Merge https://github.com/project-velero/kopia:v0.17.0-velero.1 (e07d5b7) into oadp-1.4#39
Merged
weshayutin merged 232 commits intoJul 6, 2026
Merged
Conversation
) Bumps [electron](https://github.com/electron/electron) from 26.1.0 to 26.2.1. - [Release notes](https://github.com/electron/electron/releases) - [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md) - [Commits](electron/electron@v26.1.0...v26.2.1) --- updated-dependencies: - dependency-name: electron dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.21.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@00e563e...04daf01) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…kopia#3327) Bumps the common-golang-dependencies group with 9 updates: | Package | From | To | | --- | --- | --- | | [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.32.0` | `1.33.0` | | [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) | `1.7.1` | `1.7.2` | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.17.0` | `1.18.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.17.0` | `1.18.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.12.0` | `0.13.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.14.0` | `0.15.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.11.0` | `0.12.0` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.138.0` | `0.141.0` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.58.0` | `1.58.1` | Updates `cloud.google.com/go/storage` from 1.32.0 to 1.33.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@pubsub/v1.32.0...pubsub/v1.33.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.7.1 to 1.7.2 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.7.1...sdk/azcore/v1.7.2) Updates `go.opentelemetry.io/otel` from 1.17.0 to 1.18.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.17.0...v1.18.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.17.0 to 1.18.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.17.0...v1.18.0) Updates `golang.org/x/crypto` from 0.12.0 to 0.13.0 - [Commits](golang/crypto@v0.12.0...v0.13.0) Updates `golang.org/x/net` from 0.14.0 to 0.15.0 - [Commits](golang/net@v0.14.0...v0.15.0) Updates `golang.org/x/oauth2` from 0.11.0 to 0.12.0 - [Commits](golang/oauth2@v0.11.0...v0.12.0) Updates `google.golang.org/api` from 0.138.0 to 0.141.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.138.0...v0.141.0) Updates `google.golang.org/grpc` from 1.58.0 to 1.58.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.58.0...v1.58.1) --- updated-dependencies: - dependency-name: cloud.google.com/go/storage dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common-golang-dependencies - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common-golang-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…kopia#3329) Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.16.7 to 1.17.0. - [Release notes](https://github.com/klauspost/compress/releases) - [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml) - [Commits](klauspost/compress@v1.16.7...v1.17.0) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.25.0 to 1.26.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](uber-go/zap@v1.25.0...v1.26.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump docker/setup-qemu-action from 2 to 3 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v2...v3) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --- * use commit id to pin setup-qemu-action to v3.0.0 * upgrade setup-buildx-action * pin actions/download-artifact to v3.0.2 (using commit id) * pin action-homebrew-bump-formula to v3.10.0 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Julio <1953782+julio-lopez@users.noreply.github.com>
* Name policy tests to make debugging easier * Keep the case-# for test name to make specifying easier. move name to the message field of the test
…ation to handle secrets (kopia#3351)
…opia#3336) * - Fixed missing window in cases where external displays were detached - Maximize the window now works as expected * Dummy commit * Another dummy commit * Comment out another section * Another try * Another one * Should now finish * Add hash of display configuration * Restoring window state based on a configuration --------- Co-authored-by: lupusA <lupuapps@gmail.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@3df4ab1...8ade135) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…kopia#3353) Bumps the common-golang-dependencies group with 2 updates: [google.golang.org/api](https://github.com/googleapis/google-api-go-client) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `google.golang.org/api` from 0.141.0 to 0.143.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.141.0...v0.143.0) Updates `google.golang.org/grpc` from 1.58.1 to 1.58.2 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.58.1...v1.58.2) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common-golang-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.7 to 2.21.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@04daf01...6a28655) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Fix policy target name in help text --------- Co-authored-by: lupusA <lupuapps@gmail.com>
…kopia#3364) Reorder streaming file upload defer functions slightly so the reader is closed prior to calling FinishedFile. This allows folks who hook into those callbacks to make stronger assumptions about the ordering/state of things if needed.
) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.8 to 2.21.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@6a28655...ddccb87) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…kopia#3370) Bumps the common-golang-dependencies group with 3 updates: [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang), [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) and [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go). Updates `github.com/prometheus/client_golang` from 1.16.0 to 1.17.0 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.16.0...v1.17.0) Updates `go.opentelemetry.io/otel` from 1.18.0 to 1.19.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.18.0...v1.19.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.18.0 to 1.19.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.18.0...v1.19.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the kopia-ui-npm-dependencies group in /app with 4 updates: [uuid](https://github.com/uuidjs/uuid), [@playwright/test](https://github.com/Microsoft/playwright), [electron](https://github.com/electron/electron) and [electron-builder](https://github.com/electron-userland/electron-builder/tree/HEAD/packages/electron-builder). Updates `uuid` from 9.0.0 to 9.0.1 - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.0...v9.0.1) Updates `@playwright/test` from 1.37.1 to 1.38.1 - [Release notes](https://github.com/Microsoft/playwright/releases) - [Commits](microsoft/playwright@v1.37.1...v1.38.1) Updates `electron` from 26.2.1 to 26.2.4 - [Release notes](https://github.com/electron/electron/releases) - [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md) - [Commits](electron/electron@v26.2.1...v26.2.4) Updates `electron-builder` from 24.6.3 to 24.6.4 - [Release notes](https://github.com/electron-userland/electron-builder/releases) - [Changelog](https://github.com/electron-userland/electron-builder/blob/master/packages/electron-builder/CHANGELOG.md) - [Commits](https://github.com/electron-userland/electron-builder/commits/v24.6.4/packages/electron-builder) --- updated-dependencies: - dependency-name: uuid dependency-type: direct:production update-type: version-update:semver-patch dependency-group: kopia-ui-npm-dependencies - dependency-name: "@playwright/test" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: kopia-ui-npm-dependencies - dependency-name: electron dependency-type: direct:development update-type: version-update:semver-patch dependency-group: kopia-ui-npm-dependencies - dependency-name: electron-builder dependency-type: direct:development update-type: version-update:semver-patch dependency-group: kopia-ui-npm-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…pia#3323) * Improve RunMissed algorithm to work better with Cron and to give more predictable results for time-of-day rules * Add a RunMissed test for multiple times-of-day * add variable to improve code-readability * Fix test after rebase
* refactor(repository): added fs.DirectoryIterator This significantly reduces number of small allocations while taking snapshots of lots of files, which leads to faster snapshots. ``` $ runbench --kopia-exe ~/go/bin/kopia \ --compare-to-exe ~/go/bin/kopia-baseline --min-duration 30s \ ./snapshot-linux-parallel-4.sh DIFF duration: current:5.1 baseline:5.8 change:-13.0 % DIFF repo_size: current:1081614127.6 baseline:1081615302.8 change:-0.0 % DIFF num_files: current:60.0 baseline:60.0 change:0% DIFF avg_heap_objects: current:4802666.0 baseline:4905741.8 change:-2.1 % DIFF avg_heap_bytes: current:737397275.2 baseline:715263289.6 change:+3.1 % DIFF avg_ram: current:215.0 baseline:211.5 change:+1.6 % DIFF max_ram: current:294.8 baseline:311.4 change:-5.3 % DIFF avg_cpu: current:167.3 baseline:145.3 change:+15.1 % DIFF max_cpu: current:227.2 baseline:251.0 change:-9.5 % ``` * changed `Next()` API * mechanical move of the iterator to its own file * clarified comment * pr feedback * mechanical move of all localfs dependencies on os.FileInfo to a separate file * Update fs/entry.go Co-authored-by: ashmrtn <3891298+ashmrtn@users.noreply.github.com> * Update fs/entry_dir_iterator.go Co-authored-by: Julio Lopez <1953782+julio-lopez@users.noreply.github.com> * doc: clarified valid results from Next() --------- Co-authored-by: ashmrtn <3891298+ashmrtn@users.noreply.github.com> Co-authored-by: Julio Lopez <1953782+julio-lopez@users.noreply.github.com>
…kopia#3376) Bumps the common-golang-dependencies group with 8 updates: | Package | From | To | | --- | --- | --- | | [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) | `1.7.2` | `1.8.0` | | [github.com/prometheus/client_model](https://github.com/prometheus/client_model) | `0.4.1-0.20230718164431-9a2bf3000d16` | `0.5.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.13.0` | `0.14.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.12.0` | `0.13.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.15.0` | `0.16.0` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.12.0` | `0.13.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.3.0` | `0.4.0` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.143.0` | `0.146.0` | Updates `github.com/Azure/azure-sdk-for-go/sdk/azcore` from 1.7.2 to 1.8.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.7.2...sdk/azcore/v1.8.0) Updates `github.com/prometheus/client_model` from 0.4.1-0.20230718164431-9a2bf3000d16 to 0.5.0 - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](https://github.com/prometheus/client_model/commits/v0.5.0) Updates `golang.org/x/crypto` from 0.13.0 to 0.14.0 - [Commits](golang/crypto@v0.13.0...v0.14.0) Updates `golang.org/x/mod` from 0.12.0 to 0.13.0 - [Commits](golang/mod@v0.12.0...v0.13.0) Updates `golang.org/x/net` from 0.15.0 to 0.16.0 - [Commits](golang/net@v0.15.0...v0.16.0) Updates `golang.org/x/oauth2` from 0.12.0 to 0.13.0 - [Commits](golang/oauth2@v0.12.0...v0.13.0) Updates `golang.org/x/sync` from 0.3.0 to 0.4.0 - [Commits](golang/sync@v0.3.0...v0.4.0) Updates `google.golang.org/api` from 0.143.0 to 0.146.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.143.0...v0.146.0) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: golang.org/x/mod dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.9 to 2.22.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@ddccb87...fdcae64) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@08b4669...483ef80) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0. - [Commits](golang/net@v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix(repository): fixed handling of content.Info Previously content.Info was an interface which was implemented by: * index.InfoStruct * index.indexEntryInfoV1 * index.indexEntryInfoV2 The last 2 implementations were relying on memory-mapped files which in rare cases could be closed while Kopia was still processing them leading to kopia#2599. This changes fixes the bug and strictly separates content.Info (which is now always a struct) from the other two (which were renamed as index.InfoReader and only used inside repo/content/...). In addition to being safer, this _should_ reduce memory allocations. * reduce the size of content.Info with proper alignment. * pr feedback * renamed index.InfoStruct to index.Info
…kopia#3789) Bumps the common-golang-dependencies group with 7 updates: | Package | From | To | | --- | --- | --- | | [github.com/Azure/azure-sdk-for-go/sdk/storage/azblob](https://github.com/Azure/azure-sdk-for-go) | `1.3.1` | `1.3.2` | | [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.24.0` | `1.25.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.24.0` | `1.25.0` | | [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.24.0` | `1.25.0` | | [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) | `1.24.0` | `1.25.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.23.0` | `0.24.0` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.63.0` | `1.63.2` | Updates `github.com/Azure/azure-sdk-for-go/sdk/storage/azblob` from 1.3.1 to 1.3.2 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.3.1...sdk/storage/azblob/v1.3.2) Updates `go.opentelemetry.io/otel` from 1.24.0 to 1.25.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.24.0...v1.25.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.24.0 to 1.25.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.24.0...v1.25.0) Updates `go.opentelemetry.io/otel/sdk` from 1.24.0 to 1.25.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.24.0...v1.25.0) Updates `go.opentelemetry.io/otel/trace` from 1.24.0 to 1.25.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.24.0...v1.25.0) Updates `golang.org/x/net` from 0.23.0 to 0.24.0 - [Commits](golang/net@v0.23.0...v0.24.0) Updates `google.golang.org/grpc` from 1.63.0 to 1.63.2 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.63.0...v1.63.2) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/storage/azblob dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common-golang-dependencies - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: go.opentelemetry.io/otel/sdk dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: go.opentelemetry.io/otel/trace dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: common-golang-dependencies - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common-golang-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…opia#3790) Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.24.9 to 3.24.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@1b1aada...4355270) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ia#3791) Bumps the docker group with 1 update: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action). Updates `docker/setup-buildx-action` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@2b51285...d70bba7) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: docker ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.1 to 4.2.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@c16abc2...7afa10e) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* User profile add set cli changes * Add additional test * get salt length from key deriver * Fixes for failing tests * after shikhars review * lint fixes
