fix(deps): update fabric8-kubernetes-client monorepo to v7.8.0#670
Open
renovate[bot] wants to merge 1 commit into
Open
fix(deps): update fabric8-kubernetes-client monorepo to v7.8.0#670renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
|
518283a to
f74bbb6
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



This PR contains the following updates:
7.6.1→7.8.07.6.1→7.8.07.6.1→7.8.0Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
fabric8io/kubernetes-client (io.fabric8:kubernetes-httpclient-okhttp)
v7.8.0Compare Source
Bugs
GET.JdkHttpClientImpl.requestBuilderonly calledHttpRequest.Builder.method(...)inside thebody != nullbranch, so a bodylessDELETE/POST/PUT/PATCH(such asclient.raw(uri, "DELETE", null)) was sent asGETon the JDK backend; the method is now set withBodyPublishers.noBody()when there is no body, matching the OkHttp, Jetty and Vert.x backendsSharedIndexInformer's periodic resync no longer stops permanently and silently when a single resync cycle throws.DefaultSharedIndexInformer.scheduleResyncruns the resync throughUtils.scheduleAtFixedRate, whose self-rescheduling chain re-arms the next cycle only when the previous one completes normally; an uncaught exception completed the (unobserved)resyncFutureexceptionally and the resync was never scheduled again, with no log, while the independent watch keptisWatching()reportingtrue(a restart was required to recover). The resync command now catches andWARN-logs the failure so the schedule fires again at the next intervalStandardHttpClient.shouldRetrybackoff loop (~19 s drain). The classifier walks bothgetCause()andgetSuppressed()trees forCertificateException,CertPathValidatorException,CertPathBuilderException, andSSLPeerUnverifiedException. Affects all five HTTP client modules (jdk, jetty, okhttp, vertx-4, vertx-5) on both the HTTP request and WebSocket connect pathsWatchEventsListenernow buffers outgoing watch events that are scheduled before Vert.x firesonOpenand replays them once the WebSocket is available, closing the open-side race where a CRUD operation landing betweenhandleWatchregistering the listener andonOpenpopulatingwebSocketRefscheduled a send that dereferenced a nullwebSocketRef; the resultingNullPointerExceptionwas silently swallowed by the executor and the event was dropped. Buffered events are replayed after the initial-syncADDEDs so ordering is preservedAbstractWatchManager.watchEnded()now emits aWatcherExceptionwhen a watch closes cleanly with no messages within 2 seconds, compensating for a GKE-specific behaviour onv1/eventswhere the GKFE proxy rejects a staleresourceVersionwith a bare WebSocket close (code 1000, no body) instead of{"type":"ERROR","code":410}, causing an indefinite reconnect loop with the same stale resourceVersionexec/attach/portForward/WebSocket-backed watches, and the CRD-establishment waits that depend on them) now trust the cluster certificate again. Vert.x 5.1 rewrote the WebSocket client to resolve TLS through a per-connectionClientSSLOptionsthat ignored the customSslContextFactorythe client used as its sole carrier of trust material, so WebSocket handshakes silently fell back to the default JVM trust store, failed PKIX validation, and hung to the client-side timeout (regular HTTPS request/response was unaffected). Both the HTTP and WebSocket clients are now configured uniformly with Vert.xTrustOptions/KeyCertOptionsderived from the supplied trust/key managersUtils.findFreePortnow records every port it hands out for the JVM's lifetime and skips any port already returned, eliminating the back-to-back duplicate-port window that surfaced as aJUnitExtensionOnMethodTest.simpleTest2flake — the probeServerSocketwas closed before the caller bound it, soEtcdProcess.startEtcd()andKubeAPIServerProcess.startApiServer()could draw the same port fromRandom.nextInt, etcd would win the bind, and apiserver would exit 1 withbind: address already in use, surfacing inProcessReadinessCheckerasConnection reset by peerWatchEventsListener.onClosingnow queues the server-sideWebSocket.close(...)on the listener's send executor instead of invoking it directly on the Vert.x event loop. This preserves FIFO ordering with any data frames already queued on that executor, so events scheduled before a client-initiated watch close (e.g. anADDED/DELETEDpair on a finalcreate/deletebeforewatch.close()) are delivered before the close frame instead of being silently dropped by writes against an already-closing socketInterruptedExceptionwithout preserving the interrupt status (S2142)Dispatchershutdown into two phases soMockDispatcheronly tears down per-sessionWebSocketSessionexecutors after the HTTP server has drained, removing the window where an in-flight upgrade'sonOpencould land on a shut-down executor.shutdown()still runs beforehttpServer.close()to unblock blocked dispatches (e.g.QueueDispatcher.take()); the newreleaseResources()runs after.WebSocketSession.send()additionally catchesRejectedExecutionExceptiondefensively so any residual shutdown race stays silent instead of bubbling as a Vert.xUnhandled exception.KubernetesMixedDispatchernow delegates both lifecycle hooks to its innerMockDispatcher, fixing a pre-existing leak where CRUD-mode WebSocket session executors were never shut downterminateOnError/ channel-3 exit-status completion —listener.onFailure(oronClose) fires exactly once, gated by a dedicated flag, instead of being silently swallowed when the deferred onError task observesexitCode.isDone()BaseOperation.informOnConditionnow stops the informer inline when the inner predicate completes the future, closing a CompletableFuturepostCompleterace where a waiter helping drain dependents could fireinformer.stopaftercf.completehad already triggered a spurious?watch=trueHTTP requestBaseClient.addToCloseablenow synchronizes on the internal closeable set rather than the caller-supplied parameter, so callers cannot break mutual exclusion by passing different references (sonar S2445)KUBERNETES_SUBDOMAIN_REGEXuses possessive quantifiers on the outer groups to block ReDoS-style backtracking on adversarial subdomain input; semantics still match the canonical RFC 1123 subdomain pattern (sonar S5998)Serialization.yamlMapperbuilds the mapper into a local before assigning to thevolatilefield, so concurrent readers can no longer observe a partially-initialized instance with modules not yet registered (sonar S3064)Files.deleteIfExistswith logging instead of swallowing theFile.delete()return value (sonar S899)OkHttpClientBuilderImplnow picks the firstX509TrustManagerfrom a multi-entryTrustManager[]rather than passingnullto OkHttp'ssslSocketFactoryand NPE'ing; user-suppliedsslContextis preserved for multi-CA setups (sonar S2637)OkHttpClientImpl.doCloseremoves dead null checks ondispatcherandconnectionPoolthat are guaranteed non-null by the OkHttp API (sonar S2583)Improvements
MockWebServer.dispatcherfield markedvolatileso asetDispatcher(...)call is reliably visible to the Vert.x request handler thread without further synchronization.MockWebServer.reset()Javadoc tightened to make its non-destructive contract explicit (no change to the running server, dispatcher, listeners, SSL/TLS state, port, or protocols)Dependency Upgrade
New Features
Vertx5HttpClientFactory/VertxHttpClientFactorynow exposesetTlsWarmup(TlsWarmup)with modesOFF,CONTEXT(default, unchanged) andFULL.FULLruns a synchronous, once-per-JVM, throwaway loopback TLS handshake off the event loop when the client is built, so the first real connection no longer blocks the event loop on the one-time JDK/Netty TLS class loading — for users on cold or hard-CPU-throttled JVMs hitting the first-connection block/timeout described in #7921. Default behavior is unchanged; see the FAQ for CDS and pod CPU-sizing guidance for hard-throttled podsNote: Breaking changes
v7.7.0Compare Source
Bugs
<,>, and&in CRD descriptions to produce valid JavadocImprovements
HasMetadata#isSameResourceto test whether two HasMetadata instances point to the same logical cluster resource, with an optional strict mode that also requires matching kind and resourceVersionMockWebServer#setHttp2ClearTextEnabled(boolean)setter to opt out of HTTP/2 cleartext (h2c) upgradeDependency Upgrade
New Features
subresource()methodNote: Breaking changes
scheduling.k8s.io/v1alpha1model classes removed (Workload,WorkloadList,WorkloadSpec,PodGroup,PodGroupPolicy,BasicSchedulingPolicy,GangSchedulingPolicy,TypedLocalObjectReference) — upstream rearchitected workload scheduling via KEP-5832io.fabric8.kubernetes.api.model.clusterapi.v1beta1toio.fabric8.kubernetes.api.model.clusterapi.core.v1beta1(following upstream cluster-api v1.11+ API reorganization)ObjectReferencerenamed toIssuerReference(following upstream rename in cert-manager v1.19.0)v1beta1.ReferenceGrantFrom,v1beta1.ReferenceGrantSpec, andv1beta1.ReferenceGrantToremoved (ReferenceGrant graduated to v1 upstream)internal.autoscaling.v1alpha1.PodScalableSpec.templatefield removed (upstream removed the field in autoscaling.internal.knative.dev v1alpha1)Patch.optionsfield type changed fromMap<String, Boolean>toPatchArgs(following upstream kustomize v0.21.0 PatchArgs API type addition)v1.AuthorizationValidationError,v1.OAuth2ValidationError,v1.ProbeTargetsValidationError, andv1.PrometheusTracingConfigremovedv1.ThanosSpec.grpcServerTlsConfigandv1.ThanosRulerSpec.grpcServerTlsConfigfield type changed fromTLSConfigto the newGRPCServerTLSConfig(following upstream prometheus-operator v0.91.0)operator.v1.WebhookConfigurationremoved (replaced byDefaultWebhookConfigurationandHostedWebhookConfigurationupstream)Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.