From dbacbf2eb224e0c0bb945fc1ca8aac60595e9d6e Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Wed, 1 Nov 2023 12:07:32 +0000 Subject: [PATCH] Update CHANGELOG.md for v1.5.3 release (#3176) * Update CHANGELOG.md for v1.5.3 release * Add google/trillian/pull/3173 in CHANGELOG.md --- CHANGELOG.md | 136 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 132 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index df3164813d..6268e48cf8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,15 +2,143 @@ ## HEAD -* Update dependencies - * update google.golang.org/grpc to v1.59.0 to fix CVE-2023-44487 (https://github.com/advisories/GHSA-qppj-fm5r-hxr3) -* Export logserver read counter metric together with logIDs +## v1.5.3 + * Recommended go version for development: 1.20 * This is the version used by the cloudbuild presubmits. Using a different version can lead to presubmits failing due to unexpected diffs. -## v.1.5.2 +### Storage + +#### MySQL + +* mysql: check for error when getting subtrees by @jsha in https://github.com/google/trillian/pull/3173 + +### Documentation + +* Added comments to show how snippets were generated by @mhutchinson in https://github.com/google/trillian/pull/3048 + +### Misc + +* Export logserver read counter metric together with logIDs by @phbnf in https://github.com/google/trillian/pull/3077 +* Register DoFns by @AlCutter in https://github.com/google/trillian/pull/3083 +* Add docker package-ecosystem to Dependabot config by @roger2hk in https://github.com/google/trillian/pull/3038 +* Fix CVE vulnerabilities in mysql base Docker image by @roger2hk in https://github.com/google/trillian/pull/3037 +* Fix db_server Docker image vulnerabilities by @roger2hk in https://github.com/google/trillian/pull/3049 +* Add missing docker and npm Dependabot configs by @roger2hk in https://github.com/google/trillian/pull/3062 +* Add govulncheck GitHub action by @roger2hk in https://github.com/google/trillian/pull/3089 +* Pin Dockerfile base images by hash by @roger2hk in https://github.com/google/trillian/pull/3090 +* Pin golang/govulncheck-action by hash by @roger2hk in https://github.com/google/trillian/pull/3091 +* Pin Dockerfile base images by hash by @roger2hk in https://github.com/google/trillian/pull/3093 +* Add top level read-only permission in govulncheck.yml by @roger2hk in https://github.com/google/trillian/pull/3092 + +### Dependency updates + +* Bump go.etcd.io/etcd/etcdctl/v3 from 3.5.8 to 3.5.9 by @dependabot in https://github.com/google/trillian/pull/3003 +* Bump google.golang.org/api from 0.121.0 to 0.122.0 by @dependabot in https://github.com/google/trillian/pull/3006 +* Bump golang.org/x/tools from 0.8.0 to 0.9.1 by @dependabot in https://github.com/google/trillian/pull/3005 +* Bump github.com/apache/beam/sdks/v2 from 2.47.0-RC3 to 2.47.0 by @dependabot in https://github.com/google/trillian/pull/3000 +* Bump golang.org/x/crypto from 0.8.0 to 0.9.0 by @dependabot in https://github.com/google/trillian/pull/3007 +* Bump go.etcd.io/etcd/v3 from 3.5.8 to 3.5.9 by @dependabot in https://github.com/google/trillian/pull/3004 +* Bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in https://github.com/google/trillian/pull/3008 +* Bump google.golang.org/api from 0.122.0 to 0.123.0 by @dependabot in https://github.com/google/trillian/pull/3010 +* Bump github/codeql-action from 2.3.3 to 2.3.5 by @dependabot in https://github.com/google/trillian/pull/3013 +* Bump github/codeql-action from 2.3.5 to 2.3.6 by @dependabot in https://github.com/google/trillian/pull/3020 +* Bump golang.org/x/tools from 0.9.1 to 0.9.3 by @dependabot in https://github.com/google/trillian/pull/3016 +* Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.3 to 2.3.4 by @dependabot in https://github.com/google/trillian/pull/3017 +* Bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @dependabot in https://github.com/google/trillian/pull/3021 +* Bump golang.org/x/sys from 0.8.0 to 0.9.0 by @dependabot in https://github.com/google/trillian/pull/3025 +* Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @dependabot in https://github.com/google/trillian/pull/3027 +* Bump github/codeql-action from 2.3.6 to 2.13.4 by @dependabot in https://github.com/google/trillian/pull/3026 +* Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in https://github.com/google/trillian/pull/3028 +* Bump golang.org/x/tools from 0.9.3 to 0.10.0 by @dependabot in https://github.com/google/trillian/pull/3029 +* Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.4 to 2.3.5 by @dependabot