From 9d5489c9f6c21805bcbf5fecf42c6f1154eb54d5 Mon Sep 17 00:00:00 2001 From: Thomas Berreis <88875030+tberreis@users.noreply.github.com> Date: Mon, 10 Feb 2025 18:04:20 +0100 Subject: [PATCH 1/5] chore(deps): update curlimages/curl to v8.12.0 (#3817) Signed-off-by: Thomas Berreis --- cmd/build/helmify/static/README.md | 2 +- cmd/build/helmify/static/values.yaml | 2 +- manifest_staging/charts/gatekeeper/README.md | 2 +- manifest_staging/charts/gatekeeper/values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/build/helmify/static/README.md b/cmd/build/helmify/static/README.md index ff24c055568..4cf83ca7804 100644 --- a/cmd/build/helmify/static/README.md +++ b/cmd/build/helmify/static/README.md @@ -81,7 +81,7 @@ information._ | postInstall.labelNamespace.priorityClassName | Priority class name for gatekeeper-update-namespace-label Job | `` | | postInstall.probeWebhook.enabled | Probe webhook API post install. When enabled along with `postInstall.labelNamespace.enabled`, this probe will run as part of `postInstall.labelNamespace` Job as an initContainer | `true` | | postInstall.probeWebhook.image.repository | Image with curl to probe the webhook API | `curlimages/curl` | -| postInstall.probeWebhook.image.tag | Image tag | `7.83.1` | +| postInstall.probeWebhook.image.tag | Image tag | `8.12.0` | | postInstall.probeWebhook.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postInstall.probeWebhook.image.pullSecrets | Image pullSecrets | `[]` | | postInstall.probeWebhook.waitTimeout | Total time to wait for the webhook API to become available | `60` | diff --git a/cmd/build/helmify/static/values.yaml b/cmd/build/helmify/static/values.yaml index 92789b23218..6ebaa3f81f1 100644 --- a/cmd/build/helmify/static/values.yaml +++ b/cmd/build/helmify/static/values.yaml @@ -113,7 +113,7 @@ postInstall: enabled: true image: repository: curlimages/curl - tag: 7.83.1 + tag: 8.12.0 pullPolicy: IfNotPresent pullSecrets: [] waitTimeout: 60 diff --git a/manifest_staging/charts/gatekeeper/README.md b/manifest_staging/charts/gatekeeper/README.md index ff24c055568..4cf83ca7804 100644 --- a/manifest_staging/charts/gatekeeper/README.md +++ b/manifest_staging/charts/gatekeeper/README.md @@ -81,7 +81,7 @@ information._ | postInstall.labelNamespace.priorityClassName | Priority class name for gatekeeper-update-namespace-label Job | `` | | postInstall.probeWebhook.enabled | Probe webhook API post install. When enabled along with `postInstall.labelNamespace.enabled`, this probe will run as part of `postInstall.labelNamespace` Job as an initContainer | `true` | | postInstall.probeWebhook.image.repository | Image with curl to probe the webhook API | `curlimages/curl` | -| postInstall.probeWebhook.image.tag | Image tag | `7.83.1` | +| postInstall.probeWebhook.image.tag | Image tag | `8.12.0` | | postInstall.probeWebhook.image.pullPolicy | Image pullPolicy | `IfNotPresent` | | postInstall.probeWebhook.image.pullSecrets | Image pullSecrets | `[]` | | postInstall.probeWebhook.waitTimeout | Total time to wait for the webhook API to become available | `60` | diff --git a/manifest_staging/charts/gatekeeper/values.yaml b/manifest_staging/charts/gatekeeper/values.yaml index 92789b23218..6ebaa3f81f1 100644 --- a/manifest_staging/charts/gatekeeper/values.yaml +++ b/manifest_staging/charts/gatekeeper/values.yaml @@ -113,7 +113,7 @@ postInstall: enabled: true image: repository: curlimages/curl - tag: 7.83.1 + tag: 8.12.0 pullPolicy: IfNotPresent pullSecrets: [] waitTimeout: 60 From 633f0ccde67befa5ab26c499a50d22094a505fd9 Mon Sep 17 00:00:00 2001 From: Jaydip Gabani Date: Mon, 10 Feb 2025 09:04:53 -0800 Subject: [PATCH 2/5] fix: bumping frameworks to fix GO-2025-3372 (#3810) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jaydip Gabani Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index c9685456d06..85f7909a5f6 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/google/uuid v1.6.0 github.com/onsi/gomega v1.34.2 github.com/open-policy-agent/cert-controller v0.11.0 - github.com/open-policy-agent/frameworks/constraint v0.0.0-20250130204619-df595163a8ba + github.com/open-policy-agent/frameworks/constraint v0.0.0-20250207225241-cd781308bbb9 github.com/open-policy-agent/opa v1.1.0 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.20.5 diff --git a/go.sum b/go.sum index f0be14765ec..496655f0961 100644 --- a/go.sum +++ b/go.sum @@ -286,8 +286,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/open-policy-agent/cert-controller