Merge pull request #3748 from telepresenceio/release/v2.21.1

Release 2.21.1

Author: thallgren

CHANGELOG.yml

@@ -43,6 +43,11 @@ items:
           `telepresence.getambassador.io/inject-container-ports` annotation, and it was also required in order to ingest
           such a workload. This was counterintuitive and the requirement was removed. An ingest doesn't use a port.
         docs: https://github.com/telepresenceio/telepresence/issues/3741
+      - type: bugfix
+        title: Upgrade module dependencies to get rid of critical vulnerability.
+        body: >-
+          Upgrade module dependencies to latest available stable. This includes upgrading golang.org/x/crypto, which
+          had critical issues, from 0.30.0 to 0.31.0 where those issues are resolved.
   - version: 2.21.0
     date: 2024-12-13
     notes:

docs/release-notes.md

@@ -8,6 +8,12 @@
 The ability to intercept a workload without a service is built around the `telepresence.getambassador.io/inject-container-ports` annotation, and it was also required in order to ingest such a workload. This was counterintuitive and the requirement was removed. An ingest doesn't use a port.
 </div>
 
+## <div style="display:flex;"><img src="images/bugfix.png" alt="bugfix" style="width:30px;height:fit-content;"/><div style="display:flex;margin-left:7px;">Upgrade module dependencies to get rid of critical vulnerability.</div></div>
+<div style="margin-left: 15px">
+
+Upgrade module dependencies to latest available stable. This includes upgrading golang.org/x/crypto, which had critical issues, from 0.30.0 to 0.31.0 where those issues are resolved.
+</div>
+
 ## Version 2.21.0 <span style="font-size: 16px;">(December 13)</span>
 ## <div style="display:flex;"><img src="images/feature.png" alt="feature" style="width:30px;height:fit-content;"/><div style="display:flex;margin-left:7px;">[Automatic VPN conflict avoidance](reference/vpn)</div></div>
 <div style="margin-left: 15px">

docs/release-notes.mdx

@@ -12,6 +12,10 @@ import { Note, Title, Body } from '@site/src/components/ReleaseNotes'
 	<Title type="bugfix" docs="https://github.com/telepresenceio/telepresence/issues/3741">Allow ingest of serverless deployments without specifying an inject-container-ports annotation</Title>
 	<Body>The ability to intercept a workload without a service is built around the `telepresence.getambassador.io/inject-container-ports` annotation, and it was also required in order to ingest such a workload. This was counterintuitive and the requirement was removed. An ingest doesn't use a port.</Body>
 </Note>
+<Note>
+	<Title type="bugfix">Upgrade module dependencies to get rid of critical vulnerability.</Title>
+	<Body>Upgrade module dependencies to latest available stable. This includes upgrading golang.org/x/crypto, which had critical issues, from 0.30.0 to 0.31.0 where those issues are resolved.</Body>
+</Note>
 ## Version 2.21.0 <span style={{fontSize:'16px'}}>(December 13)</span>
 <Note>
 	<Title type="feature" docs="reference/vpn">Automatic VPN conflict avoidance</Title>

go.mod

@@ -36,7 +36,7 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.10.0
 	github.com/telepresenceio/go-fuseftp/rpc v0.5.0
-	github.com/telepresenceio/telepresence/rpc/v2 v2.21.0
+	github.com/telepresenceio/telepresence/rpc/v2 v2.21.1-rc.0
 	github.com/vishvananda/netlink v1.3.0
 	golang.org/x/exp v0.0.0-20241210194714-1829a127f884
 	golang.org/x/net v0.32.0

pkg/vif/testdata/router/go.mod

@@ -50,7 +50,7 @@ require (
 	github.com/rogpeppe/go-internal v1.13.1 // indirect
 	github.com/spf13/cobra v1.8.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/telepresenceio/telepresence/rpc/v2 v2.21.0 // indirect
+	github.com/telepresenceio/telepresence/rpc/v2 v2.21.1-rc.0 // indirect
 	github.com/vishvananda/netlink v1.3.0 // indirect
 	github.com/vishvananda/netns v0.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect