v0.42.3

What's Changed

• chore: remove circular dependency with Assets class by @samayer12 in #1635
• chore: remove matchExpression peprdev key in webhook by @cmwylie19 in #1639

Full Changelog: v0.42.2...v0.42.3

v0.42.2

What's Changed

• chore: roadmap 2025 by @cmwylie19 in #1544
• refactor: resolve eslint warnings (max-depth, complexity) - src/lib/mutate-processor.ts by @btlghrants in #1543
• chore: add typing to untyped functions by @samayer12 in #1572
• chore: return types on module, included-files, and helpers to standardize our typing by @cmwylie19 in #1574
• chore: reduce complexity of helpers.ts by @samayer12 in #1575
• chore: complexity shouldSkipRequest by @cmwylie19 in #1578
• chore: move processors to common directory by @samayer12 in #1576
• chore: return types for files based on issue by @cmwylie19 in #1579
• chore: return types on kfc, root, update, uud, loader by @cmwylie19 in #1580
• refactor: resolve eslint warnings (max-depth, complexity) - src/cli/deploy.ts by @btlghrants in #1577
• chore: warn devs when their feature branches may be too large by @samayer12 in #1571
• chore: reduce complexity in webhooks.ts by @samayer12 in #1587
• chore: increase coverage on util functions to ensure work is thoroughly tested by @cmwylie19 in #1591
• refactor: resolve eslint warnings (complexity) - src/lib/filter/filterNoMatchReason.ts by @btlghrants in #1585
• chore: return types for logger,tls,validate-request by @cmwylie19 in #1588
• chore: organize core pepr files into lib/core/ by @samayer12 in #1594
• chore: return types by @cmwylie19 in #1595
• chore: group logically-related test cases in shared describe blocks by @samayer12 in #1599
• chore: statements in format by @cmwylie19 in #1598
• chore: update typescript dep + peerDeps by @btlghrants in #1607
• chore: pull-back & prep for update of TS (after next pepr release) by @btlghrants in #1611
• chore: add typing to templates.ts by @samayer12 in #1602
• chore: carriedNamespace/carriesIgnoredNamespace account for Namespace object by @cmwylie19 in #1619
• chore: make load tests more resilient to slow metrics-server startup in GH CI by @btlghrants in #1634
• chore: bump trufflesecurity/trufflehog from 3.87.1 to 3.88.0 by @dependabot in #1612
• chore: bump github/codeql-action from 3.27.9 to 3.28.0 by @dependabot in #1613
• chore: bump pino from 9.5.0 to 9.6.0 in the production-dependencies group by @dependabot in #1614
• chore: bump @types/node from 22.10.2 to 22.10.3 in the development-dependencies group by @dependabot in #1615
• chore: bump @types/node from 22.10.3 to 22.10.4 in the development-dependencies group by @dependabot in #1616
• chore: bump @types/node from 22.10.4 to 22.10.5 in the development-dependencies group by @dependabot in #1620
• chore: bump trufflesecurity/trufflehog from 3.88.0 to 3.88.1 by @dependabot in #1636

Full Changelog: v0.42.1...v0.42.2

v0.42.1

Note 🧾

We realized that when doing a setItemAndWait() or removeItemAndWait() with patch values that were the same as the values already in the Pepr store, an error could occur. This release addresses that error and enhances store code.

What's Changed ♻️

• chore: return types on src/lib/assets/index.ts src/lib/controller/index.ts src/lib/mutate-request.ts by @cmwylie19 in #1515
• chore: returns on utils,queue,cosign by @cmwylie19 in #1528
• chore(testing): verify pepr can be deployed with zarf by @samayer12 in #1531
• refactor: resolve eslint warnings (max-depth, complexity) - src/lib/validate-processor.ts by @btlghrants in #1529
• chore(ci): use standard check for helm & zarf installs by @samayer12 in #1541
• chore: complexity of monitor by @cmwylie19 in #1542
• chore: return types on store and capability by @cmwylie19 in #1555
• chore: add return types to untyped functions by @samayer12 in #1560
• chore: complexity in build by @cmwylie19 in #1557
• chore: add return types to watch-processor.ts by @samayer12 in #1562
• chore: different periods between send and receive by @cmwylie19 in #1563
• chore: bump github/codeql-action from 3.27.6 to 3.27.7 by @dependabot in #1558
• chore: bump trufflesecurity/trufflehog from 3.85.0 to 3.86.0 by @dependabot in #1559
• chore: bump @types/node from 22.10.1 to 22.10.2 in the development-dependencies group by @dependabot in #1565
• chore: bump trufflesecurity/trufflehog from 3.86.0 to 3.86.1 by @dependabot in #1564

