chore(deps): update dependency daytonaio/daytona to v0.52.0

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
daytonaio/daytona	minor	0.51.0 -> 0.52.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

daytonaio/daytona (daytonaio/daytona)

v0.52.0

Compare Source

Workspace Management Rework

TL;DR

• Targets now have state (e.g. Daytona is aware of the state of the EC2 instance used by the AWS provider)
• Workspaces can be created/deleted on running targets (e.g. No more need to create an EC2 instance for every workspace. Keep one running and add workspaces to it)
• Remote runners can offload jobs to remote machines
• Use workspace labels to group workspaces and filter them with daytona ls --label
• If you want to help us test this major update, jump straight into the How to test section below

Description

Projects have been renamed to Workspaces.
Workspaces have been renamed to Targets
Targets have been renamed to Target Configs.

Project configs have also been renamed to Templates; e.g. daytona template list

Workspaces have been "detached" from targets - they can now be created inside and deleted from targets removing the
need to provision a new target whenever creating a workspace.

Resource state management issues have been resolved - new resource states regarding starting/stopping/deleting workspaces or e.g. running builds are introduced.

Issues for a "remote provisioner" and "remote image builder" have been solved by introducing Runners - a standalone mode/component in charge of asynchronously fetching and running workspace/target/build creation and other processes.
This allows users to e.g. create a remote VM, install Daytona and connect it to the existing Daytona Server to create workspaces. Local provisioning/building is managed by the Local Runner which can be disabled through the Daytona
Server configuration.

Runners are responsible for managing providers and each one has its own set of providers. When creating target configs, users are prompted to choose a runner to link it to.

If you want to add a remote runners, run:

daytona server runner create

You will get a command that you can run to configure and start a remote runner.

Introduced Workspace Labels allowing workspaces to be grouped and filtered by user-defined text fields.

It is now possible to SSH into targets and use the Daytona binary inside of them to view info and read logs.

Container registries are no longer managed through a CLI command and are now managed by environment variables instead

Purging Daytona now delegates removal of Resources (workspaces, targets, builds) to the user because they are now treated independently.

Telemetry has been updated/improved to match the changes.

CLI commands arguments and aliases have been made to be more consistent.

README.md has been redone to adhere to the changes and trimmed of a large amount of the content.

Other release changes

Features

• feat: add support for Positron IDE by @​hunnywar in https://github.com/daytonaio/daytona/pull/1590
• feat: add support for VSCodium Insiders by @​hunnywar in https://github.com/daytonaio/daytona/pull/1702
• feat: add install.ps1 for windows by @​hunnywar in https://github.com/daytonaio/daytona/pull/1567
• feat: toolbox exec session management by @​Tpuljak in https://github.com/daytonaio/daytona/pull/1732
• feat: default to single runner in prompt by @​idagelic in https://github.com/daytonaio/daytona/pull/1735

Fixes

• fix: PR list pagination by @​Tpuljak in https://github.com/daytonaio/daytona/pull/1709
• fix: daytona update command with elevated perms by @​unsuman in https://github.com/daytonaio/daytona/pull/1713
• fix: fail cli await if deleting resource errors by @​idagelic in https://github.com/daytonaio/daytona/pull/1742

Telemetry

• removed tracking API requests and responses
• improved telemetry events to track all resource changes

Samples

• samples: add Deno, Prolog, Racket, Zig by @​s-celles in https://github.com/daytonaio/daytona/pull/1737

Chores and tests

• build(deps): bump github.com/compose-spec/compose-go/v2 from 2.1.3 to 2.4.1 by @​dependabot in https://github.com/daytonaio/daytona/pull/1736
• build(deps): bump github.com/go-git/go-git/v5 from 5.12.1-0.20240617075238-c127d1b35535 to 5.13.0 by @​dependabot in https://github.com/daytonaio/daytona/pull/1734

Breaking changes

Before updating, users will need to remove the entire Daytona configuration from your system with daytona purge or:

Linux:

rm -rf ~/.config/daytona

Mac:

rm -rf ~/Library/Application\ Support/daytona

Windows (PowerShell):

Remove-Item -Recurse -Force "C:\Users\<USERNAME>\AppData\Roaming\daytona"

Full Changelog: daytonaio/daytona@v0.51.0...v0.52.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/daytona:0.52.0

📦 Image Reference ghcr.io/uniget-org/tools/daytona:0.52.0

digest	sha256:8b03288b1537dc159589d7b1c4cf564473cad50d85848293f7579a6058cd5c4e
vulnerabilities
platform	linux/amd64
size	56 MB
packages	288

stdlib 1.23.0 (golang) pkg:golang/stdlib@1.23.0 Affected range >=1.23.0-0 <1.23.1 Fixed version 1.23.1 Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range >=1.23.0-0 <1.23.1 Fixed version 1.23.1 Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.23.0-0 <1.23.1 Fixed version 1.23.1 Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.23.0-0 <1.23.1 Fixed version 1.23.1 Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.

github.com/aws/aws-sdk-go 1.54.19 (golang) pkg:golang/github.com/aws/aws-sdk-go@1.54.19 Affected range >=0 Fixed version Not Fixed Description A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files. Affected range >=0 Fixed version Not Fixed Description A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/12953728482.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/12953728482.