{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":243394576,"defaultBranch":"main","name":"pixie","ownerLogin":"pixie-io","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-02-27T00:22:45.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/82631609?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1715029121.0","currentOid":""},"activityList":{"items":[{"before":"cd22e1aff1ddc7436913b6336c82cb19a4389c04","after":"79886a48cd2f8a1b77a57b2a314dfe708454f8ce","ref":"refs/heads/main","pushedAt":"2024-05-09T03:12:16.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Exclude DaemonSets (PEMs) from modification by a Vizier's nodeSelector (#1887)\n\nSummary: Exclude DaemonSets (PEMs) from modification by a Vizier's\r\nnodeSelector\r\n\r\nThis accomplishes part of #1861. The remaining work is to include new\r\nadditional node selector configuration values that only apply to PEMs --\r\nsimilar to how `pemMemoryLimit` and `pemMemoryRequest` work. From my\r\ninvestigation so far, it appears that adding the PEM specific selectors\r\nwill require a different implementation (via the vizier yaml templating\r\non the Pixie cloud side) and so I thought staging this in two changes\r\nmade sense.\r\n\r\nRelevant Issues: #1861\r\n\r\nType of change: /kind bug\r\n\r\nTest Plan: Skaffolded a vizier operator and verified that setting a\r\n`kubernetes.io/hostname` node selector no longer prevents PEMs from\r\nbeing scheduled on all nodes\r\n\r\nChangelog Message: Fixed an issue that caused the `Vizier` CRD to apply\r\nnode selectors to pods that should be scheduled on all nodes\r\n(DaemonSets)\r\n\r\n---------\r\n\r\nSigned-off-by: Dom Delnano ","shortMessageHtmlLink":"Exclude DaemonSets (PEMs) from modification by a Vizier's nodeSelector ("}},{"before":null,"after":"d7b436961b663a15ba7ff8eebca9f9313d84607e","ref":"refs/heads/dependabot/pip/src/stirling/source_connectors/socket_tracer/protocols/amqp/amqp_code_generator/jinja2-3.1.4","pushedAt":"2024-05-06T20:58:41.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump jinja2\n\nBumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4.\n- [Release notes](https://github.com/pallets/jinja/releases)\n- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)\n- [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4)\n\n---\nupdated-dependencies:\n- dependency-name: jinja2\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump jinja2"}},{"before":null,"after":"147038c271df5f485094b32bd7ea8ebf05dc0c60","ref":"refs/heads/dependabot/pip/src/api/python/doc/jinja2-3.1.4","pushedAt":"2024-05-06T20:57:08.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump jinja2 from 3.1.3 to 3.1.4 in /src/api/python/doc\n\nBumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4.\n- [Release notes](https://github.com/pallets/jinja/releases)\n- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)\n- [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4)\n\n---\nupdated-dependencies:\n- dependency-name: jinja2\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump jinja2 from 3.1.3 to 3.1.4 in /src/api/python/doc"}},{"before":"8a4c1d80139a34d1df6ce102700c7b83e7ebb0fa","after":null,"ref":"refs/heads/dependabot/pip/src/datagen/pii/privy/jinja2-3.1.3","pushedAt":"2024-05-06T19:48:42.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"99263890f9baffe1130c4f60126222a2c51d4dcd","ref":"refs/heads/dependabot/pip/src/datagen/pii/privy/jinja2-3.1.4","pushedAt":"2024-05-06T19:48:36.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump jinja2 from 3.1.2 to 3.1.4 in /src/datagen/pii/privy\n\nBumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.4.\n- [Release notes](https://github.com/pallets/jinja/releases)\n- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)\n- [Commits](https://github.com/pallets/jinja/compare/3.1.2...3.1.4)\n\n---\nupdated-dependencies:\n- dependency-name: jinja2\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump jinja2 from 3.1.2 to 3.1.4 in /src/datagen/pii/privy"}},{"before":"051df1f94e69dc79555a77813602114a15154609","after":"cd22e1aff1ddc7436913b6336c82cb19a4389c04","ref":"refs/heads/main","pushedAt":"2024-05-06T16:21:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"vihangm","name":"Vihang Mehta","path":"/vihangm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1444638?s=80&v=4"},"commit":{"message":"[bot][releases] Update readme with link to latest operator release. (#1890)\n\nSummary: TSIA\n\nType of change: /kind cleanup\n\nTest Plan: N/A\n\nSigned-off-by: pixie-io-buildbot ","shortMessageHtmlLink":"[bot][releases] Update readme with link to latest operator release. (#…"}},{"before":"f7b0b9daf2568d7a99d29fbde707201fe6f14159","after":"7b8fad57e2e44ffd722178a970207590c372c408","ref":"refs/heads/gh-pages","pushedAt":"2024-05-06T15:59:05.