…mory allocations (kopia#3754) * refactor(repository): refactored internal index read API to reduce memory allocations * fixed stress test flake, improved debuggability * fixed spurious checklocks failures * post-merge fixes * pr feedback
…kopia#3801) Bumps the common-golang-dependencies group with 2 updates: [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) and [github.com/prometheus/common](https://github.com/prometheus/common). Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.5.1 to 1.5.2 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](Azure/azure-sdk-for-go@sdk/internal/v1.5.1...sdk/internal/v1.5.2) Updates `github.com/prometheus/common` from 0.52.2 to 0.52.3 - [Release notes](https://github.com/prometheus/common/releases) - [Commits](prometheus/common@v0.52.2...v0.52.3) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common-golang-dependencies - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-patch dependency-group: common-golang-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…opia#3803) Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.24.10 to 3.25.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@4355270...df5a14d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…kopia#3802) Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.17.7 to 1.17.8. - [Release notes](https://github.com/klauspost/compress/releases) - [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml) - [Commits](klauspost/compress@v1.17.7...v1.17.8) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Lyndon-Li <lyonghui@vmware.com>
…ded client Add a new function to create the Azure backend storage with the provided client so that we can wrap and reuse the storage implementation on Velero side Signed-off-by: Wenkai Yin(尹文开) <yinw@vmware.com>
… and update dependencies Update Go toolchain to 1.25.8 to address multiple CVEs: - GO-2026-4337, GO-2026-4340 (crypto/tls) - GO-2026-4341 (net/url) - GO-2026-4342 (archive/zip) - CVE-2026-25679 (net/url IPv6 host parsing) - CVE-2026-27137 (crypto/x509 email constraints) Update golang.org/x/* dependencies: - x/crypto v0.49.0 (fixes GHSA-j5w8-q4qc-rx2x, GHSA-f6x5-jh6r-wrfv) - x/net v0.52.0 (fixes GHSA-vvgc-356p-c3xw) - x/sys v0.42.0, x/text v0.35.0, x/term v0.41.0, x/sync v0.20.0 Update go.opentelemetry.io/otel/sdk v1.39.0 → v1.42.0 (fixes GHSA-9h8m-3fm2-qjrq: arbitrary code execution via PATH hijacking) Update google.golang.org/grpc v1.57.0 → v1.79.2 (minimum v1.57.1 required) Update google.golang.org/api and transitive google cloud dependencies Fix Go 1.25 vet errors for non-constant format strings in: - cli/json_output.go: use fmt.Fprint instead of fmt.Fprintf - tests/recovery/recovery_test: use explicit "%s" format for t.Logf Upgrade actions/upload-artifact and download-artifact from v3 to v4 (v3 deprecated) Run npm audit fix in app/ to resolve npm audit failures in CI Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
Bump vulnerable dependencies to their fixed versions: - github.com/golang-jwt/jwt/v4: v4.5.0 → v4.5.2 - CVE-2025-30204 (HIGH): excessive memory allocation during header parsing - github.com/golang-jwt/jwt/v5: v5.0.0 → v5.2.2 - CVE-2025-30204 (HIGH): excessive memory allocation during header parsing - go.opentelemetry.io/otel/sdk (and related otel packages): v1.42.0 → v1.43.0 - CVE-2026-39883: arbitrary code execution via PATH - golang.org/x/crypto: v0.49.0 → v0.52.0 - CVE-2024-45337: authorization bypass via PublicKeyCallback - CVE-2025-22869: DoS in SSH key exchange - CVE-2025-47913: SSH client panic via unexpected SSH_AGENT_SUCCESS - CVE-2026-39827: channel resource leak DoS - CVE-2026-39828: unauthorized command execution via discarded permissions - CVE-2026-39829: DoS via crafted public key with excessive parameters - CVE-2026-39830: DoS via resource leak from unsolicited SSH responses - CVE-2026-39835: CertChecker auth bypass - CVE-2026-42508: revocation bypass via unchecked SignatureKey - CVE-2026-46595: authorization bypass due to skipped source-address validation - CVE-2026-46597: server-side panic via incorrect cast - golang.org/x/net: v0.52.0 → v0.55.0 - CVE-2023-39325: HTTP/2 rapid stream resets DoS - CVE-2023-45288: HTTP/2 CONTINUATION frames DoS - CVE-2024-45338: non-linear HTML parsing - CVE-2026-25680: excessive CPU during HTML parsing - CVE-2026-25681: HTML render memory issue - CVE-2026-27136: HTML render memory issue - CVE-2026-33814: HTTP/2 SETTINGS_MAX_FRAME_SIZE DoS - CVE-2026-39821: privilege escalation via incorrect Punycode processing - CVE-2026-42502: HTML render issue - CVE-2026-42506: HTML render issue Co-authored-by: Cursor <cursoragent@cursor.com>
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
|
/ok-to-test |
|
/ok-to-test |
Joeavaikath
approved these changes
Jul 6, 2026
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: Joeavaikath, oadp-rebasebot-app[bot], weshayutin The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.