Full Changelog: v0.42.0...v0.42.1

v0.42.0

Note 🧾

This sprint, the Pepr team focused on enhancing our typing system to improve consistency and address edge cases where types were less robust. We also made significant improvements to our network posture through the KFC, which may impact end users who are strongly typing fetch configurations. These changes extend to all interactions with the Kubernetes API server through CRUD operations that Pepr uses to communicate with the kube-apiserver. While this release has been thoroughly tested and soak, we recommend proceeding with caution, as progress sometimes introduces unforeseen challenges. Check the slack announcement to see metrics related to this release.

oversight, accidentally released 0.42.0 and skipped 0.41.0 - next releases will be pair programmed to avoid this.

Breaking Changes ⚠️

Pepr's fetch is powered by Undici. If you are using a specific RequestInit options on the fetch, you need to migrate to Undici's RequestInit (It is very similar). This probably won't affect you if you are not strongly typing your RequestInit example in journey/pepr-dev.ts.

Here is an example:

let { fetch } = require("pepr");
const { Agent } = require("undici");

const postOpts = {
  method: "POST",
  body: JSON.stringify({
    query: "query { joke {id joke permalink } }",
  }),
  headers: {
    "Content-Type": "application/json; charset=UTF-8",
  },
  dispatcher: new Agent({
    connect: {
      rejectUnauthorized: false,
    },
  }),
};
(async () => {
  let { data, ok } = await fetch(
    "https://icanhazdadjoke.com/graphql",
    postOpts,
  );
  if (ok) {
    console.log(data.data.joke.joke);
  } else {
    console.log("Failed to fetch joke");
  }
})();

This strengthens Pepr's ability to communicate with the Kubernetes Control Plane and reduces transmit bandwidth.

