix #38887 Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com> Co-authored-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
<!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing [email protected] where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) --> Commit Message: Additional Description: Risk Level: low Testing: Docs Changes: Release Notes: Platform Specific Features: Signed-off-by: Boteng Yao <[email protected]>
…… (#38879) …re DNS resolver needs to be re-initialized Solves #34785 Co-authored-by: Rohit Agrawal <[email protected]> Co-authored-by: Clif Houck <[email protected]> --------- Signed-off-by: Clif Houck <[email protected]>
…38897) <!-- !!!ATTENTION!!! If you are fixing *any* crash or *any* potential security issue, *do not* open a pull request in this repo. Please report the issue via emailing [email protected] where the issue will be triaged appropriately. Thank you in advance for helping to keep Envoy secure. !!!ATTENTION!!! For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/main/PULL_REQUESTS.md) --> Commit Message: Strip empty cookie header in HTTP/3. Additional Description: This change makes HTTP/3 consistent with HTTP/2 implementation. Risk Level: LOW Testing: integration tested [Optional Runtime guard:] envoy.reloadable_features.http3_remove_empty_cookie Signed-off-by: Haoyue Wang <[email protected]> Signed-off-by: wang178c <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Nigel Brittain <[email protected]>
Commit Message: Expose proxy setting API to C++ engine Additional Description: Also updated string arguments to use the modern absl::string_view Risk Level: low Testing: n/a Docs Changes: n/a Release Notes: n/a Platform Specific Features: mobile only --------- Signed-off-by: Renjie Tang <[email protected]>
…(#38934) --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ryan Northey <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ryan Northey <[email protected]>
The DigestTest.TestVectors test was failing because OpenSSL doesn't support the MD4 digest, so just comment out the MD4 test vectors. Signed-off-by: Ted Poole <[email protected]>
The crypto_test_data.cc file appeared to be out of date, and didn't contain all the required test data. Specifically, the PKCS12Test.TestEmptyPassword test needs the "crypto/pkcs8/test/empty_password_ber.p12" file, but it was not present. Regenerated using the generate_build_files.py script. Signed-off-by: Ted Poole <[email protected]>
Signed-off-by: Ted Poole <[email protected]>
Just implementing X509_check_purpose() as a direct call to OpenSSL's function is not sufficient because it fails some BoringSSL utests. Rather than fixing it, as it's not required by Envoy, just remove it. Signed-off-by: Ted Poole <[email protected]>
Without this fix, the BoringSSL utest X509Test.TestVerify was failing because of a mismatched error code being set while calling X509_verify_cert(). Also, BoringSSL has changed the semantics of its SSL_CTX_set_verify_depth() to match that of OpenSSL. Therefore, there was no need to subtract 1 from the depth any more, so the handwritten implementation has been deleted. Signed-off-by: Ted Poole <[email protected]>
The unit tests listed below, that we run gainst the layer make use of outdated algorithm(s) which aren't avaiable by default in OpenSSL, which causes the tests to fail. This commit adds an override in the utests main() to lower the OpenSSL security level *only* while the utests run. Signed-off-by: Ted Poole <[email protected]>
Signed-off-by: Ted Poole <[email protected]>
Fix bssl-compat utests
Signed-off-by: Dario Cillerai <[email protected]>
Boringssl fix for Z/P platforms
Signed-off-by: Swapnali911 <[email protected]>
[ppc64le] Fixed v8_initializers_files doesn't match this configuration for ppc64le
The new image (based on upstream 1.34) is pushed to quay under the same
tag (`cb86d91cf406995012e330ab58830e6ee10240cb`), but because it is now
properly based on the 1.34 upstream image, the content changed,
therefore the SHA changed as well.
The 1.34 image is based on clang 18, hence we needed a couple of fixed
to make prefixer work with it:
- Adjust the include path: In clang 14 the include path is
`.../clang/14.0.1/include` whereas in clang 18 it is
`.../clang/18/include`.
- Remove a `no_return` clause that was causing the following compile
error:
```
error: type name does not allow function specifier to be specified
6167 | ossl_ossl_noreturn ossl_OPENSSL_die_t ossl_OPENSSL_die;
| ^
```
Signed-off-by: Jonh Wendell <[email protected]>
Signed-off-by: Jonh Wendell <[email protected]>
See comment in code for reason Signed-off-by: Ted Poole <[email protected]>
Commit Message: Additional Description: Risk Level: Low, new extension Testing: Unit Tests Docs Changes: Yes Release Notes: Yes Platform Specific Features: N/A --------- Signed-off-by: Yan Avlasov <[email protected]> Signed-off-by: Tim Walsh <[email protected]>
Risk Level: Low Testing: Added ext_proc unit tests Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A --------- Signed-off-by: Andres Guedez <[email protected]> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Signed-off-by: Tim Walsh <[email protected]>
GIE backport
Allowing the runtime minor version to be higher than the one the code was compiled against. For instance, code was compiled with OpenSSL 3.0.x, but runtime has 3.2.x. Higher minor versions should be compatible with previous versions: https://openssl-library.org/policies/general/versioning-policy/ Signed-off-by: Jonh Wendell <[email protected]>
Relax the OpenSSL runtime version check
Signed-off-by: Jonh Wendell <[email protected]>
Fix to build with newer Clang versions and RHEL
Signed-off-by: Surender Yadav <[email protected]>
s390x patches for release/v1.34
Bumps [setuptools](https://github.com/pypa/setuptools) from 75.1.0 to 78.1.1. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v75.1.0...v78.1.1) --- updated-dependencies: - dependency-name: setuptools dependency-version: 78.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/pip/tools/base/setuptools-78.1.1
branch
from
87be267 to
493bbcf
Compare
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
bot
deleted the
dependabot/pip/tools/base/setuptools-78.1.1
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
51 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps setuptools from 75.1.0 to 78.1.1.
Changelog
Sourced from setuptools's changelog.
... (truncated)
Commits
8e4868aBump version: 78.1.0 → 78.1.1100e9a6Merge pull request #49518faf1d7Add news fragment.2ca4a9fRely on re.sub to perform the decision in one expression.e409e80Extract _sanitize method for sanitizing the filename.250a6d1Add a check to ensure the name resolves relative to the tmpdir.d8390feExtract _resolve_download_filename with test.4e1e893Merge https://github.com/jaraco/skeleton3a3144fFix typo:pyproject.license->project.license(#4931)d751068Fix typo: pyproject.license -> project.licenseDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.