in https://github.com/google/trillian/pull/3035 +* Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in https://github.com/google/trillian/pull/3030 +* Update mysql Dockerfile base image from ubuntu:trusty to ubuntu:jammy by @roger2hk in https://github.com/google/trillian/pull/3036 +* Bump golang.org/x/tools from 0.10.0 to 0.11.0 by @dependabot in https://github.com/google/trillian/pull/3044 +* Bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in https://github.com/google/trillian/pull/3039 +* Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 by @dependabot in https://github.com/google/trillian/pull/3041 +* Bump golang.org/x/tools from 0.11.0 to 0.12.0 by @dependabot in https://github.com/google/trillian/pull/3055 +* Bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in https://github.com/google/trillian/pull/3059 +* Bump google-auth-library from 8.7.0 to 9.0.0 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3069 +* Bump golang from 1.19-buster to 1.20-buster in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3064 +* Bump alpine from 3.8 to 3.18 in /examples/deployment/docker/envsubst by @dependabot in https://github.com/google/trillian/pull/3067 +* Bump golang from 1.19-buster to 1.20-buster in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3065 +* Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot in https://github.com/google/trillian/pull/3063 +* Bump golang from 1.19-buster to 1.20-buster in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3066 +* Bump golang from 1.19-buster to 1.20-buster in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3071 +* Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in https://github.com/google/trillian/pull/3076 +* Bump go from 1.19 to 1.20 by @mhutchinson in https://github.com/google/trillian/pull/3080 +* Bump golang.org/x/sys from 0.11.0 to 0.12.0 by @dependabot in https://github.com/google/trillian/pull/3081 +* Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in https://github.com/google/trillian/pull/3082 +* Bump golang.org/x/crypto from 0.12.0 to 0.13.0 by @dependabot in https://github.com/google/trillian/pull/3084 +* Bump golang.org/x/tools from 0.12.0 to 0.13.0 by @dependabot in https://github.com/google/trillian/pull/3086 +* Bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in https://github.com/google/trillian/pull/3085 +* Bump Go version in Docker base images to 1.20.8-bookworm by @roger2hk in https://github.com/google/trillian/pull/3094 +* Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3100 +* Bump gcr.io/kaniko-project/executor from 1.6.0 to 1.15.0 by @roger2hk in https://github.com/google/trillian/pull/3095 +* Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3098 +* Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3097 +* Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3099 +* Bump golang from `d3114db` to `a0b3bc4` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3104 +* Bump golang from `d3114db` to `a0b3bc4` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3105 +* Bump golang from `d3114db` to `a0b3bc4` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3106 +* Bump golang from `d3114db` to `a0b3bc4` in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3107 +* Bump golang from `e06b3a4` to `114b9cc` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3108 +* Bump trillian-opensource-ci/mysql5 from `51cc6df` to `edf7def` in /examples/deployment/docker/db_server by @dependabot in https://github.com/google/trillian/pull/3110 +* Bump golang from `a0b3bc4` to `114b9cc` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3109 +* Bump golang from `a0b3bc4` to `114b9cc` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3111 +* Bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in https://github.com/google/trillian/pull/3117 +* Bump golang from `114b9cc` to `9c7ea4a` in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3116 +* Bump golang from `114b9cc` to `9c7ea4a` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3114 +* Bump golang from `114b9cc` to `9c7ea4a` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3115 +* Bump nick-fields/retry from 2.8.3 to 2.9.0 by @dependabot in https://github.com/google/trillian/pull/3119 +* Bump trillian-opensource-ci/mysql5 from `edf7def` to `f45c849` in /examples/deployment/docker/db_server by @dependabot in https://github.com/google/trillian/pull/3120 +* Bump golang from `9c7ea4a` to `61f84bc` in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3121 +* Bump golang from `9c7ea4a` to `61f84bc` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3124 +* Bump golang from `9c7ea4a` to `61f84bc` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3122 +* Bump alpine from `7144f7b` to `eece025` in /examples/deployment/docker/envsubst by @dependabot in https://github.com/google/trillian/pull/3125 +* Bump golang from `9c7ea4a` to `61f84bc` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3123 +* Bump ubuntu from `aabed32` to `9b8dec3` in /examples/deployment/kubernetes/mysql/image by @dependabot in https://github.com/google/trillian/pull/3127 +* Bump distroless/base-debian12 from `d64f548` to `cc22d6d` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3128 +* Bump distroless/base-debian12 from `d64f548` to `cc22d6d` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3129 +* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3134 +* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3135 +* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3136 +* Bump golang from `0bd76fd` to `a44d05d` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3137 +* Bump ossf/scorecard-action from 2.2.0 to 2.3.0 by @dependabot in https://github.com/google/trillian/pull/3139 +* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3138 +* Bump distroless/base-debian12 from `cc22d6d` to `5be49de` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3141 +* Bump distroless/base-debian12 from `cc22d6d` to `5be49de` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3142 +* Bump trillian-opensource-ci/mysql5 from `f45c849` to `99d6043` in /examples/deployment/docker/db_server by @dependabot in https://github.com/google/trillian/pull/3143 +* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3147 +* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3145 +* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3148 +* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3144 +* Bump go-version-input from 1.20.8 to 1.20.10 in govulncheck by @roger2hk in https://github.com/google/trillian/pull/3151 +* Bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in https://github.com/google/trillian/pull/3150 +* Bump @slack/webhook from 5.0.4 to 7.0.0 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3130 +* Bump google-auth-library from 9.0.0 to 9.1.0 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3126 +* Bump golang from `efde471` to `5cc7ddc` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3156 +* Bump golang from `efde471` to `5cc7ddc` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3155 +* Bump golang from `efde471` to `20f9ab5` in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3152 +* Bump golang from `efde471` to `20f9ab5` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3154 +* Bump golang from `5cc7ddc` to `20f9ab5` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3158 +* Bump ubuntu from `9b8dec3` to `2b7412e` in /examples/deployment/kubernetes/mysql/image by @dependabot in https://github.com/google/trillian/pull/3157 +* Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in https://github.com/google/trillian/pull/3160 +* Bump ossf/scorecard-action from 2.3.0 to 2.3.1 by @dependabot in https://github.com/google/trillian/pull/3164 +* Bump google.golang.org/grpc to 1.59.0 fixing CVE-2023-44487 (https://github.com/advisories/GHSA-qppj-fm5r-hxr3) by @cpanato in https://github.com/google/trillian/pull/3166 +* Bump distroless/base-debian12 from `5be49de` to `1dfdb5e` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3167 +* Bump google-auth-library from 9.1.0 to 9.2.0 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3168 +* Bump distroless/base-debian12 from `5be49de` to `1dfdb5e` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3169 +* Bump trillian-opensource-ci/mysql5 from `99d6043` to `c079e4e` in /examples/deployment/docker/db_server by @dependabot in https://github.com/google/trillian/pull/3161 +* Bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible by @dependabot in https://github.com/google/trillian/pull/3170 +* Bump trillian-opensource-ci/mysql5 from `c079e4e` to `3f355be` in /examples/deployment/docker/db_server by @dependabot in https://github.com/google/trillian/pull/3171 +* Bump @slack/webhook from 7.0.0 to 7.0.1 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3172 +* Bump @google-cloud/functions-framework from 1.3.2 to 3.3.0 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3072 + +## v1.5.2 * Recommended go version for development: 1.19 * This is the version used by the cloudbuild presubmits. Using a