Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump salt from 2015.8.1 to 3003.5 in /salt #1

Closed
wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 30, 2023

Bumps salt from 2015.8.1 to 3003.5.

Release notes

Sourced from salt's releases.

v3003.5

No release notes provided.

v3003.4

No release notes provided.

v3003.3

No release notes provided.

v3003.2

WARNING: The tarball generated by GitHub will not have the correct version information when using a version not ending in .0 . Please use the tarball generated by SaltStack instead. See issue #41847 for more information.

Official Salt packages can be found at https://repo.saltproject.io/

v3003.1

WARNING: The tarball generated by GitHub will not have the correct version information when using a version not ending in .0 . Please use the tarball generated by SaltStack instead. See issue #41847 for more information.

Official Salt packages can be found at https://repo.saltproject.io/

v3003

WARNING: The tarball generated by GitHub will not have the correct version information when using a version not ending in .0 . Please use the tarball generated by SaltStack instead. See issue #41847 for more information.

Official Salt packages can be found at https://repo.saltproject.io/

v3002.9

No release notes provided.

v3002.8

No release notes provided.

v3002.7

WARNING: The tarball generated by GitHub will not have the correct version information when using a version not ending in .0 . Please use the tarball generated by SaltStack instead. See issue #41847 for more information.

Official Salt packages can be found at https://repo.saltproject.io/

v3002.6

WARNING: The tarball generated by GitHub will not have the correct version information when using a version not ending in .0 . Please use the tarball generated by SaltStack instead. See issue #41847 for more information.

Official Salt packages can be found at https://repo.saltproject.io/

v3002.5

WARNING: The tarball generated by GitHub will not have the correct version information when using a version not ending in .0 . Please use the tarball generated by SaltStack instead. See issue #41847 for more information.

Official Salt packages can be found at https://repo.saltproject.io/

v3002.4

WARNING: The tarball generated by GitHub will not have the correct version information when using a version not ending in .0 . Please use the tarball generated by SaltStack instead. See issue #41847 for more information.

Official Salt packages can be found at https://repo.saltproject.io/

... (truncated)

Changelog

Sourced from salt's changelog.

Salt 3003.5 (2022-07-05)

Fixed

  • Update Markup and contextfunction imports for jinja versions >=3.1. (#61848)
  • Fix bug in tcp transport (#61865)
  • Make sure the correct key is being used when verifying or validating communication, eg. when a Salt syndic is involved use syndic_master.pub and when a Salt minion is involved use minion_master.pub. (#61868)

Security

  • Fixed PAM auth to reject auth attempt if user account is locked. (cve-2022-22967)

Salt 3003.4 (2022-02-25)

Security

  • Sign authentication replies to prevent MiTM (cve-2022-22935)
  • Prevent job and fileserver replays (cve-2022-22936)
  • Sign pillar data to prevent MiTM attacks. (cve-2202-22934)
  • Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) (#60413)
  • Fix denial of service in junos ifconfig output parsing.

Salt 3003.3 (2021-08-20)

Fixed

Security

  • Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004)
  • Ensure that sourced file is cached using its hash name (cve-2021-21996)

Salt 3003.2 (2021-07-29)

Fixed

  • Periodically restart the fileserver update process to avoid leaks (#50313)
  • Add ssh_timeout to kwargs in deploy_script (#59901)
  • Update the external ipaddress to the latest 3.9.5 version which has some security fixes. Updating the compat.p to use the vendored version if the python version is below 3.9.5 and only run the test_ipaddress.py tests if below 3.9.5. (#60168)
  • Use the right crypto library for salt.utils.crypt.reinit_crypto (#60215)
  • Stop SSH from hanging if connection is lost. Also added args to customize grace period. (#60216)
  • Improve reliability of Terminal class (#60504)
  • Ignore configuration for 'enable_fqdns_grains' for AIX, Solaris and Juniper, assume False (#60529)

... (truncated)

Commits
  • 3fa1e4c Merge pull request #460 from Ch3LL/docs_3003.5
  • 683b21b Update release notes and man pages for 3003.5
  • 88e9b86 Merge pull request #319 from saltstack/issue/3003.5/61865
  • 40478bc Fix tests on MacOS
  • 58d5517 Fix the test_zeromq_filtering test
  • fe9fb01 Fix bug in tcp transport
  • 3d53101 Merge pull request #305 from saltstack/cve/3003.4-pam-auth-fix
  • 08acb9b pre-commit fixes
  • 42bbee0 Skip PAM auth tests on Windows
  • 124a6f0 rewrite hook changes
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [salt](https://github.com/saltstack/salt) from 2015.8.1 to 3003.5.
- [Release notes](https://github.com/saltstack/salt/releases)
- [Changelog](https://github.com/saltstack/salt/blob/master/CHANGELOG.md)
- [Commits](saltstack/salt@v2015.8.1...v3003.5)

---
updated-dependencies:
- dependency-name: salt
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 30, 2023
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Sep 6, 2023

Superseded by #2.

@dependabot dependabot bot closed this Sep 6, 2023
@dependabot dependabot bot deleted the dependabot/pip/salt/salt-3003.5 branch September 6, 2023 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants