results-collection icon indicating copy to clipboard operation
results-collection copied to clipboard

Published 20 hours ago verified publisher icon web-platform-tests

Bump buildbot from 1.1.0 to 1.8.2 in /provisioning/configuration/roles/buildbot-worker/files

Open dependabot[bot] opened this issue 5 years ago • 0 comments

Bumps buildbot from 1.1.0 to 1.8.2.

Release notes

Sourced from buildbot's releases.

v1.8.2

Bug fixes

  • Fix vulnerability in OAuth where user-submitted authorization token was used for authentication (https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication). Thanks to Phillip Kuhrt for reporting it.

v1.8.1

Bug fixes

  • Fix CRLF injection vulnerability with validating user provided redirect parameters (https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code) Thanks to mik317 and mariadb for reporting it.

v1.8.0

Bug fixes

  • Fix a regression present in v1.7.0 which caused buildrequests waiting for a lock that got released by an unrelated build not be scheduled (:issue:4491)
  • Don't run builds that request an instance with incompatible properties on Docker, Marathon and OpenStack latent workers.
  • Gitpoller now fetches only branches that are known to exist on remote. Non-existing branches are quietly ignored.
  • The demo repo in sample configuration files and the tutorial is now fetched via https: instead of git: to make life easier for those behind firewalls and/or using proxies.
  • buildbot sendchange has been fixed on Python 3 (:issue:4138)

Features

  • Add a :py:class:~buildbot.worker.kubernetes.KubeLatentWorker to launch workers into a kubernetes cluster
  • Simplify/automate configuration of worker as Windows service - eliminate manual configuration of Log on as a service

Deprecations and Removals

  • The deprecated BuildMaster.addBuildset method has been removed. Use BuildMaster.data.updates.addBuildset instead.
  • The deprecated BuildMaster.addChange method has been removed. Use BuildMaster.data.updates.addChange instead.
  • buildbot package now requires Twisted versions >= 17.9.0. This is required for Python 3 support. Earlier versions of Twisted are not supported.

v1.7.0

... (truncated)
Commits
  • e2db879 Merge pull request #4789 from p12tic/1.8.x-release
  • a844457 docs: Update spelling word list
  • 0fb4417 relnotes: Add relnote for v1.8.2
  • cdced04 relnotes: Add relnote for v1.8.1
  • 4bcf908 Merge pull request #4787 from p12tic/1.8.x-fix-tests
  • 7b08a43 www: Pin buildbot-data upper version at 2.2.4
  • 2de0d7f Merge pull request #4784 from p12tic/1.8.x-no-token
  • bdd886e smokes: Log how exactly webdriver-manager is invoked
  • bdeaf36 smokes: Update webdriver script to new version of webdriver-manager
  • 805f3d8 smokes: Upgrade dependencies to bring in webdriver 12.1.4
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

dependabot[bot] avatar May 29 '19 18:05 dependabot[bot]