chore(deps): update neuvector#1417
Merged
chance-coleman merged 47 commits intomainfrom Apr 18, 2025
Merged
Conversation
| datasource | package | from | to | | ---------- | --------------------------------------------------------- | ----- | ----- | | docker | cgr.dev/du-uds-defenseunicorns/neuvector-controller-fips | 5.4.2 | 5.4.3 | | docker | cgr.dev/du-uds-defenseunicorns/neuvector-enforcer-fips | 5.4.2 | 5.4.3 | | docker | cgr.dev/du-uds-defenseunicorns/neuvector-manager | 5.4.2 | 5.4.3 | | helm | core | 2.8.4 | 2.8.5 | | helm | crd | 2.8.4 | 2.8.5 | | docker | docker.io/neuvector/controller | 5.4.2 | 5.4.3 | | docker | docker.io/neuvector/enforcer | 5.4.2 | 5.4.3 | | docker | docker.io/neuvector/manager | 5.4.2 | 5.4.3 | | helm | monitor | 2.8.4 | 2.8.5 | | docker | registry1.dso.mil/ironbank/neuvector/neuvector/controller | 5.4.2 | 5.4.3 | | docker | registry1.dso.mil/ironbank/neuvector/neuvector/enforcer | 5.4.2 | 5.4.3 | | docker | registry1.dso.mil/ironbank/neuvector/neuvector/manager | 5.4.2 | 5.4.3 |
Contributor
|
Noting that this was previously reverted based on issues with the latest chainguard and ironbank images. |
Closed
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cgr.dev/du-uds-defenseunicorns/memcached](https://images.chainguard.dev/directory/image/memcached/overview) ([source](https://github.com/chainguard-images/images-private/tree/HEAD/images/memcached)) | patch | `1.6.37` -> `1.6.38` | | docker.io/memcached | patch | `1.6.37-alpine` -> `1.6.38-alpine` | | [loki](https://grafana.github.io/helm-charts) ([source](https://github.com/grafana/helm-charts)) | minor | `6.27.0` -> `6.29.0` | | [registry1.dso.mil/ironbank/opensource/memcached/memcached](https://memcached.org/) ([source](https://repo1.dso.mil/dsop/opensource/memcached/memcached)) | patch | `1.6.37` -> `1.6.38` | | [registry1.dso.mil/ironbank/opensource/nginx/nginx-alpine](https://nginx.org/en/) ([source](https://repo1.dso.mil/dsop/opensource/nginx/nginx-alpine)) | patch | `1.26.2` -> `1.26.3` | --- ### Release Notes <details> <summary>grafana/helm-charts (loki)</summary> ### [`v6.29.0`](https://github.com/grafana/helm-charts/releases/tag/grafana-6.29.0) The leading tool for querying and visualizing time series and metrics. ### [`v6.28.0`](https://github.com/grafana/helm-charts/releases/tag/grafana-6.28.0) The leading tool for querying and visualizing time series and metrics. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xODUuNCIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [azure/login](https://github.com/azure/login) | action | digest | `a65d910` -> `a457da9` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | | minor | `v1.11.2` -> `v1.12.0` | --- ### Release Notes <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v1.12.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v1.12.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v1.11.2...v1.12.0) ##### Features - adds a callable workflow for republishing a package ([#​449](https://github.com/defenseunicorns/uds-common/issues/449)) ([345f526](https://github.com/defenseunicorns/uds-common/commit/345f526a04c56b6f4786b7c1af0317eb82b93c54)) ##### Miscellaneous - **deps:** update uds core to v0.39.0 ([#​456](https://github.com/defenseunicorns/uds-common/issues/456)) ([ceb8b15](https://github.com/defenseunicorns/uds-common/commit/ceb8b15db4c1acc4c0b8542e6d7e4fc13e58afad)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`22.13.17` -> `22.14.0`](https://renovatebot.com/diffs/npm/@types%2fnode/22.13.17/22.14.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | minor | | aws | `~> 5.93.0` -> `~> 5.94.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | required_provider | minor | | ghcr.io/zarf-dev/packages/init | `v0.50.0` -> `v0.51.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | minor | | [kubernetes-fluent-client](https://github.com/defenseunicorns/kubernetes-fluent-client) | [`3.4.6` -> `3.4.7`](https://renovatebot.com/diffs/npm/kubernetes-fluent-client/3.4.6/3.4.7) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [weaveworks/eksctl](https://github.com/weaveworks/eksctl) | `v0.206.0` -> `v0.207.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | minor | | [zarf-dev/zarf](https://github.com/zarf-dev/zarf) | `v0.50.0` -> `v0.51.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | minor | --- ### Release Notes <details> <summary>defenseunicorns/kubernetes-fluent-client (kubernetes-fluent-client)</summary> ### [`v3.4.7`](https://github.com/defenseunicorns/kubernetes-fluent-client/releases/tag/v3.4.7) [Compare Source](https://github.com/defenseunicorns/kubernetes-fluent-client/compare/v3.4.6...v3.4.7) ##### Bug Fixes - bump undici and typefest ([#​608](https://github.com/defenseunicorns/kubernetes-fluent-client/issues/608)) ([e743698](https://github.com/defenseunicorns/kubernetes-fluent-client/commit/e74369852202254187398a44fb229f5f3988006d)) </details> <details> <summary>weaveworks/eksctl (weaveworks/eksctl)</summary> ### [`v0.207.0`](https://github.com/eksctl-io/eksctl/releases/tag/v0.207.0): eksctl 0.207.0 [Compare Source](https://github.com/weaveworks/eksctl/compare/0.207.0...0.207.0) ##### Release v0.207.0 ##### 🚀 Features - Add support for new force parameter when upgrading cluster version ([#​8319](https://github.com/weaveworks/eksctl/issues/8319)) ##### 🎯 Improvements - Enable creating IPV6 clusters with pod identities in addition to IRSA ([#​8322](https://github.com/weaveworks/eksctl/issues/8322)) - Add latest changes to AWS Load Balancer Controller IAM Policy ([#​8316](https://github.com/weaveworks/eksctl/issues/8316)) ##### 🧰 Maintenance - Fully remove intermediate eksctl build image ([#​8341](https://github.com/weaveworks/eksctl/issues/8341)) - Remove redundant 'typecheck' linter ([#​8298](https://github.com/weaveworks/eksctl/issues/8298)) ##### Acknowledgments The eksctl maintainers would like to sincerely thank [@​MartinEmrich](https://github.com/MartinEmrich), [@​alexandear](https://github.com/alexandear), [@​rsumukha](https://github.com/rsumukha) and [@​simonmarty](https://github.com/simonmarty). ### [`v0.207.0`](https://github.com/eksctl-io/eksctl/releases/tag/v0.207.0): eksctl 0.207.0 [Compare Source](https://github.com/weaveworks/eksctl/compare/0.206.0...0.207.0) ##### Release v0.207.0 ##### 🚀 Features - Add support for new force parameter when upgrading cluster version ([#​8319](https://github.com/weaveworks/eksctl/issues/8319)) ##### 🎯 Improvements - Enable creating IPV6 clusters with pod identities in addition to IRSA ([#​8322](https://github.com/weaveworks/eksctl/issues/8322)) - Add latest changes to AWS Load Balancer Controller IAM Policy ([#​8316](https://github.com/weaveworks/eksctl/issues/8316)) ##### 🧰 Maintenance - Fully remove intermediate eksctl build image ([#​8341](https://github.com/weaveworks/eksctl/issues/8341)) - Remove redundant 'typecheck' linter ([#​8298](https://github.com/weaveworks/eksctl/issues/8298)) ##### Acknowledgments The eksctl maintainers would like to sincerely thank [@​MartinEmrich](https://github.com/MartinEmrich), [@​alexandear](https://github.com/alexandear), [@​rsumukha](https://github.com/rsumukha) and [@​simonmarty](https://github.com/simonmarty). </details> <details> <summary>zarf-dev/zarf (zarf-dev/zarf)</summary> ### [`v0.51.0`](https://github.com/zarf-dev/zarf/compare/v0.50.0...v0.51.0) [Compare Source](https://github.com/zarf-dev/zarf/compare/v0.50.0...v0.51.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
