Skip to content

[SECURITY] Update elasticsearch requirement from ~> 8.2.0 to ~> 8.17.2 #943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[SECURITY] Update elasticsearch requirement from ~> 8.2.0 to ~> 8.17.2 #943

wants to merge 3 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 7, 2025
edited
Loading

Updates the requirements on elasticsearch to permit the latest version.

Release notes

Sourced from elasticsearch's releases.

v8.17.2

API

New APIs:

  • esql.async_query_delete
  • indices.get_data_lifecycle_stats
  • inference.update
  • security.delegate_pki

Updates APIs:

  • async_search.submit - Adds keep_alive Time parameter.
  • indices.put_template - Adds cause String parameter.
  • xpack.info - Adds human parameter for human-readable information.
  • Timeout parameters updated:
    • :master_timeout (Time), explicit operation timeout for connection to master node.
    • :timeout (Time), explicit operation timeout.
      • Added to:
        • index_lifecycle_management.delete_lifecycle - adds both.
        • index_lifecycle_management.delete_lifecycle - adds master_timeout.
        • index_lifecycle_management.get_lifecycle - adds both.
        • index_lifecycle_management.put_lifecycle - adds both.
        • index_lifecycle_management.start - adds both.
        • index_lifecycle_management.stop - adds both.
        • ingest.delete_geoip_database - adds both.
        • ingest.delete_geoip_location_database - adds both.
        • ingest.put_geoip_database - adds both.
        • ingest.put_ip_location_database - adds both.
        • license.post_start_trial - removes timeout.
        • shutdown.delete_node - adds both.
        • shutdown.put_node - adds both.
        • snapshot_lifecycle_management.delete_lifecycle - adds both.
        • snapshot_lifecycle_management.execute_lifecycle - adds both.
        • snapshot_lifecycle_management.execute_retention - adds both.
        • snapshot_lifecycle_management.get_lifecycle - adds both.
        • snapshot_lifecycle_management.get_stats - adds both.
        • snapshot_lifecycle_management.get_status - adds both.
        • snapshot_lifecycle_management.put_lifecycle - adds both.

APIs promoted from Experimental to Stable:

  • inference.delete
  • inference.get
  • inference.inference
  • inference.put
  • inference.stream_inference

v8.17.1

  • Fixes ScrollHelper issue #2556 - There was a bug where an additional search (with scroll) request was made to Elasticsearch for each resulting hit. It was rewritten so that the docs are retrieved as needed and the Helper instance doesn't store documents internally, with big savings in memory and requests to Elasticsearch.

v8.17.0

... (truncated)

Changelog

Sourced from elasticsearch's changelog.

See the full release notes on the official documentation website: https://www.elastic.co/guide/en/elasticsearch/client/ruby-api/current/release_notes.html

8.17.0 Release notes

Client

  • Tested versions of Ruby for 8.17.0: Ruby (MRI) 3.1, 3.2 and 3.3. JRuby 9.3 and JRuby 9.4.

API

API changes

  • async_search.submit - Removes keep_alive parameter. Adds:
    • ccs_minimize_roundtrips (Boolean): When doing a cross-cluster search, setting it to true may improve overall search latency, particularly when searching clusters with a large number of shards. However, when set to true, the progress of searches on the remote clusters will not be received until the search finishes on all clusters.
    • rest_total_hits_as_int (Boolean): Indicates whether hits.total should be rendered as an integer or an object in the rest search response.
  • open_point_in_time - Adds allow_partial_search_results (Boolean) parameter: Specify whether to tolerate shards missing when creating the point-in-time, or otherwise throw an exception (default: false).

8.16.0 Release notes

Client

  • Tested versions of Ruby for 8.16.0: Ruby (MRI) 3.1, 3.2 and 3.3. JRuby 9.3 and JRuby 9.4.

API

API changes

  • capabilities - Adds local_only boolean parameter: True if only the node being called should be considered.
  • cluster.stats- Removes flat_settings parameter, adds include_remotes boolean parameter: Include remote cluster data into the response (default: false)
  • indices.get_data_stream - Adds verbose boolean parameter: Whether the maximum timestamp for each data stream should be calculated and returned (default: false). Adds master_timeout (see below).
  • query_rules.delete_ruleset - Accepts ignore: 404 common parameter.
Timeout parameters:

These parameters have been added to several APIs:

  • master_timeout timeout for processing on master node.
  • timeout timeout for acknowledgement of update from all nodes in cluster parameters.

Added in:

  • indices.create_data_stream - both.
  • indices.delete_data_stream - master_timeout.
  • indices.get_data_lifecycle - master_timeout.
  • indices.get_data_stream - master_timeout.
  • indices.migrate_to_data_stream - both.
  • indices.promote_data_stream - master_timeout.
  • search_shards - master_timeout.

APIs Promoted from Experimental to Stable:

  • indices.delete_data_lifecycle

... (truncated)

Commits
  • 934edbe Bumps version to 8.17.2 and updates CHANGELOG
  • ffcb5d5 [API] Adds security.delegate_pky endpoint
  • 048f332 [API] Adds inference.update endpoint
  • 0d4eb48 [API] Adds indices.get_data_lifecycle_stats endpoint
  • 80bb455 [API] Adds esql.async_query_delete endpoint
  • b0b8226 [API] Promotes inference APIs from Experimental to stable
  • f4c7680 [API] Adds cause parameter to indices.put_template
  • 3aab64f [Gem] Don't use Rubocop with JRuby
  • e1026a7 [CI] Updates STACK_VERSION
  • e5d0042 [API] Adds keep_alive parameter to async_search.submit
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
[SECURITY] Update elasticsearch requirement from ~> 8.2.0 to ~> 8.17.2
60b58e5 
Updates the requirements on [elasticsearch](https://github.com/elastic/elasticsearch-ruby) to permit the latest version.
- [Release notes](https://github.com/elastic/elasticsearch-ruby/releases)
- [Changelog](https://github.com/elastic/elasticsearch-ruby/blob/main/CHANGELOG.md)
- [Commits](elastic/elasticsearch-ruby@v8.2.2...v8.17.2)

---
updated-dependencies:
- dependency-name: elasticsearch
  dependency-version: 8.17.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code labels Apr 7, 2025
@dependabot dependabot bot mentioned this pull request Apr 7, 2025
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 21, 2025

A newer version of elasticsearch exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@andreibondarev andreibondarev

Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andreibondarev @sergiobayona