Preparing for 0.9.4 patch release#318
Merged
paras-gupta2 merged 63 commits intorelease/0.9.xfrom Mar 12, 2026
Merged
Conversation
Match LICENSE file.
…quick-anteater Add artifacts manifest (automatically generated)
[SecVul] Update aws-sdk-go
* Consume latest version of consul-awsauth dependency * Update CHANGELOG.md
* Remove excess logs in health-sync * Added changelog
* Fix vulnerabiility * Added changelog * Update Dockerfile * Updated golangci-lint version to 1.60.1
--------- Co-authored-by: João Rafael <joaoraf@me.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.38.0. - [Commits](golang/net@v0.33.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.38.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vikramarjuna <vkrmrjun@gmail.com>
Pin `docker/setup-qemu-action` to specific commit for stability.
[Compliance] - PR Template Changes Required
Signed-off-by: Manisha Kumari <manisha.kumari@hashicorp.com>
Test with latest consul versions
Testing test cases with latest consul version
Fix AWS SDK v1 CVE
…ase branch. (#317) * Fix the CVE's and alerts from the secvuln ticket and PR * Fix golangci-lint v2.8.0 schema validation error * Add --no-cache flag to apk upgrade for better Docker build reproducibility and update changelog
There was a problem hiding this comment.
Pull request overview
This PR prepares the 0.9.4 patch release by backporting upstream changes, including the AWS SDK v1→v2 migration, security hardening updates (base images/deps), new network partition resilience behavior (service-defaults passive health checks), and accompanying CI/release metadata updates.
Changes:
- Bump product version to
0.9.4and update changelog/release metadata. - Migrate multiple components to AWS SDK v2 and adjust tests/mocks accordingly.
- Add network partition resilience configuration and mesh-init logic to register/merge Consul service-defaults with passive health checks.
Reviewed changes
Copilot reviewed 83 out of 84 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| version/version_test.go | Update copyright header. |
| version/version.go | Bump version; use ReplaceAll. |
| version/non_fips_build.go | Update copyright header. |
| version/fips_build.go | Update copyright header. |
| testutil/iamauthtest/testing.go | Escape request values; handle write errors. |
| testutil/iamauthtest/responses.go | Update copyright header. |
| testutil/iamauthtest/arn.go | Update copyright header. |
| testutil/fake-command.go | Update copyright header. |
| testutil/consul.go | Update copyright header. |
| testutil/config.go | Update copyright header. |
| testutil/aws.go | Harden env set/unset handling in tests. |
| subcommand/version/command.go | Update copyright header. |
| subcommand/net-dial/command_test.go | Check listener close errors in tests. |
| subcommand/net-dial/command.go | Warn on connection close error. |
| subcommand/mesh-init/command_test.go | Add tests for service-defaults registration helpers. |
| subcommand/mesh-init/command.go | Register service-defaults for resilience mode. |
| subcommand/mesh-init/checks_test.go | Update copyright header. |
| subcommand/mesh-init/checks.go | Update copyright header. |
| subcommand/health-sync/dataplane_monitor.go | Update copyright header. |
| subcommand/health-sync/command_test.go | Switch to SDK v2 types; new stability assertion. |
| subcommand/health-sync/command.go | Prevent syncing after SIGTERM begins. |
| subcommand/health-sync/checks_test.go | Switch to SDK v2 types in tests. |
| subcommand/health-sync/checks.go | Switch to SDK v2 types; adjust logging. |
| subcommand/envoy-entrypoint/task-monitor.go | Update copyright header. |
| subcommand/envoy-entrypoint/command_windows.go | Update copyright header. |
| subcommand/envoy-entrypoint/command_unix_test.go | Switch to SDK v2 types in tests. |
| subcommand/envoy-entrypoint/command_unix.go | Switch to c.Flags() for logging flags merge. |
| subcommand/envoy-entrypoint/command_common.go | Update copyright header. |
| subcommand/controller/command_test.go | Move ent policy const out of OSS test. |
| subcommand/controller/command_ent_test.go | Define ent anon policy const here. |
| subcommand/controller/command.go | Switch controller to SDK v2 ECS client/config. |
| subcommand/app-entrypoint/command_windows.go | Update copyright header. |
| subcommand/app-entrypoint/command_unix_test.go | Remove legacy build tag line. |
| subcommand/app-entrypoint/command_unix.go | Remove legacy build tag line; use c.Flags(). |