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"Update artifact manifest\n\nSigned-off-by: pixie-io-buildbot ","shortMessageHtmlLink":"Update artifact manifest"}},{"before":"e61fc4ccad0f9b8c0325a72c29354ba1fad26ab2","after":"f7b0b9daf2568d7a99d29fbde707201fe6f14159","ref":"refs/heads/gh-pages","pushedAt":"2024-05-06T15:54:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"Release Helm chart\n\nSigned-off-by: pixie-io-buildbot ","shortMessageHtmlLink":"Release Helm chart"}},{"before":"f30a32ef110402ea468fe75beba55227144a809e","after":"051df1f94e69dc79555a77813602114a15154609","ref":"refs/heads/main","pushedAt":"2024-05-06T02:59:24.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Upgrade OLM to v0.27.0 (#1889)\n\nSummary: Upgrade OLM to v0.27.0\r\n\r\nRelevant Issues: N/A\r\n\r\nType of change: /kind dependencies\r\n\r\nTest Plan: Verified that the\r\n[v0.1.5-pre-z0v27.0](https://github.com/pixie-io/pixie/releases/tag/release%2Foperator%2Fv0.1.5-pre-z0v27.0)\r\noperator pre-release passed the release checklist\r\n\r\nChangelog Message: Upgrade OLM from v0.24 to v0.27.0. This fixes an\r\nissue where OLM could not be scheduled on an ARM only k8s cluster (see\r\nhttps://github.com/operator-framework/operator-lifecycle-manager/pull/2958\r\nfor more details)\r\n\r\n---------\r\n\r\nSigned-off-by: Dom Delnano ","shortMessageHtmlLink":"Upgrade OLM to v0.27.0 (#1889)"}},{"before":null,"after":"597f76952848bfb72a9b0d050ff80e6f4b0b0fba","ref":"refs/heads/dependabot/pip/src/datagen/pii/privy/tqdm-4.66.3","pushedAt":"2024-05-03T21:24:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump tqdm from 4.65.0 to 4.66.3 in /src/datagen/pii/privy\n\nBumps [tqdm](https://github.com/tqdm/tqdm) from 4.65.0 to 4.66.3.\n- [Release notes](https://github.com/tqdm/tqdm/releases)\n- [Commits](https://github.com/tqdm/tqdm/compare/v4.65.0...v4.66.3)\n\n---\nupdated-dependencies:\n- dependency-name: tqdm\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump tqdm from 4.65.0 to 4.66.3 in /src/datagen/pii/privy"}},{"before":"1a209c9d7eefbac01fa3adab0d19d912722b6367","after":"e61fc4ccad0f9b8c0325a72c29354ba1fad26ab2","ref":"refs/heads/gh-pages","pushedAt":"2024-05-03T20:35:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"Update artifact manifest\n\nSigned-off-by: pixie-io-buildbot ","shortMessageHtmlLink":"Update artifact manifest"}},{"before":"a5928c88ebb52e14bf91f01662f33e3d48397054","after":"1a209c9d7eefbac01fa3adab0d19d912722b6367","ref":"refs/heads/gh-pages","pushedAt":"2024-05-01T20:47:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"Update artifact manifest\n\nSigned-off-by: pixie-io-buildbot ","shortMessageHtmlLink":"Update artifact manifest"}},{"before":"c399d123744b9d3dcf953c4e9daf050261d8eedb","after":"f30a32ef110402ea468fe75beba55227144a809e","ref":"refs/heads/main","pushedAt":"2024-05-01T18:03:19.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Make sure altstack_size_ is a multiple of the system page size (#1883)\n\nSummary: This PR modifies the logic that sets the value of\r\n`altstack_size_`. When deploying Pixie on a 7th gen AMI running bottle\r\nrocket, the value of `altstack_size_` was set to `MINSIGSTKSZ`. This\r\nvalue was 39616 and was not a multiple of the system page size.\r\n\r\nIn this [line of\r\ncode](https://github.com/pixie-io/pixie/blob/0888c38df2dc414a36cc84198c7b159c39eea0e0/src/common/signal/signal_action.cc#L149)\r\n`mprotect` was then applied on a non page aligned region since its\r\naddress was set as `altstack_ + guard_size_ + altstack_size_` leading to\r\nan error. This region in `altstack_` was also not the tailing\r\n`guard_size_` area as\r\n[mmap](https://github.com/pixie-io/pixie/blob/0888c38df2dc414a36cc84198c7b159c39eea0e0/src/common/signal/signal_action.cc#L145)\r\nwould have added extra bytes to `altstack_` in order to page align it.\r\n\r\nAs per the docs, the address passed to `mprotect` needs to be aligned to\r\na page boundary. The function in this PR makes sure that the value of\r\n`altstack_size_` is a multiple of the page size so that the address\r\ncalculated/passed to `mprotect` is aligned to a page boundary and that\r\nit protects the tailing `guard_size_` region of `altstack_`\r\n\r\nRelevant Issues: Fixes #1882\r\n\r\nType of change: /kind bug\r\n\r\nTest Plan: Skaffolded pixie on EKS clusters with m7i.large, r7i.large\r\ninstances and on a GKE cluster with e2-standard-4 nodes and saw the PEM\r\nstart up\r\n\r\n---------\r\n\r\nSigned-off-by: Kartik Pattaswamy ","shortMessageHtmlLink":"Make sure altstack_size_ is a multiple of the system page size (#1883)"}},{"before":"4c209334c92198a437a82d6b2e4044bfdbcdacec","after":"c399d123744b9d3dcf953c4e9daf050261d8eedb","ref":"refs/heads/main","pushedAt":"2024-05-01T18:02:59.