Bump elasticsearch from 7.16.3 to 8.17.3 in /docker/elasticsearch #5964
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
|
@dependabot recreate |
Bumps elasticsearch from 7.16.3 to 8.17.3. --- updated-dependencies: - dependency-name: elasticsearch dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/docker/docker/elasticsearch/elasticsearch-8.17.3
branch
from
b4bd947 to
b22e37e
Compare
For v7.X this was disabled by default: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/security-settings.html#general-security-settings For v8.X this is enabled by default: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html
|
|
||
| ENV discovery.type=single-node | ||
|
|
||
| ENV ES_JAVA_OPTS='-Xms512m -Xmx512m' | ||
|
|
||
| ENV xpack.security.enabled=false |
There was a problem hiding this comment.
For v7.X this was disabled by default
For v8.X this is enabled by default
The elasticsearch receiver fails to connect to the docker image if this is enabled as it's not configured with authentication information, and there's no longer any default password for the elastic (default) user.
|
Upstream claims compatibility with 7.9+, but it's not tested. Updating this test for 8.X would be testing beyond the upstream component, which is currently unmaintained. I think the best path forward is likely update the upstream testing, and then match it with this test. |
|
@crobert-1 What is the upstream in this case? |
Good question, the Elasticsearch receiver in contrib |
pjanotti
added
the
upgrade-blocked
|
A newer version of elasticsearch exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
Bumps elasticsearch from 7.16.3 to 8.17.3.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)