Bump github.com/weaveworks/weave from 2.3.1-0.20180427133448-4da998ab4507+incompatible to 2.6.3+incompatible

[dependabot]

Bumps github.com/weaveworks/weave from 2.3.1-0.20180427133448-4da998ab4507+incompatible to 2.6.3+incompatible.

Release notes

Sourced from github.com/weaveworks/weave's releases.

Weave 2.6.3

Note 2.6.4 was created to relax the iptables blocking rule added in this release, because it turned out to be too strict.

Release 2.6.3

This release has a couple of security improvements, and some other fixes. Note that we still recommend to remove CAP_NET_RAW access from untrusted containers.

• Block non-local traffic to the Weave control port [CVE-2020-8558] #3805
• Tell Linux not to accept router advisory messages [CVE-2020-11091] #3801
• Network Policy Controller: add a metric to show errors while operating #3804
• Network Policy Controller: don't treat named port as a fatal error #3790

Weave 2.6.2

Release 2.6.2

fixes a regression found in 2.6.1 release and fix to prevent CPU spinning

Bug fixes

• Weave Net can not be used in fastdp mode and always falls back to sleeve mode #3781, #3783
• Restrict timeout value passed to pcap library to a value less than 2^31 microseconds to prevent CPU spinning in sleeve mode #3782

Weave 2.6.1

Note a regression was reported #3781 - we advise waiting for resolution before upgrading

Release 2.6.1

support for iptables 1.8 and a bug-fix

Bug fixes

• removes a possible deadlock which could cause Weave Net on node restart to stop connecting to peers and stops responding to API requests #3762 #3763

Other improvements

• Weave Net Kubernetes images by default uses iptables 1.8 with legacy (netfilter) backend with option to choose nftables as iptables backend #3465, #3747

Weave Net 2.6.0

Release 2.6.0

This release reduces CPU and memory usage in larger clusters, by sending notifications to a smaller set of peers and coalescing updates to reduce topology recalculation. #3715, #3732

The default soft limit on connections has been raised from 100 to 200.

Bug fixes

... (truncated)

Changelog

Sourced from github.com/weaveworks/weave's changelog.

Release 2.8.1

Fixes a problem introduced in 2.8.0 for machines whose ID is in /etc/machine-id #3886 Many thanks to contributor @​avestuk for this fix.

Also move Kubernetes API calls out of Weave Net daemon #3885

• this reduces the size of the 'weaver' binary and stops it crashing when run on 32-bit ARM.

Release 2.8.0

This release makes some important changes to trim the "attack surface" of the Kubernetes install, and improves a couple of reported issues.

• Workaround to fix ipset conflict with iptables #3851, #3882
• Kubernetes: move kernel and CNI setup to init container #3880
• For K8s, stop running in host PID namespace #3876
• NetworkPolicy: avoid logging dropped packets that were not actually dropped #3852
• Build with Go version 1.15.6 #3883

Many thanks to contributors @​drigz, @​KevDBG and @​NeonSludge.

Full list of changes

Release 2.7.0

This release improves resiliency in a number of areas, and extends the Prometheus metrics exported by Weave Net.

Change in behaviour: on Kubernetes, the client source IP is preserved when calling from a pod to a service. This feature, introduced in version 2.4.0 and previously turned on by setting NO_MASQ_LOCAL=1 is now on by default. #3389, #3756

Features

• Reload router iptables rules if they get cleared, e.g. when firewalld restarts. #3802 (weave-npc rules are not reloaded)
• Add new type and encryption labels to weave_connections metric #3788, #3789
• Weave Net now exports Go metrics for heap size, garbage collection, etc. #3838
• Register container name and its network aliases with weaveDNS #3084, #3090
• Make DNS listen address configurable #1770, #3231

Bug fixes

• weave-npc could crash if you deleted a Kubernetes Namespace containing pods #3833, #3836
• Ensure that weave-npc exits and restarts if it crashes #3764, #3792, #3841
• Avoid weave-kube failing on startup due to iptables lock #3828, #3835

Build and test

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.