Backport of Upgraded go to 1.23.8 into release/1.20.x #22275
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In some environments, the script will not fail despite SKIP_CHECK_BRANCH being unset, leading to the script explicitly skipping CI when it should fail fast. Prevent this by explicitly checking for the env var.
* init release branch * init 1.20 nightly tests * drop 1.17 nightly tests for new release cycle * drop 1.17 from test matrix * Update nightly-test-integrations-1.20.x.yml
Commas are not expected after HCL blocks. This is causing parsing in BPA to fail and may interfere w/ other release-related workflows.
* upgrade go to 1.23.1, upgrade ubi image to 9.4 * add changelog * revert go version upgrade
…Vault (#21749) * Update test-integrations.yml Update Vault/Nomad versions to ensure we're testing the latest versions . * Update test to test latest available CE versions
Adds initial sg documentation
#21509) * New proposed structure * Fix structure and add some content * Fix structure and add some content * Fix structure and add some content * Add content * Add content * mtls steps * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * Encryption docs structure change * spacing fixes * Replace <CodeTabs> * <CodeBlockConfig> alignment * indent fixes * spacing * More Code tabs fixes * Structure chenges * Structure chenges * Extra content and CE-713 migration * Extra content * Extra content * Extra content * Apply suggestions from code review Co-authored-by: Jeff Boruszak <[email protected]> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <[email protected]> * Apply suggestions from code review * Test CodeTabs * Test CodeTabs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <[email protected]> --------- Co-authored-by: boruszak <[email protected]> Co-authored-by: Jeff Boruszak <[email protected]>
* fix spacing of bash scripts * shellcheck all the things * cat filename rather than concatenating pr number
stage rc release
This should be set to the next major version now that `release/1.20.x` has been created.
* update raft to 1.7.0 * add config to disable raft prevote * add changelog
ci: fix conditional skip and add safeguard Adopt a third-party action to avoid script bugs, and to fix a current issue where the script fails to detect all changes when processing push events on PR branches. Adapted from hashicorp/consul-dataplane#637. See that PR for testing details and background context.
fix changelog
* Add partition field for catalog deregister docs * Update website/content/api-docs/catalog.mdx Co-authored-by: Jeff Boruszak <[email protected]> --------- Co-authored-by: Jeff Boruszak <[email protected]>
* update serf links * add .markdown file extension * update serf links to use /blob/master/ * fix broken links --------- Co-authored-by: github-team-consul-core <[email protected]>
Add missing `&&` to iptables command. The original commands fail when being directly pasted into a shell.
* Bump Envoy version used for 1.20.x upgrade tests * Improve README + docstrings
No new minor versions, just incrementing the patches for hygiene's sake
* Backport of ci: update the security-scanner gha token into release/1.20.x (#21754) backport of commit eb9dbc9 Co-authored-by: dduzgun-security <[email protected]> * Backport of Initialize 1.20 Release into release/1.20.x (#21753) * backport of commit a33e903 * backport of commit 37163dc * backport of commit 38f0907 * backport of commit 6ab7ec2 * backport of commit 7ac4178 * backport of commit 5dfebb2 * backport of commit 316d68c --------- Co-authored-by: Sarah Alsmiller <[email protected]> Co-authored-by: sarahalsmiller <[email protected]> * Backport of Stage rc release into release/1.20.x (#21772) backport of commit d311f2b Co-authored-by: Sarah Alsmiller <[email protected]> * Backport of Upgrade ubi image to 9.4 into release/1.20.x (#21773) * backport of commit 888e302 * backport of commit 17499dc * backport of commit d933d37 --------- Co-authored-by: Dhia Ayachi <[email protected]> Co-authored-by: sarahalsmiller <[email protected]> * Backport of security: update alpine base image to 3.20 into release/1.20.x (#21774) * backport of commit 4421ce1 * Upgrade ubi image to 9.4 (#21750) --------- Co-authored-by: Michael Zalimeni <[email protected]> Co-authored-by: Sarah Alsmiller <[email protected]> Co-authored-by: sarahalsmiller <[email protected]> * Backport of fix spacing of bash scripts into release/1.20.x (#21769) * backport of commit 1e97297 * backport of commit b7053f5 * backport of commit a391f2f --------- Co-authored-by: jm96441n <[email protected]> * Backport of [NET-11150] ci: fix conditional skip and add safeguard into release/1.20.x (#21783) backport of commit c3db6c9 Co-authored-by: Michael Zalimeni <[email protected]> * initial commit * Initial pages * Edits to other pages + nav & redirects * minor fixes * Backport of security: update alpine base image to 3.20 into release/1.20.x (#21774) * backport of commit 4421ce1 * Upgrade ubi image to 9.4 (#21750) --------- Co-authored-by: Michael Zalimeni <[email protected]> Co-authored-by: Sarah Alsmiller <[email protected]> Co-authored-by: sarahalsmiller <[email protected]> * CE-679 * align with main * Content updates * minor edit * Apply suggestions from code review Co-authored-by: Aimee Ukasick <[email protected]> Co-authored-by: Blake Covarrubias <[email protected]> * CoreDNS config update * small edits * typo fix --------- Co-authored-by: hc-github-team-consul-core <[email protected]> Co-authored-by: dduzgun-security <[email protected]> Co-authored-by: Sarah Alsmiller <[email protected]> Co-authored-by: sarahalsmiller <[email protected]> Co-authored-by: Dhia Ayachi <[email protected]> Co-authored-by: Michael Zalimeni <[email protected]> Co-authored-by: jm96441n <[email protected]> Co-authored-by: Aimee Ukasick <[email protected]> Co-authored-by: Blake Covarrubias <[email protected]>
* Update active version list in .release/versions.hcl * Remove nightly tests for 1.17.x * Add nightly tests for 1.20.x * Gate nightly tests for 1.19.x to Enterprise only * Update CHANGELOG.md
* Page creation * DNS views description * Catalog sync and openshift * Grafana + consul-k8s release notes * nav update * Fix known issues language
Also prevent future re-commits of this submodule path by adding to .gitignore.
