build(deps-dev): bump next from 14.0.4 to 14.1.1 in /website #16
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
`packer init' is meant to be invoked on a template file or a directory. This was described in the command-line help message as `[template.pkr.hcl|folder]'. Because this is encapsulated between square brackets, this could be taken as an option instead of a positional, mandatory argument. This commit changes the wording to adopt a similar convention as `packer build', so the two are consistent in how they are invoked, and to avoid mistaking this argument as optional.
The `packer init' command's wording was not clear, so it was changed in a preceding commit, and this commit aims to add more details on how the command is meant to be used, along with a simple example.
Starting with Go 1.19 the loading of binaries from the current working directory was deemed as a possible security problem. Thus the use of exec.Command or exec.LookPath no longer resolves an executable within the current working directory. This change updates the discover logic to return absolute paths for any discovered plugin, which is called directly when passed to exec.Command or exec.LookPath. By doing this Packer is able to load a custom plugin sitting in the current working directory as it did in version prior to v1.9.2.
When copying a plugin's checksum file (packer-plugin-*_SHA256SUM) installed by `packer plugins install` or `packer init` into a separate directory the file may be copied with the executable bit turned out. If unchanged after the copy, Packer would discover the checksum file as a possible plugin match and error when trying to execute describe on the plugin look a like. This change adds a checksum file test to the plugin matching logic. If the discovered plugin name is a checksum it is excluded from the discovered plugin list.
* Add test case for loading plugin in CWD * Add test case to validate checksume files are ignored * Update Discover to include CWD "." in PluginFolders if KnowPluginFolders is unset
Since the main branch is not called master anymore, and the anchor was renamed, we fix both these changes in the link to that page from the README.
In addition to the `release-light' target, we add a `release_full' target to the Dockerfile, so that we can ship an image of Packer with the official plugins pre-bundled in their latest version.
The Docker images release-light and release-full are not to be built locally from a dev build, but from a release, and the commands to build those images are only referenced in CI, so we don't need to ship them as part of the makefile. In addition, those images are not straightforward to build from the Makefile, as they require quite a few things from the environment, as well as the binary installed in a specific location, which is never setup by the rest of the Makefile. Therefore, we opted to simplify the Makefile so that it only builds docker-dev for local use.
* Remove repetitive log statement The log being removed is duplicated each time evalContext is called, which seems like an unneeded debug log.
The version of the golang.org/x/net we used (v0.8.0), is vulnerable to a rendering issue, potentially escaping text that should not be, which can enable other attacks then. Packer itself is not vulnerable to the CVE as we don't render web pages, but security checks do point it as an issue, so we fix it by updating the dependencies. CVE refrerence: GO-2023-1988
* Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at https://hashi.co/license-faq, and details of the license at www.hashicorp.com/bsl. * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Since we added support for PLSPs recently, and it will be released as part of 1.9.3, we add some documentation regarding the environment variables we added, and a note regarding their relation to PLSP support.
…rp#12575) Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Since this feature is no longer something we plan to activate later, as it contradicts with our efforts to remove bundled plugins, and encouraging users to move to either manually installing plugins, or managing them through `packer init', we clean-up the code for this feature.
Invoking Packer with the CHECKPOINT_DISABLE env. variable the telemetry reporter is left uninitialized in order to disable telemetry reporting. Any method calls on the nil reporter is expected to check if the reporter is active or in NOOP mode. This change fixes a crash when calling SetBundledUsage() on a nil CheckpointTelemetry type that occurs when using a bundled plugin with CHECKPOINT_DISABLE=1.
The source parsing logic was heavily directed towards Github compatible source URIs, however if we want to support more cases, we need to make sure we are able to specify those URIs, and to load plugins installed from those sources. Right now, since the getters available are only github.com, we will not support remotely instlling plugins from sources other than github.com, with the same set of constraints as before. However, we do support now installing from a local plugin binary to any kind of source, and we support loading them, including if a template wants this plugin installed locally with version constraints.
….0 (hashicorp#12942) Bumps [github.com/hashicorp/hcp-sdk-go](https://github.com/hashicorp/hcp-sdk-go) from 0.92.0 to 0.93.0. - [Release notes](https://github.com/hashicorp/hcp-sdk-go/releases) - [Changelog](https://github.com/hashicorp/hcp-sdk-go/blob/main/CHANGELOG.md) - [Commits](hashicorp/hcp-sdk-go@v0.92.0...v0.93.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/hcp-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Add general code improvements
Bumps [ejs](https://github.com/mde/ejs) to 3.1.10 and updates ancestor dependency [@hashicorp/platform-cli](https://github.com/hashicorp/web-platform-packages/tree/HEAD/packages/cli). These dependencies need to be updated together. Updates `ejs` from 3.1.5 to 3.1.10 - [Release notes](https://github.com/mde/ejs/releases) - [Commits](mde/ejs@v3.1.5...v3.1.10) Updates `@hashicorp/platform-cli` from 2.1.0 to 2.8.0 - [Release notes](https://github.com/hashicorp/web-platform-packages/releases) - [Changelog](https://github.com/hashicorp/web-platform-packages/blob/main/packages/cli/CHANGELOG.md) - [Commits](https://github.com/hashicorp/web-platform-packages/commits/@hashicorp/platform-cli@2.8.0/packages/cli) --- updated-dependencies: - dependency-name: ejs dependency-type: indirect - dependency-name: "@hashicorp/platform-cli" dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
…orp#12958) * Bump required actions to address Node.js 16 deprecation issue * Update all tsccr approved actions ```shell tsccr-helper gha update -latest . ```
…com:inloco/packer into security/upgrade
…thub.com:inloco/packer into security/upgrade
Security/upgrade
fix: git tag point to the latest version
ci: remove almost deprecated action
upgrade packer plugins
Bumps [next](https://github.com/vercel/next.js) from 14.0.4 to 14.1.1. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.0.4...v14.1.1) --- updated-dependencies: - dependency-name: next dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps next from 14.0.4 to 14.1.1.
Commits
5f59ee5v14.1.1f48b90beven more7f789f4more timeoutab71c4cupdate timeout75f60d9update trigger release workflow74b3f0fServer Action tests (#62655)a6946b6Backport metadata fixes (#62663)4002f4bFix draft mode invariant (#62121)7dbf6f8fix: babel usage with next/image (#61835)3efc842Fix next/server apit push alias for ESM pkg (#61721)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.