## Description With the new theme customization work, moving the environment variable for disabling registration fields into the new `themeCustomizations` block since it's only theme related. ## Related Issue [Fixes this issue](defenseunicorns/uds-identity-config#395) [Related to this PR](defenseunicorns/uds-identity-config#396) ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Steps to Validate - Steps to test are in the [identity config PR](defenseunicorns/uds-identity-config#396) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
## Description Went through and identified the service accounts for each application and added the `remoteServiceAccount` to the UDSPackage Spec.Allow rules for ingress rules. This is in addition to the existing `selectors`, `remoteNamespace`, `remoteSelector` fields. In the ambient authpols operator implementation the `remoteServiceAccount` would take precedent for the from.source block of the authorizationpolicy. ## Related Issue Fixes #1399 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Steps to Validate - Not much here other than deploying uds-core and checking the authorization policies that are generated utilize the new remoteServiceAccount to create the `from.source` block rather than existing selectors. - `uds run test:uds-core-e2e` - use `k9s` to search through the `authorizationpolicies` for the following policies: | policy name | original `from.source` value | new `from.source` value | |---|---|---| | `protect-keycloak-ingress-uds-operator` | `Namespace:pepr-system` | `Principals:cluster.local/ns/pepr-system/sa/pepr-uds-core` | | `protect-loki-ingress-grafana-log-queries` | `Namespace:grafana` | `Principals:cluster.local/ns/grafana/sa/grafana` | | `protect-loki-ingress-prometheus-metrics` | `Namespaces:monitoring` | `Principals:cluster.local/ns/monitoring/sa/kube-prometheus-stack-prometheus` | | `protect-loki-ingress-vector-log-storage` | `Namespace:vector` | `Principals:cluster.local/ns/vector/sa/vector` | | `protect-prometheus-stack-ingress-grafana-alerts-queries` | `Namespace:grafana` | `Principals:cluster.local/ns/grafana/sa/grafana` | | `protect-prometheus-stack-ingress-grafana-metrics-queries` | `Namespaces:grafana` | `Principals:cluster.local/ns/grafana/sa/grafana` | | `protect-velero-ingress-prometheus-metrics` | `Namespaces:monitoring` | `Principals:cluster.local/ns/monitoring/sa/kube-prometheus-stack-prometheus` | | `protect-vector-ingress-prometheus-metrics` | `Namespaces:monitoring` | `Principals:cluster.local/ns/monitoring/sa/kube-prometheus-stack-prometheus` | ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
## Description Adds `serviceMesh.mode` to the `Package` CR spec with associated reconciliation code to handle running packages in sidecar or ambient mode. ## Related Issue Fixes #1248 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Steps to Validate The podinfo package is switched to ambient mode in this PR, but you can also test with similar packages to switch to ambient and validate all works as expected. ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
## Description Zarf as of 0.51.0 will validate the flavor actually exists, so this change drops the `--flavor` (which was not necessary in the first place). This was primarily used as "documentation" so I made an update to the comment for clarity. ## Related Issue Zarf change: zarf-dev/zarf#3597 ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Steps to Validate Run the task/command to validate it works as expect (`zarf dev deploy src/prometheus-stack --no-progress` should only deploy the CRDs). ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
This PR contains the following updates: | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | azurerm | required_provider | minor | `4.25.0` -> `4.26.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [typescript](https://www.typescriptlang.org/) ([source](https://github.com/microsoft/TypeScript)) | devDependencies | patch | [`5.8.2` -> `5.8.3`](https://renovatebot.com/diffs/npm/typescript/5.8.2/5.8.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>microsoft/TypeScript (typescript)</summary> ### [`v5.8.3`](https://github.com/microsoft/TypeScript/compare/v5.8.2...68cead182cc24afdc3f1ce7c8ff5853aba14b65a) [Compare Source](https://github.com/microsoft/TypeScript/compare/v5.8.2...68cead182cc24afdc3f1ce7c8ff5853aba14b65a) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
## Description This Pull Request introduces a procedure for recovering the lost Keycloak Admin credentials. The preview might be found here: https://deploy-preview-196--uds.netlify.app/reference/configuration/single-sign-on/recoving-lost-credentials/ ## Related Issue Fixes defenseunicorns/uds-identity-config#394 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Steps to Validate 1. Run `uds run test-uds-core-ha` 3. Run the procedure 4. Log into Keycloak using a newly created admin user ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed --------- Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.28.13` -> `v3.28.14` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.28.14`](https://github.com/github/codeql-action/releases/tag/v3.28.14) [Compare Source](https://github.com/github/codeql-action/compare/v3.28.13...v3.28.14) ### CodeQL Action Changelog See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. #### 3.28.14 - 07 Apr 2025 - Update default CodeQL bundle version to 2.21.0. [#​2838](https://github.com/github/codeql-action/pull/2838) See the full [CHANGELOG.md](https://github.com/github/codeql-action/blob/v3.28.14/CHANGELOG.md) for more information. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
## Description Istio ambient components (CNI and Ztunnel) are currently present in uds-core but disabled by default. This PR: - Makes istio ambient default in uds-core. - Implement Gateway API CRDs (future requirement for keycloak work with ambient) - Remove references to `istio-ambient` and update docs section Breaking change: used to have `istio-ambient` component and `istio-controlplane`, now only have `istio-controlplane`. The two have been squashed together to improve developer experience and simplify the bundle/package experience. ## Related Issue Fixes #1280 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Steps to Validate - Verify that deploy uds-core standard package is successful and creates ambient workloads as well as new CRDs - `uds run test-uds-core` - `kubectl get crd -A` and validate these four crds are present: - gateway.networking.k8s gatewayclasses - gateway.networking.k8s httproutes - gateway.networking.k8s grpcroutes - gateway.networking.k8s referencegrants ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cgr.dev/du-uds-defenseunicorns/loki](https://images.chainguard.dev/directory/image/loki/overview) ([source](https://github.com/chainguard-images/images-private/tree/HEAD/images/loki)) | patch | `3.4.2` -> `3.4.3` | | docker.io/grafana/loki | patch | `3.4.2` -> `3.4.3` | | [registry1.dso.mil/ironbank/opensource/grafana/loki](https://github.com/grafana/loki) ([source](https://repo1.dso.mil/dsop/opensource/grafana/loki)) | patch | `3.4.2` -> `3.4.3` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github/codeql-action](https://github.com/github/codeql-action) | action | patch | `v3.28.14` -> `v3.28.15` | --- ### Release Notes <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.28.15`](https://github.com/github/codeql-action/releases/tag/v3.28.15) [Compare Source](https://github.com/github/codeql-action/compare/v3.28.14...v3.28.15) ##### CodeQL Action Changelog See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.28.15 - 07 Apr 2025 - Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. [#​2842](https://github.com/github/codeql-action/pull/2842) See the full [CHANGELOG.md](https://github.com/github/codeql-action/blob/v3.28.15/CHANGELOG.md) for more information. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
## Description This Pull Request instructs Keycloak to escape slashes in the User Group names. The escape character in the database is `~/`, see the "[Escaping slashes in group paths](https://www.keycloak.org/docs/latest/upgrading/index.html#escaping-slashes-in-group-paths)" part of the Keycloak manual. The `RequireGroupAuthenticator` assumes the same convention, so the same pattern needs to be used in the Package CR. ## Related Issue Relates to defenseunicorns/uds-identity-config#118 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Steps to Validate TBD ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [velero](https://github.com/vmware-tanzu/velero) ([source](https://github.com/vmware-tanzu/helm-charts)) | minor | `8.6.0` -> `8.7.1` | --- ### Release Notes <details> <summary>vmware-tanzu/helm-charts (velero)</summary> ### [`v8.7.1`](https://github.com/vmware-tanzu/helm-charts/releases/tag/velero-8.7.1) [Compare Source](https://github.com/vmware-tanzu/helm-charts/compare/velero-8.7.0...velero-8.7.1) A Helm chart for velero #### What's Changed - \[velero] add runtimeClassName for pod.spec.runtimeClassName by [@​neo-liang-sap](https://github.com/neo-liang-sap) in [https://github.com/vmware-tanzu/helm-charts/pull/656](https://github.com/vmware-tanzu/helm-charts/pull/656) #### New Contributors - [@​neo-liang-sap](https://github.com/neo-liang-sap) made their first contribution in [https://github.com/vmware-tanzu/helm-charts/pull/656](https://github.com/vmware-tanzu/helm-charts/pull/656) **Full Changelog**: vmware-tanzu/helm-charts@velero-8.7.0...velero-8.7.1 ### [`v8.7.0`](https://github.com/vmware-tanzu/helm-charts/releases/tag/velero-8.7.0) [Compare Source](https://github.com/vmware-tanzu/helm-charts/compare/velero-8.6.0...velero-8.7.0) A Helm chart for velero #### What's Changed - \[velero] Fix/notes template by [@​spralexx](https://github.com/spralexx) in [https://github.com/vmware-tanzu/helm-charts/pull/654](https://github.com/vmware-tanzu/helm-charts/pull/654) #### New Contributors - [@​spralexx](https://github.com/spralexx) made their first contribution in [https://github.com/vmware-tanzu/helm-charts/pull/654](https://github.com/vmware-tanzu/helm-charts/pull/654) **Full Changelog**: vmware-tanzu/helm-charts@velero-8.6.0...velero-8.7.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [x] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
## Description After #1428 was introduced, I noticed that `uds run dev-setup` began to fail due to the `Exemptions` Custom Resource not yet being registered on the target cluster. This PR introduces an additional step to `dev-setup` that calls the `registerCRDs` function to create the `Exemptions` CRD. ## Type of change - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Steps to Validate ``` $ uds run dev-setup ``` ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
## Description This introduces a breaking change to the UDS Operator. As part of our ongoing work to introduce ambient mesh support to UDS Core, we have made the decision to restrict consumers to creating one UDS Package custom resource in any given namespace. This PR introduces this change to the operator. Notable changes: - Adds a new Pepr watch for `UDSPackage` - Adds a `PackageStore` intended to serve as an in-memory map of all namespaces that have packages - Adds a check to package validator that will block the creation of a UDSPackage if there is a preexisting UDSPackage in the target namespace This change has limited backwards compatibility. Users with namespaces that have one or more Package CR may be prevented from making additional modifications to their existing Package CRs. Delete actions against these Package CRs will never be blocked, but updates/patches can be. Users are encouraged to elect a single Package CR to remain in the namespace and migrate configurations accordingly. ## Related Issue Fixes #1352 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Steps to Validate ```bash # check out this branch and then run: $ uds run dev-setup # deploy the operator $ npx pepr deploy # create a test package in a valid namespace: $ kubectl create ns test $ kubectl apply -f - <<EOF apiVersion: uds.dev/v1alpha1 kind: Package metadata: name: foo labels: {} namespace: test spec: {} EOF package.uds.dev/foo created # create a new package in the same namespace: $ kubectl apply -f - <<EOF apiVersion: uds.dev/v1alpha1 kind: Package metadata: name: foo-1 labels: {} namespace: test spec: {} EOF Error from server: error when creating "STDIN": admission webhook "pepr-uds-core.pepr.dev" denied the request: A package with the name "foo" already exists in the namespace "test". Only one package can exist in a namespace. # apply an update to the existing package $ kubectl apply -f - <<EOF apiVersion: uds.dev/v1alpha1 kind: Package metadata: name: foo namespace: test spec: {} EOF package.uds.dev/foo configured ``` ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
…1447) ## Description As a result of #1428, we are now guaranteed that the ambient component is deployed with the base layer. The PR removes code that handled "conditional ambient components" with a fallback to sidecar mode if the component was not deployed. Note: If we did require a revert of the required ambient component for any reason, this PR should be reverted as well (to re-add the handling of conditional ambient). ## Related Issue N/A ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [c] Other (security config, docs update, etc) ## Steps to Validate Tests should adequately cover this change (noting that the fallback test was deleted). ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [defenseunicorns/uds-cli](https://github.com/defenseunicorns/uds-cli) | minor | `v0.25.0` -> `v0.26.1` | | [defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common) | minor | `v1.12.0` -> `v1.13.0` | | [defenseunicorns/uds-k3d](https://github.com/defenseunicorns/uds-k3d) | patch | `0.12.1` -> `0.12.2` | | ghcr.io/defenseunicorns/packages/uds-k3d | patch | `0.12.1` -> `0.12.2` | --- ### Release Notes <details> <summary>defenseunicorns/uds-cli (defenseunicorns/uds-cli)</summary> ### [`v0.26.1`](https://github.com/defenseunicorns/uds-cli/releases/tag/v0.26.1) [Compare Source](https://github.com/defenseunicorns/uds-cli/compare/v0.26.0...v0.26.1) ### What's Changed - Upgrades included Zarf to version v0.51.0 ([#​1120](https://github.com/defenseunicorns/uds-cli/issues/1120)) - A previous change to how signed packages were handled was reverted. There should be no backwards incompatibilities with the change, but please report any that are found ([#​1115](https://github.com/defenseunicorns/uds-cli/issues/1115)) **NOTE:** due to an issue with our release process, a tag was created for v0.26.0 which was never used to create an actual GitHub release which hosted binaries. After the fix was made to the release process, the v0.26.1 tag was created for the actual release. **Full Changelog**: defenseunicorns/uds-cli@v0.25.0...v0.26.1 ### [`v0.26.0`](https://github.com/defenseunicorns/uds-cli/compare/v0.25.0...v0.26.0) [Compare Source](https://github.com/defenseunicorns/uds-cli/compare/v0.25.0...v0.26.0) </details> <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v1.13.0`](https://github.com/defenseunicorns/uds-common/releases/tag/v1.13.0) [Compare Source](https://github.com/defenseunicorns/uds-common/compare/v1.12.0...v1.13.0) ##### Features - add ignored_version input to republish task ([#​458](https://github.com/defenseunicorns/uds-common/issues/458)) ([b84304b](https://github.com/defenseunicorns/uds-common/commit/b84304b0b10af4eed4b543f910067a51c543e588)) ##### Miscellaneous - **deps:** update uds common support dependencies ([#​457](https://github.com/defenseunicorns/uds-common/issues/457)) ([fccaae8](https://github.com/defenseunicorns/uds-common/commit/fccaae85e93148338290af72c9e87c9afdb73ea4)) </details> <details> <summary>defenseunicorns/uds-k3d (defenseunicorns/uds-k3d)</summary> ### [`v0.12.2`](https://github.com/defenseunicorns/uds-k3d/releases/tag/v0.12.2) [Compare Source](https://github.com/defenseunicorns/uds-k3d/compare/v0.12.1...v0.12.2) ##### Miscellaneous - **deps:** update dependency defenseunicorns/uds-common to v1.11.2 ([#​157](https://github.com/defenseunicorns/uds-k3d/issues/157)) ([5fa71c2](https://github.com/defenseunicorns/uds-k3d/commit/5fa71c20643815bb088e8a78c0551eac2c0aa811)) - **deps:** update dependency defenseunicorns/uds-common to v1.12.0 ([#​159](https://github.com/defenseunicorns/uds-k3d/issues/159)) ([1467cca](https://github.com/defenseunicorns/uds-k3d/commit/1467ccad61c3c7a590d7eb4c039f4214836944ac)) - **deps:** update dependency defenseunicorns/uds-common to v1.13.0 ([#​161](https://github.com/defenseunicorns/uds-k3d/issues/161)) ([5659569](https://github.com/defenseunicorns/uds-k3d/commit/56595690eca6d2b2964b3df2f6f6f94ba8fc17a6)) - **deps:** update githubactions to v0.26.1 ([#​162](https://github.com/defenseunicorns/uds-k3d/issues/162)) ([2289530](https://github.com/defenseunicorns/uds-k3d/commit/228953032ccbf2f11af1628896c4a9409bcafebb)) - update minio, switch to quay nginx ([#​160](https://github.com/defenseunicorns/uds-k3d/issues/160)) ([1203d08](https://github.com/defenseunicorns/uds-k3d/commit/1203d08990bd4b0bd745d4aa4591b01ce69ea26c)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMzUuMiIsInVwZGF0ZWRJblZlciI6IjM5LjIzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cgr.dev/du-uds-defenseunicorns/vector](https://images.chainguard.dev/directory/image/vector/overview) ([source](https://github.com/chainguard-images/images-private/tree/HEAD/images/vector)) | minor | `0.45.0` -> `0.46.0` | | [registry1.dso.mil/ironbank/opensource/timberio/vector](https://vector.dev/) ([source](https://repo1.dso.mil/dsop/opensource/timberio/vector)) | minor | `0.45.0` -> `0.46.0` | | [timberio/vector](https://vector.dev) ([source](https://github.com/vectordotdev/vector)) | minor | `0.45.0-distroless-static` -> `0.46.0-distroless-static` | | [vector](https://vector.dev/) ([source](https://github.com/vectordotdev/helm-charts)) | minor | `0.41.0` -> `0.42.0` | --- ### Release Notes <details> <summary>vectordotdev/helm-charts (vector)</summary> ### [`v0.42.0`](https://github.com/vectordotdev/helm-charts/blob/HEAD/CHANGELOG.md#vector-0420---2025-04-08) [Compare Source](https://github.com/vectordotdev/helm-charts/compare/vector-0.41.2...vector-0.42.0) ##### Vector ##### Bug Fixes - Quote namespace strings ([#​464](https://github.com/vectordotdev/helm-charts/issues/464)) ([f7530f3](https://github.com/vectordotdev/helm-charts/commit/f7530f3c457773cd51e30be78772d7197e24496b)) - Set podmonitor namespace ([#​451](https://github.com/vectordotdev/helm-charts/issues/451)) ([93b30c0](https://github.com/vectordotdev/helm-charts/commit/93b30c0a8feb1c63c520977f58fcfdd603dafc69)) - Quote namespace strings ([#​465](https://github.com/vectordotdev/helm-charts/issues/465)) ([d11451c](https://github.com/vectordotdev/helm-charts/commit/d11451c72148735d9fd2cb4a4a250e913663386e)) ##### Features - Support tpl for init and extra containers. ([#​469](https://github.com/vectordotdev/helm-charts/issues/469)) ([a3878ea](https://github.com/vectordotdev/helm-charts/commit/a3878eab9efc2477c4a97cc5a0e5920132836177)) - Update Vector version to 0.46.0 ([#​471](https://github.com/vectordotdev/helm-charts/issues/471)) ([7af43f5](https://github.com/vectordotdev/helm-charts/commit/7af43f5c299505451869261d2efd8e1dbfb018fe)) - Regenerate CHANGELOG for 0.46.0 ([6c37e82](https://github.com/vectordotdev/helm-charts/commit/6c37e828c80044ac4a94fc8acffcc465ce1aefe0)) ### [`v0.41.2`](https://github.com/vectordotdev/helm-charts/compare/vector-0.41.0...vector-0.41.2) [Compare Source](https://github.com/vectordotdev/helm-charts/compare/vector-0.41.0...vector-0.41.