a98d3b6355
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/charmcli/soft-serve](https://redirect.github.com/charmbracelet/soft-serve) | patch | `f4aa197` -> `c652482` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>charmbracelet/soft-serve (docker.io/charmcli/soft-serve)</summary> ### [`v0.11.3`](https://redirect.github.com/charmbracelet/soft-serve/releases/tag/v0.11.3) [Compare Source](https://redirect.github.com/charmbracelet/soft-serve/compare/v0.11.2...v0.11.3) This release patches a critical auth issue that allows any malicious actor to gain access as any user. Please upgrade ASAP! Credits goes to [@​juancabe](https://redirect.github.com/juancabe), so thank you so much for noticing and reporting this one 🙂 #### Changelog ##### New! - [`28c4854`](https://redirect.github.com/charmbracelet/soft-serve/commit/28c48548903dcbdf5d73438bce920af34bd66fae): feat: add support for certificate reloading upon SIGHUP ([#​710](https://redirect.github.com/charmbracelet/soft-serve/issues/710)) ([@​cheesyhypocrisy](https://redirect.github.com/cheesyhypocrisy)) ##### Fixed - [`8539f9a`](https://redirect.github.com/charmbracelet/soft-serve/commit/8539f9ad39918b67d612a35785a2b4326efc8741): fix: authentication bypass ([@​aymanbagabas](https://redirect.github.com/aymanbagabas)) *** <details> <summary>Verifying the artifacts</summary> First, download the [`checksums.txt` file](https://redirect.github.com/charmbracelet/soft-serve/releases/download/v0.11.3/checksums.txt) and the [`checksums.txt.sigstore.json` file](https://redirect.github.com/charmbracelet/soft-serve/releases/download/v0.11.3/checksums.txt.sigstore.json) files, for example, with `wget`: ```bash wget 'https://github.com/charmbracelet/soft-serve/releases/download/v0.11.3/checksums.txt' wget 'https://github.com/charmbracelet/soft-serve/releases/download/v0.11.3/checksums.txt.sigstore.json' ``` Then, verify it using [`cosign`](https://redirect.github.com/sigstore/cosign): ```bash cosign verify-blob \ --certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \ --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \ --bundle 'checksums.txt.sigstore.json' \ ./checksums.txt ``` If the output is `Verified OK`, you can safely use it to verify the checksums of other artifacts you downloaded from the release using `sha256sum`: ```bash sha256sum --ignore-missing -c checksums.txt ``` Done! You artifacts are now verified! </details> <a href="https://charm.land/"><img alt="The Charm logo" src="https://stuff.charm.sh/charm-banner-next.jpg" width="400"></a> Thoughts? Questions? We love hearing from you. Feel free to reach out on [X](https://x.com/charmcli), [Discord](https://charm.land/discord), [Slack](https://charm.land/slack), [The Fediverse](https://mastodon.social/@​charmcli), [Bluesky](https://bsky.app/profile/charm.land). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xNy4wIiwidXBkYXRlZEluVmVyIjoiNDIuMTcuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJhcHAvc29mdC1zZXJ2ZSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=-->
40 lines
770 B
YAML
40 lines
770 B
YAML
image:
|
|
repository: docker.io/charmcli/soft-serve
|
|
pullPolicy: IfNotPresent
|
|
tag: v0.11.3@sha256:c65248271a9546e2fba9478900dd6114154339aca132c72f495b853c6b1d71b2
|
|
softserve:
|
|
host: localhost
|
|
key_path: /.ssh/soft_serve_server_ed25519
|
|
init_admin_key: ""
|
|
service:
|
|
main:
|
|
ports:
|
|
main:
|
|
protocol: tcp
|
|
port: 23231
|
|
persistence:
|
|
config:
|
|
enabled: true
|
|
mountPath: /soft-serve
|
|
ssh:
|
|
enabled: true
|
|
mountPath: /.ssh
|
|
repos:
|
|
enabled: true
|
|
mountPath: /repos
|
|
|
|
securityContext:
|
|
container:
|
|
readOnlyRootFilesystem: false
|
|
runAsNonRoot: false
|
|
runAsGroup: 0
|
|
runAsUser: 0
|
|
workload:
|
|
main:
|
|
podSpec:
|
|
containers:
|
|
main:
|
|
envFrom:
|
|
- secretRef:
|
|
name: "env-secret"
|