Taskcluster

Latest version: v65.1.0

Safety actively analyzes 638388 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 5 of 52

60.3.5

GENERAL

▶ [patch]
Switched to use `math/rand/v2` ([new in go1.22](https://tip.golang.org/doc/go1.22#math_rand_v2)), removed [deprecated](https://pkg.go.dev/golang.org/x/sysv0.16.0/windows#OpenCurrentProcessToken) call to `windows.OpenCurrentProcessToken()`, fixed `staticcheck` errors, and added a `staticcheck` GitHub actions workflow for our repo.

▶ [patch]
Upgrades to node v18.19.1, which is a [security release](https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/).

DEPLOYERS

▶ [patch]
Kubernetes lifecycle timeouts correctly set to avoid having 502s.

USERS

▶ [patch] [6795](https://github.com/taskcluster/taskcluster/issues/6795)
Fixes "Raw Log" button in UI that can point to an expired artifact.

60.3.4

GENERAL

▶ [patch]
Upgrades to go1.22.0

USERS

▶ [patch] [6820](https://github.com/taskcluster/taskcluster/issues/6820)
Fixes scope view in the UI. Search by scope shows roles and clients that use given scope.

Automated Package Updates

<details>
<summary>1 Dependabot updates</summary>

* build(deps): bump the deps group with 1 update (ecf946205)

</details>

60.3.3

DEVELOPERS

▶ [patch]

60.3.2

WORKER-DEPLOYERS

▶ [patch]
Worker Runner now checks for termination notice when starting the Google provider.

When Worker Runner runs, the instance may already be scheduled to be shutdown. So on Google provider startup, we now check for this case.

This functionality mimics what's already in place for AWS.

This change also decreases the time Worker Runner checks to see if the instance is scheduled to be shutdown from 30 seconds to 15 seconds on the Google and Azure providers, as they each have a 30 second notice before a hard-shutdown Google: https://cloud.google.com/compute/docs/instances/spot#preemption-process Azure: https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms.

USERS

▶ [patch] [6801](https://github.com/taskcluster/taskcluster/issues/6801)
Fixes a bug in notify service where multiple messages to the same channel were not sent.
Adds `204` status code to the email, matrix, pulse, slack endoints when message was detected to be duplicate and was not sent.

▶ [patch] [6793](https://github.com/taskcluster/taskcluster/issues/6793)
D2G will now ensure that tasks whose max run time is exceeded still have the chance to publish artifacts.
This means that Docker Worker tasks definitions that are run under Generic Worker and are aborted due to
hitting the max run time should still publish the artifacts from the aborted docker container they ran in.

▶ [patch] [6798](https://github.com/taskcluster/taskcluster/issues/6798)
Generic Worker now includes the original Docker Worker task definition in the chain of trust certificate, if the task payload is a Docker Worker task payload. Previously, it was including the internal Generic Worker representation of the task definition.

▶ [patch]
The Task Creator now defaults to a task that only takes 1 minute to run instead of 10 mins, to redue resource consumption. Tutorials updated to reflect change.

Automated Package Updates

<details>
<summary>1 Dependabot updates</summary>

* build(deps): bump aiohttp from 3.9.0 to 3.9.2 in /taskcluster (c7f9d9250)

</details>

60.3.1

USERS

▶ [patch] [6789](https://github.com/taskcluster/taskcluster/issues/6789)
Generic Worker no longer modifies task scopes passed to Taskcluster Proxy.
Previously there was a bug where Taskcluster Proxy would be passed the
d2g-modified scopes by Generic Worker rather than the original task scopes from
the task definition of the `queue.claimWork` response body. If the task was not
also explicitly assigned the required generic-worker scopes, this would result
in HTTP 401 errors from Taskcluster Proxy calls.

This has now been fixed, so that it is sufficient for tasks with a Docker
Worker payload to contain only Docker Worker scopes, not have the associated
generic-worker scopes, yet still work under Generic Worker and use the
Taskcluster Proxy feature without causing HTTP 401 errors.

60.3.0

GENERAL

▶ [patch]
Generic Worker now copies archives to the task user's directory before unarchiving.

WORKER-DEPLOYERS

▶ [minor] [6785](https://github.com/taskcluster/taskcluster/issues/6785)
Generic Worker now exits with exit code 82 if the chain of trust key is missing.

Page 5 of 52

Links

Releases

Has known vulnerabilities

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.