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMzUuMiIsInVwZGF0ZWRJblZlciI6IjM5LjIzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [kubernetes-fluent-client](https://github.com/defenseunicorns/kubernetes-fluent-client) | [`3.4.7` -> `3.4.8`](https://renovatebot.com/diffs/npm/kubernetes-fluent-client/3.4.7/3.4.8) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>defenseunicorns/kubernetes-fluent-client (kubernetes-fluent-client)</summary> ### [`v3.4.8`](https://github.com/defenseunicorns/kubernetes-fluent-client/releases/tag/v3.4.8) [Compare Source](https://github.com/defenseunicorns/kubernetes-fluent-client/compare/v3.4.7...v3.4.8) ##### Bug Fixes - override generated endpoint class to correct type ([#​619](https://github.com/defenseunicorns/kubernetes-fluent-client/issues/619)) ([2e63dc9](https://github.com/defenseunicorns/kubernetes-fluent-client/commit/2e63dc9429d41bd72aba14f64f62e752faa80bfb)), closes [#​618](https://github.com/defenseunicorns/kubernetes-fluent-client/issues/618) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMzguMCIsInVwZGF0ZWRJblZlciI6IjM5LjIzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [terraform-aws-modules/s3-bucket/aws](https://registry.terraform.io/modules/terraform-aws-modules/s3-bucket/aws) ([source](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket)) | module | patch | `4.6.0` -> `4.6.1` | --- ### Release Notes <details> <summary>terraform-aws-modules/terraform-aws-s3-bucket (terraform-aws-modules/s3-bucket/aws)</summary> ### [`v4.6.1`](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/blob/HEAD/CHANGELOG.md#461-2025-04-10) [Compare Source](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/compare/v4.6.0...v4.6.1) ##### Bug Fixes - Timeout if SQS policy created without explicit version in notification module ([#​321](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/issues/321)) ([1b1ca55](https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/commit/1b1ca553669bbca0a0c42378a1bab3af5302df4f)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMzguMCIsInVwZGF0ZWRJblZlciI6IjM5LjIzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
## Description Opt the prometheus-stack package into ambient mode. Cleanup ambient directory and combine with the common directory. Operator changes to allow prometheus port in Deny and CUSTOM authorizationpolicies, also remove unnecessary operator pieces. ## Related Issue Fixes #1423 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed BEGIN_COMMIT_OVERRIDE feat!: opt prometheus stack into ambient (#1445) BREAKING CHANGE: Prevents creation of Istio ServiceMonitors via TLS configs on top of core Users can no longer create ServiceMonitors for Istio by layering TLS configuration on top of the core package. This breaks setups that relied on unmutated ServiceMonitors with custom TLS, which were previously allowed. END_COMMIT_OVERRIDE --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | Type | Update | |---|---|---|---|---|---|---|---| | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`22.14.0` -> `22.14.1`](https://renovatebot.com/diffs/npm/@types%2fnode/22.14.0/22.14.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [actions/setup-node](https://github.com/actions/setup-node) | `v4.3.0` -> `v4.4.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | action | minor | | [kubernetes-fluent-client](https://github.com/defenseunicorns/kubernetes-fluent-client) | [`3.4.8` -> `3.4.10`](https://renovatebot.com/diffs/npm/kubernetes-fluent-client/3.4.8/3.4.10) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | | [ts-jest](https://kulshekhar.github.io/ts-jest) ([source](https://github.com/kulshekhar/ts-jest)) | [`29.3.1` -> `29.3.2`](https://renovatebot.com/diffs/npm/ts-jest/29.3.1/29.3.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | devDependencies | patch | --- ### Release Notes <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4.4.0`](https://github.com/actions/setup-node/compare/v4.3.0...v4.4.0) [Compare Source](https://github.com/actions/setup-node/compare/v4.3.0...v4.4.0) </details> <details> <summary>defenseunicorns/kubernetes-fluent-client (kubernetes-fluent-client)</summary> ### [`v3.4.10`](https://github.com/defenseunicorns/kubernetes-fluent-client/releases/tag/v3.4.10) [Compare Source](https://github.com/defenseunicorns/kubernetes-fluent-client/compare/v3.4.9...v3.4.10) ##### Bug Fixes - export generic-kind ([#​624](https://github.com/defenseunicorns/kubernetes-fluent-client/issues/624)) ([02b48c3](https://github.com/defenseunicorns/kubernetes-fluent-client/commit/02b48c3f89ddd56d93103515a1b3a11012009204)) ### [`v3.4.9`](https://github.com/defenseunicorns/kubernetes-fluent-client/releases/tag/v3.4.9) [Compare Source](https://github.com/defenseunicorns/kubernetes-fluent-client/compare/v3.4.8...v3.4.9) ##### Bug Fixes - fix ep ([#​623](https://github.com/defenseunicorns/kubernetes-fluent-client/issues/623)) ([88f08af](https://github.com/defenseunicorns/kubernetes-fluent-client/commit/88f08afc2741c5c02a911e0653da82fc8121328c)), closes [#​622](https://github.com/defenseunicorns/kubernetes-fluent-client/issues/622) [#​620](https://github.com/defenseunicorns/kubernetes-fluent-client/issues/620) [#​620](https://github.com/defenseunicorns/kubernetes-fluent-client/issues/620) </details> <details> <summary>kulshekhar/ts-jest (ts-jest)</summary> ### [`v29.3.2`](https://github.com/kulshekhar/ts-jest/blob/HEAD/CHANGELOG.md#2932-2025-04-12) [Compare Source](https://github.com/kulshekhar/ts-jest/compare/v29.3.1...v29.3.2) ##### Bug Fixes - fix: transpile `js` files from `node_modules` whenever Jest asks ([968370e](https://github.com/kulshekhar/ts-jest/commit/968370e)), closes [#​4637](https://github.com/kulshekhar/ts-jest/issues/4637) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMzguMCIsInVwZGF0ZWRJblZlciI6IjM5LjIzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com>
## Description Fixes broken link to Velero documentation, as the path was changed ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Steps to Validate - If this PR introduces new functionality to UDS Core or addresses a bug, please document the steps to test the changes. ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
…#1459) ## Description Adds new zarf vars for the proxy cpu and memory requests. These are overridden in the single-layer testing to ensure these tests still fit on the smaller runners used. ## Related Issue N/A ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Steps to Validate Run a single layer test, for example: ```console uds run test-single-layer --set LAYER=runtime-security --set FLAVOR=unicorn ``` Then validate that each pod (that is istio injected) has lower sidecar requests for resources. ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
mjnagel
reviewed
Apr 17, 2025
mjnagel
reviewed
Apr 17, 2025
mjnagel
reviewed
Apr 17, 2025
Contributor
mjnagel
left a comment
mjnagel
left a comment
There was a problem hiding this comment.