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Optimize TCP Stats Connector (#1884)\n\nSummary: Makes a couple of optimizations to the TCP stats connector. In\r\nparticular, we pass by reference instead of copy in\r\n`TCPStats::UpdateStats` and simplify the cleanup logic in\r\n`TransferDataImpl`.\r\n\r\nRelevant Issues: N/A\r\n\r\nType of change: /kind bug\r\n\r\nTest Plan: Bpf test works. Ran heap profiler and observed fewer\r\nallocations.\r\n\r\nOne remaining mystery is a single 384Mb allocation that seems to always\r\narise in the heap profile for `AcceptTcpEvent`. Even commenting out the\r\nbody of the function does not change this. Originally thought this might\r\nbe related to the `BPF_HASH(sock_store, uint32_t, struct sock*,\r\n10240);`, but changing its size had no affect on the allocation.\r\n\r\n\r\n![image](https://github.com/pixie-io/pixie/assets/47846691/015772c5-91dc-4c3b-be39-e9cef8be7c49)\r\n\r\n---------\r\n\r\nSigned-off-by: Benjamin Kilimnik ","shortMessageHtmlLink":"Optimize TCP Stats Connector (#1884)"}},{"before":"0888c38df2dc414a36cc84198c7b159c39eea0e0","after":"4c209334c92198a437a82d6b2e4044bfdbcdacec","ref":"refs/heads/main","pushedAt":"2024-05-01T16:57:44.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Ensure a hermetic python install is used for `pip_parse` and upgrade `rules_python` (#1886)\n\nSummary: Ensure a hermetic python install is used for `pip_parse` and\r\nupgrade `rules_python`\r\n\r\nThis is prerequisite work for migrating our docker dev image to Ubuntu\r\n24.04 (#1885). In that PR, I've been running builds from within the\r\ncontainers built via packer to verify the upgrade is successful. This\r\nchange is required to address the following issues:\r\n* The `pip_parse` for `ubuntu_package_deps` comes before the hermetic\r\npython definition. This results in a `ModuleNotFoundError` error without\r\nthe `rules_python` upgrade (since python 3.12, shipped with 24.04,\r\n[removed disutils](https://peps.python.org/pep-0632/)).\r\n* The remaining `pip_parse` calls fail when run within a 24.04 container\r\nsince it causes python to upgrade to 3.12.\r\n\r\nNote: `rules_python` 0.26.0 is the latest version we can easily upgrade\r\nto. The next release has issues with our current version of\r\n`rules_docker`. Since `rules_docker` is deprecated and we are at the\r\nlatest version, upgrading beyond 0.26.0 seemed like it would be a more\r\nsignificant change.\r\n\r\nRelevant Issues: N/A\r\n\r\nType of change: /kind dependencies\r\n\r\nTest Plan: CI build should pass and running builds in containers from\r\n#1885 succeed\r\n\r\n---------\r\n\r\nSigned-off-by: Dom Delnano ","shortMessageHtmlLink":"Ensure a hermetic python install is used for pip_parse and upgrade …"}},{"before":null,"after":"313dce023552c56398e17caaa7549724e3ec9763","ref":"refs/heads/dependabot/pip/src/datagen/pii/privy/pydantic-1.10.13","pushedAt":"2024-04-25T05:54:53.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump pydantic from 1.10.9 to 1.10.13 in /src/datagen/pii/privy\n\nBumps [pydantic](https://github.com/pydantic/pydantic) from 1.10.9 to 1.10.13.\n- [Release notes](https://github.com/pydantic/pydantic/releases)\n- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)\n- [Commits](https://github.com/pydantic/pydantic/compare/v1.10.9...v1.10.13)\n\n---\nupdated-dependencies:\n- dependency-name: pydantic\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump pydantic from 1.10.9 to 1.10.13 in /src/datagen/pii/privy"}},{"before":"4b2dfbfff683a932ee81a059d9787bec7a8f14fc","after":"1bb738a997fb76e9246438f14160a9e2c405f1e2","ref":"refs/heads/dependabot/pip/src/stirling/source_connectors/socket_tracer/testing/containers/mongodb/pymongo-4.6.3","pushedAt":"2024-04-24T17:29:50.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump pymongo\n\nBumps [pymongo](https://github.com/mongodb/mongo-python-driver) from 4.5.0 to 4.6.3.\n- [Release notes](https://github.com/mongodb/mongo-python-driver/releases)\n- [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst)\n- [Commits](https://github.com/mongodb/mongo-python-driver/compare/4.5.0...4.6.3)\n\n---\nupdated-dependencies:\n- dependency-name: pymongo\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump pymongo"}},{"before":"fa60fb88292c4a9228f616e4ffae3f23f4e6f5b1","after":null,"ref":"refs/heads/dependabot/pip/src/stirling/source_connectors/socket_tracer/testing/containers/mongodb/dnspython-2.6.1","pushedAt":"2024-04-24T17:27:33.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"}},{"before":"e5605b9078fbd3705c0902ebdc998de1f60c066f","after":"0888c38df2dc414a36cc84198c7b159c39eea0e0","ref":"refs/heads/main","pushedAt":"2024-04-24T17:27:32.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Bump dnspython from 2.4.2 to 2.6.1 in /src/stirling/source_connectors/socket_tracer/testing/containers/mongodb (#1874)\n\nBumps [dnspython](https://github.com/rthalley/dnspython) from 2.4.2 to\r\n2.6.1.\r\n
\r\nRelease notes\r\n

Sourced from dnspython's\r\nreleases.

\r\n
\r\n

dnspython 2.6.1

\r\n

See What's\r\nNew for details.

\r\n

This is a bug fix release for 2.6.0 where the "TuDoor" fix\r\nerroneously\r\nsuppressed legitimate Truncated exceptions. This caused the stub\r\nresolver to timeout instead of failing over to TCP when a legitimate\r\ntruncated response was received over UDP.

\r\n

This release addresses the potential DoS issue discussed in the\r\n"TuDoor" paper (CVE-2023-29483). The dnspython stub resolver\r\nis\r\nvulnerable to a potential DoS if a bad-in-some-way response from the\r\nright address and port forged by an attacker arrives before a\r\nlegitimate one on the UDP port dnspython is using for that query. In\r\nthis situation, dnspython might switch to querying another resolver or\r\ngive up entirely, possibly denying service for that resolution. This\r\nrelease addresses the issue by adopting the recommended mitigation,\r\nwhich is ignoring the bad packets and continuing to listen for a\r\nlegitimate response until the timeout for the query has expired.

\r\n

Thank you to all the contributors to this release, and, as usual,\r\nthanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian\r\nWellington.

\r\n

dnspython 2.6.0

\r\n

See What's\r\nNew for details.

\r\n

This release addresses the potential DoS issue discussed in the\r\n"TuDoor" paper (CVE-2023-29483). The dnspython stub resolver\r\nis vulnerable to a potential DoS if a bad-in-some-way response from the\r\nright address and port forged by an attacker arrives before a legitimate\r\none on the UDP port dnspython is using for that query. In this\r\nsituation, dnspython might switch to querying another resolver or give\r\nup entirely, possibly denying service for that resolution. This release\r\naddresses the issue by adopting the recommended mitigation, which is\r\nignoring the bad packets and continuing to listen for a legitimate\r\nresponse until the timeout for the query has expired.