Feat ⛰️

• feat: set prometheus cont type for Prometheus 3.0 by @btlghrants in #1501

What's Changed ♻️

• chore: use consistent enum property names between related enums by @samayer12 in #1451
• chore: adr for undici and status corrections by @cmwylie19 in #1461
• chore: merge queues by @cmwylie19 in #1469
• test: overlay requests/second onto load test graph by @btlghrants in #1470
• chore: fix merge group by @cmwylie19 in #1471
• chore: extract deployment check functions to new file for ease of maintenance by @samayer12 in #1472
• test: make load test err msg explicit by @btlghrants in #1478
• chore: move filesystem operations to new file by @samayer12 in #1482
• chore: 24 roadmap update by @cmwylie19 in #1479
• chore: update contributor docs by @soltysh in #1491
• refactor: resolve eslint warnings (max-statements, complexity) - src/lib/controller/index.ts by @btlghrants in #1486
• chore: types in metrics by @cmwylie19 in #1492
• chore: fix all actions links by @soltysh in #1499
• chore: updates for undici fetch by @cmwylie19 in #1496
• chore: storage return types by @cmwylie19 in #1507
• chore: update subscribers every second by @cmwylie19 in #1502
• chore: return types on schedule by @cmwylie19 in #1505
• refactor: resolve eslint warnings (max-statements, complexity) - src/lib/assets/index.ts by @btlghrants in #1497
• chore(ts): add typing to adjudicators used in validation and mutation processing by @samayer12 in #1402
• chore: return types on sdk by @cmwylie19 in #1512
• chore: store adjudicator code in adjudicators/ by @samayer12 in #1517
• chore: reduce verbosity of logs by eliminating for metric and health by @cmwylie19 in #1519
• test: validate pepr build generates a helm install-able chart by @btlghrants in #1520
• chore: move lib/ code related to data collection to lib/telemetry by @samayer12 in #1522
• chore: bump codecov/codecov-action from 5.0.7 to 5.1.1 by @dependabot in #1523
• chore: bump trufflesecurity/trufflehog from 3.84.2 to 3.85.0 by @dependabot in #1524
• chore: bump express from 4.21.1 to 4.21.2 in the production-dependencies group by @dependabot in #1525
• chore: bump actions/dependency-review-action from 4.4.0 to 4.5.0 by @dependabot in #1464
• chore: bump github/codeql-action from 3.27.4 to 3.27.5 by @dependabot in #1463
• chore: bump codecov/codecov-action from 5.0.3 to 5.0.6 by @dependabot in #1462
• chore: bump anchore/scan-action from 5.2.1 to 5.3.0 by @dependabot in #1476
• chore: bump anchore/sbom-action from 0.17.7 to 0.17.8 by @dependabot in #1475
• chore: bump codecov/codecov-action from 5.0.6 to 5.0.7 by @dependabot in #1474
• chore: bump trufflesecurity/trufflehog from 3.83.7 to 3.84.0 by @dependabot in #1473
• chore: bump trufflesecurity/trufflehog from 3.84.0 to 3.84.1 by @dependabot in #1487
• chore: bump @types/node from 22.9.1 to 22.9.4 in the development-dependencies group by @dependabot in #1488
• chore: bump @types/node from 22.9.4 to 22.10.0 in the development-dependencies group by @dependabot in #1489
• chore: bump @types/node from 22.10.0 to 22.10.1 in the development-dependencies group by @dependabot in #1490
• chore: bump trufflesecurity/trufflehog from 3.84.1 to 3.84.2 by @dependabot in #1504
• chore: bump github/codeql-action from 3.27.5 to 3.27.6 by @dependabot in #1503
• chore: bump kubernetes-fluent-client from 3.3.6 to 3.3.7 in the production-dependencies group by @dependabot in #1508

Full Changelog: v0.40.1...v0.42.0

v0.40.1

A brand new high-severity CVE around cross-spawn hit during the release. This release mitigates the CVE.

What's Changed

• chore: bump kubernetes-fluent-client from 3.3.3 to 3.3.4 in the production-dependencies group by @dependabot in #1450

Full Changelog: v0.40.0...v0.40.1

v0.40.0

Features

Performance/Stress Testing 🤓
This release we introduce tooling that is allows us to send thousands of request/sec into Pepr's Reconcile action to add visibility into Pepr behavior under heavy load. We are able to control the amount of time that we are dumping in these objects for more stress style scenarios. More information will be coming out on how to run this test yourself at a future date. For now it runs nightly in CI.

> npx ts-node hack/load.cli.ts --help
Usage: load [options] [command]

Load test a Pepr controller and graph/report on resource usage.

Options:
  -V, --version                          output the version number
  -h, --help                             display help for command

Commands:
  prep <src>                             Create testable artifacts
  cluster                                test cluster controls
  deploy [options] <tgz> <img> <module>  deploy a Pepr module for testing
  run [options] <module> <manifest>      run a load test
  post [options]                         post-process load test log
  graph [options]                        generate a graph of load test results
  help [command]                         display help for command

Legacy Watch is removed ⚠️
After ongoing testing and consistently seeing major improvements in our Undici Watch, we have removed the legacy watch option to provide a better performance out of the box and to avoid maintaining two separate watches.

• feat: replace legacy fetch in WatchConfig and update docs #1423 by @btlghrants in #1427
• test: run load test nightly by @btlghrants in #1434

