Bump github.com/hashicorp/nomad from 1.0.4 to 1.2.6

[dependabot]

Bumps github.com/hashicorp/nomad from 1.0.4 to 1.2.6.

Release notes

Sourced from github.com/hashicorp/nomad's releases.

v1.2.6

1.2.6 (February 9, 2022)

BACKWARDS INCOMPATIBILITIES:

• ACL authentication is now required for the Nomad API job parse endpoint to address a potential security vulnerability

SECURITY:

• Add ACL requirement and HCL validation to the job parse API endpoint to prevent excessive CPU usage. CVE-2022-24685 [GH-12038]
• Fix race condition in use of go-getter that could cause a client agent to download the wrong artifact into the wrong destination. CVE-2022-24686 [GH-12036]
• Prevent panic in spread iterator during allocation stop. CVE-2022-24684 [GH-12039]
• Resolve symlinks to prevent unauthorized access to files outside the allocation directory. CVE-2022-24683 [GH-12037]

v1.2.5

1.2.5 (February 1, 2022)

BUG FIXES:

• csi: Fixed a bug where garbage collected allocations could block new claims on a volume [GH-11890]
• csi: Fixed a bug where releasing volume claims would fail with ACL errors after leadership transitions. [GH-11891]
• csi: Unmount volumes from the client before sending unpublish RPC [GH-11892]
• template: Fixed a bug where client template configuration that did not include any of the new 1.2.4 configuration options could result in none of the configuration getting set. [GH-11902]

v1.2.4

1.2.4 (January 18, 2022)

FEATURES:

• ui: Add filters to allocations table in jobs/job/allocation view [GH-11544]

IMPROVEMENTS:

• agent/config: Allow binding the HTTP server to multiple addresses. [GH-11582]
• agent: Added ui configuration block [GH-11555]
• api: Add pagination and filtering to Evaluations List API [GH-11648]
• api: Added pagination to deployments list API [GH-11743]
• api: Improve error message returned by Operator.LicenseGet [GH-11644]
• api: Return a HTTP 404 instead of a HTTP 500 from the Stat File and List Files API endpoints when a file or directory is not found. [GH-11482]
• api: Updated the CSI volumes list API to respect wildcard namespaces [GH-11724]
• api: Updated the deployments list API to respect wildcard namespaces [GH-11743]
• api: Updated the evaluations list API to respect wildcard namespaces [GH-11710]
• api: return HTTP204 on CORS pre-flight checks and allow dot in CORS header keys. [GH-11323]
• cli: Add -var and -var-file to the command line printed by job plan [GH-11631]
• cli: Add event stream capture to nomad operator debug [GH-11865]
• cli: Added a nomad eval list command. [GH-11675]
• cli: Made the operator raft info, operator raft logs, operator raft state, and operator snapshot state commands visible to command line help. [GH-11682]
• cli: Return non-zero exit code from monitor if deployment fails [GH-11550]
• cli: provide -no-shutdown-delay option to job stop and alloc stop commands to ignore shutdown_delay [GH-11596]
• core: allow setting and propagation of eval priority on job de/registration [GH-11532]

... (truncated)

Changelog

Sourced from github.com/hashicorp/nomad's changelog.

1.2.6 (February 9, 2022)

BACKWARDS INCOMPATIBILITIES:

• ACL authentication is now required for the Nomad API job parse endpoint to address a potential security vulnerability

SECURITY:

• Add ACL requirement and HCL validation to the job parse API endpoint to prevent excessive CPU usage. CVE-2022-24685 [GH-12038]
• Fix race condition in use of go-getter that could cause a client agent to download the wrong artifact into the wrong destination. CVE-2022-24686 [GH-12036]
• Prevent panic in spread iterator during allocation stop. CVE-2022-24684 [GH-12039]
• Resolve symlinks to prevent unauthorized access to files outside the allocation directory. CVE-2022-24683 [GH-12037]

1.2.5 (February 1, 2022)

BUG FIXES:

• csi: Fixed a bug where garbage collected allocations could block new claims on a volume [GH-11890]
• csi: Fixed a bug where releasing volume claims would fail with ACL errors after leadership transitions. [GH-11891]
• csi: Unmount volumes from the client before sending unpublish RPC [GH-11892]
• template: Fixed a bug where client template configuration that did not include any of the new 1.2.4 configuration options could result in none of the configuration getting set. [GH-11902]

1.2.4 (January 18, 2022)

FEATURES:

• ui: Add filters to allocations table in jobs/job/allocation view [GH-11544]

IMPROVEMENTS:

• agent/config: Allow binding the HTTP server to multiple addresses. [GH-11582]
• agent: Added ui configuration block [GH-11555]
• api: Add pagination and filtering to Evaluations List API [GH-11648]
• api: Added pagination to deployments list API [GH-11743]
• api: Improve error message returned by Operator.LicenseGet [GH-11644]
• api: Return a HTTP 404 instead of a HTTP 500 from the Stat File and List Files API endpoints when a file or directory is not found. [GH-11482]
• api: Updated the CSI volumes list API to respect wildcard namespaces [GH-11724]
• api: Updated the deployments list API to respect wildcard namespaces [GH-11743]
• api: Updated the evaluations list API to respect wildcard namespaces [GH-11710]
• api: return HTTP204 on CORS pre-flight checks and allow dot in CORS header keys. [GH-11323]
• cli: Add -var and -var-file to the command line printed by job plan [GH-11631]
• cli: Add event stream capture to nomad operator debug [GH-11865]
• cli: Added a nomad eval list command. [GH-11675]
• cli: Made the operator raft info, operator raft logs, operator raft state, and operator snapshot state commands visible to command line help. [GH-11682]
• cli: Return non-zero exit code from monitor if deployment fails [GH-11550]
• cli: provide -no-shutdown-delay option to job stop and alloc stop commands to ignore shutdown_delay [GH-11596]
• core: allow setting and propagation of eval priority on job de/registration [GH-11532]
• deps: Update armon/go-metrics to v0.3.10 [GH-11504]
• driver/docker: Added support for client-wide pids_limit configuration [GH-11526]
• hcl: tolerate empty strings for zero integer values in quota and job specification. [GH-11325]

... (truncated)

Commits

• 95514d5 Release v1.2.6
• a6c6b47 Generate files for 1.2.6 release
• a3319d7 docs: add 1.2.6 to changelog
• c49359a scheduler: prevent panic in spread iterator during alloc stop
• 1aa3b56 api: prevent excessice CPU load on job parse
• b3c0e6a client: check escaping of alloc dir using symlinks
• 6445da9 client: fix race condition in use of go-getter
• 3368af1 Release v1.2.5
• 06d912a Generate files for 1.2.5 release
• f0e1938 docs: add 1.2.5 to changelog
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)