Bump github.com/hashicorp/nomad from 1.4.4 to 1.4.6

[dependabot]

Bumps github.com/hashicorp/nomad from 1.4.4 to 1.4.6.

Release notes

Sourced from github.com/hashicorp/nomad's releases.

v1.4.6

1.4.6 (March 10, 2023)

SECURITY:

• variables: Fixed a bug where a workload-associated policy with a deny capability was ignored for the workload's own variables CVE-2023-1296 [GH-16349]

IMPROVEMENTS:

• env/ec2: update cpu metadata [GH-16417]

BUG FIXES:

• client: Fixed a bug that prevented allocations with interpolated values in Consul services from being marked as healthy [GH-16402]
• client: Fixed a bug where clients used the serf advertise address to connect to servers when using Consul auto-discovery [GH-16217]
• docker: Fixed a bug where pause containers would be erroneously removed [GH-16352]
• scheduler: Fixed a bug where collisions in dynamic port offerings would result in spurious plan-for-node-rejected errors [GH-16401]
• server: Fixed a bug where deregistering a job that was already garbage collected would create a new evaluation [GH-16287]
• server: Fixed a bug where node updates that produced errors from service discovery or CSI plugin updates were not logged [GH-16287]
• server: Fixed a bug where the system reconcile summaries command and API would not return any scheduler-related errors [GH-16287]

v1.4.5

1.4.5 (March 01, 2023)

BREAKING CHANGES:

• core: Ensure no leakage of evaluations for batch jobs. Prior to this change allocations and evaluations for batch jobs were never garbage collected until the batch job was explicitly stopped. The new batch_eval_gc_threshold server configuration controls how often they are collected. The default threshold is 24h. [GH-15097]

IMPROVEMENTS:

• api: improved error returned from AllocFS.Logs when response is not JSON [GH-15558]
• build: Update to go1.19.5 [GH-15769]
• build: Update to go1.20 [GH-16029]
• cli: Added -wait flag to deployment status for use with -monitor mode [GH-15262]
• cli: Added tls command to enable creating Certificate Authority and Self signed TLS certificates. There are two sub commands tls ca and tls cert that are helpers when creating certificates. [GH-14296]
• client: detect and cleanup leaked iptables rules [GH-15407]
• consul: add client configuration for grpc_ca_file [GH-15701]
• deps: Update google.golang.org/grpc to v1.51.0 [GH-15402]
• docs: link to an envoy troubleshooting doc when envoy bootstrap fails [GH-15908]
• env/ec2: update cpu metadata [GH-15770]
• fingerprint: Detect CNI plugins and set versions as node attributes [GH-15452]
• scheduler: allow using device IDs in affinity and constraint [GH-15455]
• ui: Add a button for expanding the Task sidebar to full width [GH-15735]
• ui: Made task rows in Allocation tables look more aligned with their parent [GH-15363]
• ui: Show events alongside logs in the Task sidebar [GH-15733]
• ui: The web UI will now show canary_tags of services anyplace we would normally show tags. [GH-15458]

DEPRECATIONS:

... (truncated)

Changelog

Sourced from github.com/hashicorp/nomad's changelog.

1.4.6 (March 10, 2023)

SECURITY:

• variables: Fixed a bug where a workload-associated policy with a deny capability was ignored for the workload's own variables CVE-2023-1296 [GH-16349]

IMPROVEMENTS:

• env/ec2: update cpu metadata [GH-16417]

BUG FIXES:

• client: Fixed a bug that prevented allocations with interpolated values in Consul services from being marked as healthy [GH-16402]
• client: Fixed a bug where clients used the serf advertise address to connect to servers when using Consul auto-discovery [GH-16217]
• docker: Fixed a bug where pause containers would be erroneously removed [GH-16352]
• scheduler: Fixed a bug where collisions in dynamic port offerings would result in spurious plan-for-node-rejected errors [GH-16401]
• server: Fixed a bug where deregistering a job that was already garbage collected would create a new evaluation [GH-16287]
• server: Fixed a bug where node updates that produced errors from service discovery or CSI plugin updates were not logged [GH-16287]
• server: Fixed a bug where the system reconcile summaries command and API would not return any scheduler-related errors [GH-16287]

1.4.5 (March 01, 2023)

BREAKING CHANGES:

• core: Ensure no leakage of evaluations for batch jobs. Prior to this change allocations and evaluations for batch jobs were never garbage collected until the batch job was explicitly stopped. The new batch_eval_gc_threshold server configuration controls how often they are collected. The default threshold is 24h. [GH-15097]

IMPROVEMENTS:

• api: improved error returned from AllocFS.Logs when response is not JSON [GH-15558]
• cli: Added -wait flag to deployment status for use with -monitor mode [GH-15262]
• cli: Added tls command to enable creating Certificate Authority and Self signed TLS certificates. There are two sub commands tls ca and tls cert that are helpers when creating certificates. [GH-14296]
• client: detect and cleanup leaked iptables rules [GH-15407]
• consul: add client configuration for grpc_ca_file [GH-15701]
• deps: Update google.golang.org/grpc to v1.51.0 [GH-15402]
• docs: link to an envoy troubleshooting doc when envoy bootstrap fails [GH-15908]
• env/ec2: update cpu metadata [GH-15770]
• fingerprint: Detect CNI plugins and set versions as node attributes [GH-15452]
• scheduler: allow using device IDs in affinity and constraint [GH-15455]
• ui: Add a button for expanding the Task sidebar to full width [GH-15735]
• ui: Made task rows in Allocation tables look more aligned with their parent [GH-15363]
• ui: Show events alongside logs in the Task sidebar [GH-15733]
• ui: The web UI will now show canary_tags of services anyplace we would normally show tags. [GH-15458]

DEPRECATIONS:

• api: The connect ConsulExposeConfig.Path field is deprecated in favor of ConsulExposeConfig.Paths [GH-15541]
• api: The connect ConsulProxy.ExposeConfig field is deprecated in favor of ConsulProxy.Expose [GH-15541]

BUG FIXES:

... (truncated)

Commits

• f09f4d0 Generate files for 1.4.6 release
• 5e5140e acl: respect deny capabilities on job's own variables
• 0815277 Backport of env/aws: update ec2 cpu info data into release/1.4.x (#16430)
• 6972a2e Backport of docker: fix bug where network pause containers would be erroneous...
• 070c018 Backport of allocrunner: fix health check monitoring for Consul services into...
• 7c3d451 Backport of scheduling: prevent self-collision in dynamic port network offeri...
• b2fc889 chore: update website scripts (release/1.4.x) (#16386)
• 7c3f107 deps: Update ioutil deprecated library references to os and io respectively i...
• bce89a7 backport of commit da4e46be307bcaa0a85c3c141b409c5b75361bab (#16394)
• db7dbde Update ioutil library references to os and io respectively for command (#16388)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[JanMa]

dependabot recreate

[JanMa]

@dependabot recreate