\r\n

Thank you to all the contributors to this release, and, as usual,\r\nthanks to my co-maintainers: Tomáš Křížek, Petr Špaček, and Brian\r\nWellington.

\r\n

dnspython 2.5.0

\r\n

See the What's\r\nNew page for a summary of this release.

\r\n

Thanks to all the contributors, and, as usual, thanks to my\r\nco-maintainers: Tomáš Křížek, Petr Špaček, and Brian Wellington.

\r\n
\r\n
\r\n
\r\nChangelog\r\n

Sourced from dnspython's\r\nchangelog.

\r\n
\r\n

2.6.1

\r\n
    \r\n
  • The Tudoor fix ate legitimate Truncated exceptions, preventing the\r\nresolver from\r\nfailing over to TCP and causing the query to timeout #1053.
    • \r\n
\r\n

2.6.0

\r\n
    \r\n
  • \r\n

    As mentioned in the "TuDoor" paper and the associated\r\nCVE-2023-29483, the dnspython\r\nstub resolver is vulnerable to a potential DoS if a bad-in-some-way\r\nresponse from the\r\nright address and port forged by an attacker arrives before a legitimate\r\none on the\r\nUDP port dnspython is using for that query.

    \r\n

    This release addresses the issue by adopting the recommended\r\nmitigation, which is\r\nignoring the bad packets and continuing to listen for a legitimate\r\nresponse until\r\nthe timeout for the query has expired.

    \r\n
    • \r\n
  • \r\n

    Added support for the NSID EDNS option.

    \r\n
    • \r\n
  • \r\n

    Dnspython now looks for version metadata for optional packages and\r\nwill not\r\nuse them if they are too old. This prevents possible exceptions when a\r\nfeature like DoH is not desired in dnspython, but an old httpx is\r\ninstalled\r\nalong with dnspython for some other purpose.

    \r\n
    • \r\n
  • \r\n

    The DoHNameserver class now allows GET to be used instead of the\r\ndefault POST,\r\nand also passes source and source_port correctly to the underlying query\r\nmethods.

    \r\n
    • \r\n
\r\n

2.5.0

\r\n
    \r\n
  • \r\n

    Dnspython now uses hatchling for builds.

    \r\n
    • \r\n
  • \r\n

    Asynchronous destinationless sockets now work on Windows.

    \r\n
    • \r\n
  • \r\n

    Cython is no longer supported due to various typing issues.

    \r\n
    • \r\n
  • \r\n

    Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses.\r\nPreviously it was possible for non-canonical IPv6 forms to be stored\r\nin a AAAA address, which would work correctly but possibly cause\r\nproblmes if the address were used as a key in a dictionary.

    \r\n
    • \r\n
  • \r\n

    The number of messages in a section can be retrieved with\r\nsection_count().

    \r\n
    • \r\n
  • \r\n

    Truncation preferences for messages can be specified.

    \r\n
    • \r\n
  • \r\n

    The length of a message can be automatically prepended when\r\nrendering.

    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • 0a742b9\r\nupdate CI
    • \r\n
  • 0ea5ad0\r\nThe Tudoor fix should not eat valid Truncated exceptions #1053\r\n(#1054)
    • \r\n
  • f12d398\r\n2.6.1 version prep
    • \r\n
  • cecb853\r\nFurther improve CVE fix coverage to 100% for sync and async.
    • \r\n
  • 7952e31\r\ntest IgnoreErrors
    • \r\n
  • e093299\r\nFor the Tudoor fix, we also need the UDP nameserver to\r\nignore_unexpected.
    • \r\n
  • 3af9f78\r\n2.6.0 versioning
    • \r\n
  • ca63d95\r\nRequire cryptography >=41 instead of 42.
    • \r\n
  • 902cbf3\r\nCreate CODE_OF_CONDUCT.md
    • \r\n
  • ed9795f\r\ngithub contributing and pull request template
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dnspython&package-manager=pip&previous-version=2.4.2&new-version=2.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/pixie-io/pixie/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump dnspython from 2.4.2 to 2.6.1 in /src/stirling/source_connectors…"}},{"before":"48d20c7271dce3daeb6356d115229f37ec5dd27a","after":"e5605b9078fbd3705c0902ebdc998de1f60c066f","ref":"refs/heads/main","pushedAt":"2024-04-24T17:12:48.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"[Mongo] Clear the streamID from the request/response maps after stitching (#1878)\n\nSummary: This PR modifies mongo's stitcher logic to clear streamID’s\r\nfrom request/response maps once all frames of a streamID have been\r\nconsumed. We observed high CPU use allocated to `FramesSize()` &\r\n`EraseExpiredFrames()`, this was due to the size of the maps increasing\r\nwith new streamIDs and having to continuously loop over those growing\r\nmaps to cleanup. Clearing the streamID's from the maps after stitching\r\nsignificantly reduces the CPU allocated to the cleanup logic for mongo,\r\nthe exact details for mongo's streamID reuse needs to be determined to\r\nfurther adapt the stitcher logic.\r\n\r\nType of change: /kind bug\r\n\r\nTest Plan: Existing tests still pass, ran the px-mongo demo and observed\r\nlower CPU allocated to mongo in the PEM through flamegraph.\r\n\r\n---------\r\n\r\nSigned-off-by: Kartik Pattaswamy ","shortMessageHtmlLink":"[Mongo] Clear the streamID from the request/response maps after stitc…"}},{"before":null,"after":"8f3e98d189124366b8a9a44968940836ca5d4a36","ref":"refs/heads/dependabot/go_modules/golang.org/x/net-0.23.0","pushedAt":"2024-04-19T12:28:07.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump golang.org/x/net from 0.17.0 to 0.23.0\n\nBumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.\n- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0)\n\n---\nupdated-dependencies:\n- dependency-name: golang.org/x/net\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump golang.org/x/net from 0.17.0 to 0.23.0"}},{"before":"7306b8b5700f8486da54adc5e75c026f089bc1aa","after":null,"ref":"refs/heads/dependabot/pip/src/datagen/pii/privy/aiohttp-3.9.2","pushedAt":"2024-04-18T15:40:29.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"2ecd7f96eb18d4009d9bf2eb476e2325d7a2700d","ref":"refs/heads/dependabot/pip/src/datagen/pii/privy/aiohttp-3.9.4","pushedAt":"2024-04-18T15:40:24.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump aiohttp from 3.9.0 to 3.9.4 in /src/datagen/pii/privy\n\nBumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.9.0 to 3.9.4.\n- [Release notes](https://github.com/aio-libs/aiohttp/releases)\n- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)\n- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.9.0...v3.9.4)\n\n---\nupdated-dependencies:\n- dependency-name: aiohttp\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump aiohttp from 3.9.0 to 3.9.4 in /src/datagen/pii/privy"}},{"before":null,"after":"fa60fb88292c4a9228f616e4ffae3f23f4e6f5b1","ref":"refs/heads/dependabot/pip/src/stirling/source_connectors/socket_tracer/testing/containers/mongodb/dnspython-2.6.1","pushedAt":"2024-04-12T22:14:40.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump dnspython\n\nBumps [dnspython](https://github.com/rthalley/dnspython) from 2.4.2 to 2.6.1.\n- [Release notes](https://github.com/rthalley/dnspython/releases)\n- [Changelog](https://github.com/rthalley/dnspython/blob/main/doc/whatsnew.rst)\n- [Commits](https://github.com/rthalley/dnspython/compare/v2.4.2...v2.6.1)\n\n---\nupdated-dependencies:\n- dependency-name: dnspython\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump dnspython"}},{"before":"c8bd2143035a3e095e2d38371ccc0f05cbdeb065","after":"48d20c7271dce3daeb6356d115229f37ec5dd27a","ref":"refs/heads/main","pushedAt":"2024-04-12T16:00:59.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"aimichelle","name":"Michelle Nguyen","path":"/aimichelle","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1484035?s=80&v=4"},"commit":{"message":"Update GOVERNANCE.md (#1872)\n\nSummary: As mentioned in our previous governance docs, we are moving\r\naway from the BDFL model. This new document outlines the changes to our\r\ngovernance. We still want to maintain a governance board to make\r\nhigh-level decisions for the direction of the project, but would like to\r\nput a focus on the maintainers of the project for other governance\r\ndecisions.\r\n\r\nRelevant Issues: N/A\r\n\r\nType of change: /kind documentation\r\n\r\nTest Plan: N/A\r\n\r\nSigned-off-by: Michelle Nguyen ","shortMessageHtmlLink":"Update GOVERNANCE.md (#1872)"}},{"before":null,"after":"788699ccc4eb8aa0b343f10628266fc683263703","ref":"refs/heads/dependabot/pip/src/datagen/pii/privy/idna-3.7","pushedAt":"2024-04-12T02:41:32.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump idna from 3.4 to 3.7 in /src/datagen/pii/privy\n\nBumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7.\n- [Release notes](https://github.com/kjd/idna/releases)\n- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)\n- [Commits](https://github.com/kjd/idna/compare/v3.4...v3.7)\n\n---\nupdated-dependencies:\n- dependency-name: idna\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump idna from 3.4 to 3.7 in /src/datagen/pii/privy"}},{"before":null,"after":"c9afb6f1e801358689980aa067cd125e4313227e","ref":"refs/heads/dependabot/npm_and_yarn/src/ui/tar-6.2.1","pushedAt":"2024-04-10T19:45:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump tar from 6.1.11 to 6.2.1 in /src/ui\n\nBumps [tar](https://github.com/isaacs/node-tar) from 6.1.11 to 6.2.1.\n- [Release notes](https://github.com/isaacs/node-tar/releases)\n- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/isaacs/node-tar/compare/v6.1.11...v6.2.1)\n\n---\nupdated-dependencies:\n- dependency-name: tar\n dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump tar from 6.1.11 to 6.2.1 in /src/ui"}},{"before":null,"after":"4b2dfbfff683a932ee81a059d9787bec7a8f14fc","ref":"refs/heads/dependabot/pip/src/stirling/source_connectors/socket_tracer/testing/containers/mongodb/pymongo-4.6.3","pushedAt":"2024-04-08T16:32:50.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Bump pymongo\n\nBumps [pymongo](https://github.com/mongodb/mongo-python-driver) from 4.5.0 to 4.6.3.\n- [Release notes](https://github.com/mongodb/mongo-python-driver/releases)\n- [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst)\n- [Commits](https://github.com/mongodb/mongo-python-driver/compare/4.5.0...4.6.3)\n\n---\nupdated-dependencies:\n- dependency-name: pymongo\n dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"Bump pymongo"}},{"before":"d9d4a49f63e6ee0c0b67a43e2372ab35d5940284","after":"c8bd2143035a3e095e2d38371ccc0f05cbdeb065","ref":"refs/heads/main","pushedAt":"2024-04-04T03:55:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"vihangm","name":"Vihang Mehta","path":"/vihangm","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1444638?s=80&v=4"},"commit":{"message":"Add encrypted field to all protocol data tables (#1866)\n\nSummary: Add encrypted field to all protocol data tables\r\n\r\nThe goal of this column is to ease the ability of identifying\r\nconnections that are plaintext that are ingressing from or egressing to\r\nthe Internet.\r\n\r\nRelevant Issues: #1865\r\n\r\nType of change: /kind feature\r\n\r\nTest Plan: Additional test logic verifies new behavior\r\n\r\nChangelog Message: Add `encrypted` boolean field to all protocol/L7 data\r\ntables\r\n\r\nSigned-off-by: Alma Pixie ","shortMessageHtmlLink":"Add encrypted field to all protocol data tables (#1866)"}},{"before":"cf88e332875094fdf4cc423f582c23c1fe957729","after":"d9d4a49f63e6ee0c0b67a43e2372ab35d5940284","ref":"refs/heads/main","pushedAt":"2024-04-04T00:47:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ddelnano","name":"Dom Delnano","path":"/ddelnano","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5855593?s=80&v=4"},"commit":{"message":"Decode http request bodies that contain x-www-form-urlencoded data (#1860)\n\nSummary: Decode http request bodies that contain x-www-form-urlencoded\r\ndata\r\n\r\nThis change enhances the request body in a `http_events` protocol trace\r\nfor services that accept HTML form submissions.\r\n\r\nRelevant Issues: N/A\r\n\r\nType of change: /kind feature\r\n\r\nTest Plan: New unit tests and trace bpf test verify decoding works\r\n\r\nChangelog Message: Decode `x-www-form-urlencoded` payloads within HTTP\r\nrequests\r\n\r\n---------\r\n\r\nSigned-off-by: Alma Pixie ","shortMessageHtmlLink":"Decode http request bodies that contain x-www-form-urlencoded data (#…"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAERTguIgA","startCursor":null,"endCursor":null}},"title":"Activity · pixie-io/pixie"}