…atch options to prevent L7 intentions bypass (#21816) mesh: add options for HTTP incoming request normalization Expose global mesh configuration to enforce inbound HTTP request normalization on mesh traffic via Envoy xDS config. mesh: enable inbound URL path normalization by default mesh: add support for L7 header match contains and ignore_case Enable partial string and case-insensitive matching in L7 intentions header match rules. ui: support L7 header match contains and ignore_case Co-authored-by: Phil Renaud <[email protected]> test: add request normalization integration bats tests Add both "positive" and "negative" test suites, showing normalization in action as well as expected results when it is not enabled, for the same set of test cases. Also add some alternative service container test helpers for verifying raw HTTP request paths, which is difficult to do with Fortio. docs: update security and reference docs for L7 intentions bypass prevention - Update security docs with best practices for service intentions configuration - Update configuration entry references for mesh and intentions to reflect new values and add guidance on usage
Update matrices and clarify statements as to when Consul expands support to new major versions of Envoy and Consul dataplane in light of Consul LTS or Envoy EOL status.
* Update compatibility matrix to include 1.20.x * Update compatibility.mdx
* Init release 1.21 * Create nightly-test-integrations-1.21.x.yml * Remove comma
* Upgrade go version * Added changelog * Update config.deepcopy.go * Update .golangci.yml * fix lint
* Upgrade crypto to 0.35.0 * Upgrade oauth and go-jose * upgrade oauth and jose * Added changelog
…API (#22220) * Add the missing Service TaggedAddresses and Check Type fields to Txn API * added changelog
…22227) * Add session health check management and tests * Refactor session health check management and update related tests * Cleanup --------- Co-authored-by: srahul3 <[email protected]>
* build(deps): bump go version to go1.24.1 * update: use 1.23.7 instead * add changelog
* Fixes a couple of example commands The `-name` option is not available `-description` is used in it's place. set-agent-token is a sub-command of the acl command. * This feature works with federated services only This command does not work with peered clusters so needs to be clarified.
…22248) * Add the missing Service TaggedAddresses and Check Type fields to Txn API * added changelog * Refactor Txn API to use AgentService and add TaggedAddresses support
* Update agent.mdx Starting from Consul v1.20.1+ent, Consul supports using Azure Blob Storage for the snapshot agent via Azure Service Principal ID and Secret authentication. I've successfully tested this configuration in my lab environment and have added the relevant parameters to this documentation for completeness. * Update website/content/commands/snapshot/agent.mdx Co-authored-by: Blake Covarrubias <[email protected]> * Update website/content/commands/snapshot/agent.mdx Co-authored-by: Blake Covarrubias <[email protected]> * Update website/content/commands/snapshot/agent.mdx Co-authored-by: Blake Covarrubias <[email protected]> * Update website/content/commands/snapshot/agent.mdx Co-authored-by: Blake Covarrubias <[email protected]> --------- Co-authored-by: Blake Covarrubias <[email protected]>
* Fix catalog service endpoint when querying for a peer service * Add changelog file * Add changes to docs. Add test * Update website/content/api-docs/catalog.mdx Co-authored-by: Jeff Boruszak <[email protected]> --------- Co-authored-by: Sreeram Narayanan <[email protected]> Co-authored-by: nitin-sachdev-29 <[email protected]> Co-authored-by: Jeff Boruszak <[email protected]>
* Update lock.mdx (Node Health Check and TTL) Consul `lock` command update that captures why consul lock can act indefinitely when node checks are in place and how users can work around it by creating/managing their own session. * Update website/content/commands/lock.mdx Co-authored-by: Jeff Boruszak <[email protected]> --------- Co-authored-by: Jeff Boruszak <[email protected]>
GHSA-vvgc-356p-c3xw in golang.org/x/[email protected] GO-2025-3595 in golang.org/x/[email protected] GO-2025-3553 in github.com./golang-jwt/jwt/[email protected] GHSA-mh63-6h87-95cp in github.com./golang-jwt/jwt/[email protected] stdlib in Go [email protected]
hc-github-team-consul-core
force-pushed
the
backport/nitin/cve-fix/loosely-arriving-dingo
branch
from
7d8a06d to
cd7b029
Compare
github-team-consul-core-pr-approver
approved these changes
Apr 17, 2025
github-actions
bot
added
type/docs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #22273 to be assessed for backporting due to the inclusion of the label backport/1.20.
🚨
The person who merged in the original PR is:
@nitin-sachdev-29
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.
The below text is copied from the body of the original PR.
Description
Upgraded go to 1.23.8
Testing & Reproduction steps
Links
PR Checklist
Overview of commits