Backport fixes to release 2.8 (#4135)

* fix: CVE-2022-3172 (#3693) Signed-off-by: Pedro Tanaka <[email protected]> * fix: Respect optional parameter inside envs for ScaledJobs (#3694) Signed-off-by: Jorge Turrado <[email protected]> Signed-off-by: Pedro Tanaka <[email protected]> * fix(prometheus scaler): Detect Inf before casting float to int (#3762) * fix(prometheus scaler): Detect Inf before casting float to int Signed-off-by: Jorge Turrado <[email protected]> * Improve the log message Signed-off-by: Jorge Turrado <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> Signed-off-by: Pedro Tanaka <[email protected]> * fix(nats-jetstream): correctly count messages that should be redelivered (waiting for ack) towards keda value (#3809) * fix: keda now include the messages that should be retried in the count of pending messages used for scaling Signed-off-by: Antoine Laffargue <[email protected]> * chore: update changelog Signed-off-by: Antoine Laffargue <[email protected]> Signed-off-by: Antoine Laffargue <[email protected]> Signed-off-by: Pedro Tanaka <[email protected]> * NewRelic scaler crashes on logging (#3946) Signed-off-by: Laszlo Kishalmi <[email protected]> Signed-off-by: Laszlo Kishalmi <[email protected]> Signed-off-by: Pedro Tanaka <[email protected]> Signed-off-by: Pedro Tanaka <[email protected]> * Fix stackdriver client returning 0 for metric types of double (#3788) * Update stackdriver client to handle metrics of value type double Signed-off-by: Eric Takemoto <[email protected]> * move change log note to below general Signed-off-by: Eric Takemoto <[email protected]> * parse activation value as float64 Signed-off-by: Eric Takemoto <[email protected]> * change target value to float64 for GCP pub/sub and stackdriver Signed-off-by: Eric Takemoto <[email protected]> Signed-off-by: Eric Takemoto <[email protected]> Signed-off-by: Pedro Tanaka <[email protected]> * Fixing conflicts after cherry-pick Signed-off-by: Pedro Tanaka <[email protected]> * fix: Close is called twice on PushScaler's deletion (#3599) Signed-off-by: ytz <[email protected]> Signed-off-by: taenyang <[email protected]> Signed-off-by: Pedro Tanaka <[email protected]> * fix/datadog-scaler-null-last-point (#3954) Signed-off-by: Tony Lee <[email protected]> Signed-off-by: Tony Lee <[email protected]> Signed-off-by: Zbynek Roubalik <[email protected]> Co-authored-by: Tony Lee <[email protected]> Co-authored-by: Zbynek Roubalik <[email protected]> Signed-off-by: Pedro Tanaka <[email protected]> * fix(mongodb): escape username and password (#3989) Fixes #3992 Signed-off-by: Pedro Tanaka <[email protected]> * Hacking generated files to version CI expects Signed-off-by: Pedro Tanaka <[email protected]> * Updating aws-sdk and golang packages to fix CVEs Signed-off-by: Pedro Tanaka <[email protected]> * Updating golang/text package to fix CVE Signed-off-by: Pedro Tanaka <[email protected]> * Using same version of aws sdk as in main Signed-off-by: Pedro Tanaka <[email protected]> Signed-off-by: Pedro Tanaka <[email protected]> Signed-off-by: Jorge Turrado <[email protected]> Signed-off-by: Antoine Laffargue <[email protected]> Signed-off-by: Pedro Tanaka <[email protected]> Signed-off-by: Laszlo Kishalmi <[email protected]> Signed-off-by: Eric Takemoto <[email protected]> Signed-off-by: ytz <[email protected]> Signed-off-by: taenyang <[email protected]> Signed-off-by: Tony Lee <[email protected]> Signed-off-by: Tony Lee <[email protected]> Signed-off-by: Zbynek Roubalik <[email protected]> Co-authored-by: Jorge Turrado Ferrero <[email protected]> Co-authored-by: Antoine LAFFARGUE <[email protected]> Co-authored-by: Laszlo Kishalmi <[email protected]> Co-authored-by: Eric Takemoto <[email protected]> Co-authored-by: taenyang <[email protected]> Co-authored-by: Tony Lee <[email protected]> Co-authored-by: Tony Lee <[email protected]> Co-authored-by: Zbynek Roubalik <[email protected]>
kedacore · Jan 19, 2023 · e0ba57d · e0ba57d
1 parent fde94f9
commit e0ba57d
Show file tree

Hide file tree

Showing 22 changed files with 455 additions and 152 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -17,7 +17,7 @@ linters:
     - goprintffuncname
     - govet
     - nolintlint
-    - rowserrcheck
+    #- rowserrcheck
     - gofmt
     - revive
     - goimports
@@ -27,8 +27,6 @@ linters:
     - ineffassign
     - staticcheck
     - exportloopref
-    - structcheck
-    - deadcode
     - depguard
     - dogsled
     - errcheck
@@ -40,7 +38,6 @@ linters:
     - gosimple
     - stylecheck
     - unused
-    - varcheck
     - unparam
     - unconvert
     - whitespace
@@ -91,7 +88,11 @@ issues:
     - path: stan_scaler.go
       linters:
         - dupl
-
+    # Exclude for datadog_scaler, reason:
+    # Introduce new parameters to fix DataDog API response issue #3906 (PR #3954)
+    - path: datadog_scaler.go
+      linters:
+        - gocyclo
 linters-settings:
   funlen:
     lines: 80

diff --git a/BUILD.md b/BUILD.md
@@ -138,7 +138,10 @@ Follow these instructions if you want to debug the KEDA operator using VS Code.
             "request": "launch",
             "mode": "debug",
             "program": "${workspaceFolder}/main.go",
-            "env": {"WATCH_NAMESPACE": ""}
+            "env": {
+                "WATCH_NAMESPACE": "",
+                "KEDA_CLUSTER_OBJECT_NAMESPACE": "keda"
+            }
         }
     ]
    }
@@ -171,7 +174,10 @@ Follow these instructions if you want to debug the KEDA metrics server using VS
             "request": "launch",
             "mode": "auto",
             "program": "${workspaceFolder}/adapter/main.go",
-            "env": {"WATCH_NAMESPACE": ""},
+            "env": {
+                "WATCH_NAMESPACE": "",
+                "KEDA_CLUSTER_OBJECT_NAMESPACE": "keda"
+            },
             "args": [
                 "--authentication-kubeconfig=PATH_TO_YOUR_KUBECONFIG",
                 "--authentication-skip-lookup",