| subcommand/app-entrypoint/command_common.go | Update copyright header. |
| scan.hcl | Update copyright header. |
| main.go | Update copyright header. |
| logging/logger_test.go | Update copyright header. |
| logging/logger.go | Update copyright header. |
| internal/redirecttraffic/redirect_traffic_test.go | Update copyright header. |
| internal/redirecttraffic/redirect_traffic.go | Update copyright header. |
| internal/dns/dns_test.go | Update copyright header. |
| internal/dns/dns.go | Update copyright header. |
| internal/dataplane/dataplane_json.go | Update copyright header. |
| internal/dataplane/dataplane_config_test.go | Update copyright header. |
| internal/dataplane/dataplane_config.go | Update copyright header. |
| hack/generate-config-reference/schema.go | Update copyright header. |
| hack/generate-config-reference/main.go | Update copyright header. |
| go.sum | Update dependency checksums for SDK v2 + bumps. |
| go.mod | Switch dependencies to SDK v2; bump Go version. |
| entrypoint/cmd.go | Use promoted Start/Wait on embedded exec.Cmd. |
| controller/resource_test.go | Update tests for ECS SDK v2 task/tag types. |
| controller/resource.go | Migrate ECS listing/describing to SDK v2. |
| controller/policy.go | Update copyright header. |
| controller/mocks/sm_client.go | Update Secrets Manager mock for SDK v2. |
| controller/mocks/ecs_client.go | Update ECS mock for SDK v2 + pagination. |
| controller/controller_test.go | Update copyright header. |
| controller/controller.go | Update copyright header. |
| config/validate_test.go | Update copyright header. |
| config/validate.go | Update copyright header. |
| config/types_test.go | Update copyright header. |
| config/types.go | Add resilience/outlier detection config types + defaults. |
| config/schema.json | Add networkResilienceConfig schema and reformat. |
| config/schema.go | Update copyright header. |
| config/config_test.go | Update copyright header. |
| config/config.go | Migrate AWS config/credentials loading to SDK v2. |
| commands.go | Update copyright header. |
| build-scripts/version.sh | Update copyright header. |
| awsutil/awsutil_test.go | Update tests for NewAWSConfig and SDK v2 types. |
| awsutil/awsutil.go | Replace session with SDK v2 config + middleware UA. |
| Makefile | Allow ARCH override (use ?=). |
| LICENSE | Update copyright line. |
| Dockerfile | Bump Go/Alpine; run apk upgrade; update go-discover ref. |
| CHANGELOG.md | Add unreleased notes for backported changes. |
| .release/security-scan.hcl | Add empty triage suppress block. |
| .release/release-metadata.hcl | Update copyright header. |
| .release/consul-ecs-artifacts.hcl | Add artifacts manifest for release outputs. |
| .release/ci.hcl | Update copyright header. |
| .golangci.yml | Update config format; move gofmt to formatters. |
| .go-version | Bump Go toolchain version. |
| .github/workflows/test.yml | Update triggers, runners, lint action/version, Consul test matrix. |
| .github/workflows/security-scan.yml | Pin runner to ubuntu-22.04. |
| .github/workflows/reusable-get-go-version.yml | Pin runner to ubuntu-22.04. |
| .github/workflows/build.yml | Add PR trigger; refactor builds; Docker-based FIPS build. |
| .github/pull_request_template.md | Add PCI checklist section. |
| .github/containers/ubuntu/fips-build-Dockerfile | Add Ubuntu-based FIPS build container. |
| .github/CODEOWNERS | Add team-consul-platform and widen release ownership. |
| .dockerignore | Allowlist source for Docker/FIPS builds. |
Comments suppressed due to low confidence (1)
subcommand/health-sync/command_test.go:723
- This adds a hard-coded 5s polling loop (plus sleeps) to every non-missing-dataplane gateway test case, which will noticeably slow the unit test suite and can increase flakiness on slower CI runners. Consider basing the wait duration on
syncChecksInterval(e.g., a small multiple) or usingrequire.Never/require.Eventuallywith a shorter timeout and tighter assertions.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
paras-gupta2
temporarily deployed
to
dockerhub/hashicorpdev
GitHub Actions
Inactive
paras-gupta2
force-pushed
the
backport-0.9.4
branch
from
b0174a7 to
b6ebd4f
Compare
paras-gupta2
temporarily deployed
to
dockerhub/hashicorpdev
GitHub Actions
Inactive
kswap
reviewed
Mar 5, 2026
paras-gupta2
temporarily deployed
to
dockerhub/hashicorpdev
GitHub Actions
Inactive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes proposed in this PR:
Checklist: