During a round of testing, the team behind automation tool Puppet found that upcoming protocol changes at GitHub might affect a large number of Code Manager and r10k users. Teams that haven’t created RSA 256 keys, as recommended by Puppet, should get active before March 15, at which point the changes at GitHub will become effective. Some guidance as to what to do exactly can be found on the Puppet blog.
Operator Framework tests against good practices
The Operator Framework for building Kubernetes applications has been updated to version 1.16, bringing help to those who just want Kustomize to keep going when encountering missing resources during Go-project makes, and the option to add default resource limits for Ansible-based creations. The most interesting addition on first glance however is an optional validator that lets you know if your bundle complies with the good practices defined by the framework. Details are available in the changelog.
CircleCI goes against the current by cranking up free offer
While other CI providers have cut down their free offers to prevent misuse, CircleCI is running in the opposite direction by adding to its free tier. Thanks to the change, users can now profit from up to 6,000 build minutes per month, larger resource classes, increased concurrency limits, and Docker layer caching amongst other things.
Asked about its technique to keep abuse at bay, the company told DevClass it has instated a special team as well as measures to detect and stop mining activities automatically. Constant updates to monitoring are hoped to help as well.
Achtung, critical! GitLab security releases are here again
It’s that time of the month where GitLab pushes out security fixes, urging users to update their installations in order to keep their setups safe. Versions 14.6.2, 14.5.3, and 14.4.5 are now available — and with one critical and two high severity fixes in tow, they should be at least worth a look.
Once upgraded, systems should no longer be susceptible to arbitrary file reads via the group import feature, XSS exploits using the generation of emoji-related HTML code, and a CSRF attack allowing malicious actors to have GitHub projects imported on another GitLab user account.
Rust game engine introduces new renderer
Rust developers looking for a game engine for their private projects could do worse than giving Bevy a try. The project was recently pushed out in version 0.6 (so nothing for production use just yet) which saw it gaining a faster and easier to use renderer, better shaders, and native support for WebGL2. Game devs will also be pleased to see new custom materials, directional and point light shadows, and some under the hood changes landing, the latter of which should leave Bevy more performant.
LitmusChaos moves into CNCF incubator
Chaos engineering platform LitmusChaos has left the CNCF sandbox behind and is now part of the Cloud Native Computing Foundation’s incubator. Since its introduction into the CNCF in 2020, LitmusChaos seems to have been able to grow its maintainer team and user base, which includes companies like Orange, Red Hat, and VMware. Looking forward, the project plans to amp up collaborations with other projects, improve observability and increase experiments for Kubernetes and other targets.