What's Changed

• chore(test): break up request adjudicator tests to separate file for readability by @samayer12 in #1408
• chore: new-filter and unit test covering cluster-scoped and group defined resources by @cmwylie19 in #1417
• test: pepr load test by @btlghrants in #1404
• chore: bump kubernetes-fluent-client from 3.3.1 to 3.3.3 in the production-dependencies group across 1 directory by @dependabot in #1430
• test: updated artifact retention by @btlghrants in #1435
• test: make load tests run on mac by @btlghrants in #1437
• chore: grype ignore by @cmwylie19 in #1436
• chore: add top-level CONTRIBUTING.md pointing appropriate place by @soltysh in #1442
• test: double load test load volume by @btlghrants in #1443
• test: more load by @btlghrants in #1445
• test: squash some extra test output by @btlghrants in #1446
• chore: test cleanup of unneeded folders by @cmwylie19 in #1449
• chore: bump github/codeql-action from 3.27.1 to 3.27.3 by @dependabot in #1421
• chore: bump github/codeql-action from 3.27.3 to 3.27.4 by @dependabot in #1425
• chore: bump codecov/codecov-action from 4.6.0 to 5.0.0 by @dependabot in #1424
• chore: bump husky from 9.1.6 to 9.1.7 in the development-dependencies group by @dependabot in #1438
• chore: bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in #1440
• chore: bump trufflesecurity/trufflehog from 3.83.6 to 3.83.7 by @dependabot in #1439
• chore: bump codecov/codecov-action from 5.0.0 to 5.0.2 by @dependabot in #1428
• chore: bump cross-spawn from 7.0.3 to 7.0.5 by @dependabot in #1429
• chore: bump codecov/codecov-action from 5.0.2 to 5.0.3 by @dependabot in #1448
• chore: bump the development-dependencies group with 3 updates by @dependabot in #1447

New Contributors

• @soltysh made their first contribution in #1442

Full Changelog: v0.39.1...v0.40.0

v0.39.1

What's Changed

• chore: cli-test pepr build custom image by @cmwylie19 in #1401
• chore: support typing for AdmissionRequest adjudicators by @samayer12 in #1406
• chore(test): break up Binding-KubernetesObject tests to separate file for readability by @samayer12 in #1409
• chore(test): break up large test file for readability by @samayer12 in #1407
• chore: bump pino-pretty from 12.1.0 to 13.0.0 in the production-dependencies group by @dependabot in #1413
• chore: bump jsonpath-plus from 10.0.0 to 10.1.0 by @dependabot in #1418
• chore: bump kubernetes-fluent-client from 3.3.0 to 3.3.1 in the production-dependencies group by @dependabot in #1420
• chore: bump pino-pretty from 11.3.0 to 12.0.0 in the production-dependencies group by @dependabot in #1403
• chore: bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot in #1412
• chore: bump trufflesecurity/trufflehog from 3.83.4 to 3.83.5 by @dependabot in #1411
• chore: bump pino-pretty from 12.0.0 to 12.1.0 in the production-dependencies group by @dependabot in #1410
• chore: bump trufflesecurity/trufflehog from 3.83.5 to 3.83.6 by @dependabot in #1415
• chore: bump nock from 13.5.5 to 13.5.6 in the development-dependencies group by @dependabot in #1414

Full Changelog: v0.39.0...v0.39.1

v0.39.0

Features

• feat: add ability to exit Finalize() callback WITHOUT removing the finalizer by @btlghrants in #1321
• feat: expose rbacMode from moduleConfig by @cmwylie19 in #1347
• feat: rbac overrides in package.json by @schaeferka in #1331

What's Changed

• chore: validate images from registry via Pepr (impl) by @btlghrants in #1262
• fix: eslint max depth warnings by @tamirazrab in #1255
• fix: eslint max depth warnings with passing E2E tests by @samayer12 in #1366
• revert: filter-chain refactor by @samayer12 in #1396
• chore: updates for undici watch by @cmwylie19 in #1384
• chore: increase soak duration by @samayer12 in #1399
• chore: make test crossplatform by @cmwylie19 in #1369
• chore: pinned deps in ci -all the rest by @cmwylie19 in #1377
• chore: squash HIGH vulnerability in container scan by @cmwylie19 in #1376
• chore: squash HIGH vulnerability by @cmwylie19 in #1374
• Revert "fix: eslint max depth warnings" by @samayer12 in #1365
• chore: disable cosign testing for now by @btlghrants in #1368
• chore: unit tests for finalizer with user alias by @schaeferka in #1342
• chore: refactor store code by @samayer12 in #1259
• fix: fix error in metrics.ts related to this.#cacheMissWindows.delete(firstKey) by @schaeferka in #1352
• chore: refactor complex implementation of request-processing filters by @samayer12 in #1333
• chore: fix circular dependency between lib.ts and sdk.ts by @schaeferka in #1348
• chore: fix circular dependency between types and mutate-request by @schaeferka in #1332

Dependabot

• chore: bump trufflesecurity/trufflehog from a63bf95412e732b7a187e8fd7cc2d19c4a2e4963 to e6d786a7d99f05f14327ba8e2ab75aa863b4df3b by @dependabot in #1378
• chore: bump trufflesecurity/trufflehog from e6d786a7d99f05f14327ba8e2ab75aa863b4df3b to 5ca4a17a4c7a242046966b84cf9d7a53364971bc by @dependabot in #1386
• chore: bump the development-dependencies group with 3 updates by @dependabot in #1385
• chore: bump @types/node from 22.8.7 to 22.9.0 in the development-dependencies group by @dependabot in #1394
• chore: bump anchore/scan-action from 5.2.0 to 5.2.1 by @dependabot in #1392
• chore: bump anchore/sbom-action from 0.17.6 to 0.17.7 by @dependabot in #1391
• chore: bump trufflesecurity/trufflehog from 5ca4a17a4c7a242046966b84cf9d7a53364971bc to 944d5dcdc2ba2aa70c2227d8e432d19eceda10be by @dependabot in #1390
• chore: bump kubernetes-fluent-client from 3.2.2 to 3.3.0 in the production-dependencies group by @dependabot in #1393
• chore: bump trufflesecurity/trufflehog from 944d5dcdc2ba2aa70c2227d8e432d19eceda10be to 9095845958d9cabdc354ddf372123b5399a5d334 by @dependabot in #1400
• chore: bump chainguard-dev/digestabot from 1.2.0 to 1.2.1 by @dependabot in #1335
• chore: bump @types/node from 22.7.9 to 22.8.1 in the development-dependencies group by @dependabot in #1338
• chore: bump actions/setup-node from 4.0.4 to 4.1.0 by @dependabot in #1334
• chore: bump kubernetes-fluent-client from 3.2.1 to 3.2.2 in the production-dependencies group by @dependabot in #1362
• chore: bump actions/dependency-review-action from 4.3.5 to 4.4.0 by @dependabot in #1346
• chore: bump anchore/scan-action from 5.1.0 to 5.2.0 by @dependabot in #1356
• chore: bump @types/node from 22.8.4 to 22.8.6 in the development-dependencies group by @dependabot in #1372
• chore: bump @types/node from 22.8.1 to 22.8.4 in the development-dependencies group across 1 directory by @dependabot in #1354

New Contributors

• @tamirazrab made their first contribution in #1255

Full Changelog: v0.38.3...v0.39.0

v0.38.3

What's Changed

• chore: fix for kfc build by @cmwylie19 in #1314
• chore(ci): increase concurrency limit for faster E2E tests by @samayer12 in #1305
• chore: bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in #1302
• chore: bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #1301
• chore: bump @types/node from 22.7.6 to 22.7.7 in the development-dependencies group by @dependabot in #1313
• chore: bump kubernetes-fluent-client from 3.1.3 to 3.2.0 in the production-dependencies group by @dependabot in #1312
• chore: bump anchore/scan-action from 5.0.1 to 5.1.0 by @dependabot in #1311
• chore: bump @types/node from 22.7.7 to 22.7.8 in the development-dependencies group by @dependabot in #1319
• chore: bump actions/dependency-review-action from 4.3.4 to 4.3.5 by @dependabot in #1318
• chore: bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in #1317
• chore: bump @types/node from 22.7.8 to 22.7.9 in the development-dependencies group by @dependabot in #1320
• chore: bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #1325
• chore: bump kubernetes-fluent-client from 3.2.0 to 3.2.1 in the production-dependencies group by @dependabot in #1330

Full Changelog: v0.38.2...v0.38.3

v0.38.2

What's Changed

• chore: soak interruptions for checkresync test by @cmwylie19 in #1299
• chore: bump kubernetes-fluent-client from 3.1.2 to 3.1.3 in the production-dependencies group by @dependabot in #1300

Full Changelog: v0.38.1...v0.38.2