From e201e33a3d875dc3da8bdffcbaf05f364513d989 Mon Sep 17 00:00:00 2001 From: github-action-benchmark Date: Thu, 21 Mar 2024 15:27:47 +0000 Subject: [PATCH] add Benchmark for splunk (go) benchmark result for 2de4d68856005881922b0c450bc067c87d2552bd --- dev/bench/splunk/ubuntu/data.js | 50 ++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/dev/bench/splunk/ubuntu/data.js b/dev/bench/splunk/ubuntu/data.js index e36199e..90bff44 100644 --- a/dev/bench/splunk/ubuntu/data.js +++ b/dev/bench/splunk/ubuntu/data.js @@ -1,5 +1,5 @@ window.BENCHMARK_DATA = { - "lastUpdate": 1711034431600, + "lastUpdate": 1711034867976, "repoUrl": "https://github.com/aws/shim-loggers-for-containerd", "entries": { "Benchmark for splunk": [ @@ -218,6 +218,54 @@ window.BENCHMARK_DATA = { "extra": "1 times\n4 procs" } ] + }, + { + "commit": { + "author": { + "email": "49699333+dependabot[bot]@users.noreply.github.com", + "name": "dependabot[bot]", + "username": "dependabot[bot]" + }, + "committer": { + "email": "noreply@github.com", + "name": "GitHub", + "username": "web-flow" + }, + "distinct": true, + "id": "2de4d68856005881922b0c450bc067c87d2552bd", + "message": "chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 (#88)\n\nBumps\r\n[github.com/opencontainers/runc](https://github.com/opencontainers/runc)\r\nfrom 1.1.5 to 1.1.12.\r\n
\r\nRelease notes\r\n

Sourced from github.com/opencontainers/runc's\r\nreleases.

\r\n
\r\n

runc 1.1.12 -- "Now you're thinking with Portals™!"

\r\n

This is the twelfth patch release in the 1.1.z release branch of\r\nrunc.\r\nIt fixes a high-severity container breakout vulnerability involving\r\nleaked file descriptors, and users are strongly encouraged to update as\r\nsoon as possible.

\r\n
    \r\n
  • \r\n

    Fix CVE-2024-21626,\r\na container breakout attack that took advantage of\r\na file descriptor that was leaked internally within runc (but never\r\nleaked to the container process).

    \r\n

    In addition to fixing the leak, several strict hardening measures\r\nwere\r\nadded to ensure that future internal leaks could not be used to break\r\nout in this manner again.

    \r\n

    Based on our research, while no other container runtime had a similar\r\nleak, none had any of the hardening steps we've introduced (and some\r\nruntimes would not check for any file descriptors that a calling\r\nprocess may have leaked to them, allowing for container breakouts due\r\nto basic user error).

    \r\n
  • \r\n
\r\n

Static Linking Notices

\r\n

The runc binary distributed with this release are\r\nstatically linked with\r\nthe following GNU\r\nLGPL-2.1 licensed libraries, with runc acting\r\nas a "work that uses the Library":

\r\n\r\n

The versions of these libraries were not modified from their upstream\r\nversions,\r\nbut in order to comply with the LGPL-2.1 (§6(a)), we have attached the\r\ncomplete source code for those libraries which (when combined with the\r\nattached\r\nrunc source code) may be used to exercise your rights under the\r\nLGPL-2.1.

\r\n

However we strongly suggest that you make use of your distribution's\r\npackages\r\nor download them from the authoritative upstream sources, especially\r\nsince\r\nthese libraries are related to the security of your containers.

\r\n\r\n

Thanks to all of the contributors who made this release possible:

\r\n
    \r\n
  • Aleksa Sarai cyphar@cyphar.com
  • \r\n
  • hang.jiang hang.jiang@daocloud.io
  • \r\n
  • lfbzhm lifubang@acmcoder.com
  • \r\n
\r\n

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nChangelog\r\n

Sourced from github.com/opencontainers/runc's\r\nchangelog.

\r\n
\r\n

[1.1.12] - 2024-01-31

\r\n
\r\n

Now you're thinking with Portals™!

\r\n
\r\n

Security

\r\n
    \r\n
  • Fix CVE-2024-21626,\r\na container breakout attack that took\r\nadvantage of a file descriptor that was leaked internally within runc\r\n(but\r\nnever leaked to the container process). In addition to fixing the leak,\r\nseveral strict hardening measures were added to ensure that future\r\ninternal\r\nleaks could not be used to break out in this manner again. Based on our\r\nresearch, while no other container runtime had a similar leak, none had\r\nany\r\nof the hardening steps we've introduced (and some runtimes would not\r\ncheck\r\nfor any file descriptors that a calling process may have leaked to them,\r\nallowing for container breakouts due to basic user error).
  • \r\n
\r\n

[1.1.11] - 2024-01-01

\r\n
\r\n

Happy New Year!

\r\n
\r\n

Fixed

\r\n
    \r\n
  • Fix several issues with userns path handling. (#4122,\r\n#4124,\r\n#4134,\r\n#4144)
  • \r\n
\r\n

Changed

\r\n
    \r\n
  • Support memory.peak and memory.swap.peak in cgroups v2.\r\nAdd swapOnlyUsage in MemoryStats. This field\r\nreports swap-only usage.\r\nFor cgroupv1, Usage and Failcnt are set by\r\nsubtracting memory usage\r\nfrom memory+swap usage. For cgroupv2, Usage,\r\nLimit, and MaxUsage\r\nare set. (#4000,\r\n#4010,\r\n#4131)
  • \r\n
  • build(deps): bump github.com/cyphar/filepath-securejoin. (#4140)
  • \r\n
\r\n

[1.1.10] - 2023-10-31

\r\n
\r\n

Śruba, przykręcona we śnie, nie zmieni sytuacji, jaka panuje na\r\njawie.

\r\n
\r\n

Added

\r\n
    \r\n
  • Support for hugetlb.<pagesize>.rsvd limiting and\r\naccounting. Fixes the\r\nissue of postres failing when hugepage limits are set. (#3859,\r\n#4077)
  • \r\n
\r\n

Fixed

\r\n
    \r\n
  • Fixed permissions of a newly created directories to not depend on\r\nthe value\r\nof umask in tmpcopyup feature implementation. (#3991,\r\n#4060)
  • \r\n
  • libcontainer: cgroup v1 GetStats now ignores missing\r\nkmem.limit_in_bytes\r\n(fixes the compatibility with Linux kernel 6.1+). (#4028)
  • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/opencontainers/runc&package-manager=go_modules&previous-version=1.1.5&new-version=1.1.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/aws/shim-loggers-for-containerd/network/alerts).\r\n\r\n
\r\n\r\n> **Note**\r\n> Automatic rebases have been disabled on this pull request as it has\r\nbeen open for over 30 days.\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>", + "timestamp": "2024-03-21T08:24:42-07:00", + "tree_id": "07495f9e35ce152564782912196d7381f22c6472", + "url": "https://github.com/aws/shim-loggers-for-containerd/commit/2de4d68856005881922b0c450bc067c87d2552bd" + }, + "date": 1711034867472, + "tool": "go", + "benches": [ + { + "name": "BenchmarkSplunk", + "value": 7914640257, + "unit": "ns/op\t42057152 B/op\t 65609 allocs/op", + "extra": "1 times\n4 procs" + }, + { + "name": "BenchmarkSplunk - ns/op", + "value": 7914640257, + "unit": "ns/op", + "extra": "1 times\n4 procs" + }, + { + "name": "BenchmarkSplunk - B/op", + "value": 42057152, + "unit": "B/op", + "extra": "1 times\n4 procs" + }, + { + "name": "BenchmarkSplunk - allocs/op", + "value": 65609, + "unit": "allocs/op", + "extra": "1 times\n4 procs" + } + ] } ] }