Skip to content

🚚 Release#534

Merged
MicahParks merged 60 commits into
releasefrom
develop
May 22, 2026
Merged

🚚 Release#534
MicahParks merged 60 commits into
releasefrom
develop

Conversation

@MicahParks

@MicahParks MicahParks commented May 22, 2026

Copy link
Copy Markdown
Contributor

This release contains a number of performance improvements and the Diode system has some breaking changes. It will require diode-netbox-plugin version 1.12.0

mfiedorowicz and others added 30 commits January 19, 2026 10:41
…463)

Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
Co-authored-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
Each service config has it's own pprof listener directive defaulting to localhost.
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
…in /diode-server in the go_modules group across 1 directory (#494)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
MicahParks and others added 4 commits May 13, 2026 13:23
…mark (#522)

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…pled ingestion processing (#526)

Co-authored-by: Micah Parks <66095735+MicahParks@users.noreply.github.com>
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
7 out of 8 committers have signed the CLA.

✅ manrodrigues
✅ mfiedorowicz
✅ paulstuart
✅ jajeffries
✅ MicahParks
✅ leoparente
✅ marc-barry
❌ dependabot[bot]
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions

Copy link
Copy Markdown

Vulnerability Scan: Passed — diode-ingester

Image: diode-ingester:scan

No vulnerabilities found.

Commit: a616a58

@github-actions

Copy link
Copy Markdown

Vulnerability Scan: Passed — diode-reconciler

Image: diode-reconciler:scan

No vulnerabilities found.

Commit: a616a58

@github-actions

Copy link
Copy Markdown

Vulnerability Scan: Passed — diode-auth

Image: diode-auth:scan

Source Library CVE Severity Installed Fixed Title
usr/bin/hydra github.com/docker/docker CVE-2026-34040 🟠 HIGH v28.3.3+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability
usr/bin/hydra github.com/docker/docker CVE-2026-33997 🟡 MEDIUM v28.3.3+incompatible 29.3.1 moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plu
usr/bin/hydra github.com/go-jose/go-jose/v3 CVE-2026-34986 🟠 HIGH v3.0.4 3.0.5 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of
usr/bin/hydra github.com/jackc/pgx/v5 CVE-2026-33816 🔴 CRITICAL v5.7.5 5.9.0 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability
usr/bin/hydra github.com/jackc/pgx/v5 CVE-2026-41889 ⚪ LOW v5.7.5 5.9.2 github.com/jackc/pgx: golang: pgx: SQL injection via specific SQL query conditio
usr/bin/hydra go.opentelemetry.io/otel CVE-2026-29181 🟠 HIGH v1.40.0 1.41.0 OpenTelemetry-Go: multi-value baggage header extraction causes excessive alloc
usr/bin/hydra go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp CVE-2026-39882 🟡 MEDIUM v1.37.0 1.43.0 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...
usr/bin/hydra go.opentelemetry.io/otel/sdk CVE-2026-39883 🟠 HIGH v1.40.0 1.43.0 opentelemetry-go: BSD kenv command not using absolute path enables PATH hijackin
usr/bin/hydra stdlib CVE-2026-25679 🟠 HIGH v1.26.0 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url
usr/bin/hydra stdlib CVE-2026-27137 🟠 HIGH v1.26.0 1.26.1 crypto/x509: Incorrect enforcement of email constraints in crypto/x509
usr/bin/hydra stdlib CVE-2026-32280 🟠 HIGH v1.26.0 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certific
usr/bin/hydra stdlib CVE-2026-32281 🟠 HIGH v1.26.0 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certifica
usr/bin/hydra stdlib CVE-2026-32283 🟠 HIGH v1.26.0 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key up
usr/bin/hydra stdlib CVE-2026-33810 🟠 HIGH v1.26.0 1.26.2 crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorr
usr/bin/hydra stdlib CVE-2026-33811 🟠 HIGH v1.26.0 1.25.10, 1.26.3 When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...
usr/bin/hydra stdlib CVE-2026-33814 🟠 HIGH v1.26.0 1.25.10, 1.26.3 When processing HTTP/2 SETTINGS frames, transport will enter an infini ...
usr/bin/hydra stdlib CVE-2026-39820 🟠 HIGH v1.26.0 1.25.10, 1.26.3 Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...
usr/bin/hydra stdlib CVE-2026-39836 🟠 HIGH v1.26.0 1.25.10, 1.26.3 Panic in Dial and LookupPort when handling NUL byte on Windows in net
usr/bin/hydra stdlib CVE-2026-42499 🟠 HIGH v1.26.0 1.25.10, 1.26.3 Pathological inputs could cause DoS through consumePhrase when parsing ...
usr/bin/hydra stdlib CVE-2026-27142 🟡 MEDIUM v1.26.0 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/te
usr/bin/hydra stdlib CVE-2026-32282 🟡 MEDIUM v1.26.0 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
usr/bin/hydra stdlib CVE-2026-32288 🟡 MEDIUM v1.26.0 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously
usr/bin/hydra stdlib CVE-2026-32289 🟡 MEDIUM v1.26.0 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper co
usr/bin/hydra stdlib CVE-2026-39823 🟡 MEDIUM v1.26.0 1.25.10, 1.26.3 CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...
usr/bin/hydra stdlib CVE-2026-39825 🟡 MEDIUM v1.26.0 1.25.10, 1.26.3 ReverseProxy can forward queries containing parameters not visible to ...
usr/bin/hydra stdlib CVE-2026-39826 🟡 MEDIUM v1.26.0 1.25.10, 1.26.3 If a trusted template author were to write a <script> tag containing a ...
usr/bin/hydra stdlib CVE-2026-27138 ⚪ LOW v1.26.0 1.26.1 crypto/x509: Panic in name constraint checking for malformed certificates in cry
usr/bin/hydra stdlib CVE-2026-27139 ⚪ LOW v1.26.0 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