LGTM overall, pending CI of course. Could we kick off some IAC runs as well (could modify a comment in the files to trigger or something like that) to get confidence this works well on all flavors across all 3 distros?
Contributor
|
This PR includes new and updated patches to the
Also noting that when using |
noahpb
reviewed
Apr 17, 2025
mjnagel
approved these changes
Apr 18, 2025
chance-coleman
approved these changes
Apr 18, 2025
noahpb
added a commit
that referenced
this pull request
Apr 22, 2025
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cgr.dev/du-uds-defenseunicorns/neuvector-controller-fips](https://images.chainguard.dev/directory/image/neuvector-controller-fips/overview) ([source](https://github.com/chainguard-images/images-private/tree/HEAD/images/neuvector-fips)) | patch | `5.4.2` -> `5.4.3` | | [cgr.dev/du-uds-defenseunicorns/neuvector-enforcer-fips](https://images.chainguard.dev/directory/image/neuvector-enforcer-fips/overview) ([source](https://github.com/chainguard-images/images-private/tree/HEAD/images/neuvector-fips)) | patch | `5.4.2` -> `5.4.3` | | [cgr.dev/du-uds-defenseunicorns/neuvector-manager](https://images.chainguard.dev/directory/image/neuvector-manager/overview) ([source](https://github.com/chainguard-images/images-private/tree/HEAD/images/neuvector)) | patch | `5.4.2` -> `5.4.3` | | [core](https://neuvector.com) ([source](https://github.com/neuvector/neuvector-helm)) | patch | `2.8.4` -> `2.8.5` | | [crd](https://neuvector.com) | patch | `2.8.4` -> `2.8.5` | | [docker.io/neuvector/controller](https://www.suse.com/products/base-container-images/) ([source](https://sources.suse.com/SUSE:SLE-15-SP6:Update:CR/micro-image/19856e79d950c4baf0d9cc9c3e07c2f3/)) | patch | `5.4.2` -> `5.4.3` | | [docker.io/neuvector/enforcer](https://www.suse.com/products/base-container-images/) ([source](https://sources.suse.com/SUSE:SLE-15-SP6:Update:CR/micro-image/19856e79d950c4baf0d9cc9c3e07c2f3/)) | patch | `5.4.2` -> `5.4.3` | | [docker.io/neuvector/manager](https://www.suse.com/products/base-container-images/) ([source](https://sources.suse.com/SUSE:SLE-15-SP6:Update:CR/micro-image/19856e79d950c4baf0d9cc9c3e07c2f3/)) | patch | `5.4.2` -> `5.4.3` | | [monitor](https://neuvector.com) | patch | `2.8.4` -> `2.8.5` | | [registry1.dso.mil/ironbank/neuvector/neuvector/controller](https://open-docs.neuvector.com/) ([source](https://repo1.dso.mil/dsop/neuvector/neuvector/controller)) | patch | `5.4.2` -> `5.4.3` | | [registry1.dso.mil/ironbank/neuvector/neuvector/enforcer](https://open-docs.neuvector.com/) ([source](https://repo1.dso.mil/dsop/neuvector/neuvector/enforcer)) | patch | `5.4.2` -> `5.4.3` | | [registry1.dso.mil/ironbank/neuvector/neuvector/manager](https://open-docs.neuvector.com/) ([source](https://repo1.dso.mil/dsop/neuvector/neuvector/manager)) | patch | `5.4.2` -> `5.4.3` | --- ### Release Notes <details> <summary>neuvector/neuvector-helm (core)</summary> ### [`v2.8.5`](https://github.com/neuvector/neuvector-helm/releases/tag/v2.8.5): Release 2.8.5 [Compare Source](https://github.com/neuvector/neuvector-helm/compare/v2.8.4...v2.8.5) ##### What's Changed - chore: bump compliance-config version by [@​holyspectral](https://github.com/holyspectral) in [https://github.com/neuvector/neuvector-helm/pull/469](https://github.com/neuvector/neuvector-helm/pull/469) - NVSHAS-9426 Add hostPath for scanner to helm chart by [@​venkateshjayagopal](https://github.com/venkateshjayagopal) in [https://github.com/neuvector/neuvector-helm/pull/470](https://github.com/neuvector/neuvector-helm/pull/470) - NVSHAS-9748 \[Helm] NV helm update for supporting name referral for common groups in CRD by [@​venkateshjayagopal](https://github.com/venkateshjayagopal) in [https://github.com/neuvector/neuvector-helm/pull/472](https://github.com/neuvector/neuvector-helm/pull/472) - chore: update codeowners by [@​holyspectral](https://github.com/holyspectral) in [https://github.com/neuvector/neuvector-helm/pull/476](https://github.com/neuvector/neuvector-helm/pull/476) - chore: update image tags for 5.4.3 by [@​holyspectral](https://github.com/holyspectral) in [https://github.com/neuvector/neuvector-helm/pull/475](https://github.com/neuvector/neuvector-helm/pull/475) **Full Changelog**: neuvector/neuvector-helm@v2.8.4...v2.8.5 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com> Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com> Co-authored-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com> Co-authored-by: Noah <40781376+noahpb@users.noreply.github.com> Co-authored-by: Brandi McCall <117415095+bm54cloud@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: UnicornChance <chance@defenseunicorns.com> Co-authored-by: Noah Birrer <noah@defenseunicorns.com>
noahpb
pushed a commit
that referenced
this pull request
Apr 29, 2025
🤖 I have created a release *beep* *boop* --- ## [0.41.0](v0.40.1...v0.41.0) (2025-04-28) ### Features * add conditional netpol for coredns ([#1501](#1501)) ([fc7ace3](fc7ace3)) * client credential registration default ([#1482](#1482)) ([894c5d9](894c5d9)) * keycloak fips mode ([#1469](#1469)) ([74e632e](74e632e)) * operator ambient mode ([#1496](#1496)) ([71f03fd](71f03fd)) * opt Grafana into ambient ([#1466](#1466)) ([dac2d3e](dac2d3e)) * opt logging into ambient ([#1472](#1472)) ([117d586](117d586)) * opt metrics-server into ambient ([#1458](#1458)) ([01c2ec6](01c2ec6)) * opt velero into ambient ([#1490](#1490)) ([a0591c7](a0591c7)) ### Bug Fixes * **ci:** permissions on release workflow ([#1507](#1507)) ([cb12f13](cb12f13)) * **ci:** renovate readiness version loop fix ([#1488](#1488)) ([a40c15b](a40c15b)) * update loki images to fips images ([#1502](#1502)) ([eb20b4e](eb20b4e)) ### Miscellaneous * **ci:** automated renovate readiness action checks ([#1465](#1465)) ([ed0ca6b](ed0ca6b)) * **ci:** switch eks CI to FIPS ami, update to 1.31 k8s testing ([#1474](#1474)) ([7307d03](7307d03)) * **deps:** update grafana ([#1489](#1489)) ([0c063f1](0c063f1)) * **deps:** update istio to v1.25.2 ([#1461](#1461)) ([1067560](1067560)) * **deps:** update istio to v1.3.0 ([#1491](#1491)) ([9066584](9066584)) * **deps:** update keycloak to v0.13.0 ([#1506](#1506)) ([04d42ef](04d42ef)) * **deps:** update keycloak to v26.2.0 ([#1452](#1452)) ([927a57b](927a57b)) * **deps:** update keycloak to v26.2.1 ([#1486](#1486)) ([d68cad8](d68cad8)) * **deps:** update loki ([#1483](#1483)) ([3a697df](3a697df)) * **deps:** update neuvector ([#1417](#1417)) ([4c0d95d](4c0d95d)) * **deps:** update pepr ([#1454](#1454)) ([a98640f](a98640f)) * **deps:** update support dependencies to v4.7.0 ([#1477](#1477)) ([dcee0a3](dcee0a3)) * **deps:** update support-deps ([#1473](#1473)) ([3d9d501](3d9d501)) * **deps:** update support-deps ([#1480](#1480)) ([c41f359](c41f359)) * **deps:** update support-deps ([#1481](#1481)) ([cc2af2b](cc2af2b)) * **deps:** update support-deps ([#1487](#1487)) ([cdcba75](cdcba75)) * **deps:** update support-deps ([#1493](#1493)) ([88cbf29](88cbf29)) * **deps:** update support-deps ([#1497](#1497)) ([f308176](f308176)) * **deps:** update velero ([#1453](#1453)) ([7330ea9](7330ea9)) * **deps:** update velero ([#1492](#1492)) ([ff504c0](ff504c0)) * **deps:** update velero to v1.32.4 ([#1484](#1484)) ([06709e8](06709e8)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
mjnagel
added a commit
to BagelLab/uds-core
that referenced
this pull request
Nov 14, 2025
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cgr.dev/du-uds-defenseunicorns/neuvector-controller-fips](https://images.chainguard.dev/directory/image/neuvector-controller-fips/overview) ([source](https://github.com/chainguard-images/images-private/tree/HEAD/images/neuvector-fips)) | patch | `5.4.2` -> `5.4.3` | | [cgr.dev/du-uds-defenseunicorns/neuvector-enforcer-fips](https://images.chainguard.dev/directory/image/neuvector-enforcer-fips/overview) ([source](https://github.com/chainguard-images/images-private/tree/HEAD/images/neuvector-fips)) | patch | `5.4.2` -> `5.4.3` | | [cgr.dev/du-uds-defenseunicorns/neuvector-manager](https://images.chainguard.dev/directory/image/neuvector-manager/overview) ([source](https://github.com/chainguard-images/images-private/tree/HEAD/images/neuvector)) | patch | `5.4.2` -> `5.4.3` | | [core](https://neuvector.com) ([source](https://github.com/neuvector/neuvector-helm)) | patch | `2.8.4` -> `2.8.5` | | [crd](https://neuvector.com) | patch | `2.8.4` -> `2.8.5` | | [docker.io/neuvector/controller](https://www.suse.com/products/base-container-images/) ([source](https://sources.suse.com/SUSE:SLE-15-SP6:Update:CR/micro-image/19856e79d950c4baf0d9cc9c3e07c2f3/)) | patch | `5.4.2` -> `5.4.3` | | [docker.io/neuvector/enforcer](https://www.suse.com/products/base-container-images/) ([source](https://sources.suse.com/SUSE:SLE-15-SP6:Update:CR/micro-image/19856e79d950c4baf0d9cc9c3e07c2f3/)) | patch | `5.4.2` -> `5.4.3` | | [docker.io/neuvector/manager](https://www.suse.com/products/base-container-images/) ([source](https://sources.suse.com/SUSE:SLE-15-SP6:Update:CR/micro-image/19856e79d950c4baf0d9cc9c3e07c2f3/)) | patch | `5.4.2` -> `5.4.3` | | [monitor](https://neuvector.com) | patch | `2.8.4` -> `2.8.5` | | [registry1.dso.mil/ironbank/neuvector/neuvector/controller](https://open-docs.neuvector.com/) ([source](https://repo1.dso.mil/dsop/neuvector/neuvector/controller)) | patch | `5.4.2` -> `5.4.3` | | [registry1.dso.mil/ironbank/neuvector/neuvector/enforcer](https://open-docs.neuvector.com/) ([source](https://repo1.dso.mil/dsop/neuvector/neuvector/enforcer)) | patch | `5.4.2` -> `5.4.3` | | [registry1.dso.mil/ironbank/neuvector/neuvector/manager](https://open-docs.neuvector.com/) ([source](https://repo1.dso.mil/dsop/neuvector/neuvector/manager)) | patch | `5.4.2` -> `5.4.3` | --- ### Release Notes <details> <summary>neuvector/neuvector-helm (core)</summary> ### [`v2.8.5`](https://github.com/neuvector/neuvector-helm/releases/tag/v2.8.5): Release 2.8.5 [Compare Source](https://github.com/neuvector/neuvector-helm/compare/v2.8.4...v2.8.5) ##### What's Changed - chore: bump compliance-config version by [@​holyspectral](https://github.com/holyspectral) in [https://github.com/neuvector/neuvector-helm/pull/469](https://github.com/neuvector/neuvector-helm/pull/469) - NVSHAS-9426 Add hostPath for scanner to helm chart by [@​venkateshjayagopal](https://github.com/venkateshjayagopal) in [https://github.com/neuvector/neuvector-helm/pull/470](https://github.com/neuvector/neuvector-helm/pull/470) - NVSHAS-9748 \[Helm] NV helm update for supporting name referral for common groups in CRD by [@​venkateshjayagopal](https://github.com/venkateshjayagopal) in [https://github.com/neuvector/neuvector-helm/pull/472](https://github.com/neuvector/neuvector-helm/pull/472) - chore: update codeowners by [@​holyspectral](https://github.com/holyspectral) in [https://github.com/neuvector/neuvector-helm/pull/476](https://github.com/neuvector/neuvector-helm/pull/476) - chore: update image tags for 5.4.3 by [@​holyspectral](https://github.com/holyspectral) in [https://github.com/neuvector/neuvector-helm/pull/475](https://github.com/neuvector/neuvector-helm/pull/475) **Full Changelog**: neuvector/neuvector-helm@v2.8.4...v2.8.5 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com> Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com> Co-authored-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com> Co-authored-by: Noah <40781376+noahpb@users.noreply.github.com> Co-authored-by: Brandi McCall <117415095+bm54cloud@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: UnicornChance <chance@defenseunicorns.com> Co-authored-by: Noah Birrer <noah@defenseunicorns.com>
mjnagel
pushed a commit
to BagelLab/uds-core
that referenced
this pull request
Nov 14, 2025
🤖 I have created a release *beep* *boop* --- ## [0.41.0](defenseunicorns/uds-core@v0.40.1...v0.41.0) (2025-04-28) ### Features * add conditional netpol for coredns ([defenseunicorns#1501](defenseunicorns#1501)) ([fc7ace3](defenseunicorns@fc7ace3)) * client credential registration default ([defenseunicorns#1482](defenseunicorns#1482)) ([894c5d9](defenseunicorns@894c5d9)) * keycloak fips mode ([defenseunicorns#1469](defenseunicorns#1469)) ([74e632e](defenseunicorns@74e632e)) * operator ambient mode ([defenseunicorns#1496](defenseunicorns#1496)) ([71f03fd](defenseunicorns@71f03fd)) * opt Grafana into ambient ([defenseunicorns#1466](defenseunicorns#1466)) ([dac2d3e](defenseunicorns@dac2d3e)) * opt logging into ambient ([defenseunicorns#1472](defenseunicorns#1472)) ([117d586](defenseunicorns@117d586)) * opt metrics-server into ambient ([defenseunicorns#1458](defenseunicorns#1458)) ([01c2ec6](defenseunicorns@01c2ec6)) * opt velero into ambient ([defenseunicorns#1490](defenseunicorns#1490)) ([a0591c7](defenseunicorns@a0591c7)) ### Bug Fixes * **ci:** permissions on release workflow ([defenseunicorns#1507](defenseunicorns#1507)) ([cb12f13](defenseunicorns@cb12f13)) * **ci:** renovate readiness version loop fix ([defenseunicorns#1488](defenseunicorns#1488)) ([a40c15b](defenseunicorns@a40c15b)) * update loki images to fips images ([defenseunicorns#1502](defenseunicorns#1502)) ([eb20b4e](defenseunicorns@eb20b4e)) ### Miscellaneous * **ci:** automated renovate readiness action checks ([defenseunicorns#1465](defenseunicorns#1465)) ([ed0ca6b](defenseunicorns@ed0ca6b)) * **ci:** switch eks CI to FIPS ami, update to 1.31 k8s testing ([defenseunicorns#1474](defenseunicorns#1474)) ([7307d03](defenseunicorns@7307d03)) * **deps:** update grafana ([defenseunicorns#1489](defenseunicorns#1489)) ([0c063f1](defenseunicorns@0c063f1)) * **deps:** update istio to v1.25.2 ([defenseunicorns#1461](defenseunicorns#1461)) ([1067560](defenseunicorns@1067560)) * **deps:** update istio to v1.3.0 ([defenseunicorns#1491](defenseunicorns#1491)) ([9066584](defenseunicorns@9066584)) * **deps:** update keycloak to v0.13.0 ([defenseunicorns#1506](defenseunicorns#1506)) ([04d42ef](defenseunicorns@04d42ef)) * **deps:** update keycloak to v26.2.0 ([defenseunicorns#1452](defenseunicorns#1452)) ([927a57b](defenseunicorns@927a57b)) * **deps:** update keycloak to v26.2.1 ([defenseunicorns#1486](defenseunicorns#1486)) ([d68cad8](defenseunicorns@d68cad8)) * **deps:** update loki ([defenseunicorns#1483](defenseunicorns#1483)) ([3a697df](defenseunicorns@3a697df)) * **deps:** update neuvector ([defenseunicorns#1417](defenseunicorns#1417)) ([4c0d95d](defenseunicorns@4c0d95d)) * **deps:** update pepr ([defenseunicorns#1454](defenseunicorns#1454)) ([a98640f](defenseunicorns@a98640f)) * **deps:** update support dependencies to v4.7.0 ([defenseunicorns#1477](defenseunicorns#1477)) ([dcee0a3](defenseunicorns@dcee0a3)) * **deps:** update support-deps ([defenseunicorns#1473](defenseunicorns#1473)) ([3d9d501](defenseunicorns@3d9d501)) * **deps:** update support-deps ([defenseunicorns#1480](defenseunicorns#1480)) ([c41f359](defenseunicorns@c41f359)) * **deps:** update support-deps ([defenseunicorns#1481](defenseunicorns#1481)) ([cc2af2b](defenseunicorns@cc2af2b)) * **deps:** update support-deps ([defenseunicorns#1487](defenseunicorns#1487)) ([cdcba75](defenseunicorns@cdcba75)) * **deps:** update support-deps ([defenseunicorns#1493](defenseunicorns#1493)) ([88cbf29](defenseunicorns@88cbf29)) * **deps:** update support-deps ([defenseunicorns#1497](defenseunicorns#1497)) ([f308176](defenseunicorns@f308176)) * **deps:** update velero ([defenseunicorns#1453](defenseunicorns#1453)) ([7330ea9](defenseunicorns@7330ea9)) * **deps:** update velero ([defenseunicorns#1492](defenseunicorns#1492)) ([ff504c0](defenseunicorns@ff504c0)) * **deps:** update velero to v1.32.4 ([defenseunicorns#1484](defenseunicorns#1484)) ([06709e8](defenseunicorns@06709e8)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.4.2->5.4.35.4.2->5.4.35.4.2->5.4.32.8.4->2.8.52.8.4->2.8.55.4.2->5.4.35.4.2->5.4.35.4.2->5.4.32.8.4->2.8.55.4.2->5.4.35.4.2->5.4.35.4.2->5.4.3Release Notes
neuvector/neuvector-helm (core)
v2.8.5: Release 2.8.5Compare Source
What's Changed
Full Changelog: neuvector/neuvector-helm@v2.8.4...v2.8.5
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.