{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":374745864,"defaultBranch":"master","name":"cilium","ownerLogin":"Mement-Mori","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2021-06-07T17:19:47.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/85512137?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1721853295.0","currentOid":""},"activityList":{"items":[{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"6d31205583de4c5986c80657e125493e47171c6c","ref":"refs/heads/snyk-fix-891c65790610f5533c01528a0a723deb","pushedAt":"2024-07-24T20:34:56.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: vendor/github.com/nxadm/tail/Dockerfile to reduce vulnerabilities\n\nThe following vulnerabilities are fixed with an upgrade:\n- https://snyk.io/vuln/SNYK-DEBIAN12-GIT-6846203\n- https://snyk.io/vuln/SNYK-DEBIAN12-GIT-6846203\n- https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963\n- https://snyk.io/vuln/SNYK-DEBIAN12-KRB5-7411314\n- https://snyk.io/vuln/SNYK-DEBIAN12-KRB5-7411315","shortMessageHtmlLink":"fix: vendor/github.com/nxadm/tail/Dockerfile to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-891c65790610f5533c01528a0a723deb","pushedAt":"2024-07-24T20:34:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"5b5e12959af065ac000e034a2d5b8ecfa37775f4","ref":"refs/heads/snyk-fix-aca573598d12121047eb055325efb464","pushedAt":"2024-07-15T16:56:09.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: Documentation/requirements.txt to reduce vulnerabilities\n\n\nThe following vulnerabilities are fixed by pinning transitive dependencies:\n- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482","shortMessageHtmlLink":"fix: Documentation/requirements.txt to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-aca573598d12121047eb055325efb464","pushedAt":"2024-07-15T16:56:08.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"29fffdec04df160dd35a8f2f6cbf39f766331a6b","ref":"refs/heads/snyk-fix-4d0fe8f4e65a5cd0655d7c1bb8562dfe","pushedAt":"2024-07-12T17:51:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: contrib/packaging/deb/Dockerfile to reduce vulnerabilities\n\nThe following vulnerabilities are fixed with an upgrade:\n- https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131\n- https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131\n- https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131\n- https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131\n- https://snyk.io/vuln/SNYK-UBUNTU1604-BASH-542609","shortMessageHtmlLink":"fix: contrib/packaging/deb/Dockerfile to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-4d0fe8f4e65a5cd0655d7c1bb8562dfe","pushedAt":"2024-07-12T17:51:46.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"41aaeb64f2958839f4eecabead9b9f9e4297161e","ref":"refs/heads/snyk-fix-96587cb48480f32d9353798422aca65a","pushedAt":"2024-07-10T22:00:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: contrib/packaging/deb/Dockerfile to reduce vulnerabilities\n\nThe following vulnerabilities are fixed with an upgrade:\n- https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131\n- https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131\n- https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131\n- https://snyk.io/vuln/SNYK-UBUNTU1604-SYSTEMD-1320131\n- https://snyk.io/vuln/SNYK-UBUNTU1604-BASH-542609","shortMessageHtmlLink":"fix: contrib/packaging/deb/Dockerfile to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-96587cb48480f32d9353798422aca65a","pushedAt":"2024-07-10T22:00:49.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"133bd38197baacc8777f2ae1e201dcc73d71a8d1","ref":"refs/heads/snyk-fix-27e8938eb68f976293c8e99164f5b867","pushedAt":"2024-07-04T04:03:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: vendor/github.com/nxadm/tail/Dockerfile to reduce vulnerabilities\n\nThe following vulnerabilities are fixed with an upgrade:\n- https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-3325304\n- https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-3325304\n- https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-3325304\n- https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-5853785\n- https://snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507","shortMessageHtmlLink":"fix: vendor/github.com/nxadm/tail/Dockerfile to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-27e8938eb68f976293c8e99164f5b867","pushedAt":"2024-07-04T04:03:01.