Update CHANGELOG.md for v1.5.3 release (#3176)

roger2hk · web-flow · commit dbacbf2eb224 · 2023-11-01T20:07:32.000+08:00
* Update CHANGELOG.md for v1.5.3 release * Add /pull/3173 in CHANGELOG.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,15 +2,143 @@
 
 ## HEAD
 
-* Update dependencies
-  * update google.golang.org/grpc to v1.59.0 to fix CVE-2023-44487 (https://github.com/advisories/GHSA-qppj-fm5r-hxr3)
-* Export logserver read counter metric together with logIDs
+## v1.5.3
+
 * Recommended go version for development: 1.20
   * This is the version used by the cloudbuild presubmits. Using a
     different version can lead to presubmits failing due to unexpected
     diffs.
 
-## v.1.5.2
+### Storage
+
+#### MySQL
+
+* mysql: check for error when getting subtrees by @jsha in https://github.com/google/trillian/pull/3173
+
+### Documentation
+
+* Added comments to show how snippets were generated by @mhutchinson in https://github.com/google/trillian/pull/3048
+
+### Misc
+
+* Export logserver read counter metric together with logIDs by @phbnf in https://github.com/google/trillian/pull/3077
+* Register DoFns by @AlCutter in https://github.com/google/trillian/pull/3083
+* Add docker package-ecosystem to Dependabot config by @roger2hk in https://github.com/google/trillian/pull/3038
+* Fix CVE vulnerabilities in mysql base Docker image by @roger2hk in https://github.com/google/trillian/pull/3037
+* Fix db_server Docker image vulnerabilities by @roger2hk in https://github.com/google/trillian/pull/3049
+* Add missing docker and npm Dependabot configs by @roger2hk in https://github.com/google/trillian/pull/3062
+* Add govulncheck GitHub action by @roger2hk in https://github.com/google/trillian/pull/3089
+* Pin Dockerfile base images by hash by @roger2hk in https://github.com/google/trillian/pull/3090
+* Pin golang/govulncheck-action by hash by @roger2hk in https://github.com/google/trillian/pull/3091
+* Pin Dockerfile base images by hash by @roger2hk in https://github.com/google/trillian/pull/3093
+* Add top level read-only permission in govulncheck.yml by @roger2hk in https://github.com/google/trillian/pull/3092
+
+### Dependency updates
+
+* Bump go.etcd.io/etcd/etcdctl/v3 from 3.5.8 to 3.5.9 by @dependabot in https://github.com/google/trillian/pull/3003
+* Bump google.golang.org/api from 0.121.0 to 0.122.0 by @dependabot in https://github.com/google/trillian/pull/3006
+* Bump golang.org/x/tools from 0.8.0 to 0.9.1 by @dependabot in https://github.com/google/trillian/pull/3005
+* Bump github.com/apache/beam/sdks/v2 from 2.47.0-RC3 to 2.47.0 by @dependabot in https://github.com/google/trillian/pull/3000
+* Bump golang.org/x/crypto from 0.8.0 to 0.9.0 by @dependabot in https://github.com/google/trillian/pull/3007
+* Bump go.etcd.io/etcd/v3 from 3.5.8 to 3.5.9 by @dependabot in https://github.com/google/trillian/pull/3004
+* Bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in https://github.com/google/trillian/pull/3008
+* Bump google.golang.org/api from 0.122.0 to 0.123.0 by @dependabot in https://github.com/google/trillian/pull/3010
+* Bump github/codeql-action from 2.3.3 to 2.3.5 by @dependabot in https://github.com/google/trillian/pull/3013
+* Bump github/codeql-action from 2.3.5 to 2.3.6 by @dependabot in https://github.com/google/trillian/pull/3020
+* Bump golang.org/x/tools from 0.9.1 to 0.9.3 by @dependabot in https://github.com/google/trillian/pull/3016
+* Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.3 to 2.3.4 by @dependabot in https://github.com/google/trillian/pull/3017
+* Bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @dependabot in https://github.com/google/trillian/pull/3021
+* Bump golang.org/x/sys from 0.8.0 to 0.9.0 by @dependabot in https://github.com/google/trillian/pull/3025
+* Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @dependabot in https://github.com/google/trillian/pull/3027
+* Bump github/codeql-action from 2.3.6 to 2.13.4 by @dependabot in https://github.com/google/trillian/pull/3026
+* Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in https://github.com/google/trillian/pull/3028
+* Bump golang.org/x/tools from 0.9.3 to 0.10.0 by @dependabot in https://github.com/google/trillian/pull/3029
+* Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.4 to 2.3.5 by @dependabot in https://github.com/google/trillian/pull/3035
+* Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in https://github.com/google/trillian/pull/3030
+* Update mysql Dockerfile base image from ubuntu:trusty to ubuntu:jammy by @roger2hk in https://github.com/google/trillian/pull/3036