v0.11.0 h1:zXaXeaS4eRAZXhUH5SxWqky681Y2KWjQv/z3X8iMcaQ= github.com/open-policy-agent/cert-controller v0.11.0/go.mod h1:456gr2XKHzxDOjxJZUST5rLIX8olrHkBUymy49FZzps= -github.com/open-policy-agent/frameworks/constraint v0.0.0-20250130204619-df595163a8ba h1:2dXMSgosKdJzjo5eG5n02TD1lGQp5V7TdhUy8gVoJS4= -github.com/open-policy-agent/frameworks/constraint v0.0.0-20250130204619-df595163a8ba/go.mod h1:mJcwyAQJRi5mZmzQ4xAM7V3rggiFJ9x/TtDf8XoOzrU= +github.com/open-policy-agent/frameworks/constraint v0.0.0-20250207225241-cd781308bbb9 h1:4WxbYE8e0pxptMhfD8JQrDhCQWu1zHxidauJfbC7Rvk= +github.com/open-policy-agent/frameworks/constraint v0.0.0-20250207225241-cd781308bbb9/go.mod h1:HmCR8ontMFxto80RPxJBhQiCGnVOmNN4HUXx+Htzos0= github.com/open-policy-agent/opa v1.1.0 h1:HMz2evdEMTyNqtdLjmu3Vyx06BmhNYAx67Yz3Ll9q2s= github.com/open-policy-agent/opa v1.1.0/go.mod h1:T1pASQ1/vwfTa+e2fYcfpLCvWgYtqtiUv+IuA/dLPQs= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= diff --git a/vendor/modules.txt b/vendor/modules.txt index 22055a781a7..b6d416d7bf1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -425,7 +425,7 @@ github.com/onsi/gomega/types # github.com/open-policy-agent/cert-controller v0.11.0 ## explicit; go 1.22.0 github.com/open-policy-agent/cert-controller/pkg/rotator -# github.com/open-policy-agent/frameworks/constraint v0.0.0-20250130204619-df595163a8ba +# github.com/open-policy-agent/frameworks/constraint v0.0.0-20250207225241-cd781308bbb9 ## explicit; go 1.22.7 github.com/open-policy-agent/frameworks/constraint/deploy github.com/open-policy-agent/frameworks/constraint/pkg/apis From 4e0351b56834b7977e3b028d783f5de19ab323f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 09:05:23 -0800 Subject: [PATCH 3/5] chore: bump golang from `3149bc5` to `441f59f` in /build/tooling (#3811) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> --- build/tooling/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/tooling/Dockerfile b/build/tooling/Dockerfile index 8f6dcb7590f..1aaa6c129d2 100644 --- a/build/tooling/Dockerfile +++ b/build/tooling/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23-bookworm@sha256:3149bc5043fa58cf127fd8db1fdd4e533b6aed5a40d663d4f4ae43d20386665f +FROM golang:1.23-bookworm@sha256:441f59f8a2104b99320e1f5aaf59a81baabbc36c81f4e792d5715ef09dd29355 RUN GO111MODULE=on go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 RUN GO111MODULE=on go install k8s.io/code-generator/cmd/conversion-gen@v0.29.3 From a4dfd6f3cfc1084c7acecb55aeb778ee68baafc1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 09:05:55 -0800 Subject: [PATCH 4/5] chore: bump golang from `3149bc5` to `441f59f` (#3812) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> --- Dockerfile | 2 +- gator.Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d190aefc8aa..d638e152daf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$BUILDPLATFORM golang:1.23-bookworm@sha256:3149bc5043fa58cf127fd8db1fdd4e533b6aed5a40d663d4f4ae43d20386665f AS builder +FROM --platform=$BUILDPLATFORM golang:1.23-bookworm@sha256:441f59f8a2104b99320e1f5aaf59a81baabbc36c81f4e792d5715ef09dd29355 AS builder ARG TARGETPLATFORM ARG TARGETOS diff --git a/gator.Dockerfile b/gator.Dockerfile index 61f0d380b80..3e9a8f1abe7 100644 --- a/gator.Dockerfile +++ b/gator.Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$BUILDPLATFORM golang:1.23-bookworm@sha256:3149bc5043fa58cf127fd8db1fdd4e533b6aed5a40d663d4f4ae43d20386665f AS builder +FROM --platform=$BUILDPLATFORM golang:1.23-bookworm@sha256:441f59f8a2104b99320e1f5aaf59a81baabbc36c81f4e792d5715ef09dd29355 AS builder ARG TARGETPLATFORM ARG TARGETOS From c671ba3720ebe1d02ab7bf5a27bcc6c0c94482b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 09:06:30 -0800 Subject: [PATCH 5/5] chore: bump golang from `3149bc5` to `441f59f` in /test/image (#3814) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sertaç Özercan <852750+sozercan@users.noreply.github.com> --- test/image/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/image/Dockerfile b/test/image/Dockerfile index b57811e6504..1b4bfce4c1c 100644 --- a/test/image/Dockerfile +++ b/test/image/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23-bookworm@sha256:3149bc5043fa58cf127fd8db1fdd4e533b6aed5a40d663d4f4ae43d20386665f as builder +FROM golang:1.23-bookworm@sha256:441f59f8a2104b99320e1f5aaf59a81baabbc36c81f4e792d5715ef09dd29355 as builder ARG BATS_VERSION ARG ORAS_VERSION