Skip to content

Bump scality/cloudserver from 9.2.37 to 9.3.6 in /env/default#144

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/docker/env/default/scality/cloudserver-9.3.6
Closed

Bump scality/cloudserver from 9.2.37 to 9.3.6 in /env/default#144
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/docker/env/default/scality/cloudserver-9.3.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 9, 2026
edited
Loading

Bumps scality/cloudserver from 9.2.37 to 9.3.6.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file docker Pull requests that update docker code labels Apr 9, 2026
@dependabot dependabot Bot requested a review from dvasilas as a code owner April 9, 2026 18:46
@dependabot dependabot Bot mentioned this pull request Apr 9, 2026
Closed
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 9, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.46%. Comparing base (ae5338f) to head (0bde9c4).
⚠️ Report is 20 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #144   +/-   ##
=======================================
  Coverage   76.46%   76.46%           
=======================================
  Files          22       22           
  Lines        1942     1942           
=======================================
  Hits         1485     1485           
  Misses        366      366           
  Partials       91       91
Flag Coverage Δ
unit 76.46% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dependabot dependabot Bot force-pushed the dependabot/docker/env/default/scality/cloudserver-9.3.6 branch from 13bf726 to e198b0f Compare April 15, 2026 09:09
github-actions[bot]
github-actions Bot approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Bump Evaluation

Version change: scality/cloudserver 9.2.34 → 9.3.6 (minor bump, Docker image in e2e test environment)

Changes:

  • Access logging: TLS info now reads from proxy headers
  • New aclRequired field added to server access logs
  • LastModified date format changed to ISO string in XML responses
  • Added missing headers for encrypted object operations
  • Bucket rate limiting API methods in logging operations
  • Server response header made configurable

Breaking changes: None

Security concerns: None — this is an internal Scality image used only in the e2e test environment; no new attack surface exposed

Impact on codebase: The codebase already fully supports all new fields (aclRequired, tlsVersion) in both the ClickHouse schema (pkg/testutil/clickhouse.go) and log record processing (pkg/logcourier/logrecord.go, logobject.go). E2e tests in acl_required_test.go and tls_fields_test.go actively validate these fields. The LastModified format change is transparent (handled by AWS SDK). No code changes required.

Recommendation: SAFE TO MERGE

Notes: CI checks are still in progress at time of review. Ensure "Build and test" and "End-to-end tests" pass before merging.

— Claude Code

@dependabot dependabot Bot changed the title Bump scality/cloudserver from 9.2.34 to 9.3.6 in /env/default Bump scality/cloudserver from 9.2.36 to 9.3.6 in /env/default Apr 20, 2026
@dependabot dependabot Bot force-pushed the dependabot/docker/env/default/scality/cloudserver-9.3.6 branch from e198b0f to 4f9796a Compare April 20, 2026 07:11
github-actions[bot]
github-actions Bot approved these changes Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Bump Evaluation

Version change: scality/cloudserver 9.2.36 → 9.3.6 (minor bump, Docker image for e2e tests)
Semver bump type: Minor (9.2 → 9.3)
CI status: In progress (no failures)

Changes across 9.3.x line:

  • 9.3.0: AWS SDK v3 migration, nested XML for bucket quota, ListObjectsV2 optional attributes
  • 9.3.1-9.3.2: Async/await refactoring, signature requirement relaxation (x-amz-content-sha256)
  • 9.3.3-9.3.4: GetObjectAttributes API support
  • 9.3.5: LastModified date format changed to ISO string, TLS info in access logs
  • 9.3.6: Bucket rate limiting in logging, LastModified date fix, encrypted upload header fix

Breaking changes: None documented or detected

Security concerns: None — no suspicious patterns, no new transitive dependencies, no sensitive code path changes

Impact on codebase:

  • Access log format changes (TLS fields, turn-around time, assumed-role ARNs): Already supported — LogRecord struct in pkg/logcourier/logrecord.go already defines TurnAroundTime, CipherSuite, and TlsVersion fields
  • LastModified format change: Not applicable — log-courier does not parse LastModified from S3 responses
  • x-amz-content-sha256 signing change: Not applicable — AWS SDK v2 handles signing automatically
  • GetObjectAttributes API: Not used by log-courier
  • Bucket rate limiting: Handled by existing exponential backoff retry logic in processor.go
  • E2e tests already validate 9.3.x features: TLS fields (tls_fields_test.go), assumed-role ARNs (requester_field_test.go), turn-around time (helpers_test.go)

Recommendation: SAFE TO MERGE

Notes: Only file changed is env/default/values.yaml (e2e test environment Docker image tag). The codebase is fully compatible with all CloudServer 9.3.x changes — no code modifications needed.

— Claude Code

@dependabot dependabot Bot force-pushed the dependabot/docker/env/default/scality/cloudserver-9.3.6 branch from 4f9796a to 49e1615 Compare April 22, 2026 07:46
github-actions[bot]
github-actions Bot approved these changes Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Bump Evaluation

Version change: scality/cloudserver 9.2.36 -> 9.3.6 (minor bump, Docker image in e2e test environment only)

Semver bump type: Minor (9.2 -> 9.3), with 7 intermediate releases (9.3.0 through 9.3.6)

Changes across 9.3.x releases:

  • 9.3.1: Async/await migrations, bucket logging test migrations
  • 9.3.2: Relaxed x-amz-content-sha256 signing requirement, async/await migration
  • 9.3.3: Handle invalid Date header gracefully, GetObjectAttributes API support
  • 9.3.4: Fix GetObjectAttributes versionId query parameter handling
  • 9.3.5: LastModified date format to ISO string in XML, read TLS info from proxy headers in access logs
  • 9.3.6: Bucket rate limiting API methods in bucket logging, encrypted object PUT header support, LastModified date fix

Breaking changes: None documented across any 9.3.x release

Security concerns: None. No CVEs referenced. No suspicious changes in release notes.

Impact on codebase:

  • This image is only used in the e2e test environment (env/default/values.yaml), not in production.
  • Log-courier reads pre-parsed records from ClickHouse by column name, not by position — resilient to field value changes.
  • All access log fields referenced in release notes (aclRequired, turnAroundTime, Requester ARN format, tlsVersion/cipherSuite) are already supported in logrecord.go and tested in dedicated e2e tests (acl_required_test.go, requester_field_test.go).
  • New API operations (GetObjectAttributes, bucket rate limiting) produce new Operation field values that log-courier handles generically — no hardcoded operation filtering.
  • TLS proxy header changes (9.3.5) may alter TLS field values but log-courier treats these as opaque strings.
  • The 26-field format validation in helpers_test.go:307 will catch any unexpected field count changes during e2e tests.

Recommendation: SAFE TO MERGE (once CI is green — checks currently in progress)

— Claude Code

@dependabot
Bump scality/cloudserver from 9.2.37 to 9.3.6 in /env/default
0bde9c4 
Bumps scality/cloudserver from 9.2.37 to 9.3.6.

---
updated-dependencies:
- dependency-name: scality/cloudserver
  dependency-version: 9.3.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump scality/cloudserver from 9.2.36 to 9.3.6 in /env/default Bump scality/cloudserver from 9.2.37 to 9.3.6 in /env/default Apr 24, 2026
@dependabot dependabot Bot force-pushed the dependabot/docker/env/default/scality/cloudserver-9.3.6 branch from 49e1615 to 0bde9c4 Compare April 24, 2026 15:14
github-actions[bot]
github-actions Bot approved these changes Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Bump Evaluation

Version change: scality/cloudserver 9.2.37 -> 9.3.6 (minor)
Semver bump type: Minor (9.2 -> 9.3) with multiple intermediate releases

Changes (9.3.0 - 9.3.6):

  • AWS SDK v3 migration (internal to CloudServer)
  • ListObjectsV2 optional attributes support
  • GetObjectAttributes API (new S3 operation)
  • TLS info from proxy headers in access logs (CLDSRV-851)
  • Bucket rate-limiting API methods added to bucket logging
  • Nested XML input for bucket quota
  • Various bug fixes and test improvements

Breaking changes: None

Security concerns: None - changes are internal refactors, additive features, and bug fixes

Impact on codebase:

  • Only env/default/values.yaml changed (e2e test deployment config)
  • Access log schema uses Nullable(String) for all operation-related fields - new operations (GetObjectAttributes, rate-limit APIs) pass through without code changes
  • TLS field changes (CLDSRV-851) already validated by existing e2e test (tls_fields_test.go)
  • No hardcoded operation whitelists - dynamic handling of any operation type
  • Log-courier reads from ClickHouse, not raw S3 responses - SDK migration has zero impact

Recommendation: SAFE TO MERGE

Notes: CI checks are still in progress. The e2e tests will directly validate CloudServer 9.3.6 compatibility by exercising the full pipeline (CloudServer -> Fluent Bit -> ClickHouse -> log-courier -> S3). Wait for CI to pass before merging.

— Claude Code

@dvasilas dvasilas closed this May 12, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 12, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/docker/env/default/scality/cloudserver-9.3.6 branch May 12, 2026 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@dvasilas dvasilas Awaiting requested review from dvasilas dvasilas is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update docker code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dvasilas