Commit: a616a58

@github-actions

Copy link
Copy Markdown

Go test coverage

STATUS ELAPSED PACKAGE COVER PASS FAIL SKIP
🟢 PASS 1.47s github.com/netboxlabs/diode/diode-server/auth 44.7% 42 0 0
🟢 PASS 0.90s github.com/netboxlabs/diode/diode-server/auth/cli 0.0% 0 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/authutil 82.8% 5 0 0
🟢 PASS 0.14s github.com/netboxlabs/diode/diode-server/dbstore/postgres 0.0% 0 0 0
🟢 PASS 1.08s github.com/netboxlabs/diode/diode-server/entityhash 79.2% 13 0 0
🟢 PASS 1.12s github.com/netboxlabs/diode/diode-server/entitymatcher 82.8% 97 0 0
🟢 PASS 0.11s github.com/netboxlabs/diode/diode-server/errors 0.0% 0 0 0
🟢 PASS 1.19s github.com/netboxlabs/diode/diode-server/graph 52.0% 81 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/grpckeepalive 100.0% 1 0 0
🟢 PASS 1.53s github.com/netboxlabs/diode/diode-server/ingester 85.4% 66 0 0
🟢 PASS 1.13s github.com/netboxlabs/diode/diode-server/matching 94.1% 66 0 0
🟢 PASS 1.07s github.com/netboxlabs/diode/diode-server/migrator 70.4% 4 0 0
🟢 PASS 3.12s github.com/netboxlabs/diode/diode-server/netboxdiodeplugin 45.4% 23 0 0
🟢 PASS 0.16s github.com/netboxlabs/diode/diode-server/pprof 0.0% 0 0 0
🟢 PASS 5.09s github.com/netboxlabs/diode/diode-server/reconciler 62.0% 92 0 0
🟢 PASS 0.11s github.com/netboxlabs/diode/diode-server/reconciler/changeset 0.0% 0 0 0
🟢 PASS 1.07s github.com/netboxlabs/diode/diode-server/reconciler/differ 49.3% 23 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/server 85.7% 14 0 0
🟢 PASS 1.01s github.com/netboxlabs/diode/diode-server/strcase 100.0% 24 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/telemetry 28.0% 26 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/telemetry/otel 90.2% 25 0 0
🟢 PASS 0.09s github.com/netboxlabs/diode/diode-server/tls 0.0% 0 0 0
🟢 PASS 1.01s github.com/netboxlabs/diode/diode-server/version 100.0% 2 0 0

Total coverage: 52.6%

@MicahParks MicahParks merged commit b87f1da into release May 22, 2026
28 of 29 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

9 participants