+* Bump golang.org/x/tools from 0.10.0 to 0.11.0 by @dependabot in https://github.com/google/trillian/pull/3044
+* Bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in https://github.com/google/trillian/pull/3039
+* Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 by @dependabot in https://github.com/google/trillian/pull/3041
+* Bump golang.org/x/tools from 0.11.0 to 0.12.0 by @dependabot in https://github.com/google/trillian/pull/3055
+* Bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in https://github.com/google/trillian/pull/3059
+* Bump google-auth-library from 8.7.0 to 9.0.0 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3069
+* Bump golang from 1.19-buster to 1.20-buster in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3064
+* Bump alpine from 3.8 to 3.18 in /examples/deployment/docker/envsubst by @dependabot in https://github.com/google/trillian/pull/3067
+* Bump golang from 1.19-buster to 1.20-buster in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3065
+* Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot in https://github.com/google/trillian/pull/3063
+* Bump golang from 1.19-buster to 1.20-buster in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3066
+* Bump golang from 1.19-buster to 1.20-buster in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3071
+* Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in https://github.com/google/trillian/pull/3076
+* Bump go from 1.19 to 1.20 by @mhutchinson in https://github.com/google/trillian/pull/3080
+* Bump golang.org/x/sys from 0.11.0 to 0.12.0 by @dependabot in https://github.com/google/trillian/pull/3081
+* Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in https://github.com/google/trillian/pull/3082
+* Bump golang.org/x/crypto from 0.12.0 to 0.13.0 by @dependabot in https://github.com/google/trillian/pull/3084
+* Bump golang.org/x/tools from 0.12.0 to 0.13.0 by @dependabot in https://github.com/google/trillian/pull/3086
+* Bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in https://github.com/google/trillian/pull/3085
+* Bump Go version in Docker base images to 1.20.8-bookworm by @roger2hk in https://github.com/google/trillian/pull/3094
+* Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3100
+* Bump gcr.io/kaniko-project/executor from 1.6.0 to 1.15.0 by @roger2hk in https://github.com/google/trillian/pull/3095
+* Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3098
+* Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3097
+* Bump golang from 1.20.8-bookworm to 1.21.1-bookworm in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3099
+* Bump golang from `d3114db` to `a0b3bc4` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3104
+* Bump golang from `d3114db` to `a0b3bc4` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3105
+* Bump golang from `d3114db` to `a0b3bc4` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3106
+* Bump golang from `d3114db` to `a0b3bc4` in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3107
+* Bump golang from `e06b3a4` to `114b9cc` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3108
+* Bump trillian-opensource-ci/mysql5 from `51cc6df` to `edf7def` in /examples/deployment/docker/db_server by @dependabot in https://github.com/google/trillian/pull/3110
+* Bump golang from `a0b3bc4` to `114b9cc` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3109
+* Bump golang from `a0b3bc4` to `114b9cc` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3111
+* Bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in https://github.com/google/trillian/pull/3117
+* Bump golang from `114b9cc` to `9c7ea4a` in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3116
+* Bump golang from `114b9cc` to `9c7ea4a` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3114
+* Bump golang from `114b9cc` to `9c7ea4a` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3115
+* Bump nick-fields/retry from 2.8.3 to 2.9.0 by @dependabot in https://github.com/google/trillian/pull/3119
+* Bump trillian-opensource-ci/mysql5 from `edf7def` to `f45c849` in /examples/deployment/docker/db_server by @dependabot in https://github.com/google/trillian/pull/3120
+* Bump golang from `9c7ea4a` to `61f84bc` in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3121
+* Bump golang from `9c7ea4a` to `61f84bc` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3124
+* Bump golang from `9c7ea4a` to `61f84bc` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3122
+* Bump alpine from `7144f7b` to `eece025` in /examples/deployment/docker/envsubst by @dependabot in https://github.com/google/trillian/pull/3125
+* Bump golang from `9c7ea4a` to `61f84bc` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3123
+* Bump ubuntu from `aabed32` to `9b8dec3` in /examples/deployment/kubernetes/mysql/image by @dependabot in https://github.com/google/trillian/pull/3127
+* Bump distroless/base-debian12 from `d64f548` to `cc22d6d` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3128
+* Bump distroless/base-debian12 from `d64f548` to `cc22d6d` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3129
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3134
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3135
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3136
+* Bump golang from `0bd76fd` to `a44d05d` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3137
+* Bump ossf/scorecard-action from 2.2.0 to 2.3.0 by @dependabot in https://github.com/google/trillian/pull/3139
+* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3138
+* Bump distroless/base-debian12 from `cc22d6d` to `5be49de` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3141
+* Bump distroless/base-debian12 from `cc22d6d` to `5be49de` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3142
+* Bump trillian-opensource-ci/mysql5 from `f45c849` to `99d6043` in /examples/deployment/docker/db_server by @dependabot in https://github.com/google/trillian/pull/3143
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3147
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3145
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3148
+* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3144
+* Bump go-version-input from 1.20.8 to 1.20.10 in govulncheck by @roger2hk in https://github.com/google/trillian/pull/3151
+* Bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in https://github.com/google/trillian/pull/3150
+* Bump @slack/webhook from 5.0.4 to 7.0.0 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3130
+* Bump google-auth-library from 9.0.0 to 9.1.0 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3126
+* Bump golang from `efde471` to `5cc7ddc` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3156
+* Bump golang from `efde471` to `5cc7ddc` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3155
+* Bump golang from `efde471` to `20f9ab5` in /examples/deployment/docker/db_client by @dependabot in https://github.com/google/trillian/pull/3152
+* Bump golang from `efde471` to `20f9ab5` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3154
+* Bump golang from `5cc7ddc` to `20f9ab5` in /integration/cloudbuild/testbase by @dependabot in https://github.com/google/trillian/pull/3158
+* Bump ubuntu from `9b8dec3` to `2b7412e` in /examples/deployment/kubernetes/mysql/image by @dependabot in https://github.com/google/trillian/pull/3157
+* Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in https://github.com/google/trillian/pull/3160
+* Bump ossf/scorecard-action from 2.3.0 to 2.3.1 by @dependabot in https://github.com/google/trillian/pull/3164
+* Bump google.golang.org/grpc to 1.59.0 fixing CVE-2023-44487 (https://github.com/advisories/GHSA-qppj-fm5r-hxr3) by @cpanato in https://github.com/google/trillian/pull/3166
+* Bump distroless/base-debian12 from `5be49de` to `1dfdb5e` in /examples/deployment/docker/log_server by @dependabot in https://github.com/google/trillian/pull/3167
+* Bump google-auth-library from 9.1.0 to 9.2.0 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3168
+* Bump distroless/base-debian12 from `5be49de` to `1dfdb5e` in /examples/deployment/docker/log_signer by @dependabot in https://github.com/google/trillian/pull/3169
+* Bump trillian-opensource-ci/mysql5 from `99d6043` to `c079e4e` in /examples/deployment/docker/db_server by @dependabot in https://github.com/google/trillian/pull/3161
+* Bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible by @dependabot in https://github.com/google/trillian/pull/3170
+* Bump trillian-opensource-ci/mysql5 from `c079e4e` to `3f355be` in /examples/deployment/docker/db_server by @dependabot in https://github.com/google/trillian/pull/3171
+* Bump @slack/webhook from 7.0.0 to 7.0.1 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3172
+* Bump @google-cloud/functions-framework from 1.3.2 to 3.3.0 in /scripts/gcb2slack by @dependabot in https://github.com/google/trillian/pull/3072
+
+## v1.5.2
 
 * Recommended go version for development: 1.19
   * This is the version used by the cloudbuild presubmits. Using a