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -40,7 +40,16 @@ To learn more about our roadmap, we recommend reading [this document](ROADMAP.md
 
 ### Fixes
 
-- TODO ([#XXX](https://github.com/kedacore/keda/issue/XXX))
+- **General:** Provide patch for CVE-2022-3172 vulnerability ([#3690](https://github.com/kedacore/keda/issues/3690))
+- **General:** Respect optional parameter inside envs for ScaledJobs ([#3568](https://github.com/kedacore/keda/issues/3568))
+- **General:** Close is called twice on PushScaler's deletion ([#3881](https://github.com/kedacore/keda/issues/3881))
+- **Azure Blob Scaler** Store forgotten logger ([#3811](https://github.com/kedacore/keda/issues/3811))
+- **Datadog Scaler** The last data point of some specific query is always null ([#3906](https://github.com/kedacore/keda/issues/3906))
+- **GCP Stackdriver Scalar:** Update Stackdriver client to handle detecting double and int64 value types ([#3777](https://github.com/kedacore/keda/issues/3777))
+- **MongoDB Scaler:** Username/password can contain `:/?#[]@` ([#3992](https://github.com/kedacore/keda/issues/3992))
+- **New Relic Scaler** Store forgotten logger ([#3945](https://github.com/kedacore/keda/issues/3945))
+- **Prometheus Scaler:** Treat Inf the same as Null result ([#3644](https://github.com/kedacore/keda/issues/3644))
+- **NATS Jetstream:** Correctly count messages that should be redelivered (waiting for ack) towards keda value ([#3787](https://github.com/kedacore/keda/issues/3787))
 
 ### Deprecations
 

diff --git a/go.mod b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/DataDog/datadog-api-client-go v1.16.0
 	github.com/Huawei/gophercloud v1.0.21
 	github.com/Shopify/sarama v1.36.0
-	github.com/aws/aws-sdk-go v1.44.88
+	github.com/aws/aws-sdk-go v1.44.150
 	github.com/denisenkom/go-mssqldb v0.12.2
 	github.com/dysnix/predictkube-libs v0.0.4-0.20220717101015-44c816c4fb9c
 	github.com/dysnix/predictkube-proto v0.0.0-20220713123213-7135dce1e9c9
@@ -61,15 +61,15 @@ require (
 	google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf
 	google.golang.org/grpc v1.49.0
 	google.golang.org/protobuf v1.28.1
-	k8s.io/api v0.24.3
-	k8s.io/apimachinery v0.24.3
-	k8s.io/apiserver v0.24.3
-	k8s.io/client-go v0.24.3
-	k8s.io/code-generator v0.24.3
+	k8s.io/api v0.24.5
+	k8s.io/apimachinery v0.24.5
+	k8s.io/apiserver v0.24.4
+	k8s.io/client-go v0.24.5
+	k8s.io/code-generator v0.24.4
 	k8s.io/klog/v2 v2.70.2-0.20220707122935-0990e81f1a8f
 	k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42
 	k8s.io/metrics v0.24.3
-	knative.dev/pkg v0.0.0-20220826162920-93b66e6a8700
+	knative.dev/pkg v0.0.0-20220909150730-20aabd56be23
 	sigs.k8s.io/controller-runtime v0.12.3
 	sigs.k8s.io/custom-metrics-apiserver v1.24.0
 )
@@ -92,10 +92,13 @@ replace (
 	golang.org/x/crypto => golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b
 
 	// https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-42836
-	golang.org/x/text => golang.org/x/text v0.3.7
+	golang.org/x/text => golang.org/x/text v0.3.8
 
 	// Needed for CVE-2022-28948 https://www.cve.org/CVERecord?id=CVE-2022-28948
 	gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1
+
+	// Needed for CVE-2022-3172 https://bugzilla.redhat.com/show_bug.cgi?id=2127804
+	k8s.io/apimachinery => k8s.io/apimachinery v0.24.5
 )
 
 require (
@@ -258,15 +261,15 @@ require (
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.19.1 // indirect
 	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
-	golang.org/x/net v0.0.0-20220809184613-07c6da5e1ced // indirect
+	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
+	golang.org/x/net v0.5.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 // indirect
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
-	golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/sys v0.4.0 // indirect
+	golang.org/x/term v0.4.0 // indirect
+	golang.org/x/text v0.6.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
-	golang.org/x/tools v0.1.10 // indirect
+	golang.org/x/tools v0.1.12 // indirect
 	golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
@@ -276,8 +279,8 @@ require (
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.24.2 // indirect
-	k8s.io/component-base v0.24.3 // indirect
+	k8s.io/apiextensions-apiserver v0.24.4 // indirect
+	k8s.io/component-base v0.24.5 // indirect
 	k8s.io/gengo v0.0.0-20220613173612-397b4ae3bce7 // indirect
 	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
 	nhooyr.io/websocket v1.8.7 // indirect