podinfo

mirror of https://github.com/stefanprodan/podinfo.git synced 2026-05-23 01:42:45 +00:00

Author	SHA1	Message	Date
Stefan Prodan	466cd65931	Unify docker build Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-05-20 12:27:19 +03:00
Stefan Prodan	b642d28e57	Drop support for linux/arm/v7 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-05-20 11:39:41 +03:00
Stefan Prodan	f2c02b6ade	Update Redis to 8.6.3 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-05-20 11:36:45 +03:00
Stefan Prodan	fc9a372e3d	Merge pull request #486 from stefanprodan/test-http-api Improve test coverage of the HTTP API	2026-05-20 11:18:59 +03:00
Stefan Prodan	2ca58cf0a4	Migrate JWT to registered claims Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-05-20 11:11:58 +03:00
Stefan Prodan	4920afdafb	Improve test coverage of the HTTP API Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-05-20 11:07:35 +03:00
Stefan Prodan	5799a248d8	Merge pull request #485 from stefanprodan/refactor-headers Refactor response header settings	2026-05-20 10:57:56 +03:00
Stefan Prodan	7d8e7005b1	Refactor response header settings Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-05-20 10:50:31 +03:00
Stefan Prodan	473f808b28	Merge pull request #483 from stefanprodan/flux-schema ci: Validate manifests with Flux Schema CLI	2026-05-20 10:30:26 +03:00
Stefan Prodan	720a592d93	ci: Validate manifests with Flux Schema CLI Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-05-20 10:26:14 +03:00
Stefan Prodan	ceabb6441a	Merge pull request #481 from stefanprodan/update-deps Update dependencies	2026-05-20 10:05:12 +03:00
Stefan Prodan	0f43c95ba9	Add SLSA badge Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-05-20 09:38:32 +03:00
Stefan Prodan	7ea88003c6	Update release workflow actions Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-05-20 09:37:59 +03:00
Stefan Prodan	448199b45a	Update dependencies Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-05-20 09:25:33 +03:00
Stefan Prodan	cbebb20fd4	Merge pull request #480 from Niccolo10/fix/cve-2026-43644-echo-content-type fix: set Content-Type to prevent MIME-sniff XSS (CVE-2026-43644)	2026-05-19 14:13:37 +03:00
Niccolò Parlanti	6210e0a920	test(echo): assert nosniff Content-Type on echo direct-response Regression test for CVE-2026-43644, mirroring the TestStoreReadHandler_ContentType test added in #463. Verifies the echoHandler direct-response branch returns application/octet-stream, X-Content-Type-Options: nosniff, and a restrictive CSP so an HTML payload cannot be MIME-sniffed and executed. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-16 23:47:28 +02:00
Niccolò Parlanti	b65271f0d9	fix(echo): set Content-Type to prevent MIME-sniff XSS (CVE-2026-43644) Use tab indentation to match gofmt. Signed-off-by: Niccolò Parlanti <54103711+Niccolo10@users.noreply.github.com>	2026-05-15 12:51:00 +02:00
Stefan Prodan	9f4969c2c8	Merge pull request #475 from tiesmaster/472/wire-up-priorityClassName chart: Add support for setting the priorityClassName	2026-04-23 10:11:47 +03:00
Thijs Brobbel	e2d2b1ca4f	feat: add support for setting the priorityClassName	2026-04-22 21:48:22 +02:00
Stefan Prodan	aa59f2af65	Merge pull request #471 from stefanprodan/dependabot/github_actions/actions-cb5fd4910d build(deps): bump docker/login-action from 4.0.0 to 4.1.0 in the actions group	2026-04-09 20:42:00 +03:00
Stefan Prodan	c4a4ec078b	Merge pull request #473 from stefanprodan/dependabot/go_modules/go.opentelemetry.io/otel/sdk-1.43.0 build(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0	2026-04-09 20:41:33 +03:00
dependabot[bot]	7aab5f8352	build(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.40.0 to 1.43.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.40.0...v1.43.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.43.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-08 21:49:30 +00:00
dependabot[bot]	660697000a	build(deps): bump docker/login-action in the actions group Bumps the actions group with 1 update: [docker/login-action](https://github.com/docker/login-action). Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](`b45d80f862...4907a6ddec`) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-06 06:46:02 +00:00
Stefan Prodan	b501abd1f0	Merge pull request #470 from stefanprodan/release-6.11.2 Release 6.11.2 6.11.2	2026-03-31 22:52:14 +03:00
Stefan Prodan	e0a79a4ddd	Release 6.11.2 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-31 22:47:19 +03:00
Stefan Prodan	be8baac695	Merge pull request #468 from stefanprodan/dependabot/github_actions/actions-6b017b3799 build(deps): bump the actions group across 1 directory with 4 updates	2026-03-31 22:36:36 +03:00
dependabot[bot]	f539517440	build(deps): bump the actions group across 1 directory with 4 updates Bumps the actions group with 4 updates in the / directory: [azure/setup-helm](https://github.com/azure/setup-helm), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer), [fluxcd/flux2](https://github.com/fluxcd/flux2) and [azure/setup-kubectl](https://github.com/azure/setup-kubectl). Updates `azure/setup-helm` from 4 to 5 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/v4...v5) Updates `sigstore/cosign-installer` from 4.0.0 to 4.1.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.1) Updates `fluxcd/flux2` from 2.8.1 to 2.8.3 - [Release notes](https://github.com/fluxcd/flux2/releases) - [Commits](https://github.com/fluxcd/flux2/compare/v2.8.1...v2.8.3) Updates `azure/setup-kubectl` from 4 to 5 - [Release notes](https://github.com/azure/setup-kubectl/releases) - [Changelog](https://github.com/Azure/setup-kubectl/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-kubectl/compare/v4...v5) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: sigstore/cosign-installer dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: fluxcd/flux2 dependency-version: 2.8.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: azure/setup-kubectl dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-31 19:32:43 +00:00
Stefan Prodan	01219a196e	Merge pull request #469 from stefanprodan/pin-actions ci: Pin actions and enable release attentions	2026-03-31 22:30:33 +03:00
Stefan Prodan	b9acae4064	ci: Pin actions and enable release attentions Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-31 22:27:07 +03:00
Stefan Prodan	64a8da1836	Merge pull request #467 from stefanprodan/dependabot/go_modules/google.golang.org/grpc-1.79.3 build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3	2026-03-31 19:08:11 +03:00
dependabot[bot]	420d0db8bf	build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.1 to 1.79.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.79.1...v1.79.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-19 02:41:57 +00:00
Stefan Prodan	6b67f2bdd6	Merge pull request #454 from hansbogert/master feat: add otlp logging support	2026-03-17 09:22:56 +02:00
Hans van den Bogert	095b1cd251	feat: add otlp logging support - Adds a loggerprovider based on otlp logger - In demo directory of oltp: - Added grafana for unified view of both traces and logs - tracing now uses oltp from the collector to the jaeger instance Signed-off-by: Hans van den Bogert <hansbogert@gmail.com>	2026-03-14 22:38:14 +01:00
Stefan Prodan	0a27dbe40c	Merge pull request #465 from stefanprodan/release-6.11.1 Release 6.11.1 6.11.1	2026-03-14 15:27:35 +02:00
Stefan Prodan	2da74a4ec2	Release 6.11.1 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-14 15:18:19 +02:00
Stefan Prodan	c7ffdba3bd	Merge pull request #461 from stefanprodan/dependabot/github_actions/actions-1590fac0fc build(deps): bump the actions group with 5 updates	2026-03-14 15:10:39 +02:00
Stefan Prodan	06f7cd3777	Merge pull request #464 from stefanprodan/fix-store-path-traversal Fix path traversal in `/store` endpoint	2026-03-14 15:08:52 +02:00
Stefan Prodan	620b9b7e2c	Fix path traversal in /store endpoint Validate that the hash URL parameter matches the expected SHA1 hex format (40 lowercase hex characters) before using it in file path operations. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-14 15:02:25 +02:00
Stefan Prodan	83deb7fcb7	Merge pull request #463 from stefanprodan/fix-CVE-2025-70849 Fix XSS in `/store` endpoint (CVE-2025-70849)	2026-03-14 14:58:53 +02:00
Stefan Prodan	550ee9f7b9	Fix stored XSS in /store endpoint (CVE-2025-70849) Set Content-Type to application/octet-stream in storeReadHandler to prevent Go's content sniffing from serving HTML payloads as text/html. Add X-Content-Type-Options: nosniff to prevent browsers from overriding Content-Type via MIME sniffing, and Content-Security-Policy: default-src 'none' to block script execution as defense-in-depth. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-14 14:40:55 +02:00
dependabot[bot]	dd185df435	build(deps): bump the actions group with 5 updates Bumps the actions group with 5 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) \| `3` \| `4` \| \| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) \| `3` \| `4` \| \| [docker/login-action](https://github.com/docker/login-action) \| `3` \| `4` \| \| [docker/metadata-action](https://github.com/docker/metadata-action) \| `5` \| `6` \| \| [docker/build-push-action](https://github.com/docker/build-push-action) \| `6` \| `7` \| Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v3...v4) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) Updates `docker/metadata-action` from 5 to 6 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5...v6) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-09 06:46:46 +00:00
Stefan Prodan	07a524ba01	Merge pull request #460 from stefanprodan/release-6.11.0 Release 6.11.0 6.11.0	2026-03-06 19:50:57 +00:00
Stefan Prodan	5d97df9c89	Release 6.11.0 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-06 21:43:50 +02:00
Stefan Prodan	a8cadef09b	Merge pull request #459 from stefanprodan/cosign-v3 Sign release artifacts with cosign v3	2026-03-06 19:32:20 +00:00
Stefan Prodan	32f6e3d8c9	Sign release artifacts with cosign v3 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-06 21:31:06 +02:00
Stefan Prodan	77dc46241d	Merge pull request #458 from matheuscscp/grpcroute Introduce GRPCRoute in the Helm chart	2026-03-06 19:23:43 +00:00
Matheus Pimenta	3a31e973c0	Introduce GRPCRoute in the Helm chart Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>	2026-03-06 03:44:28 +00:00
Stefan Prodan	e15511a92d	Merge pull request #456 from matheuscscp/check-grpc-tls Introduce `--tls` flag for command `check grpc`	2026-03-03 08:36:06 +02:00
Matheus Pimenta	4656ca0517	Introduce --tls flag for command check grpc Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>	2026-03-03 03:02:20 +00:00
Stefan Prodan	1f66430364	Merge pull request #455 from matheuscscp/ws-check Introduce podcli check ws command	2026-03-02 20:46:52 +02:00

1 2 3 4 5 ...

1152 Commits