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"9b6af946f934f46fe8f348228fdfb49a0a3b1cb6","ref":"refs/heads/snyk-fix-384abb4c64133b49eea60db84866b4af","pushedAt":"2024-07-03T03:13:39.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: vendor/github.com/nxadm/tail/Dockerfile to reduce vulnerabilities\n\nThe following vulnerabilities are fixed with an upgrade:\n- https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-3325304\n- https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-3325304\n- https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-3325304\n- https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-5853785\n- https://snyk.io/vuln/SNYK-DEBIAN12-PYTHON311-5853785","shortMessageHtmlLink":"fix: vendor/github.com/nxadm/tail/Dockerfile to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-384abb4c64133b49eea60db84866b4af","pushedAt":"2024-07-03T03:13:38.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"532c5d4bb1b02e37a247f03a68187918fd08bb1a","ref":"refs/heads/snyk-fix-280d45368a6886340ffaa3baf545acbc","pushedAt":"2024-06-18T17:30:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: Documentation/requirements.txt to reduce vulnerabilities\n\n\nThe following vulnerabilities are fixed by pinning transitive dependencies:\n- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-7267250","shortMessageHtmlLink":"fix: Documentation/requirements.txt to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-280d45368a6886340ffaa3baf545acbc","pushedAt":"2024-06-18T17:30:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"d10635b04795212c4554a7e389682928785d940f","ref":"refs/heads/snyk-fix-1ac44c72a29e72a090ff2dc2fa0da26d","pushedAt":"2024-06-09T03:58:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: Documentation/requirements.txt to reduce vulnerabilities\n\n\nThe following vulnerabilities are fixed by pinning transitive dependencies:\n- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217828","shortMessageHtmlLink":"fix: Documentation/requirements.txt to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-1ac44c72a29e72a090ff2dc2fa0da26d","pushedAt":"2024-06-09T03:58:10.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"f80c852ddcd81d8c6f0d3bc34196ecb11d11ced7","ref":"refs/heads/snyk-fix-865e7125ab53cce36517f49731b3435b","pushedAt":"2024-06-07T18:41:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: Documentation/requirements.txt to reduce vulnerabilities\n\n\nThe following vulnerabilities are fixed by pinning transitive dependencies:\n- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217828\n- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-7217829","shortMessageHtmlLink":"fix: Documentation/requirements.txt to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-865e7125ab53cce36517f49731b3435b","pushedAt":"2024-06-07T18:41:24.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"08b444448b03eb076a27d2430926db30fa0c920e","ref":"refs/heads/snyk-fix-328ec1aa901b7405b2f33ac8666be084","pushedAt":"2024-05-22T03:02:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: Documentation/requirements.txt to reduce vulnerabilities\n\n\nThe following vulnerabilities are fixed by pinning transitive dependencies:\n- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-6928867","shortMessageHtmlLink":"fix: Documentation/requirements.txt to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-328ec1aa901b7405b2f33ac8666be084","pushedAt":"2024-05-22T03:02:41.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"e6c9844136270c67421d38e6f14990e404967331","ref":"refs/heads/snyk-fix-3207e170b4fe1bdd051d83c7b300a7f3","pushedAt":"2024-05-07T22:29:55.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: Documentation/requirements.txt to reduce vulnerabilities\n\n\nThe following vulnerabilities are fixed by pinning transitive dependencies:\n- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379","shortMessageHtmlLink":"fix: Documentation/requirements.txt to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-3207e170b4fe1bdd051d83c7b300a7f3","pushedAt":"2024-05-07T22:29:54.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"523437e0cbec4bdc14854f8f1ebd8b40846a084d","ref":"refs/heads/snyk-fix-e576627120e7f57828acf2b3aee979e5","pushedAt":"2024-04-15T04:34:31.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: Documentation/requirements.txt to reduce vulnerabilities\n\n\nThe following vulnerabilities are fixed by pinning transitive dependencies:\n- https://snyk.io/vuln/SNYK-PYTHON-IDNA-6597975","shortMessageHtmlLink":"fix: Documentation/requirements.txt to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-e576627120e7f57828acf2b3aee979e5","pushedAt":"2024-04-15T04:34:31.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"c81e5697b722d1da5e871aa82cca3de24aed821f","ref":"refs/heads/snyk-fix-d38bffbeb190e1ee631c549c9825bfd7","pushedAt":"2024-02-02T15:33:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: vendor/github.com/nxadm/tail/Dockerfile to reduce vulnerabilities\n\nThe following vulnerabilities are fixed with an upgrade:\n- https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-6210098\n- https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-6210098\n- https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-6210098\n- https://snyk.io/vuln/SNYK-DEBIAN12-GLIBC-6210098\n- https://snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963","shortMessageHtmlLink":"fix: vendor/github.com/nxadm/tail/Dockerfile to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-d38bffbeb190e1ee631c549c9825bfd7","pushedAt":"2024-02-02T15:33:15.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"5d39a518939ea1822d5dad3daff4a570ed392e1d","ref":"refs/heads/snyk-fix-266cc4f67fba52d33845008790413aa8","pushedAt":"2024-01-12T06:14:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: Documentation/requirements.txt to reduce vulnerabilities\n\n\nThe following vulnerabilities are fixed by pinning transitive dependencies:\n- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717","shortMessageHtmlLink":"fix: Documentation/requirements.txt to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-266cc4f67fba52d33845008790413aa8","pushedAt":"2024-01-12T06:14:10.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}},{"before":"409b2e60f8340aa8e2a6749516611cc19b35ac25","after":"3c13d040eb77e6bb53677ebfb5102d5b11d70ed6","ref":"refs/heads/snyk-fix-a543fdc169bb0f0f51ff15bd0db62bd5","pushedAt":"2023-11-03T20:19:15.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"fix: Documentation/requirements.txt to reduce vulnerabilities\n\n\nThe following vulnerabilities are fixed by pinning transitive dependencies:\n- https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512","shortMessageHtmlLink":"fix: Documentation/requirements.txt to reduce vulnerabilities"}},{"before":null,"after":"409b2e60f8340aa8e2a6749516611cc19b35ac25","ref":"refs/heads/snyk-fix-a543fdc169bb0f0f51ff15bd0db62bd5","pushedAt":"2023-11-03T20:19:14.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"MaxMood96","name":null,"path":"/MaxMood96","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/78621426?s=80&v=4"},"commit":{"message":"ipcache: Use incremental policy updates\n\nPreviously, this kube-apiserver code would trigger policy updates\nglobally with no synchronization to the policymap updates. This would\nensure a full re-evaluation of the policy for all endpoints, rather than\njust targeting the policy updates that need to occur as a result of the\nipcache metadata injection (for associating the kube-apiserver label\nwith specific IP addresses).\n\nReuse EndpointManager.UpdatePolicyMaps() to ensure synchronous updates\nof the underlying BPF policymaps, which should improve the ability to\nconsistently apply policy whenever there is an update involving the\nkube-apiserver (for instance, if it moves to another node).\n\nThis will also serve as a basis to improve more general metadata\nassociation with addresses as planned in upcoming changes.\n\nNote that this will change the locking behaviour where previously, this\ncritical section would only synchronize the SelectorCache while holding\nthe IPcache, and asynchronously update the datapath. Now, policy map\nupdates for each endpoint will be performed while holding the IPcache\nlock. This includes potentially updating the proxy policy.\n\nSigned-off-by: Joe Stringer <joe@cilium.io>","shortMessageHtmlLink":"ipcache: Use incremental policy updates"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyNC0wNy0yNFQyMDozNDo1Ni4wMDAwMDBazwAAAASIWsR7","startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wNy0yNFQyMDozNDo1Ni4wMDAwMDBazwAAAASIWsR7","endCursor":"Y3Vyc29yOnYyOpK7MjAyMy0xMS0wM1QyMDoxOToxNC4wMDAwMDBazwAAAAOnCdyS"}},"title":"Activity · Mement-Mori/cilium"}