fix(deps): update module github.com/rancher/wrangler to v0.8.11 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/rancher/wrangler	v0.8.6 -> v0.8.11

GitHub Vulnerability Alerts

CVE-2022-43756

Impact

A denial of services (DoS) vulnerability was discovered in Wrangler Git package affecting versions up to and including v1.0.0.

Specially crafted Git credentials can result in a denial of service (DoS) attack on an application that uses Wrangler due to the exhaustion of the available memory and CPU resources. This is caused by a lack of input validation of Git credentials before they are used, which may lead to a denial of service in some cases. This issue can be triggered when accessing both private and public Git repositories.

Workarounds

A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched Wrangler version.

Patches

Patched versions include v1.0.1 and later and the backported tags - v0.7.4-security1, v0.8.5-security1 and v0.8.11.

For more information

If you have any questions or comments about this advisory:

• Reach out to SUSE Rancher Security team for security related inquiries.
• Open an issue in Rancher or Wrangler repository.
• Verify our support matrix and product support lifecycle.

CVE-2022-31249

Impact

A command injection vulnerability was discovered in Wrangler's Git package affecting versions up to and including v1.0.0.

Wrangler's Git package uses the underlying Git binary present in the host OS or container image to execute Git operations. Specially crafted commands can be passed to Wrangler that will change their behavior and cause confusion when executed through Git, resulting in command injection in the underlying host.

Workarounds

A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched Wrangler version.

Patches

Patched versions include v1.0.1 and later and the backported tags - v0.7.4-security1, v0.8.5-security1 and v0.8.11.

For more information

If you have any questions or comments about this advisory:

• Reach out to SUSE Rancher Security team for security related inquiries.
• Open an issue in Rancher or Wrangler repository.
• Verify our support matrix and product support lifecycle.

---

Release Notes

rancher/wrangler (github.com/rancher/wrangler)

v0.8.11

Compare Source

v0.8.10

Compare Source

What's Changed

• Fixed distinct namespaces resolution in Apply by @​snasovich in https://github.com/rancher/wrangler/pull/187

Full Changelog: rancher/wrangler@v0.8.9...v0.8.10

v0.8.9

Compare Source

What's Changed

• fixed permissions errors when applying multiple namespaces by @​paynejacob in https://github.com/rancher/wrangler/pull/183

New Contributors

• @​paynejacob made their first contribution in https://github.com/rancher/wrangler/pull/183

Full Changelog: rancher/wrangler@v0.8.8...v0.8.9

v0.8.8

Compare Source

Added new signals pkg with shutdown func for windows services. The SetupSignalHandler now returns a channel so if you are using something like...

ctx := signals.SetupSignalHandler(context.Background())

There is now a func that returns the context that will do the context.Background call for you so switch to

ctx := signals.SetupSignalContext()

v0.8.7

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.