Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update crossplane dependencies #47

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 29, 2024

This PR contains the following updates:

Package Update Change
crossplane-contrib/function-patch-and-transform minor v0.4.0 -> v0.8.0
upbound/configuration-gcp-network minor v0.5.0 -> v0.6.0
upbound/provider-gcp patch v0.41.1 -> v0.41.4

Release Notes

crossplane-contrib/function-patch-and-transform (crossplane-contrib/function-patch-and-transform)

v0.8.0

Compare Source

What's Changed

New Contributors

Full Changelog: crossplane-contrib/function-patch-and-transform@v0.7.0...v0.8.0

v0.7.0

Compare Source

What's Changed

New Contributors

Full Changelog: crossplane-contrib/function-patch-and-transform@v0.6.0...v0.7.0

v0.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: crossplane-contrib/function-patch-and-transform@v0.5.0...v0.6.0

v0.5.0

Compare Source

Notable Changes

What's Changed

New Contributors

Full Changelog: crossplane-contrib/function-patch-and-transform@v0.4.0...v0.5.0

upbound/configuration-gcp-network (upbound/configuration-gcp-network)

v0.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: upbound/configuration-gcp-network@v0.5.0...v0.6.0

upbound/provider-gcp (upbound/provider-gcp)

v0.41.4

Compare Source

The release v0.41.4 introduces:

What's Changed

Full Changelog: crossplane-contrib/provider-upjet-gcp@v0.41.3...v0.41.4

v0.41.3

Compare Source

The release v0.41.3 sets a default io.Discard logger for the controller-runtime if debug logging is not enabled. If debug logging is enabled, then the controller-runtime uses a debug mode zap logger as usual.

What's Changed

Full Changelog: crossplane-contrib/provider-upjet-gcp@v0.41.2...v0.41.3

v0.41.2

Compare Source

The release v0.41.2 includes some important bug fixes and dependency bumps detailed below:

  • Bump crossplane-runtime to v1.15.1 along with various bug fixes.
  • Bump upjet to v1.1.1
  • There’s a fix in the implementation of the LateInitialize management policy in the context of the no-fork architecture. Previously, we were relying solely on the managed reconciler for preventing the late-initialization of the managed resources if the specified policies do not contain it. Now, we also explicitly skip the late-initialization in upjet to prevent some accidental updates to the spec.forProvider while, for example, updating the annotations.
  • Adds a more explanatory error message when immutable fields of a managed resource have changed.
What's Changed

Full Changelog: crossplane-contrib/provider-upjet-gcp@v0.41.1...v0.41.2


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the automated label Nov 29, 2024
@renovate renovate bot requested a review from a team as a code owner November 29, 2024 07:56
Copy link

upbound/configuration-gcp-database #47
Change Summary:

  • Provider dependency updates for GCP SQL and GCP Service Networking from v0.41.1 to v0.41.4
  • Update of function-patch-and-transform dependency from v0.4.0 to v0.7.0

Potential Vulnerability:

  • File: crossplane.yaml:22-24
  • Code: version: "v0.41.4"
  • Explanation: While not immediately vulnerable, version updates should be carefully reviewed to ensure there are no breaking changes in the provider APIs, especially when updating multiple related providers simultaneously (GCP SQL and Service Networking)

Code Smell:
No code smells identified in this change. The modifications are straightforward version updates in the dependency specification.

Debug Log:
No debug logs present in the changes.

Unintended Consequences:

  • File: crossplane.yaml:31

  • Code: version: "v0.7.0"

  • Explanation: The function-patch-and-transform update from v0.4.0 to v0.7.0 represents a significant version jump (3 minor versions). This could introduce breaking changes in function behavior that might affect existing configurations. The changelog should be carefully reviewed for any breaking changes.

  • File: crossplane.yaml:22-24

  • Code: version: "v0.41.4" version: "v0.41.4"

  • Explanation: Simultaneous updates of interdependent providers (GCP SQL and Service Networking) could lead to temporary inconsistencies during deployment if the providers have different deployment times or if one update fails while the other succeeds.

Risk Score: 6
The relatively high risk score is due to:

  1. The significant version jump in function-patch-and-transform
  2. Simultaneous updates of interdependent providers
  3. Potential for breaking changes across multiple components

@renovate renovate bot force-pushed the renovate/crossplane-dependencies branch from 6872fe3 to a91cf8f Compare December 2, 2024 14:09
@renovate renovate bot force-pushed the renovate/crossplane-dependencies branch from a91cf8f to 47d5bf9 Compare December 17, 2024 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants