diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 36d93362fda44..512481c525896 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,5 +1,5 @@ { - "image":"quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9", + "image":"quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1", "containerEnv":{ "CI":"true" }, diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b5e33db8da0d7..f58735909b3fc 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -41,11 +41,6 @@ sensor/**/* @stackrox/sensor-ecosystem tests/performance/**/* @stackrox/sensor-ecosystem tests/roxctl/**/* @stackrox/sensor-ecosystem -# Listing all users as "Outside collaborators cannot be added to a team" -bats-tests/local/roxctl-netpol-* @zivnevo @adisos @shireenf-ibm -roxctl/netpol/**/* @zivnevo @adisos @shireenf-ibm -tests/roxctl/bats-tests/test-data/np-guard/ @zivnevo @adisos @shireenf-ibm - qa-tests-backend/**/* @janisz /ui/**/* @stackrox/ui @@ -81,12 +76,14 @@ operator/**/* @stackrox/install /sensor/kubernetes/listener/resources/secrets* @stackrox/scanner /SCANNER_VERSION @stackrox/scanner -# The RHTAP maintainers for ACS review all changes related to the Konflux (f.k.a. RHTAP) pipelines, such as new -# pipelines, parameter changes or automated task updates as well as Dockerfile updates. -**/konflux.*Dockerfile @stackrox/rhtap-maintainers -/.konflux/ @stackrox/rhtap-maintainers -/.tekton/ @stackrox/rhtap-maintainers -rpms.* @stackrox/rhtap-maintainers +# Konflux maintainers for ACS review all changes related to the Konflux pipelines, Dockerfiles, etc. +# Release engineers need to merge MintMaker PRs at the time of the release. +# rhacs-bot needs an ability to auto-approve MintMaker PRs for automated task and security updates. +**/konflux.*Dockerfile @stackrox/konflux-maintainers-no-email @stackrox/release-mgmt-no-email @rhacs-bot +/.tekton/ @stackrox/konflux-maintainers-no-email @stackrox/release-mgmt-no-email @rhacs-bot +rpms.* @stackrox/konflux-maintainers-no-email @stackrox/release-mgmt-no-email @rhacs-bot +/.konflux/ @stackrox/konflux-maintainers +.github/renovate.json5 @stackrox/konflux-maintainers # Dependencies diff --git a/.github/workflows/batch-load-test-metrics.yml b/.github/workflows/batch-load-test-metrics.yml index 137af49e1f2df..56868218543c3 100644 --- a/.github/workflows/batch-load-test-metrics.yml +++ b/.github/workflows/batch-load-test-metrics.yml @@ -11,7 +11,7 @@ jobs: batch-load-test-metrics: runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 7974417088f8f..95b0be766c8cc 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -109,7 +109,10 @@ jobs: UI_PKG_INSTALL_EXTRA_ARGS: --ignore-scripts runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 + volumes: + - /usr:/mnt/usr + - /opt:/mnt/opt steps: - name: Checkout uses: actions/checkout@v5 @@ -141,7 +144,10 @@ jobs: pre-build-cli: runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 + volumes: + - /usr:/mnt/usr + - /opt:/mnt/opt steps: - name: Checkout uses: actions/checkout@v5 @@ -179,7 +185,10 @@ jobs: needs: define-job-matrix runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 + volumes: + - /usr:/mnt/usr + - /opt:/mnt/opt steps: - name: Checkout uses: actions/checkout@v5 @@ -246,7 +255,10 @@ jobs: pre-build-docs: runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 + volumes: + - /usr:/mnt/usr + - /opt:/mnt/opt steps: - name: Checkout uses: actions/checkout@v5 @@ -303,7 +315,10 @@ jobs: GO_BINARIES_BUILD_ARTIFACT: "" ROX_PRODUCT_BRANDING: "" container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 + volumes: + - /usr:/mnt/usr + - /opt:/mnt/opt env: QUAY_RHACS_ENG_RO_USERNAME: ${{ secrets.QUAY_RHACS_ENG_RO_USERNAME }} QUAY_RHACS_ENG_RO_PASSWORD: ${{ secrets.QUAY_RHACS_ENG_RO_PASSWORD }} @@ -484,7 +499,10 @@ jobs: env: ROX_PRODUCT_BRANDING: "" container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 + volumes: + - /usr:/mnt/usr + - /opt:/mnt/opt env: QUAY_RHACS_ENG_RO_USERNAME: ${{ secrets.QUAY_RHACS_ENG_RO_USERNAME }} QUAY_RHACS_ENG_RO_PASSWORD: ${{ secrets.QUAY_RHACS_ENG_RO_PASSWORD }} @@ -576,7 +594,7 @@ jobs: needs: - define-job-matrix container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 env: QUAY_RHACS_ENG_RW_USERNAME: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} QUAY_RHACS_ENG_RW_PASSWORD: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} @@ -659,7 +677,7 @@ jobs: ARTIFACT_DIR: junit-reports/ runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 needs: - pre-build-cli - pre-build-go-binaries diff --git a/.github/workflows/check-crd-compatibility.yaml b/.github/workflows/check-crd-compatibility.yaml index ecf241ba9850d..7962d507b1c69 100644 --- a/.github/workflows/check-crd-compatibility.yaml +++ b/.github/workflows/check-crd-compatibility.yaml @@ -20,7 +20,7 @@ jobs: check-crd-compatibility: runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 outputs: released_version: ${{ steps.get_previous_released_version.outputs.released_version }} steps: @@ -39,7 +39,7 @@ jobs: with: repository: openshift/crd-schema-checker path: .crd-schema-checker - ref: 9c9f5f57c9f9ea4dba41d9eec5c365a622f08417 # 2025-04-08 + ref: c313b6407231f6d1aabfb602f0823708f8c6b9fb # 2025-09-05 - name: Build crd-schema-checker run: | diff --git a/.github/workflows/ci-failures-report.yml b/.github/workflows/ci-failures-report.yml index 0181f68cbc7eb..ce52c8cd0f749 100644 --- a/.github/workflows/ci-failures-report.yml +++ b/.github/workflows/ci-failures-report.yml @@ -14,7 +14,7 @@ jobs: report-e2e-failures-to-slack: runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 diff --git a/.github/workflows/emailsender-central-compatibility.yaml b/.github/workflows/emailsender-central-compatibility.yaml index b5d04747616ae..8464946856948 100644 --- a/.github/workflows/emailsender-central-compatibility.yaml +++ b/.github/workflows/emailsender-central-compatibility.yaml @@ -32,10 +32,10 @@ jobs: uses: n1hility/cancel-previous-runs@v3 with: token: ${{ secrets.GITHUB_TOKEN }} - - name: Set up Go 1.24 + - name: Set up Go 1.25 uses: actions/setup-go@v5 with: - go-version: "1.24" + go-version: "1.25" - name: Cache go module uses: actions/cache@v4 with: diff --git a/.github/workflows/fixxxer.yaml b/.github/workflows/fixxxer.yaml index 7a2699a933332..603b4f429594f 100644 --- a/.github/workflows/fixxxer.yaml +++ b/.github/workflows/fixxxer.yaml @@ -14,7 +14,7 @@ jobs: if: ${{ github.event.issue.pull_request && github.event.comment.body == '/fixxx' }} runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Fetch PR metadata diff --git a/.github/workflows/release-ci.yaml b/.github/workflows/release-ci.yaml index 503e9ece9c412..fe29d4ec14630 100644 --- a/.github/workflows/release-ci.yaml +++ b/.github/workflows/release-ci.yaml @@ -98,7 +98,8 @@ jobs: scripts/ci/lib.sh \ push_helm_charts "${STACKROX_TAG}" - publish-roxctl: + # Publish `roxagent` and `roxctl`. + publish-cli: needs: [build, check-scanner-version, check-collector-version, check-is-release] if: needs.check-is-release.outputs.is_release == 'true' runs-on: ubuntu-latest @@ -116,13 +117,13 @@ jobs: - uses: ./.github/actions/download-artifact-with-retry with: name: cli-build - - name: Publish roxctl to Google Cloud storage + - name: Publish cli artifacts to Google Cloud storage env: STACKROX_TAG: ${{ github.ref_name }} run: | tar xzf cli-build.tgz scripts/ci/lib.sh \ - publish_roxctl "${STACKROX_TAG}" + publish_cli "${STACKROX_TAG}" publish-openapispec: needs: [build, check-scanner-version, check-collector-version, check-is-release] diff --git a/.github/workflows/scanner-build.yaml b/.github/workflows/scanner-build.yaml index cd9315162cfdc..ef839ed75ccb3 100644 --- a/.github/workflows/scanner-build.yaml +++ b/.github/workflows/scanner-build.yaml @@ -80,7 +80,10 @@ jobs: # race-condition-debug - built with -race matrix: ${{ fromJson(needs.define-scanner-job-matrix.outputs.matrix).pre_build_scanner_go_binary }} container: - image: quay.io/stackrox-io/apollo-ci:scanner-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:scanner-test-0.5.1 + volumes: + - /usr:/mnt/usr + - /opt:/mnt/opt steps: - name: Checkout uses: actions/checkout@v5 @@ -137,7 +140,7 @@ jobs: needs: pre-build-scanner-go-binary runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:scanner-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:scanner-test-0.5.1 if: contains(github.event.pull_request.labels.*.name, 'scan-go-binaries') env: ARTIFACT_DIR: junit-reports/ @@ -191,7 +194,10 @@ jobs: # race-condition-debug - built with -race matrix: ${{ fromJson(needs.define-scanner-job-matrix.outputs.matrix).build_and_push_scanner }} container: - image: quay.io/stackrox-io/apollo-ci:scanner-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:scanner-test-0.5.1 + volumes: + - /usr:/mnt/usr + - /opt:/mnt/opt env: QUAY_RHACS_ENG_RW_USERNAME: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} QUAY_RHACS_ENG_RW_PASSWORD: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} @@ -266,7 +272,7 @@ jobs: # race-condition-debug matrix: ${{ fromJson(needs.define-scanner-job-matrix.outputs.matrix).push_scanner_manifests }} container: - image: quay.io/stackrox-io/apollo-ci:scanner-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:scanner-test-0.5.1 env: QUAY_RHACS_ENG_RW_USERNAME: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} QUAY_RHACS_ENG_RW_PASSWORD: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} diff --git a/.github/workflows/scanner-db-integration-tests.yaml b/.github/workflows/scanner-db-integration-tests.yaml index 746cba296f97c..c8ec261104de1 100644 --- a/.github/workflows/scanner-db-integration-tests.yaml +++ b/.github/workflows/scanner-db-integration-tests.yaml @@ -17,7 +17,7 @@ jobs: db-integration-tests: runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:scanner-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:scanner-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 diff --git a/.github/workflows/scanner-versioned-definitions-update.yaml b/.github/workflows/scanner-versioned-definitions-update.yaml index 0161addc775c0..3ca1d5bcd94ef 100644 --- a/.github/workflows/scanner-versioned-definitions-update.yaml +++ b/.github/workflows/scanner-versioned-definitions-update.yaml @@ -190,7 +190,7 @@ jobs: - prepare-environment runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:scanner-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:scanner-test-0.5.1 volumes: # The updater makes heavy use of /tmp files. - /tmp:/tmp @@ -282,7 +282,7 @@ jobs: - prepare-environment runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:scanner-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:scanner-test-0.5.1 volumes: # The updater makes heavy use of /tmp files. - /tmp:/tmp diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index d3afc22109b08..ef5952a0067d8 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -24,7 +24,7 @@ jobs: ARTIFACT_DIR: junit-reports/ runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 @@ -50,7 +50,7 @@ jobs: ARTIFACT_DIR: junit-reports/ runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 @@ -91,7 +91,10 @@ jobs: style-check: runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 + volumes: + - /usr:/mnt/usr + - /opt:/mnt/opt steps: - name: Checkout uses: actions/checkout@v5 @@ -126,6 +129,11 @@ jobs: - name: Checkout uses: actions/checkout@v5 + - uses: ./.github/actions/job-preamble + with: + free-disk-space: '30' + gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }} + - uses: actions/setup-go@v5 with: go-version-file: 'tools/linters/go.mod' @@ -229,7 +237,7 @@ jobs: openshift-ci-lint: runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 diff --git a/.github/workflows/tag-more-reviewers.yaml b/.github/workflows/tag-more-reviewers.yaml new file mode 100644 index 0000000000000..f6ce74aac7c50 --- /dev/null +++ b/.github/workflows/tag-more-reviewers.yaml @@ -0,0 +1,26 @@ +name: Tag more reviewers + +on: + pull_request: + types: + - review_requested + +jobs: + tag-konflux-maintainers: + # We have lots of PR traffic from MintMaker (acting as `red-hat-konflux[bot]`), and so it's unsustainable to go + # through these emails every day. Therefore, the notifications are disabled for `konflux-maintainers-no-email` + # team that's set as owner in CODEOWNERS for the Konflux stuff. + # At the same time, we want to be notified when humans, not the bot, request reviews (which happens automatically + # again through CODEOWNERS) for the Konflux-related files. This job invites `konflux-maintainers` team for review + # for such cases. + if: | + github.event.requested_team.name == 'konflux-maintainers-no-email' && + github.event.pull_request.user.login != 'red-hat-konflux[bot]' + env: + GH_TOKEN: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }} + runs-on: ubuntu-latest + steps: + - name: Tag Konflux Maintainers for review + run: | + gh pr --repo "${{ github.repository }}" edit "${{ github.event.pull_request.number }}" \ + --add-reviewer stackrox/konflux-maintainers diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml index 7580d9b5de6aa..dcab48c239b13 100644 --- a/.github/workflows/unit-tests.yaml +++ b/.github/workflows/unit-tests.yaml @@ -26,7 +26,7 @@ jobs: outputs: new-jiras: ${{ steps.junit2jira.outputs.new-jiras }} container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 @@ -94,7 +94,7 @@ jobs: outputs: new-jiras: ${{ steps.junit2jira.outputs.new-jiras }} container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Set Postgres version run: | @@ -151,7 +151,7 @@ jobs: go-bench: runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Set Postgres version run: | @@ -198,7 +198,7 @@ jobs: outputs: new-jiras: ${{ steps.junit2jira.outputs.new-jiras }} container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 @@ -234,7 +234,7 @@ jobs: outputs: new-jiras: ${{ steps.junit2jira.outputs.new-jiras }} container: - image: quay.io/stackrox-io/apollo-ci:stackrox-ui-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-ui-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 @@ -277,7 +277,7 @@ jobs: outputs: new-jiras: ${{ steps.junit2jira.outputs.new-jiras }} container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 @@ -318,7 +318,7 @@ jobs: outputs: new-jiras: ${{ steps.junit2jira.outputs.new-jiras }} container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 @@ -352,7 +352,7 @@ jobs: openshift-ci-unit-tests: runs-on: ubuntu-latest container: - image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 steps: - name: Checkout uses: actions/checkout@v5 @@ -378,7 +378,10 @@ jobs: uses: actions/checkout@v5 with: fetch-depth: 0 - + - name: Set up Go + uses: actions/setup-go@v6 + with: + go-version-file: go.mod - uses: ./.github/actions/job-preamble with: gcp-account: ${{ secrets.GCP_SERVICE_ACCOUNT_STACKROX_CI }} diff --git a/.golangci.yml b/.golangci.yml index e9468aa9ab33e..6623d1438c19a 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,7 +1,7 @@ version: "2" run: timeout: 240m - go: "1.24" + go: "1.25" build-tags: - integration - scanner_db_integration diff --git a/.openshift-ci/Dockerfile.build_root b/.openshift-ci/Dockerfile.build_root index 88cf91029d22b..158314ac8b810 100644 --- a/.openshift-ci/Dockerfile.build_root +++ b/.openshift-ci/Dockerfile.build_root @@ -27,4 +27,4 @@ # For an example, see https://github.com/stackrox/stackrox/pull/2762 and its counterpart # https://github.com/openshift/release/pull/31561 -FROM quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 +FROM quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 diff --git a/.openshift-ci/dev-requirements.txt b/.openshift-ci/dev-requirements.txt index 4c2c11e144496..9900face09fe1 100644 --- a/.openshift-ci/dev-requirements.txt +++ b/.openshift-ci/dev-requirements.txt @@ -1,4 +1,4 @@ -# These versions should match those used in the current CI test image (stackrox-test-0.4.9). +# These versions should match those used in the current CI test image (stackrox-test-0.5.1). # See .github/workflows/{lint,style}.yaml for that. # And the stackrox/rox-ci-image repo for the original source and pinned versions. pycodestyle==2.10.0 diff --git a/.tekton/basic-component-pipeline.yaml b/.tekton/basic-component-pipeline.yaml index 9f676964eecd2..5933a6e4235b1 100644 --- a/.tekton/basic-component-pipeline.yaml +++ b/.tekton/basic-component-pipeline.yaml @@ -8,7 +8,7 @@ spec: - name: slack-notification params: - name: message - value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' + value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' - name: key-name value: 'acs-konflux-notifications' when: @@ -21,7 +21,7 @@ spec: - name: name value: slack-webhook-notification - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:4e68fe2225debc256d403b828ed358345bb56d03327b46d55cb6c42911375750 + value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:69945a30c11387a766e3d0ae33991b68e865a290c09da1fea44f193d358926ba - name: kind value: task resolver: bundles @@ -49,7 +49,7 @@ spec: - name: name value: post-bigquery-metrics - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -115,7 +115,29 @@ spec: description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after which they can be garbage collected. name: oci-artifact-expires-after type: string + - name: buildah-format + default: docker + type: string + description: The format for the resulting image's mediaType. Valid values are oci or docker. + - name: extra-labels + type: array + description: Additional labels to put on the built containers. + - default: + - linux/amd64 + - linux/arm64 + - linux/ppc64le + - linux/s390x + description: > + List of platforms to build the container images for. The available + set of values is determined by the configuration of the multi-platform-controller + on the cluster: https://konflux.pages.redhat.com/docs/users/getting-started/multi-platform-builds.html + name: build-platforms + type: array + - name: enable-cache-proxy + default: 'false' + description: Enable cache proxy configuration + type: string results: - description: "" name: IMAGE_URL @@ -149,12 +171,14 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) taskRef: params: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:b349d24cb896573695802d6913d311640b44675ec082b3ad167721946a6a0a71 - name: kind value: task resolver: bundles @@ -178,7 +202,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:56f65a16d3d0485c64ad85af2c1f3e9b0bb4d02d63f2fd0ebb9498d219ca723d - name: kind value: task resolver: bundles @@ -201,7 +225,7 @@ spec: - name: name value: determine-image-expiration - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -217,7 +241,7 @@ spec: - name: name value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -237,7 +261,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:098322d6b789824f716f2d9caca1862d4afdc083ebaaee61aadd22a8c179480a + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:4c9ff416bfd127e1f960bd0218127c7e198dbd15827c1a8bf58ac5eb023dd9e2 - name: kind value: task resolver: bundles @@ -245,125 +269,15 @@ spec: - name: git-basic-auth workspace: git-auth - - name: build-container-amd64 - params: - - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-amd64 - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - BUILD_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - taskRef: - params: - - name: name - value: buildah-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:83a505fe13bcb1898ed51e92794af8b18fd8ea5e1e916a8ba5d21e9fdc0a9706 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - - name: build-container-s390x - params: - - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-s390x - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - BUILD_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: PLATFORM - value: linux/s390x - taskRef: - params: - - name: name - value: buildah-remote-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:08bbee8bda1e6d0f7a4690a494f0a2713e0279c75412402a28008a8aa34283ca - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - - name: build-container-ppc64le - params: - - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-ppc64le - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - BUILD_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: PLATFORM - value: linux/ppc64le - taskRef: + - name: build-images + matrix: params: - - name: name - value: buildah-remote-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:08bbee8bda1e6d0f7a4690a494f0a2713e0279c75412402a28008a8aa34283ca - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - - name: build-container-arm64 + - name: PLATFORM + value: + - $(params.build-platforms) params: - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-arm64 + value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG) - name: DOCKERFILE value: $(params.dockerfile) - name: CONTEXT @@ -383,14 +297,24 @@ spec: value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: PLATFORM - value: linux/arm64 + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: LABELS + value: ["$(params.extra-labels[*])"] + - name: BUILD_TIMESTAMP + value: "$(tasks.clone-repository.results.commit-timestamp)" + - name: IMAGE_APPEND_PLATFORM + value: "true" + - name: HTTP_PROXY + value: $(tasks.init.results.http-proxy) + - name: NO_PROXY + value: $(tasks.init.results.no-proxy) taskRef: params: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:08bbee8bda1e6d0f7a4690a494f0a2713e0279c75412402a28008a8aa34283ca + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.7@sha256:d8b2cd0bd3f8e3fdcafe4aebfee59f3f2fcbca78ef31f9c5dd8ecd781cd02636 - name: kind value: task resolver: bundles @@ -407,18 +331,17 @@ spec: value: $(tasks.clone-repository.results.commit) - name: IMAGES value: - - $(tasks.build-container-amd64.results.IMAGE_REF) - - $(tasks.build-container-s390x.results.IMAGE_REF) - - $(tasks.build-container-ppc64le.results.IMAGE_REF) - - $(tasks.build-container-arm64.results.IMAGE_REF) + - $(tasks.build-images.results.IMAGE_REF[*]) - name: IMAGE_EXPIRES_AFTER value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) taskRef: params: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:8e5dfb2fac011148f8715bbe0b99415f88297683d269eae0dfcad52562195d45 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:985d1efe861b02524a7679ecd855624b3d4e3a2e835b6f8a97ec7d135898ec0b - name: kind value: task resolver: bundles @@ -426,6 +349,7 @@ spec: - input: $(tasks.init.results.build) operator: in values: [ "true" ] + runAfter: [ build-images ] - name: apply-index-image-tag params: @@ -441,7 +365,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:f44be1bf0262471f2f503f5e19da5f0628dcaf968c86272a2ad6b4871e708448 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:c89cd10b2a3f4c43789c5f06ef2b86f528b28f156c20af5e751fa8c0facd457d - name: kind value: task resolver: bundles @@ -465,7 +389,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:c35ba219390d77a48ee19347e5ee8d13e5c23e3984299e02291d6da1ed8a986c - name: kind value: task resolver: bundles @@ -488,7 +412,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:2c32152a55f6bfba67b41be456da46b6e109bb3e348e25220eed4eed149958c5 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:1cf21de671be4c97d4973b60c09c912997cd15b65c30b93a07eff1b24f43a1f8 - name: kind value: task resolver: bundles @@ -498,6 +422,11 @@ spec: values: [ "false" ] - name: clair-scan + matrix: + params: + - name: image-platform + value: + - $(params.build-platforms) params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) @@ -508,7 +437,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:654b989d7cdc03d082e56f216a29de04847215ee379a8d9ca315e453ad2b15c2 - name: kind value: task resolver: bundles @@ -518,6 +447,11 @@ spec: values: [ "false" ] - name: ecosystem-cert-preflight-checks + matrix: + params: + - name: platform + value: + - $(params.build-platforms) params: - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) @@ -526,7 +460,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:b612fd73d81822113e2c12f44a72eed218540aaa8e9f3e42223bddb01a0689cb - name: kind value: task resolver: bundles @@ -550,7 +484,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:e7a51575f9188a1461d4520da25aaa4efdd3b896c97dc750941fa22840e55c13 - name: kind value: task resolver: bundles @@ -574,7 +508,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:a2bde66f6b4164620298c7d709b8f08515409404000fa1dc2260d2508b135651 + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:8817f5081c10d9debf25601d6d99d7eddde19435be1ff24741d9025931639959 - name: kind value: task resolver: bundles @@ -598,7 +532,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:783f5de1b4def2fb3fad20b914f4b3afee46ffb8f652114946e321ef3fa86449 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:49b7d09db82e6cad98152db8f16707ca3d90a1709e846e3ed8c91a433c88724f - name: kind value: task resolver: bundles @@ -608,6 +542,11 @@ spec: values: [ "false" ] - name: clamav-scan + matrix: + params: + - name: image-arch + value: + - $(params.build-platforms) params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) @@ -618,7 +557,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b2f25599a10ab0846e4659f76b5b78c0fddf561404656fda52055eda31e70d83 - name: kind value: task resolver: bundles @@ -638,7 +577,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:00417785ba16344c10e8682bf58eeb6ef058cedd88ae2d86bb14ced220135374 - name: kind value: task resolver: bundles @@ -664,7 +603,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08bba4a659ecd48f871bef00b80af58954e5a09fcbb28a1783ddd640c4f6535e - name: kind value: task resolver: bundles diff --git a/.tekton/central-db-build.yaml b/.tekton/central-db-build.yaml index 36f809d9255ba..07baab4c72c62 100644 --- a/.tekton/central-db-build.yaml +++ b/.tekton/central-db-build.yaml @@ -23,8 +23,8 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs - appstudio.openshift.io/component: central-db + appstudio.openshift.io/application: acs-4-9 + appstudio.openshift.io/component: central-db-4-9 pipelines.appstudio.openshift.io/type: build name: central-db-on-push namespace: rh-acs-tenant @@ -57,6 +57,10 @@ spec: value: '0' - name: clone-fetch-tags value: 'true' + - name: extra-labels + value: + # X.Y in the cpe label must be adjusted for every version stream. + - "cpe=cpe:/a:redhat:advanced_cluster_security:4.9::el8" pipelineRef: name: basic-component-pipeline @@ -73,7 +77,7 @@ spec: memory: 3Gi taskRunTemplate: - serviceAccountName: build-pipeline-central-db + serviceAccountName: build-pipeline-central-db-4-9 # IMPORTANT: when changing timeouts here, read and follow timeout instructions in operator-bundle-build.yaml. timeouts: diff --git a/.tekton/create-custom-snapshot.yaml b/.tekton/create-custom-snapshot.yaml new file mode 100644 index 0000000000000..a30d1a835405f --- /dev/null +++ b/.tekton/create-custom-snapshot.yaml @@ -0,0 +1,265 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun + +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/stackrox/stackrox?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "500" + # TODO(ROX-21073): re-enable for all PR branches + pipelinesascode.tekton.dev/on-cel-expression: | + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") + ) || ( + event == "pull_request" && ( + target_branch.startsWith("release-") || + source_branch.matches("(konflux|renovate|appstudio|rhtap)") || + (has(body.pull_request) && has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == "konflux-build")) + ) && body.action != "ready_for_review" + ) + # The empty `on-label` annotation is a workaround to make sure the pipeline gets triggered when the label gets first + # added to the PR. See the Slack tread linked from ROX-30580. + pipelinesascode.tekton.dev/on-label: "[]" + labels: + appstudio.openshift.io/application: acs-4-9 + name: create-custom-snapshot + namespace: rh-acs-tenant + +spec: + + params: + + taskRunTemplate: + serviceAccountName: build-pipeline-operator-bundle-4-9 + + timeouts: + tasks: 3h30m + # Reserve time for final tasks to run. + finally: 10m + pipeline: 3h40m + + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' + + pipelineSpec: + + finally: + - name: slack-notification + params: + - name: message + value: ':x: `{{event_type}}` pipeline for (revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' + - name: key-name + value: 'acs-konflux-notifications' + when: + # Run when any task has Failed + - input: $(tasks.status) + operator: in + values: [ "Failed" ] + taskRef: + params: + - name: name + value: slack-webhook-notification + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:69945a30c11387a766e3d0ae33991b68e865a290c09da1fea44f193d358926ba + - name: kind + value: task + resolver: bundles + + - name: post-metric-end + params: + - name: AGGREGATE_TASKS_STATUS + value: $(tasks.status) + taskRef: &post-bigquery-metrics-ref + params: + - name: name + value: post-bigquery-metrics + - name: bundle + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf + - name: kind + value: task + resolver: bundles + + params: + - name: integration-test-scenario + default: "acs-conforma-prod-like" + description: Name of the IntegrationTestScenario to trigger for the created Snapshot. + type: string + - name: git-url + default: "{{source_url}}" + description: Source Repository URL. + type: string + - name: revision + default: "{{revision}}" + description: Revision of the Source Repository. + type: string + - name: bundle-image-repo + default: quay.io/rhacs-eng/release-operator-bundle + description: Repo of the operator bundle image, used to store OCI artifact with source code. + type: string + - name: oci-artifact-expires-after + default: "1d" + description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after + which they can be garbage collected. + type: string + - name: output-tag-suffix + default: "-fast" + description: Suffix that's appended to the operator-bundle's image tag. + type: string + + results: + - description: Name of the custom Snapshot created. + name: SNAPSHOT_NAME + value: $(tasks.create-acs-style-snapshot.results.SNAPSHOT_NAME) + + workspaces: + - name: git-auth + + tasks: + + - name: post-metric-start + taskRef: *post-bigquery-metrics-ref + + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: depth + value: "0" + - name: fetchTags + value: "true" + - name: ociStorage + value: $(params.bundle-image-repo):konflux-custom-snapshot-$(params.revision).git + - name: ociArtifactExpiresAfter + value: $(params.oci-artifact-expires-after) + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:56f65a16d3d0485c64ad85af2c1f3e9b0bb4d02d63f2fd0ebb9498d219ca723d + - name: kind + value: task + resolver: bundles + workspaces: + - name: basic-auth + workspace: git-auth + + - name: determine-image-tag + params: + - name: TAG_SUFFIX + value: $(params.output-tag-suffix) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + taskRef: + params: + - name: name + value: determine-image-tag + - name: bundle + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf + - name: kind + value: task + resolver: bundles + + - name: wait-for-bundle-image + params: + - name: IMAGE + value: "$(params.bundle-image-repo):v$(tasks.determine-image-tag.results.IMAGE_TAG)" + taskRef: + params: + - name: name + value: wait-for-image + - name: bundle + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf + - name: kind + value: task + resolver: bundles + # The timemout should be kept in sync with the pipeline timeout in the operator-bundle-build.yaml + timeout: 3h25m + + - name: create-acs-style-snapshot + params: + - name: OPERATOR_BUNDLE_IMAGE + value: $(params.bundle-image-repo)@$(tasks.wait-for-bundle-image.results.IMAGE_DIGEST) + - name: PRODUCT_VERSION + value: $(tasks.determine-image-tag.results.IMAGE_TAG) + - name: INTEGRATION_TEST_SCENARIO + value: $(params.integration-test-scenario) + - name: COMPONENT_MAPPINGS + value: | + [ + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-central-db", + "component": "central-db" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-collector", + "component": "collector" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-main", + "component": "main" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle", + "internalRepo": "quay.io/rhacs-eng/release-operator-bundle", + "component": "operator-bundle" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator", + "internalRepo": "quay.io/rhacs-eng/release-operator", + "component": "operator" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-roxctl", + "component": "roxctl" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner-db", + "component": "scanner-db" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner-db-slim", + "component": "scanner-db-slim" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner", + "component": "scanner" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner-slim", + "component": "scanner-slim" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner-v4-db", + "component": "scanner-v4-db" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner-v4", + "component": "scanner-v4" + } + ] + taskRef: + params: + - name: name + value: create-snapshot-from-bundle + - name: bundle + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf + - name: kind + value: task + resolver: bundles diff --git a/.tekton/main-build.yaml b/.tekton/main-build.yaml index df20a56e1ab76..91b84d0704d34 100644 --- a/.tekton/main-build.yaml +++ b/.tekton/main-build.yaml @@ -23,8 +23,8 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs - appstudio.openshift.io/component: main + appstudio.openshift.io/application: acs-4-9 + appstudio.openshift.io/component: main-4-9 pipelines.appstudio.openshift.io/type: build name: main-on-push namespace: rh-acs-tenant @@ -61,6 +61,10 @@ spec: value: '0' - name: clone-fetch-tags value: 'true' + - name: extra-labels + value: + # X.Y in the cpe label must be adjusted for every version stream. + - "cpe=cpe:/a:redhat:advanced_cluster_security:4.9::el8" pipelineRef: name: main-pipeline @@ -79,39 +83,14 @@ spec: # Memory is increased for the syft command to succeed. Otherwise, there's an error like this in log and container # exits with 137 (OOMKilled): # /tekton/scripts/script-2-h7nll: line 7: 33 Killed syft dir:$(cat /shared/container_path) --output cyclonedx-json=/var/workdir/sbom-image.json - - pipelineTaskName: build-container-amd64 + - pipelineTaskName: build-images stepSpecs: - - name: build - # CPU requests are increased to speed up builds compared to the defaults. - # Defaults: https://github.com/konflux-ci/build-definitions/blob/main/task/buildah-oci-ta/0.5/buildah-oci-ta.yaml#L921 - # - # Memory is increased for UI builds to succeed. Otherwise, there's an error like this in logs: - # [build] @stackrox/platform-app: The build failed because the process exited too early. This probably means the system ran out of memory or someone called `kill -9` on the process. - computeResources: - limits: - cpu: 4 - memory: 7Gi - requests: - cpu: 4 - memory: 7Gi - name: sbom-syft-generate - computeResources: &sbom-syft-resources + computeResources: limits: memory: 3Gi requests: memory: 3Gi - - pipelineTaskName: build-container-s390x - stepSpecs: - - name: sbom-syft-generate - computeResources: *sbom-syft-resources - - pipelineTaskName: build-container-ppc64le - stepSpecs: - - name: sbom-syft-generate - computeResources: *sbom-syft-resources - - pipelineTaskName: build-container-arm64 - stepSpecs: - - name: sbom-syft-generate - computeResources: *sbom-syft-resources - pipelineTaskName: build-source-image stepSpecs: # Bump memory for source image build because the one with defaults tends to get sometimes OOM-killed. @@ -123,7 +102,7 @@ spec: memory: 3Gi taskRunTemplate: - serviceAccountName: build-pipeline-main + serviceAccountName: build-pipeline-main-4-9 # IMPORTANT: when changing timeouts here, read and follow timeout instructions in operator-bundle-build.yaml. timeouts: diff --git a/.tekton/main-pipeline.yaml b/.tekton/main-pipeline.yaml index 73f2b4d8c2c65..6bc8f59fbdcbb 100644 --- a/.tekton/main-pipeline.yaml +++ b/.tekton/main-pipeline.yaml @@ -8,7 +8,7 @@ spec: - name: slack-notification params: - name: message - value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' + value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' - name: key-name value: 'acs-konflux-notifications' when: @@ -21,7 +21,7 @@ spec: - name: name value: slack-webhook-notification - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:4e68fe2225debc256d403b828ed358345bb56d03327b46d55cb6c42911375750 + value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:69945a30c11387a766e3d0ae33991b68e865a290c09da1fea44f193d358926ba - name: kind value: task resolver: bundles @@ -49,7 +49,7 @@ spec: - name: name value: post-bigquery-metrics - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -115,7 +115,30 @@ spec: description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after which they can be garbage collected. name: oci-artifact-expires-after type: string + - name: buildah-format + default: docker + type: string + description: The format for the resulting image's mediaType. Valid values are oci or docker. + - name: extra-labels + type: array + description: Additional labels to put on the built containers. + - default: + # 4 cpus and 7GB of ram should be enough for amd64 builds, but we have to use the next "smallest" available size. + - linux-d160-m2xlarge/amd64 + - linux-d160-m2xlarge/arm64 + - linux/ppc64le + - linux/s390x + description: > + List of platforms to build the container images for. The available + set of values is determined by the configuration of the multi-platform-controller + on the cluster: https://konflux.pages.redhat.com/docs/users/getting-started/multi-platform-builds.html + name: build-platforms + type: array + - name: enable-cache-proxy + default: 'false' + description: Enable cache proxy configuration + type: string results: - description: "" name: IMAGE_URL @@ -149,12 +172,14 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) taskRef: params: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:b349d24cb896573695802d6913d311640b44675ec082b3ad167721946a6a0a71 - name: kind value: task resolver: bundles @@ -178,7 +203,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:56f65a16d3d0485c64ad85af2c1f3e9b0bb4d02d63f2fd0ebb9498d219ca723d - name: kind value: task resolver: bundles @@ -201,7 +226,7 @@ spec: - name: name value: determine-image-expiration - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -217,7 +242,7 @@ spec: - name: name value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -237,7 +262,7 @@ spec: - name: name value: fetch-external-networks - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -262,7 +287,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:098322d6b789824f716f2d9caca1862d4afdc083ebaaee61aadd22a8c179480a + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:4c9ff416bfd127e1f960bd0218127c7e198dbd15827c1a8bf58ac5eb023dd9e2 - name: kind value: task resolver: bundles @@ -270,129 +295,15 @@ spec: - name: git-basic-auth workspace: git-auth - - name: build-container-amd64 - params: - - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-amd64 - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - BUILD_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - taskRef: + - name: build-images + matrix: params: - - name: name - value: buildah-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:83a505fe13bcb1898ed51e92794af8b18fd8ea5e1e916a8ba5d21e9fdc0a9706 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - - name: build-container-s390x + - name: PLATFORM + value: + - $(params.build-platforms) params: - - name: PLATFORM - value: linux/s390x - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-s390x - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - BUILD_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - taskRef: - params: - - name: name - value: buildah-remote-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:08bbee8bda1e6d0f7a4690a494f0a2713e0279c75412402a28008a8aa34283ca - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - timeout: 2h0m0s - - - name: build-container-ppc64le - params: - - name: PLATFORM - value: linux/ppc64le - - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-ppc64le - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - BUILD_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - taskRef: - params: - - name: name - value: buildah-remote-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:08bbee8bda1e6d0f7a4690a494f0a2713e0279c75412402a28008a8aa34283ca - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - timeout: 2h0m0s - - - name: build-container-arm64 - params: - - name: PLATFORM - value: linux-d160-m2xlarge/arm64 - - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-arm64 + value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG) - name: DOCKERFILE value: $(params.dockerfile) - name: CONTEXT @@ -412,12 +323,20 @@ spec: value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: LABELS + value: ["$(params.extra-labels[*])"] + - name: BUILD_TIMESTAMP + value: "$(tasks.clone-repository.results.commit-timestamp)" + - name: IMAGE_APPEND_PLATFORM + value: "true" taskRef: params: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:08bbee8bda1e6d0f7a4690a494f0a2713e0279c75412402a28008a8aa34283ca + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.7@sha256:d8b2cd0bd3f8e3fdcafe4aebfee59f3f2fcbca78ef31f9c5dd8ecd781cd02636 - name: kind value: task resolver: bundles @@ -435,18 +354,17 @@ spec: value: $(tasks.clone-repository.results.commit) - name: IMAGES value: - - $(tasks.build-container-amd64.results.IMAGE_REF) - - $(tasks.build-container-s390x.results.IMAGE_REF) - - $(tasks.build-container-ppc64le.results.IMAGE_REF) - - $(tasks.build-container-arm64.results.IMAGE_REF) + - $(tasks.build-images.results.IMAGE_REF[*]) - name: IMAGE_EXPIRES_AFTER value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) taskRef: params: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:8e5dfb2fac011148f8715bbe0b99415f88297683d269eae0dfcad52562195d45 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:985d1efe861b02524a7679ecd855624b3d4e3a2e835b6f8a97ec7d135898ec0b - name: kind value: task resolver: bundles @@ -454,6 +372,7 @@ spec: - input: $(tasks.init.results.build) operator: in values: [ "true" ] + runAfter: [ build-images ] - name: apply-index-image-tag params: @@ -469,7 +388,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:f44be1bf0262471f2f503f5e19da5f0628dcaf968c86272a2ad6b4871e708448 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:c89cd10b2a3f4c43789c5f06ef2b86f528b28f156c20af5e751fa8c0facd457d - name: kind value: task resolver: bundles @@ -493,7 +412,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:c35ba219390d77a48ee19347e5ee8d13e5c23e3984299e02291d6da1ed8a986c - name: kind value: task resolver: bundles @@ -516,7 +435,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:2c32152a55f6bfba67b41be456da46b6e109bb3e348e25220eed4eed149958c5 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:1cf21de671be4c97d4973b60c09c912997cd15b65c30b93a07eff1b24f43a1f8 - name: kind value: task resolver: bundles @@ -526,6 +445,11 @@ spec: values: [ "false" ] - name: clair-scan + matrix: + params: + - name: image-platform + value: + - $(params.build-platforms) params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) @@ -536,7 +460,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:654b989d7cdc03d082e56f216a29de04847215ee379a8d9ca315e453ad2b15c2 - name: kind value: task resolver: bundles @@ -546,6 +470,11 @@ spec: values: [ "false" ] - name: ecosystem-cert-preflight-checks + matrix: + params: + - name: platform + value: + - $(params.build-platforms) params: - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) @@ -554,7 +483,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:b612fd73d81822113e2c12f44a72eed218540aaa8e9f3e42223bddb01a0689cb - name: kind value: task resolver: bundles @@ -578,7 +507,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:e7a51575f9188a1461d4520da25aaa4efdd3b896c97dc750941fa22840e55c13 - name: kind value: task resolver: bundles @@ -602,7 +531,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:a2bde66f6b4164620298c7d709b8f08515409404000fa1dc2260d2508b135651 + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:8817f5081c10d9debf25601d6d99d7eddde19435be1ff24741d9025931639959 - name: kind value: task resolver: bundles @@ -626,7 +555,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:783f5de1b4def2fb3fad20b914f4b3afee46ffb8f652114946e321ef3fa86449 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:49b7d09db82e6cad98152db8f16707ca3d90a1709e846e3ed8c91a433c88724f - name: kind value: task resolver: bundles @@ -636,6 +565,11 @@ spec: values: [ "false" ] - name: clamav-scan + matrix: + params: + - name: image-arch + value: + - $(params.build-platforms) params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) @@ -646,7 +580,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b2f25599a10ab0846e4659f76b5b78c0fddf561404656fda52055eda31e70d83 - name: kind value: task resolver: bundles @@ -666,7 +600,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:00417785ba16344c10e8682bf58eeb6ef058cedd88ae2d86bb14ced220135374 - name: kind value: task resolver: bundles @@ -692,7 +626,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08bba4a659ecd48f871bef00b80af58954e5a09fcbb28a1783ddd640c4f6535e - name: kind value: task resolver: bundles diff --git a/.tekton/operator-build.yaml b/.tekton/operator-build.yaml index 474af8ab84068..da9dc2e328304 100644 --- a/.tekton/operator-build.yaml +++ b/.tekton/operator-build.yaml @@ -23,8 +23,8 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs - appstudio.openshift.io/component: operator + appstudio.openshift.io/application: acs-4-9 + appstudio.openshift.io/component: operator-4-9 pipelines.appstudio.openshift.io/type: build name: operator-on-push namespace: rh-acs-tenant @@ -56,6 +56,10 @@ spec: value: '0' - name: clone-fetch-tags value: 'true' + - name: extra-labels + value: + # X.Y in the cpe label must be adjusted for every version stream. + - "cpe=cpe:/a:redhat:advanced_cluster_security:4.9::el8" pipelineRef: name: basic-component-pipeline @@ -70,16 +74,6 @@ spec: cpu: 2 requests: cpu: 2 - - pipelineTaskName: build-container-amd64 - stepSpecs: - - name: build - # CPU requests are increased to speed up builds compared to the defaults. - # Defaults: https://github.com/konflux-ci/build-definitions/blob/main/task/buildah-oci-ta/0.5/buildah-oci-ta.yaml#L921 - computeResources: - limits: - cpu: 2 - requests: - cpu: 2 - pipelineTaskName: build-source-image stepSpecs: # Bump memory for source image build because the one with defaults tends to get sometimes OOM-killed. @@ -91,7 +85,7 @@ spec: memory: 3Gi taskRunTemplate: - serviceAccountName: build-pipeline-operator + serviceAccountName: build-pipeline-operator-4-9 # IMPORTANT: when changing timeouts here, read and follow timeout instructions in operator-bundle-build.yaml. timeouts: diff --git a/.tekton/operator-bundle-build.yaml b/.tekton/operator-bundle-build.yaml index 4cb879ae1d5bc..de77bbb47722c 100644 --- a/.tekton/operator-bundle-build.yaml +++ b/.tekton/operator-bundle-build.yaml @@ -23,8 +23,8 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs - appstudio.openshift.io/component: operator-bundle + appstudio.openshift.io/application: acs-4-9 + appstudio.openshift.io/component: operator-bundle-4-9 pipelines.appstudio.openshift.io/type: build name: operator-bundle-on-push namespace: rh-acs-tenant @@ -57,6 +57,10 @@ spec: value: '0' - name: clone-fetch-tags value: 'true' + - name: extra-labels + value: + # X.Y in the cpe label must be adjusted for every version stream. + - "cpe=cpe:/a:redhat:advanced_cluster_security:4.9::el8" pipelineRef: name: operator-bundle-pipeline @@ -73,7 +77,7 @@ spec: memory: 3Gi taskRunTemplate: - serviceAccountName: build-pipeline-operator-bundle + serviceAccountName: build-pipeline-operator-bundle-4-9 # When building the operator-bundle, we must resolve image digests for all other ACS product images in order to inject # these digests in the bundle's ClusterServiceVersion file. For this, the bundle pipeline waits for each image to be diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index b6ea13983746c..5d1ad7c549893 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -8,7 +8,7 @@ spec: - name: slack-notification params: - name: message - value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' + value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' - name: key-name value: 'acs-konflux-notifications' when: @@ -21,7 +21,7 @@ spec: - name: name value: slack-webhook-notification - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:4e68fe2225debc256d403b828ed358345bb56d03327b46d55cb6c42911375750 + value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:69945a30c11387a766e3d0ae33991b68e865a290c09da1fea44f193d358926ba - name: kind value: task resolver: bundles @@ -49,7 +49,7 @@ spec: - name: name value: post-bigquery-metrics - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -115,6 +115,13 @@ spec: description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after which they can be garbage collected. name: oci-artifact-expires-after type: string + - name: buildah-format + default: docker + type: string + description: The format for the resulting image's mediaType. Valid values are oci or docker. + - name: extra-labels + type: array + description: Additional labels to put on the built containers. - name: operator-image-build-repo description: Repository where the (unreleased) operator image is pushed by its build pipeline. @@ -215,6 +222,10 @@ spec: type: string default: "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8" + - name: enable-cache-proxy + default: 'false' + description: Enable cache proxy configuration + type: string results: - description: "" name: IMAGE_URL @@ -228,9 +239,6 @@ spec: - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) - - description: "" - name: SNAPSHOT_NAME - value: $(tasks.create-acs-style-snapshot.results.SNAPSHOT_NAME) workspaces: - name: git-auth @@ -251,12 +259,14 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) taskRef: params: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:b349d24cb896573695802d6913d311640b44675ec082b3ad167721946a6a0a71 - name: kind value: task resolver: bundles @@ -280,7 +290,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:56f65a16d3d0485c64ad85af2c1f3e9b0bb4d02d63f2fd0ebb9498d219ca723d - name: kind value: task resolver: bundles @@ -303,7 +313,7 @@ spec: - name: name value: determine-image-expiration - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -319,7 +329,7 @@ spec: - name: name value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -339,7 +349,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:098322d6b789824f716f2d9caca1862d4afdc083ebaaee61aadd22a8c179480a + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:4c9ff416bfd127e1f960bd0218127c7e198dbd15827c1a8bf58ac5eb023dd9e2 - name: kind value: task resolver: bundles @@ -356,7 +366,7 @@ spec: - name: name value: wait-for-image - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -478,12 +488,18 @@ spec: value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: LABELS + value: ["$(params.extra-labels[*])"] + - name: BUILD_TIMESTAMP + value: "$(tasks.clone-repository.results.commit-timestamp)" taskRef: params: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:83a505fe13bcb1898ed51e92794af8b18fd8ea5e1e916a8ba5d21e9fdc0a9706 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.7@sha256:7d5818e082e5534cf63946c1a1d380c0ee6b10b5c915340368c9ca081b97c02a - name: kind value: task resolver: bundles @@ -506,7 +522,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:f44be1bf0262471f2f503f5e19da5f0628dcaf968c86272a2ad6b4871e708448 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:c89cd10b2a3f4c43789c5f06ef2b86f528b28f156c20af5e751fa8c0facd457d - name: kind value: task resolver: bundles @@ -526,7 +542,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:c35ba219390d77a48ee19347e5ee8d13e5c23e3984299e02291d6da1ed8a986c - name: kind value: task resolver: bundles @@ -549,7 +565,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:2c32152a55f6bfba67b41be456da46b6e109bb3e348e25220eed4eed149958c5 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:1cf21de671be4c97d4973b60c09c912997cd15b65c30b93a07eff1b24f43a1f8 - name: kind value: task resolver: bundles @@ -569,7 +585,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:654b989d7cdc03d082e56f216a29de04847215ee379a8d9ca315e453ad2b15c2 - name: kind value: task resolver: bundles @@ -591,7 +607,7 @@ spec: - name: name value: fips-operator-bundle-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-fips-operator-bundle-check-oci-ta:0.1@sha256:d512b24647cbce96f29e3655d30eb1828ca521f59d55ef491e48584bb0b99bd6 + value: quay.io/konflux-ci/tekton-catalog/task-fips-operator-bundle-check-oci-ta:0.1@sha256:891c4c2c28f24580ddc1ba613f8ce61c74fc634edae6a057de4def11f3e61fd2 - name: kind value: task resolver: bundles @@ -615,7 +631,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:e7a51575f9188a1461d4520da25aaa4efdd3b896c97dc750941fa22840e55c13 - name: kind value: task resolver: bundles @@ -639,7 +655,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:a2bde66f6b4164620298c7d709b8f08515409404000fa1dc2260d2508b135651 + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:8817f5081c10d9debf25601d6d99d7eddde19435be1ff24741d9025931639959 - name: kind value: task resolver: bundles @@ -663,7 +679,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:783f5de1b4def2fb3fad20b914f4b3afee46ffb8f652114946e321ef3fa86449 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:49b7d09db82e6cad98152db8f16707ca3d90a1709e846e3ed8c91a433c88724f - name: kind value: task resolver: bundles @@ -683,7 +699,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b2f25599a10ab0846e4659f76b5b78c0fddf561404656fda52055eda31e70d83 - name: kind value: task resolver: bundles @@ -703,7 +719,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:00417785ba16344c10e8682bf58eeb6ef058cedd88ae2d86bb14ced220135374 - name: kind value: task resolver: bundles @@ -729,132 +745,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec - - name: kind - value: task - resolver: bundles - - - name: create-acs-style-snapshot - description: Creates a Snapshot representing a valid set of ACS containers unlike the Snapshots created by Konflux automatically - # Explicitly running after all other tasks to ensure that - # - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...) - # - the source image is present as it is required by EC - # Use scripts/ci/jobs/check-konflux-setup.sh to validate and update the list. - runAfter: - - apply-tags - - build-container - - build-source-image - - clair-scan - - clamav-scan - - clone-repository - - deprecated-base-image-check - - determine-image-expiration - - determine-image-tag - - fips-operator-bundle-check-oci-ta - - init - - post-metric-start - - prefetch-dependencies - - push-dockerfile - - rpms-signature-scan - - sast-shell-check - - sast-snyk-check - - sast-unicode-check - - wait-for-central-db-image - - wait-for-collector-image - - wait-for-main-image - - wait-for-operator-image - - wait-for-roxctl-image - - wait-for-scanner-db-image - - wait-for-scanner-db-slim-image - - wait-for-scanner-image - - wait-for-scanner-slim-image - - wait-for-scanner-v4-db-image - - wait-for-scanner-v4-image - params: - - name: PRODUCT_VERSION - value: $(tasks.determine-image-tag.results.IMAGE_TAG) - - name: COMPONENTS - value: | - [ - { - "name": "central-db", - "containerImage": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-central-db-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-central-db-image.results.GIT_REF)" - }, - { - "name": "collector", - "containerImage": "$(params.collector-image-build-repo)@$(tasks.wait-for-collector-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-collector-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-collector-image.results.GIT_REF)" - }, - { - "name": "main", - "containerImage": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-main-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-main-image.results.GIT_REF)" - }, - { - "name": "operator", - "containerImage": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-operator-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-operator-image.results.GIT_REF)" - }, - { - "name": "operator-bundle", - "containerImage": "$(params.output-image-repo)@$(tasks.build-container.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "name": "roxctl", - "containerImage": "$(params.roxctl-image-build-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-roxctl-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-roxctl-image.results.GIT_REF)" - }, - { - "name": "scanner-db", - "containerImage": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)" - }, - { - "name": "scanner-db-slim", - "containerImage": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)" - }, - { - "name": "scanner", - "containerImage": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" - }, - { - "name": "scanner-slim", - "containerImage": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)" - }, - { - "name": "scanner-v4-db", - "containerImage": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-v4-db-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-v4-db-image.results.GIT_REF)" - }, - { - "name": "scanner-v4", - "containerImage": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-v4-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-v4-image.results.GIT_REF)" - } - ] - taskRef: - params: - - name: name - value: create-snapshot - - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08bba4a659ecd48f871bef00b80af58954e5a09fcbb28a1783ddd640c4f6535e - name: kind value: task resolver: bundles diff --git a/.tekton/retag-collector.yaml b/.tekton/retag-collector.yaml index 402dfb62469e1..74d4e48ddbbba 100644 --- a/.tekton/retag-collector.yaml +++ b/.tekton/retag-collector.yaml @@ -23,7 +23,7 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs + appstudio.openshift.io/application: acs-4-9 name: retag-collector namespace: rh-acs-tenant @@ -45,7 +45,7 @@ spec: name: retag-pipeline taskRunTemplate: - serviceAccountName: build-pipeline-collector + serviceAccountName: build-pipeline-collector-4-9 timeouts: tasks: 30m diff --git a/.tekton/retag-pipeline.yaml b/.tekton/retag-pipeline.yaml index 54c57629ab188..ad04910b8a23c 100644 --- a/.tekton/retag-pipeline.yaml +++ b/.tekton/retag-pipeline.yaml @@ -8,7 +8,7 @@ spec: - name: slack-notification params: - name: message - value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' + value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' - name: key-name value: 'acs-konflux-notifications' when: @@ -21,7 +21,7 @@ spec: - name: name value: slack-webhook-notification - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:4e68fe2225debc256d403b828ed358345bb56d03327b46d55cb6c42911375750 + value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:69945a30c11387a766e3d0ae33991b68e865a290c09da1fea44f193d358926ba - name: kind value: task resolver: bundles @@ -35,7 +35,7 @@ spec: - name: name value: post-bigquery-metrics - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -117,7 +117,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:56f65a16d3d0485c64ad85af2c1f3e9b0bb4d02d63f2fd0ebb9498d219ca723d - name: kind value: task resolver: bundles @@ -136,7 +136,7 @@ spec: - name: name value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -154,7 +154,7 @@ spec: - name: name value: determine-dependency-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -170,7 +170,7 @@ spec: - name: name value: wait-for-image - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -195,7 +195,7 @@ spec: - name: name value: retag-image - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles diff --git a/.tekton/retag-scanner-db-slim.yaml b/.tekton/retag-scanner-db-slim.yaml index 581a18e658190..77e2d4e956bcb 100644 --- a/.tekton/retag-scanner-db-slim.yaml +++ b/.tekton/retag-scanner-db-slim.yaml @@ -23,7 +23,7 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs + appstudio.openshift.io/application: acs-4-9 name: retag-scanner-db-slim namespace: rh-acs-tenant @@ -45,7 +45,7 @@ spec: name: retag-pipeline taskRunTemplate: - serviceAccountName: build-pipeline-scanner-db-slim + serviceAccountName: build-pipeline-scanner-db-slim-4-9 timeouts: tasks: 30m diff --git a/.tekton/retag-scanner-db.yaml b/.tekton/retag-scanner-db.yaml index 500aa96403280..69ce6fb319beb 100644 --- a/.tekton/retag-scanner-db.yaml +++ b/.tekton/retag-scanner-db.yaml @@ -23,7 +23,7 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs + appstudio.openshift.io/application: acs-4-9 name: retag-scanner-db namespace: rh-acs-tenant @@ -45,7 +45,7 @@ spec: name: retag-pipeline taskRunTemplate: - serviceAccountName: build-pipeline-scanner-db + serviceAccountName: build-pipeline-scanner-db-4-9 timeouts: tasks: 30m diff --git a/.tekton/retag-scanner-slim.yaml b/.tekton/retag-scanner-slim.yaml index 9a0347886450c..cd0c703210e0c 100644 --- a/.tekton/retag-scanner-slim.yaml +++ b/.tekton/retag-scanner-slim.yaml @@ -23,7 +23,7 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs + appstudio.openshift.io/application: acs-4-9 name: retag-scanner-slim namespace: rh-acs-tenant @@ -45,7 +45,7 @@ spec: name: retag-pipeline taskRunTemplate: - serviceAccountName: build-pipeline-scanner-slim + serviceAccountName: build-pipeline-scanner-slim-4-9 timeouts: tasks: 30m diff --git a/.tekton/retag-scanner.yaml b/.tekton/retag-scanner.yaml index 1ef222b253e72..729821702b10d 100644 --- a/.tekton/retag-scanner.yaml +++ b/.tekton/retag-scanner.yaml @@ -23,7 +23,7 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs + appstudio.openshift.io/application: acs-4-9 name: retag-scanner namespace: rh-acs-tenant @@ -45,7 +45,7 @@ spec: name: retag-pipeline taskRunTemplate: - serviceAccountName: build-pipeline-scanner + serviceAccountName: build-pipeline-scanner-4-9 timeouts: tasks: 30m diff --git a/.tekton/roxctl-build.yaml b/.tekton/roxctl-build.yaml index 932b33a5357ef..8fabee90a8773 100644 --- a/.tekton/roxctl-build.yaml +++ b/.tekton/roxctl-build.yaml @@ -23,8 +23,8 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs - appstudio.openshift.io/component: roxctl + appstudio.openshift.io/application: acs-4-9 + appstudio.openshift.io/component: roxctl-4-9 pipelines.appstudio.openshift.io/type: build name: roxctl-on-push namespace: rh-acs-tenant @@ -56,6 +56,10 @@ spec: value: '0' - name: clone-fetch-tags value: 'true' + - name: extra-labels + value: + # X.Y in the cpe label must be adjusted for every version stream. + - "cpe=cpe:/a:redhat:advanced_cluster_security:4.9::el8" pipelineRef: name: basic-component-pipeline @@ -70,16 +74,6 @@ spec: cpu: 2 requests: cpu: 2 - - pipelineTaskName: build-container-amd64 - stepSpecs: - - name: build - # CPU requests are increased to speed up builds compared to the defaults. - # Defaults: https://github.com/konflux-ci/build-definitions/blob/main/task/buildah-oci-ta/0.5/buildah-oci-ta.yaml#L921 - computeResources: - limits: - cpu: 2 - requests: - cpu: 2 - pipelineTaskName: build-source-image stepSpecs: # Bump memory for source image build because the one with defaults tends to get sometimes OOM-killed. @@ -91,7 +85,7 @@ spec: memory: 3Gi taskRunTemplate: - serviceAccountName: build-pipeline-roxctl + serviceAccountName: build-pipeline-roxctl-4-9 # IMPORTANT: when changing timeouts here, read and follow timeout instructions in operator-bundle-build.yaml. timeouts: diff --git a/.tekton/scanner-v4-build.yaml b/.tekton/scanner-v4-build.yaml index c2bcfb20966ba..63f0c3c57f730 100644 --- a/.tekton/scanner-v4-build.yaml +++ b/.tekton/scanner-v4-build.yaml @@ -23,8 +23,8 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs - appstudio.openshift.io/component: scanner-v4 + appstudio.openshift.io/application: acs-4-9 + appstudio.openshift.io/component: scanner-v4-4-9 pipelines.appstudio.openshift.io/type: build name: scanner-v4-on-push namespace: rh-acs-tenant @@ -56,6 +56,10 @@ spec: value: '0' - name: clone-fetch-tags value: 'true' + - name: extra-labels + value: + # X.Y in the cpe label must be adjusted for every version stream. + - "cpe=cpe:/a:redhat:advanced_cluster_security:4.9::el8" pipelineRef: name: scanner-v4-pipeline @@ -70,16 +74,6 @@ spec: cpu: 2 requests: cpu: 2 - - pipelineTaskName: build-container-amd64 - stepSpecs: - - name: build - # CPU requests are increased to speed up builds compared to the defaults. - # Defaults: https://github.com/konflux-ci/build-definitions/blob/main/task/buildah-oci-ta/0.5/buildah-oci-ta.yaml#L921 - computeResources: - limits: - cpu: 2 - requests: - cpu: 2 - pipelineTaskName: build-source-image stepSpecs: # Bump memory for source image build because the one with defaults tends to get sometimes OOM-killed. @@ -91,7 +85,7 @@ spec: memory: 3Gi taskRunTemplate: - serviceAccountName: build-pipeline-scanner-v4 + serviceAccountName: build-pipeline-scanner-v4-4-9 # IMPORTANT: when changing timeouts here, read and follow timeout instructions in operator-bundle-build.yaml. timeouts: diff --git a/.tekton/scanner-v4-db-build.yaml b/.tekton/scanner-v4-db-build.yaml index 9cc5ebabe7569..12e71e86d031c 100644 --- a/.tekton/scanner-v4-db-build.yaml +++ b/.tekton/scanner-v4-db-build.yaml @@ -23,8 +23,8 @@ metadata: # added to the PR. See the Slack tread linked from ROX-30580. pipelinesascode.tekton.dev/on-label: "[]" labels: - appstudio.openshift.io/application: acs - appstudio.openshift.io/component: scanner-v4-db + appstudio.openshift.io/application: acs-4-9 + appstudio.openshift.io/component: scanner-v4-db-4-9 pipelines.appstudio.openshift.io/type: build name: scanner-v4-db-on-push namespace: rh-acs-tenant @@ -57,6 +57,10 @@ spec: value: '0' - name: clone-fetch-tags value: 'true' + - name: extra-labels + value: + # X.Y in the cpe label must be adjusted for every version stream. + - "cpe=cpe:/a:redhat:advanced_cluster_security:4.9::el8" pipelineRef: name: basic-component-pipeline @@ -73,7 +77,7 @@ spec: memory: 3Gi taskRunTemplate: - serviceAccountName: build-pipeline-scanner-v4-db + serviceAccountName: build-pipeline-scanner-v4-db-4-9 # IMPORTANT: when changing timeouts here, read and follow timeout instructions in operator-bundle-build.yaml. timeouts: diff --git a/.tekton/scanner-v4-pipeline.yaml b/.tekton/scanner-v4-pipeline.yaml index 8145a7632d3e8..38fa2c4d7fa4e 100644 --- a/.tekton/scanner-v4-pipeline.yaml +++ b/.tekton/scanner-v4-pipeline.yaml @@ -8,7 +8,7 @@ spec: - name: slack-notification params: - name: message - value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' + value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' - name: key-name value: 'acs-konflux-notifications' when: @@ -21,7 +21,7 @@ spec: - name: name value: slack-webhook-notification - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:4e68fe2225debc256d403b828ed358345bb56d03327b46d55cb6c42911375750 + value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:69945a30c11387a766e3d0ae33991b68e865a290c09da1fea44f193d358926ba - name: kind value: task resolver: bundles @@ -49,7 +49,7 @@ spec: - name: name value: post-bigquery-metrics - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -115,7 +115,29 @@ spec: description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after which they can be garbage collected. name: oci-artifact-expires-after type: string + - name: buildah-format + default: docker + type: string + description: The format for the resulting image's mediaType. Valid values are oci or docker. + - name: extra-labels + type: array + description: Additional labels to put on the built containers. + - default: + - linux/amd64 + - linux/arm64 + - linux/ppc64le + - linux/s390x + description: > + List of platforms to build the container images for. The available + set of values is determined by the configuration of the multi-platform-controller + on the cluster: https://konflux.pages.redhat.com/docs/users/getting-started/multi-platform-builds.html + name: build-platforms + type: array + - name: enable-cache-proxy + default: 'false' + description: Enable cache proxy configuration + type: string results: - description: "" name: IMAGE_URL @@ -149,12 +171,14 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) taskRef: params: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:b349d24cb896573695802d6913d311640b44675ec082b3ad167721946a6a0a71 - name: kind value: task resolver: bundles @@ -178,7 +202,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:56f65a16d3d0485c64ad85af2c1f3e9b0bb4d02d63f2fd0ebb9498d219ca723d - name: kind value: task resolver: bundles @@ -201,7 +225,7 @@ spec: - name: name value: determine-image-expiration - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -217,7 +241,7 @@ spec: - name: name value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -237,7 +261,7 @@ spec: - name: name value: fetch-scanner-v4-vuln-mappings - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1ec052cfe55faa372e38a16eee8456a78ade9e2865aaad6f18994092f0a590e3 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:d35d6f2e6339557ebc80e29d2db6275cdc8cd6bdf9b1fd39b3281b56efd121cf - name: kind value: task resolver: bundles @@ -257,7 +281,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:098322d6b789824f716f2d9caca1862d4afdc083ebaaee61aadd22a8c179480a + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:4c9ff416bfd127e1f960bd0218127c7e198dbd15827c1a8bf58ac5eb023dd9e2 - name: kind value: task resolver: bundles @@ -265,125 +289,15 @@ spec: - name: git-basic-auth workspace: git-auth - - name: build-container-amd64 - params: - - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-amd64 - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - BUILD_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - taskRef: - params: - - name: name - value: buildah-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:83a505fe13bcb1898ed51e92794af8b18fd8ea5e1e916a8ba5d21e9fdc0a9706 - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - - name: build-container-s390x - params: - - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-s390x - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - BUILD_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: PLATFORM - value: linux/s390x - taskRef: - params: - - name: name - value: buildah-remote-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:08bbee8bda1e6d0f7a4690a494f0a2713e0279c75412402a28008a8aa34283ca - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - - name: build-container-ppc64le - params: - - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-ppc64le - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - BUILD_TAG=$(tasks.determine-image-tag.results.IMAGE_TAG) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: PLATFORM - value: linux/ppc64le - taskRef: + - name: build-images + matrix: params: - - name: name - value: buildah-remote-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:08bbee8bda1e6d0f7a4690a494f0a2713e0279c75412402a28008a8aa34283ca - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - - name: build-container-arm64 + - name: PLATFORM + value: + - $(params.build-platforms) params: - name: IMAGE - value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-arm64 + value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG) - name: DOCKERFILE value: $(params.dockerfile) - name: CONTEXT @@ -403,14 +317,20 @@ spec: value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: PLATFORM - value: linux/arm64 + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: LABELS + value: ["$(params.extra-labels[*])"] + - name: BUILD_TIMESTAMP + value: "$(tasks.clone-repository.results.commit-timestamp)" + - name: IMAGE_APPEND_PLATFORM + value: "true" taskRef: params: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:08bbee8bda1e6d0f7a4690a494f0a2713e0279c75412402a28008a8aa34283ca + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.7@sha256:d8b2cd0bd3f8e3fdcafe4aebfee59f3f2fcbca78ef31f9c5dd8ecd781cd02636 - name: kind value: task resolver: bundles @@ -427,18 +347,17 @@ spec: value: $(tasks.clone-repository.results.commit) - name: IMAGES value: - - $(tasks.build-container-amd64.results.IMAGE_REF) - - $(tasks.build-container-s390x.results.IMAGE_REF) - - $(tasks.build-container-ppc64le.results.IMAGE_REF) - - $(tasks.build-container-arm64.results.IMAGE_REF) + - $(tasks.build-images.results.IMAGE_REF[*]) - name: IMAGE_EXPIRES_AFTER value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) taskRef: params: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:8e5dfb2fac011148f8715bbe0b99415f88297683d269eae0dfcad52562195d45 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:985d1efe861b02524a7679ecd855624b3d4e3a2e835b6f8a97ec7d135898ec0b - name: kind value: task resolver: bundles @@ -446,6 +365,7 @@ spec: - input: $(tasks.init.results.build) operator: in values: [ "true" ] + runAfter: [ build-images ] - name: apply-index-image-tag params: @@ -461,7 +381,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:f44be1bf0262471f2f503f5e19da5f0628dcaf968c86272a2ad6b4871e708448 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:c89cd10b2a3f4c43789c5f06ef2b86f528b28f156c20af5e751fa8c0facd457d - name: kind value: task resolver: bundles @@ -485,7 +405,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:c35ba219390d77a48ee19347e5ee8d13e5c23e3984299e02291d6da1ed8a986c - name: kind value: task resolver: bundles @@ -508,7 +428,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:2c32152a55f6bfba67b41be456da46b6e109bb3e348e25220eed4eed149958c5 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:1cf21de671be4c97d4973b60c09c912997cd15b65c30b93a07eff1b24f43a1f8 - name: kind value: task resolver: bundles @@ -518,6 +438,11 @@ spec: values: [ "false" ] - name: clair-scan + matrix: + params: + - name: image-platform + value: + - $(params.build-platforms) params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) @@ -528,7 +453,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:654b989d7cdc03d082e56f216a29de04847215ee379a8d9ca315e453ad2b15c2 - name: kind value: task resolver: bundles @@ -538,6 +463,11 @@ spec: values: [ "false" ] - name: ecosystem-cert-preflight-checks + matrix: + params: + - name: platform + value: + - $(params.build-platforms) params: - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) @@ -546,7 +476,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:b612fd73d81822113e2c12f44a72eed218540aaa8e9f3e42223bddb01a0689cb - name: kind value: task resolver: bundles @@ -570,7 +500,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:e7a51575f9188a1461d4520da25aaa4efdd3b896c97dc750941fa22840e55c13 - name: kind value: task resolver: bundles @@ -594,7 +524,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:a2bde66f6b4164620298c7d709b8f08515409404000fa1dc2260d2508b135651 + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:8817f5081c10d9debf25601d6d99d7eddde19435be1ff24741d9025931639959 - name: kind value: task resolver: bundles @@ -618,7 +548,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:783f5de1b4def2fb3fad20b914f4b3afee46ffb8f652114946e321ef3fa86449 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:49b7d09db82e6cad98152db8f16707ca3d90a1709e846e3ed8c91a433c88724f - name: kind value: task resolver: bundles @@ -628,6 +558,11 @@ spec: values: [ "false" ] - name: clamav-scan + matrix: + params: + - name: image-arch + value: + - $(params.build-platforms) params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) @@ -638,7 +573,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b2f25599a10ab0846e4659f76b5b78c0fddf561404656fda52055eda31e70d83 - name: kind value: task resolver: bundles @@ -658,7 +593,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:00417785ba16344c10e8682bf58eeb6ef058cedd88ae2d86bb14ced220135374 - name: kind value: task resolver: bundles @@ -684,7 +619,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08bba4a659ecd48f871bef00b80af58954e5a09fcbb28a1783ddd640c4f6535e - name: kind value: task resolver: bundles diff --git a/AGENTS.md b/AGENTS.md index 5ae4624f11215..9efdeef0af636 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -58,8 +58,8 @@ When creating pull requests, you must follow these requirements: - `make image` - Build the main StackRox container image with tag from `make tag` - `make main-build-dockerized` - Compile all Go binaries using Docker - `make main-build` - Build main binaries with dependency prep -- `make cli` - Build and install roxctl CLI for all platforms -- `make cli_host-arch` - Build roxctl CLI for current platform only +- `make cli` - Build and install CLI tools for all platforms +- `make cli_host-arch` - Build CLI tools for current platform only - `make all-builds` - Build all components (CLI, main, UI, docs) ### Testing Commands diff --git a/BUILD_IMAGE_VERSION b/BUILD_IMAGE_VERSION index 635b1d0c24db2..44776a28929be 100644 --- a/BUILD_IMAGE_VERSION +++ b/BUILD_IMAGE_VERSION @@ -1 +1 @@ -stackrox-build-0.4.9 +stackrox-build-0.5.1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f9b197a38acf..1e0816bb48358 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,13 +9,34 @@ Put an entry in this file if your change is user-visible and you consider it _pa Changes should still be described appropriately in JIRA/doc input pages, for inclusion in downstream release notes. -## [NEXT RELEASE] +## [4.9.3] + +**Full Changelog**: [4.9.2...4.9.3](https://github.com/stackrox/stackrox/compare/4.9.2...4.9.3) + +For a description of the changes, review the [Release Notes](https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html/release_notes/index) on the Red Hat Documentation portal. + +## [4.9.2] + +**Full Changelog**: [4.9.1...4.9.2](https://github.com/stackrox/stackrox/compare/4.9.1...4.9.2) + +For a description of the changes, review the [Release Notes](https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html/release_notes/index) on the Red Hat Documentation portal. + +## [4.9.1] + +### Technical Changes + +- ROX-31566: Optimized the database migration for process indicators added in version 4.9 by implementing a strategy to drop indices before migration and rebuild them afterward, significantly improving performance. +- ROX-31138: Resolved an issue where automatically rescanned images failed to suppress deferred CVEs in the RHACS Web UI, causing them to reappear in results and reports. +- ROX-31554: Fixed an issue where Central would panic and terminate Sensor connections, when a Sensor sent an event type unknown to Central. This occurred specifically when a Sensor version 4.9 was paired with Central version 4.7 or 4.8 on a cluster using OpenShift Virtualization. This fix ensures Central operates normally under these conditions and has also been applied to Central 4.9 to improve future compatibility with Sensors. +- ROX-31552: Fixed an issue where Sensor would send VM data even though the feature flag `ROX_VIRTUAL_MACHINES` was not enabled, leading to issues tracked with ROX-31554. + +## [4.9.0] ### Added Features - ROX-30645: Two new API endpoints are added for locking/unlocking process baselines given a cluster ID and an optional set of namespaces. -- ROX-30279: The `admissionControl.enforce` field has been added to the SecuredCluster CRD as a high-level way to toggle admission controller enforcement. -- ROX-30279: The `admissionControl.enforce` field defaults to true for new installations. +- ROX-30279: The `admissionControl.enforcement` field has been added to the SecuredCluster CRD as a high-level way to toggle admission controller enforcement. +- ROX-30279: The `admissionControl.enforcement` field defaults to Enabled for new installations. [This is currently behind the ROX_ADMISSION_CONTROLLER_CONFIG feature flag, but the plan is to enable it for 4.9.] - ROX-30279: The `admissionControl.failurePolicy` field has been added to the SecuredCluster CRD for controlling admission controller's failure policy. It defaults to `Ignore`. @@ -81,6 +102,7 @@ since 4.7 and prior. Using them has no effect. - The current hierarchical implementation for defining Collections is deprecated and will be replaced by a more comprehensive search-based definition in the future. - The manifest install method is now deprecated and will be removed in the future. Manifest install is currently done using the `roxctl {central,sensor,scanner} generate` command line utility, or by choosing the "Legacy installation method" in the UI. Users should switch to Operator or Helm installation. +- All GraphQL endpoints are now deprecated and will be removed in the future. The endpoints were created to support the ACS UI, all other uses are unsupported. ### Technical Changes - ROX-29793: Accessing the Compliance menus (OpenShift Coverage and OpenShift Schedules) and API endpoints (`/v2/compliance/*`) now additionally requires read permissions for the `Cluster` resource. @@ -92,8 +114,9 @@ since 4.7 and prior. before dropping occurs. New metrics have been added for monitoring sensor components: - `rox_sensor_component_process_message_duration_seconds`: Tracks processing time for messages from Central in each sensor component - `rox_sensor_component_queue_operations_total`: Tracks operations on component buffer queues - - `rox_sensor_component_process_message_errors_total`: Tracks processing errors in each sensor component + - `rox_sensor_component_process_message_errors_total`: Tracks processing errors in each sensor component (note: it will not be published until an error occurs) - ROX-30729: Allow to spin up a Sensitive File Activity monitoring agent via `ROX_SENSITIVE_FILE_ACTIVITY` env var. The agent itself is in dev preview and is not supposed to be used in production in this version. +- ROX-31365: Fixed an issue that could cause DB connection exhaustion when many sensor try to reconnect at the same time ## [4.8.0] diff --git a/COLLECTOR_VERSION b/COLLECTOR_VERSION index 4d7d20169b611..0264df508cbb1 100644 --- a/COLLECTOR_VERSION +++ b/COLLECTOR_VERSION @@ -1 +1 @@ -3.22.x-113-g97c4e09223 +3.23.4 diff --git a/Makefile b/Makefile index a06795a3d2e6a..40bd459eacdb9 100644 --- a/Makefile +++ b/Makefile @@ -382,11 +382,24 @@ endif build-prep: deps mkdir -p bin/{darwin_amd64,darwin_arm64,linux_amd64,linux_arm64,linux_ppc64le,linux_s390x,windows_amd64} -.PHONY: cli-build -cli-build: cli-linux cli-darwin cli-windows +.PHONY: roxctl-build +roxctl-build: roxctl-linux roxctl-darwin roxctl-windows -.PHONY: cli-install -cli-install: +roxctl-linux: roxctl_linux-amd64 roxctl_linux-arm64 roxctl_linux-ppc64le roxctl_linux-s390x +roxctl-darwin: roxctl_darwin-amd64 roxctl_darwin-arm64 +roxctl-windows: roxctl_windows-amd64 + +roxctl_%: build-prep + $(eval w := $(subst -, ,$*)) + $(eval os := $(firstword $(w))) + $(eval arch := $(lastword $(w))) +ifdef SKIP_CLI_BUILD + test -f bin/$(os)_$(arch)/roxctl || RACE=0 CGO_ENABLED=0 GOOS=$(os) GOARCH=$(arch) $(GOBUILD) ./roxctl +else + RACE=0 CGO_ENABLED=0 GOOS=$(os) GOARCH=$(arch) $(GOBUILD) ./roxctl +endif + +roxctl-install: # Workaround a bug on MacOS rm -f $(GOPATH)/bin/roxctl # Copy the user's specific OS into gopath @@ -394,25 +407,38 @@ cli-install: cp bin/$(HOST_OS)_$(GOARCH)/roxctl $(GOPATH)/bin/roxctl chmod u+w $(GOPATH)/bin/roxctl -.PHONY: cli -cli: cli-build cli-install +.PHONY: roxctl +roxctl: roxctl-build roxctl-install + +.PHONY: roxagent-build +roxagent-build: roxagent-linux -cli-linux: cli_linux-amd64 cli_linux-arm64 cli_linux-ppc64le cli_linux-s390x -cli-darwin: cli_darwin-amd64 cli_darwin-arm64 -cli-windows: cli_windows-amd64 +roxagent-linux: roxagent_linux-amd64 roxagent_linux-arm64 roxagent_linux-ppc64le roxagent_linux-s390x -cli_%: build-prep +roxagent_%: build-prep $(eval w := $(subst -, ,$*)) $(eval os := $(firstword $(w))) $(eval arch := $(lastword $(w))) ifdef SKIP_CLI_BUILD - test -f bin/$(os)_$(arch)/roxctl || RACE=0 CGO_ENABLED=0 GOOS=$(os) GOARCH=$(arch) $(GOBUILD) ./roxctl + test -f bin/$(os)_$(arch)/roxagent || RACE=0 CGO_ENABLED=0 GOOS=$(os) GOARCH=$(arch) $(GOBUILD) ./compliance/virtualmachines/roxagent else - RACE=0 CGO_ENABLED=0 GOOS=$(os) GOARCH=$(arch) $(GOBUILD) ./roxctl + RACE=0 CGO_ENABLED=0 GOOS=$(os) GOARCH=$(arch) $(GOBUILD) ./compliance/virtualmachines/roxagent endif +.PHONY: roxagent +roxagent: roxagent-build + +.PHONY: cli-build +cli-build: roxctl-build roxagent-build + +.PHONY: cli-install +cli-install: roxctl-install + +.PHONY: cli +cli: cli-build cli-install + .PHONY: cli_host-arch -cli_host-arch: cli_$(HOST_OS)-$(GOARCH) +cli_host-arch: roxctl_$(HOST_OS)-$(GOARCH) roxagent_$(HOST_OS)-$(GOARCH) upgrader: bin/$(HOST_OS)_$(GOARCH)/upgrader diff --git a/SCANNER_VERSION b/SCANNER_VERSION index 3c198bbb9791c..3c7be22d7cc0b 100644 --- a/SCANNER_VERSION +++ b/SCANNER_VERSION @@ -1 +1 @@ -2.37.x-112-gde9f7c100e +2.38.3 diff --git a/central/apitoken/datastore/internal/schedulestore/postgres/store.go b/central/apitoken/datastore/internal/schedulestore/postgres/store.go index 3ee83372df83e..c42af9942aae8 100644 --- a/central/apitoken/datastore/internal/schedulestore/postgres/store.go +++ b/central/apitoken/datastore/internal/schedulestore/postgres/store.go @@ -5,6 +5,7 @@ import ( "context" "time" + "github.com/pkg/errors" "github.com/stackrox/rox/central/metrics" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/logging" @@ -83,31 +84,26 @@ func (s *storeImpl) Upsert(ctx context.Context, obj *storage.NotificationSchedul } func (s *storeImpl) retryableUpsert(ctx context.Context, obj *storage.NotificationSchedule) error { - conn, release, err := s.acquireConn(ctx, ops.Get, "NotificationSchedule") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if _, err := tx.Exec(ctx, deleteStmt); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from notification_schedules") } if err := insertIntoNotificationSchedules(ctx, tx, obj); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err - } - if err := tx.Commit(ctx); err != nil { - return err + return errors.Wrap(err, "inserting into notification_schedules") } - return nil + + return tx.Commit(ctx) } // Get returns the object, if it exists from the store. @@ -125,13 +121,7 @@ func (s *storeImpl) Get(ctx context.Context) (*storage.NotificationSchedule, boo } func (s *storeImpl) retryableGet(ctx context.Context) (*storage.NotificationSchedule, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "NotificationSchedule") - if err != nil { - return nil, false, err - } - defer release() - - row := conn.QueryRow(ctx, getStmt) + row := s.db.QueryRow(ctx, getStmt) var data []byte if err := row.Scan(&data); err != nil { return nil, false, pgutils.ErrNilIfNoRows(err) @@ -144,13 +134,8 @@ func (s *storeImpl) retryableGet(ctx context.Context) (*storage.NotificationSche return &msg, true, nil } -func (s *storeImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } // Delete removes the singleton from the store @@ -168,16 +153,18 @@ func (s *storeImpl) Delete(ctx context.Context) error { } func (s *storeImpl) retryableDelete(ctx context.Context) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "NotificationSchedule") + tx, ctx, err := s.begin(ctx) if err != nil { return err } - defer release() - if _, err := conn.Exec(ctx, deleteStmt); err != nil { - return err + if _, err := tx.Exec(ctx, deleteStmt); err != nil { + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from notification_schedules") } - return nil + return tx.Commit(ctx) } // Used for Testing diff --git a/central/apitoken/datastore/internal/schedulestore/postgres/store_test.go b/central/apitoken/datastore/internal/schedulestore/postgres/store_test.go index 2b699d1bd7569..89fc477058d4c 100644 --- a/central/apitoken/datastore/internal/schedulestore/postgres/store_test.go +++ b/central/apitoken/datastore/internal/schedulestore/postgres/store_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/postgres" "github.com/stackrox/rox/pkg/postgres/pgtest" "github.com/stackrox/rox/pkg/protoassert" "github.com/stackrox/rox/pkg/sac" @@ -78,3 +79,25 @@ func (s *NotificationSchedulesStoreSuite) TestStore() { s.True(exists) protoassert.Equal(s.T(), notificationSchedule, foundNotificationSchedule) } + +func (s *NotificationSchedulesStoreSuite) TestGetWithTransactionContext() { + ctx := sac.WithAllAccess(context.Background()) + store := s.store + + notificationSchedule := &storage.NotificationSchedule{} + s.NoError(testutils.FullInit(notificationSchedule, testutils.SimpleInitializer(), testutils.JSONFieldsFilter)) + s.NoError(store.Upsert(ctx, notificationSchedule)) + + // Create explicit transaction + tx, err := s.testDB.DB.Begin(ctx) + s.NoError(err) + defer tx.Rollback(ctx) + + // Pass transaction context to Get + txCtx := postgres.ContextWithTx(ctx, tx) + retrieved, exists, err := store.Get(txCtx) + + s.NoError(err) + s.True(exists) + protoassert.Equal(s.T(), notificationSchedule, retrieved) +} diff --git a/central/complianceoperator/manager/singleton.go b/central/complianceoperator/manager/singleton.go index 6890a3111c1bb..62e55941d9c76 100644 --- a/central/complianceoperator/manager/singleton.go +++ b/central/complianceoperator/manager/singleton.go @@ -22,7 +22,7 @@ func Singleton() Manager { once.Do(func() { var err error manager, err = NewManager(standards.RegistrySingleton(), profileDatastore.Singleton(), scansDatastore.Singleton(), scanSettingBindingDatastore.Singleton(), rulesDatastore.Singleton(), checkResultsDatastore.Singleton(), complianceDatastore.Singleton()) - utils.Must(err) + utils.Should(err) }) return manager } diff --git a/central/config/store/postgres/store.go b/central/config/store/postgres/store.go index 493e4988f2e78..4c0013aafb579 100644 --- a/central/config/store/postgres/store.go +++ b/central/config/store/postgres/store.go @@ -5,6 +5,7 @@ import ( "context" "time" + "github.com/pkg/errors" "github.com/stackrox/rox/central/metrics" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/logging" @@ -83,31 +84,26 @@ func (s *storeImpl) Upsert(ctx context.Context, obj *storage.Config) error { } func (s *storeImpl) retryableUpsert(ctx context.Context, obj *storage.Config) error { - conn, release, err := s.acquireConn(ctx, ops.Get, "Config") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if _, err := tx.Exec(ctx, deleteStmt); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from configs") } if err := insertIntoConfigs(ctx, tx, obj); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err - } - if err := tx.Commit(ctx); err != nil { - return err + return errors.Wrap(err, "inserting into configs") } - return nil + + return tx.Commit(ctx) } // Get returns the object, if it exists from the store. @@ -125,13 +121,7 @@ func (s *storeImpl) Get(ctx context.Context) (*storage.Config, bool, error) { } func (s *storeImpl) retryableGet(ctx context.Context) (*storage.Config, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "Config") - if err != nil { - return nil, false, err - } - defer release() - - row := conn.QueryRow(ctx, getStmt) + row := s.db.QueryRow(ctx, getStmt) var data []byte if err := row.Scan(&data); err != nil { return nil, false, pgutils.ErrNilIfNoRows(err) @@ -144,13 +134,8 @@ func (s *storeImpl) retryableGet(ctx context.Context) (*storage.Config, bool, er return &msg, true, nil } -func (s *storeImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } // Delete removes the singleton from the store @@ -168,16 +153,18 @@ func (s *storeImpl) Delete(ctx context.Context) error { } func (s *storeImpl) retryableDelete(ctx context.Context) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "Config") + tx, ctx, err := s.begin(ctx) if err != nil { return err } - defer release() - if _, err := conn.Exec(ctx, deleteStmt); err != nil { - return err + if _, err := tx.Exec(ctx, deleteStmt); err != nil { + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from configs") } - return nil + return tx.Commit(ctx) } // Used for Testing diff --git a/central/config/store/postgres/store_test.go b/central/config/store/postgres/store_test.go index bcf868e4ad147..dd8057bdd82a4 100644 --- a/central/config/store/postgres/store_test.go +++ b/central/config/store/postgres/store_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/postgres" "github.com/stackrox/rox/pkg/postgres/pgtest" "github.com/stackrox/rox/pkg/protoassert" "github.com/stackrox/rox/pkg/sac" @@ -78,3 +79,25 @@ func (s *ConfigsStoreSuite) TestStore() { s.True(exists) protoassert.Equal(s.T(), config, foundConfig) } + +func (s *ConfigsStoreSuite) TestGetWithTransactionContext() { + ctx := sac.WithAllAccess(context.Background()) + store := s.store + + config := &storage.Config{} + s.NoError(testutils.FullInit(config, testutils.SimpleInitializer(), testutils.JSONFieldsFilter)) + s.NoError(store.Upsert(ctx, config)) + + // Create explicit transaction + tx, err := s.testDB.DB.Begin(ctx) + s.NoError(err) + defer tx.Rollback(ctx) + + // Pass transaction context to Get + txCtx := postgres.ContextWithTx(ctx, tx) + retrieved, exists, err := store.Get(txCtx) + + s.NoError(err) + s.True(exists) + protoassert.Equal(s.T(), config, retrieved) +} diff --git a/central/cve/cluster/datastore/store/postgres/full_store.go b/central/cve/cluster/datastore/store/postgres/full_store.go index 4dcd7beb007d2..987ba71cb6ba8 100644 --- a/central/cve/cluster/datastore/store/postgres/full_store.go +++ b/central/cve/cluster/datastore/store/postgres/full_store.go @@ -55,7 +55,7 @@ func (s *fullStoreImpl) DeleteClusterCVEsForCluster(ctx context.Context, cluster } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } @@ -91,7 +91,7 @@ func (s *fullStoreImpl) ReconcileClusterCVEParts(ctx context.Context, cveType st } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/central/cve/converter/utils/convert_utils_v2.go b/central/cve/converter/utils/convert_utils_v2.go index 515924ed82224..0c4686297ce9c 100644 --- a/central/cve/converter/utils/convert_utils_v2.go +++ b/central/cve/converter/utils/convert_utils_v2.go @@ -51,7 +51,7 @@ func ImageCVEV2ToEmbeddedVulnerability(vuln *storage.ImageCVEV2) *storage.Embedd } // EmbeddedVulnerabilityToImageCVEV2 converts *storage.EmbeddedVulnerability object to *storage.ImageCVEV2 object -func EmbeddedVulnerabilityToImageCVEV2(imageID string, componentID string, from *storage.EmbeddedVulnerability) (*storage.ImageCVEV2, error) { +func EmbeddedVulnerabilityToImageCVEV2(imageID string, componentID string, index int, from *storage.EmbeddedVulnerability) (*storage.ImageCVEV2, error) { var nvdCvss float32 nvdVersion := storage.CvssScoreVersion_UNKNOWN_VERSION for _, score := range from.GetCvssMetrics() { @@ -76,10 +76,7 @@ func EmbeddedVulnerabilityToImageCVEV2(imageID string, componentID string, from impactScore = from.GetCvssV2().GetImpactScore() } - cveID, err := cve.IDV2(from, componentID) - if err != nil { - return nil, err - } + cveID := cve.IDV2(from, componentID, index) ret := &storage.ImageCVEV2{ Id: cveID, diff --git a/central/cve/converter/utils/convert_utils_v2_test.go b/central/cve/converter/utils/convert_utils_v2_test.go index fc108f13921f9..0bf10ac6b1f02 100644 --- a/central/cve/converter/utils/convert_utils_v2_test.go +++ b/central/cve/converter/utils/convert_utils_v2_test.go @@ -9,7 +9,6 @@ import ( "github.com/stackrox/rox/pkg/protocompat" "github.com/stackrox/rox/pkg/scancomponent" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) type componentPieces struct { @@ -144,28 +143,24 @@ func TestImageCVEV2ToEmbeddedCVEs(t *testing.T) { func TestEmbeddedCVEToImageCVEV2(t *testing.T) { for idx, embeddedVuln := range testVulns { componentInfo := getComponentInfo(t) - convertedVuln, err := EmbeddedVulnerabilityToImageCVEV2(componentInfo[idx].imageID, componentInfo[idx].componentID, embeddedVuln) + convertedVuln, err := EmbeddedVulnerabilityToImageCVEV2(componentInfo[idx].imageID, componentInfo[idx].componentID, idx, embeddedVuln) assert.NoError(t, err) protoassert.Equal(t, getTestCVEs(t)[idx], convertedVuln) } } -func getTestComponentID(t *testing.T) string { - id, err := scancomponent.ComponentIDV2(testComponent, "sha") - require.NoError(t, err) - return id +func getTestComponentID(index int) string { + return scancomponent.ComponentIDV2(testComponent, "sha", index) } -func getTestCVEID(t *testing.T, testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, err := cve.IDV2(testCVE, componentID) - require.NoError(t, err) - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } func getTestCVEs(t *testing.T) []*storage.ImageCVEV2 { return []*storage.ImageCVEV2{ { - Id: getTestCVEID(t, testVulns[0], getTestComponentID(t)), + Id: getTestCVEID(testVulns[0], getTestComponentID(0), 0), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -229,10 +224,10 @@ func getTestCVEs(t *testing.T) []*storage.ImageCVEV2 { State: 0, IsFixable: false, HasFixedBy: nil, - ComponentId: getTestComponentID(t), + ComponentId: getTestComponentID(0), }, { - Id: getTestCVEID(t, testVulns[1], getTestComponentID(t)), + Id: getTestCVEID(testVulns[1], getTestComponentID(1), 1), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -271,7 +266,7 @@ func getTestCVEs(t *testing.T) []*storage.ImageCVEV2 { HasFixedBy: &storage.ImageCVEV2_FixedBy{ FixedBy: "ver3", }, - ComponentId: getTestComponentID(t), + ComponentId: getTestComponentID(1), }, } } @@ -280,12 +275,12 @@ func getComponentInfo(t *testing.T) []*componentPieces { return []*componentPieces{ { imageID: "sha", - componentID: getTestComponentID(t), + componentID: getTestComponentID(0), cveIndex: 0, }, { imageID: "sha", - componentID: getTestComponentID(t), + componentID: getTestComponentID(1), cveIndex: 1, }, } diff --git a/central/cve/image/v2/datastore/datastore_sac_test.go b/central/cve/image/v2/datastore/datastore_sac_test.go index 92a9afa6734a9..0e7b44e3ba8cf 100644 --- a/central/cve/image/v2/datastore/datastore_sac_test.go +++ b/central/cve/image/v2/datastore/datastore_sac_test.go @@ -54,9 +54,9 @@ func (s *cveV2DataStoreSACTestSuite) SetupSuite() { // operating system information as well. This information is propagated from the image // scan data. // This helper is here to ease testing against the various datastore flavours. -func getImageCVEID(vuln *storage.EmbeddedVulnerability, component *storage.EmbeddedImageScanComponent, imageID string) string { - componentID, _ := scancomponent.ComponentIDV2(component, imageID) - cveID, _ := cve.IDV2(vuln, componentID) +func getImageCVEID(vuln *storage.EmbeddedVulnerability, component *storage.EmbeddedImageScanComponent, imageID string, componentIndex int, cveIndex int) string { + componentID := scancomponent.ComponentIDV2(component, imageID, componentIndex) + cveID := cve.IDV2(vuln, componentID, cveIndex) return cveID } @@ -74,241 +74,241 @@ var ( { contextKey: sacTestUtils.UnrestrictedReadCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.UnrestrictedReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster1ReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespaceAReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespaceBReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespacesABReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster1NamespacesBCReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster2ReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster2NamespaceAReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster2NamespaceBReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster2NamespacesACReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster2NamespacesBCReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, { contextKey: sacTestUtils.Cluster3ReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster3NamespaceAReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster3NamespaceBReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { contextKey: sacTestUtils.Cluster3NamespacesABReadWriteCtx, expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): false, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): false, }, }, { @@ -317,16 +317,16 @@ var ( // Therefore, it should see all vulnerabilities. // (images are in cluster1 namespaceA and cluster2 namespaceB). expectedCVEFound: map[string]bool{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageDoctorJekyll2().GetId(), 0, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 0): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1): true, + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2): true, }, }, } @@ -334,7 +334,7 @@ var ( func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEExistsSingleScopeOnly() { // Inject the fixture graph, and test exists for CVE-1234-0001 - cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()) + cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0) s.runImageTest("TestSACImageCVEExistsSingleScopeOnly", func(c cveTestCase) { testCtx := s.imageTestContexts[c.contextKey] exists, err := s.imageCVEStore.Exists(testCtx, cveID) @@ -347,7 +347,7 @@ func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEGetSingleScopeOnly() { // Inject the fixture graph, and test retrieval for CVE-1234-0001 targetCVE := fixtures.GetEmbeddedImageCVE1234x0001() cveName := targetCVE.GetCve() - cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()) + cveID := getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0) cvss := targetCVE.GetCvss() s.runImageTest("TestSACImageCVEGetSingleScopeOnly", func(c cveTestCase) { testCtx := s.imageTestContexts[c.contextKey] @@ -366,13 +366,13 @@ func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEGetSingleScopeOnly() { func (s *cveV2DataStoreSACTestSuite) TestSACImageCVEGetBatch() { batchCVEs := []string{ - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()), - getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId()), + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0001(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 0), + getImageCVEID(fixtures.GetEmbeddedImageCVE4567x0002(), fixtures.GetEmbeddedImageComponent1x1(), fixtures.GetImageSherlockHolmes1().GetId(), 0, 1), + getImageCVEID(fixtures.GetEmbeddedImageCVE1234x0003(), fixtures.GetEmbeddedImageComponent1x2(), fixtures.GetImageSherlockHolmes1().GetId(), 1, 0), + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0004(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 0), + getImageCVEID(fixtures.GetEmbeddedImageCVE3456x0005(), fixtures.GetEmbeddedImageComponent1s2x3(), fixtures.GetImageSherlockHolmes1().GetId(), 2, 1), + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0006(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 1), + getImageCVEID(fixtures.GetEmbeddedImageCVE2345x0007(), fixtures.GetEmbeddedImageComponent2x5(), fixtures.GetImageDoctorJekyll2().GetId(), 2, 2), } s.runImageTest("TestSACImageCVEGetBatch", func(c cveTestCase) { diff --git a/central/delegatedregistryconfig/store/postgres/store.go b/central/delegatedregistryconfig/store/postgres/store.go index 22eebd836bc53..b0bd7666a2452 100644 --- a/central/delegatedregistryconfig/store/postgres/store.go +++ b/central/delegatedregistryconfig/store/postgres/store.go @@ -5,6 +5,7 @@ import ( "context" "time" + "github.com/pkg/errors" "github.com/stackrox/rox/central/metrics" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/logging" @@ -83,31 +84,26 @@ func (s *storeImpl) Upsert(ctx context.Context, obj *storage.DelegatedRegistryCo } func (s *storeImpl) retryableUpsert(ctx context.Context, obj *storage.DelegatedRegistryConfig) error { - conn, release, err := s.acquireConn(ctx, ops.Get, "DelegatedRegistryConfig") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if _, err := tx.Exec(ctx, deleteStmt); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from delegated_registry_configs") } if err := insertIntoDelegatedRegistryConfigs(ctx, tx, obj); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err - } - if err := tx.Commit(ctx); err != nil { - return err + return errors.Wrap(err, "inserting into delegated_registry_configs") } - return nil + + return tx.Commit(ctx) } // Get returns the object, if it exists from the store. @@ -125,13 +121,7 @@ func (s *storeImpl) Get(ctx context.Context) (*storage.DelegatedRegistryConfig, } func (s *storeImpl) retryableGet(ctx context.Context) (*storage.DelegatedRegistryConfig, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "DelegatedRegistryConfig") - if err != nil { - return nil, false, err - } - defer release() - - row := conn.QueryRow(ctx, getStmt) + row := s.db.QueryRow(ctx, getStmt) var data []byte if err := row.Scan(&data); err != nil { return nil, false, pgutils.ErrNilIfNoRows(err) @@ -144,13 +134,8 @@ func (s *storeImpl) retryableGet(ctx context.Context) (*storage.DelegatedRegistr return &msg, true, nil } -func (s *storeImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } // Delete removes the singleton from the store @@ -168,16 +153,18 @@ func (s *storeImpl) Delete(ctx context.Context) error { } func (s *storeImpl) retryableDelete(ctx context.Context) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "DelegatedRegistryConfig") + tx, ctx, err := s.begin(ctx) if err != nil { return err } - defer release() - if _, err := conn.Exec(ctx, deleteStmt); err != nil { - return err + if _, err := tx.Exec(ctx, deleteStmt); err != nil { + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from delegated_registry_configs") } - return nil + return tx.Commit(ctx) } // Used for Testing diff --git a/central/delegatedregistryconfig/store/postgres/store_test.go b/central/delegatedregistryconfig/store/postgres/store_test.go index 958fc4d21be6d..27b53f9394673 100644 --- a/central/delegatedregistryconfig/store/postgres/store_test.go +++ b/central/delegatedregistryconfig/store/postgres/store_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/postgres" "github.com/stackrox/rox/pkg/postgres/pgtest" "github.com/stackrox/rox/pkg/protoassert" "github.com/stackrox/rox/pkg/sac" @@ -78,3 +79,25 @@ func (s *DelegatedRegistryConfigsStoreSuite) TestStore() { s.True(exists) protoassert.Equal(s.T(), delegatedRegistryConfig, foundDelegatedRegistryConfig) } + +func (s *DelegatedRegistryConfigsStoreSuite) TestGetWithTransactionContext() { + ctx := sac.WithAllAccess(context.Background()) + store := s.store + + delegatedRegistryConfig := &storage.DelegatedRegistryConfig{} + s.NoError(testutils.FullInit(delegatedRegistryConfig, testutils.SimpleInitializer(), testutils.JSONFieldsFilter)) + s.NoError(store.Upsert(ctx, delegatedRegistryConfig)) + + // Create explicit transaction + tx, err := s.testDB.DB.Begin(ctx) + s.NoError(err) + defer tx.Rollback(ctx) + + // Pass transaction context to Get + txCtx := postgres.ContextWithTx(ctx, tx) + retrieved, exists, err := store.Get(txCtx) + + s.NoError(err) + s.True(exists) + protoassert.Equal(s.T(), delegatedRegistryConfig, retrieved) +} diff --git a/central/deployment/datastore/datastore_impl_postgres_test.go b/central/deployment/datastore/datastore_impl_postgres_test.go index 06fa095c0a809..8bc4d518a7d01 100644 --- a/central/deployment/datastore/datastore_impl_postgres_test.go +++ b/central/deployment/datastore/datastore_impl_postgres_test.go @@ -83,19 +83,16 @@ func (s *DeploymentPostgresDataStoreTestSuite) TestSearchWithPostgres() { s.NoError(s.deploymentDatastore.UpsertDeployment(ctx, dep2)) s.NoError(s.deploymentDatastore.UpsertDeployment(ctx, dep3)) - componentIDImg2, err := scancomponent.ComponentIDV2( + componentIDImg2 := scancomponent.ComponentIDV2( img2.GetScan().GetComponents()[0], - img2.GetId()) - s.NoError(err) + img2.GetId(), 0) - componentIDImg1, err := scancomponent.ComponentIDV2( + componentIDImg1 := scancomponent.ComponentIDV2( img1.GetScan().GetComponents()[0], - img1.GetId()) - s.NoError(err) - cveID, err := cve.IDV2( + img1.GetId(), 0) + cveID := cve.IDV2( img1.GetScan().GetComponents()[0].GetVulns()[0], - componentIDImg1) - s.NoError(err) + componentIDImg1, 0) for _, tc := range []struct { desc string diff --git a/central/graphql/resolvers/activestateenum_string.go b/central/graphql/resolvers/activestateenum_string.go index a37dee7b263b4..74f5c0d617b5d 100644 --- a/central/graphql/resolvers/activestateenum_string.go +++ b/central/graphql/resolvers/activestateenum_string.go @@ -19,8 +19,9 @@ const _ActiveStateEnum_name = "UndeterminedInactiveActiveFeatureDisabled" var _ActiveStateEnum_index = [...]uint8{0, 12, 20, 26, 41} func (i ActiveStateEnum) String() string { - if i < 0 || i >= ActiveStateEnum(len(_ActiveStateEnum_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_ActiveStateEnum_index)-1 { return "ActiveStateEnum(" + strconv.FormatInt(int64(i), 10) + ")" } - return _ActiveStateEnum_name[_ActiveStateEnum_index[i]:_ActiveStateEnum_index[i+1]] + return _ActiveStateEnum_name[_ActiveStateEnum_index[idx]:_ActiveStateEnum_index[idx+1]] } diff --git a/central/graphql/resolvers/image_components.go b/central/graphql/resolvers/image_components.go index aae60a5a53644..d6ee885fb75b0 100644 --- a/central/graphql/resolvers/image_components.go +++ b/central/graphql/resolvers/image_components.go @@ -21,7 +21,6 @@ import ( "github.com/stackrox/rox/pkg/features" pkgMetrics "github.com/stackrox/rox/pkg/metrics" "github.com/stackrox/rox/pkg/protocompat" - "github.com/stackrox/rox/pkg/scancomponent" "github.com/stackrox/rox/pkg/search" "github.com/stackrox/rox/pkg/search/scoped" "github.com/stackrox/rox/pkg/utils" @@ -413,39 +412,6 @@ func getImageCVEResolvers(ctx context.Context, root *Resolver, os string, vulns return paginate(query.GetPagination(), resolverI, nil) } -func getImageCVEV2Resolvers(ctx context.Context, root *Resolver, imageID string, component *storage.EmbeddedImageScanComponent, query *v1.Query) ([]ImageVulnerabilityResolver, error) { - query, _ = search.FilterQueryWithMap(query, mappings.VulnerabilityOptionsMap) - predicate, err := vulnPredicateFactory.GeneratePredicate(query) - if err != nil { - return nil, err - } - - componentID, err := scancomponent.ComponentIDV2(component, imageID) - if err != nil { - return nil, err - } - resolvers := make([]ImageVulnerabilityResolver, 0, len(component.GetVulns())) - for _, vuln := range component.GetVulns() { - if !predicate.Matches(vuln) { - continue - } - converted, err := cveConverter.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, vuln) - if err != nil { - return nil, err - } - - resolver, err := root.wrapImageCVEV2(converted, true, nil) - if err != nil { - return nil, err - } - resolver.ctx = embeddedobjs.VulnContext(ctx, vuln) - - resolvers = append(resolvers, resolver) - } - - return paginate(query.GetPagination(), resolvers, nil) -} - /* Sub Resolver Functions */ @@ -779,17 +745,7 @@ func (resolver *imageComponentV2Resolver) ImageVulnerabilities(ctx context.Conte resolver.ctx = ctx } - // Short path. Full image is embedded when image scan resolver is called. - embeddedComponent := embeddedobjs.ComponentFromContext(resolver.ctx) - if embeddedComponent == nil { - return resolver.root.ImageVulnerabilities(resolver.imageComponentScopeContext(ctx), args) - } - - query, err := args.AsV1QueryOrEmpty() - if err != nil { - return nil, err - } - return getImageCVEV2Resolvers(resolver.ctx, resolver.root, resolver.ImageId(resolver.ctx), embeddedComponent, query) + return resolver.root.ImageVulnerabilities(resolver.imageComponentScopeContext(ctx), args) } func (resolver *imageComponentV2Resolver) LastScanned(ctx context.Context) (*graphql.Time, error) { @@ -848,29 +804,6 @@ func (resolver *imageComponentV2Resolver) TopImageVulnerability(ctx context.Cont resolver.ctx = ctx } - // Short path. Full image is embedded when image scan resolver is called. - if embeddedComponent := embeddedobjs.ComponentFromContext(resolver.ctx); embeddedComponent != nil { - var topVuln *storage.EmbeddedVulnerability - for _, vuln := range embeddedComponent.GetVulns() { - if topVuln == nil || vuln.GetCvss() > topVuln.GetCvss() { - topVuln = vuln - } - } - if topVuln == nil { - return nil, nil - } - componentID, err := scancomponent.ComponentIDV2(embeddedComponent, resolver.ImageId(resolver.ctx)) - if err != nil { - return nil, err - } - - convertedTopVuln, err := cveConverter.EmbeddedVulnerabilityToImageCVEV2(resolver.ImageId(resolver.ctx), componentID, topVuln) - if err != nil { - return nil, err - } - return resolver.root.wrapImageCVEV2WithContext(resolver.ctx, convertedTopVuln, true, nil) - } - return resolver.root.TopImageVulnerability(resolver.imageComponentScopeContext(ctx), RawQuery{}) } diff --git a/central/graphql/resolvers/image_components_v2_postgres_test.go b/central/graphql/resolvers/image_components_v2_postgres_test.go index 02755973e6e94..fc3f955a08952 100644 --- a/central/graphql/resolvers/image_components_v2_postgres_test.go +++ b/central/graphql/resolvers/image_components_v2_postgres_test.go @@ -364,12 +364,12 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp1os1", s.componentIDMap[comp11], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp11]), + }, s.componentIDMap[comp11], 0), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 1}, @@ -383,12 +383,12 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp2os1", s.componentIDMap[comp21], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.5", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp21]), + }, s.componentIDMap[comp21], 0), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 1}, @@ -402,14 +402,14 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp3os1", s.componentIDMap[comp31], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp31], 0), + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Cvss: 3, Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), + }, s.componentIDMap[comp31], 1), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 0}, @@ -423,12 +423,12 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp1os2", s.componentIDMap[comp12], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp12]), + }, s.componentIDMap[comp12], 0), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 1}, @@ -442,14 +442,14 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp3os2", s.componentIDMap[comp32], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp32]), - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp32], 0), + getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Cvss: 3, Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp32]), + }, s.componentIDMap[comp32], 1), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 0}, @@ -463,14 +463,14 @@ func (s *GraphQLImageComponentV2TestSuite) TestImageComponentImageVulnerabilitie "comp4os2", s.componentIDMap[comp42], []string{ - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{ + getTestCVEID(&storage.EmbeddedVulnerability{ Cve: "cve-2017-1", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), - getTestCVEID(s.T(), &storage.EmbeddedVulnerability{ + }, s.componentIDMap[comp42], 0), + getTestCVEID(&storage.EmbeddedVulnerability{ Cve: "cve-2017-2", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), + }, s.componentIDMap[comp42], 1), }, &VulnerabilityCounterResolver{ all: &VulnerabilityFixableCounterResolver{0, 0}, @@ -566,10 +566,10 @@ func (s *GraphQLImageComponentV2TestSuite) TestTopImageVulnerability() { comp := s.getImageComponentResolver(ctx, s.componentIDMap[comp31]) - expectedID := graphql.ID(getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + expectedID := graphql.ID(getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31])) + }, s.componentIDMap[comp31], 0)) vuln, err := comp.TopImageVulnerability(ctx) assert.NoError(s.T(), err) @@ -595,11 +595,11 @@ func (s *GraphQLImageComponentV2TestSuite) getImageComponentResolver(ctx context func (s *GraphQLImageComponentV2TestSuite) getComponentIDMap() map[string]string { return map[string]string{ - comp11: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[0], "sha1"), - comp12: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[0], "sha2"), - comp21: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[1], "sha1"), - comp31: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[2], "sha1"), - comp32: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[1], "sha2"), - comp42: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[2], "sha2"), + comp11: getTestComponentID(testImages()[0].GetScan().GetComponents()[0], "sha1", 0), + comp12: getTestComponentID(testImages()[1].GetScan().GetComponents()[0], "sha2", 0), + comp21: getTestComponentID(testImages()[0].GetScan().GetComponents()[1], "sha1", 1), + comp31: getTestComponentID(testImages()[0].GetScan().GetComponents()[2], "sha1", 2), + comp32: getTestComponentID(testImages()[1].GetScan().GetComponents()[1], "sha2", 1), + comp42: getTestComponentID(testImages()[1].GetScan().GetComponents()[2], "sha2", 2), } } diff --git a/central/graphql/resolvers/image_scan.go b/central/graphql/resolvers/image_scan.go index 05dd6e59f82e5..71badee3c693e 100644 --- a/central/graphql/resolvers/image_scan.go +++ b/central/graphql/resolvers/image_scan.go @@ -5,10 +5,8 @@ import ( "sort" "github.com/stackrox/rox/central/graphql/resolvers/embeddedobjs" - "github.com/stackrox/rox/central/graphql/resolvers/loaders" "github.com/stackrox/rox/central/image/datastore/store/common/v2" "github.com/stackrox/rox/central/image/mappings" - commonv2 "github.com/stackrox/rox/central/imagev2/datastore/store/common" v1 "github.com/stackrox/rox/generated/api/v1" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/features" @@ -26,13 +24,6 @@ func init() { "imageComponentCount(query: String): Int!", "imageComponents(query: String, pagination: Pagination): [ImageComponent!]!", }), - // deprecated fields - schema.AddExtraResolvers("ImageScan", []string{ - "componentCount(query: String): Int! " + - "@deprecated(reason: \"use 'imageComponentCount'\")", - "components(query: String, pagination: Pagination): [EmbeddedImageScanComponent!]! " + - "@deprecated(reason: \"use 'imageComponents'\")", - }), ) } @@ -42,7 +33,7 @@ func (resolver *imageScanResolver) ImageComponents(_ context.Context, args Pagin return nil, err } if features.FlattenCVEData.Enabled() { - return getImageComponentV2Resolvers(resolver.ctx, resolver.root, resolver.data, query) + return resolver.root.ImageComponents(resolver.ctx, args) } return getImageComponentResolvers(resolver.ctx, resolver.root, resolver.data, query) } @@ -94,129 +85,3 @@ func getImageComponentResolvers(ctx context.Context, root *Resolver, imageScan * } return paginate(query.GetPagination(), resolverI, nil) } - -func getImageComponentV2Resolvers(ctx context.Context, root *Resolver, imageScan *storage.ImageScan, query *v1.Query) ([]ImageComponentResolver, error) { - imageID := getImageIDFromScope(ctx) - if imageID == "" { - return nil, nil - } - - if features.FlattenImageData.Enabled() { - imageLoader, err := loaders.GetImageV2Loader(ctx) - if err != nil { - return nil, err - } - - image, err := imageLoader.FullImageWithID(ctx, imageID) - if err != nil { - return nil, err - } - - query, _ = search.FilterQueryWithMap(query, mappings.ComponentV2OptionsMap) - predicate, err := componentPredicateFactory.GeneratePredicate(query) - if err != nil { - return nil, err - } - - idToComponent := make(map[string]*imageComponentV2Resolver) - for _, embeddedComponent := range imageScan.GetComponents() { - if !predicate.Matches(embeddedComponent) { - continue - } - - os := imageScan.GetOperatingSystem() - id, err := scancomponent.ComponentIDV2(embeddedComponent, imageID) - if err != nil { - return nil, err - } - if _, exists := idToComponent[id]; !exists { - component, err := commonv2.GenerateImageComponentV2(os, image, embeddedComponent) - if err != nil { - return nil, err - } - - resolver, err := root.wrapImageComponentV2(component, true, nil) - if err != nil { - return nil, err - } - imageScanTime := protocompat.ConvertTimestampToTimeOrNil(imageScan.GetScanTime()) - resolver.ctx = embeddedobjs.ComponentContext(ctx, os, imageScanTime, embeddedComponent) - idToComponent[id] = resolver - } - } - - // For now, sort by IDs. - resolvers := make([]*imageComponentV2Resolver, 0, len(idToComponent)) - for _, component := range idToComponent { - resolvers = append(resolvers, component) - } - if len(query.GetPagination().GetSortOptions()) == 0 { - sort.SliceStable(resolvers, func(i, j int) bool { - return resolvers[i].data.GetId() < resolvers[j].data.GetId() - }) - } - resolverI := make([]ImageComponentResolver, 0, len(resolvers)) - for _, resolver := range resolvers { - resolverI = append(resolverI, resolver) - } - return paginate(query.GetPagination(), resolverI, nil) - } - imageLoader, err := loaders.GetImageLoader(ctx) - if err != nil { - return nil, err - } - - image, err := imageLoader.FullImageWithID(ctx, imageID) - if err != nil { - return nil, err - } - - query, _ = search.FilterQueryWithMap(query, mappings.ComponentV2OptionsMap) - predicate, err := componentPredicateFactory.GeneratePredicate(query) - if err != nil { - return nil, err - } - - idToComponent := make(map[string]*imageComponentV2Resolver) - for _, embeddedComponent := range imageScan.GetComponents() { - if !predicate.Matches(embeddedComponent) { - continue - } - - os := imageScan.GetOperatingSystem() - id, err := scancomponent.ComponentIDV2(embeddedComponent, imageID) - if err != nil { - return nil, err - } - if _, exists := idToComponent[id]; !exists { - component, err := common.GenerateImageComponentV2(os, image, embeddedComponent) - if err != nil { - return nil, err - } - - resolver, err := root.wrapImageComponentV2(component, true, nil) - if err != nil { - return nil, err - } - imageScanTime := protocompat.ConvertTimestampToTimeOrNil(imageScan.GetScanTime()) - resolver.ctx = embeddedobjs.ComponentContext(ctx, os, imageScanTime, embeddedComponent) - idToComponent[id] = resolver - } - } - - // For now, sort by IDs. - resolvers := make([]*imageComponentV2Resolver, 0, len(idToComponent)) - for _, component := range idToComponent { - resolvers = append(resolvers, component) - } - if len(query.GetPagination().GetSortOptions()) == 0 { - sort.SliceStable(resolvers, func(i, j int) bool { - return resolvers[i].data.GetId() < resolvers[j].data.GetId() - }) - } - resolverI := make([]ImageComponentResolver, 0, len(resolvers)) - for _, resolver := range resolvers { - resolverI = append(resolverI, resolver) - } - return paginate(query.GetPagination(), resolverI, nil) -} diff --git a/central/graphql/resolvers/image_scan_test.go b/central/graphql/resolvers/image_scan_test.go index 802a60619a3bb..1b35f1f1fde62 100644 --- a/central/graphql/resolvers/image_scan_test.go +++ b/central/graphql/resolvers/image_scan_test.go @@ -103,6 +103,11 @@ func (s *ImageScanResolverTestSuite) TestGetImagesWithScan() { Return([]*storage.Image{cloned}, nil) s.imageDataStore.EXPECT().GetImagesBatch(gomock.Any(), gomock.Any()). Return([]*storage.Image{img}, nil) + if features.FlattenCVEData.Enabled() { + s.imageComponentFlatView.EXPECT().Get(gomock.Any(), gomock.Any()).Return(nil, nil) + s.imageComponentDataStoreV2.EXPECT().SearchRawImageComponents(gomock.Any(), gomock.Any()). + Return(nil, nil) + } response := s.schema.Exec(s.ctx, imageWithScanQuery, "getImages", nil) s.Len(response.Errors, 0) } diff --git a/central/graphql/resolvers/image_vulnerabilities_v2_test.go b/central/graphql/resolvers/image_vulnerabilities_v2_test.go index 29e79703ad8fa..ae7dfe9080f3a 100644 --- a/central/graphql/resolvers/image_vulnerabilities_v2_test.go +++ b/central/graphql/resolvers/image_vulnerabilities_v2_test.go @@ -718,56 +718,56 @@ func getCVEList(ctx context.Context, vulns []ImageVulnerabilityResolver) []strin func (s *GraphQLImageVulnerabilityV2TestSuite) getIDMap() map[string]string { return map[string]string{ - cve111: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + cve111: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp11]), - cve121: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + }, s.componentIDMap[comp11], 0), + cve121: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.5", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp21]), - cve231: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + }, s.componentIDMap[comp21], 0), + cve231: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Cvss: 4, Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), - cve331: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp31], 0), + cve331: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Cvss: 3, Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp31]), - cve112: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2018-1", + }, s.componentIDMap[comp31], 1), + cve112: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2018-1", SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ FixedBy: "1.1", }, Severity: storage.VulnerabilitySeverity_CRITICAL_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp12]), - cve232: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-1", + }, s.componentIDMap[comp12], 0), + cve232: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-1", Severity: storage.VulnerabilitySeverity_MODERATE_VULNERABILITY_SEVERITY, Cvss: 4, - }, s.componentIDMap[comp32]), - cve332: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2019-2", + }, s.componentIDMap[comp32], 0), + cve332: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2019-2", Severity: storage.VulnerabilitySeverity_LOW_VULNERABILITY_SEVERITY, Cvss: 3, - }, s.componentIDMap[comp32]), - cve442: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2017-1", + }, s.componentIDMap[comp32], 1), + cve442: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2017-1", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), - cve542: getTestCVEID(s.T(), &storage.EmbeddedVulnerability{Cve: "cve-2017-2", + }, s.componentIDMap[comp42], 0), + cve542: getTestCVEID(&storage.EmbeddedVulnerability{Cve: "cve-2017-2", Severity: storage.VulnerabilitySeverity_IMPORTANT_VULNERABILITY_SEVERITY, - }, s.componentIDMap[comp42]), + }, s.componentIDMap[comp42], 1), } } func (s *GraphQLImageVulnerabilityV2TestSuite) getComponentIDMap() map[string]string { return map[string]string{ - comp11: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[0], "sha1"), - comp12: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[0], "sha2"), - comp21: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[1], "sha1"), - comp31: getTestComponentID(s.T(), testImages()[0].GetScan().GetComponents()[2], "sha1"), - comp32: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[1], "sha2"), - comp42: getTestComponentID(s.T(), testImages()[1].GetScan().GetComponents()[2], "sha2"), + comp11: getTestComponentID(testImages()[0].GetScan().GetComponents()[0], "sha1", 0), + comp12: getTestComponentID(testImages()[1].GetScan().GetComponents()[0], "sha2", 0), + comp21: getTestComponentID(testImages()[0].GetScan().GetComponents()[1], "sha1", 1), + comp31: getTestComponentID(testImages()[0].GetScan().GetComponents()[2], "sha1", 2), + comp32: getTestComponentID(testImages()[1].GetScan().GetComponents()[1], "sha2", 1), + comp42: getTestComponentID(testImages()[1].GetScan().GetComponents()[2], "sha2", 2), } } diff --git a/central/graphql/resolvers/test_utils.go b/central/graphql/resolvers/test_utils.go index 8693c03d9d35f..3ec198c91bb98 100644 --- a/central/graphql/resolvers/test_utils.go +++ b/central/graphql/resolvers/test_utils.go @@ -753,16 +753,10 @@ func contextWithClusterPerm(t testing.TB, ctrl *gomock.Controller) context.Conte return authn.ContextWithIdentity(sac.WithAllAccess(loaders.WithLoaderContext(context.Background())), id, t) } -func getTestComponentID(t *testing.T, testComponent *storage.EmbeddedImageScanComponent, imageID string) string { - id, err := scancomponent.ComponentIDV2(testComponent, imageID) - require.NoError(t, err) - - return id +func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(testComponent, imageID, index) } -func getTestCVEID(t *testing.T, testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, err := cve.IDV2(testCVE, componentID) - require.NoError(t, err) - - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } diff --git a/central/image/datastore/datastore_impl.go b/central/image/datastore/datastore_impl.go index e135d6f88d6ad..50fc30aa2ec02 100644 --- a/central/image/datastore/datastore_impl.go +++ b/central/image/datastore/datastore_impl.go @@ -126,7 +126,7 @@ func (ds *datastoreImpl) SearchListImages(ctx context.Context, q *v1.Query) ([]* defer metrics.SetDatastoreFunctionDuration(time.Now(), "Image", "SearchListImages") var imgs []*storage.ListImage - err := ds.storage.WalkByQuery(ctx, q, func(img *storage.Image) error { + err := ds.storage.WalkMetadataByQuery(ctx, q, func(img *storage.Image) error { imgs = append(imgs, imageTypes.ConvertImageToListImage(img)) return nil }) @@ -363,13 +363,9 @@ func (ds *datastoreImpl) updateListImagePriority(images ...*storage.ListImage) { func (ds *datastoreImpl) updateImagePriority(images ...*storage.Image) { for _, image := range images { image.Priority = ds.imageRanker.GetRankForID(image.GetId()) - for _, component := range image.GetScan().GetComponents() { + for index, component := range image.GetScan().GetComponents() { if features.FlattenCVEData.Enabled() { - componentID, err := scancomponent.ComponentIDV2(component, image.GetId()) - if err != nil { - log.Error(err) - continue - } + componentID := scancomponent.ComponentIDV2(component, image.GetId(), index) component.Priority = ds.imageComponentRanker.GetRankForID(componentID) } else { component.Priority = ds.imageComponentRanker.GetRankForID(scancomponent.ComponentID(component.GetName(), component.GetVersion(), image.GetScan().GetOperatingSystem())) @@ -379,13 +375,9 @@ func (ds *datastoreImpl) updateImagePriority(images ...*storage.Image) { } func (ds *datastoreImpl) updateComponentRisk(image *storage.Image) { - for _, component := range image.GetScan().GetComponents() { + for index, component := range image.GetScan().GetComponents() { if features.FlattenCVEData.Enabled() { - componentID, err := scancomponent.ComponentIDV2(component, image.GetId()) - if err != nil { - log.Error(err) - continue - } + componentID := scancomponent.ComponentIDV2(component, image.GetId(), index) component.RiskScore = ds.imageComponentRanker.GetScoreForID(componentID) } else { component.RiskScore = ds.imageComponentRanker.GetScoreForID(scancomponent.ComponentID(component.GetName(), component.GetVersion(), image.GetScan().GetOperatingSystem())) diff --git a/central/image/datastore/datastore_impl_flat_postgres_test.go b/central/image/datastore/datastore_impl_flat_postgres_test.go index dff52391092ef..e4f9a59aba837 100644 --- a/central/image/datastore/datastore_impl_flat_postgres_test.go +++ b/central/image/datastore/datastore_impl_flat_postgres_test.go @@ -302,12 +302,12 @@ func (s *ImageFlatPostgresDataStoreTestSuite) TestSortByComponent() { ctx := sac.WithAllAccess(context.Background()) image := fixtures.GetImageWithUniqueComponents(5) componentIDs := make([]string, 0, len(image.GetScan().GetComponents())) - for _, component := range image.GetScan().GetComponents() { - compID, err := scancomponent.ComponentIDV2( + for index, component := range image.GetScan().GetComponents() { + compID := scancomponent.ComponentIDV2( component, image.GetId(), + index, ) - s.NoError(err) componentIDs = append(componentIDs, compID) } @@ -362,12 +362,10 @@ func (s *ImageFlatPostgresDataStoreTestSuite) TestImageDeletes() { testImage.Scan.ScanTime = protocompat.TimestampNow() testImage.Scan.Components = testImage.Scan.Components[:len(testImage.Scan.Components)-1] cveIDsSet := set.NewStringSet() - for _, component := range testImage.GetScan().GetComponents() { - componentID, err := scancomponent.ComponentIDV2(component, testImage.GetId()) - s.NoError(err) - for _, cve := range component.GetVulns() { - cveID, err := pkgCVE.IDV2(cve, componentID) - s.NoError(err) + for compIndex, component := range testImage.GetScan().GetComponents() { + componentID := scancomponent.ComponentIDV2(component, testImage.GetId(), compIndex) + for cveIndex, cve := range component.GetVulns() { + cveID := pkgCVE.IDV2(cve, componentID, cveIndex) cveIDsSet.Add(cveID) } } diff --git a/central/image/datastore/store/common/v2/parts_test.go b/central/image/datastore/store/common/v2/parts_test.go index 1264cafb01b6b..7c1b9e7250e42 100644 --- a/central/image/datastore/store/common/v2/parts_test.go +++ b/central/image/datastore/store/common/v2/parts_test.go @@ -166,13 +166,13 @@ func TestSplitAndMergeImage(t *testing.T) { }, }, SetComponents: &storage.Image_Components{ - Components: 3, + Components: 4, }, SetCves: &storage.Image_Cves{ - Cves: 4, + Cves: 7, }, SetFixable: &storage.Image_FixableCves{ - FixableCves: 2, + FixableCves: 4, }, Scan: &storage.ImageScan{ ScanTime: ts, @@ -292,13 +292,13 @@ func TestSplitAndMergeImage(t *testing.T) { ScanTime: ts, }, SetComponents: &storage.Image_Components{ - Components: 3, + Components: 4, }, SetCves: &storage.Image_Cves{ - Cves: 4, + Cves: 7, }, SetFixable: &storage.Image_FixableCves{ - FixableCves: 2, + FixableCves: 4, }, }, ImageCVEEdges: map[string]*storage.ImageCVEEdge{ @@ -321,7 +321,7 @@ func TestSplitAndMergeImage(t *testing.T) { Version: "ver1", }, ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(testComponents[0], "sha"), + Id: getTestComponentID(testComponents[0], "sha", 0), Name: "comp1", Version: "ver1", ImageId: "sha", @@ -346,7 +346,7 @@ func TestSplitAndMergeImage(t *testing.T) { Version: "ver2", }, ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(testComponents[1], "sha"), + Id: getTestComponentID(testComponents[1], "sha", 1), Name: "comp1", Version: "ver2", ImageId: "sha", @@ -378,7 +378,7 @@ func TestSplitAndMergeImage(t *testing.T) { ImageCveId: cve.ID("cve1", ""), }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve1comp1"], getTestComponentID(testComponents[1], "sha")), + Id: getTestCVEID(testCVEs["cve1comp1"], getTestComponentID(testComponents[1], "sha", 1), 0), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -386,7 +386,7 @@ func TestSplitAndMergeImage(t *testing.T) { }, NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[1], "sha"), + ComponentId: getTestComponentID(testComponents[1], "sha", 1), }, }, { @@ -408,7 +408,7 @@ func TestSplitAndMergeImage(t *testing.T) { IsFixable: true, }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], "sha")), + Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], "sha", 1), 1), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -420,7 +420,41 @@ func TestSplitAndMergeImage(t *testing.T) { }, IsFixable: true, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[1], "sha"), + ComponentId: getTestComponentID(testComponents[1], "sha", 1), + }, + }, + { + CVE: &storage.ImageCVE{ + Id: cve.ID("cve2", ""), + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + }, + Edge: &storage.ComponentCVEEdge{ + Id: pgSearch.IDFromPks([]string{scancomponent.ComponentID("comp1", "ver2", ""), cve.ID("cve2", "")}), + ImageComponentId: scancomponent.ComponentID("comp1", "ver2", ""), + ImageCveId: cve.ID("cve2", ""), + HasFixedBy: &storage.ComponentCVEEdge_FixedBy{ + FixedBy: "ver3", + }, + IsFixable: true, + }, + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], "sha", 1), 2), + ImageId: "sha", + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + HasFixedBy: &storage.ImageCVEV2_FixedBy{ + FixedBy: "ver3", + }, + IsFixable: true, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[1], "sha", 1), }, }, }, @@ -432,7 +466,7 @@ func TestSplitAndMergeImage(t *testing.T) { Version: "ver1", }, ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(testComponents[2], "sha"), + Id: getTestComponentID(testComponents[2], "sha", 2), Name: "comp2", Version: "ver1", ImageId: "sha", @@ -468,7 +502,7 @@ func TestSplitAndMergeImage(t *testing.T) { IsFixable: true, }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], "sha")), + Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], "sha", 2), 0), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -480,7 +514,7 @@ func TestSplitAndMergeImage(t *testing.T) { }, IsFixable: true, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[2], "sha"), + ComponentId: getTestComponentID(testComponents[2], "sha", 2), }, }, { @@ -498,7 +532,7 @@ func TestSplitAndMergeImage(t *testing.T) { ImageCveId: cve.ID("cve2", ""), }, CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], "sha")), + Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], "sha", 2), 1), ImageId: "sha", CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -506,7 +540,93 @@ func TestSplitAndMergeImage(t *testing.T) { }, NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(testComponents[2], "sha"), + ComponentId: getTestComponentID(testComponents[2], "sha", 2), + }, + }, + }, + }, + { + Component: &storage.ImageComponent{ + Id: scancomponent.ComponentID("comp2", "ver1", ""), + Name: "comp2", + Version: "ver1", + }, + ComponentV2: &storage.ImageComponentV2{ + Id: getTestComponentID(testComponents[2], "sha", 3), + Name: "comp2", + Version: "ver1", + ImageId: "sha", + HasLayerIndex: &storage.ImageComponentV2_LayerIndex{ + LayerIndex: 2, + }, + }, + Edge: &storage.ImageComponentEdge{ + Id: pgSearch.IDFromPks([]string{"sha", scancomponent.ComponentID("comp2", "ver1", "")}), + ImageId: "sha", + ImageComponentId: scancomponent.ComponentID("comp2", "ver1", ""), + HasLayerIndex: &storage.ImageComponentEdge_LayerIndex{ + LayerIndex: 2, + }, + }, + Children: []CVEParts{ + { + CVE: &storage.ImageCVE{ + Id: cve.ID("cve1", ""), + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve1", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + }, + Edge: &storage.ComponentCVEEdge{ + Id: pgSearch.IDFromPks([]string{scancomponent.ComponentID("comp2", "ver1", ""), cve.ID("cve1", "")}), + ImageComponentId: scancomponent.ComponentID("comp2", "ver1", ""), + ImageCveId: cve.ID("cve1", ""), + HasFixedBy: &storage.ComponentCVEEdge_FixedBy{ + FixedBy: "ver2", + }, + IsFixable: true, + }, + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], "sha", 3), 0), + ImageId: "sha", + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve1", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + HasFixedBy: &storage.ImageCVEV2_FixedBy{ + FixedBy: "ver2", + }, + IsFixable: true, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[2], "sha", 3), + }, + }, + { + CVE: &storage.ImageCVE{ + Id: cve.ID("cve2", ""), + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + }, + Edge: &storage.ComponentCVEEdge{ + Id: pgSearch.IDFromPks([]string{scancomponent.ComponentID("comp2", "ver1", ""), cve.ID("cve2", "")}), + ImageComponentId: scancomponent.ComponentID("comp2", "ver1", ""), + ImageCveId: cve.ID("cve2", ""), + }, + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], "sha", 3), 1), + ImageId: "sha", + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[2], "sha", 3), }, }, }, @@ -558,16 +678,12 @@ func TestSplitAndMergeImage(t *testing.T) { protoassert.Equal(t, dedupedImage(), imageActual) } -func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string) string { - id, _ := scancomponent.ComponentIDV2(testComponent, imageID) - - return id +func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(testComponent, imageID, index) } -func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, _ := cve.IDV2(testCVE, componentID) - - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } func dedupedImage() *storage.Image { @@ -582,13 +698,13 @@ func dedupedImage() *storage.Image { }, }, SetComponents: &storage.Image_Components{ - Components: 3, + Components: 4, }, SetCves: &storage.Image_Cves{ - Cves: 4, + Cves: 7, }, SetFixable: &storage.Image_FixableCves{ - FixableCves: 2, + FixableCves: 4, }, Scan: &storage.ImageScan{ ScanTime: ts, @@ -625,6 +741,42 @@ func dedupedImage() *storage.Image { FirstImageOccurrence: ts, FirstSystemOccurrence: ts, }, + { + Cve: "cve2", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ + FixedBy: "ver3", + }, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, + }, + }, + { + Name: "comp2", + Version: "ver1", + HasLayerIndex: &storage.EmbeddedImageScanComponent_LayerIndex{ + LayerIndex: 2, + }, + Vulns: []*storage.EmbeddedVulnerability{ + { + Cve: "cve1", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ + FixedBy: "ver2", + }, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, + { + Cve: "cve2", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, }, }, { diff --git a/central/image/datastore/store/common/v2/split_v2.go b/central/image/datastore/store/common/v2/split_v2.go index 31c43f17c3969..eae8054f9f72e 100644 --- a/central/image/datastore/store/common/v2/split_v2.go +++ b/central/image/datastore/store/common/v2/split_v2.go @@ -34,21 +34,12 @@ func SplitV2(image *storage.Image, withComponents bool) (ImageParts, error) { func splitComponentsV2(parts ImageParts) ([]ComponentParts, error) { ret := make([]ComponentParts, 0, len(parts.Image.GetScan().GetComponents())) - componentMap := make(map[string]*storage.EmbeddedImageScanComponent) - for _, component := range parts.Image.GetScan().GetComponents() { - generatedComponentV2, err := GenerateImageComponentV2(parts.Image.GetScan().GetOperatingSystem(), parts.Image, component) + for index, component := range parts.Image.GetScan().GetComponents() { + generatedComponentV2, err := GenerateImageComponentV2(parts.Image.GetScan().GetOperatingSystem(), parts.Image, index, component) if err != nil { return nil, err } - // dedupe components within the component - if _, ok := componentMap[generatedComponentV2.GetId()]; ok { - log.Infof("Component %s-%s has already been processed in the image. Skipping...", component.GetName(), component.GetVersion()) - continue - } - - componentMap[generatedComponentV2.GetId()] = component - cves, err := splitCVEsV2(parts.Image.GetId(), generatedComponentV2.GetId(), component) if err != nil { return nil, err @@ -67,21 +58,12 @@ func splitComponentsV2(parts ImageParts) ([]ComponentParts, error) { func splitCVEsV2(imageID string, componentID string, embedded *storage.EmbeddedImageScanComponent) ([]CVEParts, error) { ret := make([]CVEParts, 0, len(embedded.GetVulns())) - cveMap := make(map[string]*storage.EmbeddedVulnerability) - for _, cve := range embedded.GetVulns() { - convertedCVE, err := utils.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, cve) + for index, cve := range embedded.GetVulns() { + convertedCVE, err := utils.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, index, cve) if err != nil { return nil, err } - // dedupe CVEs within the component - if _, ok := cveMap[convertedCVE.GetId()]; ok { - log.Infof("CVE %s has already been processed in the image. Skipping...", cve.GetCve()) - continue - } - - cveMap[convertedCVE.GetId()] = cve - cp := CVEParts{ CVEV2: convertedCVE, } @@ -92,11 +74,8 @@ func splitCVEsV2(imageID string, componentID string, embedded *storage.EmbeddedI } // GenerateImageComponentV2 returns top-level image component from embedded component. -func GenerateImageComponentV2(os string, image *storage.Image, from *storage.EmbeddedImageScanComponent) (*storage.ImageComponentV2, error) { - componentID, err := scancomponent.ComponentIDV2(from, image.GetId()) - if err != nil { - return nil, err - } +func GenerateImageComponentV2(os string, image *storage.Image, index int, from *storage.EmbeddedImageScanComponent) (*storage.ImageComponentV2, error) { + componentID := scancomponent.ComponentIDV2(from, image.GetId(), index) ret := &storage.ImageComponentV2{ Id: componentID, diff --git a/central/image/datastore/store/mocks/store.go b/central/image/datastore/store/mocks/store.go index dceee92a2fe9b..923037595c488 100644 --- a/central/image/datastore/store/mocks/store.go +++ b/central/image/datastore/store/mocks/store.go @@ -221,3 +221,17 @@ func (mr *MockStoreMockRecorder) WalkByQuery(ctx, q, fn any) *gomock.Call { mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WalkByQuery", reflect.TypeOf((*MockStore)(nil).WalkByQuery), ctx, q, fn) } + +// WalkMetadataByQuery mocks base method. +func (m *MockStore) WalkMetadataByQuery(ctx context.Context, q *v1.Query, fn func(*storage.Image) error) error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "WalkMetadataByQuery", ctx, q, fn) + ret0, _ := ret[0].(error) + return ret0 +} + +// WalkMetadataByQuery indicates an expected call of WalkMetadataByQuery. +func (mr *MockStoreMockRecorder) WalkMetadataByQuery(ctx, q, fn any) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WalkMetadataByQuery", reflect.TypeOf((*MockStore)(nil).WalkMetadataByQuery), ctx, q, fn) +} diff --git a/central/image/datastore/store/postgres/store.go b/central/image/datastore/store/postgres/store.go index b98af7e9b1714..7a1cbe06a20fa 100644 --- a/central/image/datastore/store/postgres/store.go +++ b/central/image/datastore/store/postgres/store.go @@ -757,7 +757,7 @@ func (s *storeImpl) upsert(ctx context.Context, obj *storage.Image) error { } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } @@ -835,7 +835,7 @@ func (s *storeImpl) retryableGet(ctx context.Context, id string) (*storage.Image } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return nil, false, err } @@ -1082,7 +1082,7 @@ func (s *storeImpl) retryableDelete(ctx context.Context, id string) error { } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } @@ -1151,7 +1151,7 @@ func (s *storeImpl) retryableGetByIDs(ctx context.Context, ids []string) ([]*sto } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return nil, err } @@ -1191,7 +1191,7 @@ func (s *storeImpl) WalkByQuery(ctx context.Context, q *v1.Query, fn func(image } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } @@ -1218,6 +1218,19 @@ func (s *storeImpl) WalkByQuery(ctx context.Context, q *v1.Query, fn func(image return nil } +// This store is no longer used with the new CVE data model. Added this method to satisfy the store interface. +func (s *storeImpl) WalkMetadataByQuery(ctx context.Context, q *v1.Query, fn func(img *storage.Image) error) error { + defer metrics.SetPostgresOperationDurationTime(time.Now(), ops.WalkMetadataByQuery, "Image") + + q = applyDefaultSort(q) + + err := pgSearch.RunCursorQueryForSchemaFn(ctx, pkgSchema.ImagesSchema, q, s.db, fn) + if err != nil { + return errors.Wrap(err, "cursor by query") + } + return nil +} + //// Used for testing func dropAllTablesInImageTree(ctx context.Context, db postgres.DB) { @@ -1373,7 +1386,7 @@ func (s *storeImpl) retryableUpdateVulnState(ctx context.Context, cve string, im } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/central/image/datastore/store/store.go b/central/image/datastore/store/store.go index 3c20a62ac9817..f950869a20af3 100644 --- a/central/image/datastore/store/store.go +++ b/central/image/datastore/store/store.go @@ -25,6 +25,7 @@ type Store interface { GetImageMetadata(ctx context.Context, id string) (*storage.Image, bool, error) GetManyImageMetadata(ctx context.Context, id []string) ([]*storage.Image, error) WalkByQuery(ctx context.Context, q *v1.Query, fn func(img *storage.Image) error) error + WalkMetadataByQuery(ctx context.Context, q *v1.Query, fn func(img *storage.Image) error) error Upsert(ctx context.Context, image *storage.Image) error Delete(ctx context.Context, id string) error diff --git a/central/image/datastore/store/v2/postgres/store.go b/central/image/datastore/store/v2/postgres/store.go index f64ce2976e9e9..f2a83b7c0bf61 100644 --- a/central/image/datastore/store/v2/postgres/store.go +++ b/central/image/datastore/store/v2/postgres/store.go @@ -476,13 +476,7 @@ func (s *storeImpl) upsert(ctx context.Context, obj *storage.Image) error { keys := gatherKeys(imageParts) return s.keyFence.DoStatusWithLock(concurrency.DiscreteKeySet(keys...), func() error { - conn, release, err := s.acquireConn(ctx, ops.Get, "Image") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } @@ -554,21 +548,14 @@ func (s *storeImpl) Get(ctx context.Context, id string) (*storage.Image, bool, e } func (s *storeImpl) retryableGet(ctx context.Context, id string) (*storage.Image, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "Image") + tx, ctx, err := s.begin(ctx) if err != nil { return nil, false, err } - defer release() + defer postgres.FinishReadOnlyTransaction(tx) - tx, err := conn.Begin(ctx) - if err != nil { - return nil, false, err - } image, found, err := s.getFullImage(ctx, tx, id) - // No changes are made to the database, so COMMIT or ROLLBACK have same effect. - if err := tx.Commit(ctx); err != nil { - return nil, false, err - } + return image, found, err } @@ -624,13 +611,8 @@ func (s *storeImpl) getFullImage(ctx context.Context, tx *postgres.Tx, imageID s return &image, true, nil } -func (s *storeImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } func getImageComponents(ctx context.Context, tx *postgres.Tx, imageID string) ([]*storage.ImageComponentV2, error) { @@ -748,22 +730,16 @@ func (s *storeImpl) Delete(ctx context.Context, id string) error { } func (s *storeImpl) retryableDelete(ctx context.Context, id string) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "Image") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if err := s.deleteImageTree(ctx, tx, id); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolbacing transaction due to previous error: %v", err) } - return err + return errors.Wrap(err, "deleting image tree") } return tx.Commit(ctx) } @@ -797,25 +773,16 @@ func (s *storeImpl) GetByIDs(ctx context.Context, ids []string) ([]*storage.Imag } func (s *storeImpl) retryableGetByIDs(ctx context.Context, ids []string) ([]*storage.Image, error) { - conn, release, err := s.acquireConn(ctx, ops.GetMany, "Image") - if err != nil { - return nil, err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return nil, err } + defer postgres.FinishReadOnlyTransaction(tx) elems := make([]*storage.Image, 0, len(ids)) for _, id := range ids { msg, found, err := s.getFullImage(ctx, tx, id) if err != nil { - // No changes are made to the database, so COMMIT or ROLLBACK have the same effect. - if err := tx.Commit(ctx); err != nil { - return nil, err - } return nil, err } if !found { @@ -824,10 +791,6 @@ func (s *storeImpl) retryableGetByIDs(ctx context.Context, ids []string) ([]*sto elems = append(elems, msg) } - // No changes are made to the database, so COMMIT or ROLLBACK have the same effect. - if err := tx.Commit(ctx); err != nil { - return nil, err - } return elems, nil } @@ -837,19 +800,13 @@ func (s *storeImpl) WalkByQuery(ctx context.Context, q *v1.Query, fn func(image q = applyDefaultSort(q) - conn, release, err := s.acquireConn(ctx, ops.WalkByQuery, "Image") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } defer func() { - if err := tx.Rollback(ctx); err != nil { - log.Errorf("error rolling back: %v", err) + if err := tx.Commit(ctx); err != nil { + log.Errorf("error comitting transaction: %v", err) } }() @@ -870,33 +827,29 @@ func (s *storeImpl) WalkByQuery(ctx context.Context, q *v1.Query, fn func(image return nil } -// GetImageMetadata returns the image without scan/component data. -func (s *storeImpl) GetImageMetadata(ctx context.Context, id string) (*storage.Image, bool, error) { - defer metrics.SetPostgresOperationDurationTime(time.Now(), ops.Get, "ImageMetadata") +func (s *storeImpl) WalkMetadataByQuery(ctx context.Context, q *v1.Query, fn func(img *storage.Image) error) error { + defer metrics.SetPostgresOperationDurationTime(time.Now(), ops.WalkMetadataByQuery, "Image") - return pgutils.Retry3(ctx, func() (*storage.Image, bool, error) { - return s.retryableGetImageMetadata(ctx, id) - }) -} + q = applyDefaultSort(q) -func (s *storeImpl) retryableGetImageMetadata(ctx context.Context, id string) (*storage.Image, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "Image") + err := pgSearch.RunCursorQueryForSchemaFn(ctx, pkgSchema.ImagesSchema, q, s.db, fn) if err != nil { - return nil, false, err + return errors.Wrap(err, "cursor by query") } - defer release() + return nil +} - row := conn.QueryRow(ctx, getImageMetaStmt, id) - var data []byte - if err := row.Scan(&data); err != nil { - return nil, false, pgutils.ErrNilIfNoRows(err) - } +// GetImageMetadata returns the image without scan/component data. +func (s *storeImpl) GetImageMetadata(ctx context.Context, id string) (*storage.Image, bool, error) { + defer metrics.SetPostgresOperationDurationTime(time.Now(), ops.Get, "ImageMetadata") - var msg storage.Image - if err := msg.UnmarshalVTUnsafe(data); err != nil { + imageMetadata, err := pgutils.Retry2(ctx, func() ([]*storage.Image, error) { + return s.retryableGetManyImageMetadata(ctx, []string{id}) + }) + if err != nil || len(imageMetadata) == 0 { return nil, false, err } - return &msg, true, nil + return imageMetadata[0], true, nil } // GetManyImageMetadata returns images without scan/component data. @@ -942,13 +895,7 @@ func (s *storeImpl) retryableUpdateVulnState(ctx context.Context, cve string, im return nil } - conn, release, err := s.acquireConn(ctx, ops.Update, "UpdateVulnState") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } diff --git a/central/image/datastore/store/v2/postgres/store_bench_test.go b/central/image/datastore/store/v2/postgres/store_bench_test.go new file mode 100644 index 0000000000000..f20a44306e7ab --- /dev/null +++ b/central/image/datastore/store/v2/postgres/store_bench_test.go @@ -0,0 +1,60 @@ +//go:build sql_integration + +package postgres + +import ( + "context" + "fmt" + "testing" + + "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/concurrency" + "github.com/stackrox/rox/pkg/fixtures" + "github.com/stackrox/rox/pkg/postgres/pgtest" + "github.com/stackrox/rox/pkg/sac" + "github.com/stackrox/rox/pkg/search" + "github.com/stretchr/testify/require" +) + +// BenchmarkWalkComparison benchmarks both Walk functions for comparison +func BenchmarkWalkComparison(b *testing.B) { + ctx := sac.WithAllAccess(context.Background()) + testDB := pgtest.ForT(b) + + store := New(testDB.DB, false, concurrency.NewKeyFence()) + + // Setup: Insert test images + numImages := 100 + images := make([]*storage.Image, 0, numImages) + for i := 0; i < numImages; i++ { + img := fixtures.GetImageWithUniqueComponents(5) + img.Id = fmt.Sprintf("%d", i) + images = append(images, img) + } + + for _, image := range images { + require.NoError(b, store.Upsert(ctx, image)) + } + + b.Run("WalkByQuery", func(b *testing.B) { + for b.Loop() { + count := 0 + err := store.WalkByQuery(ctx, search.EmptyQuery(), func(image *storage.Image) error { + count++ + return nil + }) + require.NoError(b, err) + } + }) + + b.Run("WalkMetadataByQuery", func(b *testing.B) { + for b.Loop() { + count := 0 + err := store.WalkMetadataByQuery(ctx, search.EmptyQuery(), func(image *storage.Image) error { + count++ + return nil + }) + require.NoError(b, err) + } + }) +} diff --git a/central/image/datastore/store/v2/postgres/store_test.go b/central/image/datastore/store/v2/postgres/store_test.go index d633c7637c284..2cb0301b4b58c 100644 --- a/central/image/datastore/store/v2/postgres/store_test.go +++ b/central/image/datastore/store/v2/postgres/store_test.go @@ -15,6 +15,7 @@ import ( "github.com/stackrox/rox/pkg/concurrency" "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/fixtures" + "github.com/stackrox/rox/pkg/postgres" "github.com/stackrox/rox/pkg/postgres/pgtest" pkgSchema "github.com/stackrox/rox/pkg/postgres/schema" "github.com/stackrox/rox/pkg/protoassert" @@ -22,6 +23,7 @@ import ( "github.com/stackrox/rox/pkg/sac" "github.com/stackrox/rox/pkg/search" "github.com/stackrox/rox/pkg/testutils" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" ) @@ -360,6 +362,14 @@ func (s *ImagesStoreSuite) TestGetManyImageMetadata() { returnedImages, err = s.store.GetManyImageMetadata(s.ctx, searchedIndexes) s.NoError(err) s.Equal(2, len(returnedImages)) + + tx, err := s.testDB.Begin(s.ctx) + s.NoError(err) + ctx := postgres.ContextWithTx(s.ctx, tx) + _, ok, err := s.store.GetImageMetadata(ctx, image.GetId()) + s.NoError(err) + s.True(ok) + assert.NoError(s.T(), tx.Rollback(s.ctx)) } func (s *ImagesStoreSuite) TestWalkByQuery() { @@ -387,6 +397,46 @@ func (s *ImagesStoreSuite) TestWalkByQuery() { q := search.NewQueryBuilder().AddExactMatches(search.ImageSHA, image.GetId()).ProtoQuery() s.NoError(s.store.WalkByQuery(s.ctx, q, walkFn)) + + tx, err := s.testDB.Begin(s.ctx) + s.NoError(err) + ctx := postgres.ContextWithTx(s.ctx, tx) + s.NoError(s.store.WalkByQuery(ctx, q, walkFn)) + s.NoError(s.ctx.Err()) + // The second walk is here to check if transaction and context are still active + s.NoError(s.store.WalkByQuery(ctx, q, walkFn)) + s.NoError(s.ctx.Err()) + assert.NoError(s.T(), tx.Commit(s.ctx)) +} + +func (s *ImagesStoreSuite) TestWalkMetadataByQuery() { + image := getTestImage("image1") + image2 := getTestImage("image2") + + // Add an image + s.NoError(s.store.Upsert(s.ctx, image)) + _, exists, err := s.store.Get(s.ctx, image.GetId()) + s.NoError(err) + s.True(exists) + + // Add a second image + s.NoError(s.store.Upsert(s.ctx, image2)) + _, exists, err = s.store.Get(s.ctx, image2.GetId()) + s.NoError(err) + s.True(exists) + + walkFn := func(obj *storage.Image) error { + if obj.GetId() != image.GetId() { + return fmt.Errorf("expected image1 but got %s", obj.GetId()) + } + if obj.GetScan().GetComponents() != nil { + return fmt.Errorf("expected scan components to be nil but got %d components", len(obj.GetScan().GetComponents())) + } + return nil + } + + q := search.NewQueryBuilder().AddExactMatches(search.ImageSHA, image.GetId()).ProtoQuery() + s.NoError(s.store.WalkMetadataByQuery(s.ctx, q, walkFn)) } func (s *ImagesStoreSuite) TestGetMany() { diff --git a/central/imagecomponent/v2/datastore/datastore_sac_test.go b/central/imagecomponent/v2/datastore/datastore_sac_test.go index 7aa3129c7dea1..958ee62889f31 100644 --- a/central/imagecomponent/v2/datastore/datastore_sac_test.go +++ b/central/imagecomponent/v2/datastore/datastore_sac_test.go @@ -43,9 +43,8 @@ func (s *componentV2DataStoreSACTestSuite) SetupSuite() { s.imageTestContexts = sacTestUtils.GetNamespaceScopedTestContexts(context.Background(), s.T(), resources.Image) } -func getImageComponentID(component *storage.EmbeddedImageScanComponent, imageID string) string { - componentID, _ := scancomponent.ComponentIDV2(component, imageID) - return componentID +func getImageComponentID(component *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(component, imageID, index) } func (s *componentV2DataStoreSACTestSuite) cleanImageToVulnerabilitiesGraph() { @@ -63,12 +62,12 @@ var ( imageComponent1s2x3 = fixtures.GetEmbeddedImageComponent1s2x3() imageComponent2x4 = fixtures.GetEmbeddedImageComponent2x4() imageComponent2x5 = fixtures.GetEmbeddedImageComponent2x5() - imageComponentID1x1 = getImageComponentID(imageComponent1x1, fixtures.GetImageSherlockHolmes1().GetId()) - imageComponentID1x2 = getImageComponentID(imageComponent1x2, fixtures.GetImageSherlockHolmes1().GetId()) - imageComponentID1s2x3i1 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageSherlockHolmes1().GetId()) - imageComponentID1s2x3i2 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageDoctorJekyll2().GetId()) - imageComponentID2x4 = getImageComponentID(imageComponent2x4, fixtures.GetImageDoctorJekyll2().GetId()) - imageComponentID2x5 = getImageComponentID(imageComponent2x5, fixtures.GetImageDoctorJekyll2().GetId()) + imageComponentID1x1 = getImageComponentID(imageComponent1x1, fixtures.GetImageSherlockHolmes1().GetId(), 0) + imageComponentID1x2 = getImageComponentID(imageComponent1x2, fixtures.GetImageSherlockHolmes1().GetId(), 1) + imageComponentID1s2x3i1 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageSherlockHolmes1().GetId(), 2) + imageComponentID1s2x3i2 = getImageComponentID(imageComponent1s2x3, fixtures.GetImageDoctorJekyll2().GetId(), 0) + imageComponentID2x4 = getImageComponentID(imageComponent2x4, fixtures.GetImageDoctorJekyll2().GetId(), 1) + imageComponentID2x5 = getImageComponentID(imageComponent2x5, fixtures.GetImageDoctorJekyll2().GetId(), 2) imageComponentTestCases = []componentTestCase{ { diff --git a/central/imagev2/datastore/datastore_impl.go b/central/imagev2/datastore/datastore_impl.go index 4295d97a672d2..4c2e4765c06e5 100644 --- a/central/imagev2/datastore/datastore_impl.go +++ b/central/imagev2/datastore/datastore_impl.go @@ -310,24 +310,16 @@ func (ds *datastoreImpl) initializeRankers() { func (ds *datastoreImpl) updateImagePriority(images ...*storage.ImageV2) { for _, image := range images { image.Priority = ds.imageRanker.GetRankForID(image.GetId()) - for _, component := range image.GetScan().GetComponents() { - componentID, err := scancomponent.ComponentIDV2(component, image.GetId()) - if err != nil { - log.Error(err) - continue - } + for index, component := range image.GetScan().GetComponents() { + componentID := scancomponent.ComponentIDV2(component, image.GetId(), index) component.Priority = ds.imageComponentRanker.GetRankForID(componentID) } } } func (ds *datastoreImpl) updateComponentRisk(image *storage.ImageV2) { - for _, component := range image.GetScan().GetComponents() { - componentID, err := scancomponent.ComponentIDV2(component, image.GetId()) - if err != nil { - log.Error(err) - continue - } + for index, component := range image.GetScan().GetComponents() { + componentID := scancomponent.ComponentIDV2(component, image.GetId(), index) component.RiskScore = ds.imageComponentRanker.GetScoreForID(componentID) } } diff --git a/central/imagev2/datastore/datastore_impl_test.go b/central/imagev2/datastore/datastore_impl_test.go index f0123cf50dbfd..616ea3f11a062 100644 --- a/central/imagev2/datastore/datastore_impl_test.go +++ b/central/imagev2/datastore/datastore_impl_test.go @@ -251,12 +251,12 @@ func (s *ImageV2DataStoreTestSuite) TestSortByComponent() { ctx := sac.WithAllAccess(context.Background()) image := fixtures.GetImageV2WithUniqueComponents(5) componentIDs := make([]string, 0, len(image.GetScan().GetComponents())) - for _, component := range image.GetScan().GetComponents() { - compID, err := scancomponent.ComponentIDV2( + for index, component := range image.GetScan().GetComponents() { + compID := scancomponent.ComponentIDV2( component, image.GetId(), + index, ) - s.NoError(err) componentIDs = append(componentIDs, compID) } @@ -311,12 +311,10 @@ func (s *ImageV2DataStoreTestSuite) TestImageDeletes() { testImage.Scan.ScanTime = protocompat.TimestampNow() testImage.Scan.Components = testImage.Scan.Components[:len(testImage.Scan.Components)-1] cveIDsSet := set.NewStringSet() - for _, component := range testImage.GetScan().GetComponents() { - componentID, err := scancomponent.ComponentIDV2(component, testImage.GetId()) - s.NoError(err) - for _, cve := range component.GetVulns() { - cveID, err := pkgCVE.IDV2(cve, componentID) - s.NoError(err) + for compIndex, component := range testImage.GetScan().GetComponents() { + componentID := scancomponent.ComponentIDV2(component, testImage.GetId(), compIndex) + for cveIndex, cve := range component.GetVulns() { + cveID := pkgCVE.IDV2(cve, componentID, cveIndex) cveIDsSet.Add(cveID) } } diff --git a/central/imagev2/datastore/store/common/parts_test.go b/central/imagev2/datastore/store/common/parts_test.go index 4fa45b5a15a5e..ceb27eb102527 100644 --- a/central/imagev2/datastore/store/common/parts_test.go +++ b/central/imagev2/datastore/store/common/parts_test.go @@ -176,11 +176,11 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, }, ScanStats: &storage.ImageV2_ScanStats{ - ComponentCount: 3, - CveCount: 4, - FixableCveCount: 2, - UnknownCveCount: 4, - FixableUnknownCveCount: 2, + ComponentCount: 4, + CveCount: 7, + FixableCveCount: 4, + UnknownCveCount: 7, + FixableUnknownCveCount: 4, }, Scan: &storage.ImageScan{ ScanTime: ts, @@ -301,17 +301,17 @@ func TestSplitAndMergeImageV2(t *testing.T) { ScanTime: ts, }, ScanStats: &storage.ImageV2_ScanStats{ - ComponentCount: 3, - CveCount: 4, - FixableCveCount: 2, - UnknownCveCount: 4, - FixableUnknownCveCount: 2, + ComponentCount: 4, + CveCount: 7, + FixableCveCount: 4, + UnknownCveCount: 7, + FixableUnknownCveCount: 4, }, }, Children: []ComponentPartsV2{ { ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(t, testComponents[0], imageID), + Id: getTestComponentID(testComponents[0], imageID, 0), Name: "comp1", Version: "ver1", ImageIdV2: imageID, @@ -323,7 +323,7 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, { ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(t, testComponents[1], imageID), + Id: getTestComponentID(testComponents[1], imageID, 1), Name: "comp1", Version: "ver2", ImageIdV2: imageID, @@ -334,7 +334,7 @@ func TestSplitAndMergeImageV2(t *testing.T) { Children: []CVEPartsV2{ { CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(t, testCVEs["cve1comp1"], getTestComponentID(t, testComponents[1], imageID)), + Id: getTestCVEID(testCVEs["cve1comp1"], getTestComponentID(testComponents[1], imageID, 1), 0), ImageIdV2: imageID, CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -342,12 +342,12 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(t, testComponents[1], imageID), + ComponentId: getTestComponentID(testComponents[1], imageID, 1), }, }, { CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(t, testCVEs["cve2comp1"], getTestComponentID(t, testComponents[1], imageID)), + Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], imageID, 1), 1), ImageIdV2: imageID, CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -359,14 +359,31 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, IsFixable: true, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(t, testComponents[1], imageID), + ComponentId: getTestComponentID(testComponents[1], imageID, 1), + }, + }, + { + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve2comp1"], getTestComponentID(testComponents[1], imageID, 1), 2), + ImageIdV2: imageID, + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + HasFixedBy: &storage.ImageCVEV2_FixedBy{ + FixedBy: "ver3", + }, + IsFixable: true, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[1], imageID, 1), }, }, }, }, { ComponentV2: &storage.ImageComponentV2{ - Id: getTestComponentID(t, testComponents[2], imageID), + Id: getTestComponentID(testComponents[2], imageID, 2), Name: "comp2", Version: "ver1", ImageIdV2: imageID, @@ -377,7 +394,7 @@ func TestSplitAndMergeImageV2(t *testing.T) { Children: []CVEPartsV2{ { CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(t, testCVEs["cve1comp2"], getTestComponentID(t, testComponents[2], imageID)), + Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], imageID, 2), 0), ImageIdV2: imageID, CveBaseInfo: &storage.CVEInfo{ Cve: "cve1", @@ -389,12 +406,12 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, IsFixable: true, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(t, testComponents[2], imageID), + ComponentId: getTestComponentID(testComponents[2], imageID, 2), }, }, { CVEV2: &storage.ImageCVEV2{ - Id: getTestCVEID(t, testCVEs["cve2comp2"], getTestComponentID(t, testComponents[2], imageID)), + Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], imageID, 2), 1), ImageIdV2: imageID, CveBaseInfo: &storage.CVEInfo{ Cve: "cve2", @@ -402,7 +419,50 @@ func TestSplitAndMergeImageV2(t *testing.T) { }, NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, FirstImageOccurrence: ts, - ComponentId: getTestComponentID(t, testComponents[2], imageID), + ComponentId: getTestComponentID(testComponents[2], imageID, 2), + }, + }, + }, + }, + { + ComponentV2: &storage.ImageComponentV2{ + Id: getTestComponentID(testComponents[2], imageID, 3), + Name: "comp2", + Version: "ver1", + ImageIdV2: imageID, + HasLayerIndex: &storage.ImageComponentV2_LayerIndex{ + LayerIndex: 2, + }, + }, + Children: []CVEPartsV2{ + { + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve1comp2"], getTestComponentID(testComponents[2], imageID, 3), 0), + ImageIdV2: imageID, + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve1", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + HasFixedBy: &storage.ImageCVEV2_FixedBy{ + FixedBy: "ver2", + }, + IsFixable: true, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[2], imageID, 3), + }, + }, + { + CVEV2: &storage.ImageCVEV2{ + Id: getTestCVEID(testCVEs["cve2comp2"], getTestComponentID(testComponents[2], imageID, 3), 1), + ImageIdV2: imageID, + CveBaseInfo: &storage.CVEInfo{ + Cve: "cve2", + CreatedAt: ts, + }, + NvdScoreVersion: storage.CvssScoreVersion_UNKNOWN_VERSION, + FirstImageOccurrence: ts, + ComponentId: getTestComponentID(testComponents[2], imageID, 3), }, }, }, @@ -430,16 +490,12 @@ func TestSplitAndMergeImageV2(t *testing.T) { protoassert.Equal(t, dedupedImageV2(imageID, imageName, imageSha), imageActual) } -func getTestComponentID(t *testing.T, testComponent *storage.EmbeddedImageScanComponent, imageID string) string { - id, err := scancomponent.ComponentIDV2(testComponent, imageID) - assert.NoError(t, err) - return id +func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(testComponent, imageID, index) } -func getTestCVEID(t *testing.T, testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, err := cve.IDV2(testCVE, componentID) - assert.NoError(t, err) - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } func dedupedImageV2(imageID, imageName, imageSha string) *storage.ImageV2 { @@ -455,11 +511,11 @@ func dedupedImageV2(imageID, imageName, imageSha string) *storage.ImageV2 { }, }, ScanStats: &storage.ImageV2_ScanStats{ - ComponentCount: 3, - CveCount: 4, - FixableCveCount: 2, - UnknownCveCount: 4, - FixableUnknownCveCount: 2, + ComponentCount: 4, + CveCount: 7, + FixableCveCount: 4, + UnknownCveCount: 7, + FixableUnknownCveCount: 4, }, Scan: &storage.ImageScan{ ScanTime: ts, @@ -496,6 +552,42 @@ func dedupedImageV2(imageID, imageName, imageSha string) *storage.ImageV2 { FirstImageOccurrence: ts, FirstSystemOccurrence: ts, }, + { + Cve: "cve2", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ + FixedBy: "ver3", + }, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, + }, + }, + { + Name: "comp2", + Version: "ver1", + HasLayerIndex: &storage.EmbeddedImageScanComponent_LayerIndex{ + LayerIndex: 2, + }, + Vulns: []*storage.EmbeddedVulnerability{ + { + Cve: "cve1", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + SetFixedBy: &storage.EmbeddedVulnerability_FixedBy{ + FixedBy: "ver2", + }, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, + { + Cve: "cve2", + VulnerabilityType: storage.EmbeddedVulnerability_IMAGE_VULNERABILITY, + VulnerabilityTypes: []storage.EmbeddedVulnerability_VulnerabilityType{storage.EmbeddedVulnerability_IMAGE_VULNERABILITY}, + FirstImageOccurrence: ts, + FirstSystemOccurrence: ts, + }, }, }, { diff --git a/central/imagev2/datastore/store/common/split.go b/central/imagev2/datastore/store/common/split.go index 79abb613ab889..3930451c20ae1 100644 --- a/central/imagev2/datastore/store/common/split.go +++ b/central/imagev2/datastore/store/common/split.go @@ -34,21 +34,12 @@ func Split(image *storage.ImageV2, withComponents bool) (ImagePartsV2, error) { func splitComponents(parts ImagePartsV2) ([]ComponentPartsV2, error) { ret := make([]ComponentPartsV2, 0, len(parts.Image.GetScan().GetComponents())) - componentMap := make(map[string]*storage.EmbeddedImageScanComponent) - for _, component := range parts.Image.GetScan().GetComponents() { - generatedComponentV2, err := GenerateImageComponentV2(parts.Image.GetScan().GetOperatingSystem(), parts.Image, component) + for index, component := range parts.Image.GetScan().GetComponents() { + generatedComponentV2, err := GenerateImageComponentV2(parts.Image.GetScan().GetOperatingSystem(), parts.Image, index, component) if err != nil { return nil, err } - // dedupe components within the component - if _, ok := componentMap[generatedComponentV2.GetId()]; ok { - log.Infof("Component %s-%s has already been processed in the image. Skipping...", component.GetName(), component.GetVersion()) - continue - } - - componentMap[generatedComponentV2.GetId()] = component - cves, err := splitCVEs(parts.Image.GetId(), generatedComponentV2.GetId(), component) if err != nil { return nil, err @@ -67,21 +58,12 @@ func splitComponents(parts ImagePartsV2) ([]ComponentPartsV2, error) { func splitCVEs(imageID string, componentID string, embedded *storage.EmbeddedImageScanComponent) ([]CVEPartsV2, error) { ret := make([]CVEPartsV2, 0, len(embedded.GetVulns())) - cveMap := make(map[string]*storage.EmbeddedVulnerability) - for _, cve := range embedded.GetVulns() { - convertedCVE, err := utils.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, cve) + for index, cve := range embedded.GetVulns() { + convertedCVE, err := utils.EmbeddedVulnerabilityToImageCVEV2(imageID, componentID, index, cve) if err != nil { return nil, err } - // dedupe CVEs within the component - if _, ok := cveMap[convertedCVE.GetId()]; ok { - log.Infof("CVE %s has already been processed in the image. Skipping...", cve.GetCve()) - continue - } - - cveMap[convertedCVE.GetId()] = cve - cp := CVEPartsV2{ CVEV2: convertedCVE, } @@ -92,11 +74,8 @@ func splitCVEs(imageID string, componentID string, embedded *storage.EmbeddedIma } // GenerateImageComponentV2 returns top-level image component from embedded component. -func GenerateImageComponentV2(os string, image *storage.ImageV2, from *storage.EmbeddedImageScanComponent) (*storage.ImageComponentV2, error) { - componentID, err := scancomponent.ComponentIDV2(from, image.GetId()) - if err != nil { - return nil, err - } +func GenerateImageComponentV2(os string, image *storage.ImageV2, index int, from *storage.EmbeddedImageScanComponent) (*storage.ImageComponentV2, error) { + componentID := scancomponent.ComponentIDV2(from, image.GetId(), index) ret := &storage.ImageComponentV2{ Id: componentID, diff --git a/central/imagev2/datastore/store/postgres/store.go b/central/imagev2/datastore/store/postgres/store.go index 21a8404a554a3..491c4c418a690 100644 --- a/central/imagev2/datastore/store/postgres/store.go +++ b/central/imagev2/datastore/store/postgres/store.go @@ -509,22 +509,16 @@ func (s *storeImpl) upsert(ctx context.Context, obj *storage.ImageV2) error { keys := gatherKeys(imageParts) return s.keyFence.DoStatusWithLock(concurrency.DiscreteKeySet(keys...), func() error { - conn, release, err := s.acquireConn(ctx, ops.Get, "ImageV2") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if err := s.insertIntoImages(ctx, tx, imageParts, metadataUpdated, scanUpdated, iTime); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err + return errors.Wrap(err, "inserting into images") } return tx.Commit(ctx) }) @@ -577,14 +571,6 @@ func (s *storeImpl) retryableExists(ctx context.Context, id string) (bool, error return count == 1, nil } -func wrapRollback(ctx context.Context, tx *postgres.Tx, err error) error { - rollbackErr := tx.Rollback(ctx) - if rollbackErr != nil { - return errors.Wrapf(rollbackErr, "rolling back due to err: %v", err) - } - return err -} - // Get returns the object, if it exists from the store. func (s *storeImpl) Get(ctx context.Context, id string) (*storage.ImageV2, bool, error) { defer metrics.SetPostgresOperationDurationTime(time.Now(), ops.Get, "ImageV2") @@ -595,28 +581,13 @@ func (s *storeImpl) Get(ctx context.Context, id string) (*storage.ImageV2, bool, } func (s *storeImpl) retryableGet(ctx context.Context, id string) (*storage.ImageV2, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "ImageV2") - if err != nil { - return nil, false, err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return nil, false, err } - // Add tx to the context to ensure image metadata plus its components and CVEs are all retrieved - // in the same transaction as the updates. - ctx = postgres.ContextWithTx(ctx, tx) + defer postgres.FinishReadOnlyTransaction(tx) image, found, err := s.getFullImage(ctx, id) - if err != nil { - return nil, false, wrapRollback(ctx, tx, err) - } - - if err := tx.Commit(ctx); err != nil { - return nil, false, err - } return image, found, err } @@ -672,13 +643,8 @@ func (s *storeImpl) getFullImage(ctx context.Context, imageID string) (*storage. return image, true, nil } -func (s *storeImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } func getImageComponents(ctx context.Context, tx *postgres.Tx, imageID string) ([]*storage.ImageComponentV2, error) { @@ -794,22 +760,16 @@ func (s *storeImpl) Delete(ctx context.Context, id string) error { } func (s *storeImpl) retryableDelete(ctx context.Context, id string) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "ImageV2") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if err := s.deleteImageTree(ctx, tx, id); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err + return errors.Wrap(err, "deleting image tree") } return tx.Commit(ctx) } @@ -843,26 +803,17 @@ func (s *storeImpl) GetByIDs(ctx context.Context, ids []string) ([]*storage.Imag } func (s *storeImpl) retryableGetByIDs(ctx context.Context, ids []string) ([]*storage.ImageV2, error) { - conn, release, err := s.acquireConn(ctx, ops.GetMany, "ImageV2") + tx, ctx, err := s.begin(ctx) if err != nil { return nil, err } - defer release() - - tx, err := conn.Begin(ctx) - if err != nil { - return nil, err - } - - // Add tx to the context to ensure image metadata plus its components and CVEs are all retrieved - // in the same transaction as the updates. - ctx = postgres.ContextWithTx(ctx, tx) + defer postgres.FinishReadOnlyTransaction(tx) elems := make([]*storage.ImageV2, 0, len(ids)) for _, id := range ids { msg, found, err := s.getFullImage(ctx, id) if err != nil { - return nil, wrapRollback(ctx, tx, err) + return nil, err } if !found { continue @@ -870,9 +821,6 @@ func (s *storeImpl) retryableGetByIDs(ctx context.Context, ids []string) ([]*sto elems = append(elems, msg) } - if err := tx.Commit(ctx); err != nil { - return nil, err - } return elems, nil } @@ -882,21 +830,11 @@ func (s *storeImpl) WalkByQuery(ctx context.Context, q *v1.Query, fn func(image q = s.applyDefaultSort(q) - conn, release, err := s.acquireConn(ctx, ops.WalkByQuery, "ImageV2") + tx, ctx, err := s.begin(ctx) if err != nil { return err } - defer release() - - tx, err := conn.Begin(ctx) - if err != nil { - return err - } - defer func() { - if err := tx.Rollback(ctx); err != nil { - log.Errorf("error rolling back: %v", err) - } - }() + defer postgres.FinishReadOnlyTransaction(tx) callback := func(image *storage.ImageV2) error { err := s.populateImage(ctx, tx, image) @@ -978,13 +916,7 @@ func (s *storeImpl) retryableUpdateVulnState(ctx context.Context, cve string, im return nil } - conn, release, err := s.acquireConn(ctx, ops.Update, "UpdateVulnState") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } @@ -1019,10 +951,10 @@ func (s *storeImpl) retryableUpdateVulnState(ctx context.Context, cve string, im return s.keyFence.DoStatusWithLock(concurrency.DiscreteKeySet(keys...), func() error { err = s.updateCVEVulnState(ctx, tx, imageCVEs...) if err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err + return errors.Wrap(err, "updating CVE vuln state") } return tx.Commit(ctx) }) diff --git a/central/installation/store/postgres/store.go b/central/installation/store/postgres/store.go index d66c9611be502..e952bb928de87 100644 --- a/central/installation/store/postgres/store.go +++ b/central/installation/store/postgres/store.go @@ -5,6 +5,7 @@ import ( "context" "time" + "github.com/pkg/errors" "github.com/stackrox/rox/central/metrics" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/logging" @@ -83,31 +84,26 @@ func (s *storeImpl) Upsert(ctx context.Context, obj *storage.InstallationInfo) e } func (s *storeImpl) retryableUpsert(ctx context.Context, obj *storage.InstallationInfo) error { - conn, release, err := s.acquireConn(ctx, ops.Get, "InstallationInfo") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if _, err := tx.Exec(ctx, deleteStmt); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from installation_infos") } if err := insertIntoInstallationInfos(ctx, tx, obj); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err - } - if err := tx.Commit(ctx); err != nil { - return err + return errors.Wrap(err, "inserting into installation_infos") } - return nil + + return tx.Commit(ctx) } // Get returns the object, if it exists from the store. @@ -125,13 +121,7 @@ func (s *storeImpl) Get(ctx context.Context) (*storage.InstallationInfo, bool, e } func (s *storeImpl) retryableGet(ctx context.Context) (*storage.InstallationInfo, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "InstallationInfo") - if err != nil { - return nil, false, err - } - defer release() - - row := conn.QueryRow(ctx, getStmt) + row := s.db.QueryRow(ctx, getStmt) var data []byte if err := row.Scan(&data); err != nil { return nil, false, pgutils.ErrNilIfNoRows(err) @@ -144,13 +134,8 @@ func (s *storeImpl) retryableGet(ctx context.Context) (*storage.InstallationInfo return &msg, true, nil } -func (s *storeImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } // Delete removes the singleton from the store @@ -168,16 +153,18 @@ func (s *storeImpl) Delete(ctx context.Context) error { } func (s *storeImpl) retryableDelete(ctx context.Context) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "InstallationInfo") + tx, ctx, err := s.begin(ctx) if err != nil { return err } - defer release() - if _, err := conn.Exec(ctx, deleteStmt); err != nil { - return err + if _, err := tx.Exec(ctx, deleteStmt); err != nil { + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from installation_infos") } - return nil + return tx.Commit(ctx) } // Used for Testing diff --git a/central/installation/store/postgres/store_test.go b/central/installation/store/postgres/store_test.go index 8fea27a1e8bca..b622da6c88edb 100644 --- a/central/installation/store/postgres/store_test.go +++ b/central/installation/store/postgres/store_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/postgres" "github.com/stackrox/rox/pkg/postgres/pgtest" "github.com/stackrox/rox/pkg/protoassert" "github.com/stackrox/rox/pkg/sac" @@ -78,3 +79,25 @@ func (s *InstallationInfosStoreSuite) TestStore() { s.True(exists) protoassert.Equal(s.T(), installationInfo, foundInstallationInfo) } + +func (s *InstallationInfosStoreSuite) TestGetWithTransactionContext() { + ctx := sac.WithAllAccess(context.Background()) + store := s.store + + installationInfo := &storage.InstallationInfo{} + s.NoError(testutils.FullInit(installationInfo, testutils.SimpleInitializer(), testutils.JSONFieldsFilter)) + s.NoError(store.Upsert(ctx, installationInfo)) + + // Create explicit transaction + tx, err := s.testDB.DB.Begin(ctx) + s.NoError(err) + defer tx.Rollback(ctx) + + // Pass transaction context to Get + txCtx := postgres.ContextWithTx(ctx, tx) + retrieved, exists, err := store.Get(txCtx) + + s.NoError(err) + s.True(exists) + protoassert.Equal(s.T(), installationInfo, retrieved) +} diff --git a/central/networkgraph/flow/datastore/internal/store/postgres/store.go b/central/networkgraph/flow/datastore/internal/store/postgres/store.go index 69abea6fea7a5..b96b18af0b382 100644 --- a/central/networkgraph/flow/datastore/internal/store/postgres/store.go +++ b/central/networkgraph/flow/datastore/internal/store/postgres/store.go @@ -282,13 +282,7 @@ func New(db postgres.DB, clusterID string, networktreeMgr networktree.Manager) F } func (s *flowStoreImpl) copyFrom(ctx context.Context, lastUpdateTS timestamp.MicroTS, objs ...*storage.NetworkFlow) error { - conn, release, err := s.acquireConn(ctx, ops.Get, "NetworkFlow") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } @@ -299,26 +293,16 @@ func (s *flowStoreImpl) copyFrom(ctx context.Context, lastUpdateTS timestamp.Mic } return err } - if err := tx.Commit(ctx); err != nil { - return err - } - return nil + return tx.Commit(ctx) } func (s *flowStoreImpl) upsert(ctx context.Context, lastUpdateTS timestamp.MicroTS, objs ...*storage.NetworkFlow) error { - conn, release, err := s.acquireConn(ctx, ops.Get, "NetworkFlow") - if err != nil { - return err - } - defer release() - // Moved the transaction outside the loop which greatly improved the performance of these individual inserts. - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } for _, obj := range objs { - if err := s.insertIntoNetworkflow(ctx, tx, s.clusterID, obj, lastUpdateTS); err != nil { if rollbackErr := tx.Rollback(ctx); rollbackErr != nil { return errors.Wrapf(rollbackErr, "rolling back due to err: %v", err) @@ -327,10 +311,7 @@ func (s *flowStoreImpl) upsert(ctx context.Context, lastUpdateTS timestamp.Micro } } - if err := tx.Commit(ctx); err != nil { - return err - } - return nil + return tx.Commit(ctx) } func (s *flowStoreImpl) UpsertFlows(ctx context.Context, flows []*storage.NetworkFlow, lastUpdateTS timestamp.MicroTS) error { @@ -354,13 +335,8 @@ func (s *flowStoreImpl) retryableUpsertFlows(ctx context.Context, flows []*stora return s.copyFrom(ctx, lastUpdateTS, flows...) } -func (s *flowStoreImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *flowStoreImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } func (s *flowStoreImpl) readRows(rows pgx.Rows, pred func(*storage.NetworkFlowProperties) bool) ([]*storage.NetworkFlow, error) { @@ -472,16 +448,10 @@ func (s *flowStoreImpl) retryableRemoveFlowsForDeployment(ctx context.Context, i } func (s *flowStoreImpl) removeDeploymentFlows(ctx context.Context, deleteStmt string, id string) error { - conn, release, err := s.acquireConn(ctx, ops.RemoveFlowsByDeployment, "NetworkFlow") - if err != nil { - return err - } - defer release() - ctx, cancel := context.WithTimeout(ctx, deleteTimeout) defer cancel() - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } @@ -498,16 +468,10 @@ func (s *flowStoreImpl) removeDeploymentFlows(ctx context.Context, deleteStmt st } func (s *flowStoreImpl) removeAndReturnDeploymentFlows(ctx context.Context, deleteStmt string, id string) ([]*storage.NetworkFlow, error) { - conn, release, err := s.acquireConn(ctx, ops.RemoveFlowsByDeployment, "NetworkFlow") - if err != nil { - return nil, err - } - defer release() - ctx, cancel := context.WithTimeout(ctx, deleteTimeout) defer cancel() - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return nil, err } @@ -525,11 +489,7 @@ func (s *flowStoreImpl) removeAndReturnDeploymentFlows(ctx context.Context, dele return nil, err } - if err := tx.Commit(ctx); err != nil { - return nil, err - } - - return flows, nil + return flows, tx.Commit(ctx) } // GetAllFlows returns the object, if it exists from the store, timestamp and error @@ -654,14 +614,8 @@ func (s *flowStoreImpl) delete(ctx context.Context, objs ...*storage.NetworkFlow s.mutex.Lock() defer s.mutex.Unlock() - conn, release, err := s.acquireConn(ctx, ops.Remove, "NetworkFlow") - if err != nil { - return err - } - defer release() - // Moved the transaction outside the loop which greatly improved the performance of these individual inserts. - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } @@ -674,12 +628,8 @@ func (s *flowStoreImpl) delete(ctx context.Context, objs ...*storage.NetworkFlow } return err } - - } - if err := tx.Commit(ctx); err != nil { - return err } - return nil + return tx.Commit(ctx) } // RemoveFlow removes the specified flow from the store @@ -764,33 +714,18 @@ func (s *flowStoreImpl) pruneOrphanExternalEntities(ctx context.Context, srcFlow } func (s *flowStoreImpl) pruneFlows(ctx context.Context, deleteStmt string, orphanWindow *time.Time) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "NetworkFlow") - if err != nil { - return err - } - defer release() - ctx, cancel := context.WithTimeout(ctx, deleteTimeout) defer cancel() - if _, err := conn.Exec(ctx, deleteStmt, s.clusterID, orphanWindow); err != nil { - return err - } - - return nil + _, err := s.db.Exec(ctx, deleteStmt, s.clusterID, orphanWindow) + return err } func (s *flowStoreImpl) pruneAndReturnFlows(ctx context.Context, deleteStmt string, orphanWindow *time.Time) ([]*storage.NetworkFlow, error) { - conn, release, err := s.acquireConn(ctx, ops.Remove, "NetworkFlow") - if err != nil { - return nil, err - } - defer release() - ctx, cancel := context.WithTimeout(ctx, deleteTimeout) defer cancel() - rows, err := conn.Query(ctx, deleteStmt, s.clusterID, orphanWindow) + rows, err := s.db.Query(ctx, deleteStmt, s.clusterID, orphanWindow) if err != nil { return nil, err } @@ -799,16 +734,10 @@ func (s *flowStoreImpl) pruneAndReturnFlows(ctx context.Context, deleteStmt stri } func (s *flowStoreImpl) pruneEntities(ctx context.Context, deleteStmt string, entityIds []string) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "NetworkFlow") - if err != nil { - return err - } - defer release() - ctx, cancel := context.WithTimeout(ctx, deleteTimeout) defer cancel() - rows, err := conn.Query(ctx, deleteStmt, entityIds) + rows, err := s.db.Query(ctx, deleteStmt, entityIds) if err != nil { return err } @@ -839,18 +768,12 @@ func (s *flowStoreImpl) RemoveStaleFlows(ctx context.Context) error { s.mutex.Lock() defer s.mutex.Unlock() - conn, release, err := s.acquireConn(ctx, ops.Remove, "NetworkFlow") - if err != nil { - return err - } - defer release() - // This is purposefully not retried as this is an optimization and not a requirement // It is also currently prone to statement timeouts ctx, cancel := context.WithTimeout(ctx, deleteTimeout) defer cancel() prune := fmt.Sprintf(pruneStaleNetworkFlowsStmt, s.partitionName, s.partitionName) - _, err = conn.Exec(ctx, prune) + _, err := s.db.Exec(ctx, prune) return err } diff --git a/central/node/datastore/store/postgres/store.go b/central/node/datastore/store/postgres/store.go index 3bee67f5f5528..542298a30047f 100644 --- a/central/node/datastore/store/postgres/store.go +++ b/central/node/datastore/store/postgres/store.go @@ -556,22 +556,16 @@ func (s *storeImpl) upsert(ctx context.Context, obj *storage.Node) error { keys := gatherKeys(nodeParts) return s.keyFence.DoStatusWithLock(concurrency.DiscreteKeySet(keys...), func() error { - conn, release, err := s.acquireConn(ctx, ops.Upsert, "Node") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if err := s.insertIntoNodes(ctx, tx, nodeParts, scanUpdated, iTime); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err + return errors.Wrap(err, "inserting into nodes") } return tx.Commit(ctx) }) @@ -642,22 +636,14 @@ func (s *storeImpl) Get(ctx context.Context, id string) (*storage.Node, bool, er } func (s *storeImpl) retryableGet(ctx context.Context, id string) (*storage.Node, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "Node") + tx, ctx, err := s.begin(ctx) if err != nil { return nil, false, err } - defer release() + defer postgres.FinishReadOnlyTransaction(tx) - tx, err := conn.Begin(ctx) - if err != nil { - return nil, false, err - } - node, found, getErr := s.getFullNode(ctx, tx, id) - // No changes are made to the database, so COMMIT or ROLLBACK have same effect. - if err := tx.Commit(ctx); err != nil { - return nil, false, err - } - return node, found, getErr + node, found, err := s.getFullNode(ctx, tx, id) + return node, found, err } func (s *storeImpl) populateNode(ctx context.Context, tx *postgres.Tx, node *storage.Node) error { @@ -805,13 +791,8 @@ func getComponentCVEEdges(ctx context.Context, tx *postgres.Tx, componentIDs []s return componentIDToEdgesMap, rows.Err() } -func (s *storeImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } // Delete removes the specified ID from the store @@ -824,22 +805,16 @@ func (s *storeImpl) Delete(ctx context.Context, id string) error { } func (s *storeImpl) retryableDelete(ctx context.Context, id string) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "Node") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if err := s.deleteNodeTree(ctx, tx, id); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err + return errors.Wrap(err, "deleting node tree") } return tx.Commit(ctx) } @@ -872,25 +847,16 @@ func (s *storeImpl) GetMany(ctx context.Context, ids []string) ([]*storage.Node, } func (s *storeImpl) retryableGetMany(ctx context.Context, ids []string) ([]*storage.Node, []int, error) { - conn, release, err := s.acquireConn(ctx, ops.GetMany, "Node") - if err != nil { - return nil, nil, err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return nil, nil, err } + defer postgres.FinishReadOnlyTransaction(tx) resultsByID := make(map[string]*storage.Node) for _, id := range ids { msg, found, err := s.getFullNode(ctx, tx, id) if err != nil { - // No changes are made to the database, so COMMIT or ROLLBACK have the same effect. - if err := tx.Commit(ctx); err != nil { - return nil, nil, err - } return nil, nil, err } if !found { @@ -898,10 +864,6 @@ func (s *storeImpl) retryableGetMany(ctx context.Context, ids []string) ([]*stor } resultsByID[msg.GetId()] = msg } - // No changes are made to the database, so COMMIT or ROLLBACK have the same effect. - if err := tx.Commit(ctx); err != nil { - return nil, nil, err - } missingIndices := make([]int, 0, len(ids)-len(resultsByID)) // It is important that the elems are populated in the same order as the input ids @@ -923,21 +885,11 @@ func (s *storeImpl) WalkByQuery(ctx context.Context, q *v1.Query, fn func(node * q = applyDefaultSort(q) - conn, release, err := s.acquireConn(ctx, ops.WalkByQuery, "Node") + tx, ctx, err := s.begin(ctx) if err != nil { return err } - defer release() - - tx, err := conn.Begin(ctx) - if err != nil { - return err - } - defer func() { - if err := tx.Rollback(ctx); err != nil { - log.Errorf("error rolling back: %v", err) - } - }() + defer postgres.FinishReadOnlyTransaction(tx) callback := func(node *storage.Node) error { err := s.populateNode(ctx, tx, node) @@ -967,13 +919,7 @@ func (s *storeImpl) GetNodeMetadata(ctx context.Context, id string) (*storage.No } func (s *storeImpl) retryableGetNodeMetadata(ctx context.Context, id string) (*storage.Node, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "NodeMetadata") - if err != nil { - return nil, false, err - } - defer release() - - row := conn.QueryRow(ctx, getNodeMetaStmt, id) + row := s.db.QueryRow(ctx, getNodeMetaStmt, id) var data []byte if err := row.Scan(&data); err != nil { return nil, false, pgutils.ErrNilIfNoRows(err) diff --git a/central/node/datastore/store/postgres/store_test.go b/central/node/datastore/store/postgres/store_test.go index fed923e2a565b..cf78acc89c9dd 100644 --- a/central/node/datastore/store/postgres/store_test.go +++ b/central/node/datastore/store/postgres/store_test.go @@ -4,6 +4,7 @@ package postgres import ( "context" + "fmt" "testing" "time" @@ -108,6 +109,29 @@ func (s *NodesStoreSuite) TestStore() { s.Nil(foundNode) } +func (s *NodesStoreSuite) TestWalkByQuery() { + store := CreateTableAndNewStore(s.ctx, s.T(), s.pool, s.gormDB, false) + + node := &storage.Node{} + s.NoError(testutils.FullInit(node, testutils.UniqueInitializer(), testutils.JSONFieldsFilter)) + + node2 := node.CloneVT() + node2.Id = uuid.NewDummy().String() + + s.NoError(store.Upsert(s.ctx, node)) + s.NoError(store.Upsert(s.ctx, node2)) + + walkFn := func(obj *storage.Node) error { + if obj.GetId() != node.GetId() { + return fmt.Errorf("expected node1 but got %s", obj.GetId()) + } + return nil + } + + q := search.NewQueryBuilder().AddExactMatches(search.NodeID, node.GetId()).ProtoQuery() + s.NoError(store.WalkByQuery(s.ctx, q, walkFn)) +} + func (s *NodesStoreSuite) TestStore_UpsertWithoutScan() { store := CreateTableAndNewStore(s.ctx, s.T(), s.pool, s.gormDB, false) @@ -236,3 +260,93 @@ func stripComponents(n *storage.Node) *storage.Node { node.GetScan().Components = nil return node } + +func (s *NodesStoreSuite) TestGetWithTransactionContext() { + store := CreateTableAndNewStore(s.ctx, s.T(), s.pool, s.gormDB, false) + + node := &storage.Node{} + s.NoError(testutils.FullInit(node, testutils.UniqueInitializer(), testutils.JSONFieldsFilter)) + for _, comp := range node.GetScan().GetComponents() { + comp.Vulns = nil + } + + // Insert test data + s.NoError(store.Upsert(s.ctx, node)) + + // Create explicit transaction + tx, err := s.pool.Begin(s.ctx) + s.NoError(err) + + // Pass transaction context to Get + ctx := postgres.ContextWithTx(s.ctx, tx) + retrieved, ok, err := store.Get(ctx, node.GetId()) + + s.NoError(err) + s.True(ok) + s.Equal(node.GetId(), retrieved.GetId()) + s.NoError(tx.Rollback(s.ctx)) +} + +func (s *NodesStoreSuite) TestGetManyWithTransactionContext() { + store := CreateTableAndNewStore(s.ctx, s.T(), s.pool, s.gormDB, false) + + node1 := &storage.Node{} + s.NoError(testutils.FullInit(node1, testutils.UniqueInitializer(), testutils.JSONFieldsFilter)) + for _, comp := range node1.GetScan().GetComponents() { + comp.Vulns = nil + } + + node2 := &storage.Node{} + s.NoError(testutils.FullInit(node2, testutils.UniqueInitializer(), testutils.JSONFieldsFilter)) + for _, comp := range node2.GetScan().GetComponents() { + comp.Vulns = nil + } + + // Insert test data + s.NoError(store.Upsert(s.ctx, node1)) + s.NoError(store.Upsert(s.ctx, node2)) + + // Create explicit transaction + tx, err := s.pool.Begin(s.ctx) + s.NoError(err) + + // Pass transaction context to GetMany + ctx := postgres.ContextWithTx(s.ctx, tx) + nodes, missing, err := store.GetMany(ctx, []string{node1.GetId(), node2.GetId()}) + + s.NoError(err) + s.Empty(missing) + s.Len(nodes, 2) + s.NoError(tx.Rollback(s.ctx)) +} + +func (s *NodesStoreSuite) TestWalkByQueryWithTransactionContext() { + store := CreateTableAndNewStore(s.ctx, s.T(), s.pool, s.gormDB, false) + + node := &storage.Node{} + s.NoError(testutils.FullInit(node, testutils.UniqueInitializer(), testutils.JSONFieldsFilter)) + for _, comp := range node.GetScan().GetComponents() { + comp.Vulns = nil + } + + // Insert test data + s.NoError(store.Upsert(s.ctx, node)) + + // Create explicit transaction + tx, err := s.pool.Begin(s.ctx) + s.NoError(err) + + // Pass transaction context to WalkByQuery + ctx := postgres.ContextWithTx(s.ctx, tx) + var count int + walkFn := func(n *storage.Node) error { + count++ + s.Equal(node.GetId(), n.GetId()) + return nil + } + + q := search.NewQueryBuilder().AddExactMatches(search.NodeID, node.GetId()).ProtoQuery() + s.NoError(store.WalkByQuery(ctx, q, walkFn)) + s.Equal(1, count) + s.NoError(tx.Rollback(s.ctx)) +} diff --git a/central/notifier/encconfig/datastore/store/postgres/store.go b/central/notifier/encconfig/datastore/store/postgres/store.go index b6aff60ddedbf..7618031672e2c 100644 --- a/central/notifier/encconfig/datastore/store/postgres/store.go +++ b/central/notifier/encconfig/datastore/store/postgres/store.go @@ -5,6 +5,7 @@ import ( "context" "time" + "github.com/pkg/errors" "github.com/stackrox/rox/central/metrics" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/logging" @@ -83,31 +84,26 @@ func (s *storeImpl) Upsert(ctx context.Context, obj *storage.NotifierEncConfig) } func (s *storeImpl) retryableUpsert(ctx context.Context, obj *storage.NotifierEncConfig) error { - conn, release, err := s.acquireConn(ctx, ops.Get, "NotifierEncConfig") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if _, err := tx.Exec(ctx, deleteStmt); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from notifier_enc_configs") } if err := insertIntoNotifierEncConfigs(ctx, tx, obj); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err - } - if err := tx.Commit(ctx); err != nil { - return err + return errors.Wrap(err, "inserting into notifier_enc_configs") } - return nil + + return tx.Commit(ctx) } // Get returns the object, if it exists from the store. @@ -125,13 +121,7 @@ func (s *storeImpl) Get(ctx context.Context) (*storage.NotifierEncConfig, bool, } func (s *storeImpl) retryableGet(ctx context.Context) (*storage.NotifierEncConfig, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "NotifierEncConfig") - if err != nil { - return nil, false, err - } - defer release() - - row := conn.QueryRow(ctx, getStmt) + row := s.db.QueryRow(ctx, getStmt) var data []byte if err := row.Scan(&data); err != nil { return nil, false, pgutils.ErrNilIfNoRows(err) @@ -144,13 +134,8 @@ func (s *storeImpl) retryableGet(ctx context.Context) (*storage.NotifierEncConfi return &msg, true, nil } -func (s *storeImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } // Delete removes the singleton from the store @@ -168,16 +153,18 @@ func (s *storeImpl) Delete(ctx context.Context) error { } func (s *storeImpl) retryableDelete(ctx context.Context) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "NotifierEncConfig") + tx, ctx, err := s.begin(ctx) if err != nil { return err } - defer release() - if _, err := conn.Exec(ctx, deleteStmt); err != nil { - return err + if _, err := tx.Exec(ctx, deleteStmt); err != nil { + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from notifier_enc_configs") } - return nil + return tx.Commit(ctx) } // Used for Testing diff --git a/central/notifier/encconfig/datastore/store/postgres/store_test.go b/central/notifier/encconfig/datastore/store/postgres/store_test.go index d23d00e349a86..83bbecfd83618 100644 --- a/central/notifier/encconfig/datastore/store/postgres/store_test.go +++ b/central/notifier/encconfig/datastore/store/postgres/store_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/postgres" "github.com/stackrox/rox/pkg/postgres/pgtest" "github.com/stackrox/rox/pkg/protoassert" "github.com/stackrox/rox/pkg/sac" @@ -78,3 +79,25 @@ func (s *NotifierEncConfigsStoreSuite) TestStore() { s.True(exists) protoassert.Equal(s.T(), notifierEncConfig, foundNotifierEncConfig) } + +func (s *NotifierEncConfigsStoreSuite) TestGetWithTransactionContext() { + ctx := sac.WithAllAccess(context.Background()) + store := s.store + + notifierEncConfig := &storage.NotifierEncConfig{} + s.NoError(testutils.FullInit(notifierEncConfig, testutils.SimpleInitializer(), testutils.JSONFieldsFilter)) + s.NoError(store.Upsert(ctx, notifierEncConfig)) + + // Create explicit transaction + tx, err := s.testDB.DB.Begin(ctx) + s.NoError(err) + defer tx.Rollback(ctx) + + // Pass transaction context to Get + txCtx := postgres.ContextWithTx(ctx, tx) + retrieved, exists, err := store.Get(txCtx) + + s.NoError(err) + s.True(exists) + protoassert.Equal(s.T(), notifierEncConfig, retrieved) +} diff --git a/central/policy/datastore/datastore_impl.go b/central/policy/datastore/datastore_impl.go index a13e29760788a..8ec6006459272 100644 --- a/central/policy/datastore/datastore_impl.go +++ b/central/policy/datastore/datastore_impl.go @@ -203,16 +203,17 @@ func (ds *datastoreImpl) GetAllPolicies(ctx context.Context) ([]*storage.Policy, var policies []*storage.Policy err := ds.storage.Walk(ctx, func(policy *storage.Policy) error { policies = append(policies, policy) - err := ds.fillCategoryNames(ctx, policy) - if err != nil { - return errorsPkg.Wrap(err, "failed to fill category names") - } return nil }) if err != nil { return nil, err } + err = ds.fillCategoryNames(ctx, policies...) + if err != nil { + return nil, errorsPkg.Wrap(err, "failed to fill category names") + } + return policies, err } diff --git a/central/policy/datastore/datastore_impl_postgres_test.go b/central/policy/datastore/datastore_impl_postgres_test.go index 7fb174a3c4a72..d7822494df518 100644 --- a/central/policy/datastore/datastore_impl_postgres_test.go +++ b/central/policy/datastore/datastore_impl_postgres_test.go @@ -24,6 +24,7 @@ import ( "github.com/stackrox/rox/pkg/sac" "github.com/stackrox/rox/pkg/sac/resources" pkgSearch "github.com/stackrox/rox/pkg/search" + "github.com/stackrox/rox/pkg/uuid" "github.com/stretchr/testify/suite" "go.uber.org/mock/gomock" "gorm.io/gorm" @@ -373,3 +374,106 @@ func (s *PolicyPostgresDataStoreTestSuite) TestTransactionRollbacks() { // Clean up policy _ = s.datastoreWithMockCategoryDS.RemovePolicy(ctx, policy) } + +func (s *PolicyPostgresDataStoreTestSuite) TestAddDefaultsDeduplicatesCategoryNames() { + ctx := sac.WithAllAccess(context.Background()) + + // Create a policy with incorrect category names that need to be deduplicated + policy := fixtures.GetPolicy() + policy.Id = "test-policy-dedup" + policy.Name = "Test Policy for Deduplication" + + // Add the policy first + _, err := s.datastore.AddPolicy(ctx, policy) + s.NoError(err) + + // Clear existing categories from the policy + err = s.categoryDS.SetPolicyCategoriesForPolicy(ctx, policy.GetId(), []string{}) + s.NoError(err) + + // Create categories with incorrect names directly using the store to bypass normalization + // These are the incorrect names: "Docker Cis" and "Devops Best Practices" + categoryStorage := categoryPostgres.New(s.db) + edgeStorage := edgePostgres.New(s.db) + edgeDS := policyCategoryEdgeDS.New(edgeStorage) + + dockerCisCategory := &storage.PolicyCategory{ + Id: uuid.NewV4().String(), + Name: "Docker Cis", + IsDefault: false, + } + devopsCategory := &storage.PolicyCategory{ + Id: uuid.NewV4().String(), + Name: "Devops Best Practices", + IsDefault: false, + } + + // Upsert the incorrect categories directly to the store + err = categoryStorage.Upsert(ctx, dockerCisCategory) + s.NoError(err) + err = categoryStorage.Upsert(ctx, devopsCategory) + s.NoError(err) + + // Create edges linking the policy to the incorrect categories + dockerCisEdge := &storage.PolicyCategoryEdge{ + Id: uuid.NewV4().String(), + PolicyId: policy.GetId(), + CategoryId: dockerCisCategory.GetId(), + } + devopsEdge := &storage.PolicyCategoryEdge{ + Id: uuid.NewV4().String(), + PolicyId: policy.GetId(), + CategoryId: devopsCategory.GetId(), + } + err = edgeDS.UpsertMany(ctx, []*storage.PolicyCategoryEdge{dockerCisEdge, devopsEdge}) + s.NoError(err) + + // Verify the policy has the incorrect category names + categories, err := s.categoryDS.GetPolicyCategoriesForPolicy(ctx, policy.GetId()) + s.NoError(err) + s.Len(categories, 2) + categoryNames := make([]string, len(categories)) + for i, c := range categories { + categoryNames[i] = c.GetName() + } + s.Contains(categoryNames, "Docker Cis") + s.Contains(categoryNames, "Devops Best Practices") + + // Verify the incorrect category objects exist + searchQuery := pkgSearch.NewQueryBuilder().AddExactMatches(pkgSearch.PolicyCategoryName, "Docker Cis", "Devops Best Practices").ProtoQuery() + results, err := s.categoryDS.Search(ctx, searchQuery) + s.NoError(err) + s.Len(results, 2) // Both incorrect categories should exist + + // Now call addDefaults which should fix the category names + policyStorage := policyStore.New(s.db) + addDefaults(policyStorage, s.categoryDS, s.datastore) + + // Verify the policy now has the correct category names + categories, err = s.categoryDS.GetPolicyCategoriesForPolicy(ctx, policy.GetId()) + s.NoError(err) + s.Len(categories, 2) + categoryNames = make([]string, len(categories)) + for i, c := range categories { + categoryNames[i] = c.GetName() + } + s.Contains(categoryNames, "Docker CIS") + s.Contains(categoryNames, "DevOps Best Practices") + s.NotContains(categoryNames, "Docker Cis") + s.NotContains(categoryNames, "Devops Best Practices") + + // Verify the incorrect category objects have been deleted + searchQuery = pkgSearch.NewQueryBuilder().AddExactMatches(pkgSearch.PolicyCategoryName, "Docker Cis", "Devops Best Practices").ProtoQuery() + results, err = s.categoryDS.Search(ctx, searchQuery) + s.NoError(err) + s.Len(results, 0) // Both incorrect categories should be deleted + + // Verify the correct category objects exist + searchQuery = pkgSearch.NewQueryBuilder().AddExactMatches(pkgSearch.PolicyCategoryName, "Docker CIS", "DevOps Best Practices").ProtoQuery() + results, err = s.categoryDS.Search(ctx, searchQuery) + s.NoError(err) + s.Len(results, 2) // Both correct categories should exist + + // Clean up + s.NoError(s.datastore.RemovePolicy(ctx, policy)) +} diff --git a/central/policy/datastore/singleton.go b/central/policy/datastore/singleton.go index bbb01ee410cc6..2afb24dd45e54 100644 --- a/central/policy/datastore/singleton.go +++ b/central/policy/datastore/singleton.go @@ -13,7 +13,9 @@ import ( "github.com/stackrox/rox/pkg/defaults/policies" "github.com/stackrox/rox/pkg/policyutils" "github.com/stackrox/rox/pkg/sac" + searchPkg "github.com/stackrox/rox/pkg/search" "github.com/stackrox/rox/pkg/set" + "github.com/stackrox/rox/pkg/sliceutils" "github.com/stackrox/rox/pkg/sync" "github.com/stackrox/rox/pkg/utils" ) @@ -32,7 +34,7 @@ func initialize() { categoriesDatastore := categoriesDS.Singleton() ad = New(storage, clusterDatastore, notifierDatastore, categoriesDatastore) - addDefaults(storage, categoriesDatastore) + addDefaults(storage, categoriesDatastore, ad) } // Singleton provides the interface for non-service external interaction. @@ -44,20 +46,69 @@ func Singleton() DataStore { // addDefaults adds the default policies into the postgres table for policies. // TODO: ROX-11279: Data migration for postgres should take care of removing default policies in the bolt bucket named removed_default_policies // from the policies table in postgres -func addDefaults(s policyStore.Store, categoriesDS categoriesDS.DataStore) { +func addDefaults(s policyStore.Store, categoriesDS categoriesDS.DataStore, fullStore DataStore) { policyIDSet := set.NewStringSet() + storedPolicies := make([]*storage.Policy, 0) err := s.Walk(workflowAdministrationCtx, func(p *storage.Policy) error { policyIDSet.Add(p.GetId()) // Unrelated to adding/checking default policies, this was put here to prevent looping through all policies a second time if p.Source == storage.PolicySource_DECLARATIVE { metrics.IncrementTotalExternalPoliciesGauge() } + storedPolicies = append(storedPolicies, p) return nil }) + if err != nil { panic(err) } + // ROX-31406: Fix categories that were impacted by previous bug + for _, p := range storedPolicies { + var categories []*storage.PolicyCategory + categories, err = categoriesDS.GetPolicyCategoriesForPolicy(workflowAdministrationCtx, p.GetId()) + if err != nil { + panic(err) + } + shouldReupsert := false + p.Categories = sliceutils.Map[*storage.PolicyCategory, string](categories, func(c *storage.PolicyCategory) string { + // Both Docker CIS and DevOps Best Practices were broken as a result of a change made in 4.8 that added + // a title case enforcement on policies that were added, not accounting for the fact that words may have + // more than just the first character capitalized. This code section just fixes the default categories + // that may have been duplicated as a result of this. + if c.GetName() == "Docker Cis" { + shouldReupsert = true + return "Docker CIS" + } else if c.GetName() == "Devops Best Practices" { + shouldReupsert = true + return "DevOps Best Practices" + } + return c.GetName() + }) + if shouldReupsert { + // Update policy, taking advantage of the full datastore updating edges for us + err = fullStore.UpdatePolicy(sac.WithAllAccess(context.Background()), p) + if err != nil { + panic(err) + } + } + } + + // Clean up invalid policy categories + var results []searchPkg.Result + q := searchPkg.NewQueryBuilder().AddExactMatches(searchPkg.PolicyCategoryName, "Devops Best Practices", "Docker Cis").ProtoQuery() + results, err = categoriesDS.Search(workflowAdministrationCtx, q) + if err != nil { + panic(err) + } + for _, result := range results { + err = categoriesDS.DeletePolicyCategory(sac.WithAllAccess(context.Background()), result.ID) + if err != nil { + panic(err) + } + } + // End ROX-31406-specific code + // Preload the default policies. defaultPolicies, err := policies.DefaultPolicies() // Hard panic here is okay, since we can always guarantee that we will be able to get the default policies out. diff --git a/central/policycategory/datastore/datastore_impl.go b/central/policycategory/datastore/datastore_impl.go index 3f7388a8c80be..6a9982c1b93d7 100644 --- a/central/policycategory/datastore/datastore_impl.go +++ b/central/policycategory/datastore/datastore_impl.go @@ -26,12 +26,13 @@ import ( var ( log = logging.LoggerForModule() policyCategorySAC = sac.ForResource(resources.WorkflowAdministration) - titleCase = cases.Title(language.English) policyCategoryCtx = sac.WithGlobalAccessScopeChecker(context.Background(), sac.AllowFixedScopes( sac.AccessModeScopeKeys(storage.Access_READ_ACCESS, storage.Access_READ_WRITE_ACCESS), sac.ResourceScopeKeys(resources.WorkflowAdministration))) + + titleCase = cases.Title(language.English, cases.NoLower) ) type datastoreImpl struct { diff --git a/central/reports/scheduler/v2/reportgenerator/report_gen_bench_flat_data_model_test.go b/central/reports/scheduler/v2/reportgenerator/report_gen_bench_flat_data_model_test.go index 94d99de21e27c..41de86da9c65a 100644 --- a/central/reports/scheduler/v2/reportgenerator/report_gen_bench_flat_data_model_test.go +++ b/central/reports/scheduler/v2/reportgenerator/report_gen_bench_flat_data_model_test.go @@ -76,7 +76,7 @@ func BenchmarkFlatDataModelReportGenerator(b *testing.B) { storage.VulnerabilityReportFilters_WATCHED, } - expectedRowCount := 5002 + expectedRowCount := 5000 reportSnap := testReportSnapshot(collection.GetId(), fixability, severities, imageTypes, nil) diff --git a/central/reports/scheduler/v2/reportgenerator/report_gen_bench_test.go b/central/reports/scheduler/v2/reportgenerator/report_gen_bench_test.go index 50eccdd801119..5aa37c3051d0c 100644 --- a/central/reports/scheduler/v2/reportgenerator/report_gen_bench_test.go +++ b/central/reports/scheduler/v2/reportgenerator/report_gen_bench_test.go @@ -80,7 +80,7 @@ func BenchmarkReportGenerator(b *testing.B) { storage.VulnerabilityReportFilters_WATCHED, } - expectedRowCount := 5002 + expectedRowCount := 5000 reportSnap := testReportSnapshot(collection.GetId(), fixability, severities, imageTypes, nil) diff --git a/central/reports/scheduler/v2/reportgenerator/report_gen_impl.go b/central/reports/scheduler/v2/reportgenerator/report_gen_impl.go index 540978afb34b2..9afba35ecb880 100644 --- a/central/reports/scheduler/v2/reportgenerator/report_gen_impl.go +++ b/central/reports/scheduler/v2/reportgenerator/report_gen_impl.go @@ -45,7 +45,7 @@ var ( reportGenCtx = resolvers.SetAuthorizerOverride(loaders.WithLoaderContext(sac.WithAllAccess(context.Background())), allow.Anonymous()) deployedImagesQueryParts = &ReportQueryParts{ - Schema: selectDeployedImagesSchema(), + Schema: selectSchema(), Selects: getSelectsDeployedImages(), Pagination: search.NewPagination(). AddSortOption(search.NewSortOption(search.Cluster)). @@ -514,14 +514,6 @@ func filterOnImageType(imageTypes []storage.VulnerabilityReportFilters_ImageType return false } -func selectDeployedImagesSchema() *walker.Schema { - // When usinng deployments schema, the greedy approach of query builder will select image name from deployments_containers table. - // This will avoid the discrepancy caused by multiple images with same SHA but different names in reports. - // This is just a temporary woraround until image data model is denormalized. - // TODO(ROX-30117): Revert to using image CVE schema once imageV2 model is rolled out. - return pkgSchema.DeploymentsSchema -} - func selectSchema() *walker.Schema { if features.FlattenCVEData.Enabled() { return pkgSchema.ImageCvesV2Schema diff --git a/central/reports/scheduler/v2/reportgenerator/report_gen_impl_flat_data_model_test.go b/central/reports/scheduler/v2/reportgenerator/report_gen_impl_flat_data_model_test.go index 08584ec7dee03..12c5b3603c67e 100644 --- a/central/reports/scheduler/v2/reportgenerator/report_gen_impl_flat_data_model_test.go +++ b/central/reports/scheduler/v2/reportgenerator/report_gen_impl_flat_data_model_test.go @@ -158,10 +158,9 @@ func (s *NewDataModelEnhancedReportingTestSuite) TestGetReportData() { scopeRules: nil, expected: &vulnReportDataNewDataModel{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", diff --git a/central/reports/scheduler/v2/reportgenerator/report_gen_impl_test.go b/central/reports/scheduler/v2/reportgenerator/report_gen_impl_test.go index 99e3abf2036f7..d4f137e29fa11 100644 --- a/central/reports/scheduler/v2/reportgenerator/report_gen_impl_test.go +++ b/central/reports/scheduler/v2/reportgenerator/report_gen_impl_test.go @@ -167,10 +167,9 @@ func (s *EnhancedReportingTestSuite) TestGetReportData() { scopeRules: nil, expected: &vulnReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", @@ -189,10 +188,9 @@ func (s *EnhancedReportingTestSuite) TestGetReportData() { scopeRules: nil, expected: &vulnReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", @@ -209,11 +207,10 @@ func (s *EnhancedReportingTestSuite) TestGetReportData() { scopeRules: nil, expected: &vulnReportData{ deploymentNames: []string{"c1_ns1_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy"}, + imageNames: []string{"c1_ns1_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp"}, cveNames: []string{ "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", }, }, }, @@ -228,11 +225,10 @@ func (s *EnhancedReportingTestSuite) TestGetReportData() { }, expected: &vulnReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", @@ -301,10 +297,9 @@ func (s *EnhancedReportingTestSuite) TestGetReportData() { }, expected: &vulnReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", @@ -328,11 +323,10 @@ func (s *EnhancedReportingTestSuite) TestGetReportData() { }, expected: &vulnReportData{ deploymentNames: []string{"c1_ns1_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy"}, + imageNames: []string{"c1_ns1_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp"}, cveNames: []string{ "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", }, }, }, diff --git a/central/reports/scheduler/v2/reportgenerator/report_gen_view_based_test.go b/central/reports/scheduler/v2/reportgenerator/report_gen_view_based_test.go index d35039ba7d621..45f204979d1d8 100644 --- a/central/reports/scheduler/v2/reportgenerator/report_gen_view_based_test.go +++ b/central/reports/scheduler/v2/reportgenerator/report_gen_view_based_test.go @@ -123,10 +123,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "SEVERITY:CRITICAL_VULNERABILITY_SEVERITY", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", @@ -141,11 +140,10 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "SEVERITY:CRITICAL_VULNERABILITY_SEVERITY,IMPORTANT_VULNERABILITY_SEVERITY", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", @@ -160,10 +158,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "CVE Severity:CRITICAL_VULNERABILITY_SEVERITY+Fixable:true", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", @@ -178,10 +175,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", @@ -199,9 +195,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "CVE:CVE-fixable_critical-c1_ns1_dep0_img_comp", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy"}, + imageNames: []string{"c1_ns1_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp"}, - cveNames: []string{"CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp"}, + cveNames: []string{"CVE-fixable_critical-c1_ns1_dep0_img_comp"}, }, }, { @@ -209,10 +205,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "CVSS:>=7.0", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", @@ -227,10 +222,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "NVD CVSS:>=8", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", @@ -245,10 +239,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Vulnerability State:OBSERVED", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", @@ -264,12 +257,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Component:c1_ns1_dep0_img_comp", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy"}, + imageNames: []string{"c1_ns1_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp"}, - cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", - }, + cveNames: []string{"CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp"}, }, }, // Test cases for image-related search fields @@ -278,12 +268,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Image:c1_ns1_dep0_img", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy"}, + imageNames: []string{"c1_ns1_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp"}, - cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", - }, + cveNames: []string{"CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp"}, }, }, { @@ -291,10 +278,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Image Registry:docker.io", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", @@ -309,10 +295,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Image Tag:latest", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", @@ -328,10 +313,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Cluster:r/c1", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", }, @@ -342,13 +326,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Namespace:r/ns1", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c2_ns1_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c2_ns1_dep0_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c2_ns1_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c2_ns1_dep0_img_comp"}, - cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", - "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", - }, + cveNames: []string{"CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp"}, }, }, { @@ -356,12 +336,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Deployment:r/c1_ns1_dep0", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy"}, + imageNames: []string{"c1_ns1_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp"}, - cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", - }, + cveNames: []string{"CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp"}, }, }, // Test cases for fixability-related search fields @@ -370,10 +347,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Fixable:false", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", @@ -389,10 +365,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Cluster:c1+Severity:CRITICAL_VULNERABILITY_SEVERITY+Fixable:true", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", }, @@ -404,10 +379,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "EPSS Probability:>=0.0", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", @@ -422,10 +396,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Fixed By:1.1", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", @@ -441,10 +414,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "Component Version:1.0", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", @@ -460,10 +432,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBased() { query: "First Image Occurrence Timestamp:<01/01/2020", expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0", "c2_ns2_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "c2_ns2_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "c2_ns2_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-nonFixable_low-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-nonFixable_low-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", "CVE-nonFixable_low-c2_ns1_dep0_img_comp", @@ -582,10 +553,9 @@ func (s *ViewBasedReportingTestSuite) TestGetReportDataViewBasedAccessScope() { }, expected: &viewBasedReportData{ deploymentNames: []string{"c1_ns1_dep0", "c1_ns2_dep0", "c2_ns1_dep0"}, - imageNames: []string{"c1_ns1_dep0_img", "c1_ns1_dep0_img_copy", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "w0_img", "w1_img"}, + imageNames: []string{"c1_ns1_dep0_img", "c1_ns2_dep0_img", "c2_ns1_dep0_img", "w0_img", "w1_img"}, componentNames: []string{"c1_ns1_dep0_img_comp", "c1_ns2_dep0_img_comp", "c2_ns1_dep0_img_comp", "w0_img_comp", "w1_img_comp"}, cveNames: []string{ - "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns1_dep0_img_comp", "CVE-fixable_critical-c1_ns2_dep0_img_comp", "CVE-fixable_critical-c2_ns1_dep0_img_comp", diff --git a/central/reports/scheduler/v2/reportgenerator/testutils.go b/central/reports/scheduler/v2/reportgenerator/testutils.go index 257f832e9a30b..de94bb1764880 100644 --- a/central/reports/scheduler/v2/reportgenerator/testutils.go +++ b/central/reports/scheduler/v2/reportgenerator/testutils.go @@ -43,19 +43,11 @@ func testDeploymentsWithImages(namespaces []*storage.NamespaceMetadata, numDeplo deployments := make([]*storage.Deployment, 0, capacity) images := make([]*storage.Image, 0, capacity) - for j, namespace := range namespaces { + for _, namespace := range namespaces { for i := 0; i < numDeploymentsPerNamespace; i++ { depName := fmt.Sprintf("%s_%s_dep%d", namespace.ClusterName, namespace.Name, i) image := testImage(depName) - var deployment *storage.Deployment - if j == 0 && i == 0 { - // Add a copy of image with same SHA, components and CVEs, but different name - image2 := image.CloneVT() - image2.Name.FullName = image.Name.FullName + "_copy" - deployment = testDeployment(depName, namespace, image, image2) - } else { - deployment = testDeployment(depName, namespace, image) - } + deployment := testDeployment(depName, namespace, image) deployments = append(deployments, deployment) images = append(images, image) } @@ -63,25 +55,21 @@ func testDeploymentsWithImages(namespaces []*storage.NamespaceMetadata, numDeplo return deployments, images } -func testDeployment(deploymentName string, namespace *storage.NamespaceMetadata, images ...*storage.Image) *storage.Deployment { - dep := &storage.Deployment{ +func testDeployment(deploymentName string, namespace *storage.NamespaceMetadata, image *storage.Image) *storage.Deployment { + return &storage.Deployment{ Name: deploymentName, Id: uuid.NewV4().String(), - ClusterName: namespace.ClusterName, - ClusterId: namespace.ClusterId, - Namespace: namespace.Name, - NamespaceId: namespace.Id, - } - - containers := make([]*storage.Container, 0, len(images)) - for i, image := range images { - containers = append(containers, &storage.Container{ - Name: fmt.Sprintf("%s_container_%d", deploymentName, i), - Image: types2.ToContainerImage(image), - }) + ClusterName: namespace.GetClusterName(), + ClusterId: namespace.GetClusterId(), + Namespace: namespace.GetName(), + NamespaceId: namespace.GetId(), + Containers: []*storage.Container{ + { + Name: fmt.Sprintf("%s_container", deploymentName), + Image: types2.ToContainerImage(image), + }, + }, } - dep.Containers = containers - return dep } func testWatchedImages(numImages int) []*storage.Image { diff --git a/central/risk/manager/manager.go b/central/risk/manager/manager.go index 8fd92551773f8..3638c1a0b5673 100644 --- a/central/risk/manager/manager.go +++ b/central/risk/manager/manager.go @@ -217,8 +217,8 @@ func (e *managerImpl) calculateAndUpsertImageRisk(image *storage.Image) error { } // We want to compute and store risk for image components when image risk is reprocessed. - for _, component := range image.GetScan().GetComponents() { - e.reprocessImageComponentRisk(component, image.GetScan().GetOperatingSystem(), image.GetId()) + for index, component := range image.GetScan().GetComponents() { + e.reprocessImageComponentRisk(component, image.GetScan().GetOperatingSystem(), image.GetId(), index) } image.RiskScore = risk.Score @@ -299,8 +299,8 @@ func (e *managerImpl) calculateAndUpsertImageV2Risk(image *storage.ImageV2) erro } // We want to compute and store risk for image components when image risk is reprocessed. - for _, component := range image.GetScan().GetComponents() { - e.reprocessImageComponentRisk(component, image.GetScan().GetOperatingSystem(), image.GetId()) + for index, component := range image.GetScan().GetComponents() { + e.reprocessImageComponentRisk(component, image.GetScan().GetOperatingSystem(), image.GetId(), index) } image.RiskScore = risk.Score @@ -349,16 +349,22 @@ func (e *managerImpl) skipImageV2Upsert(img *storage.ImageV2) (bool, error) { // reprocessImageComponentRisk will reprocess risk of image components and save the results. // Image Component ID is generated as : -func (e *managerImpl) reprocessImageComponentRisk(imageComponent *storage.EmbeddedImageScanComponent, os string, imageID string) { +func (e *managerImpl) reprocessImageComponentRisk(imageComponent *storage.EmbeddedImageScanComponent, os string, imageID string, componentIndex int) { defer metrics.ObserveRiskProcessingDuration(time.Now(), "ImageComponent") - risk := e.imageComponentScorer.Score(allAccessCtx, scancomponent.NewFromImageComponent(imageComponent), os, imageComponent, imageID) + risk := e.imageComponentScorer.Score(allAccessCtx, scancomponent.NewFromImageComponent(imageComponent), os, imageComponent, imageID, componentIndex) if risk == nil { return } - oldScore := e.imageComponentRanker.GetScoreForID( - scancomponent.ComponentID(imageComponent.GetName(), imageComponent.GetVersion(), os)) + var oldScore float32 + if features.FlattenCVEData.Enabled() { + oldScore = e.imageComponentRanker.GetScoreForID( + scancomponent.ComponentIDV2(imageComponent, imageID, componentIndex)) + } else { + oldScore = e.imageComponentRanker.GetScoreForID( + scancomponent.ComponentID(imageComponent.GetName(), imageComponent.GetVersion(), os)) + } // Image component risk results are currently unused so if the score is the same then no need to upsert if risk.GetScore() == oldScore { diff --git a/central/risk/scorer/component/image/scorer_test.go b/central/risk/scorer/component/image/scorer_test.go index 4ec969c5c5655..cc89914991fba 100644 --- a/central/risk/scorer/component/image/scorer_test.go +++ b/central/risk/scorer/component/image/scorer_test.go @@ -36,7 +36,7 @@ func TestScore(t *testing.T) { }, } - actualRisk := scorer.Score(ctx, scancomponent.NewFromImageComponent(imageComponent), "", imageComponent, pkgScorer.GetMockImage().GetId()) + actualRisk := scorer.Score(ctx, scancomponent.NewFromImageComponent(imageComponent), "", imageComponent, pkgScorer.GetMockImage().GetId(), 0) protoassert.SlicesEqual(t, expectedRiskResults, actualRisk.GetResults()) assert.InDelta(t, expectedRiskScore, actualRisk.GetScore(), 0.0001) diff --git a/central/risk/scorer/component/image_scorer.go b/central/risk/scorer/component/image_scorer.go index 2ef2be40d81e6..2c5216b2ad447 100644 --- a/central/risk/scorer/component/image_scorer.go +++ b/central/risk/scorer/component/image_scorer.go @@ -12,7 +12,7 @@ import ( // Scorer is the object that encompasses the multipliers for evaluating component risk type ImageScorer interface { - Score(ctx context.Context, component scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string) *storage.Risk + Score(ctx context.Context, component scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string, index int) *storage.Risk } // NewComponentScorer returns a new scorer that encompasses multipliers for evaluating component risk @@ -31,7 +31,7 @@ type componentImageScorerImpl struct { } // Score takes a component and evaluates its risk -func (s *componentImageScorerImpl) Score(ctx context.Context, scanComponent scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string) *storage.Risk { +func (s *componentImageScorerImpl) Score(ctx context.Context, scanComponent scancomponent.ScanComponent, os string, imageComponent *storage.EmbeddedImageScanComponent, imageID string, index int) *storage.Risk { riskResults := make([]*storage.Risk_Result, 0, len(s.ConfiguredMultipliers)) overallScore := float32(1.0) for _, mult := range s.ConfiguredMultipliers { @@ -47,11 +47,7 @@ func (s *componentImageScorerImpl) Score(ctx context.Context, scanComponent scan var componentID string var err error if features.FlattenCVEData.Enabled() { - componentID, err = scancomponent.ComponentIDV2(imageComponent, imageID) - if err != nil { - log.Errorf("Unable to score %s: %v", scanComponent.GetName(), err) - return nil - } + componentID = scancomponent.ComponentIDV2(imageComponent, imageID, index) } else { componentID = scancomponent.ComponentID(scanComponent.GetName(), scanComponent.GetVersion(), os) } diff --git a/central/scannerdefinitions/handler/updatertype_string.go b/central/scannerdefinitions/handler/updatertype_string.go index 7c3e69f7a0f23..82ec4cdeb60a0 100644 --- a/central/scannerdefinitions/handler/updatertype_string.go +++ b/central/scannerdefinitions/handler/updatertype_string.go @@ -18,8 +18,9 @@ const _updaterType_name = "mappingUpdaterTypevulnerabilityUpdaterTypev2UpdaterTy var _updaterType_index = [...]uint8{0, 18, 42, 55} func (i updaterType) String() string { - if i < 0 || i >= updaterType(len(_updaterType_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_updaterType_index)-1 { return "updaterType(" + strconv.FormatInt(int64(i), 10) + ")" } - return _updaterType_name[_updaterType_index[i]:_updaterType_index[i+1]] + return _updaterType_name[_updaterType_index[idx]:_updaterType_index[idx+1]] } diff --git a/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go b/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go index c149a369719a6..6952800e477c7 100644 --- a/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go +++ b/central/sensor/service/pipeline/nodeindex/three_pipelines_test.go @@ -608,7 +608,7 @@ func (m *mockComponentScorer) Score(_ context.Context, _ scancomponent.ScanCompo type mockImageComponentScorer struct{} -func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string) *storage.Risk { +func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string, _ int) *storage.Risk { return getDummyRisk() } diff --git a/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go b/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go index 39b1b2445c47e..d6c795ae9e5ab 100644 --- a/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go +++ b/central/sensor/service/pipeline/nodeinventory/two_pipelines_test.go @@ -390,7 +390,7 @@ func (m *mockComponentScorer) Score(_ context.Context, _ scancomponent.ScanCompo type mockImageComponentScorer struct{} -func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string) *storage.Risk { +func (m *mockImageComponentScorer) Score(_ context.Context, _ scancomponent.ScanComponent, _ string, _ *storage.EmbeddedImageScanComponent, _ string, _ int) *storage.Risk { return getDummyRisk() } diff --git a/central/sensorupgradeconfig/datastore/internal/store/postgres/store.go b/central/sensorupgradeconfig/datastore/internal/store/postgres/store.go index 5f2b0aa64e70c..4b04bfabe22ca 100644 --- a/central/sensorupgradeconfig/datastore/internal/store/postgres/store.go +++ b/central/sensorupgradeconfig/datastore/internal/store/postgres/store.go @@ -5,6 +5,7 @@ import ( "context" "time" + "github.com/pkg/errors" "github.com/stackrox/rox/central/metrics" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/logging" @@ -83,31 +84,26 @@ func (s *storeImpl) Upsert(ctx context.Context, obj *storage.SensorUpgradeConfig } func (s *storeImpl) retryableUpsert(ctx context.Context, obj *storage.SensorUpgradeConfig) error { - conn, release, err := s.acquireConn(ctx, ops.Get, "SensorUpgradeConfig") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if _, err := tx.Exec(ctx, deleteStmt); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from sensor_upgrade_configs") } if err := insertIntoSensorUpgradeConfigs(ctx, tx, obj); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err - } - if err := tx.Commit(ctx); err != nil { - return err + return errors.Wrap(err, "inserting into sensor_upgrade_configs") } - return nil + + return tx.Commit(ctx) } // Get returns the object, if it exists from the store. @@ -125,13 +121,7 @@ func (s *storeImpl) Get(ctx context.Context) (*storage.SensorUpgradeConfig, bool } func (s *storeImpl) retryableGet(ctx context.Context) (*storage.SensorUpgradeConfig, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "SensorUpgradeConfig") - if err != nil { - return nil, false, err - } - defer release() - - row := conn.QueryRow(ctx, getStmt) + row := s.db.QueryRow(ctx, getStmt) var data []byte if err := row.Scan(&data); err != nil { return nil, false, pgutils.ErrNilIfNoRows(err) @@ -144,13 +134,8 @@ func (s *storeImpl) retryableGet(ctx context.Context) (*storage.SensorUpgradeCon return &msg, true, nil } -func (s *storeImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } // Delete removes the singleton from the store @@ -168,16 +153,18 @@ func (s *storeImpl) Delete(ctx context.Context) error { } func (s *storeImpl) retryableDelete(ctx context.Context) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "SensorUpgradeConfig") + tx, ctx, err := s.begin(ctx) if err != nil { return err } - defer release() - if _, err := conn.Exec(ctx, deleteStmt); err != nil { - return err + if _, err := tx.Exec(ctx, deleteStmt); err != nil { + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from sensor_upgrade_configs") } - return nil + return tx.Commit(ctx) } // Used for Testing diff --git a/central/sensorupgradeconfig/datastore/internal/store/postgres/store_test.go b/central/sensorupgradeconfig/datastore/internal/store/postgres/store_test.go index c46a8c3535c4c..0a469f5891d48 100644 --- a/central/sensorupgradeconfig/datastore/internal/store/postgres/store_test.go +++ b/central/sensorupgradeconfig/datastore/internal/store/postgres/store_test.go @@ -9,6 +9,7 @@ import ( "testing" "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/postgres" "github.com/stackrox/rox/pkg/postgres/pgtest" "github.com/stackrox/rox/pkg/protoassert" "github.com/stackrox/rox/pkg/sac" @@ -78,3 +79,25 @@ func (s *SensorUpgradeConfigsStoreSuite) TestStore() { s.True(exists) protoassert.Equal(s.T(), sensorUpgradeConfig, foundSensorUpgradeConfig) } + +func (s *SensorUpgradeConfigsStoreSuite) TestGetWithTransactionContext() { + ctx := sac.WithAllAccess(context.Background()) + store := s.store + + sensorUpgradeConfig := &storage.SensorUpgradeConfig{} + s.NoError(testutils.FullInit(sensorUpgradeConfig, testutils.SimpleInitializer(), testutils.JSONFieldsFilter)) + s.NoError(store.Upsert(ctx, sensorUpgradeConfig)) + + // Create explicit transaction + tx, err := s.testDB.DB.Begin(ctx) + s.NoError(err) + defer tx.Rollback(ctx) + + // Pass transaction context to Get + txCtx := postgres.ContextWithTx(ctx, tx) + retrieved, exists, err := store.Get(txCtx) + + s.NoError(err) + s.True(exists) + protoassert.Equal(s.T(), sensorUpgradeConfig, retrieved) +} diff --git a/central/systeminfo/store/postgres/store.go b/central/systeminfo/store/postgres/store.go index bac4e362f2b10..5d81d97d7917a 100644 --- a/central/systeminfo/store/postgres/store.go +++ b/central/systeminfo/store/postgres/store.go @@ -2,12 +2,10 @@ package postgres import ( "context" - "time" - "github.com/stackrox/rox/central/metrics" + "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/errox" - ops "github.com/stackrox/rox/pkg/metrics" "github.com/stackrox/rox/pkg/postgres" "github.com/stackrox/rox/pkg/postgres/pgutils" pkgSchema "github.com/stackrox/rox/pkg/postgres/schema" @@ -69,13 +67,7 @@ func (s *storeImpl) get(ctx context.Context) (*storage.SystemInfo, bool, error) return nil, false, errox.NotAuthorized } - conn, release, err := s.acquireConn(ctx, ops.Get, "SystemInfo") - if err != nil { - return nil, false, err - } - defer release() - - row := conn.QueryRow(ctx, getStmt) + row := s.db.QueryRow(ctx, getStmt) var data []byte if err := row.Scan(&data); err != nil { return nil, false, pgutils.ErrNilIfNoRows(err) @@ -93,31 +85,25 @@ func (s *storeImpl) retryableUpsert(ctx context.Context, obj *storage.SystemInfo return err } - conn, release, err := s.acquireConn(ctx, ops.Get, "Version") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if _, err := tx.Exec(ctx, deleteStmt); err != nil { + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } return err } if err := insert(ctx, tx, obj); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } return err } - if err := tx.Commit(ctx); err != nil { - return err - } - return nil + return tx.Commit(ctx) } func (s *storeImpl) retryableDelete(ctx context.Context) error { @@ -126,25 +112,12 @@ func (s *storeImpl) retryableDelete(ctx context.Context) error { return sac.ErrResourceAccessDenied } - conn, release, err := s.acquireConn(ctx, ops.Remove, "SystemInfo") - if err != nil { - return err - } - defer release() - - if _, err := conn.Exec(ctx, deleteStmt); err != nil { - return err - } - return nil + _, err := s.db.Exec(ctx, deleteStmt) + return err } -func (s *storeImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } func insert(ctx context.Context, tx *postgres.Tx, obj *storage.SystemInfo) error { diff --git a/central/version/postgres/store.go b/central/version/postgres/store.go index c16b2b49338cb..8fc301c9f5189 100644 --- a/central/version/postgres/store.go +++ b/central/version/postgres/store.go @@ -4,8 +4,8 @@ import ( "context" "time" + "github.com/pkg/errors" "github.com/stackrox/rox/generated/storage" - ops "github.com/stackrox/rox/pkg/metrics" "github.com/stackrox/rox/pkg/postgres" "github.com/stackrox/rox/pkg/postgres/pgutils" "github.com/stackrox/rox/pkg/protocompat" @@ -70,31 +70,26 @@ func (s *storeImpl) retryableUpsert(ctx context.Context, obj *storage.Version) e return sac.ErrResourceAccessDenied } - conn, release, err := s.acquireConn(ctx, ops.Get, "Version") - if err != nil { - return err - } - defer release() - - tx, err := conn.Begin(ctx) + tx, ctx, err := s.begin(ctx) if err != nil { return err } if _, err := tx.Exec(ctx, deleteStmt); err != nil { + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } return err } if err := insertIntoVersions(ctx, tx, obj); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } return err } - if err := tx.Commit(ctx); err != nil { - return err - } - return nil + + return tx.Commit(ctx) } // Get returns the object, if it exists from the store @@ -110,13 +105,7 @@ func (s *storeImpl) retryableGet(ctx context.Context) (*storage.Version, bool, e return nil, false, nil } - conn, release, err := s.acquireConn(ctx, ops.Get, "Version") - if err != nil { - return nil, false, err - } - defer release() - - row := conn.QueryRow(ctx, getStmt) + row := s.db.QueryRow(ctx, getStmt) var sequenceNum int var version string var minSequenceNum int @@ -154,13 +143,7 @@ func (s *storeImpl) retryableGetPrevious(ctx context.Context) (*storage.Version, return nil, false, nil } - conn, release, err := s.acquireConn(ctx, ops.Get, "Version") - if err != nil { - return nil, false, err - } - defer release() - - row := conn.QueryRow(ctx, getPreviousStmt) + row := s.db.QueryRow(ctx, getPreviousStmt) var data []byte if err := row.Scan(&data); err != nil { return nil, false, pgutils.ErrNilIfNoRows(err) @@ -173,12 +156,8 @@ func (s *storeImpl) retryableGetPrevious(ctx context.Context) (*storage.Version, return &msg, true, nil } -func (s *storeImpl) acquireConn(ctx context.Context, _ ops.Op, _ string) (*postgres.Conn, func(), error) { - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } // Delete removes the specified ID from the store @@ -194,16 +173,18 @@ func (s *storeImpl) retryableDelete(ctx context.Context) error { return sac.ErrResourceAccessDenied } - conn, release, err := s.acquireConn(ctx, ops.Remove, "Version") + tx, ctx, err := s.begin(ctx) if err != nil { return err } - defer release() - if _, err := conn.Exec(ctx, deleteStmt); err != nil { + if _, err := tx.Exec(ctx, deleteStmt); err != nil { + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } return err } - return nil + return tx.Commit(ctx) } // Used for Testing diff --git a/central/views/imagecveflat/view_test.go b/central/views/imagecveflat/view_test.go index c7b4c2fa6e532..ba7b9aac600c3 100644 --- a/central/views/imagecveflat/view_test.go +++ b/central/views/imagecveflat/view_test.go @@ -525,7 +525,7 @@ func (s *ImageCVEFlatViewTestSuite) testCases() []testCase { Source: storage.SourceType_OS, Location: "", Architecture: "", - }, "sha256:05dd8ed5c76ad3c9f06481770828cf17b8c89f1e406c91d548426dd70fe94560"))}, + }, "sha256:05dd8ed5c76ad3c9f06481770828cf17b8c89f1e406c91d548426dd70fe94560", 0), 0)}, Level: v1.SearchCategory_IMAGE_VULNERABILITIES, }, }), @@ -904,16 +904,12 @@ func standardizeImages(images ...*storage.Image) { } } -func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string) string { - id, _ := scancomponent.ComponentIDV2(testComponent, imageID) - - return id +func getTestComponentID(testComponent *storage.EmbeddedImageScanComponent, imageID string, index int) string { + return scancomponent.ComponentIDV2(testComponent, imageID, index) } -func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string) string { - id, _ := cve.IDV2(testCVE, componentID) - - return id +func getTestCVEID(testCVE *storage.EmbeddedVulnerability, componentID string, index int) string { + return cve.IDV2(testCVE, componentID, index) } func getTestCVE() *storage.EmbeddedVulnerability { diff --git a/compliance/virtualmachines/agent/README.md b/compliance/virtualmachines/roxagent/README.md similarity index 90% rename from compliance/virtualmachines/agent/README.md rename to compliance/virtualmachines/roxagent/README.md index 49c4af93fd2ca..356c6a419f593 100644 --- a/compliance/virtualmachines/agent/README.md +++ b/compliance/virtualmachines/roxagent/README.md @@ -12,13 +12,13 @@ Scans the VM for installed packages (`rpm`/`dnf` databases), creates vulnerabili ```bash # Single scan -sudo ./agent +sudo ./roxagent # Daemon mode (scans every 5 minutes) -sudo ./agent --daemon +sudo ./roxagent --daemon # Custom settings -sudo ./agent --daemon --index-interval 10m --host-path /custom/path --port 2048 +sudo ./roxagent --daemon --index-interval 10m --host-path /custom/path --port 2048 ``` ## Flags @@ -43,10 +43,10 @@ The host receives these reports and forwards them to StackRox Central for vulner ## Building ```bash -go build -o agent . +go build -o roxagent . # For Linux VMs -GOOS=linux GOARCH=amd64 go build -o agent-linux . +GOOS=linux GOARCH=amd64 go build -o roxagent-linux . ``` ## Troubleshooting diff --git a/compliance/virtualmachines/agent/cmd/cmd.go b/compliance/virtualmachines/roxagent/cmd/cmd.go similarity index 89% rename from compliance/virtualmachines/agent/cmd/cmd.go rename to compliance/virtualmachines/roxagent/cmd/cmd.go index 89ed41586a1c2..310337c16a34e 100644 --- a/compliance/virtualmachines/agent/cmd/cmd.go +++ b/compliance/virtualmachines/roxagent/cmd/cmd.go @@ -5,9 +5,9 @@ import ( "time" "github.com/spf13/cobra" - "github.com/stackrox/rox/compliance/virtualmachines/agent/common" - "github.com/stackrox/rox/compliance/virtualmachines/agent/index" - "github.com/stackrox/rox/compliance/virtualmachines/agent/vsock" + "github.com/stackrox/rox/compliance/virtualmachines/roxagent/common" + "github.com/stackrox/rox/compliance/virtualmachines/roxagent/index" + "github.com/stackrox/rox/compliance/virtualmachines/roxagent/vsock" "github.com/stackrox/rox/pkg/logging" ) diff --git a/compliance/virtualmachines/agent/common/config.go b/compliance/virtualmachines/roxagent/common/config.go similarity index 100% rename from compliance/virtualmachines/agent/common/config.go rename to compliance/virtualmachines/roxagent/common/config.go diff --git a/compliance/virtualmachines/agent/index/index.go b/compliance/virtualmachines/roxagent/index/index.go similarity index 94% rename from compliance/virtualmachines/agent/index/index.go rename to compliance/virtualmachines/roxagent/index/index.go index e10cfd97ca910..1dedd4d1a0d9e 100644 --- a/compliance/virtualmachines/agent/index/index.go +++ b/compliance/virtualmachines/roxagent/index/index.go @@ -7,8 +7,8 @@ import ( "time" "github.com/stackrox/rox/compliance/node/index" - "github.com/stackrox/rox/compliance/virtualmachines/agent/common" - "github.com/stackrox/rox/compliance/virtualmachines/agent/vsock" + "github.com/stackrox/rox/compliance/virtualmachines/roxagent/common" + "github.com/stackrox/rox/compliance/virtualmachines/roxagent/vsock" v4 "github.com/stackrox/rox/generated/internalapi/scanner/v4" "github.com/stackrox/rox/pkg/httputil/proxy" "github.com/stackrox/rox/pkg/jsonutil" diff --git a/compliance/virtualmachines/agent/main.go b/compliance/virtualmachines/roxagent/main.go similarity index 91% rename from compliance/virtualmachines/agent/main.go rename to compliance/virtualmachines/roxagent/main.go index bc600dce408f2..cfb3b3c859242 100644 --- a/compliance/virtualmachines/agent/main.go +++ b/compliance/virtualmachines/roxagent/main.go @@ -6,7 +6,7 @@ import ( "os/signal" "syscall" - "github.com/stackrox/rox/compliance/virtualmachines/agent/cmd" + "github.com/stackrox/rox/compliance/virtualmachines/roxagent/cmd" "github.com/stackrox/rox/pkg/logging" ) diff --git a/compliance/virtualmachines/agent/vsock/client.go b/compliance/virtualmachines/roxagent/vsock/client.go similarity index 100% rename from compliance/virtualmachines/agent/vsock/client.go rename to compliance/virtualmachines/roxagent/vsock/client.go diff --git a/compliance/virtualmachines/agent/vsock/client_test.go b/compliance/virtualmachines/roxagent/vsock/client_test.go similarity index 100% rename from compliance/virtualmachines/agent/vsock/client_test.go rename to compliance/virtualmachines/roxagent/vsock/client_test.go diff --git a/config-controller/Makefile b/config-controller/Makefile index 0934bac044984..936f9edf1f648 100644 --- a/config-controller/Makefile +++ b/config-controller/Makefile @@ -152,50 +152,20 @@ undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/. $(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - ##@ Dependencies - -## Location to install dependencies to -LOCALBIN ?= $(shell pwd)/bin -$(LOCALBIN): - mkdir -p $(LOCALBIN) +PROJECT_DIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) +include $(PROJECT_DIR)/../make/gotools.mk ## Tool Binaries KUBECTL ?= kubectl -KUSTOMIZE ?= $(LOCALBIN)/kustomize -CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen -ENVTEST ?= $(LOCALBIN)/setup-envtest - -## Tool Versions -KUSTOMIZE_VERSION ?= v5.4.2 -CONTROLLER_TOOLS_VERSION ?= v0.15.0 -ENVTEST_VERSION ?= release-0.18 +$(call go-tool, KUSTOMIZE, sigs.k8s.io/kustomize/kustomize/v5, $(PROJECT_DIR)/../operator/tools/kustomize) +$(call go-tool, CONTROLLER_GEN, sigs.k8s.io/controller-tools/cmd/controller-gen, $(PROJECT_DIR)/../operator/tools/controller-gen) +$(call go-tool, ENVTEST, sigs.k8s.io/controller-runtime/tools/setup-envtest, $(PROJECT_DIR)/../operator/tools/envtest) .PHONY: kustomize kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. -$(KUSTOMIZE): $(LOCALBIN) - $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. -$(CONTROLLER_GEN): $(LOCALBIN) - $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) .PHONY: envtest -envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. -$(ENVTEST): $(LOCALBIN) - $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) - -# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist -# $1 - target path with name of binary -# $2 - package url which can be installed -# $3 - specific version of package -define go-install-tool -@[ -f "$(1)-$(3)" ] || { \ -set -e; \ -package=$(2)@$(3) ;\ -echo "Downloading $${package}" ;\ -rm -f $(1) || true ;\ -GOBIN=$(LOCALBIN) go install $${package} ;\ -mv $(1) $(1)-$(3) ;\ -} ;\ -ln -sf $(1)-$(3) $(1) -endef +envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. diff --git a/config-controller/config/crd/bases/config.stackrox.io_securitypolicies.yaml b/config-controller/config/crd/bases/config.stackrox.io_securitypolicies.yaml index 99c74ca97ddd2..27c4522eedda1 100644 --- a/config-controller/config/crd/bases/config.stackrox.io_securitypolicies.yaml +++ b/config-controller/config/crd/bases/config.stackrox.io_securitypolicies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.19.0 name: securitypolicies.config.stackrox.io spec: group: config.stackrox.io diff --git a/generated/storage/vulnerability.pb.go b/generated/storage/vulnerability.pb.go index cebd0f1a8ef7d..8ad91ac3a0f3f 100644 --- a/generated/storage/vulnerability.pb.go +++ b/generated/storage/vulnerability.pb.go @@ -148,15 +148,15 @@ type EmbeddedVulnerability struct { // For internal purposes only. VulnerabilityType EmbeddedVulnerability_VulnerabilityType `protobuf:"varint,11,opt,name=vulnerability_type,json=vulnerabilityType,proto3,enum=storage.EmbeddedVulnerability_VulnerabilityType" json:"vulnerability_type,omitempty"` VulnerabilityTypes []EmbeddedVulnerability_VulnerabilityType `protobuf:"varint,18,rep,packed,name=vulnerability_types,json=vulnerabilityTypes,proto3,enum=storage.EmbeddedVulnerability_VulnerabilityType" json:"vulnerability_types,omitempty" hash:"ignore"` // @gotags: hash:"ignore" - Suppressed bool `protobuf:"varint,12,opt,name=suppressed,proto3" json:"suppressed,omitempty" search:"CVE Snoozed" hash:"ignore"` // @gotags: search:"CVE Snoozed" hash:"ignore" - SuppressActivation *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=suppress_activation,json=suppressActivation,proto3" json:"suppress_activation,omitempty" hash:"ignore"` // @gotags: hash:"ignore" - SuppressExpiry *timestamppb.Timestamp `protobuf:"bytes,14,opt,name=suppress_expiry,json=suppressExpiry,proto3" json:"suppress_expiry,omitempty" hash:"ignore"` // @gotags: hash:"ignore" + Suppressed bool `protobuf:"varint,12,opt,name=suppressed,proto3" json:"suppressed,omitempty" search:"CVE Snoozed"` // @gotags: search:"CVE Snoozed" + SuppressActivation *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=suppress_activation,json=suppressActivation,proto3" json:"suppress_activation,omitempty"` + SuppressExpiry *timestamppb.Timestamp `protobuf:"bytes,14,opt,name=suppress_expiry,json=suppressExpiry,proto3" json:"suppress_expiry,omitempty"` // Time when the CVE was first seen, for this specific distro, in the system. FirstSystemOccurrence *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=first_system_occurrence,json=firstSystemOccurrence,proto3" json:"first_system_occurrence,omitempty" policy:"First System Occurrence Timestamp" hash:"ignore"` // @gotags: policy:"First System Occurrence Timestamp" hash:"ignore" // Time when the CVE was first seen in this image. FirstImageOccurrence *timestamppb.Timestamp `protobuf:"bytes,16,opt,name=first_image_occurrence,json=firstImageOccurrence,proto3" json:"first_image_occurrence,omitempty" policy:"First Image Occurrence Timestamp" hash:"ignore"` // @gotags: policy:"First Image Occurrence Timestamp" hash:"ignore" Severity VulnerabilitySeverity `protobuf:"varint,19,opt,name=severity,proto3,enum=storage.VulnerabilitySeverity" json:"severity,omitempty" policy:"Severity"` // @gotags: policy:"Severity" - State VulnerabilityState `protobuf:"varint,20,opt,name=state,proto3,enum=storage.VulnerabilityState" json:"state,omitempty" search:"Vulnerability State" hash:"ignore"` // @gotags: search:"Vulnerability State" hash:"ignore" + State VulnerabilityState `protobuf:"varint,20,opt,name=state,proto3,enum=storage.VulnerabilityState" json:"state,omitempty" search:"Vulnerability State"` // @gotags: search:"Vulnerability State" // cvss_metrics stores list of cvss scores from different sources like nvd, Redhat etc CvssMetrics []*CVSSScore `protobuf:"bytes,21,rep,name=cvss_metrics,json=cvssMetrics,proto3" json:"cvss_metrics,omitempty"` NvdCvss float32 `protobuf:"fixed32,22,opt,name=nvd_cvss,json=nvdCvss,proto3" json:"nvd_cvss,omitempty" search:"NVD CVSS,store"` // @gotags: search:"NVD CVSS,store" diff --git a/go.mod b/go.mod index 757a7f2a9e33c..5d94705ee0a37 100644 --- a/go.mod +++ b/go.mod @@ -1,17 +1,17 @@ module github.com/stackrox/rox -go 1.24.0 +go 1.25.0 require ( cloud.google.com/go/artifactregistry v1.17.2 cloud.google.com/go/compute/metadata v0.9.0 cloud.google.com/go/containeranalysis v0.14.2 cloud.google.com/go/securitycenter v1.38.1 - cloud.google.com/go/storage v1.57.0 + cloud.google.com/go/storage v1.57.1 dario.cat/mergo v1.0.2 github.com/Azure/azure-sdk-for-go-extensions v0.2.0 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry v0.2.3 github.com/Azure/azure-sdk-for-go/sdk/monitor/ingestion/azlogs v1.1.0 github.com/BurntSushi/toml v1.5.0 @@ -25,22 +25,22 @@ require ( github.com/VividCortex/ewma v1.2.0 github.com/adhocore/gronx v1.19.6 github.com/andygrunwald/go-jira v1.17.0 - github.com/aws/aws-sdk-go-v2 v1.39.2 - github.com/aws/aws-sdk-go-v2/config v1.31.12 - github.com/aws/aws-sdk-go-v2/credentials v1.18.16 - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9 + github.com/aws/aws-sdk-go-v2 v1.40.0 + github.com/aws/aws-sdk-go-v2/config v1.32.2 + github.com/aws/aws-sdk-go-v2/credentials v1.19.2 + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.12 - github.com/aws/aws-sdk-go-v2/service/ecr v1.50.5 + github.com/aws/aws-sdk-go-v2/service/ecr v1.51.2 github.com/aws/aws-sdk-go-v2/service/s3 v1.88.4 github.com/aws/aws-sdk-go-v2/service/securityhub v1.64.4 - github.com/aws/aws-sdk-go-v2/service/sts v1.38.6 - github.com/aws/smithy-go v1.23.0 + github.com/aws/aws-sdk-go-v2/service/sts v1.41.2 + github.com/aws/smithy-go v1.24.0 github.com/cenkalti/backoff/v3 v3.2.2 github.com/cenkalti/backoff/v4 v4.3.0 github.com/cloudflare/cfssl v1.6.5 github.com/cockroachdb/pebble/v2 v2.1.0 github.com/containers/image/v5 v5.36.2 - github.com/coreos/go-oidc/v3 v3.16.0 + github.com/coreos/go-oidc/v3 v3.17.0 github.com/coreos/go-systemd/v22 v22.6.0 github.com/dave/jennifer v1.7.1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc @@ -58,14 +58,14 @@ require ( github.com/google/certificate-transparency-go v1.3.2 github.com/google/gnostic-models v0.7.0 github.com/google/go-cmp v0.7.0 - github.com/google/go-containerregistry v0.20.6 + github.com/google/go-containerregistry v0.20.7 github.com/google/go-github/v60 v60.0.0 github.com/google/uuid v1.6.0 github.com/googleapis/gax-go/v2 v2.15.0 github.com/gorilla/schema v1.4.1 github.com/grafana/pyroscope-go v1.2.7 github.com/graph-gophers/graphql-go v1.5.0 - github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.2.0 + github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 github.com/hashicorp/go-multierror v1.1.1 @@ -78,7 +78,7 @@ require ( github.com/jackc/pgx/v5 v5.7.6 github.com/jeremywohl/flatten v1.0.1 github.com/joshdk/go-junit v1.0.0 - github.com/klauspost/compress v1.18.0 + github.com/klauspost/compress v1.18.1 github.com/lib/pq v1.10.9 github.com/machinebox/graphql v0.2.2 github.com/mailru/easyjson v0.9.1 @@ -95,8 +95,8 @@ require ( github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.1 github.com/openshift-online/ocm-sdk-go v0.1.478 - github.com/openshift/api v0.0.0-20250320115527-3aa9dd5b9002 - github.com/openshift/client-go v0.0.0-20250324153519-f0faeb0f2f2e + github.com/openshift/api v0.0.0-20251015095338-264e80a2b6e7 + github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 github.com/openshift/runtime-utils v0.0.0-20230921210328-7bdb5b9c177b github.com/operator-framework/helm-operator-plugins v0.0.0-00010101000000-000000000000 github.com/owenrumney/go-sarif/v2 v2.3.3 @@ -106,7 +106,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 github.com/prometheus/client_golang v1.23.2 github.com/prometheus/client_model v0.6.2 - github.com/prometheus/common v0.67.1 + github.com/prometheus/common v0.67.4 github.com/quay/claircore v1.5.44 github.com/quay/claircore/toolkit v1.2.5-0.20250120211107-bea8a6c197b2 github.com/quay/zlog v1.1.9 @@ -116,11 +116,11 @@ require ( github.com/russellhaering/goxmldsig v1.5.0 github.com/segmentio/analytics-go/v3 v3.3.0 github.com/sergi/go-diff v1.4.0 - github.com/sigstore/cosign/v2 v2.5.2 - github.com/sigstore/rekor v1.4.2 - github.com/sigstore/sigstore v1.9.5 + github.com/sigstore/cosign/v3 v3.0.3 + github.com/sigstore/rekor v1.4.3 + github.com/sigstore/sigstore v1.10.0 github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 - github.com/spf13/cobra v1.10.1 + github.com/spf13/cobra v1.10.2 github.com/spf13/pflag v1.0.10 github.com/spf13/viper v1.21.0 github.com/stackrox/external-network-pusher v0.0.0-20231115153210-b82d72f500a2 @@ -136,24 +136,24 @@ require ( go.uber.org/atomic v1.11.0 go.uber.org/goleak v1.3.0 go.uber.org/mock v0.6.0 - go.uber.org/zap v1.27.0 + go.uber.org/zap v1.27.1 go.yaml.in/yaml/v3 v3.0.4 - golang.org/x/crypto v0.43.0 - golang.org/x/mod v0.29.0 - golang.org/x/net v0.46.0 - golang.org/x/oauth2 v0.31.0 - golang.org/x/sync v0.17.0 - golang.org/x/sys v0.37.0 - golang.org/x/term v0.36.0 - golang.org/x/text v0.30.0 + golang.org/x/crypto v0.45.0 + golang.org/x/mod v0.30.0 + golang.org/x/net v0.47.0 + golang.org/x/oauth2 v0.33.0 + golang.org/x/sync v0.18.0 + golang.org/x/sys v0.38.0 + golang.org/x/term v0.37.0 + golang.org/x/text v0.31.0 golang.org/x/time v0.14.0 - golang.org/x/tools v0.37.0 + golang.org/x/tools v0.39.0 golang.stackrox.io/grpc-http1 v0.5.1 - google.golang.org/api v0.252.0 - google.golang.org/genproto v0.0.0-20250603155806-513f23925822 - google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4 - google.golang.org/grpc v1.76.0 - google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20 + google.golang.org/api v0.256.0 + google.golang.org/genproto v0.0.0-20250922171735-9219d122eba9 + google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 + google.golang.org/grpc v1.77.0 + google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 google.golang.org/protobuf v1.36.10 gopkg.in/mcuadros/go-syslog.v2 v2.3.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 @@ -161,15 +161,15 @@ require ( gorm.io/driver/postgres v1.6.0 gorm.io/gorm v1.31.0 helm.sh/helm/v3 v3.18.6 - k8s.io/api v0.33.5 + k8s.io/api v0.34.2 k8s.io/apiextensions-apiserver v0.33.5 - k8s.io/apimachinery v0.33.5 + k8s.io/apimachinery v0.34.2 k8s.io/apiserver v0.33.5 k8s.io/cli-runtime v0.33.5 - k8s.io/client-go v0.33.5 + k8s.io/client-go v0.34.2 k8s.io/kubectl v0.33.5 k8s.io/kubelet v0.32.9 - k8s.io/utils v0.0.0-20241210054802-24370beab758 + k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d kubevirt.io/api v1.6.2 sigs.k8s.io/controller-runtime v0.21.0 sigs.k8s.io/controller-tools v0.18.0 @@ -178,11 +178,11 @@ require ( ) require ( - cel.dev/expr v0.24.0 // indirect + cel.dev/expr v0.25.1 // indirect cloud.google.com/go v0.121.6 // indirect cloud.google.com/go/auth v0.17.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect - cloud.google.com/go/iam v1.5.2 // indirect + cloud.google.com/go/iam v1.5.3 // indirect cloud.google.com/go/longrunning v0.6.7 // indirect cloud.google.com/go/monitoring v1.24.2 // indirect github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.14.0 // indirect @@ -197,11 +197,11 @@ require ( github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect github.com/DataDog/zstd v1.5.7 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 // indirect - github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.54.0 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.54.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.4.0 // indirect @@ -225,21 +225,22 @@ require ( github.com/aliyun/credentials-go v1.3.2 // indirect github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect github.com/andybalholm/brotli v1.1.0 // indirect - github.com/antlr4-go/antlr/v4 v4.13.0 // indirect + github.com/antlr4-go/antlr/v4 v4.13.1 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.9 // indirect - github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.31.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.29.6 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1 // indirect - github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.9.1 // indirect + github.com/aws/aws-sdk-go-v2/service/signin v1.0.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.30.5 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10 // indirect + github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.11.0 // indirect github.com/aymerick/douceur v0.2.0 // indirect github.com/beevik/etree v1.5.0 // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -247,13 +248,13 @@ require ( github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect - github.com/cenkalti/backoff/v5 v5.0.2 // indirect + github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/cloudflare/circl v1.6.1 // indirect - github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect + github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f // indirect github.com/cockroachdb/crlib v0.0.0-20250617202621-0794c595bbe6 // indirect github.com/cockroachdb/errors v1.12.0 // indirect github.com/cockroachdb/logtags v0.0.0-20241215232642-bb51bb14a506 // indirect @@ -262,11 +263,11 @@ require ( github.com/cockroachdb/tokenbucket v0.0.0-20250429170803-42689b6311bb // indirect github.com/coder/websocket v1.8.14 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect - github.com/containerd/containerd v1.7.27 // indirect + github.com/containerd/containerd v1.7.29 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.18.1 // indirect github.com/containers/storage v1.59.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect @@ -274,16 +275,16 @@ require ( github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/docker/cli v28.3.2+incompatible // indirect - github.com/docker/docker-credential-helpers v0.9.3 // indirect + github.com/docker/cli v29.0.3+incompatible // indirect + github.com/docker/docker-credential-helpers v0.9.4 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect github.com/doug-martin/goqu/v8 v8.6.0 // indirect github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect github.com/dustin/go-humanize v1.0.1 // indirect - github.com/emicklei/go-restful/v3 v3.12.1 // indirect + github.com/emicklei/go-restful/v3 v3.12.2 // indirect github.com/emirpasic/gods v1.18.1 // indirect - github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect + github.com/envoyproxy/go-control-plane/envoy v1.35.0 // indirect github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect github.com/evanphx/json-patch v5.9.11+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.11 // indirect @@ -293,7 +294,7 @@ require ( github.com/fatih/structs v1.1.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.9.0 // indirect - github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/getsentry/sentry-go v0.34.0 // indirect github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 // indirect github.com/go-chi/chi/v5 v5.2.3 // indirect @@ -302,29 +303,28 @@ require ( github.com/go-git/go-billy/v5 v5.6.1 // indirect github.com/go-git/go-git/v5 v5.13.1 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect - github.com/go-jose/go-jose/v3 v3.0.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/analysis v0.23.0 // indirect - github.com/go-openapi/errors v0.22.2 // indirect - github.com/go-openapi/jsonpointer v0.21.0 // indirect - github.com/go-openapi/jsonreference v0.21.0 // indirect - github.com/go-openapi/loads v0.22.0 // indirect - github.com/go-openapi/runtime v0.28.0 // indirect - github.com/go-openapi/spec v0.21.0 // indirect - github.com/go-openapi/strfmt v0.23.0 // indirect - github.com/go-openapi/swag v0.24.1 // indirect - github.com/go-openapi/swag/cmdutils v0.24.0 // indirect - github.com/go-openapi/swag/conv v0.24.0 // indirect - github.com/go-openapi/swag/fileutils v0.24.0 // indirect - github.com/go-openapi/swag/jsonname v0.24.0 // indirect - github.com/go-openapi/swag/jsonutils v0.24.0 // indirect - github.com/go-openapi/swag/loading v0.24.0 // indirect - github.com/go-openapi/swag/mangling v0.24.0 // indirect - github.com/go-openapi/swag/netutils v0.24.0 // indirect - github.com/go-openapi/swag/stringutils v0.24.0 // indirect - github.com/go-openapi/swag/typeutils v0.24.0 // indirect - github.com/go-openapi/swag/yamlutils v0.24.0 // indirect - github.com/go-openapi/validate v0.24.0 // indirect + github.com/go-openapi/analysis v0.24.1 // indirect + github.com/go-openapi/errors v0.22.4 // indirect + github.com/go-openapi/jsonpointer v0.22.1 // indirect + github.com/go-openapi/jsonreference v0.21.3 // indirect + github.com/go-openapi/loads v0.23.2 // indirect + github.com/go-openapi/runtime v0.29.2 // indirect + github.com/go-openapi/spec v0.22.1 // indirect + github.com/go-openapi/strfmt v0.25.0 // indirect + github.com/go-openapi/swag v0.25.4 // indirect + github.com/go-openapi/swag/cmdutils v0.25.4 // indirect + github.com/go-openapi/swag/conv v0.25.4 // indirect + github.com/go-openapi/swag/fileutils v0.25.4 // indirect + github.com/go-openapi/swag/jsonname v0.25.4 // indirect + github.com/go-openapi/swag/jsonutils v0.25.4 // indirect + github.com/go-openapi/swag/loading v0.25.4 // indirect + github.com/go-openapi/swag/mangling v0.25.4 // indirect + github.com/go-openapi/swag/netutils v0.25.4 // indirect + github.com/go-openapi/swag/stringutils v0.25.4 // indirect + github.com/go-openapi/swag/typeutils v0.25.4 // indirect + github.com/go-openapi/swag/yamlutils v0.25.4 // indirect + github.com/go-openapi/validate v0.25.1 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/gobuffalo/flect v1.0.3 // indirect @@ -334,13 +334,13 @@ require ( github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/snappy v1.0.0 // indirect github.com/google/btree v1.1.3 // indirect - github.com/google/cel-go v0.23.2 // indirect - github.com/google/go-github/v72 v72.0.0 // indirect + github.com/google/cel-go v0.26.1 // indirect + github.com/google/go-github/v73 v73.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect github.com/gorilla/css v1.0.0 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/gosuri/uitable v0.0.4 // indirect @@ -349,7 +349,7 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/huandu/xstrings v1.5.0 // indirect - github.com/in-toto/attestation v1.1.1 // indirect + github.com/in-toto/attestation v1.1.2 // indirect github.com/in-toto/in-toto-golang v0.9.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/itchyny/gojq v0.12.17 // indirect @@ -380,7 +380,7 @@ require ( github.com/kylelemons/godebug v1.1.0 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect - github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect + github.com/letsencrypt/boulder v0.20251110.0 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/matryer/is v1.4.1 // indirect github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect @@ -401,7 +401,7 @@ require ( github.com/moby/sys/user v0.4.0 // indirect github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/mozillazg/docker-credential-acr-helper v0.4.0 // indirect github.com/mschoch/smat v0.2.0 // indirect @@ -418,7 +418,6 @@ require ( github.com/openshift-online/ocm-api-model/clientapi v0.0.433 // indirect github.com/openshift-online/ocm-api-model/model v0.0.433 // indirect github.com/openshift/custom-resource-status v1.1.2 // indirect - github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/operator-framework/operator-lib v0.17.0 // indirect github.com/package-url/packageurl-go v0.1.3 // indirect github.com/pelletier/go-toml v1.9.5 // indirect @@ -426,7 +425,7 @@ require ( github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pierrec/lz4/v4 v4.1.21 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect - github.com/prometheus/procfs v0.16.1 // indirect + github.com/prometheus/procfs v0.17.0 // indirect github.com/quay/claircore/updater/driver v1.0.0 // indirect github.com/quay/goval-parser v0.8.8 // indirect github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect @@ -439,68 +438,68 @@ require ( github.com/sassoftware/relic v7.2.1+incompatible // indirect github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect github.com/segmentio/backo-go v1.0.1 // indirect - github.com/segmentio/ksuid v1.0.4 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect - github.com/sigstore/fulcio v1.7.1 // indirect + github.com/sigstore/fulcio v1.8.3 // indirect github.com/sigstore/protobuf-specs v0.5.0 // indirect - github.com/sigstore/sigstore-go v1.0.0 // indirect - github.com/sigstore/timestamp-authority v1.2.8 // indirect - github.com/sirupsen/logrus v1.9.3 // indirect + github.com/sigstore/rekor-tiles/v2 v2.0.1 // indirect + github.com/sigstore/sigstore-go v1.1.4-0.20251201121426-2cdedea80894 // indirect + github.com/sigstore/timestamp-authority/v2 v2.0.3 // indirect + github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af // indirect github.com/skeema/knownhosts v1.3.0 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/spdx/tools-golang v0.5.5 // indirect github.com/spf13/afero v1.15.0 // indirect github.com/spf13/cast v1.10.0 // indirect - github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect + github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect github.com/stackrox/dotnet-scraper v0.0.0-20201023051640-72ef543323dd // indirect github.com/stackrox/istio-cves v0.0.0-20221007013142-0bde9b541ec8 // indirect github.com/stackrox/k8s-cves v0.0.0-20220818200547-7d0d1420c58d // indirect - github.com/stoewer/go-strcase v1.3.0 // indirect + github.com/stoewer/go-strcase v1.3.1 // indirect github.com/stretchr/objx v0.5.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect github.com/thales-e-security/pool v0.0.2 // indirect github.com/theupdateframework/go-tuf v0.7.0 // indirect - github.com/theupdateframework/go-tuf/v2 v2.1.1 // indirect + github.com/theupdateframework/go-tuf/v2 v2.3.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/tjfoc/gmsm v1.4.1 // indirect + github.com/transparency-dev/formats v0.0.0-20251017110053-404c0d5b696c // indirect github.com/transparency-dev/merkle v0.0.2 // indirect github.com/trivago/tgo v1.0.7 // indirect github.com/ulikunitz/xz v0.5.15 // indirect - github.com/vbatts/tar-split v0.12.1 // indirect - github.com/weppos/publicsuffix-go v0.30.3-0.20240510084413-5f1d03393b3d // indirect + github.com/vbatts/tar-split v0.12.2 // indirect + github.com/weppos/publicsuffix-go v0.50.1-0.20250829105427-5340293a34a1 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect github.com/xlab/treeprint v1.2.0 // indirect - github.com/zeebo/errs v1.4.0 // indirect - github.com/zmap/zcrypto v0.0.0-20231219022726-a1f61fb1661c // indirect - github.com/zmap/zlint/v3 v3.6.0 // indirect - gitlab.com/gitlab-org/api/client-go v0.130.1 // indirect + github.com/zmap/zcrypto v0.0.0-20250129210703-03c45d0bae98 // indirect + github.com/zmap/zlint/v3 v3.6.6 // indirect + gitlab.com/gitlab-org/api/client-go v0.160.0 // indirect go.etcd.io/bbolt v1.4.2 // indirect - go.mongodb.org/mongo-driver v1.14.0 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/detectors/gcp v1.36.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect + go.mongodb.org/mongo-driver v1.17.6 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect + go.opentelemetry.io/contrib/detectors/gcp v1.38.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect go.opentelemetry.io/otel v1.38.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 // indirect go.opentelemetry.io/otel/metric v1.38.0 // indirect - go.opentelemetry.io/otel/sdk v1.37.0 // indirect - go.opentelemetry.io/otel/sdk/metric v1.37.0 // indirect + go.opentelemetry.io/otel/sdk v1.38.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.38.0 // indirect go.opentelemetry.io/otel/trace v1.38.0 // indirect - go.opentelemetry.io/proto/otlp v1.5.0 // indirect + go.opentelemetry.io/proto/otlp v1.7.1 // indirect go.uber.org/automaxprocs v1.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect @@ -508,12 +507,12 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/code-generator v0.33.5 // indirect + k8s.io/code-generator v0.34.1 // indirect k8s.io/component-base v0.33.5 // indirect k8s.io/component-helpers v0.33.5 // indirect - k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 // indirect + k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911 // indirect + k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect kubevirt.io/containerized-data-importer-api v1.60.3-0.20241105012228-50fbed985de9 // indirect kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 // indirect modernc.org/libc v1.66.3 // indirect @@ -527,8 +526,8 @@ require ( sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect sigs.k8s.io/network-policy-api v0.1.5 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/release-utils v0.12.1 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect + sigs.k8s.io/release-utils v0.12.2 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect ) // HOW TO BUMP diff --git a/go.sum b/go.sum index 73cad356eb038..b477cfd3b3d32 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ -cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY= -cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= +al.essio.dev/pkg/shellescape v1.6.0 h1:NxFcEqzFSEVCGN2yq7Huv/9hyCEGVa/TncnOOBBeXHA= +al.essio.dev/pkg/shellescape v1.6.0/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890= +cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4= +cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= @@ -50,10 +52,10 @@ cloud.google.com/go/containeranalysis v0.14.2/go.mod h1:FjppROiUtP9cyMegdWdY/TsB cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= -cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8= -cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE= -cloud.google.com/go/kms v1.22.0 h1:dBRIj7+GDeeEvatJeTB19oYZNV0aj6wEqSIT/7gLqtk= -cloud.google.com/go/kms v1.22.0/go.mod h1:U7mf8Sva5jpOb4bxYZdtw/9zsbIjrklYwPcvMk34AL8= +cloud.google.com/go/iam v1.5.3 h1:+vMINPiDF2ognBJ97ABAYYwRgsaqxPbQDlMnbHMjolc= +cloud.google.com/go/iam v1.5.3/go.mod h1:MR3v9oLkZCTlaqljW6Eb2d3HGDGK5/bDv93jhfISFvU= +cloud.google.com/go/kms v1.23.2 h1:4IYDQL5hG4L+HzJBhzejUySoUOheh3Lk5YT4PCyyW6k= +cloud.google.com/go/kms v1.23.2/go.mod h1:rZ5kK0I7Kn9W4erhYVoIRPtpizjunlrfU4fUkumUp8g= cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc= cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA= cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE= @@ -71,14 +73,10 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.57.0 h1:4g7NB7Ta7KetVbOMpCqy89C+Vg5VE8scqlSHUPm7Rds= -cloud.google.com/go/storage v1.57.0/go.mod h1:329cwlpzALLgJuu8beyJ/uvQznDHpa2U5lGjWednkzg= +cloud.google.com/go/storage v1.57.1 h1:gzao6odNJ7dR3XXYvAgPK+Iw4fVPPznEPPyNjbaVkq8= +cloud.google.com/go/storage v1.57.1/go.mod h1:329cwlpzALLgJuu8beyJ/uvQznDHpa2U5lGjWednkzg= cloud.google.com/go/trace v1.11.6 h1:2O2zjPzqPYAHrn3OKl029qlqG6W8ZdYaOWRyr8NgMT4= cloud.google.com/go/trace v1.11.6/go.mod h1:GA855OeDEBiBMzcckLPE2kDunIpC72N+Pq8WFieFjnI= -cuelabs.dev/go/oci/ociregistry v0.0.0-20241125120445-2c00c104c6e1 h1:mRwydyTyhtRX2wXS3mqYWzR2qlv6KsmoKXmlz5vInjg= -cuelabs.dev/go/oci/ociregistry v0.0.0-20241125120445-2c00c104c6e1/go.mod h1:5A4xfTzHTXfeVJBU6RAUf+QrlfTCW+017q/QiW+sMLg= -cuelang.org/go v0.12.1 h1:5I+zxmXim9MmiN2tqRapIqowQxABv2NKTgbOspud1Eo= -cuelang.org/go v0.12.1/go.mod h1:B4+kjvGGQnbkz+GuAv1dq/R308gTkp0sO28FdMrJ2Kw= dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= @@ -94,10 +92,10 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go-extensions v0.2.0 h1:Wcgvuz5isRhcXWfciv66m4AES8QdomdcpTTOYBnXIc4= github.com/Azure/azure-sdk-for-go-extensions v0.2.0/go.mod h1:ryW/ApW8CPlJeqhzt0JTEE8rGWgsvCmfQTeFYE/SHX8= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 h1:5YTBM8QDVIBN3sxBil89WfdAAqDZbyJTgh688DSxX5w= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0 h1:KpMC6LFL7mqpExyMC9jVOYRiVhLmamjeZfRsUpB7l4s= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0/go.mod h1:J7MUC/wtRpfGVbQ5sIItY5/FuVWmvzlY21WAOfQnq/I= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 h1:JXg2dwJUmPB9JmtVmdEB16APJ7jurfbY5jnfXpJoRMc= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8= github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry v0.2.3 h1:ldKsKtEIblsgsr6mPwrd9yRntoX6uLz/K89wsldwx/k= @@ -137,8 +135,8 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= -github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 h1:XkkQbfMyuH2jTSjQjSoihryI8GINRcs4xp8lNawg0FI= -github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk= +github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs= +github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= @@ -152,14 +150,14 @@ github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/zstd v1.5.7 h1:ybO8RBeh29qrxIhCA9E8gKY6xfONU9T6G6aP9DTKfLE= github.com/DataDog/zstd v1.5.7/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0 h1:UQUsRi8WTzhZntp5313l+CHIAT95ojUI2lpP/ExlZa4= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.29.0/go.mod h1:Cz6ft6Dkn3Et6l2v2a9/RpN7epQ1GtDlO6lj8bEcOvw= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0 h1:owcC2UnmsZycprQ5RfRgjydWhuoxg71LUfyiQdijZuM= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.53.0/go.mod h1:ZPpqegjbE99EPKsu3iUWV22A04wzGPcAY/ziSIQEEgs= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.53.0 h1:4LP6hvB4I5ouTbGgWtixJhgED6xdf67twf9PoY96Tbg= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.53.0/go.mod h1:jUZ5LYlw40WMd07qxcQJD5M40aUxrfwqQX1g7zxYnrQ= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0 h1:Ron4zCA/yk6U7WOBXhTJcDpsUBG9npumK6xw2auFltQ= -github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.53.0/go.mod h1:cSgYe11MCNYunTnRXrKiR/tHc0eoKjICUuWpNZoVCOo= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0 h1:sBEjpZlNHzK1voKq9695PJSX2o5NEXl7/OL3coiIY0c= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.30.0/go.mod h1:P4WPRUkOhJC13W//jWpyfJNDAIpvRbAUIYLX/4jtlE0= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.54.0 h1:lhhYARPUu3LmHysQ/igznQphfzynnqI3D75oUyw1HXk= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.54.0/go.mod h1:l9rva3ApbBpEJxSNYnwT9N4CDLrWgtq3u8736C5hyJw= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.54.0 h1:xfK3bbi6F2RDtaZFtUdKO3osOBIhNb+xTs8lFW6yx9o= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.54.0/go.mod h1:vB2GH9GAYYJTO3mEn8oYwzEdhlayZIdQz6zdzgUIRvA= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.54.0 h1:s0WlVbf9qpvkh1c/uDAPElam0WrL7fHRIidgZJ7UqZI= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.54.0/go.mod h1:Mf6O40IAyB9zR/1J8nGDDPirZQQPbYJni8Yisy7NTMc= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -182,7 +180,6 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PagerDuty/go-pagerduty v1.8.0 h1:MTFqTffIcAervB83U7Bx6HERzLbyaSPL/+oxH3zyluI= github.com/PagerDuty/go-pagerduty v1.8.0/go.mod h1:nzIeAqyFSJAFkjWKvMzug0JtwDg+V+UoCWjFrfFH5mI= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk= github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -206,14 +203,10 @@ github.com/aclements/go-perfevent v0.0.0-20240301234650-f7843625020f h1:JjxwchlO github.com/aclements/go-perfevent v0.0.0-20240301234650-f7843625020f/go.mod h1:tMDTce/yLLN/SK8gMOxQfnyeMeCg8KGzp0D1cbECEeo= github.com/adhocore/gronx v1.19.6 h1:5KNVcoR9ACgL9HhEqCm5QXsab/gI4QDIybTAWcXDKDc= github.com/adhocore/gronx v1.19.6/go.mod h1:7oUY1WAU8rEJWmAxXR2DN0JaO4gi9khSgKjiRypqteg= -github.com/agnivade/levenshtein v1.2.1 h1:EHBY3UOn1gwdy/VbFwgo4cxecRznFk7fKWN1KOX7eoM= -github.com/agnivade/levenshtein v1.2.1/go.mod h1:QVVI16kDrtSuwcpd0p1+xMC6Z/VfhtCyDIjcwga4/DU= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= -github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.2/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= @@ -269,8 +262,8 @@ github.com/andygrunwald/go-jira v1.17.0/go.mod h1:tiZsPUu9824bwcI2BUXatE4hJbs9rU github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= -github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= +github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= +github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= @@ -282,56 +275,58 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE= -github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= -github.com/aws/aws-sdk-go-v2 v1.39.2 h1:EJLg8IdbzgeD7xgvZ+I8M1e0fL0ptn/M47lianzth0I= -github.com/aws/aws-sdk-go-v2 v1.39.2/go.mod h1:sDioUELIUO9Znk23YVmIk86/9DOpkbyyVb1i/gUNFXY= +github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ= +github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk= +github.com/aws/aws-sdk-go-v2 v1.40.0 h1:/WMUA0kjhZExjOQN2z3oLALDREea1A7TobfuiBrKlwc= +github.com/aws/aws-sdk-go-v2 v1.40.0/go.mod h1:c9pm7VwuW0UPxAEYGyTmyurVcNrbF6Rt/wixFqDhcjE= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1 h1:i8p8P4diljCr60PpJp6qZXNlgX4m2yQFpYk+9ZT+J4E= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.1/go.mod h1:ddqbooRZYNoJ2dsTwOty16rM+/Aqmk/GOXrK8cg7V00= -github.com/aws/aws-sdk-go-v2/config v1.31.12 h1:pYM1Qgy0dKZLHX2cXslNacbcEFMkDMl+Bcj5ROuS6p8= -github.com/aws/aws-sdk-go-v2/config v1.31.12/go.mod h1:/MM0dyD7KSDPR+39p9ZNVKaHDLb9qnfDurvVS2KAhN8= -github.com/aws/aws-sdk-go-v2/credentials v1.18.16 h1:4JHirI4zp958zC026Sm+V4pSDwW4pwLefKrc0bF2lwI= -github.com/aws/aws-sdk-go-v2/credentials v1.18.16/go.mod h1:qQMtGx9OSw7ty1yLclzLxXCRbrkjWAM7JnObZjmCB7I= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9 h1:Mv4Bc0mWmv6oDuSWTKnk+wgeqPL5DRFu5bQL9BGPQ8Y= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.9/go.mod h1:IKlKfRppK2a1y0gy1yH6zD+yX5uplJ6UuPlgd48dJiQ= +github.com/aws/aws-sdk-go-v2/config v1.32.2 h1:4liUsdEpUUPZs5WVapsJLx5NPmQhQdez7nYFcovrytk= +github.com/aws/aws-sdk-go-v2/config v1.32.2/go.mod h1:l0hs06IFz1eCT+jTacU/qZtC33nvcnLADAPL/XyrkZI= +github.com/aws/aws-sdk-go-v2/credentials v1.19.2 h1:qZry8VUyTK4VIo5aEdUcBjPZHL2v4FyQ3QEOaWcFLu4= +github.com/aws/aws-sdk-go-v2/credentials v1.19.2/go.mod h1:YUqm5a1/kBnoK+/NY5WEiMocZihKSo15/tJdmdXnM5g= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 h1:WZVR5DbDgxzA0BJeudId89Kmgy6DIU4ORpxwsVHz0qA= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14/go.mod h1:Dadl9QO0kHgbrH1GRqGiZdYtW5w+IXXaBNCHTIaheM4= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.12 h1:ofHawDLJTI6ytDIji+g4dXQ6u2idzTb04tDlN9AS614= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.19.12/go.mod h1:f5pL4iLDfbcxj1SZcdRdIokBB5eHbuYPS/Fs9DwUPRQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9 h1:se2vOWGD3dWQUtfn4wEjRQJb1HK1XsNIt825gskZ970= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.9/go.mod h1:hijCGH2VfbZQxqCDN7bwz/4dzxV+hkyhjawAtdPWKZA= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9 h1:6RBnKZLkJM4hQ+kN6E7yWFveOTg8NLPHAkqrs4ZPlTU= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.9/go.mod h1:V9rQKRmK7AWuEsOMnHzKj8WyrIir1yUJbZxDuZLFvXI= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 h1:PZHqQACxYb8mYgms4RZbhZG0a7dPW06xOjmaH0EJC/I= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14/go.mod h1:VymhrMJUWs69D8u0/lZ7jSB6WgaG/NqHi3gX0aYf6U0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 h1:bOS19y6zlJwagBfHxs0ESzr1XCOU2KXJCWcq3E2vfjY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14/go.mod h1:1ipeGBMAxZ0xcTm6y6paC2C/J6f6OO7LBODV9afuAyM= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.9 h1:w9LnHqTq8MEdlnyhV4Bwfizd65lfNCNgdlNC6mM5paE= github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.9/go.mod h1:LGEP6EK4nj+bwWNdrvX/FnDTFowdBNwcSPuZu/ouFys= -github.com/aws/aws-sdk-go-v2/service/ecr v1.50.5 h1:jzjNyiIrXJHumV1hwofcQLpIZtcDw+vPQL00rLI3s4g= -github.com/aws/aws-sdk-go-v2/service/ecr v1.50.5/go.mod h1:UtPKcYVHY6RrV9EaaM1KZGNaf9dgviFdsT6xoFMLQsM= -github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.31.2 h1:E6/Myrj9HgLF22medmDrKmbpm4ULsa+cIBNx3phirBk= -github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.31.2/go.mod h1:OQ8NALFcchBJ/qruak6zKUQodovnTKKaReTuCkc5/9Y= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1 h1:oegbebPEMA/1Jny7kvwejowCaHz1FWZAQ94WXFNCyTM= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.1/go.mod h1:kemo5Myr9ac0U9JfSjMo9yHLtw+pECEHsFtJ9tqCEI8= +github.com/aws/aws-sdk-go-v2/service/ecr v1.51.2 h1:aq2N/9UkbEyljIQ7OFcudEgUsJzO8MYucmfsM/k/dmc= +github.com/aws/aws-sdk-go-v2/service/ecr v1.51.2/go.mod h1:1NVD1KuMjH2GqnPwMotPndQaT/MreKkWpjkF12d6oKU= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.2 h1:9fe6w8bydUwNAhFVmjo+SRqAJjbBMOyILL/6hTTVkyA= +github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.2/go.mod h1:x7gU4CAyAz4BsM9hlRkhHiYw2GIr1QCmN45uwQw9l/E= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 h1:x2Ibm/Af8Fi+BH+Hsn9TXGdT+hKbDd5XOTZxTMxDk7o= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3/go.mod h1:IW1jwyrQgMdhisceG8fQLmQIydcT/jWY21rFhzgaKwo= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.0 h1:X0FveUndcZ3lKbSpIC6rMYGRiQTcUVRNH6X4yYtIrlU= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.0/go.mod h1:IWjQYlqw4EX9jw2g3qnEPPWvCE6bS8fKzhMed1OK7c8= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9 h1:5r34CgVOD4WZudeEKZ9/iKpiT6cM1JyEROpXjOcdWv8= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.9/go.mod h1:dB12CEbNWPbzO2uC6QSWHteqOg4JfBVJOojbAoAUb5I= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 h1:FIouAnCE46kyYqyhs0XEBDFFSREtdnr8HQuLPQPLCrY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14/go.mod h1:UTwDc5COa5+guonQU8qBikJo1ZJ4ln2r1MkF7Dqag1E= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.9 h1:wuZ5uW2uhJR63zwNlqWH2W4aL4ZjeJP3o92/W+odDY4= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.9/go.mod h1:/G58M2fGszCrOzvJUkDdY8O9kycodunH4VdT5oBAqls= -github.com/aws/aws-sdk-go-v2/service/kms v1.44.0 h1:Z95XCqqSnwXr0AY7PgsiOUBhUG2GoDM5getw6RfD1Lg= -github.com/aws/aws-sdk-go-v2/service/kms v1.44.0/go.mod h1:DqcSngL7jJeU1fOzh5Ll5rSvX/MlMV6OZlE4mVdFAQc= +github.com/aws/aws-sdk-go-v2/service/kms v1.49.1 h1:U0asSZ3ifpuIehDPkRI2rxHbmFUMplDA2VeR9Uogrmw= +github.com/aws/aws-sdk-go-v2/service/kms v1.49.1/go.mod h1:NZo9WJqQ0sxQ1Yqu1IwCHQFQunTms2MlVgejg16S1rY= github.com/aws/aws-sdk-go-v2/service/s3 v1.88.4 h1:mUI3b885qJgfqKDUSj6RgbRqLdX0wGmg8ruM03zNfQA= github.com/aws/aws-sdk-go-v2/service/s3 v1.88.4/go.mod h1:6v8ukAxc7z4x4oBjGUsLnH7KGLY9Uhcgij19UJNkiMg= github.com/aws/aws-sdk-go-v2/service/securityhub v1.64.4 h1:56LRTpQSA6dqo2inwUwICUgnlCe3kAddCOhWggdDsYQ= github.com/aws/aws-sdk-go-v2/service/securityhub v1.64.4/go.mod h1:whhpbyK81XOJWOiCmN4SbYv3X+kgNlMgHOQAnEMRXsM= -github.com/aws/aws-sdk-go-v2/service/sso v1.29.6 h1:A1oRkiSQOWstGh61y4Wc/yQ04sqrQZr1Si/oAXj20/s= -github.com/aws/aws-sdk-go-v2/service/sso v1.29.6/go.mod h1:5PfYspyCU5Vw1wNPsxi15LZovOnULudOQuVxphSflQA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1 h1:5fm5RTONng73/QA73LhCNR7UT9RpFH3hR6HWL6bIgVY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.1/go.mod h1:xBEjWD13h+6nq+z4AkqSfSvqRKFgDIQeaMguAJndOWo= -github.com/aws/aws-sdk-go-v2/service/sts v1.38.6 h1:p3jIvqYwUZgu/XYeI48bJxOhvm47hZb5HUQ0tn6Q9kA= -github.com/aws/aws-sdk-go-v2/service/sts v1.38.6/go.mod h1:WtKK+ppze5yKPkZ0XwqIVWD4beCwv056ZbPQNoeHqM8= -github.com/aws/smithy-go v1.23.0 h1:8n6I3gXzWJB2DxBDnfxgBaSX6oe0d/t10qGz7OKqMCE= -github.com/aws/smithy-go v1.23.0/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= -github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.9.1 h1:50sS0RWhGpW/yZx2KcDNEb1u1MANv5BMEkJgcieEDTA= -github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.9.1/go.mod h1:ErZOtbzuHabipRTDTor0inoRlYwbsV1ovwSxjGs/uJo= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.2 h1:MxMBdKTYBjPQChlJhi4qlEueqB1p1KcbTEa7tD5aqPs= +github.com/aws/aws-sdk-go-v2/service/signin v1.0.2/go.mod h1:iS6EPmNeqCsGo+xQmXv0jIMjyYtQfnwg36zl2FwEouk= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.5 h1:ksUT5KtgpZd3SAiFJNJ0AFEJVva3gjBmN7eXUZjzUwQ= +github.com/aws/aws-sdk-go-v2/service/sso v1.30.5/go.mod h1:av+ArJpoYf3pgyrj6tcehSFW+y9/QvAY8kMooR9bZCw= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10 h1:GtsxyiF3Nd3JahRBJbxLCCdYW9ltGQYrFWg8XdkGDd8= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10/go.mod h1:/j67Z5XBVDx8nZVp9EuFM9/BS5dvBznbqILGuu73hug= +github.com/aws/aws-sdk-go-v2/service/sts v1.41.2 h1:a5UTtD4mHBU3t0o6aHQZFJTNKVfxFWfPX7J0Lr7G+uY= +github.com/aws/aws-sdk-go-v2/service/sts v1.41.2/go.mod h1:6TxbXoDSgBQ225Qd8Q+MbxUxUh6TtNKwbRt/EPS9xso= +github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk= +github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= +github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.11.0 h1:GOPttfOAf5qAgx7r6b+zCWZrvCsfKffkL4H6mSYx1kA= +github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.11.0/go.mod h1:a2HN6+p7k0JLDO8514sMr0l4cnrR52z4sWoZ/Uc82ho= github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/beevik/etree v1.5.0 h1:iaQZFSDS+3kYZiGoc9uKeOkUY3nYMXOKLl6KIJxiJWs= @@ -354,21 +349,12 @@ github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4Yn github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= -github.com/buildkite/agent/v3 v3.98.2 h1:VOOxv8XD8HVCtEvtRPQhvB6k2Gorha2gN1wGh94gYAA= -github.com/buildkite/agent/v3 v3.98.2/go.mod h1:+zCvvo/OlOwfs+AH3QvSn37H3cBXP3Fe18eoSbqUvnY= -github.com/buildkite/go-pipeline v0.13.3 h1:llI7sAdZ7sqYE7r8ePlmDADRhJ1K0Kua2+gv74Z9+Es= -github.com/buildkite/go-pipeline v0.13.3/go.mod h1:1uC2XdHkTV1G5jYv9K8omERIwrsYbBruBrPx1Zu1uFw= -github.com/buildkite/interpolate v0.1.5 h1:v2Ji3voik69UZlbfoqzx+qfcsOKLA61nHdU79VV+tPU= -github.com/buildkite/interpolate v0.1.5/go.mod h1:dHnrwHew5O8VNOAgMDpwRlFnhL5VSN6M1bHVmRZ9Ccc= -github.com/buildkite/roko v1.3.1 h1:t7K30ceLLYn6k7hQP4oq1c7dVlhgD5nRcuSRDEEnY1s= -github.com/buildkite/roko v1.3.1/go.mod h1:23R9e6nHxgedznkwwfmqZ6+0VJZJZ2Sg/uVcp2cP46I= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/cenkalti/backoff/v5 v5.0.2 h1:rIfFVxEf1QsI7E1ZHfp/B4DF/6QBAUhmgkxc0H7Zss8= -github.com/cenkalti/backoff/v5 v5.0.2/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= +github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= +github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= @@ -391,7 +377,6 @@ github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/cfssl v1.6.5 h1:46zpNkm6dlNkMZH/wMW22ejih6gIaJbzL2du6vD7ZeI= github.com/cloudflare/cfssl v1.6.5/go.mod h1:Bk1si7sq8h2+yVEDrFJiz3d7Aw+pfjjJSZVaD+Taky4= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -404,12 +389,9 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 h1:aQ3y1lwWyqYPiWZThqv1aFbZMiM9vblcSArJRf2Irls= -github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= -github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= +github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f h1:Y8xYupdHxryycyPlc9Y+bSQAYZnetRJ70VMVKm5CKI0= +github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f/go.mod h1:HlzOvOjVBOfTGSRXRyY0OiCS/3J1akRGQQpRO/7zyF4= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= -github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg= -github.com/cockroachdb/apd/v3 v3.2.1/go.mod h1:klXJcjp+FffLTHlhIG69tezTDvdP065naDsHzKhYSqc= github.com/cockroachdb/cockroach-go/v2 v2.2.0 h1:/5znzg5n373N/3ESjHF5SMLxiW4RKB05Ql//KWfeTFs= github.com/cockroachdb/cockroach-go/v2 v2.2.0/go.mod h1:u3MiKYGupPPjkn3ozknpMUpxPaNLTFWAya419/zv6eI= github.com/cockroachdb/crlib v0.0.0-20250617202621-0794c595bbe6 h1:PZVolkXzVqPQQZ7Jm8/lGpI9ZM086mB55oOWqy0wG6E= @@ -436,22 +418,22 @@ github.com/coder/websocket v1.8.14 h1:9L0p0iKiNOibykf283eHkKUHHrpG7f65OE3BhhO7v9 github.com/coder/websocket v1.8.14/go.mod h1:NX3SzP+inril6yawo5CQXx8+fk145lPDC6pumgx0mVg= github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ= github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w= -github.com/containerd/containerd v1.7.27 h1:yFyEyojddO3MIGVER2xJLWoCIn+Up4GaHFquP7hsFII= -github.com/containerd/containerd v1.7.27/go.mod h1:xZmPnl75Vc+BLGt4MIfu6bp+fy03gdHAn9bz+FreFR0= +github.com/containerd/containerd v1.7.29 h1:90fWABQsaN9mJhGkoVnuzEY+o1XDPbg9BTC9QTAHnuE= +github.com/containerd/containerd v1.7.29/go.mod h1:azUkWcOvHrWvaiUjSQH0fjzuHIwSPg1WL5PshGP4Szs= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= -github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8= -github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU= +github.com/containerd/stargz-snapshotter/estargz v0.18.1 h1:cy2/lpgBXDA3cDKSyEfNOFMA/c10O1axL69EU7iirO8= +github.com/containerd/stargz-snapshotter/estargz v0.18.1/go.mod h1:ALIEqa7B6oVDsrF37GkGN20SuvG/pIMm7FwP7ZmRb0Q= github.com/containers/image/v5 v5.36.2 h1:GcxYQyAHRF/pLqR4p4RpvKllnNL8mOBn0eZnqJbfTwk= github.com/containers/image/v5 v5.36.2/go.mod h1:b4GMKH2z/5t6/09utbse2ZiLK/c72GuGLFdp7K69eA4= github.com/containers/storage v1.59.1 h1:11Zu68MXsEQGBBd+GadPrHPpWeqjKS8hJDGiAHgIqDs= github.com/containers/storage v1.59.1/go.mod h1:KoAYHnAjP3/cTsRS+mmWZGkufSY2GACiKQ4V3ZLQnR0= -github.com/coreos/go-oidc/v3 v3.16.0 h1:qRQUCFstKpXwmEjDQTIbyY/5jF00+asXzSkmkoa/mow= -github.com/coreos/go-oidc/v3 v3.16.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8= +github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc= +github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= @@ -471,8 +453,8 @@ github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 h github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= -github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= -github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= +github.com/danieljoos/wincred v1.2.3 h1:v7dZC2x32Ut3nEfRH+vhoZGvN72+dQ/snVXo/vMFLdQ= +github.com/danieljoos/wincred v1.2.3/go.mod h1:6qqX0WNrS4RzPZ1tnroDzq9kY3fu1KwE7MRLQK4X0bs= github.com/dave/jennifer v1.7.1 h1:B4jJJDHelWcDhlRQxWeo0Npa/pYKBLrirAQoTN45txo= github.com/dave/jennifer v1.7.1/go.mod h1:nXbxhEmQfOZhWml3D1cDK5M1FLnMSozpbFN/m3RmGZc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -497,12 +479,12 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI= github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= -github.com/docker/cli v28.3.2+incompatible h1:mOt9fcLE7zaACbxW1GeS65RI67wIJrTnqS3hP2huFsY= -github.com/docker/cli v28.3.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v29.0.3+incompatible h1:8J+PZIcF2xLd6h5sHPsp5pvvJA+Sr2wGQxHkRl53a1E= +github.com/docker/cli v29.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= -github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= +github.com/docker/docker-credential-helpers v0.9.4 h1:76ItO69/AP/V4yT9V4uuuItG0B1N8hvt0T0c0NN/DzI= +github.com/docker/docker-credential-helpers v0.9.4/go.mod h1:v1S+hepowrQXITkEfw6o4+BMbGot02wiKpzWhGUZK6c= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= @@ -525,10 +507,8 @@ github.com/elazarl/goproxy v1.2.3/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZM github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.15.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= -github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/emicklei/proto v1.13.4 h1:myn1fyf8t7tAqIzV91Tj9qXpvyXXGXk8OS2H6IBSc9g= -github.com/emicklei/proto v1.13.4/go.mod h1:rn1FgRS/FANiZdD2djyH7TMA9jdRDcYQ9IEN9yvjX0A= +github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= +github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -540,10 +520,10 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= -github.com/envoyproxy/go-control-plane v0.13.4 h1:zEqyPVyku6IvWCFwux4x9RxkLOMUL+1vC9xUFv5l2/M= -github.com/envoyproxy/go-control-plane v0.13.4/go.mod h1:kDfuBlDVsSj2MjrLEtRWtHlsWIFcGyB2RMO44Dc5GZA= -github.com/envoyproxy/go-control-plane/envoy v1.32.4 h1:jb83lalDRZSpPWW2Z7Mck/8kXZ5CQAFYVjQcdVIr83A= -github.com/envoyproxy/go-control-plane/envoy v1.32.4/go.mod h1:Gzjc5k8JcJswLjAx1Zm+wSYE20UrLtt7JZMWiWQXQEw= +github.com/envoyproxy/go-control-plane v0.13.5-0.20251024222203-75eaa193e329 h1:K+fnvUM0VZ7ZFJf0n4L/BRlnsb9pL/GuDG6FqaH+PwM= +github.com/envoyproxy/go-control-plane v0.13.5-0.20251024222203-75eaa193e329/go.mod h1:Alz8LEClvR7xKsrq3qzoc4N0guvVNSS8KmSChGYr9hs= +github.com/envoyproxy/go-control-plane/envoy v1.35.0 h1:ixjkELDE+ru6idPxcHLj8LBVc2bFP7iBytj353BoHUo= +github.com/envoyproxy/go-control-plane/envoy v1.35.0/go.mod h1:09qwbGVuSWWAyN5t/b3iyVfz5+z8QWGrzkoqm/8SbEs= github.com/envoyproxy/go-control-plane/ratelimit v0.1.0 h1:/G9QYbddjL25KvtKTv3an9lx6VBE2cnb8wp1vEGNYGI= github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= @@ -581,8 +561,8 @@ github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmV github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= -github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= -github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= +github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/georgysavva/scany/v2 v2.1.4 h1:nrzHEJ4oQVRoiKmocRqA1IyGOmM/GQOEsg9UjMR5Ip4= github.com/georgysavva/scany/v2 v2.1.4/go.mod h1:fqp9yHZzM/PFVa3/rYEC57VmDx+KDch0LoqrJzkvtos= github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg= @@ -618,10 +598,6 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= -github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= -github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY= -github.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= @@ -641,58 +617,62 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= -github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= -github.com/go-openapi/errors v0.22.2 h1:rdxhzcBUazEcGccKqbY1Y7NS8FDcMyIRr0934jrYnZg= -github.com/go-openapi/errors v0.22.2/go.mod h1:+n/5UdIqdVnLIJ6Q9Se8HNGUXYaY6CN8ImWzfi/Gzp0= +github.com/go-openapi/analysis v0.24.1 h1:Xp+7Yn/KOnVWYG8d+hPksOYnCYImE3TieBa7rBOesYM= +github.com/go-openapi/analysis v0.24.1/go.mod h1:dU+qxX7QGU1rl7IYhBC8bIfmWQdX4Buoea4TGtxXY84= +github.com/go-openapi/errors v0.22.4 h1:oi2K9mHTOb5DPW2Zjdzs/NIvwi2N3fARKaTJLdNabaM= +github.com/go-openapi/errors v0.22.4/go.mod h1:z9S8ASTUqx7+CP1Q8dD8ewGH/1JWFFLX/2PmAYNQLgk= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= -github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonpointer v0.22.1 h1:sHYI1He3b9NqJ4wXLoJDKmUmHkWy/L7rtEo92JUxBNk= +github.com/go-openapi/jsonpointer v0.22.1/go.mod h1:pQT9OsLkfz1yWoMgYFy4x3U5GY5nUlsOn1qSBH5MkCM= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= -github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= -github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= -github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= -github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs= -github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ= -github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc= -github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY= -github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= -github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= -github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= +github.com/go-openapi/jsonreference v0.21.3 h1:96Dn+MRPa0nYAR8DR1E03SblB5FJvh7W6krPI0Z7qMc= +github.com/go-openapi/jsonreference v0.21.3/go.mod h1:RqkUP0MrLf37HqxZxrIAtTWW4ZJIK1VzduhXYBEeGc4= +github.com/go-openapi/loads v0.23.2 h1:rJXAcP7g1+lWyBHC7iTY+WAF0rprtM+pm8Jxv1uQJp4= +github.com/go-openapi/loads v0.23.2/go.mod h1:IEVw1GfRt/P2Pplkelxzj9BYFajiWOtY2nHZNj4UnWY= +github.com/go-openapi/runtime v0.29.2 h1:UmwSGWNmWQqKm1c2MGgXVpC2FTGwPDQeUsBMufc5Yj0= +github.com/go-openapi/runtime v0.29.2/go.mod h1:biq5kJXRJKBJxTDJXAa00DOTa/anflQPhT0/wmjuy+0= +github.com/go-openapi/spec v0.22.1 h1:beZMa5AVQzRspNjvhe5aG1/XyBSMeX1eEOs7dMoXh/k= +github.com/go-openapi/spec v0.22.1/go.mod h1:c7aeIQT175dVowfp7FeCvXXnjN/MrpaONStibD2WtDA= +github.com/go-openapi/strfmt v0.25.0 h1:7R0RX7mbKLa9EYCTHRcCuIPcaqlyQiWNPTXwClK0saQ= +github.com/go-openapi/strfmt v0.25.0/go.mod h1:nNXct7OzbwrMY9+5tLX4I21pzcmE6ccMGXl3jFdPfn8= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.24.1 h1:DPdYTZKo6AQCRqzwr/kGkxJzHhpKxZ9i/oX0zag+MF8= -github.com/go-openapi/swag v0.24.1/go.mod h1:sm8I3lCPlspsBBwUm1t5oZeWZS0s7m/A+Psg0ooRU0A= -github.com/go-openapi/swag/cmdutils v0.24.0 h1:KlRCffHwXFI6E5MV9n8o8zBRElpY4uK4yWyAMWETo9I= -github.com/go-openapi/swag/cmdutils v0.24.0/go.mod h1:uxib2FAeQMByyHomTlsP8h1TtPd54Msu2ZDU/H5Vuf8= -github.com/go-openapi/swag/conv v0.24.0 h1:ejB9+7yogkWly6pnruRX45D1/6J+ZxRu92YFivx54ik= -github.com/go-openapi/swag/conv v0.24.0/go.mod h1:jbn140mZd7EW2g8a8Y5bwm8/Wy1slLySQQ0ND6DPc2c= -github.com/go-openapi/swag/fileutils v0.24.0 h1:U9pCpqp4RUytnD689Ek/N1d2N/a//XCeqoH508H5oak= -github.com/go-openapi/swag/fileutils v0.24.0/go.mod h1:3SCrCSBHyP1/N+3oErQ1gP+OX1GV2QYFSnrTbzwli90= -github.com/go-openapi/swag/jsonname v0.24.0 h1:2wKS9bgRV/xB8c62Qg16w4AUiIrqqiniJFtZGi3dg5k= -github.com/go-openapi/swag/jsonname v0.24.0/go.mod h1:GXqrPzGJe611P7LG4QB9JKPtUZ7flE4DOVechNaDd7Q= -github.com/go-openapi/swag/jsonutils v0.24.0 h1:F1vE1q4pg1xtO3HTyJYRmEuJ4jmIp2iZ30bzW5XgZts= -github.com/go-openapi/swag/jsonutils v0.24.0/go.mod h1:vBowZtF5Z4DDApIoxcIVfR8v0l9oq5PpYRUuteVu6f0= -github.com/go-openapi/swag/loading v0.24.0 h1:ln/fWTwJp2Zkj5DdaX4JPiddFC5CHQpvaBKycOlceYc= -github.com/go-openapi/swag/loading v0.24.0/go.mod h1:gShCN4woKZYIxPxbfbyHgjXAhO61m88tmjy0lp/LkJk= -github.com/go-openapi/swag/mangling v0.24.0 h1:PGOQpViCOUroIeak/Uj/sjGAq9LADS3mOyjznmHy2pk= -github.com/go-openapi/swag/mangling v0.24.0/go.mod h1:Jm5Go9LHkycsz0wfoaBDkdc4CkpuSnIEf62brzyCbhc= -github.com/go-openapi/swag/netutils v0.24.0 h1:Bz02HRjYv8046Ycg/w80q3g9QCWeIqTvlyOjQPDjD8w= -github.com/go-openapi/swag/netutils v0.24.0/go.mod h1:WRgiHcYTnx+IqfMCtu0hy9oOaPR0HnPbmArSRN1SkZM= -github.com/go-openapi/swag/stringutils v0.24.0 h1:i4Z/Jawf9EvXOLUbT97O0HbPUja18VdBxeadyAqS1FM= -github.com/go-openapi/swag/stringutils v0.24.0/go.mod h1:5nUXB4xA0kw2df5PRipZDslPJgJut+NjL7D25zPZ/4w= -github.com/go-openapi/swag/typeutils v0.24.0 h1:d3szEGzGDf4L2y1gYOSSLeK6h46F+zibnEas2Jm/wIw= -github.com/go-openapi/swag/typeutils v0.24.0/go.mod h1:q8C3Kmk/vh2VhpCLaoR2MVWOGP8y7Jc8l82qCTd1DYI= -github.com/go-openapi/swag/yamlutils v0.24.0 h1:bhw4894A7Iw6ne+639hsBNRHg9iZg/ISrOVr+sJGp4c= -github.com/go-openapi/swag/yamlutils v0.24.0/go.mod h1:DpKv5aYuaGm/sULePoeiG8uwMpZSfReo1HR3Ik0yaG8= -github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= -github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= -github.com/go-piv/piv-go/v2 v2.3.0 h1:kKkrYlgLQTMPA6BiSL25A7/x4CEh2YCG7rtb/aTkx+g= -github.com/go-piv/piv-go/v2 v2.3.0/go.mod h1:ShZi74nnrWNQEdWzRUd/3cSig3uNOcEZp+EWl0oewnI= +github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU= +github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ= +github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4= +github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0= +github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4= +github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU= +github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y= +github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk= +github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI= +github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag= +github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA= +github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo= +github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM= +github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s= +github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE= +github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48= +github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg= +github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0= +github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg= +github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8= +github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0= +github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw= +github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE= +github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw= +github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc= +github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4= +github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg= +github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls= +github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= +github.com/go-openapi/validate v0.25.1 h1:sSACUI6Jcnbo5IWqbYHgjibrhhmt3vR6lCzKZnmAgBw= +github.com/go-openapi/validate v0.25.1/go.mod h1:RMVyVFYte0gbSTaZ0N4KmTn6u/kClvAFp+mAVfS/DQc= github.com/go-rod/rod v0.116.2 h1:A5t2Ky2A+5eD/ZJQr1EfsQSe5rms5Xof/qj296e+ZqA= github.com/go-rod/rod v0.116.2/go.mod h1:H+CMO9SCNc2TJ2WfrG+pKhITz57uGNYU43qYHh438Mg= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= @@ -777,8 +757,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.23.2 h1:UdEe3CvQh3Nv+E/j9r1Y//WO0K0cSyD7/y0bzyLIMI4= -github.com/google/cel-go v0.23.2/go.mod h1:52Pb6QsDbC5kvgxvZhiL9QX1oZEkcUF/ZqaPx1J5Wwo= +github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ= +github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= github.com/google/certificate-transparency-go v1.3.2 h1:9ahSNZF2o7SYMaKaXhAumVEzXB2QaayzII9C8rv7v+A= github.com/google/certificate-transparency-go v1.3.2/go.mod h1:H5FpMUaGa5Ab2+KCYsxg6sELw3Flkl7pGZzWdBoYLXs= github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= @@ -800,14 +780,13 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB31qAwjAohdSTU= -github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y= +github.com/google/go-containerregistry v0.20.7 h1:24VGNpS0IwrOZ2ms2P1QE3Xa5X9p4phx0aUgzYzHW6I= +github.com/google/go-containerregistry v0.20.7/go.mod h1:Lx5LCZQjLH1QBaMPeGwsME9biPeo1lPx6lbGj/UmzgM= github.com/google/go-github/v32 v32.1.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI= -github.com/google/go-github/v50 v50.2.0/go.mod h1:VBY8FB6yPIjrtKhozXv4FQupxKLS6H4m6xFZlT43q8Q= github.com/google/go-github/v60 v60.0.0 h1:oLG98PsLauFvvu4D/YPxq374jhSxFYdzQGNCyONLfn8= github.com/google/go-github/v60 v60.0.0/go.mod h1:ByhX2dP9XT9o/ll2yXAu2VD8l5eNVg8hD4Cr0S/LmQk= -github.com/google/go-github/v72 v72.0.0 h1:FcIO37BLoVPBO9igQQ6tStsv2asG4IPcYFi655PPvBM= -github.com/google/go-github/v72 v72.0.0/go.mod h1:WWtw8GMRiL62mvIquf1kO3onRHeWWKmK01qdCY8c5fg= +github.com/google/go-github/v73 v73.0.0 h1:aR+Utnh+Y4mMkS+2qLQwcQ/cF9mOTpdwnzlaw//rG24= +github.com/google/go-github/v73 v73.0.0/go.mod h1:fa6w8+/V+edSU0muqdhCVY7Beh1M8F1IlQPZIANKIYw= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -850,8 +829,8 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4= -github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= +github.com/googleapis/enterprise-certificate-proxy v0.3.7 h1:zrn2Ee/nWmHulBx5sAVrGgAa0f2/R35S4DJwfFaUPFQ= +github.com/googleapis/enterprise-certificate-proxy v0.3.7/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= @@ -880,14 +859,16 @@ github.com/grafana/pyroscope-go v1.2.7 h1:VWBBlqxjyR0Cwk2W6UrE8CdcdD80GOFNutj0Kb github.com/grafana/pyroscope-go v1.2.7/go.mod h1:o/bpSLiJYYP6HQtvcoVKiE9s5RiNgjYTj1DhiddP2Pc= github.com/grafana/pyroscope-go/godeltaprof v0.1.9 h1:c1Us8i6eSmkW+Ez05d3co8kasnuOY813tbMN8i/a3Og= github.com/grafana/pyroscope-go/godeltaprof v0.1.9/go.mod h1:2+l7K7twW49Ct4wFluZD3tZ6e0SjanjcUUBPVD/UuGU= +github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc h1:GN2Lv3MGO7AS6PrRoT6yV5+wkrOpcszoIsO4+4ds248= +github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc/go.mod h1:+JKpmjMGhpgPL+rXZ5nsZieVzvarn86asRlBg4uNGnk= github.com/graph-gophers/graphql-go v1.5.0 h1:fDqblo50TEpD0LY7RXk/LFVYEVqo3+tXMNMPSVXA1yc= github.com/graph-gophers/graphql-go v1.5.0/go.mod h1:YtmJZDLbF1YYNrlNAuiO5zAStUWc3XZT07iGsVqe1Os= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= -github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.2.0 h1:kQ0NI7W1B3HwiN5gAYtY+XFItDPbLBwYRxAqbFTyDes= -github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.2.0/go.mod h1:zrT2dxOAjNFPRGjTUe2Xmb4q4YdUwVvQFV6xiCSf+z0= +github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3 h1:B+8ClL/kCQkRiU82d9xajRPKYMrB7E0MbtzWVi1K4ns= +github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3/go.mod h1:NbCUVmiS4foBGBHOYlCT25+YmGpJ32dZPi75pGEUpj4= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 h1:JYghRBlGCZyCF2wNUJ8W0cwaQdtpcssJ4CgC406g+WU= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99/go.mod h1:3bDW6wMZJB7tiONtC/1Xpicra6Wp5GgbTbQWCbI5fkc= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= @@ -939,8 +920,8 @@ github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= -github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= +github.com/hashicorp/hcl v1.0.1-vault-7 h1:ag5OxFVy3QYTFTJODRzTKVZ6xvdfLLCA1cy/Y6xGI0I= +github.com/hashicorp/hcl v1.0.1-vault-7/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY= github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= @@ -948,8 +929,8 @@ github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOn github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= -github.com/hashicorp/vault/api v1.16.0 h1:nbEYGJiAPGzT9U4oWgaaB0g+Rj8E59QuHKyA5LhwQN4= -github.com/hashicorp/vault/api v1.16.0/go.mod h1:KhuUhzOD8lDSk29AtzNjgAu2kxRA9jL9NAbkFlqvkBA= +github.com/hashicorp/vault/api v1.22.0 h1:+HYFquE35/B74fHoIeXlZIP2YADVboaPjaSicHEZiH0= +github.com/hashicorp/vault/api v1.22.0/go.mod h1:IUZA2cDvr4Ok3+NtK2Oq/r+lJeXkeCrHRmqdyWfpmGM= github.com/heimdalr/dag v1.5.0 h1:hqVtijvY776P5OKP3QbdVBRt3Xxq6BYopz3XgklsGvo= github.com/heimdalr/dag v1.5.0/go.mod h1:lthekrHl01dddmzqyBQ1YZbi7XcVGGzjFo0jIky5knc= github.com/helm/helm-mapkubeapis v0.6.1 h1:GDEEe8ol1MiSs4a9TD8LzBb+ftkC+V7M67gkxx7UmAE= @@ -962,8 +943,8 @@ github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/in-toto/attestation v1.1.1 h1:QD3d+oATQ0dFsWoNh5oT0udQ3tUrOsZZ0Fc3tSgWbzI= -github.com/in-toto/attestation v1.1.1/go.mod h1:Dcq1zVwA2V7Qin8I7rgOi+i837wEf/mOZwRm047Sjys= +github.com/in-toto/attestation v1.1.2 h1:MBFn6lsMq6dptQZJBhalXTcWMb/aJy3V+GX3VYj/V1E= +github.com/in-toto/attestation v1.1.2/go.mod h1:gYFddHMZj3DiQ0b62ltNi1Vj5rC879bTmBbrv9CRHpM= github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU= github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= @@ -1072,8 +1053,8 @@ github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46 h1:veS9QfglfvqAw github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= -github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= +github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co= +github.com/klauspost/compress v1.18.1/go.mod h1:ZQFFVG+MdnR0P+l6wpXgIL4NTtwiKIdBnrBd8Nrxr+0= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= @@ -1103,8 +1084,8 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= -github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= -github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk= +github.com/letsencrypt/boulder v0.20251110.0 h1:J8MnKICeilO91dyQ2n5eBbab24neHzUpYMUIOdOtbjc= +github.com/letsencrypt/boulder v0.20251110.0/go.mod h1:ogKCJQwll82m7OVHWyTuf8eeFCjuzdRQlgnZcCl0V+8= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -1171,8 +1152,8 @@ github.com/microcosm-cc/bluemonday v1.0.23/go.mod h1:mN70sk7UkkF8TUr2IGBpNN0jAgS github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= -github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= -github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= +github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs= +github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -1211,8 +1192,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/mozillazg/docker-credential-acr-helper v0.4.0 h1:Uoh3Z9CcpEDnLiozDx+D7oDgRq7X+R296vAqAumnOcw= @@ -1227,6 +1209,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/natefinch/atomic v1.0.1 h1:ZPYKxkqQOx3KZ+RsbnP/YsgvxWQPGxjC0oBt2AhwV0A= +github.com/natefinch/atomic v1.0.1/go.mod h1:N/D/ELrljoqDyT3rZrsUmtsuzvHkeB/wWjHV22AZRbM= github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4= github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= @@ -1243,8 +1227,6 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/oleiade/reflections v1.1.0 h1:D+I/UsXQB4esMathlt0kkZRJZdUDmhv5zGi/HOwYTWo= -github.com/oleiade/reflections v1.1.0/go.mod h1:mCxx0QseeVCHs5Um5HhJeCKVC7AwS8kO67tky4rdisA= github.com/olekukonko/errors v1.1.0 h1:RNuGIh15QdDenh+hNvKrJkmxxjV4hcS50Db478Ou5sM= github.com/olekukonko/errors v1.1.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y= github.com/olekukonko/ll v0.0.9 h1:Y+1YqDfVkqMWuEQMclsF9HUR5+a82+dxJuL1HHSRpxI= @@ -1271,8 +1253,6 @@ github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9 github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/open-policy-agent/opa v1.5.1 h1:LTxxBJusMVjfs67W4FoRcnMfXADIGFMzpqnfk6D08Cg= -github.com/open-policy-agent/opa v1.5.1/go.mod h1:bYbS7u+uhTI+cxHQIpzvr5hxX0hV7urWtY+38ZtjMgk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -1285,15 +1265,14 @@ github.com/openshift-online/ocm-api-model/model v0.0.433 h1:kLAZzm/J9SY1GzfNp8bl github.com/openshift-online/ocm-api-model/model v0.0.433/go.mod h1:PQIoq6P8Vlb7goOdRMLK8nJY+B7HH0RTqYAa4kyidTE= github.com/openshift-online/ocm-sdk-go v0.1.478 h1:sBf4M0koRWJQzV5oxInJz1Dr9ZHyDJbuDLBSyvLLpTI= github.com/openshift-online/ocm-sdk-go v0.1.478/go.mod h1:AR2HZJDdUIOEiOo/5Kgb2KM8SgDc5O+cwMMn7qY2qfk= -github.com/openshift/api v0.0.0-20250320115527-3aa9dd5b9002 h1:AP8WxjiCyGlyhRlDG83cuk789Gy96IdYNuTO/sAMwl0= -github.com/openshift/api v0.0.0-20250320115527-3aa9dd5b9002/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw= -github.com/openshift/client-go v0.0.0-20250324153519-f0faeb0f2f2e h1:OfOI0eTTUdwqaUHgm0YsinRYtOj4OGO+ioauVNPuDeQ= -github.com/openshift/client-go v0.0.0-20250324153519-f0faeb0f2f2e/go.mod h1:MWRA5YlclrxlrDIOni+AaeOrHchTslLvLTs9pIWuCiw= +github.com/openshift/api v0.0.0-20251015095338-264e80a2b6e7 h1:Ot2fbEEPmF3WlPQkyEW/bUCV38GMugH/UmZvxpWceNc= +github.com/openshift/api v0.0.0-20251015095338-264e80a2b6e7/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY= +github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 h1:9JBeIXmnHlpXTQPi7LPmu1jdxznBhAE7bb1K+3D8gxY= +github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235/go.mod h1:L49W6pfrZkfOE5iC1PqEkuLkXG4W0BX4w8b+L2Bv7fM= github.com/openshift/custom-resource-status v1.1.2 h1:C3DL44LEbvlbItfd8mT5jWrqPfHnSOQoQf/sypqA6A4= github.com/openshift/custom-resource-status v1.1.2/go.mod h1:DB/Mf2oTeiAmVVX1gN+NEqweonAPY0TKUwADizj8+ZA= github.com/openshift/runtime-utils v0.0.0-20230921210328-7bdb5b9c177b h1:oXzC1N6E9gw76/WH2gEA8GEHvuq09wuVQ9GoCuR8GF4= github.com/openshift/runtime-utils v0.0.0-20230921210328-7bdb5b9c177b/go.mod h1:l9/qeKZuAmYUMl0yicJlbkPGDsIycGhwxOvOAWyaP0E= -github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/operator-framework/operator-lib v0.17.0 h1:cbz51wZ9+GpWR1ZYP4CSKSSBxDlWxmmnseaHVZZjZt4= github.com/operator-framework/operator-lib v0.17.0/go.mod h1:TGopBxIE8L6E/Cojzo26R3NFp1eNlqhQNmzqhOblaLw= @@ -1304,8 +1283,6 @@ github.com/package-url/packageurl-go v0.1.3 h1:4juMED3hHiz0set3Vq3KeQ75KD1avthoX github.com/package-url/packageurl-go v0.1.3/go.mod h1:nKAWB8E6uk1MHqiS/lQb9pYBGH2+mdJ2PJc2s50dQY0= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw= -github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -1357,17 +1334,17 @@ github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7q github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/common v0.67.1 h1:OTSON1P4DNxzTg4hmKCc37o4ZAZDv0cfXLkOt0oEowI= -github.com/prometheus/common v0.67.1/go.mod h1:RpmT9v35q2Y+lsieQsdOh5sXZ6ajUGC8NjZAmr8vb0Q= +github.com/prometheus/common v0.67.4 h1:yR3NqWO1/UyO1w2PhUvXlGQs/PtFmoveVO0KZ4+Lvsc= +github.com/prometheus/common v0.67.4/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI= +github.com/prometheus/otlptranslator v0.0.2 h1:+1CdeLVrRQ6Psmhnobldo0kTp96Rj80DRXRd5OSnMEQ= +github.com/prometheus/otlptranslator v0.0.2/go.mod h1:P8AwMgdD7XEr6QRUJ2QWLpiAZTgTE2UYgjlu3svompI= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= -github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= -github.com/protocolbuffers/txtpbfmt v0.0.0-20241112170944-20d2c9ebc01d h1:HWfigq7lB31IeJL8iy7jkUmU/PG1Sr8jVGhS749dbUA= -github.com/protocolbuffers/txtpbfmt v0.0.0-20241112170944-20d2c9ebc01d/go.mod h1:jgxiZysxFPM+iWKwQwPR+y+Jvo54ARd4EisXxKYpB5c= +github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0= +github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw= github.com/quay/claircore v1.5.44 h1:brG93+ZvX4IZJtFLBTB/p8mTtKSvX7knzgfTkBoME0Y= github.com/quay/claircore v1.5.44/go.mod h1:iOpZqd2tErng1hTypZy0pBWP8xFT3Iwj1Rr/iiWL4Sg= github.com/quay/claircore/toolkit v1.0.0/go.mod h1:3ELtgf92x7o1JCTSKVOAqhcnCTXc4s5qiGaEDx62i20= @@ -1379,14 +1356,12 @@ github.com/quay/goval-parser v0.8.8 h1:Uf+f9iF2GIR5GPUY2pGoa9il2+4cdES44ZlM0mWm4 github.com/quay/goval-parser v0.8.8/go.mod h1:Y0NTNfPYOC7yxsYKzJOrscTWUPq1+QbtHw4XpPXWPMc= github.com/quay/zlog v1.1.9 h1:O9/vfCUcGGUs0ukqQ77xPCJBPqpZBJ00jt7IUMsRco8= github.com/quay/zlog v1.1.9/go.mod h1:O7OCW9oe7igrswhjKlyOvTo2+6FPsV7L0/owWEX6JHE= -github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= -github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho= -github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U= -github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc= -github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ= -github.com/redis/go-redis/v9 v9.12.1 h1:k5iquqv27aBtnTm2tIkROUDp8JBXhXZIVu1InSgvovg= -github.com/redis/go-redis/v9 v9.12.1/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw= +github.com/redis/go-redis/extra/rediscmd/v9 v9.5.3 h1:1/BDligzCa40GTllkDnY3Y5DTHuKCONbB2JcRyIfl20= +github.com/redis/go-redis/extra/rediscmd/v9 v9.5.3/go.mod h1:3dZmcLn3Qw6FLlWASn1g4y+YO9ycEFUOM+bhBmzLVKQ= +github.com/redis/go-redis/extra/redisotel/v9 v9.5.3 h1:kuvuJL/+MZIEdvtb/kTBRiRgYaOmx1l+lYJyVdrRUOs= +github.com/redis/go-redis/extra/redisotel/v9 v9.5.3/go.mod h1:7f/FMrf5RRRVHXgfk7CzSVzXHiWeuOQUu2bsVqWoa+g= +github.com/redis/go-redis/v9 v9.14.1 h1:nDCrEiJmfOWhD76xlaw+HXT0c9hfNWeXgl0vIRYSDvQ= +github.com/redis/go-redis/v9 v9.14.1/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw= github.com/remind101/migrate v0.0.0-20170729031349-52c1edff7319 h1:ukjThsA2ou7AmovpwtMVkNQSuoN/v5U16+JomTz3c7o= github.com/remind101/migrate v0.0.0-20170729031349-52c1edff7319/go.mod h1:rhSvwcijY9wfmrBYrfCvapX8/xOTV46NAUjBRgUyJqc= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= @@ -1433,8 +1408,6 @@ github.com/segmentio/analytics-go/v3 v3.3.0 h1:8VOMaVGBW03pdBrj1CMFfY9o/rnjJC+1w github.com/segmentio/analytics-go/v3 v3.3.0/go.mod h1:p8owAF8X+5o27jmvUognuXxdtqvSGtD0ZrfY2kcS9bE= github.com/segmentio/backo-go v1.0.1 h1:68RQccglxZeyURy93ASB/2kc9QudzgIDexJ927N++y4= github.com/segmentio/backo-go v1.0.1/go.mod h1:9/Rh6yILuLysoQnZ2oNooD2g7aBnvM7r/fNVxRNWfBc= -github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= -github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= @@ -1444,36 +1417,38 @@ github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9Nz github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= -github.com/sigstore/cosign/v2 v2.5.2 h1:i5Dw7M7W9OcWgyiknJB8vNx/07KweninBDxRoHPxqHE= -github.com/sigstore/cosign/v2 v2.5.2/go.mod h1:CYlcgkPQJZ5pvWlbl7mOfO/Q1S1N7r4tpdYCtFwhXco= -github.com/sigstore/fulcio v1.7.1 h1:RcoW20Nz49IGeZyu3y9QYhyyV3ZKQ85T+FXPKkvE+aQ= -github.com/sigstore/fulcio v1.7.1/go.mod h1:7lYY+hsd8Dt+IvKQRC+KEhWpCZ/GlmNvwIa5JhypMS8= +github.com/sigstore/cosign/v3 v3.0.3 h1:IknuTUYM+tZ/ToghM7mvg9V0O31NG3rev97u1IJIuYA= +github.com/sigstore/cosign/v3 v3.0.3/go.mod h1:poeQqwvpDNIDyim7a2ljUhonVKpCys+fx3SY0Lkmi/4= +github.com/sigstore/fulcio v1.8.3 h1:zkuAkRHbD53hhYGlBHHeAW4NRDrrTiDHumAbcfSyyFw= +github.com/sigstore/fulcio v1.8.3/go.mod h1:YxP7TTdn9H5Gg+dXOsu61X36LLYxT2ZuvODhWelMNwA= github.com/sigstore/protobuf-specs v0.5.0 h1:F8YTI65xOHw70NrvPwJ5PhAzsvTnuJMGLkA4FIkofAY= github.com/sigstore/protobuf-specs v0.5.0/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= -github.com/sigstore/rekor v1.4.2 h1:Lx2xby7loviFYdg2C9pB1mESk2QU/LqcYSGsqqZwmg8= -github.com/sigstore/rekor v1.4.2/go.mod h1:nX/OYaLqpTeCOuMEt7ELE0+5cVjZWFnFKM+cZ+3hQRA= -github.com/sigstore/sigstore v1.9.5 h1:Wm1LT9yF4LhQdEMy5A2JeGRHTrAWGjT3ubE5JUSrGVU= -github.com/sigstore/sigstore v1.9.5/go.mod h1:VtxgvGqCmEZN9X2zhFSOkfXxvKUjpy8RpUW39oCtoII= -github.com/sigstore/sigstore-go v1.0.0 h1:4N07S2zLxf09nTRwaPKyAxbKzpM8WJYUS8lWWaYxneU= -github.com/sigstore/sigstore-go v1.0.0/go.mod h1:UYsZ/XHE4eltv1o1Lu+n6poW1Z5to3f0+emvfXNxIN8= -github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.5 h1:qp2VFyKuFQvTGmZwk5Q7m5nE4NwnF9tHwkyz0gtWAck= -github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.5/go.mod h1:DKlQjjr+GsWljEYPycI0Sf8URLCk4EbGA9qYjF47j4g= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.5 h1:CRZcdYn5AOptStsLRAAACudAVmb1qUbhMlzrvm7ju3o= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.5/go.mod h1:b9rFfITq2fp1M3oJmq6lFFhSrAz5vOEJH1qzbMsZWN4= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.6-0.20250729224751-181c5d3339b3 h1:a7Yz8C0aBa/LjeiTa9ZLYi9B74GNhFRnUIUdvN6ddVk= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.6-0.20250729224751-181c5d3339b3/go.mod h1:tRtJzSZ48MXJV9bmS8pkb3mP36PCad/Cs+BmVJ3Z4O4= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.5 h1:S2ukEfN1orLKw2wEQIUHDDlzk0YcylhcheeZ5TGk8LI= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.5/go.mod h1:m7sQxVJmDa+rsmS1m6biQxaLX83pzNS7ThUEyjOqkCU= -github.com/sigstore/timestamp-authority v1.2.8 h1:BEV3fkphwU4zBp3allFAhCqQb99HkiyCXB853RIwuEE= -github.com/sigstore/timestamp-authority v1.2.8/go.mod h1:G2/0hAZmLPnevEwT1S9IvtNHUm9Ktzvso6xuRhl94ZY= +github.com/sigstore/rekor v1.4.3 h1:2+aw4Gbgumv8vYM/QVg6b+hvr4x4Cukur8stJrVPKU0= +github.com/sigstore/rekor v1.4.3/go.mod h1:o0zgY087Q21YwohVvGwV9vK1/tliat5mfnPiVI3i75o= +github.com/sigstore/rekor-tiles/v2 v2.0.1 h1:1Wfz15oSRNGF5Dzb0lWn5W8+lfO50ork4PGIfEKjZeo= +github.com/sigstore/rekor-tiles/v2 v2.0.1/go.mod h1:Pjsbhzj5hc3MKY8FfVTYHBUHQEnP0ozC4huatu4x7OU= +github.com/sigstore/sigstore v1.10.0 h1:lQrmdzqlR8p9SCfWIpFoGUqdXEzJSZT2X+lTXOMPaQI= +github.com/sigstore/sigstore v1.10.0/go.mod h1:Ygq+L/y9Bm3YnjpJTlQrOk/gXyrjkpn3/AEJpmk1n9Y= +github.com/sigstore/sigstore-go v1.1.4-0.20251201121426-2cdedea80894 h1:K8hnZhun6XacjxAdCdxkowSi7+FpmfYnAcMhTXZQyPg= +github.com/sigstore/sigstore-go v1.1.4-0.20251201121426-2cdedea80894/go.mod h1:uuR+Edo6P+iwi0HKscycUm8mxXL748nAureqSg6jFLA= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.0 h1:UOHpiyezCj5RuixgIvCV3QyuxIGQT+N6nGZEXA7OTTY= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.0/go.mod h1:U0CZmA2psabDa8DdiV7yXab0AHODzfKqvD2isH7Hrvw= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.10.0 h1:fq4+8Y4YadxeF8mzhoMRPZ1mVvDYXmI3BfS0vlkPT7M= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.10.0/go.mod h1:u05nqPWY05lmcdHhv2lPaWTH3FGUhJzO7iW2hbboK3Q= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.10.0 h1:iUEf5MZYOuXGnXxdF/WrarJrk0DTVHqeIOjYdtpVXtc= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.10.0/go.mod h1:i6vg5JfEQix46R1rhQlrKmUtJoeH91drltyYOJEk1T4= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.10.0 h1:dUvPv/MP23ZPIXZUW45kvCIgC0ZRfYxEof57AB6bAtU= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.10.0/go.mod h1:fR/gDdPvJWGWL70/NgBBIL1O0/3Wma6JHs3tSSYg3s4= +github.com/sigstore/timestamp-authority/v2 v2.0.3 h1:sRyYNtdED/ttLCMdaYnwpf0zre1A9chvjTnCmWWxN8Y= +github.com/sigstore/timestamp-authority/v2 v2.0.3/go.mod h1:mDaHxkt3HmZYoIlwYj4QWo0RUr7VjYU52aVO5f5Qb3I= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af h1:Sp5TG9f7K39yfB+If0vjp97vuT74F72r8hfRpP8jLU0= +github.com/sirupsen/logrus v1.9.4-0.20230606125235-dd1b4c2e81af/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY= github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA= @@ -1496,8 +1471,8 @@ github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY= github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo= github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4= -github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= -github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -1506,8 +1481,8 @@ github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3A github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM= github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU= github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY= -github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE= -github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g= +github.com/spiffe/go-spiffe/v2 v2.6.0 h1:l+DolpxNWYgruGQVV0xsfeya3CsC7m8iBzDnMpsbLuo= +github.com/spiffe/go-spiffe/v2 v2.6.0/go.mod h1:gm2SeUoMZEtpnzPNs2Csc0D/gX33k1xIx7lEzqblHEs= github.com/stackrox/docker-registry-client v0.2.0 h1:91TLimNkFgdwO9QF8rUC57DoLGiTAgDKm2KhLI2xkLU= github.com/stackrox/docker-registry-client v0.2.0/go.mod h1:4TU+pA11iczIvhtL0own2OJcJXc1o26tBHDivaXhlZU= github.com/stackrox/dotnet-scraper v0.0.0-20201023051640-72ef543323dd h1:vEjp7Q66zd4W72//Uk3uyVN50Mh/nFLbN9pb7CVK7mE= @@ -1541,8 +1516,8 @@ github.com/stackrox/yaml/v3 v3.0.0/go.mod h1:360StwOazy3cplMWHzBAA9y6InmKu/v7WB0 github.com/stackrox/zap v1.18.2-0.20240314134248-5f932edd0404 h1:j2qhsZjUBpN4yaqEGkNrATdw3fE3vgMrVOhd44cUJDY= github.com/stackrox/zap v1.18.2-0.20240314134248-5f932edd0404/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= -github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= -github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= +github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs= +github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= @@ -1563,6 +1538,7 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= @@ -1570,14 +1546,12 @@ github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs= github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48= -github.com/tchap/go-patricia/v2 v2.3.3 h1:xfNEsODumaEcCcY3gI0hYPZ/PcpVv5ju6RMAhgwZDDc= -github.com/tchap/go-patricia/v2 v2.3.3/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gtvVDbmPg= github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= -github.com/theupdateframework/go-tuf/v2 v2.1.1 h1:OWcoHItwsGO+7m0wLa7FDWPR4oB1cj0zOr1kosE4G+I= -github.com/theupdateframework/go-tuf/v2 v2.1.1/go.mod h1:V675cQGhZONR0OGQ8r1feO0uwtsTBYPDWHzAAPn5rjE= +github.com/theupdateframework/go-tuf/v2 v2.3.0 h1:gt3X8xT8qu/HT4w+n1jgv+p7koi5ad8XEkLXXZqG9AA= +github.com/theupdateframework/go-tuf/v2 v2.3.0/go.mod h1:xW8yNvgXRncmovMLvBxKwrKpsOwJZu/8x+aB0KtFcdw= github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY= github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= @@ -1593,8 +1567,8 @@ github.com/tink-crypto/tink-go-gcpkms/v2 v2.2.0 h1:3B9i6XBXNTRspfkTC0asN5W0K6GhO github.com/tink-crypto/tink-go-gcpkms/v2 v2.2.0/go.mod h1:jY5YN2BqD/KSCHM9SqZPIpJNG/u3zwfLXHgws4x2IRw= github.com/tink-crypto/tink-go-hcvault/v2 v2.3.0 h1:6nAX1aRGnkg2SEUMwO5toB2tQkP0Jd6cbmZ/K5Le1V0= github.com/tink-crypto/tink-go-hcvault/v2 v2.3.0/go.mod h1:HOC5NWW1wBI2Vke1FGcRBvDATkEYE7AUDiYbXqi2sBw= -github.com/tink-crypto/tink-go/v2 v2.4.0 h1:8VPZeZI4EeZ8P/vB6SIkhlStrJfivTJn+cQ4dtyHNh0= -github.com/tink-crypto/tink-go/v2 v2.4.0/go.mod h1:l//evrF2Y3MjdbpNDNGnKgCpo5zSmvUvnQ4MU+yE2sw= +github.com/tink-crypto/tink-go/v2 v2.5.0 h1:B8KLF6AofxdBIE4UJIaFbmoj5/1ehEtt7/MmzfI4Zpw= +github.com/tink-crypto/tink-go/v2 v2.5.0/go.mod h1:2WbBA6pfNsAfBwDCggboaHeB2X29wkU8XHtGwh2YIk8= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= @@ -1602,6 +1576,8 @@ github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= github.com/tkuchiki/go-timezone v0.2.3 h1:D3TVdIPrFsu9lxGxqNX2wsZwn1MZtTqTW0mdevMozHc= github.com/tkuchiki/go-timezone v0.2.3/go.mod h1:oFweWxYl35C/s7HMVZXiA19Jr9Y0qJHMaG/J2TES4LY= +github.com/transparency-dev/formats v0.0.0-20251017110053-404c0d5b696c h1:5a2XDQ2LiAUV+/RjckMyq9sXudfrPSuCY4FuPC1NyAw= +github.com/transparency-dev/formats v0.0.0-20251017110053-404c0d5b696c/go.mod h1:g85IafeFJZLxlzZCDRu4JLpfS7HKzR+Hw9qRh3bVzDI= github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= github.com/travelaudience/go-promhttp v1.0.1 h1:Z7+n8yg4cx72TDS1xeRMZLxmVrVuWgiYVhG/hHD2lV0= @@ -1613,34 +1589,26 @@ github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oW github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY= github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo= -github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= +github.com/vbatts/tar-split v0.12.2 h1:w/Y6tjxpeiFMR47yzZPlPj/FcPLpXbTUi/9H7d3CPa4= +github.com/vbatts/tar-split v0.12.2/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= github.com/vbauerster/mpb/v4 v4.12.2 h1:TsBs1nWRYF0m8cUH13pxNhOUqY6yKcOr2PeSYxp2L3I= github.com/vbauerster/mpb/v4 v4.12.2/go.mod h1:LVRGvMch8T4HQO3eg2pFPsACH9kO/O6fT/7vhGje3QE= -github.com/vektah/gqlparser/v2 v2.5.26 h1:REqqFkO8+SOEgZHR/eHScjjVjGS8Nk3RMO/juiTobN4= -github.com/vektah/gqlparser/v2 v2.5.26/go.mod h1:D1/VCZtV3LPnQrcPBeR/q5jkSQIPti0uYCP/RI0gIeo= github.com/vladimirvivien/gexe v0.4.1 h1:W9gWkp8vSPjDoXDu04Yp4KljpVMaSt8IQuHswLDd5LY= github.com/vladimirvivien/gexe v0.4.1/go.mod h1:3gjgTqE2c0VyHnU5UOIwk7gyNzZDGulPb/DJPgcw64E= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= github.com/weppos/publicsuffix-go v0.13.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= -github.com/weppos/publicsuffix-go v0.30.2-0.20230730094716-a20f9abcc222/go.mod h1:s41lQh6dIsDWIC1OWh7ChWJXLH0zkJ9KHZVqA7vHyuQ= -github.com/weppos/publicsuffix-go v0.30.3-0.20240510084413-5f1d03393b3d h1:q80YKUcDWRNvvQcziH63e3ammTWARwrhohBCunHaYAg= -github.com/weppos/publicsuffix-go v0.30.3-0.20240510084413-5f1d03393b3d/go.mod h1:vLdXKydr/OJssAXmjY0XBgLXUfivBMrNRIBljgtqCnw= +github.com/weppos/publicsuffix-go v0.40.3-0.20250127173806-e489a31678ca/go.mod h1:43Dfyxu2dpmLg56at26Q4k9gwf3yWSUiwk8kGnwzULk= +github.com/weppos/publicsuffix-go v0.50.1-0.20250829105427-5340293a34a1 h1:e+uu4AaRkDK7dfU29WbMpf+jDS8TYmLw97dtNbSA4DE= +github.com/weppos/publicsuffix-go v0.50.1-0.20250829105427-5340293a34a1/go.mod h1:VXhClBYMlDrUsome4pOTpe68Ui0p6iQRAbyHQD1yKoU= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= -github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= -github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= github.com/ysmood/fetchup v0.2.3 h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ= github.com/ysmood/fetchup v0.2.3/go.mod h1:xhibcRKziSvol0H1/pj33dnKrYyI2ebIvz5cOOkYGns= github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ= @@ -1660,11 +1628,9 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zalando/go-keyring v0.2.3 h1:v9CUu9phlABObO4LPWycf+zwMG7nlbb3t/B5wa97yms= -github.com/zalando/go-keyring v0.2.3/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= +github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8ua9s= +github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI= github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= -github.com/zeebo/errs v1.4.0 h1:XNdoD/RRMKP7HD0UhJnIzUy74ISdGGxURlYG8HSWSfM= -github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= @@ -1672,20 +1638,20 @@ github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54t github.com/zmap/zcertificate v0.0.1/go.mod h1:q0dlN54Jm4NVSSuzisusQY0hqDWvu92C+TWveAxiVWk= github.com/zmap/zcrypto v0.0.0-20201128221613-3719af1573cf/go.mod h1:aPM7r+JOkfL+9qSB4KbYjtoEzJqUK50EXkkJabeNJDQ= github.com/zmap/zcrypto v0.0.0-20201211161100-e54a5822fb7e/go.mod h1:aPM7r+JOkfL+9qSB4KbYjtoEzJqUK50EXkkJabeNJDQ= -github.com/zmap/zcrypto v0.0.0-20231219022726-a1f61fb1661c h1:U1b4THKcgOpJ+kILupuznNwPiURtwVW3e9alJvji9+s= -github.com/zmap/zcrypto v0.0.0-20231219022726-a1f61fb1661c/go.mod h1:GSDpFDD4TASObxvfZfvpZZ3OWHIUHMlhVWlkOe4ewVk= +github.com/zmap/zcrypto v0.0.0-20250129210703-03c45d0bae98 h1:Qp98bmMm9JHPPOaLi2Nb6oWoZ+1OyOMWI7PPeJrirI0= +github.com/zmap/zcrypto v0.0.0-20250129210703-03c45d0bae98/go.mod h1:YTUyN/U1oJ7RzCEY5hUweYxbVUu7X+11wB7OXZT15oE= github.com/zmap/zlint/v3 v3.0.0/go.mod h1:paGwFySdHIBEMJ61YjoqT4h7Ge+fdYG4sUQhnTb1lJ8= -github.com/zmap/zlint/v3 v3.6.0 h1:vTEaDRtYN0d/1Ax60T+ypvbLQUHwHxbvYRnUMVr35ug= -github.com/zmap/zlint/v3 v3.6.0/go.mod h1:NVgiIWssgzp0bNl8P4Gz94NHV2ep/4Jyj9V69uTmZyg= -gitlab.com/gitlab-org/api/client-go v0.130.1 h1:1xF5C5Zq3sFeNg3PzS2z63oqrxifne3n/OnbI7nptRc= -gitlab.com/gitlab-org/api/client-go v0.130.1/go.mod h1:ZhSxLAWadqP6J9lMh40IAZOlOxBLPRh7yFOXR/bMJWM= +github.com/zmap/zlint/v3 v3.6.6 h1:tH7RJM9bDmh7IonlLEkFIkIn8XDYDYjehhUPgpLVqYA= +github.com/zmap/zlint/v3 v3.6.6/go.mod h1:6yXG+CBOQBRpMCOnpIVPUUL296m5HYksZC9bj5LZkwE= +gitlab.com/gitlab-org/api/client-go v0.160.0 h1:aMQzbcE8zFe0lR/J+a3zneEgH+/EBFs8rD8Chrr4Snw= +gitlab.com/gitlab-org/api/client-go v0.160.0/go.mod h1:ooCNtKB7OyP7GBa279+HrUS3eeJF6Yi6XABZZy7RTSk= go.etcd.io/bbolt v1.4.2 h1:IrUHp260R8c+zYx/Tm8QZr04CX+qWS5PGfPdevhdm1I= go.etcd.io/bbolt v1.4.2/go.mod h1:Is8rSHO/b4f3XigBC0lL0+4FwAQv3HXEEIgFMuKHceM= go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= -go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= -go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= +go.mongodb.org/mongo-driver v1.17.6 h1:87JUG1wZfWsr6rIz3ZmpH90rL5tea7O3IHuSwHUpsss= +go.mongodb.org/mongo-driver v1.17.6/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -1693,18 +1659,18 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 h1:UW0+QyeyBVhn+COBec3nGhfnFe5lwB0ic1JBVjzhk0w= go.opentelemetry.io/contrib/bridges/prometheus v0.57.0/go.mod h1:ppciCHRLsyCio54qbzQv0E4Jyth/fLWDTJYfvWpcSVk= -go.opentelemetry.io/contrib/detectors/gcp v1.36.0 h1:F7q2tNlCaHY9nMKHR6XH9/qkp8FktLnIcy6jJNyOCQw= -go.opentelemetry.io/contrib/detectors/gcp v1.36.0/go.mod h1:IbBN8uAIIx734PTonTPxAxnjc2pQTxWNkwfstZ+6H2k= +go.opentelemetry.io/contrib/detectors/gcp v1.38.0 h1:ZoYbqX7OaA/TAikspPl3ozPI6iY6LiIY9I8cUfm+pJs= +go.opentelemetry.io/contrib/detectors/gcp v1.38.0/go.mod h1:SU+iU7nu5ud4oCb3LQOhIZ3nRLj6FNVrKgtflbaf2ts= go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 h1:jmTVJ86dP60C01K3slFQa2NQ/Aoi7zA+wy7vMOKD9H4= go.opentelemetry.io/contrib/exporters/autoexport v0.57.0/go.mod h1:EJBheUMttD/lABFyLXhce47Wr6DPWYReCzaZiXadH7g= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 h1:YH4g8lQroajqUwWbq/tr2QX1JFmEXaDLgG+ew9bLMWo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0/go.mod h1:fvPi2qXDqFs8M4B4fmJhE92TyQs9Ydjlg3RvfUp+NbQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= go.opentelemetry.io/otel v1.6.3/go.mod h1:7BgNga5fNlF/iZjG06hM3yofffp0ofKCDwSXx1GC4dI= go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= @@ -1716,14 +1682,14 @@ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7Z go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0/go.mod h1:zjPK58DtkqQFn+YUMbx0M2XV3QgKU0gS9LeGohREyK4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 h1:m639+BofXTvcY1q8CGs4ItwQarYtJPOWmVobfM1HpVI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0/go.mod h1:LjReUci/F4BUyv+y4dwnq3h/26iNOeC3wAIqgvTIZVo= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 h1:lwI4Dc5leUqENgGuQImwLo4WnuXFPetmPpkLi2IrX54= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0/go.mod h1:Kz/oCE7z5wuyhPxsXDuaPteSWqjSBD5YaSdbxZYGbGk= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 h1:xJ2qHD0C1BeYVTLLR9sX12+Qb95kfeD/byKj6Ky1pXg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0/go.mod h1:u5BF1xyjstDowA1R5QAO9JHzqK+ublenEW/dyqTjBVk= -go.opentelemetry.io/otel/exporters/prometheus v0.54.0 h1:rFwzp68QMgtzu9PgP3jm9XaMICI6TsofWWPcBDKwlsU= -go.opentelemetry.io/otel/exporters/prometheus v0.54.0/go.mod h1:QyjcV9qDP6VeK5qPyKETvNjmaaEc7+gqjh4SS0ZYzDU= +go.opentelemetry.io/otel/exporters/prometheus v0.60.0 h1:cGtQxGvZbnrWdC2GyjZi0PDKVSLWP/Jocix3QWfXtbo= +go.opentelemetry.io/otel/exporters/prometheus v0.60.0/go.mod h1:hkd1EekxNo69PTV4OWFGZcKQiIqg0RfuWExcPKFvepk= go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0 h1:CHXNXwfKWfzS65yrlB2PVds1IBZcdsX8Vepy9of0iRU= go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.8.0/go.mod h1:zKU4zUgKiaRxrdovSS2amdM5gOc59slmo/zJwGX+YBg= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.36.0 h1:rixTyDGXFxRy1xzhKrotaHy3/KXdPhlWARrCgK+eqUY= @@ -1734,20 +1700,20 @@ go.opentelemetry.io/otel/log v0.8.0 h1:egZ8vV5atrUWUbnSsHn6vB8R21G2wrKqNiDt3iWer go.opentelemetry.io/otel/log v0.8.0/go.mod h1:M9qvDdUTRCopJcGRKg57+JSQ9LgLBrwwfC32epk5NX8= go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= +go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E= +go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg= go.opentelemetry.io/otel/sdk/log v0.8.0 h1:zg7GUYXqxk1jnGF/dTdLPrK06xJdrXgqgFLnI4Crxvs= go.opentelemetry.io/otel/sdk/log v0.8.0/go.mod h1:50iXr0UVwQrYS45KbruFrEt4LvAdCaWWgIrsN3ZQggo= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= +go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM= +go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA= go.opentelemetry.io/otel/trace v1.6.3/go.mod h1:GNJQusJlUgZl9/TQBPKU/Y/ty+0iVB5fjhKeJGZPGFs= go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE= go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4= -go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4= -go.step.sm/crypto v0.70.0 h1:Q9Ft7N637mucyZcHZd1+0VVQJVwDCKqcb9CYcYi7cds= -go.step.sm/crypto v0.70.0/go.mod h1:pzfUhS5/ue7ev64PLlEgXvhx1opwbhFCjkvlhsxVds0= +go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4= +go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE= +go.step.sm/crypto v0.74.0 h1:/APBEv45yYR4qQFg47HA8w1nesIGcxh44pGyQNw6JRA= +go.step.sm/crypto v0.74.0/go.mod h1:UoXqCAJjjRgzPte0Llaqen7O9P7XjPmgjgTHQGkKCDk= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -1796,16 +1762,16 @@ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= -golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= -golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= +golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= +golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1847,8 +1813,11 @@ golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= -golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= +golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1906,15 +1875,16 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= -golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1928,9 +1898,12 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= -golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2025,28 +1998,29 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= -golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= -golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= -golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= +golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= +golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2057,15 +2031,14 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= -golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -2141,8 +2114,10 @@ golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpd golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= -golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= +golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY= golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= @@ -2192,8 +2167,8 @@ google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdr google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU= google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw= -google.golang.org/api v0.252.0 h1:xfKJeAJaMwb8OC9fesr369rjciQ704AjU/psjkKURSI= -google.golang.org/api v0.252.0/go.mod h1:dnHOv81x5RAmumZ7BWLShB/u7JZNeyalImxHmtTHxqw= +google.golang.org/api v0.256.0 h1:u6Khm8+F9sxbCTYNoBHg6/Hwv0N/i+V94MvkOSor6oI= +google.golang.org/api v0.256.0/go.mod h1:KIgPhksXADEKJlnEoRa9qAII4rXcy40vfI8HRqcU964= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2265,12 +2240,12 @@ google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4= -google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= -google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4 h1:8XJ4pajGwOlasW+L13MnEGA8W4115jJySQtVfS2/IBU= -google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4/go.mod h1:NnuHhy+bxcg30o7FnVAZbXsPHUDQ9qKWAQKCD7VxFtk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 h1:CirRxTOwnRWVLKzDNrs0CXAaVozJoR4G9xvdRecrdpk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797/go.mod h1:HSkG/KdJWusxU1F6CNrwNDjBMgisKxGnc5dAZfT0mjQ= +google.golang.org/genproto v0.0.0-20250922171735-9219d122eba9 h1:LvZVVaPE0JSqL+ZWb6ErZfnEOKIqqFWUJE2D0fObSmc= +google.golang.org/genproto v0.0.0-20250922171735-9219d122eba9/go.mod h1:QFOrLhdAe2PsTp3vQY4quuLKTi9j3XG3r6JPPaw7MSc= +google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 h1:mepRgnBZa07I4TRuomDE4sTIYieg/osKmzIf4USdWS4= +google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8/go.mod h1:fDMmzKV90WSg1NbozdqrE64fkuTv6mlq2zxo9ad+3yo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 h1:tRPGkdGHuewF4UisLzzHHr1spKw92qLM98nIzxbC0wY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= @@ -2299,11 +2274,11 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= -google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= +google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM= +google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= -google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20 h1:MLBCGN1O7GzIx+cBiwfYPwtmZ41U3Mn/cotLJciaArI= -google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0= +google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6 h1:ExN12ndbJ608cboPYflpTny6mXSzPrDLh0iTaVrRrds= +google.golang.org/grpc/examples v0.0.0-20250407062114-b368379ef8f6/go.mod h1:6ytKWczdvnpnO+m+JiG9NjEDzR1FJfsnmJdG7B8QVZ8= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -2317,9 +2292,6 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -2367,30 +2339,30 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.3/go.mod h1:w258XdGyvCmnBj/vGzQMj6kzdufJZVUwEM1U2fRJwSQ= -k8s.io/api v0.33.5 h1:YR+uhYj05jdRpcksv8kjSliW+v9hwXxn6Cv10aR8Juw= -k8s.io/api v0.33.5/go.mod h1:2gzShdwXKT5yPGiqrTrn/U/nLZ7ZyT4WuAj3XGDVgVs= +k8s.io/api v0.34.2 h1:fsSUNZhV+bnL6Aqrp6O7lMTy6o5x2C4XLjnh//8SLYY= +k8s.io/api v0.34.2/go.mod h1:MMBPaWlED2a8w4RSeanD76f7opUoypY8TFYkSM+3XHw= k8s.io/apiextensions-apiserver v0.33.5 h1:93NZh6rmrcamX/tfv/dZrTsMiQX69ufANmDcKPEgSeA= k8s.io/apiextensions-apiserver v0.33.5/go.mod h1:JIbyQnNlu6nQa7b1vgFi51pmlXOk8mdn0WJwUJnz/7U= k8s.io/apimachinery v0.23.3/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.33.5 h1:NiT64hln4TQXeYR18/ES39OrNsjGz8NguxsBgp+6QIo= -k8s.io/apimachinery v0.33.5/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= +k8s.io/apimachinery v0.34.2 h1:zQ12Uk3eMHPxrsbUJgNF8bTauTVR2WgqJsTmwTE/NW4= +k8s.io/apimachinery v0.34.2/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= k8s.io/apiserver v0.33.5 h1:X1Gy33r4YkRLRqTjGjofk7X1/EjSLEVSJ/A+1qjoj60= k8s.io/apiserver v0.33.5/go.mod h1:Q+b5Btbc8x0PqOCeh/xBTesKk+cXQRN+PF2wdrTKDeg= k8s.io/cli-runtime v0.33.5 h1:wM7DoglOkrJDmddla864mVpueaEDX7/XGAkHGMWQkpc= k8s.io/cli-runtime v0.33.5/go.mod h1:ZmUR+ybq97SqxSkkqGQdIhzCfk/+ETUhwKQq5EguaCw= -k8s.io/client-go v0.33.5 h1:I8BdmQGxInpkMEnJvV6iG7dqzP3JRlpZZlib3OMFc3o= -k8s.io/client-go v0.33.5/go.mod h1:W8PQP4MxbM4ypgagVE65mUUqK1/ByQkSALF9tzuQ6u0= +k8s.io/client-go v0.34.2 h1:Co6XiknN+uUZqiddlfAjT68184/37PS4QAzYvQvDR8M= +k8s.io/client-go v0.34.2/go.mod h1:2VYDl1XXJsdcAxw7BenFslRQX28Dxz91U9MWKjX97fE= k8s.io/code-generator v0.23.3/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= -k8s.io/code-generator v0.33.5 h1:KwkOvhwAaorjSwF2MQhhdhL3i8bBmAal/TWhX67kdHw= -k8s.io/code-generator v0.33.5/go.mod h1:Ra+sdZquRakeTGcEnQAPw6BmlZ92IvxwQQTX/XOvOIE= +k8s.io/code-generator v0.34.1 h1:WpphT26E+j7tEgIUfFr5WfbJrktCGzB3JoJH9149xYc= +k8s.io/code-generator v0.34.1/go.mod h1:DeWjekbDnJWRwpw3s0Jat87c+e0TgkxoR4ar608yqvg= k8s.io/component-base v0.33.5 h1:4D3kxjEx1pJRy3WHAZsmX3+LCpmd4ftE+2J4v6naTnQ= k8s.io/component-base v0.33.5/go.mod h1:Zma1YjBVuuGxIbspj1vGR3/5blzo2ARf1v0QTtog1to= k8s.io/component-helpers v0.33.5 h1:1LDSMzn7YTreVLPaOBJK36ase/FWi2sDpeJJvbEBO2s= k8s.io/component-helpers v0.33.5/go.mod h1:C3HsDU2lANSLgTTgMJ0TFnG5xZrVrxR3Ss9n7Wrsw4s= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 h1:2OX19X59HxDprNCVrWi6jb7LW1PoqTlYqEq5H2oetog= -k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= +k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f h1:SLb+kxmzfA87x4E4brQzB33VBbT2+x7Zq9ROIHmGn9Q= +k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= @@ -2399,16 +2371,16 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= -k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911 h1:gAXU86Fmbr/ktY17lkHwSjw5aoThQvhnstGGIYKlKYc= -k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911/go.mod h1:GLOk5B+hDbRROvt0X2+hqX64v/zO3vXN7J78OUmBSKw= +k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= +k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= k8s.io/kubectl v0.33.5 h1:/wj5EjXXrVeSd8+FcZ2sIIP1PlQkq8HWsR9T1Nsl32c= k8s.io/kubectl v0.33.5/go.mod h1:YrBGE7U+nz7+UatG+aNDocIQtdTyqN528dwFCv6+Kuw= k8s.io/kubelet v0.32.9 h1:DVbYq6iPIQJ/oQSV+Ec4dCytMKy9D5he9Ra2/pVQRNw= k8s.io/kubelet v0.32.9/go.mod h1:ApPYUgb3RNG4IZrWEno5z2oQrP9K1Fh8HCDoUHLZ3CI= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= -k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= kubevirt.io/api v1.6.2 h1:aoqZ4KsbOyDjLnuDw7H9wEgE/YTd/q5BBmYeQjJNizc= kubevirt.io/api v1.6.2/go.mod h1:p66fEy/g79x7VpgUwrkUgOoG2lYs5LQq37WM6JXMwj4= kubevirt.io/containerized-data-importer-api v1.60.3-0.20241105012228-50fbed985de9 h1:KTb8wO1Lxj220DX7d2Rdo9xovvlyWWNo3AVm2ua+1nY= @@ -2463,15 +2435,14 @@ sigs.k8s.io/kustomize/kyaml v0.19.0 h1:RFge5qsO1uHhwJsu3ipV7RNolC7Uozc0jUBC/61XS sigs.k8s.io/kustomize/kyaml v0.19.0/go.mod h1:FeKD5jEOH+FbZPpqUghBP8mrLjJ3+zD3/rf9NNu1cwY= sigs.k8s.io/network-policy-api v0.1.5 h1:xyS7VAaM9EfyB428oFk7WjWaCK6B129i+ILUF4C8l6E= sigs.k8s.io/network-policy-api v0.1.5/go.mod h1:D7Nkr43VLNd7iYryemnj8qf0N/WjBzTZDxYA+g4u1/Y= -sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/release-utils v0.12.1 h1:3p9w137wBTTApHlL8izdJHcCuaBe8wZhQz+B0QIAaBE= -sigs.k8s.io/release-utils v0.12.1/go.mod h1:0z7JOb7iQcuDQcemQw5CSVrkH8evRHY0DMMjcyRB1e4= +sigs.k8s.io/release-utils v0.12.2 h1:H06v3FuLElAkf7Ikkd9ll8hnhdtQ+OgktJAni3iIAl8= +sigs.k8s.io/release-utils v0.12.2/go.mod h1:Ab9Lb/FpGUw4lUXj1QYbUcF2TRzll+GS7Md54W1G7sA= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc= -sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= +sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/image/postgres/konflux.Dockerfile b/image/postgres/konflux.Dockerfile index 51edb4f28e88a..5b8e86ea601eb 100644 --- a/image/postgres/konflux.Dockerfile +++ b/image/postgres/konflux.Dockerfile @@ -1,5 +1,5 @@ ARG PG_VERSION=15 -FROM registry.redhat.io/rhel8/postgresql-${PG_VERSION}:latest@sha256:b70af4767a5b34c4a67761aa28bee72b4f9cd1ce31245596640371f670d0dbba AS final +FROM registry.redhat.io/rhel8/postgresql-${PG_VERSION}:latest@sha256:f5ff8f1968b4c842da981e234efee065c66bc5208d93055c3135b536f421d432 AS final USER root @@ -14,7 +14,7 @@ LABEL \ io.k8s.display-name="central-db" \ io.openshift.tags="rhacs,central-db,stackrox" \ maintainer="Red Hat, Inc." \ - name="rhacs-central-db-rhel8" \ + name="advanced-cluster-security/rhacs-central-db-rhel8" \ # Custom Snapshot creation in `operator-bundle-pipeline` depends on source-location label to be set correctly. source-location="https://github.com/stackrox/stackrox" \ summary="Central DB for Red Hat Advanced Cluster Security for Kubernetes" \ diff --git a/image/rhel/konflux.Dockerfile b/image/rhel/konflux.Dockerfile index 274997aaadbba..57bcd355ba9fe 100644 --- a/image/rhel/konflux.Dockerfile +++ b/image/rhel/konflux.Dockerfile @@ -1,7 +1,7 @@ ARG PG_VERSION=15 -FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.24@sha256:beed4519c775d6123c11351048be29e6f93ab0adaea2c7d55977b445966f5b27 AS go-builder +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.25@sha256:527782f4a0270f786192281f68d0374f4a21b3ab759643eee4bfcafb6f539468 AS go-builder RUN dnf -y install --allowerasing jq @@ -37,7 +37,7 @@ RUN mkdir -p image/rhel/docs/api/v1 && \ RUN make copy-go-binaries-to-image-dir -FROM registry.access.redhat.com/ubi9/nodejs-20:latest@sha256:7cb51b71a6ef9004a86fbccbe55297bb365afd56c3be192bd97f2f8ffed426a1 AS ui-builder +FROM registry.access.redhat.com/ubi9/nodejs-20:latest@sha256:23aa2e84a94e5e11d2c716de12344bc6183b29f0fc0a440fde7b0f2ee3dc703c AS ui-builder WORKDIR /go/src/github.com/stackrox/rox/app @@ -59,7 +59,7 @@ ENV UI_PKG_INSTALL_EXTRA_ARGS="--ignore-scripts" RUN make -C ui build -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:43dde01be4e94afd22d8d95ee8abcc9f610b4e50aff5bcc141b558c74d4c68b5 +FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:9f5006710578c36da022efbc740b27821056d504d582e1aeb204a602d2e8e4ce ARG PG_VERSION @@ -98,7 +98,7 @@ LABEL \ io.k8s.display-name="main" \ io.openshift.tags="rhacs,main,stackrox" \ maintainer="Red Hat, Inc." \ - name="rhacs-main-rhel8" \ + name="advanced-cluster-security/rhacs-main-rhel8" \ # Custom Snapshot creation in `operator-bundle-pipeline` depends on source-location label to be set correctly. source-location="https://github.com/stackrox/stackrox" \ summary="Main Image for Red Hat Advanced Cluster Security for Kubernetes" \ diff --git a/image/roxctl/konflux.Dockerfile b/image/roxctl/konflux.Dockerfile index 6b651616f7c2d..f0094c364dd94 100644 --- a/image/roxctl/konflux.Dockerfile +++ b/image/roxctl/konflux.Dockerfile @@ -4,7 +4,7 @@ # - https://issues.redhat.com/browse/RHTAPBUGS-864 - deprecated-base-image-check behaves incorrectly. # - https://issues.redhat.com/browse/RHTAPBUGS-865 - openshift-golang-builder is not considered to be a valid base image. # -FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.24@sha256:beed4519c775d6123c11351048be29e6f93ab0adaea2c7d55977b445966f5b27 AS builder +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.25@sha256:527782f4a0270f786192281f68d0374f4a21b3ab759643eee4bfcafb6f539468 AS builder WORKDIR /go/src/github.com/stackrox/rox/app @@ -26,7 +26,7 @@ RUN RACE=0 CGO_ENABLED=1 GOOS=linux GOARCH=$(go env GOARCH) scripts/go-build.sh cp bin/linux_$(go env GOARCH)/roxctl image/bin/roxctl -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:43dde01be4e94afd22d8d95ee8abcc9f610b4e50aff5bcc141b558c74d4c68b5 +FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:9f5006710578c36da022efbc740b27821056d504d582e1aeb204a602d2e8e4ce COPY --from=builder /go/src/github.com/stackrox/rox/app/image/bin/roxctl /usr/bin/roxctl @@ -46,7 +46,7 @@ LABEL \ io.k8s.display-name="roxctl" \ io.openshift.tags="rhacs,roxctl,stackrox" \ maintainer="Red Hat, Inc." \ - name="rhacs-roxctl-rhel8" \ + name="advanced-cluster-security/rhacs-roxctl-rhel8" \ # Custom Snapshot creation in `operator-bundle-pipeline` depends on source-location label to be set correctly. source-location="https://github.com/stackrox/stackrox" \ summary="The CLI for Red Hat Advanced Cluster Security for Kubernetes" \ diff --git a/image/templates/helm/stackrox-central/internal/config.stackrox.io_securitypolicies.yaml b/image/templates/helm/stackrox-central/internal/config.stackrox.io_securitypolicies.yaml index 99c74ca97ddd2..27c4522eedda1 100644 --- a/image/templates/helm/stackrox-central/internal/config.stackrox.io_securitypolicies.yaml +++ b/image/templates/helm/stackrox-central/internal/config.stackrox.io_securitypolicies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.19.0 name: securitypolicies.config.stackrox.io spec: group: config.stackrox.io diff --git a/image/templates/helm/stackrox-secured-cluster/templates/_admission-controller-defaulting.tpl b/image/templates/helm/stackrox-secured-cluster/templates/_admission-controller-defaulting.tpl index 260989d105468..3486c66d31e5a 100644 --- a/image/templates/helm/stackrox-secured-cluster/templates/_admission-controller-defaulting.tpl +++ b/image/templates/helm/stackrox-secured-cluster/templates/_admission-controller-defaulting.tpl @@ -30,11 +30,12 @@ {{/* In this upgrade scenario we will defeault to enforce=false, but will upgrade to enforce=true if at least one of the old enforceOn* settings is enabled. */}} {{- $_ := set $admissionControl "enforce" false -}} - {{- if and $admissionControl.dynamic.enforceOnCreates (not $admissionControl.dynamic.enforceOnUpdates) -}} + {{- if $admissionControl.dynamic.enforceOnCreates -}} {{- $note := "Detected upgrade from pre-4.9: Admission Controller enforcement will be generally turned on, because enforceOnCreates is enabled." -}} {{- include "srox.warn" (list $ $note) -}} {{- $_ := set $admissionControl "enforce" true -}} - {{- else if and (not $admissionControl.dynamic.enforceOnCreates) $admissionControl.dynamic.enforceOnUpdates -}} + {{- end -}} + {{- if $admissionControl.dynamic.enforceOnUpdates -}} {{- $note := "Detected upgrade from pre-4.9: Admission Controller enforcement will be generally turned on, because enforceOnUpdates is enabled." -}} {{- include "srox.warn" (list $ $note) -}} {{- $_ := set $admissionControl "enforce" true -}} diff --git a/migrator/clone/postgres/db_clone_manager_impl.go b/migrator/clone/postgres/db_clone_manager_impl.go index ba419e308dcad..476bbde36b587 100644 --- a/migrator/clone/postgres/db_clone_manager_impl.go +++ b/migrator/clone/postgres/db_clone_manager_impl.go @@ -382,7 +382,7 @@ func (d *dbCloneManagerImpl) moveClones(previousClone, updatedClone string) erro defer conn.Release() // Start a transaction - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_168_to_m_169_postgres_remove_clustercve_permission/permissionsetpostgresstore/postgres_plugin.go b/migrator/migrations/m_168_to_m_169_postgres_remove_clustercve_permission/permissionsetpostgresstore/postgres_plugin.go index 76fbfb8ba31c7..c502dd630c54f 100644 --- a/migrator/migrations/m_168_to_m_169_postgres_remove_clustercve_permission/permissionsetpostgresstore/postgres_plugin.go +++ b/migrator/migrations/m_168_to_m_169_postgres_remove_clustercve_permission/permissionsetpostgresstore/postgres_plugin.go @@ -150,7 +150,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.PermissionSet } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_169_to_m_170_collections_sac_resource_migration/permissionsetpostgresstore/postgres_plugin.go b/migrator/migrations/m_169_to_m_170_collections_sac_resource_migration/permissionsetpostgresstore/postgres_plugin.go index b8a827c23dffb..95f00070f4ec0 100644 --- a/migrator/migrations/m_169_to_m_170_collections_sac_resource_migration/permissionsetpostgresstore/postgres_plugin.go +++ b/migrator/migrations/m_169_to_m_170_collections_sac_resource_migration/permissionsetpostgresstore/postgres_plugin.go @@ -149,7 +149,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.PermissionSet } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policycategoryedgepostgresstore/store.go b/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policycategoryedgepostgresstore/store.go index 5388c5d43e6c9..b1326bae76e04 100644 --- a/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policycategoryedgepostgresstore/store.go +++ b/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policycategoryedgepostgresstore/store.go @@ -152,7 +152,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.PolicyCategor } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policycategorypostgresstore/store.go b/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policycategorypostgresstore/store.go index 7add9a4063e4c..3e3ae4a08ed2f 100644 --- a/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policycategorypostgresstore/store.go +++ b/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policycategorypostgresstore/store.go @@ -195,7 +195,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.PolicyCategor } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policypostgresstore/store.go b/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policypostgresstore/store.go index ddd59645ce245..98436cbf45229 100644 --- a/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policypostgresstore/store.go +++ b/migrator/migrations/m_170_to_m_171_create_policy_categories_and_edges/policypostgresstore/store.go @@ -60,7 +60,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.Policy) error } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/accessScopePostgresStore/postgres_plugin.go b/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/accessScopePostgresStore/postgres_plugin.go index f1e9851cef8ad..8e31acf5bcf28 100644 --- a/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/accessScopePostgresStore/postgres_plugin.go +++ b/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/accessScopePostgresStore/postgres_plugin.go @@ -162,7 +162,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.SimpleAccessS } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/collectionPostgresStore/postgres_plugin.go b/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/collectionPostgresStore/postgres_plugin.go index 88e2e9baa88bf..c4c70fef99dc9 100644 --- a/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/collectionPostgresStore/postgres_plugin.go +++ b/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/collectionPostgresStore/postgres_plugin.go @@ -257,7 +257,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.ResourceColle } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/reportConfigurationPostgresStore/postgres_plugin.go b/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/reportConfigurationPostgresStore/postgres_plugin.go index ed5529fcef17f..2388d753fc7cb 100644 --- a/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/reportConfigurationPostgresStore/postgres_plugin.go +++ b/migrator/migrations/m_171_to_m_172_move_scope_to_collection_in_report_configurations/reportConfigurationPostgresStore/postgres_plugin.go @@ -169,7 +169,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.ReportConfigu } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_172_to_m_173_network_flows_partition/stores/previous/store.go b/migrator/migrations/m_172_to_m_173_network_flows_partition/stores/previous/store.go index ff60547e61bb4..e6fc92dc11320 100644 --- a/migrator/migrations/m_172_to_m_173_network_flows_partition/stores/previous/store.go +++ b/migrator/migrations/m_172_to_m_173_network_flows_partition/stores/previous/store.go @@ -205,7 +205,7 @@ func (s *flowStoreImpl) copyFrom(ctx context.Context, objs ...*storage.NetworkFl } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } @@ -230,7 +230,7 @@ func (s *flowStoreImpl) upsert(ctx context.Context, objs ...*storage.NetworkFlow defer release() // Moved the transaction outside the loop which greatly improved the performance of these individual inserts. - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_173_to_m_174_group_unique_constraint/stores/previous/postgres_plugin.go b/migrator/migrations/m_173_to_m_174_group_unique_constraint/stores/previous/postgres_plugin.go index 5b928cec9675e..99a6e41d08378 100644 --- a/migrator/migrations/m_173_to_m_174_group_unique_constraint/stores/previous/postgres_plugin.go +++ b/migrator/migrations/m_173_to_m_174_group_unique_constraint/stores/previous/postgres_plugin.go @@ -153,7 +153,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.Group) error } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_173_to_m_174_group_unique_constraint/stores/updated/postgres_plugin.go b/migrator/migrations/m_173_to_m_174_group_unique_constraint/stores/updated/postgres_plugin.go index 634e758c4f517..2ddea6ca0e401 100644 --- a/migrator/migrations/m_173_to_m_174_group_unique_constraint/stores/updated/postgres_plugin.go +++ b/migrator/migrations/m_173_to_m_174_group_unique_constraint/stores/updated/postgres_plugin.go @@ -176,7 +176,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.Group) error } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_174_to_m_175_enable_search_on_api_tokens/newapitokenpostgresstore/postgres_plugin.go b/migrator/migrations/m_174_to_m_175_enable_search_on_api_tokens/newapitokenpostgresstore/postgres_plugin.go index 2df8c288d4294..85488f988df9e 100644 --- a/migrator/migrations/m_174_to_m_175_enable_search_on_api_tokens/newapitokenpostgresstore/postgres_plugin.go +++ b/migrator/migrations/m_174_to_m_175_enable_search_on_api_tokens/newapitokenpostgresstore/postgres_plugin.go @@ -170,7 +170,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.TokenMetadata } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_174_to_m_175_enable_search_on_api_tokens/oldapitokenpostgresstore/postgres_plugin.go b/migrator/migrations/m_174_to_m_175_enable_search_on_api_tokens/oldapitokenpostgresstore/postgres_plugin.go index 4b8acd1628b5a..4956b6062a162 100644 --- a/migrator/migrations/m_174_to_m_175_enable_search_on_api_tokens/oldapitokenpostgresstore/postgres_plugin.go +++ b/migrator/migrations/m_174_to_m_175_enable_search_on_api_tokens/oldapitokenpostgresstore/postgres_plugin.go @@ -158,7 +158,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.TokenMetadata } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_175_to_m_176_create_notification_schedule_table/notificationschedulestore/postgres_plugin.go b/migrator/migrations/m_175_to_m_176_create_notification_schedule_table/notificationschedulestore/postgres_plugin.go index 84f4fcb505a89..c94af693f84f2 100644 --- a/migrator/migrations/m_175_to_m_176_create_notification_schedule_table/notificationschedulestore/postgres_plugin.go +++ b/migrator/migrations/m_175_to_m_176_create_notification_schedule_table/notificationschedulestore/postgres_plugin.go @@ -65,7 +65,7 @@ func (s *storeImpl) retryableUpsert(ctx context.Context, obj *storage.Notificati } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_176_to_m_177_network_baselines_cidr/networkbaselinestore/postgres_plugin.go b/migrator/migrations/m_176_to_m_177_network_baselines_cidr/networkbaselinestore/postgres_plugin.go index ad7653057700c..844943c3fa913 100644 --- a/migrator/migrations/m_176_to_m_177_network_baselines_cidr/networkbaselinestore/postgres_plugin.go +++ b/migrator/migrations/m_176_to_m_177_network_baselines_cidr/networkbaselinestore/postgres_plugin.go @@ -200,7 +200,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.NetworkBaseli } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_176_to_m_177_network_baselines_cidr/networkentitystore/postgres_plugin.go b/migrator/migrations/m_176_to_m_177_network_baselines_cidr/networkentitystore/postgres_plugin.go index b6849fa53df73..a887a04d2c21b 100644 --- a/migrator/migrations/m_176_to_m_177_network_baselines_cidr/networkentitystore/postgres_plugin.go +++ b/migrator/migrations/m_176_to_m_177_network_baselines_cidr/networkentitystore/postgres_plugin.go @@ -164,7 +164,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.NetworkEntity } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_177_to_m_178_group_permissions/permissionsetpostgresstore/postgres_plugin.go b/migrator/migrations/m_177_to_m_178_group_permissions/permissionsetpostgresstore/postgres_plugin.go index f35e115b5d58a..5cb2013a4ae1d 100644 --- a/migrator/migrations/m_177_to_m_178_group_permissions/permissionsetpostgresstore/postgres_plugin.go +++ b/migrator/migrations/m_177_to_m_178_group_permissions/permissionsetpostgresstore/postgres_plugin.go @@ -163,7 +163,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.PermissionSet } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_178_to_m_179_embedded_collections_search_label/reportconfigstore/postgres_plugin.go b/migrator/migrations/m_178_to_m_179_embedded_collections_search_label/reportconfigstore/postgres_plugin.go index 23a67b22decfe..3edd9b5d96737 100644 --- a/migrator/migrations/m_178_to_m_179_embedded_collections_search_label/reportconfigstore/postgres_plugin.go +++ b/migrator/migrations/m_178_to_m_179_embedded_collections_search_label/reportconfigstore/postgres_plugin.go @@ -174,7 +174,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.ReportConfigu } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_178_to_m_179_embedded_collections_search_label/test/postgres_plugin.go b/migrator/migrations/m_178_to_m_179_embedded_collections_search_label/test/postgres_plugin.go index 2908d312b74a2..94c30aa8bfb63 100644 --- a/migrator/migrations/m_178_to_m_179_embedded_collections_search_label/test/postgres_plugin.go +++ b/migrator/migrations/m_178_to_m_179_embedded_collections_search_label/test/postgres_plugin.go @@ -166,7 +166,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.ReportConfigu } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_179_to_m_180_openshift_policy_exclusions/postgres/store.go b/migrator/migrations/m_179_to_m_180_openshift_policy_exclusions/postgres/store.go index fa6f2319e01ec..0178ff4b4ea47 100644 --- a/migrator/migrations/m_179_to_m_180_openshift_policy_exclusions/postgres/store.go +++ b/migrator/migrations/m_179_to_m_180_openshift_policy_exclusions/postgres/store.go @@ -62,7 +62,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.Policy) error } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_181_to_m_182_group_role_permission_with_access_one/permissionsetstore/store.go b/migrator/migrations/m_181_to_m_182_group_role_permission_with_access_one/permissionsetstore/store.go index 0d174cc64c5b8..ca18257f30b3f 100644 --- a/migrator/migrations/m_181_to_m_182_group_role_permission_with_access_one/permissionsetstore/store.go +++ b/migrator/migrations/m_181_to_m_182_group_role_permission_with_access_one/permissionsetstore/store.go @@ -163,7 +163,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.PermissionSet } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/apitokenstore/postgres_plugin.go b/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/apitokenstore/postgres_plugin.go index 1df3f54137b5d..6c034be83e650 100644 --- a/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/apitokenstore/postgres_plugin.go +++ b/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/apitokenstore/postgres_plugin.go @@ -173,7 +173,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.TokenMetadata } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/groupstore/postgres_plugin.go b/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/groupstore/postgres_plugin.go index d9828e7a160cd..cd4002664d184 100644 --- a/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/groupstore/postgres_plugin.go +++ b/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/groupstore/postgres_plugin.go @@ -178,7 +178,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.Group) error } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/permissionsetstore/postgres_plugin.go b/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/permissionsetstore/postgres_plugin.go index a9278f457c062..72abb509ac988 100644 --- a/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/permissionsetstore/postgres_plugin.go +++ b/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/permissionsetstore/postgres_plugin.go @@ -165,7 +165,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.PermissionSet } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/rolestore/postgres_plugin.go b/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/rolestore/postgres_plugin.go index 718e580aa2324..3f71e5ca11749 100644 --- a/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/rolestore/postgres_plugin.go +++ b/migrator/migrations/m_182_to_m_183_remove_default_scope_manager_role/rolestore/postgres_plugin.go @@ -160,7 +160,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.Role) error { } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_184_to_m_185_remove_policy_vulnerability_report_resources/permissionsetstore/postgres_plugin.go b/migrator/migrations/m_184_to_m_185_remove_policy_vulnerability_report_resources/permissionsetstore/postgres_plugin.go index daa8e90d7b3a4..aeb03f960c4aa 100644 --- a/migrator/migrations/m_184_to_m_185_remove_policy_vulnerability_report_resources/permissionsetstore/postgres_plugin.go +++ b/migrator/migrations/m_184_to_m_185_remove_policy_vulnerability_report_resources/permissionsetstore/postgres_plugin.go @@ -164,7 +164,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.PermissionSet } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_185_to_m_186_more_policy_migrations/policypostgresstore/postgres_plugin.go b/migrator/migrations/m_185_to_m_186_more_policy_migrations/policypostgresstore/postgres_plugin.go index 4ad7323c78ca7..aec3a6418ea40 100644 --- a/migrator/migrations/m_185_to_m_186_more_policy_migrations/policypostgresstore/postgres_plugin.go +++ b/migrator/migrations/m_185_to_m_186_more_policy_migrations/policypostgresstore/postgres_plugin.go @@ -225,7 +225,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.Policy) error } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_209_to_m_210_add_updated_at_to_network_flows_v2/test/stores/previous/store.go b/migrator/migrations/m_209_to_m_210_add_updated_at_to_network_flows_v2/test/stores/previous/store.go index c12a969d4dedd..3a7c77c706a2f 100644 --- a/migrator/migrations/m_209_to_m_210_add_updated_at_to_network_flows_v2/test/stores/previous/store.go +++ b/migrator/migrations/m_209_to_m_210_add_updated_at_to_network_flows_v2/test/stores/previous/store.go @@ -251,7 +251,7 @@ func (s *flowStoreImpl) copyFrom(ctx context.Context, objs ...*storage.NetworkFl } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } @@ -276,7 +276,7 @@ func (s *flowStoreImpl) upsert(ctx context.Context, objs ...*storage.NetworkFlow defer release() // Moved the transaction outside the loop which greatly improved the performance of these individual inserts. - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } @@ -398,7 +398,7 @@ func (s *flowStoreImpl) removeDeploymentFlows(ctx context.Context, deleteStmt st ctx, cancel := context.WithTimeout(ctx, deleteTimeout) defer cancel() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } @@ -535,7 +535,7 @@ func (s *flowStoreImpl) delete(ctx context.Context, objs ...*storage.NetworkFlow defer release() // Moved the transaction outside the loop which greatly improved the performance of these individual inserts. - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_209_to_m_210_add_updated_at_to_network_flows_v2/test/stores/updated/store.go b/migrator/migrations/m_209_to_m_210_add_updated_at_to_network_flows_v2/test/stores/updated/store.go index 47fe72e9ea294..d670466f21c2a 100644 --- a/migrator/migrations/m_209_to_m_210_add_updated_at_to_network_flows_v2/test/stores/updated/store.go +++ b/migrator/migrations/m_209_to_m_210_add_updated_at_to_network_flows_v2/test/stores/updated/store.go @@ -254,7 +254,7 @@ func (s *flowStoreImpl) copyFrom(ctx context.Context, lastUpdateTS timestamp.Mic } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } @@ -279,7 +279,7 @@ func (s *flowStoreImpl) upsert(ctx context.Context, lastUpdateTS timestamp.Micro defer release() // Moved the transaction outside the loop which greatly improved the performance of these individual inserts. - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } @@ -409,7 +409,7 @@ func (s *flowStoreImpl) removeDeploymentFlows(ctx context.Context, deleteStmt st ctx, cancel := context.WithTimeout(ctx, deleteTimeout) defer cancel() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } @@ -546,7 +546,7 @@ func (s *flowStoreImpl) delete(ctx context.Context, objs ...*storage.NetworkFlow defer release() // Moved the transaction outside the loop which greatly improved the performance of these individual inserts. - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/migrator/migrations/m_212_to_m_213_add_container_start_column_to_indicators/migration_impl.go b/migrator/migrations/m_212_to_m_213_add_container_start_column_to_indicators/migration_impl.go index 9e2bb59e7eaa3..054ee19f698d3 100644 --- a/migrator/migrations/m_212_to_m_213_add_container_start_column_to_indicators/migration_impl.go +++ b/migrator/migrations/m_212_to_m_213_add_container_start_column_to_indicators/migration_impl.go @@ -26,8 +26,22 @@ func migrate(database *types.Databases) error { pgutils.CreateTableFromModel(database.DBCtx, db, updatedSchema.CreateTableProcessIndicatorsStmt) db = db.WithContext(database.DBCtx).Table(updatedSchema.ClustersTableName) + // Drop the indexes except the cluster one. + resultDB := db.Exec("DROP INDEX if exists processindicators_deploymentid") + if resultDB.Error != nil { + log.Error(errors.Wrap(resultDB.Error, "unable to drop index processindicators_deploymentid")) + } + resultDB = db.Exec("DROP INDEX if exists processindicators_poduid") + if resultDB.Error != nil { + log.Error(errors.Wrap(resultDB.Error, "unable to drop index processindicators_poduid")) + } + resultDB = db.Exec("DROP INDEX if exists processindicators_signal_time") + if resultDB.Error != nil { + log.Error(errors.Wrap(resultDB.Error, "unable to drop index processindicators_signal_time")) + } + var clusters []string - if err := db.Model(&updatedSchema.Clusters{}).Pluck("id", &clusters).Error; err != nil { + if err := db.Order("id").Model(&updatedSchema.Clusters{}).Pluck("id", &clusters).Error; err != nil { return err } log.Infof("clusters found: %v", clusters) @@ -40,6 +54,20 @@ func migrate(database *types.Databases) error { } } + // Add the indexes back + resultDB = db.Exec("CREATE INDEX CONCURRENTLY IF NOT EXISTS processindicators_deploymentid ON process_indicators USING HASH (deploymentid)") + if resultDB.Error != nil { + log.Error(errors.Wrap(resultDB.Error, "unable to create index processindicators_deploymentid")) + } + resultDB = db.Exec("CREATE INDEX CONCURRENTLY IF NOT EXISTS processindicators_poduid ON process_indicators USING HASH (poduid)") + if resultDB.Error != nil { + log.Error(errors.Wrap(resultDB.Error, "unable to create index processindicators_poduid")) + } + resultDB = db.Exec("CREATE INDEX CONCURRENTLY IF NOT EXISTS processindicators_signal_time ON process_indicators (signal_time)") + if resultDB.Error != nil { + log.Error(errors.Wrap(resultDB.Error, "unable to create index processindicators_signal_time")) + } + log.Info("Process Indicators migrated") return nil } diff --git a/migrator/migrations/policymigrationhelper/policypostgresstorefortest/postgres_policy_plugin.go b/migrator/migrations/policymigrationhelper/policypostgresstorefortest/postgres_policy_plugin.go index 17a7411cc4be0..e9afe84bf2212 100644 --- a/migrator/migrations/policymigrationhelper/policypostgresstorefortest/postgres_policy_plugin.go +++ b/migrator/migrations/policymigrationhelper/policypostgresstorefortest/postgres_policy_plugin.go @@ -221,7 +221,7 @@ func (s *storeImpl) copyFrom(ctx context.Context, objs ...*storage.Policy) error } defer release() - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return err } diff --git a/operator/Makefile b/operator/Makefile index 7427077afa08e..f15122dfef855 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -23,6 +23,9 @@ NAMESPACE ?= stackrox # To re-generate a bundle for other specific channels without changing the standard setup, you can: # - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) # - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") +# This channels value goes into bundle/metadata/annotations.yaml and does not play any role in our upstream builds or +# FBC releases but there's a team that depends on it, see ROX-31301. +CHANNELS ?= stable ifneq ($(origin CHANNELS), undefined) BUNDLE_CHANNELS := --channels=$(CHANNELS) endif @@ -186,11 +189,17 @@ include $(PROJECT_DIR)/../make/gotools.mk $(call go-tool, CONTROLLER_GEN, sigs.k8s.io/controller-tools/cmd/controller-gen, tools/controller-gen) $(call go-tool, ENVTEST, sigs.k8s.io/controller-runtime/tools/setup-envtest, tools/envtest) $(call go-tool, KUSTOMIZE, sigs.k8s.io/kustomize/kustomize/v5, tools/kustomize) -$(call go-tool, OPERATOR_SDK, github.com/operator-framework/operator-sdk/cmd/operator-sdk, tools/operator-sdk) $(call go-tool, OLM, github.com/operator-framework/operator-lifecycle-manager/cmd/olm, tools/operator-sdk) $(call go-tool, KUTTL, github.com/kudobuilder/kuttl/cmd/kubectl-kuttl, tools/kuttl) $(call go-tool, YQ, github.com/mikefarah/yq/v4, tools/yq) +# Build operator-sdk with containers_image_openpgp tag to avoid gpgme dependency +# See: https://github.com/containers/image/blob/df7e80d2d19872b61f352a8a182ec934dc0c2346/README.md#buildtag-containers_image_openpgp +OPERATOR_SDK := $(GOTOOLS_BIN)/operator-sdk +$(OPERATOR_SDK): tools/operator-sdk/go.mod tools/operator-sdk/go.sum + @echo "+ $(notdir $@)" + $(SILENT)cd tools/operator-sdk && GOBIN="$(dir $@)" go install -tags=containers_image_openpgp github.com/operator-framework/operator-sdk/cmd/operator-sdk + OPERATOR_SDK_VERSION = $(shell cd tools/operator-sdk; go list -m -f '{{ .Version }}' github.com/operator-framework/operator-sdk) OLM_VERSION = $(shell cd tools/operator-sdk; go list -m -f '{{ .Version }}' github.com/operator-framework/operator-lifecycle-manager) diff --git a/operator/api/v1alpha1/securedcluster_types.go b/operator/api/v1alpha1/securedcluster_types.go index 8bdc6d2452844..cb6a1609b30aa 100644 --- a/operator/api/v1alpha1/securedcluster_types.go +++ b/operator/api/v1alpha1/securedcluster_types.go @@ -157,11 +157,11 @@ type AdmissionControlComponentSpec struct { //+operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:hidden"} ListenOnEvents *bool `json:"listenOnEvents,omitempty"` - // Set to false to disable policy enforcement for the admission controller. This is not recommended. - // On new deployments starting with version 4.9, defaults to true. - // On old deployments, defaults to true if at least one of listenOnCreates or listenOnUpdates is true. + // Set to Disabled to disable policy enforcement for the admission controller. This is not recommended. + // On new deployments starting with version 4.9, defaults to Enabled. + // On old deployments, defaults to Enabled if at least one of listenOnCreates or listenOnUpdates is true. //+operator-sdk:csv:customresourcedefinitions:type=spec,order=1 - Enforce *bool `json:"enforce,omitempty"` + Enforcement *PolicyEnforcement `json:"enforcement,omitempty"` // Deprecated field. This field will be removed in a future release. //+operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:hidden"} @@ -193,6 +193,17 @@ type AdmissionControlComponentSpec struct { Replicas *int32 `json:"replicas,omitempty"` } +// PolicyEnforcement defines whether policy enforcement is enabled or disabled. +// +kubebuilder:validation:Enum=Enabled;Disabled +type PolicyEnforcement string + +const ( + // PolicyEnforcementEnabled means: policy enforcement is enabled. + PolicyEnforcementEnabled PolicyEnforcement = "Enabled" + // PolicyEnforcementDisabled means: polict enforcement is disabled. + PolicyEnforcementDisabled PolicyEnforcement = "Disabled" +) + // ImageScanPolicy defines whether images should be scanned at admission control time. // +kubebuilder:validation:Enum=ScanIfMissing;DoNotScanInline type ImageScanPolicy string diff --git a/operator/api/v1alpha1/zz_generated.deepcopy.go b/operator/api/v1alpha1/zz_generated.deepcopy.go index c0ffa3f272a25..26027c1223f5d 100644 --- a/operator/api/v1alpha1/zz_generated.deepcopy.go +++ b/operator/api/v1alpha1/zz_generated.deepcopy.go @@ -78,9 +78,9 @@ func (in *AdmissionControlComponentSpec) DeepCopyInto(out *AdmissionControlCompo *out = new(bool) **out = **in } - if in.Enforce != nil { - in, out := &in.Enforce, &out.Enforce - *out = new(bool) + if in.Enforcement != nil { + in, out := &in.Enforcement, &out.Enforcement + *out = new(PolicyEnforcement) **out = **in } if in.ContactImageScanners != nil { diff --git a/operator/bundle/manifests/platform.stackrox.io_centrals.yaml b/operator/bundle/manifests/platform.stackrox.io_centrals.yaml index 6dd5d528fd31b..a356506589cf2 100644 --- a/operator/bundle/manifests/platform.stackrox.io_centrals.yaml +++ b/operator/bundle/manifests/platform.stackrox.io_centrals.yaml @@ -200,7 +200,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -521,7 +521,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -663,8 +663,9 @@ spec: in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. type: string value: description: |- @@ -722,6 +723,43 @@ spec: - fieldPath type: object x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests @@ -964,7 +1002,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1128,7 +1166,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1330,7 +1368,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1462,7 +1500,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1625,7 +1663,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. diff --git a/operator/bundle/manifests/platform.stackrox.io_securedclusters.yaml b/operator/bundle/manifests/platform.stackrox.io_securedclusters.yaml index e7f81781fdfa5..9742c3d16c1d0 100644 --- a/operator/bundle/manifests/platform.stackrox.io_securedclusters.yaml +++ b/operator/bundle/manifests/platform.stackrox.io_securedclusters.yaml @@ -65,12 +65,15 @@ spec: - ScanIfMissing - DoNotScanInline type: string - enforce: + enforcement: description: |- - Set to false to disable policy enforcement for the admission controller. This is not recommended. - On new deployments starting with version 4.9, defaults to true. - On old deployments, defaults to true if at least one of listenOnCreates or listenOnUpdates is true. - type: boolean + Set to Disabled to disable policy enforcement for the admission controller. This is not recommended. + On new deployments starting with version 4.9, defaults to Enabled. + On old deployments, defaults to Enabled if at least one of listenOnCreates or listenOnUpdates is true. + enum: + - Enabled + - Disabled + type: string failurePolicy: description: |- If set to "Fail", the admission controller's webhooks are configured to fail-closed in case admission controller @@ -136,7 +139,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -287,8 +290,9 @@ spec: in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. type: string value: description: |- @@ -346,6 +350,43 @@ spec: - fieldPath type: object x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests @@ -572,7 +613,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -638,7 +679,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -725,7 +766,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -850,7 +891,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1014,7 +1055,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1201,7 +1242,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1333,7 +1374,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1524,7 +1565,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. diff --git a/operator/bundle/manifests/rhacs-operator.clusterserviceversion.yaml b/operator/bundle/manifests/rhacs-operator.clusterserviceversion.yaml index 3da1696f26dc3..b069926524a76 100644 --- a/operator/bundle/manifests/rhacs-operator.clusterserviceversion.yaml +++ b/operator/bundle/manifests/rhacs-operator.clusterserviceversion.yaml @@ -1077,15 +1077,15 @@ spec: path: misc x-descriptors: - urn:alm:descriptor:com.tectonic.ui:hidden - - description: 'Set to false to disable policy enforcement for the admission + - description: 'Set to Disabled to disable policy enforcement for the admission controller. This is not recommended. - On new deployments starting with version 4.9, defaults to true. + On new deployments starting with version 4.9, defaults to Enabled. - On old deployments, defaults to true if at least one of listenOnCreates + On old deployments, defaults to Enabled if at least one of listenOnCreates or listenOnUpdates is true.' - displayName: Enforce - path: admissionControl.enforce + displayName: Enforcement + path: admissionControl.enforcement - description: 'Enables teams to bypass admission control in a monitored manner in the event of an emergency. diff --git a/operator/bundle/metadata/annotations.yaml b/operator/bundle/metadata/annotations.yaml index 915fbc1f951d9..6f2da717d273f 100644 --- a/operator/bundle/metadata/annotations.yaml +++ b/operator/bundle/metadata/annotations.yaml @@ -4,7 +4,7 @@ annotations: operators.operatorframework.io.bundle.manifests.v1: manifests/ operators.operatorframework.io.bundle.metadata.v1: metadata/ operators.operatorframework.io.bundle.package.v1: rhacs-operator - operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channels.v1: stable operators.operatorframework.io.metrics.builder: operator-sdk-unknown operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 diff --git a/operator/bundle/tests/scorecard/config.yaml b/operator/bundle/tests/scorecard/config.yaml index ea6b807940df4..6ffe8227fa74c 100644 --- a/operator/bundle/tests/scorecard/config.yaml +++ b/operator/bundle/tests/scorecard/config.yaml @@ -8,7 +8,7 @@ stages: - entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.41.1 labels: suite: basic test: basic-check-spec-test @@ -18,7 +18,7 @@ stages: - entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.41.1 labels: suite: olm test: olm-bundle-validation-test @@ -28,7 +28,7 @@ stages: - entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.41.1 labels: suite: olm test: olm-crds-have-validation-test @@ -38,7 +38,7 @@ stages: - entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.41.1 labels: suite: olm test: olm-crds-have-resources-test @@ -48,7 +48,7 @@ stages: - entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.41.1 labels: suite: olm test: olm-spec-descriptors-test @@ -58,7 +58,7 @@ stages: - entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.38.0 + image: quay.io/operator-framework/scorecard-test:v1.41.1 labels: suite: olm test: olm-status-descriptors-test diff --git a/operator/bundle_helpers/requirements-gha.txt b/operator/bundle_helpers/requirements-gha.txt index 82b7f00600e14..a513b595dfd02 100644 --- a/operator/bundle_helpers/requirements-gha.txt +++ b/operator/bundle_helpers/requirements-gha.txt @@ -1,5 +1,5 @@ # TODO(ROX-26860): remove this file and use just requirements.txt once the GHA operator build runs with Python 3.9. # PyYAML > 6.0 requires Python > 3.6. PyYAML==6.0 -# pytest==7.0.1 is the latest available for the quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 job container's Python. +# pytest==7.0.1 is the latest available for the quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 job container's Python. pytest==7.0.1 diff --git a/operator/config/crd/bases/platform.stackrox.io_centrals.yaml b/operator/config/crd/bases/platform.stackrox.io_centrals.yaml index 6014a41d22d4f..812b150ba7424 100644 --- a/operator/config/crd/bases/platform.stackrox.io_centrals.yaml +++ b/operator/config/crd/bases/platform.stackrox.io_centrals.yaml @@ -200,7 +200,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -521,7 +521,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -663,8 +663,9 @@ spec: in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. type: string value: description: |- @@ -722,6 +723,43 @@ spec: - fieldPath type: object x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests @@ -964,7 +1002,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1128,7 +1166,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1330,7 +1368,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1462,7 +1500,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1625,7 +1663,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. diff --git a/operator/config/crd/bases/platform.stackrox.io_securedclusters.yaml b/operator/config/crd/bases/platform.stackrox.io_securedclusters.yaml index 64c9bc9d148e0..dd434932c1df8 100644 --- a/operator/config/crd/bases/platform.stackrox.io_securedclusters.yaml +++ b/operator/config/crd/bases/platform.stackrox.io_securedclusters.yaml @@ -65,12 +65,15 @@ spec: - ScanIfMissing - DoNotScanInline type: string - enforce: + enforcement: description: |- - Set to false to disable policy enforcement for the admission controller. This is not recommended. - On new deployments starting with version 4.9, defaults to true. - On old deployments, defaults to true if at least one of listenOnCreates or listenOnUpdates is true. - type: boolean + Set to Disabled to disable policy enforcement for the admission controller. This is not recommended. + On new deployments starting with version 4.9, defaults to Enabled. + On old deployments, defaults to Enabled if at least one of listenOnCreates or listenOnUpdates is true. + enum: + - Enabled + - Disabled + type: string failurePolicy: description: |- If set to "Fail", the admission controller's webhooks are configured to fail-closed in case admission controller @@ -136,7 +139,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -287,8 +290,9 @@ spec: in a Container. properties: name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. type: string value: description: |- @@ -346,6 +350,43 @@ spec: - fieldPath type: object x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing + the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests @@ -572,7 +613,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -638,7 +679,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -725,7 +766,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -850,7 +891,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1014,7 +1055,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1201,7 +1242,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1333,7 +1374,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. @@ -1524,7 +1565,7 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the + This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. diff --git a/operator/config/manifests/bases/rhacs-operator.clusterserviceversion.yaml b/operator/config/manifests/bases/rhacs-operator.clusterserviceversion.yaml index ec2af9ad7ef08..d523889be5c7b 100644 --- a/operator/config/manifests/bases/rhacs-operator.clusterserviceversion.yaml +++ b/operator/config/manifests/bases/rhacs-operator.clusterserviceversion.yaml @@ -862,11 +862,11 @@ spec: version: v1 specDescriptors: - description: |- - Set to false to disable policy enforcement for the admission controller. This is not recommended. - On new deployments starting with version 4.9, defaults to true. - On old deployments, defaults to true if at least one of listenOnCreates or listenOnUpdates is true. - displayName: Enforce - path: admissionControl.enforce + Set to Disabled to disable policy enforcement for the admission controller. This is not recommended. + On new deployments starting with version 4.9, defaults to Enabled. + On old deployments, defaults to Enabled if at least one of listenOnCreates or listenOnUpdates is true. + displayName: Enforcement + path: admissionControl.enforcement - description: |- Whether collection of Kubernetes audit logs should be enabled or disabled. Currently, this is only supported on OpenShift 4, and trying to enable it on non-OpenShift 4 clusters will result in an error. diff --git a/operator/config/scorecard-versioned/kustomization.yaml b/operator/config/scorecard-versioned/kustomization.yaml index f123afe506f2a..efe47df07e0f5 100644 --- a/operator/config/scorecard-versioned/kustomization.yaml +++ b/operator/config/scorecard-versioned/kustomization.yaml @@ -7,4 +7,4 @@ resources: images: - name: quay.io/operator-framework/scorecard-test newName: quay.io/operator-framework/scorecard-test - newTag: v1.38.0 + newTag: v1.41.1 diff --git a/operator/internal/common/extensions/secret_reconciliator.go b/operator/internal/common/extensions/secret_reconciliator.go index 3fd1d7f9f61c3..21a7e21cbff65 100644 --- a/operator/internal/common/extensions/secret_reconciliator.go +++ b/operator/internal/common/extensions/secret_reconciliator.go @@ -115,9 +115,18 @@ func (r *SecretReconciliator) EnsureSecret(ctx context.Context, name string, val func (r *SecretReconciliator) updateExisting(ctx context.Context, secret *coreV1.Secret, validate validateSecretDataFunc, generate generateSecretDataFunc, desiredLabels map[string]string) error { isManaged := metav1.IsControlledBy(secret, r.obj) + needsUpdate := false + + // Check if the secret should be adopted. This handles backup/restore scenarios + // where ownerReferences were stripped but the managed-by label remains. + if !isManaged && utils.ShouldAdoptResource(secret) { + secret.SetOwnerReferences([]metav1.OwnerReference{*metav1.NewControllerRef(r.obj, r.obj.GroupVersionKind())}) + isManaged = true + needsUpdate = true + } + validateErr := validate(secret.Data, isManaged) - needsUpdate := false // If the secret is unmanaged, we cannot fix it, so we should fail. if validateErr != nil && !isManaged { return errors.Wrapf(validateErr, diff --git a/operator/internal/common/extensions/secret_reconciliator_test.go b/operator/internal/common/extensions/secret_reconciliator_test.go index c5f0a6351a498..195962d87afd8 100644 --- a/operator/internal/common/extensions/secret_reconciliator_test.go +++ b/operator/internal/common/extensions/secret_reconciliator_test.go @@ -276,3 +276,40 @@ func (s *secretReconcilerTestSuite) Test_ShouldExist_OnExistingUnmanaged_Failing assert.Equal(s.T(), initSecret, secret) } + +func (s *secretReconcilerTestSuite) Test_ShouldExist_OnAdoptableSecret_ShouldAdoptAndFix() { + adoptableSecret := &v1.Secret{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "v1", + Kind: "Secret", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "adoptable-secret", + Namespace: testutils.TestNamespace, + Labels: labels.DefaultLabels(), + }, + Data: map[string][]byte{ + "secret-name": []byte("adoptable-secret"), + }, + } + s.Require().NoError(s.client.Create(s.ctx, adoptableSecret)) + + validateFn := func(_ types.SecretDataMap, managed bool) error { + s.True(managed, "secret should be considered managed after adoption") + return pkgErrors.New("needs regeneration") + } + + generateFn := func(_ types.SecretDataMap) (types.SecretDataMap, error) { + return types.SecretDataMap{"new-data": []byte("fixed")}, nil + } + + err := s.reconciliator.EnsureSecret(s.ctx, "adoptable-secret", validateFn, generateFn, nil) + s.Require().NoError(err) + + secret := &v1.Secret{} + key := ctrlClient.ObjectKey{Namespace: testutils.TestNamespace, Name: "adoptable-secret"} + s.Require().NoError(s.client.Get(context.Background(), key, secret)) + + s.True(metav1.IsControlledBy(secret, s.centralObj)) + s.Equal("fixed", string(secret.Data["new-data"])) +} diff --git a/operator/internal/securedcluster/defaults/admission_controller.go b/operator/internal/securedcluster/defaults/admission_controller.go index b8fc91ce53c4a..e3a00ac3a0de5 100644 --- a/operator/internal/securedcluster/defaults/admission_controller.go +++ b/operator/internal/securedcluster/defaults/admission_controller.go @@ -8,7 +8,7 @@ import ( ) const ( - FeatureDefaultKeyAdmissionControllerEnforce = "feature-defaults.platform.stackrox.io/admissionControllerEnforce" + FeatureDefaultKeyAdmissionControllerEnforcement = "feature-defaults.platform.stackrox.io/admissionControllerEnforcement" ) var SecuredClusterAdmissionControllerDefaultingFlow = SecuredClusterDefaultingFlow{ @@ -16,17 +16,6 @@ var SecuredClusterAdmissionControllerDefaultingFlow = SecuredClusterDefaultingFl DefaultingFunc: securedClusterAdmissionControllerDefaulting, } -var ( - tableBoolMarshalling = map[bool]string{ - true: "true", - false: "false", - } - tableBoolUnmarshalling = map[string]bool{ - "true": true, - "false": false, - } -) - func admissionControllerDefaultingGreenField(logger logr.Logger, annotations map[string]string, spec *platform.SecuredClusterSpec, defaults *platform.SecuredClusterSpec) error { return admissionControllerDefaultingGreenFieldEnforce(logger, annotations, spec, defaults) } @@ -36,13 +25,13 @@ func admissionControllerDefaultingGreenFieldEnforce(_ logr.Logger, annotations m if admissionControl == nil { admissionControl = &platform.AdmissionControlComponentSpec{} } - if admissionControl.Enforce != nil { + if admissionControl.Enforcement != nil { return nil } - enforceBool := true - defaults.AdmissionControl.Enforce = ptr.To(enforceBool) - annotations[FeatureDefaultKeyAdmissionControllerEnforce] = tableBoolMarshalling[enforceBool] + enforcement := platform.PolicyEnforcementEnabled + defaults.AdmissionControl.Enforcement = ptr.To(enforcement) + annotations[FeatureDefaultKeyAdmissionControllerEnforcement] = string(enforcement) return nil } @@ -53,17 +42,16 @@ func admissionControllerDefaultingBrownFieldEnforce(logger logr.Logger, annotati admissionControl = &platform.AdmissionControlComponentSpec{} } - if enforceAnnotation := annotations[FeatureDefaultKeyAdmissionControllerEnforce]; enforceAnnotation != "" { - enforceBool, ok := tableBoolUnmarshalling[enforceAnnotation] - if !ok { - logger.Info("Failed to unmarshal CR defaulting annotation {%q: %v} as boolean", FeatureDefaultKeyAdmissionControllerEnforce, enforceAnnotation) - functionErr = errors.Errorf("unexpected value %q of CR annotation %s", enforceAnnotation, FeatureDefaultKeyAdmissionControllerEnforce) + if enforceAnnotation := annotations[FeatureDefaultKeyAdmissionControllerEnforcement]; enforceAnnotation != "" { + if !(enforceAnnotation == "Enabled" || enforceAnnotation == "Disabled") { + logger.Info("Invalid CR defaulting annotation {%q: %v}", FeatureDefaultKeyAdmissionControllerEnforcement, enforceAnnotation) + functionErr = errors.Errorf("unexpected value %q of CR annotation %s", enforceAnnotation, FeatureDefaultKeyAdmissionControllerEnforcement) } else { - defaults.AdmissionControl.Enforce = ptr.To(enforceBool) + defaults.AdmissionControl.Enforcement = ptr.To(platform.PolicyEnforcement(enforceAnnotation)) } } - if defaults.AdmissionControl.Enforce == nil { + if defaults.AdmissionControl.Enforcement == nil { // No previous annotation, implement defaulting flow. // Note: we don't have fields "enforceOnCreates" and "enforceOnUpdated" in the CRD. // These fields for the Helm chart were historically kept in sync with the "listenOnCreates" and the "listenOnUpdates" fields of the CRD. @@ -76,13 +64,18 @@ func admissionControllerDefaultingBrownFieldEnforce(logger logr.Logger, annotati if listenOnUpdatesPtr := admissionControl.ListenOnUpdates; listenOnUpdatesPtr != nil { listenOnUpdates = *listenOnUpdatesPtr } - defaults.AdmissionControl.Enforce = ptr.To(listenOnCreates || listenOnUpdates) + + enforcement := platform.PolicyEnforcementDisabled + if listenOnCreates || listenOnUpdates { + enforcement = platform.PolicyEnforcementEnabled + } + defaults.AdmissionControl.Enforcement = ptr.To(enforcement) } - if defaults.AdmissionControl.Enforce != nil { - enforceString := tableBoolMarshalling[*defaults.AdmissionControl.Enforce] - if annotations[FeatureDefaultKeyAdmissionControllerEnforce] != enforceString { - annotations[FeatureDefaultKeyAdmissionControllerEnforce] = enforceString + if enforcement := defaults.AdmissionControl.Enforcement; enforcement != nil { + enforcementString := string(*enforcement) + if annotations[FeatureDefaultKeyAdmissionControllerEnforcement] != enforcementString { + annotations[FeatureDefaultKeyAdmissionControllerEnforcement] = enforcementString } } diff --git a/operator/internal/securedcluster/extensions/reconcile_defaulting_test.go b/operator/internal/securedcluster/extensions/reconcile_defaulting_test.go index a4bd8279e1d12..19178d41828fc 100644 --- a/operator/internal/securedcluster/extensions/reconcile_defaulting_test.go +++ b/operator/internal/securedcluster/extensions/reconcile_defaulting_test.go @@ -54,16 +54,16 @@ func TestReconcileAdmissionControllerDefaulting(t *testing.T) { Bypass: ptr.To(platform.BypassBreakGlassAnnotation), FailurePolicy: ptr.To(platform.FailurePolicyIgnore), Replicas: ptr.To(int32(3)), - Enforce: ptr.To(true), + Enforcement: ptr.To(platform.PolicyEnforcementEnabled), }, ExpectedAnnotations: map[string]string{ - defaults.FeatureDefaultKeyAdmissionControllerEnforce: "true", + defaults.FeatureDefaultKeyAdmissionControllerEnforcement: "Enabled", }, }, - "install: explicit enforce false": { + "install: explicit enforcement disabled": { Spec: platform.SecuredClusterSpec{ AdmissionControl: &platform.AdmissionControlComponentSpec{ - Enforce: ptr.To(false), + Enforcement: ptr.To(platform.PolicyEnforcementDisabled), }, }, Status: platform.SecuredClusterStatus{}, @@ -71,16 +71,16 @@ func TestReconcileAdmissionControllerDefaulting(t *testing.T) { Bypass: ptr.To(platform.BypassBreakGlassAnnotation), FailurePolicy: ptr.To(platform.FailurePolicyIgnore), Replicas: ptr.To(int32(3)), - Enforce: nil, + Enforcement: nil, }, ExpectedAnnotations: map[string]string{ - defaults.FeatureDefaultKeyAdmissionControllerEnforce: "", + defaults.FeatureDefaultKeyAdmissionControllerEnforcement: "", }, }, - "install: explicit enforce true": { + "install: explicit enforcement enabled": { Spec: platform.SecuredClusterSpec{ AdmissionControl: &platform.AdmissionControlComponentSpec{ - Enforce: ptr.To(true), + Enforcement: ptr.To(platform.PolicyEnforcementEnabled), }, }, Status: platform.SecuredClusterStatus{}, @@ -88,45 +88,45 @@ func TestReconcileAdmissionControllerDefaulting(t *testing.T) { Bypass: ptr.To(platform.BypassBreakGlassAnnotation), FailurePolicy: ptr.To(platform.FailurePolicyIgnore), Replicas: ptr.To(int32(3)), - Enforce: nil, + Enforcement: nil, }, ExpectedAnnotations: map[string]string{ - defaults.FeatureDefaultKeyAdmissionControllerEnforce: "", + defaults.FeatureDefaultKeyAdmissionControllerEnforcement: "", }, }, "upgrade: annotation true is picked up": { Spec: platform.SecuredClusterSpec{}, Status: nonEmptyStatus, Annotations: map[string]string{ - defaults.FeatureDefaultKeyAdmissionControllerEnforce: "true", + defaults.FeatureDefaultKeyAdmissionControllerEnforcement: "Enabled", }, ExpectedDefaults: &platform.AdmissionControlComponentSpec{ Bypass: ptr.To(platform.BypassBreakGlassAnnotation), FailurePolicy: ptr.To(platform.FailurePolicyIgnore), Replicas: ptr.To(int32(3)), - Enforce: ptr.To(true), + Enforcement: ptr.To(platform.PolicyEnforcementEnabled), }, ExpectedAnnotations: map[string]string{ - defaults.FeatureDefaultKeyAdmissionControllerEnforce: "true", + defaults.FeatureDefaultKeyAdmissionControllerEnforcement: "Enabled", }, }, "upgrade: annotation false is picked up": { Spec: platform.SecuredClusterSpec{}, Status: nonEmptyStatus, Annotations: map[string]string{ - defaults.FeatureDefaultKeyAdmissionControllerEnforce: "false", + defaults.FeatureDefaultKeyAdmissionControllerEnforcement: "Disabled", }, ExpectedDefaults: &platform.AdmissionControlComponentSpec{ Bypass: ptr.To(platform.BypassBreakGlassAnnotation), FailurePolicy: ptr.To(platform.FailurePolicyIgnore), Replicas: ptr.To(int32(3)), - Enforce: ptr.To(false), + Enforcement: ptr.To(platform.PolicyEnforcementDisabled), }, ExpectedAnnotations: map[string]string{ - defaults.FeatureDefaultKeyAdmissionControllerEnforce: "false", + defaults.FeatureDefaultKeyAdmissionControllerEnforcement: "Disabled", }, }, - "upgrade: enforce disabled if listenOnCreates & listenOnUpdates disabled": { + "upgrade: enforcement disabled if listenOnCreates & listenOnUpdates disabled": { Spec: platform.SecuredClusterSpec{ AdmissionControl: &platform.AdmissionControlComponentSpec{ ListenOnCreates: ptr.To(false), @@ -138,13 +138,13 @@ func TestReconcileAdmissionControllerDefaulting(t *testing.T) { Bypass: ptr.To(platform.BypassBreakGlassAnnotation), FailurePolicy: ptr.To(platform.FailurePolicyIgnore), Replicas: ptr.To(int32(3)), - Enforce: ptr.To(false), + Enforcement: ptr.To(platform.PolicyEnforcementDisabled), }, ExpectedAnnotations: map[string]string{ - defaults.FeatureDefaultKeyAdmissionControllerEnforce: "false", + defaults.FeatureDefaultKeyAdmissionControllerEnforcement: "Disabled", }, }, - "upgrade: enforce enabled if listenOnCreates enabled": { + "upgrade: enforcement enabled if listenOnCreates enabled": { Spec: platform.SecuredClusterSpec{ AdmissionControl: &platform.AdmissionControlComponentSpec{ ListenOnCreates: ptr.To(true), @@ -156,13 +156,13 @@ func TestReconcileAdmissionControllerDefaulting(t *testing.T) { Bypass: ptr.To(platform.BypassBreakGlassAnnotation), FailurePolicy: ptr.To(platform.FailurePolicyIgnore), Replicas: ptr.To(int32(3)), - Enforce: ptr.To(true), + Enforcement: ptr.To(platform.PolicyEnforcementEnabled), }, ExpectedAnnotations: map[string]string{ - defaults.FeatureDefaultKeyAdmissionControllerEnforce: "true", + defaults.FeatureDefaultKeyAdmissionControllerEnforcement: "Enabled", }, }, - "upgrade: enforce enabled if listenOnUpdates enabled": { + "upgrade: enforcement enabled if listenOnUpdates enabled": { Spec: platform.SecuredClusterSpec{ AdmissionControl: &platform.AdmissionControlComponentSpec{ ListenOnCreates: ptr.To(false), @@ -174,10 +174,10 @@ func TestReconcileAdmissionControllerDefaulting(t *testing.T) { Bypass: ptr.To(platform.BypassBreakGlassAnnotation), FailurePolicy: ptr.To(platform.FailurePolicyIgnore), Replicas: ptr.To(int32(3)), - Enforce: ptr.To(true), + Enforcement: ptr.To(platform.PolicyEnforcementEnabled), }, ExpectedAnnotations: map[string]string{ - defaults.FeatureDefaultKeyAdmissionControllerEnforce: "true", + defaults.FeatureDefaultKeyAdmissionControllerEnforcement: "Enabled", }, }, } diff --git a/operator/internal/securedcluster/extensions/sensor_ca_hash.go b/operator/internal/securedcluster/extensions/sensor_ca_hash.go index fb4f28fa321f9..3550c242a6698 100644 --- a/operator/internal/securedcluster/extensions/sensor_ca_hash.go +++ b/operator/internal/securedcluster/extensions/sensor_ca_hash.go @@ -22,9 +22,9 @@ import ( // SensorCAHashExtension is an extension that computes and caches the CA hash for Secured Clusters, // enabling declarative rollout restarts when the CA changes. -func SensorCAHashExtension(client ctrlClient.Client, direct ctrlClient.Reader, logger logr.Logger, renderCache *rendercache.RenderCache) extensions.ReconcileExtension { +func SensorCAHashExtension(client ctrlClient.Client, direct ctrlClient.Reader, renderCache *rendercache.RenderCache) extensions.ReconcileExtension { return func(ctx context.Context, obj *unstructured.Unstructured, statusUpdater func(statusFunc extensions.UpdateStatusFunc), log logr.Logger) error { - logger = logger.WithName("sensor-ca-hash") + log = log.WithName("sensor-ca-hash") // Clean up render cache entry if CR is being deleted. if obj.GetDeletionTimestamp() != nil { @@ -39,7 +39,7 @@ func SensorCAHashExtension(client ctrlClient.Client, direct ctrlClient.Reader, l // Runtime TLS secrets are not stored atomically, check if they are consistent. if fromRuntimeSecret { - secretsConsistent, err := verifyAllTLSSecretsMatchCA(ctx, client, direct, obj.GetNamespace(), sensorHash, logger) + secretsConsistent, err := verifyAllTLSSecretsMatchCA(ctx, client, direct, obj.GetNamespace(), sensorHash, log) if err != nil { return err } diff --git a/operator/internal/securedcluster/extensions/sensor_ca_hash_test.go b/operator/internal/securedcluster/extensions/sensor_ca_hash_test.go index 37c2a40ac9bf6..ea127c3a8343f 100644 --- a/operator/internal/securedcluster/extensions/sensor_ca_hash_test.go +++ b/operator/internal/securedcluster/extensions/sensor_ca_hash_test.go @@ -68,7 +68,7 @@ func TestSensorCAHashExtension_CertificatePriority(t *testing.T) { sc := createTestSecuredCluster() scUnstructured := toUnstructured(t, sc) - extension := SensorCAHashExtension(client, client, logr.Discard(), renderCache) + extension := SensorCAHashExtension(client, client, renderCache) err := extension(context.Background(), scUnstructured, nil, logr.Discard()) if tt.expectError { @@ -130,7 +130,7 @@ func TestSensorCAHashExtension_ConsistencyCheck(t *testing.T) { sc := createTestSecuredCluster() scUnstructured := toUnstructured(t, sc) - extension := SensorCAHashExtension(client, client, logr.Discard(), renderCache) + extension := SensorCAHashExtension(client, client, renderCache) err := extension(context.Background(), scUnstructured, nil, logr.Discard()) if tt.expectError { @@ -152,7 +152,7 @@ func TestSensorCAHashExtension_DeletionCleanup(t *testing.T) { sc := createTestSecuredCluster() scUnstructured := toUnstructured(t, sc) - extension := SensorCAHashExtension(client, client, logr.Discard(), renderCache) + extension := SensorCAHashExtension(client, client, renderCache) err := extension(context.Background(), scUnstructured, nil, logr.Discard()) require.NoError(t, err) diff --git a/operator/internal/securedcluster/reconciler/reconciler.go b/operator/internal/securedcluster/reconciler/reconciler.go index d0aacc6d2839e..fa84eed10441f 100644 --- a/operator/internal/securedcluster/reconciler/reconciler.go +++ b/operator/internal/securedcluster/reconciler/reconciler.go @@ -43,7 +43,7 @@ func RegisterNewReconciler(mgr ctrl.Manager, selector string) error { pkgReconciler.WithPreExtension(commonExtensions.ReconcileProductVersionStatusExtension(version.GetMainVersion())), pkgReconciler.WithPreExtension(extensions.ReconcileLocalScannerDBPasswordExtension(mgr.GetClient(), mgr.GetAPIReader())), pkgReconciler.WithPreExtension(extensions.ReconcileLocalScannerV4DBPasswordExtension(mgr.GetClient(), mgr.GetAPIReader())), - pkgReconciler.WithPreExtension(extensions.SensorCAHashExtension(mgr.GetClient(), mgr.GetAPIReader(), mgr.GetLogger(), renderCache)), + pkgReconciler.WithPreExtension(extensions.SensorCAHashExtension(mgr.GetClient(), mgr.GetAPIReader(), renderCache)), } opts := make([]pkgReconciler.Option, 0, len(otherPreExtensions)+8) diff --git a/operator/internal/securedcluster/values/translation/translation.go b/operator/internal/securedcluster/values/translation/translation.go index 83689c1f3065f..ea96b0a95b23c 100644 --- a/operator/internal/securedcluster/values/translation/translation.go +++ b/operator/internal/securedcluster/values/translation/translation.go @@ -324,7 +324,16 @@ func (t Translator) getAdmissionControlValues(admissionControl *platform.Admissi // the CR fields directly below spec.admissionControl. This is because // redeployment is natively part of the CR lifecycle when we have an operator, so // no need to distinguish between the static and dynamic part. - acv.SetBool("enforce", admissionControl.Enforce) + if admissionControl.Enforcement != nil { + switch *admissionControl.Enforcement { + case platform.PolicyEnforcementEnabled: + acv.SetBoolValue("enforce", true) + case platform.PolicyEnforcementDisabled: + acv.SetBoolValue("enforce", false) + default: + return dynamic.SetError(errors.Errorf("invalid spec.admissionControl.enforcement setting %q", *admissionControl.Enforcement)) + } + } if admissionControl.Bypass != nil { switch *admissionControl.Bypass { case platform.BypassBreakGlassAnnotation: diff --git a/operator/internal/securedcluster/values/translation/translation_test.go b/operator/internal/securedcluster/values/translation/translation_test.go index 56912d92fbc66..1080a9162da50 100644 --- a/operator/internal/securedcluster/values/translation/translation_test.go +++ b/operator/internal/securedcluster/values/translation/translation_test.go @@ -417,7 +417,7 @@ func (s *TranslationTestSuite) TestTranslate() { }, }, AdmissionControl: &platform.AdmissionControlComponentSpec{ - Enforce: ptr.To(true), + Enforcement: ptr.To(platform.PolicyEnforcementEnabled), Bypass: platform.BypassBreakGlassAnnotation.Pointer(), FailurePolicy: ptr.To(platform.FailurePolicyFail), DeploymentSpec: platform.DeploymentSpec{ diff --git a/operator/internal/utils/api.go b/operator/internal/utils/api.go index be89fe4a97a4c..aa96ba13f7b66 100644 --- a/operator/internal/utils/api.go +++ b/operator/internal/utils/api.go @@ -4,6 +4,7 @@ import ( "context" "github.com/pkg/errors" + pkgLabels "github.com/stackrox/rox/pkg/labels" apiErrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ctrlClient "sigs.k8s.io/controller-runtime/pkg/client" @@ -35,3 +36,20 @@ func GetWithFallbackToUncached(ctx context.Context, client ctrlClient.Client, un return nil } + +// ShouldAdoptResource checks if a resource should be adopted by the operator. +// A resource should be adopted if: +// 1. It has no ownerReferences (might have been stripped during backup/restore) +// 2. It has the "app.stackrox.io/managed-by: operator" label (indicating it was originally created by the operator) +func ShouldAdoptResource(obj metav1.Object) bool { + labels := obj.GetLabels() + if labels == nil { + return false + } + + if labels[pkgLabels.ManagedByLabelKey] != pkgLabels.ManagedByOperator { + return false + } + + return len(obj.GetOwnerReferences()) == 0 +} diff --git a/operator/internal/utils/api_test.go b/operator/internal/utils/api_test.go new file mode 100644 index 0000000000000..379f2a35de772 --- /dev/null +++ b/operator/internal/utils/api_test.go @@ -0,0 +1,79 @@ +package utils + +import ( + "testing" + + pkgLabels "github.com/stackrox/rox/pkg/labels" + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" +) + +func TestShouldAdoptResource(t *testing.T) { + tests := map[string]struct { + obj metav1.Object + expected bool + }{ + "should adopt - has operator managed-by label, no ownerReferences": { + obj: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-secret", + Namespace: "test-ns", + Labels: map[string]string{ + pkgLabels.ManagedByLabelKey: pkgLabels.ManagedByOperator, + }, + }, + }, + expected: true, + }, + "should not adopt - no labels": { + obj: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-secret", + Namespace: "test-ns", + }, + }, + expected: false, + }, + "should not adopt - managed by sensor": { + obj: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-secret", + Namespace: "test-ns", + Labels: map[string]string{ + pkgLabels.ManagedByLabelKey: pkgLabels.ManagedBySensor, + }, + }, + }, + expected: false, + }, + "should not adopt - has ownerReference": { + obj: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-secret", + Namespace: "test-ns", + Labels: map[string]string{ + pkgLabels.ManagedByLabelKey: pkgLabels.ManagedByOperator, + }, + OwnerReferences: []metav1.OwnerReference{ + { + APIVersion: "v1", + Kind: "SomeOwner", + Name: "owner", + UID: types.UID("some-uid"), + }, + }, + }, + }, + expected: false, + }, + } + + for name, tt := range tests { + t.Run(name, func(t *testing.T) { + result := ShouldAdoptResource(tt.obj) + assert.Equal(t, tt.expected, result) + }) + } +} diff --git a/operator/konflux.Dockerfile b/operator/konflux.Dockerfile index 4791f9230678d..3a24939d30133 100644 --- a/operator/konflux.Dockerfile +++ b/operator/konflux.Dockerfile @@ -1,4 +1,4 @@ -FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.24@sha256:beed4519c775d6123c11351048be29e6f93ab0adaea2c7d55977b445966f5b27 AS builder +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.25@sha256:527782f4a0270f786192281f68d0374f4a21b3ab759643eee4bfcafb6f539468 AS builder WORKDIR /go/src/github.com/stackrox/rox/app @@ -17,7 +17,7 @@ ENV CI=1 GOFLAGS="" CGO_ENABLED=1 RUN GOOS=linux GOARCH=$(go env GOARCH) scripts/go-build-file.sh operator/cmd/main.go image/bin/operator -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:43dde01be4e94afd22d8d95ee8abcc9f610b4e50aff5bcc141b558c74d4c68b5 +FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:9f5006710578c36da022efbc740b27821056d504d582e1aeb204a602d2e8e4ce ARG BUILD_TAG @@ -29,7 +29,7 @@ LABEL \ io.k8s.display-name="operator" \ io.openshift.tags="rhacs,operator,stackrox" \ maintainer="Red Hat, Inc." \ - name="rhacs-rhel8-operator" \ + name="advanced-cluster-security/rhacs-rhel8-operator" \ # Custom Snapshot creation in `operator-bundle-pipeline` depends on source-location label to be set correctly. source-location="https://github.com/stackrox/stackrox" \ summary="Operator for Red Hat Advanced Cluster Security for Kubernetes" \ diff --git a/operator/konflux.bundle.Dockerfile b/operator/konflux.bundle.Dockerfile index 11aff472f0c06..d2bcd478e73bc 100644 --- a/operator/konflux.bundle.Dockerfile +++ b/operator/konflux.bundle.Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi9/python-39:latest@sha256:9cea5d0cbe82176d5f21781f440ddf077f03beff304f051aa698640731404db7 AS builder +FROM registry.access.redhat.com/ubi9/python-39:latest@sha256:b28387e6c2c66bf2092748bd618036ac48b287ba042f8f353d47118480d0eaf6 AS builder # Because 'default' user cannot create build/ directory and errrors like: # mkdir: cannot create directory ‘build/’: Permission denied @@ -75,7 +75,7 @@ LABEL io.k8s.description="Operator Bundle Image for Red Hat Advanced Cluster Sec LABEL io.k8s.display-name="operator-bundle" LABEL io.openshift.tags="rhacs,operator-bundle,stackrox" LABEL maintainer="Red Hat, Inc." -LABEL name="rhacs-operator-bundle" +LABEL name="advanced-cluster-security/rhacs-operator-bundle" # Custom Snapshot creation in `operator-bundle-pipeline` depends on source-location label to be set correctly. LABEL source-location="https://github.com/stackrox/stackrox" LABEL summary="Operator Bundle Image for Red Hat Advanced Cluster Security for Kubernetes" diff --git a/operator/tests/common/secured-cluster-cr-assert.yaml b/operator/tests/common/secured-cluster-cr-assert.yaml index ad3aacfb224ce..a06ee079748fb 100644 --- a/operator/tests/common/secured-cluster-cr-assert.yaml +++ b/operator/tests/common/secured-cluster-cr-assert.yaml @@ -79,13 +79,13 @@ webhooks: - name: policyeval.stackrox.io rules: - operations: - - CREATE # Due to listenOnCreates - - UPDATE # Due to listenOnUpdates + - CREATE + - UPDATE failurePolicy: Ignore timeoutSeconds: 12 - name: k8sevents.stackrox.io rules: - operations: - - CONNECT # Due to listenOnEvents + - CONNECT failurePolicy: Ignore timeoutSeconds: 12 diff --git a/operator/tests/common/secured-cluster-cr.yaml b/operator/tests/common/secured-cluster-cr.yaml index 551fe98a39f3e..48d72a2202ac3 100644 --- a/operator/tests/common/secured-cluster-cr.yaml +++ b/operator/tests/common/secured-cluster-cr.yaml @@ -7,11 +7,6 @@ spec: imagePullSecrets: - name: e2e-test-pull-secret admissionControl: - listenOnCreates: false # Shall be ignored - listenOnUpdates: false # Shall be ignored - listenOnEvents: false # Shall be ignored - contactImageScanners: DoNotScanInline # Shall be ignored - timeoutSeconds: 15 # Shall be ignored resources: requests: memory: 100Mi diff --git a/operator/tests/upgrade/upgrade/011-verify-pre-4-9-dynamic-admission-controller-config.yaml b/operator/tests/upgrade/upgrade/011-verify-pre-4-9-dynamic-admission-controller-config.yaml deleted file mode 100644 index aaf6e25063fa3..0000000000000 --- a/operator/tests/upgrade/upgrade/011-verify-pre-4-9-dynamic-admission-controller-config.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# pre-4.9 Operator will not ignore the deprecated AdmissionController config fields. -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: | - set -eu # shell in CI does not grok -o pipefail - ret=0 - helm-cluster-config-assert.sh .dynamicConfig.admissionControllerConfig.scanInline false || ret=1 - exit $ret diff --git a/operator/tools/controller-gen/go.mod b/operator/tools/controller-gen/go.mod index 6a42ec0c46287..54d4cf4874e28 100644 --- a/operator/tools/controller-gen/go.mod +++ b/operator/tools/controller-gen/go.mod @@ -1,6 +1,6 @@ module github.com/stackrox/rox/operator/tools/controller-gen -go 1.24.0 +go 1.25 require sigs.k8s.io/controller-tools v0.19.0 diff --git a/operator/tools/envtest/go.mod b/operator/tools/envtest/go.mod index 04d6e79d259e4..6586fc3461a54 100644 --- a/operator/tools/envtest/go.mod +++ b/operator/tools/envtest/go.mod @@ -1,6 +1,6 @@ module github.com/stackrox/rox/operator/tools/envtest -go 1.24 +go 1.25 require sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240215124517-56159419231e diff --git a/operator/tools/kustomize/go.mod b/operator/tools/kustomize/go.mod index 6f9d7c29397b8..ab3f6b38947cd 100644 --- a/operator/tools/kustomize/go.mod +++ b/operator/tools/kustomize/go.mod @@ -1,6 +1,6 @@ module github.com/stackrox/rox/operator/tools/kustomize -go 1.24 +go 1.25 require sigs.k8s.io/kustomize/kustomize/v5 v5.7.1 diff --git a/operator/tools/kuttl/go.mod b/operator/tools/kuttl/go.mod index cb7690724ee30..2fe604d3dbaf7 100644 --- a/operator/tools/kuttl/go.mod +++ b/operator/tools/kuttl/go.mod @@ -1,6 +1,6 @@ module github.com/stackrox/rox/operator/tools/kuttl -go 1.24 +go 1.25 require github.com/kudobuilder/kuttl v0.22.0 diff --git a/operator/tools/operator-sdk/go.mod b/operator/tools/operator-sdk/go.mod index 6b53ff1f5caaa..b5ec7f9e40549 100644 --- a/operator/tools/operator-sdk/go.mod +++ b/operator/tools/operator-sdk/go.mod @@ -1,10 +1,10 @@ module github.com/stackrox/rox/operator/tools/operator-sdk -go 1.24 +go 1.25.0 require ( github.com/operator-framework/operator-lifecycle-manager v0.30.0 - github.com/operator-framework/operator-sdk v1.38.0 + github.com/operator-framework/operator-sdk v1.41.1 ) // These are copied verbatim from @@ -22,121 +22,127 @@ replace ( ) require ( - cel.dev/expr v0.18.0 // indirect - dario.cat/mergo v1.0.1 // indirect - github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect - github.com/BurntSushi/toml v1.4.0 // indirect + cel.dev/expr v0.24.0 // indirect + dario.cat/mergo v1.0.2 // indirect + github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect + github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect + github.com/BurntSushi/toml v1.5.0 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.3.0 // indirect + github.com/Masterminds/semver/v3 v3.4.0 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect - github.com/Microsoft/hcsshim v0.12.5 // indirect - github.com/antlr4-go/antlr/v4 v4.13.0 // indirect + github.com/Microsoft/hcsshim v0.13.0 // indirect + github.com/VividCortex/ewma v1.2.0 // indirect + github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect + github.com/antlr4-go/antlr/v4 v4.13.1 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/cgroups/v3 v3.0.3 // indirect - github.com/containerd/containerd v1.7.27 // indirect - github.com/containerd/containerd/api v1.8.0 // indirect - github.com/containerd/continuity v0.4.4 // indirect - github.com/containerd/errdefs v0.3.0 // indirect + github.com/containerd/cgroups/v3 v3.0.5 // indirect + github.com/containerd/containerd v1.7.28 // indirect + github.com/containerd/containerd/api v1.9.0 // indirect + github.com/containerd/continuity v0.4.5 // indirect + github.com/containerd/errdefs v1.0.0 // indirect + github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect github.com/containerd/ttrpc v1.2.7 // indirect - github.com/containerd/typeurl/v2 v2.1.1 // indirect - github.com/containers/common v0.60.4 // indirect - github.com/containers/image/v5 v5.32.2 // indirect + github.com/containerd/typeurl/v2 v2.2.3 // indirect + github.com/containers/common v0.64.1 // indirect + github.com/containers/image/v5 v5.36.1 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect - github.com/containers/ocicrypt v1.2.0 // indirect - github.com/containers/storage v1.55.0 // indirect + github.com/containers/ocicrypt v1.2.1 // indirect + github.com/containers/storage v1.59.1 // indirect github.com/coreos/go-semver v0.3.1 // indirect - github.com/cyphar/filepath-securejoin v0.3.6 // indirect + github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect + github.com/cyphar/filepath-securejoin v0.4.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/cli v27.2.0+incompatible // indirect + github.com/docker/cli v28.3.3+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v28.0.0+incompatible // indirect - github.com/docker/docker-credential-helpers v0.8.2 // indirect + github.com/docker/docker v28.3.3+incompatible // indirect + github.com/docker/docker-credential-helpers v0.9.3 // indirect github.com/docker/go-connections v0.5.0 // indirect - github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/emicklei/go-restful/v3 v3.12.1 // indirect - github.com/evanphx/json-patch v5.9.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/emicklei/go-restful/v3 v3.12.2 // indirect + github.com/evanphx/json-patch v5.9.11+incompatible // indirect + github.com/evanphx/json-patch/v5 v5.9.11 // indirect github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect github.com/fatih/color v1.18.0 // indirect - github.com/fatih/structtag v1.1.0 // indirect + github.com/fatih/structtag v1.2.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/fsnotify/fsnotify v1.9.0 // indirect + github.com/fxamacker/cbor/v2 v2.8.0 // indirect github.com/go-air/gini v1.0.4 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.6.0 // indirect - github.com/go-git/go-git/v5 v5.13.0 // indirect + github.com/go-git/go-billy/v5 v5.6.2 // indirect + github.com/go-git/go-git/v5 v5.16.2 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect - github.com/go-logr/logr v1.4.2 // indirect + github.com/go-jose/go-jose/v4 v4.1.3 // indirect + github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonpointer v0.21.1 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect - github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-openapi/swag v0.23.1 // indirect + github.com/go-sql-driver/mysql v1.9.1 // indirect + github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/gobuffalo/envy v1.6.5 // indirect github.com/gobuffalo/flect v1.0.3 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-migrate/migrate/v4 v4.17.1 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang-migrate/migrate/v4 v4.18.3 // indirect + github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/google/btree v1.1.2 // indirect - github.com/google/cel-go v0.22.0 // indirect - github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/go-cmp v0.6.0 // indirect - github.com/google/go-containerregistry v0.20.0 // indirect - github.com/google/gofuzz v1.2.0 // indirect + github.com/google/btree v1.1.3 // indirect + github.com/google/cel-go v0.26.0 // indirect + github.com/google/gnostic-models v0.6.9 // indirect + github.com/google/go-cmp v0.7.0 // indirect + github.com/google/go-containerregistry v0.20.6 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.1 // indirect - github.com/gorilla/websocket v1.5.0 // indirect + github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/gosuri/uitable v0.0.4 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect github.com/h2non/filetype v1.1.3 // indirect github.com/h2non/go-is-svg v0.0.0-20160927212452-35e8c4b0612c // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/hcl v1.0.0 // indirect github.com/huandu/xstrings v1.5.0 // indirect github.com/iancoleman/strcase v0.3.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/itchyny/gojq v0.12.16 // indirect + github.com/itchyny/gojq v0.12.17 // indirect github.com/itchyny/timefmt-go v0.1.6 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmoiron/sqlx v1.4.0 // indirect - github.com/joelanford/ignore v0.1.0 // indirect + github.com/joelanford/ignore v0.1.1 // indirect github.com/joho/godotenv v1.3.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.9 // indirect + github.com/klauspost/compress v1.18.0 // indirect + github.com/klauspost/pgzip v1.2.6 // indirect github.com/kr/text v0.2.0 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/lib/pq v1.10.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect - github.com/magiconair/properties v1.8.7 // indirect - github.com/mailru/easyjson v0.7.7 // indirect + github.com/mailru/easyjson v0.9.0 // indirect github.com/markbates/inflect v1.0.4 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect - github.com/mattn/go-sqlite3 v1.14.23 // indirect + github.com/mattn/go-sqlite3 v1.14.32 // indirect + github.com/miekg/dns v1.1.61 // indirect + github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect @@ -144,116 +150,129 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/locker v1.0.1 // indirect github.com/moby/spdystream v0.5.0 // indirect + github.com/moby/sys/capability v0.4.0 // indirect github.com/moby/sys/mountinfo v0.7.2 // indirect - github.com/moby/sys/sequential v0.5.0 // indirect - github.com/moby/sys/user v0.3.0 // indirect + github.com/moby/sys/sequential v0.6.0 // indirect + github.com/moby/sys/user v0.4.0 // indirect github.com/moby/sys/userns v0.1.0 // indirect - github.com/moby/term v0.5.0 // indirect + github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect - github.com/onsi/gomega v1.35.1 // indirect + github.com/nxadm/tail v1.4.11 // indirect + github.com/onsi/gomega v1.38.2 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0 // indirect - github.com/opencontainers/runtime-spec v1.2.0 // indirect + github.com/opencontainers/image-spec v1.1.1 // indirect + github.com/opencontainers/runtime-spec v1.2.1 // indirect github.com/openshift/api v3.9.0+incompatible // indirect github.com/openshift/client-go v0.0.0-20220525160904-9e1acff93e4a // indirect - github.com/operator-framework/ansible-operator-plugins v1.36.1 // indirect - github.com/operator-framework/api v0.27.0 // indirect - github.com/operator-framework/operator-manifest-tools v0.6.0 // indirect - github.com/operator-framework/operator-registry v1.47.0 // indirect - github.com/otiai10/copy v1.14.0 // indirect - github.com/pelletier/go-toml/v2 v2.2.2 // indirect + github.com/operator-framework/ansible-operator-plugins v1.39.0 // indirect + github.com/operator-framework/api v0.34.0 // indirect + github.com/operator-framework/operator-manifest-tools v0.10.0 // indirect + github.com/operator-framework/operator-registry v1.57.0 // indirect + github.com/otiai10/copy v1.14.1 // indirect + github.com/otiai10/mint v1.6.3 // indirect + github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_golang v1.20.5 // indirect - github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.60.0 // indirect - github.com/prometheus/procfs v0.15.1 // indirect + github.com/proglottis/gpgme v0.1.4 // indirect + github.com/prometheus/client_golang v1.23.2 // indirect + github.com/prometheus/client_model v0.6.2 // indirect + github.com/prometheus/common v0.67.4 // indirect + github.com/prometheus/procfs v0.16.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect - github.com/rubenv/sql-migrate v1.7.1 // indirect + github.com/rubenv/sql-migrate v1.8.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/sagikazarmark/locafero v0.4.0 // indirect - github.com/sagikazarmark/slog-shim v0.1.0 // indirect + github.com/sagikazarmark/locafero v0.7.0 // indirect + github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect + github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect github.com/shopspring/decimal v1.4.0 // indirect + github.com/sigstore/fulcio v1.8.3 // indirect + github.com/sigstore/protobuf-specs v0.5.0 // indirect + github.com/sigstore/sigstore v1.10.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect + github.com/smallstep/pkcs7 v0.2.1 // indirect github.com/sourcegraph/conc v0.3.0 // indirect - github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.7.0 // indirect - github.com/spf13/cobra v1.8.1 // indirect - github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.19.0 // indirect - github.com/stoewer/go-strcase v1.3.0 // indirect - github.com/stretchr/testify v1.10.0 // indirect + github.com/spf13/afero v1.14.0 // indirect + github.com/spf13/cast v1.7.1 // indirect + github.com/spf13/cobra v1.10.2 // indirect + github.com/spf13/pflag v1.0.10 // indirect + github.com/spf13/viper v1.20.1 // indirect + github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect + github.com/stoewer/go-strcase v1.3.1 // indirect + github.com/stretchr/testify v1.11.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect - github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect - github.com/thoas/go-funk v0.8.0 // indirect - github.com/vbatts/tar-split v0.11.5 // indirect + github.com/thoas/go-funk v0.9.3 // indirect + github.com/ulikunitz/xz v0.5.12 // indirect + github.com/vbatts/tar-split v0.12.1 // indirect + github.com/vbauerster/mpb/v8 v8.10.2 // indirect github.com/x448/float16 v0.8.4 // indirect - github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect - github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.etcd.io/bbolt v1.3.11 // indirect + go.etcd.io/bbolt v1.4.3 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect - go.opentelemetry.io/otel v1.28.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect - go.opentelemetry.io/otel/metric v1.28.0 // indirect - go.opentelemetry.io/otel/sdk v1.28.0 // indirect - go.opentelemetry.io/otel/trace v1.28.0 // indirect - go.opentelemetry.io/proto/otlp v1.3.1 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect + go.opentelemetry.io/otel v1.38.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 // indirect + go.opentelemetry.io/otel/metric v1.38.0 // indirect + go.opentelemetry.io/otel/sdk v1.38.0 // indirect + go.opentelemetry.io/otel/trace v1.38.0 // indirect + go.opentelemetry.io/proto/otlp v1.7.1 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.36.0 // indirect - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/mod v0.21.0 // indirect - golang.org/x/net v0.38.0 // indirect - golang.org/x/oauth2 v0.27.0 // indirect - golang.org/x/sync v0.12.0 // indirect - golang.org/x/sys v0.31.0 // indirect - golang.org/x/term v0.30.0 // indirect - golang.org/x/text v0.23.0 // indirect - golang.org/x/time v0.7.0 // indirect - golang.org/x/tools v0.26.0 // indirect + go.uber.org/zap v1.27.1 // indirect + go.yaml.in/yaml/v2 v2.4.3 // indirect + go.yaml.in/yaml/v3 v3.0.4 // indirect + golang.org/x/crypto v0.45.0 // indirect + golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect + golang.org/x/mod v0.29.0 // indirect + golang.org/x/net v0.47.0 // indirect + golang.org/x/oauth2 v0.33.0 // indirect + golang.org/x/sync v0.18.0 // indirect + golang.org/x/sys v0.38.0 // indirect + golang.org/x/term v0.37.0 // indirect + golang.org/x/text v0.31.0 // indirect + golang.org/x/time v0.14.0 // indirect + golang.org/x/tools v0.38.0 // indirect + golang.org/x/tools/go/expect v0.1.1-deprecated // indirect + golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect - google.golang.org/grpc v1.66.0 // indirect - google.golang.org/protobuf v1.35.2 // indirect + google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 // indirect + google.golang.org/grpc v1.77.0 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - helm.sh/helm/v3 v3.17.3 // indirect - k8s.io/api v0.32.2 // indirect - k8s.io/apiextensions-apiserver v0.32.2 // indirect - k8s.io/apimachinery v0.32.2 // indirect - k8s.io/apiserver v0.32.2 // indirect - k8s.io/cli-runtime v0.32.2 // indirect - k8s.io/client-go v0.32.2 // indirect - k8s.io/component-base v0.32.2 // indirect + helm.sh/helm/v3 v3.18.6 // indirect + k8s.io/api v0.33.4 // indirect + k8s.io/apiextensions-apiserver v0.33.4 // indirect + k8s.io/apimachinery v0.33.4 // indirect + k8s.io/apiserver v0.33.4 // indirect + k8s.io/cli-runtime v0.33.3 // indirect + k8s.io/client-go v0.33.4 // indirect + k8s.io/component-base v0.33.4 // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-aggregator v0.31.1 // indirect - k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect - k8s.io/kubectl v0.32.2 // indirect - k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect - oras.land/oras-go v1.2.5 // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 // indirect - sigs.k8s.io/controller-runtime v0.19.0 // indirect - sigs.k8s.io/controller-tools v0.16.5 // indirect - sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect - sigs.k8s.io/kubebuilder/v4 v4.1.1 // indirect - sigs.k8s.io/kustomize/api v0.18.0 // indirect - sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect - sigs.k8s.io/yaml v1.4.0 // indirect + k8s.io/kube-aggregator v0.33.4 // indirect + k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a // indirect + k8s.io/kubectl v0.33.3 // indirect + k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect + oras.land/oras-go/v2 v2.6.0 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 // indirect + sigs.k8s.io/controller-runtime v0.21.0 // indirect + sigs.k8s.io/controller-tools v0.18.0 // indirect + sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect + sigs.k8s.io/kubebuilder/v4 v4.6.0 // indirect + sigs.k8s.io/kustomize/api v0.19.0 // indirect + sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect + sigs.k8s.io/randfill v1.0.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect + sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/operator/tools/operator-sdk/go.sum b/operator/tools/operator-sdk/go.sum index 65130408810cc..eee8a3f23a6a8 100644 --- a/operator/tools/operator-sdk/go.sum +++ b/operator/tools/operator-sdk/go.sum @@ -1,51 +1,51 @@ -cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo= -cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= +cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY= +cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= -dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= +dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= +github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= -github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= +github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= -github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= +github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/Microsoft/hcsshim v0.12.5 h1:bpTInLlDy/nDRWFVcefDZZ1+U8tS+rz3MxjKgu9boo0= -github.com/Microsoft/hcsshim v0.12.5/go.mod h1:tIUGego4G1EN5Hb6KC90aDYiUI2dqLSTTOCjVNpOgZ8= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= -github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= +github.com/Microsoft/hcsshim v0.13.0 h1:/BcXOiS6Qi7N9XqUcv27vkIuVOkBEcWstd2pMlWSeaA= +github.com/Microsoft/hcsshim v0.13.0/go.mod h1:9KWJ/8DgU+QzYGupX4tzMhRQE8h6w90lH6HAaclpEok= +github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= +github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= +github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= +github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= +github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= +github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= -github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= -github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= +github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -53,100 +53,105 @@ github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNS github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= -github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= -github.com/containerd/containerd v1.7.27 h1:yFyEyojddO3MIGVER2xJLWoCIn+Up4GaHFquP7hsFII= -github.com/containerd/containerd v1.7.27/go.mod h1:xZmPnl75Vc+BLGt4MIfu6bp+fy03gdHAn9bz+FreFR0= -github.com/containerd/containerd/api v1.8.0 h1:hVTNJKR8fMc/2Tiw60ZRijntNMd1U+JVMyTRdsD2bS0= -github.com/containerd/containerd/api v1.8.0/go.mod h1:dFv4lt6S20wTu/hMcP4350RL87qPWLVa/OHOwmmdnYc= -github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII= -github.com/containerd/continuity v0.4.4/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE= -github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= -github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= +github.com/containerd/cgroups/v3 v3.0.5 h1:44na7Ud+VwyE7LIoJ8JTNQOa549a8543BmzaJHo6Bzo= +github.com/containerd/cgroups/v3 v3.0.5/go.mod h1:SA5DLYnXO8pTGYiAHXz94qvLQTKfVM5GEVisn4jpins= +github.com/containerd/containerd v1.7.28 h1:Nsgm1AtcmEh4AHAJ4gGlNSaKgXiNccU270Dnf81FQ3c= +github.com/containerd/containerd v1.7.28/go.mod h1:azUkWcOvHrWvaiUjSQH0fjzuHIwSPg1WL5PshGP4Szs= +github.com/containerd/containerd/api v1.9.0 h1:HZ/licowTRazus+wt9fM6r/9BQO7S0vD5lMcWspGIg0= +github.com/containerd/containerd/api v1.9.0/go.mod h1:GhghKFmTR3hNtyznBoQ0EMWr9ju5AqHjcZPsSpTKutI= +github.com/containerd/continuity v0.4.5 h1:ZRoN1sXq9u7V6QoHMcVWGhOwDFqZ4B9i5H6un1Wh0x4= +github.com/containerd/continuity v0.4.5/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE= +github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= +github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= +github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= +github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= -github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU= -github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= +github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8= +github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU= github.com/containerd/ttrpc v1.2.7 h1:qIrroQvuOL9HQ1X6KHe2ohc7p+HP/0VE6XPU7elJRqQ= github.com/containerd/ttrpc v1.2.7/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= -github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= -github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= -github.com/containers/common v0.60.4 h1:H5+LAMHPZEqX6vVNOQ+IguVsaFl8kbO/SZ/VPXjxhy0= -github.com/containers/common v0.60.4/go.mod h1:I0upBi1qJX3QmzGbUOBN1LVP6RvkKhd3qQpZbQT+Q54= -github.com/containers/image/v5 v5.32.2 h1:SzNE2Y6sf9b1GJoC8qjCuMBXwQrACFp4p0RK15+4gmQ= -github.com/containers/image/v5 v5.32.2/go.mod h1:v1l73VeMugfj/QtKI+jhYbwnwFCFnNGckvbST3rQ5Hk= +github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= +github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= +github.com/containers/common v0.64.1 h1:E8vSiL+B84/UCsyVSb70GoxY9cu+0bseLujm4EKF6GE= +github.com/containers/common v0.64.1/go.mod h1:CtfQNHoCAZqWeXMwdShcsxmMJSeGRgKKMqAwRKmWrHE= +github.com/containers/image/v5 v5.36.1 h1:6zpXBqR59UcAzoKpa/By5XekeqFV+htWYfr65+Cgjqo= +github.com/containers/image/v5 v5.36.1/go.mod h1:b4GMKH2z/5t6/09utbse2ZiLK/c72GuGLFdp7K69eA4= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= -github.com/containers/ocicrypt v1.2.0 h1:X14EgRK3xNFvJEfI5O4Qn4T3E25ANudSOZz/sirVuPM= -github.com/containers/ocicrypt v1.2.0/go.mod h1:ZNviigQajtdlxIZGibvblVuIFBKIuUI2M0QM12SD31U= -github.com/containers/storage v1.55.0 h1:wTWZ3YpcQf1F+dSP4KxG9iqDfpQY1otaUXjPpffuhgg= -github.com/containers/storage v1.55.0/go.mod h1:28cB81IDk+y7ok60Of6u52RbCeBRucbFOeLunhER1RQ= +github.com/containers/ocicrypt v1.2.1 h1:0qIOTT9DoYwcKmxSt8QJt+VzMY18onl9jUXsxpVhSmM= +github.com/containers/ocicrypt v1.2.1/go.mod h1:aD0AAqfMp0MtwqWgHM1bUwe1anx0VazI108CRrSKINQ= +github.com/containers/storage v1.59.1 h1:11Zu68MXsEQGBBd+GadPrHPpWeqjKS8hJDGiAHgIqDs= +github.com/containers/storage v1.59.1/go.mod h1:KoAYHnAjP3/cTsRS+mmWZGkufSY2GACiKQ4V3ZLQnR0= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= -github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 h1:uX1JmpONuD549D73r6cgnxyUu18Zb7yHAy5AYU0Pm4Q= +github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= +github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= +github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= -github.com/distribution/distribution/v3 v3.0.0-beta.1 h1:X+ELTxPuZ1Xe5MsD3kp2wfGUhc8I+MPfRis8dZ818Ic= -github.com/distribution/distribution/v3 v3.0.0-beta.1/go.mod h1:O9O8uamhHzWWQVTjuQpyYUVm/ShPHPUDgvQMpHGVBDs= +github.com/distribution/distribution/v3 v3.0.0 h1:q4R8wemdRQDClzoNNStftB2ZAfqOiN6UX90KJc4HjyM= +github.com/distribution/distribution/v3 v3.0.0/go.mod h1:tRNuFoZsUdyRVegq8xGNeds4KLjwLCRin/tTo6i1DhU= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v27.2.0+incompatible h1:yHD1QEB1/0vr5eBNpu8tncu8gWxg8EydFPOSKHzXSMM= -github.com/docker/cli v27.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI= +github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= +github.com/docker/cli v28.3.3+incompatible h1:fp9ZHAr1WWPGdIWBM1b3zLtgCF+83gRdVMTJsUeiyAo= +github.com/docker/cli v28.3.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v28.0.0+incompatible h1:Olh0KS820sJ7nPsBKChVhk5pzqcwDR15fumfAd/p9hM= -github.com/docker/docker v28.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= -github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= +github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI= +github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= +github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= -github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= -github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= +github.com/docker/go-events v0.0.0-20250114142523-c867878c5e32 h1:EHZfspsnLAz8Hzccd67D5abwLiqoqym2jz/jOS39mCk= +github.com/docker/go-events v0.0.0-20250114142523-c867878c5e32/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4= -github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= -github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= -github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= +github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= -github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= -github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8= +github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= +github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= -github.com/fatih/structtag v1.1.0 h1:6j4mUV/ES2duvnAzKMFkN6/A5mCaNYPD3xfbAkLLOF8= -github.com/fatih/structtag v1.1.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94= +github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4= +github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= -github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= +github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= +github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= +github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU= +github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-air/gini v1.0.4 h1:lteMAxHKNOAjIqazL/klOJJmxq6YxxSuJ17MnMXny+s= @@ -155,55 +160,54 @@ github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxI github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.6.0 h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8= -github.com/go-git/go-billy/v5 v5.6.0/go.mod h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM= -github.com/go-git/go-git/v5 v5.13.0 h1:vLn5wlGIh/X78El6r3Jr+30W16Blk0CTcxTYcYPWi5E= -github.com/go-git/go-git/v5 v5.13.0/go.mod h1:Wjo7/JyVKtQgUNdXYXIepzWfJQkUEIGvkvVkiXRR/zw= +github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM= +github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= +github.com/go-git/go-git/v5 v5.16.2 h1:fT6ZIOjE5iEnkzKyxTHK1W4HGAsPhqEqiSAssSO77hM= +github.com/go-git/go-git/v5 v5.16.2/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs= +github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= -github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic= +github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= -github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= -github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= -github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= +github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= +github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-sql-driver/mysql v1.9.1 h1:FrjNGn/BsJQjVRuSa8CBrM5BWA9BWoXXat3KrtSb/iI= +github.com/go-sql-driver/mysql v1.9.1/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs= +github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= github.com/gobuffalo/envy v1.6.5 h1:X3is06x7v0nW2xiy2yFbbIjwHz57CD6z6MkvqULTCm8= github.com/gobuffalo/envy v1.6.5/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ= github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4= github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-migrate/migrate/v4 v4.17.1 h1:4zQ6iqL6t6AiItphxJctQb3cFqWiSpMnX7wLTPnnYO4= -github.com/golang-migrate/migrate/v4 v4.17.1/go.mod h1:m8hinFyWBn0SA4QKHuKh175Pm9wjmxj3S2Mia7dbXzM= +github.com/golang-migrate/migrate/v4 v4.18.3 h1:EYGkoOsvgHHfm5U/naS1RP/6PL/Xv3S4B/swMiAmDLs= +github.com/golang-migrate/migrate/v4 v4.18.3/go.mod h1:99BKpIi6ruaaXRM1A77eqZ+FWPQ3cfRa+ZVy5bmWMaY= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= @@ -212,32 +216,31 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= -github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= -github.com/google/cel-go v0.22.0 h1:b3FJZxpiv1vTMo2/5RDUqAHPxkT8mmMfJIrq1llbf7g= -github.com/google/cel-go v0.22.0/go.mod h1:BuznPXXfQDpXKWQ9sPW3TzlAJN5zzFe+i9tIs0yC4s8= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= +github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= +github.com/google/cel-go v0.26.0 h1:DPGjXackMpJWH680oGY4lZhYjIameYmR+/6RBdDGmaI= +github.com/google/cel-go v0.26.0/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM= +github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= +github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.20.0 h1:wRqHpOeVh3DnenOrPy9xDOLdnLatiGuuNRVelR2gSbg= -github.com/google/go-containerregistry v0.20.0/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB31qAwjAohdSTU= +github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo= -github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 h1:EEHtgt9IwisQ2AZ4pIsMjahcegHh6rmhqxzIRQIyepY= +github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -247,16 +250,16 @@ github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyE github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= +github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 h1:JYghRBlGCZyCF2wNUJ8W0cwaQdtpcssJ4CgC406g+WU= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99/go.mod h1:3bDW6wMZJB7tiONtC/1Xpicra6Wp5GgbTbQWCbI5fkc= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4= github.com/h2non/filetype v1.1.3 h1:FKkx9QbD7HR/zjK1Ia5XiBsq9zdLi5Kf3zGyFTAFkGg= github.com/h2non/filetype v1.1.3/go.mod h1:319b3zT68BvV+WRj7cwy856M2ehB3HqNOt6sy1HndBY= github.com/h2non/go-is-svg v0.0.0-20160927212452-35e8c4b0612c h1:fEE5/5VNnYUoBOj2I9TP8Jc+a7lge3QWn9DKE7NCwfc= @@ -266,46 +269,38 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= -github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw= -github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU= -github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4= -github.com/hashicorp/golang-lru/v2 v2.0.5/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= -github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/golang-lru/arc/v2 v2.0.7 h1:QxkVTxwColcduO+LP7eJO56r2hFiG8zEbfAAzRv52KQ= +github.com/hashicorp/golang-lru/arc/v2 v2.0.7/go.mod h1:Pe7gBlGdc8clY5LJ0LpJXMt5AmgmWNH1g+oFFVUHOEc= +github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= +github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSASxEI= github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/itchyny/gojq v0.12.16 h1:yLfgLxhIr/6sJNVmYfQjTIv0jGctu6/DgDoivmxTr7g= -github.com/itchyny/gojq v0.12.16/go.mod h1:6abHbdC2uB9ogMS38XsErnfqJ94UlngIJGlRAIj4jTM= +github.com/itchyny/gojq v0.12.17 h1:8av8eGduDb5+rvEdaOO+zQUjA04MS0m3Ps8HiD+fceg= +github.com/itchyny/gojq v0.12.17/go.mod h1:WBrEMkgAfAGO1LUcGOckBl5O726KPp+OlkKug0I/FEY= github.com/itchyny/timefmt-go v0.1.6 h1:ia3s54iciXDdzWzwaVKXZPbiXzxxnv1SPGFfM/myJ5Q= github.com/itchyny/timefmt-go v0.1.6/go.mod h1:RRDZYC5s9ErkjQvTvvU7keJjxUYzIISJGxm9/mAERQg= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= -github.com/joelanford/ignore v0.1.0 h1:VawbTDeg5EL+PN7W8gxVzGerfGpVo3gFdR5ZAqnkYRk= -github.com/joelanford/ignore v0.1.0/go.mod h1:Vb0PQMAQXK29fmiPjDukpO8I2NTcp1y8LbhFijD1/0o= +github.com/joelanford/ignore v0.1.1 h1:vKky5RDoPT+WbONrbQBgOn95VV/UPh4ejlyAbbzgnQk= +github.com/joelanford/ignore v0.1.1/go.mod h1:8eho/D8fwQ3rIXrLwE23AaeaGDNXqLE9QJ3zJ4LIPCw= github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= -github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= +github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -320,10 +315,8 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= -github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= +github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/markbates/inflect v1.0.4 h1:5fh1gzTFhfae06u3hzHYO9xe3l3v3nW5Pwt3naLTP5g= github.com/markbates/inflect v1.0.4/go.mod h1:1fR9+pO2KHEO9ZRtto13gDwwZaAKstQzferVeWqbgNs= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -334,11 +327,12 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= -github.com/mattn/go-sqlite3 v1.14.23 h1:gbShiuAP1W5j9UOksQ06aiiqPMxYecovVGwmTxWtuw0= -github.com/mattn/go-sqlite3 v1.14.23/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= -github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= +github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs= +github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs= +github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ= +github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= +github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= @@ -353,71 +347,69 @@ github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/sys/capability v0.4.0 h1:4D4mI6KlNtWMCM1Z/K0i7RV1FkX+DBDHKVJpCndZoHk= +github.com/moby/sys/capability v0.4.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I= github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= -github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= -github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= -github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= -github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= +github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= +github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= +github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs= +github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= -github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= -github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= +github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= +github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= -github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/ginkgo/v2 v2.25.2 h1:hepmgwx1D+llZleKQDMEvy8vIlCxMGt7W5ZxDjIEhsw= +github.com/onsi/ginkgo/v2 v2.25.2/go.mod h1:43uiyQC4Ed2tkOzLsEYm7hnrb7UJTWHYNsuy3bG/snE= +github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= +github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= -github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= -github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= -github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= +github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= +github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww= +github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/openshift/api v0.0.0-20221021112143-4226c2167e40 h1:PxjGCA72RtsdHWToZLkjjeWm7WXXx4cuv0u4gtvLbrk= github.com/openshift/api v0.0.0-20221021112143-4226c2167e40/go.mod h1:aQ6LDasvHMvHZXqLHnX2GRmnfTWCF/iIwz8EMTTIE9A= github.com/openshift/client-go v0.0.0-20221019143426-16aed247da5c h1:CV76yFOTXmq9VciBR3Bve5ZWzSxdft7gaMVB3kS0rwg= github.com/openshift/client-go v0.0.0-20221019143426-16aed247da5c/go.mod h1:lFMO8mLHXWFzSdYvGNo8ivF9SfF6zInA8ZGw4phRnUE= -github.com/operator-framework/ansible-operator-plugins v1.36.1 h1:6TNrJ04JWey/7McBzrawe9HQWGjSMtILfahC4nRKDx0= -github.com/operator-framework/ansible-operator-plugins v1.36.1/go.mod h1:vX76IEGaJ09L83swBQrfCwN5a4KErCpH5S+YMRZKOL0= -github.com/operator-framework/api v0.27.0 h1:OrVaGKZJvbZo58HTv2guz7aURkhVKYhFqZ/6VpifiXI= -github.com/operator-framework/api v0.27.0/go.mod h1:lg2Xx+S8NQWGYlEOvFwQvH46E5EK5IrAIL7HWfAhciM= +github.com/operator-framework/ansible-operator-plugins v1.39.0 h1:JLlbdGdnGnF8q8WInq24Upde/jfWwRzIJ4gK4xjRLHc= +github.com/operator-framework/ansible-operator-plugins v1.39.0/go.mod h1:XLMYrKfowmX5leL8V4trkgtxfsXYdLynzyHamOR5xJc= +github.com/operator-framework/api v0.34.0 h1:REiEaYhG1CWmDoajdcAdZqtgoljWG+ixMY59vUX5pFI= +github.com/operator-framework/api v0.34.0/go.mod h1:eGncUNIYvWtfGCCKmLzGXvoi3P0TDf3Yd/Z0Sn9E6SQ= github.com/operator-framework/operator-lifecycle-manager v0.30.0 h1:tt98f0lx2EfxfE/5PbpUi5fTnDnqZ17zGpftUA6oRm0= github.com/operator-framework/operator-lifecycle-manager v0.30.0/go.mod h1:nPbzJVqxAwoUz5q7QovYZcHN/v4in5sucPT2UpF+ikQ= -github.com/operator-framework/operator-manifest-tools v0.6.0 h1:1fUP0ki3plXM6WivlcE6m5cV8fO2ZZVPHJM93vlgWJo= -github.com/operator-framework/operator-manifest-tools v0.6.0/go.mod h1:rL+U7e+hpH87/kq88mbEprZpq25lwtJofsAFhq6Y/Wc= -github.com/operator-framework/operator-registry v1.47.0 h1:Imr7X/W6FmXczwpIOXfnX8d6Snr1dzwWxkMG+lLAfhg= -github.com/operator-framework/operator-registry v1.47.0/go.mod h1:CJ3KcP8uRxtC8l9caM1RsV7r7jYlKAd452tcxcgXyTQ= -github.com/operator-framework/operator-sdk v1.38.0 h1:chas0+n8WqUL7jzR98wBhoYsRWf9o30RIEKhQaxQWYw= -github.com/operator-framework/operator-sdk v1.38.0/go.mod h1:kOkheqZAf6lMPi/09ihOQvq9ZN0sbWu5zXnVX7oCIc4= -github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU= -github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w= -github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= -github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM= -github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= -github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= +github.com/operator-framework/operator-manifest-tools v0.10.0 h1:+vtIElvGQ5e43gCD6fF65a0HNH3AD3LGnukUhpl9kjc= +github.com/operator-framework/operator-manifest-tools v0.10.0/go.mod h1:eB/wnr0BOhMLNXPeceE+0p3vudP16zDNWP60Hvn3KaM= +github.com/operator-framework/operator-registry v1.57.0 h1:mQ4c8A8VUxZPJ0QCFRNio+7JEsLX6eKxlDSl6ORCRdk= +github.com/operator-framework/operator-registry v1.57.0/go.mod h1:9rAZH/LZ/ttEuTvL1D4KApGqOtRDE6fJzzOrJNcBu7g= +github.com/operator-framework/operator-sdk v1.41.1 h1:dO+YeKerID4e4fjwi2LmDmaE2JzObF5pGTJm0dgVcjw= +github.com/operator-framework/operator-sdk v1.41.1/go.mod h1:7CSt3iO8Df2xPMtAcXi84a/K/bMnalx+m3DTELZ5lU8= +github.com/otiai10/copy v1.14.1 h1:5/7E6qsUMBaH5AnQ0sSLzzTg1oTECmcCmT6lvF45Na8= +github.com/otiai10/copy v1.14.1/go.mod h1:oQwrEDDOci3IM8dJF0d8+jnbfPDllW6vUjNc3DoZm9I= +github.com/otiai10/mint v1.6.3 h1:87qsV/aw1F5as1eH1zS/yqHY85ANKVMgkDrf9rcxbQs= +github.com/otiai10/mint v1.6.3/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM= +github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= +github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -425,67 +417,70 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= -github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/proglottis/gpgme v0.1.4 h1:3nE7YNA70o2aLjcg63tXMOhPD7bplfE5CBdV+hLAm2M= +github.com/proglottis/gpgme v0.1.4/go.mod h1:5LoXMgpE4bttgwwdv9bLs/vwqv3qV7F4glEEZ7mRKrM= +github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= +github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= -github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.60.0 h1:+V9PAREWNvJMAuJ1x1BaWl9dewMW4YrHZQbx0sJNllA= -github.com/prometheus/common v0.60.0/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= -github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= -github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5 h1:EaDatTxkdHG+U3Bk4EUr+DZ7fOGwTfezUiUJMaIcaho= -github.com/redis/go-redis/extra/rediscmd/v9 v9.0.5/go.mod h1:fyalQWdtzDBECAQFBJuQe5bzQ02jGd5Qcbgb97Flm7U= -github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb27yVE+gIAfeqp8LUCc= -github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ= -github.com/redis/go-redis/v9 v9.1.0 h1:137FnGdk+EQdCbye1FW+qOEcY5S+SpY9T0NiuqvtfMY= -github.com/redis/go-redis/v9 v9.1.0/go.mod h1:urWj3He21Dj5k4TK1y59xH8Uj6ATueP8AH1cY3lZl4c= +github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= +github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= +github.com/prometheus/common v0.67.4 h1:yR3NqWO1/UyO1w2PhUvXlGQs/PtFmoveVO0KZ4+Lvsc= +github.com/prometheus/common v0.67.4/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI= +github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= +github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= +github.com/redis/go-redis/extra/rediscmd/v9 v9.10.0 h1:uTiEyEyfLhkw678n6EulHVto8AkcXVr8zUcBJNZ0ark= +github.com/redis/go-redis/extra/rediscmd/v9 v9.10.0/go.mod h1:eFYL/99JvdLP4T9/3FZ5t2pClnv7mMskc+WstTcyVr4= +github.com/redis/go-redis/extra/redisotel/v9 v9.10.0 h1:4z7/hCJ9Jft8EBb2tDmK38p2WjyIEJ1ShhhwAhjOCps= +github.com/redis/go-redis/extra/redisotel/v9 v9.10.0/go.mod h1:B0thqLh4hB8MvvcUKSwyP5YiIcCCp8UrQ0cA9gEqyjk= +github.com/redis/go-redis/v9 v9.10.0 h1:FxwK3eV8p/CQa0Ch276C7u2d0eNC9kCmAYQ7mCXCzVs= +github.com/redis/go-redis/v9 v9.10.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/rubenv/sql-migrate v1.7.1 h1:f/o0WgfO/GqNuVg+6801K/KW3WdDSupzSjDYODmiUq4= -github.com/rubenv/sql-migrate v1.7.1/go.mod h1:Ob2Psprc0/3ggbM6wCzyYVFFuc6FyZrb2AS+ezLDFb4= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= +github.com/rubenv/sql-migrate v1.8.0 h1:dXnYiJk9k3wetp7GfQbKJcPHjVJL6YK19tKj8t2Ns0o= +github.com/rubenv/sql-migrate v1.8.0/go.mod h1:F2bGFBwCU+pnmbtNYDeKvSuvL6lBVtXDXUUv5t+u1qw= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ= -github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= -github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= -github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= -github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= -github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= +github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo= +github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k= +github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ= +github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= +github.com/secure-systems-lab/go-securesystemslib v0.9.1 h1:nZZaNz4DiERIQguNy0cL5qTdn9lR8XKHf4RUyG1Sx3g= +github.com/secure-systems-lab/go-securesystemslib v0.9.1/go.mod h1:np53YzT0zXGMv6x4iEWc9Z59uR+x+ndLwCLqPYpLXVU= +github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= +github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sigstore/fulcio v1.8.3 h1:zkuAkRHbD53hhYGlBHHeAW4NRDrrTiDHumAbcfSyyFw= +github.com/sigstore/fulcio v1.8.3/go.mod h1:YxP7TTdn9H5Gg+dXOsu61X36LLYxT2ZuvODhWelMNwA= +github.com/sigstore/protobuf-specs v0.5.0 h1:F8YTI65xOHw70NrvPwJ5PhAzsvTnuJMGLkA4FIkofAY= +github.com/sigstore/protobuf-specs v0.5.0/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= +github.com/sigstore/sigstore v1.10.0 h1:lQrmdzqlR8p9SCfWIpFoGUqdXEzJSZT2X+lTXOMPaQI= +github.com/sigstore/sigstore v1.10.0/go.mod h1:Ygq+L/y9Bm3YnjpJTlQrOk/gXyrjkpn3/AEJpmk1n9Y= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/smallstep/pkcs7 v0.2.1 h1:6Kfzr/QizdIuB6LSv8y1LJdZ3aPSfTNhTLqAx9CTLfA= +github.com/smallstep/pkcs7 v0.2.1/go.mod h1:RcXHsMfL+BzH8tRhmrF1NkkpebKpq3JEM66cOFxanf0= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= -github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= -github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= -github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= -github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= -github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= -github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= +github.com/spf13/afero v1.14.0 h1:9tH6MapGnn/j0eb0yIXiLjERO8RB6xIVZRDCX7PtqWA= +github.com/spf13/afero v1.14.0/go.mod h1:acJQ8t0ohCGuMN3O+Pv0V0hgMxNYDlvdk+VTfyZmbYo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= +github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= +github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.20.1 h1:ZMi+z/lvLyPSCoNtFCpqjy0S4kPbirhpTMwl8BkW9X4= +github.com/spf13/viper v1.20.1/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4= +github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 h1:pnnLyeX7o/5aX8qUQ69P/mLojDqwda8hFOCBTmP/6hw= +github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= +github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs= +github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= @@ -498,146 +493,201 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= -github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= -github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/thoas/go-funk v0.8.0 h1:JP9tKSvnpFVclYgDM0Is7FD9M4fhPvqA0s0BsXmzSRQ= -github.com/thoas/go-funk v0.8.0/go.mod h1:+IWnUfUmFO1+WVYQWQtIJHeRRdaIyyYglZN7xzUPe4Q= +github.com/thoas/go-funk v0.9.3 h1:7+nAEx3kn5ZJcnDm2Bh23N2yOtweO14bi//dvRtgLpw= +github.com/thoas/go-funk v0.9.3/go.mod h1:+IWnUfUmFO1+WVYQWQtIJHeRRdaIyyYglZN7xzUPe4Q= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts= -github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk= +github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo= +github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= +github.com/vbauerster/mpb/v8 v8.10.2 h1:2uBykSHAYHekE11YvJhKxYmLATKHAGorZwFlyNw4hHM= +github.com/vbauerster/mpb/v8 v8.10.2/go.mod h1:+Ja4P92E3/CorSZgfDtK46D7AVbDqmBQRTmyTqPElo0= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= -github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.etcd.io/bbolt v1.3.11 h1:yGEzV1wPz2yVCLsD8ZAiGHhHVlczyC9d1rP43/VCRJ0= -go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I= -go.etcd.io/etcd/api/v3 v3.5.16 h1:WvmyJVbjWqK4R1E+B12RRHz3bRGy9XVfh++MgbN+6n0= -go.etcd.io/etcd/api/v3 v3.5.16/go.mod h1:1P4SlIP/VwkDmGo3OlOD7faPeP8KDIFhqvciH5EfN28= -go.etcd.io/etcd/client/pkg/v3 v3.5.16 h1:ZgY48uH6UvB+/7R9Yf4x574uCO3jIx0TRDyetSfId3Q= -go.etcd.io/etcd/client/pkg/v3 v3.5.16/go.mod h1:V8acl8pcEK0Y2g19YlOV9m9ssUe6MgiDSobSoaBAM0E= -go.etcd.io/etcd/client/v3 v3.5.16 h1:sSmVYOAHeC9doqi0gv7v86oY/BTld0SEFGaxsU9eRhE= -go.etcd.io/etcd/client/v3 v3.5.16/go.mod h1:X+rExSGkyqxvu276cr2OwPLBaeqFu1cIl4vmRjAD/50= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo= +go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E= +go.etcd.io/etcd/api/v3 v3.5.21 h1:A6O2/JDb3tvHhiIz3xf9nJ7REHvtEFJJ3veW3FbCnS8= +go.etcd.io/etcd/api/v3 v3.5.21/go.mod h1:c3aH5wcvXv/9dqIw2Y810LDXJfhSYdHQ0vxmP3CCHVY= +go.etcd.io/etcd/client/pkg/v3 v3.5.21 h1:lPBu71Y7osQmzlflM9OfeIV2JlmpBjqBNlLtcoBqUTc= +go.etcd.io/etcd/client/pkg/v3 v3.5.21/go.mod h1:BgqT/IXPjK9NkeSDjbzwsHySX3yIle2+ndz28nVsjUs= +go.etcd.io/etcd/client/v3 v3.5.21 h1:T6b1Ow6fNjOLOtM0xSoKNQt1ASPCLWrF9XMHcH9pEyY= +go.etcd.io/etcd/client/v3 v3.5.21/go.mod h1:mFYy67IOqmbRf/kRUvsHixzo3iG+1OF2W2+jVIQRAnU= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/exporters/autoexport v0.46.1 h1:ysCfPZB9AjUlMa1UHYup3c9dAOCMQX/6sxSfPBUoxHw= -go.opentelemetry.io/contrib/exporters/autoexport v0.46.1/go.mod h1:ha0aiYm+DOPsLHjh0zoQ8W8sLT+LJ58J3j47lGpSLrU= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= -go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= -go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0+5t/YynESZqsSyPz+7PAFdEop0dlN0+PkyHYo8oI= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I= -go.opentelemetry.io/otel/exporters/prometheus v0.44.0 h1:08qeJgaPC0YEBu2PQMbqU3rogTlyzpjhCI2b58Yn00w= -go.opentelemetry.io/otel/exporters/prometheus v0.44.0/go.mod h1:ERL2uIeBtg4TxZdojHUwzZfIFlUIjZtxubT5p4h1Gjg= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0 h1:dEZWPjVN22urgYCza3PXRUGEyCB++y1sAqm6guWFesk= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v0.44.0/go.mod h1:sTt30Evb7hJB/gEk27qLb1+l9n4Tb8HvHkR0Wx3S6CU= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec= -go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E= -go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= -go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= -go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= -go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= -go.opentelemetry.io/otel/sdk/metric v1.28.0 h1:OkuaKgKrgAbYrrY0t92c+cC+2F6hsFNnCQArXCKlg08= -go.opentelemetry.io/otel/sdk/metric v1.28.0/go.mod h1:cWPjykihLAPvXKi4iZc1dpER3Jdq2Z0YLse3moQUCpg= -go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= -go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= -go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= -go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/contrib/bridges/prometheus v0.61.0 h1:RyrtJzu5MAmIcbRrwg75b+w3RlZCP0vJByDVzcpAe3M= +go.opentelemetry.io/contrib/bridges/prometheus v0.61.0/go.mod h1:tirr4p9NXbzjlbruiRGp53IzlYrDk5CO2fdHj0sSSaY= +go.opentelemetry.io/contrib/exporters/autoexport v0.61.0 h1:XfzKtKSrbtYk9TNCF8dkO0Y9M7IOfb4idCwBOTwGBiI= +go.opentelemetry.io/contrib/exporters/autoexport v0.61.0/go.mod h1:N6otC+qXTD5bAnbK2O1f/1SXq3cX+3KYSWrkBUqG0cw= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 h1:YH4g8lQroajqUwWbq/tr2QX1JFmEXaDLgG+ew9bLMWo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0/go.mod h1:fvPi2qXDqFs8M4B4fmJhE92TyQs9Ydjlg3RvfUp+NbQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg= +go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= +go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.12.2 h1:06ZeJRe5BnYXceSM9Vya83XXVaNGe3H1QqsvqRANQq8= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.12.2/go.mod h1:DvPtKE63knkDVP88qpatBj81JxN+w1bqfVbsbCbj1WY= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.12.2 h1:tPLwQlXbJ8NSOfZc4OkgU5h2A38M4c9kfHSVc4PFQGs= +go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.12.2/go.mod h1:QTnxBwT/1rBIgAG1goq6xMydfYOBKU6KTiYF4fp5zL8= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.36.0 h1:zwdo1gS2eH26Rg+CoqVQpEK1h8gvt5qyU5Kk5Bixvow= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.36.0/go.mod h1:rUKCPscaRWWcqGT6HnEmYrK+YNe5+Sw64xgQTOJ5b30= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.36.0 h1:gAU726w9J8fwr4qRDqu1GYMNNs4gXrU+Pv20/N1UpB4= +go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.36.0/go.mod h1:RboSDkp7N292rgu+T0MgVt2qgFGu6qa1RpZDOtpL76w= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 h1:lwI4Dc5leUqENgGuQImwLo4WnuXFPetmPpkLi2IrX54= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0/go.mod h1:Kz/oCE7z5wuyhPxsXDuaPteSWqjSBD5YaSdbxZYGbGk= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.36.0 h1:nRVXXvf78e00EwY6Wp0YII8ww2JVWshZ20HfTlE11AM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.36.0/go.mod h1:r49hO7CgrxY9Voaj3Xe8pANWtr0Oq916d0XAmOoCZAQ= +go.opentelemetry.io/otel/exporters/prometheus v0.58.0 h1:CJAxWKFIqdBennqxJyOgnt5LqkeFRT+Mz3Yjz3hL+h8= +go.opentelemetry.io/otel/exporters/prometheus v0.58.0/go.mod h1:7qo/4CLI+zYSNbv0GMNquzuss2FVZo3OYrGh96n4HNc= +go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.12.2 h1:12vMqzLLNZtXuXbJhSENRg+Vvx+ynNilV8twBLBsXMY= +go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.12.2/go.mod h1:ZccPZoPOoq8x3Trik/fCsba7DEYDUnN6yX79pgp2BUQ= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.36.0 h1:rixTyDGXFxRy1xzhKrotaHy3/KXdPhlWARrCgK+eqUY= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.36.0/go.mod h1:dowW6UsM9MKbJq5JTz2AMVp3/5iW5I/TStsk8S+CfHw= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.36.0 h1:G8Xec/SgZQricwWBJF/mHZc7A02YHedfFDENwJEdRA0= +go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.36.0/go.mod h1:PD57idA/AiFD5aqoxGxCvT/ILJPeHy3MjqU/NS7KogY= +go.opentelemetry.io/otel/log v0.12.2 h1:yob9JVHn2ZY24byZeaXpTVoPS6l+UrrxmxmPKohXTwc= +go.opentelemetry.io/otel/log v0.12.2/go.mod h1:ShIItIxSYxufUMt+1H5a2wbckGli3/iCfuEbVZi/98E= +go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= +go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI= +go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E= +go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg= +go.opentelemetry.io/otel/sdk/log v0.12.2 h1:yNoETvTByVKi7wHvYS6HMcZrN5hFLD7I++1xIZ/k6W0= +go.opentelemetry.io/otel/sdk/log v0.12.2/go.mod h1:DcpdmUXHJgSqN/dh+XMWa7Vf89u9ap0/AAk/XGLnEzY= +go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM= +go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA= +go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE= +go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= +go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4= +go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= +go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= -go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= +go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= +go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= -golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= +golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= +golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o= +golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= +golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= -golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= -golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= +golang.org/x/oauth2 v0.33.0 h1:4Q+qn+E5z8gPRJfmRy7C2gGG3T4jIprK6aSYgTXGRpo= +golang.org/x/oauth2 v0.33.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= -golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= -golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= -golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= +golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= +golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= -golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= -golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= -golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= +golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= +golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -646,32 +696,42 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= +golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= +golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= +golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= +golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= +gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY= -google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= -google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 h1:YcyjlL1PRr2Q17/I0dPk2JmYS5CDXfcdb2Z3YRioEbw= -google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 h1:2035KHhUv+EpyB+hWgJnaWKJOdX1E95w2S8Rr4uWKTs= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4= +google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= +google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 h1:mepRgnBZa07I4TRuomDE4sTIYieg/osKmzIf4USdWS4= +google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8/go.mod h1:fDMmzKV90WSg1NbozdqrE64fkuTv6mlq2zxo9ad+3yo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 h1:tRPGkdGHuewF4UisLzzHHr1spKw92qLM98nIzxbC0wY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= -google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM= +google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -681,11 +741,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -693,69 +750,69 @@ gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSP gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= -gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= -gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= -gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= -helm.sh/helm/v3 v3.17.3 h1:3n5rW3D0ArjFl0p4/oWO8IbY/HKaNNwJtOQFdH2AZHg= -helm.sh/helm/v3 v3.17.3/go.mod h1:+uJKMH/UiMzZQOALR3XUf3BLIoczI2RKKD6bMhPh4G8= +gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= +gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= +helm.sh/helm/v3 v3.18.6 h1:S/2CqcYnNfLckkHLI0VgQbxgcDaU3N4A/46E3n9wSNY= +helm.sh/helm/v3 v3.18.6/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw= -k8s.io/api v0.32.2/go.mod h1:hKlhk4x1sJyYnHENsrdCWw31FEmCijNGPJO5WzHiJ6Y= -k8s.io/apiextensions-apiserver v0.32.2 h1:2YMk285jWMk2188V2AERy5yDwBYrjgWYggscghPCvV4= -k8s.io/apiextensions-apiserver v0.32.2/go.mod h1:GPwf8sph7YlJT3H6aKUWtd0E+oyShk/YHWQHf/OOgCA= -k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ= -k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= -k8s.io/apiserver v0.32.2 h1:WzyxAu4mvLkQxwD9hGa4ZfExo3yZZaYzoYvvVDlM6vw= -k8s.io/apiserver v0.32.2/go.mod h1:PEwREHiHNU2oFdte7BjzA1ZyjWjuckORLIK/wLV5goM= -k8s.io/cli-runtime v0.32.2 h1:aKQR4foh9qeyckKRkNXUccP9moxzffyndZAvr+IXMks= -k8s.io/cli-runtime v0.32.2/go.mod h1:a/JpeMztz3xDa7GCyyShcwe55p8pbcCVQxvqZnIwXN8= -k8s.io/client-go v0.32.2 h1:4dYCD4Nz+9RApM2b/3BtVvBHw54QjMFUl1OLcJG5yOA= -k8s.io/client-go v0.32.2/go.mod h1:fpZ4oJXclZ3r2nDOv+Ux3XcJutfrwjKTCHz2H3sww94= -k8s.io/component-base v0.32.2 h1:1aUL5Vdmu7qNo4ZsE+569PV5zFatM9hl+lb3dEea2zU= -k8s.io/component-base v0.32.2/go.mod h1:PXJ61Vx9Lg+P5mS8TLd7bCIr+eMJRQTyXe8KvkrvJq0= +k8s.io/api v0.33.4 h1:oTzrFVNPXBjMu0IlpA2eDDIU49jsuEorGHB4cvKupkk= +k8s.io/api v0.33.4/go.mod h1:VHQZ4cuxQ9sCUMESJV5+Fe8bGnqAARZ08tSTdHWfeAc= +k8s.io/apiextensions-apiserver v0.33.4 h1:rtq5SeXiDbXmSwxsF0MLe2Mtv3SwprA6wp+5qh/CrOU= +k8s.io/apiextensions-apiserver v0.33.4/go.mod h1:mWXcZQkQV1GQyxeIjYApuqsn/081hhXPZwZ2URuJeSs= +k8s.io/apimachinery v0.33.4 h1:SOf/JW33TP0eppJMkIgQ+L6atlDiP/090oaX0y9pd9s= +k8s.io/apimachinery v0.33.4/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= +k8s.io/apiserver v0.33.4 h1:6N0TEVA6kASUS3owYDIFJjUH6lgN8ogQmzZvaFFj1/Y= +k8s.io/apiserver v0.33.4/go.mod h1:8ODgXMnOoSPLMUg1aAzMFx+7wTJM+URil+INjbTZCok= +k8s.io/cli-runtime v0.33.3 h1:Dgy4vPjNIu8LMJBSvs8W0LcdV0PX/8aGG1DA1W8lklA= +k8s.io/cli-runtime v0.33.3/go.mod h1:yklhLklD4vLS8HNGgC9wGiuHWze4g7x6XQZ+8edsKEo= +k8s.io/client-go v0.33.4 h1:TNH+CSu8EmXfitntjUPwaKVPN0AYMbc9F1bBS8/ABpw= +k8s.io/client-go v0.33.4/go.mod h1:LsA0+hBG2DPwovjd931L/AoaezMPX9CmBgyVyBZmbCY= +k8s.io/component-base v0.33.4 h1:Jvb/aw/tl3pfgnJ0E0qPuYLT0NwdYs1VXXYQmSuxJGY= +k8s.io/component-base v0.33.4/go.mod h1:567TeSdixWW2Xb1yYUQ7qk5Docp2kNznKL87eygY8Rc= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.31.1 h1:vrYBTTs3xMrpiEsmBjsLETZE9uuX67oQ8B3i1BFfMPw= -k8s.io/kube-aggregator v0.31.1/go.mod h1:+aW4NX50uneozN+BtoCxI4g7ND922p8Wy3tWKFDiWVk= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= -k8s.io/kubectl v0.32.2 h1:TAkag6+XfSBgkqK9I7ZvwtF0WVtUAvK8ZqTt+5zi1Us= -k8s.io/kubectl v0.32.2/go.mod h1:+h/NQFSPxiDZYX/WZaWw9fwYezGLISP0ud8nQKg+3g8= -k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= -k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= -oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 h1:CPT0ExVicCzcpeN4baWEV2ko2Z/AsiZgEdwgcfwLgMo= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= -sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= -sigs.k8s.io/controller-tools v0.16.5 h1:5k9FNRqziBPwqr17AMEPPV/En39ZBplLAdOwwQHruP4= -sigs.k8s.io/controller-tools v0.16.5/go.mod h1:8vztuRVzs8IuuJqKqbXCSlXcw+lkAv/M2sTpg55qjMY= -sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= -sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= -sigs.k8s.io/kubebuilder/v4 v4.1.1 h1:aUdzTq3FjpuNIqzlJRTtRJMKZBNQnTwd05PCu7xVeAY= -sigs.k8s.io/kubebuilder/v4 v4.1.1/go.mod h1:h5VTUGFardXU5BCjEgGuOkSzb86/Nhd3ojmcMZseiVU= -sigs.k8s.io/kustomize/api v0.18.0 h1:hTzp67k+3NEVInwz5BHyzc9rGxIauoXferXyjv5lWPo= -sigs.k8s.io/kustomize/api v0.18.0/go.mod h1:f8isXnX+8b+SGLHQ6yO4JG1rdkZlvhaCf/uZbLVMb0U= -sigs.k8s.io/kustomize/kyaml v0.18.1 h1:WvBo56Wzw3fjS+7vBjN6TeivvpbW9GmRaWZ9CIVmt4E= -sigs.k8s.io/kustomize/kyaml v0.18.1/go.mod h1:C3L2BFVU1jgcddNBE1TxuVLgS46TjObMwW5FT9FcjYo= -sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= -sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= -sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +k8s.io/kube-aggregator v0.33.4 h1:TdIJKHb0/bLpby7FblXIaVEzyA1jGEjzt/n9cRvwq8U= +k8s.io/kube-aggregator v0.33.4/go.mod h1:wZuctdRvGde5bwzxkZRs0GYj2KOpCNgx8rRGVoNb62k= +k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a h1:ZV3Zr+/7s7aVbjNGICQt+ppKWsF1tehxggNfbM7XnG8= +k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8= +k8s.io/kubectl v0.33.3 h1:r/phHvH1iU7gO/l7tTjQk2K01ER7/OAJi8uFHHyWSac= +k8s.io/kubectl v0.33.3/go.mod h1:euj2bG56L6kUGOE/ckZbCoudPwuj4Kud7BR0GzyNiT0= +k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= +k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= +oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 h1:qPrZsv1cwQiFeieFlRqT627fVZ+tyfou/+S5S0H5ua0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8= +sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM= +sigs.k8s.io/controller-tools v0.18.0 h1:rGxGZCZTV2wJreeRgqVoWab/mfcumTMmSwKzoM9xrsE= +sigs.k8s.io/controller-tools v0.18.0/go.mod h1:gLKoiGBriyNh+x1rWtUQnakUYEujErjXs9pf+x/8n1U= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +sigs.k8s.io/kubebuilder/v4 v4.6.0 h1:SBc37jghs3L2UaEL91A1t5K5dANrEviUDuNic9hMQSw= +sigs.k8s.io/kubebuilder/v4 v4.6.0/go.mod h1:zlXrnLiJPDPpK4hKCUrlgzzLOusfA8Sd8tpYGIrvD00= +sigs.k8s.io/kustomize/api v0.19.0 h1:F+2HB2mU1MSiR9Hp1NEgoU2q9ItNOaBJl0I4Dlus5SQ= +sigs.k8s.io/kustomize/api v0.19.0/go.mod h1:/BbwnivGVcBh1r+8m3tH1VNxJmHSk1PzP5fkP6lbL1o= +sigs.k8s.io/kustomize/kyaml v0.19.0 h1:RFge5qsO1uHhwJsu3ipV7RNolC7Uozc0jUBC/61XSlA= +sigs.k8s.io/kustomize/kyaml v0.19.0/go.mod h1:FeKD5jEOH+FbZPpqUghBP8mrLjJ3+zD3/rf9NNu1cwY= +sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= +sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI= +sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= +sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= +sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/operator/tools/yq/go.mod b/operator/tools/yq/go.mod index 47782d358fb58..379dcb23ea856 100644 --- a/operator/tools/yq/go.mod +++ b/operator/tools/yq/go.mod @@ -1,6 +1,6 @@ module github.com/stackrox/rox/operator/tools/yq -go 1.24 +go 1.25 require github.com/mikefarah/yq/v4 v4.47.2 diff --git a/pkg/booleanpolicy/query/operator_string.go b/pkg/booleanpolicy/query/operator_string.go index 2ab7e93626c38..b5534bd7c1b68 100644 --- a/pkg/booleanpolicy/query/operator_string.go +++ b/pkg/booleanpolicy/query/operator_string.go @@ -18,8 +18,9 @@ const _Operator_name = "UnsetAndOr" var _Operator_index = [...]uint8{0, 5, 8, 10} func (i Operator) String() string { - if i < 0 || i >= Operator(len(_Operator_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Operator_index)-1 { return "Operator(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Operator_name[_Operator_index[i]:_Operator_index[i+1]] + return _Operator_name[_Operator_index[idx]:_Operator_index[idx+1]] } diff --git a/pkg/cve/cve.go b/pkg/cve/cve.go index 7af6609c77bdd..32086230d5ba3 100644 --- a/pkg/cve/cve.go +++ b/pkg/cve/cve.go @@ -3,7 +3,6 @@ package cve import ( "strconv" - "github.com/mitchellh/hashstructure/v2" "github.com/stackrox/rox/generated/storage" pgSearch "github.com/stackrox/rox/pkg/search/postgres" ) @@ -25,13 +24,10 @@ func ID(cve, os string) string { } // IDV2 creates a CVE ID from the given cve name, component id and index of CVE within the component. -func IDV2(cve *storage.EmbeddedVulnerability, componentID string) (string, error) { - hash, err := hashstructure.Hash(cve, hashstructure.FormatV2, &hashstructure.HashOptions{ZeroNil: true}) - if err != nil { - return "", err - } - - return pgSearch.IDFromPks([]string{cve.GetCve(), strconv.FormatUint(hash, 10), componentID}), nil +func IDV2(cve *storage.EmbeddedVulnerability, componentID string, index int) string { + // The index it occurs in the component list is sufficient for uniqueness. We do not need to be able to + // rebuild this ID at query time from an embedded object. + return pgSearch.IDFromPks([]string{cve.GetCve(), strconv.Itoa(index), componentID}) } // IDToParts return the CVE ID parts—cve and operating system. diff --git a/pkg/env/virtualmachine.go b/pkg/env/virtualmachine.go index cef2ae080ab8d..68b83a7dd04e7 100644 --- a/pkg/env/virtualmachine.go +++ b/pkg/env/virtualmachine.go @@ -1,9 +1,9 @@ package env var ( - // VirtualMachinesVsockConnMaxSizeKB defines the maximum size of incoming vsock connections. The 4 MB default - // allows connections carrying index reports with up to approximately 10000 packages. - VirtualMachinesVsockConnMaxSizeKB = RegisterIntegerSetting("ROX_VIRTUAL_MACHINES_VSOCK_CONN_MAX_SIZE_KB", 4096) + // VirtualMachinesVsockConnMaxSizeKB defines the maximum size of incoming vsock connections. The 16 MB default + // allows connections carrying index reports with up to approximately 6400 packages. + VirtualMachinesVsockConnMaxSizeKB = RegisterIntegerSetting("ROX_VIRTUAL_MACHINES_VSOCK_CONN_MAX_SIZE_KB", 16384) // VirtualMachinesVsockPort defines the port where the virtual machine relay will listen for incoming vsock // connections carrying virtual machine index reports. diff --git a/pkg/helm/charts/tests/securedclusterservices/feature-flags/testdata/helmtest/admission-controller-config/admission-control.test.yaml b/pkg/helm/charts/tests/securedclusterservices/feature-flags/testdata/helmtest/admission-controller-config/admission-control.test.yaml index 0d2a82a81797f..189122916135d 100644 --- a/pkg/helm/charts/tests/securedclusterservices/feature-flags/testdata/helmtest/admission-controller-config/admission-control.test.yaml +++ b/pkg/helm/charts/tests/securedclusterservices/feature-flags/testdata/helmtest/admission-controller-config/admission-control.test.yaml @@ -99,6 +99,10 @@ tests: set: admissionControl.dynamic.enforceOnUpdates: false admissionControl.dynamic.enforceOnCreates: true + - name: "if enforceOnCreates and enforceOnUpdates enabled" + set: + admissionControl.dynamic.enforceOnUpdates: true + admissionControl.dynamic.enforceOnCreates: true - name: "Warning is emitted when enforcement is disabled" expect: .notes | assertThat(contains("Admission Controller enforcement will be completely disabled, this is a bad idea")) diff --git a/pkg/images/enricher/enricher_impl.go b/pkg/images/enricher/enricher_impl.go index e7841dc36e458..09c506211460b 100644 --- a/pkg/images/enricher/enricher_impl.go +++ b/pkg/images/enricher/enricher_impl.go @@ -94,6 +94,8 @@ func (e *enricherImpl) EnrichWithVulnerabilities(image *storage.Image, component ScanResult: ScanNotDone, }, errors.Wrapf(err, "retrieving image vulnerabilities from %s [%s]", scanner.Name(), scanner.Type()) } + e.cvesSuppressor.EnrichImageWithSuppressedCVEs(image) + e.cvesSuppressorV2.EnrichImageWithSuppressedCVEs(image) return EnrichmentResult{ ImageUpdated: res != ScanNotDone, diff --git a/pkg/images/enricher/scanresult_string.go b/pkg/images/enricher/scanresult_string.go index 476fc43e7e541..312f7a90e6dbb 100644 --- a/pkg/images/enricher/scanresult_string.go +++ b/pkg/images/enricher/scanresult_string.go @@ -18,8 +18,9 @@ const _ScanResult_name = "ScanNotDoneScanTriggeredScanSucceeded" var _ScanResult_index = [...]uint8{0, 11, 24, 37} func (i ScanResult) String() string { - if i < 0 || i >= ScanResult(len(_ScanResult_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_ScanResult_index)-1 { return "ScanResult(" + strconv.FormatInt(int64(i), 10) + ")" } - return _ScanResult_name[_ScanResult_index[i]:_ScanResult_index[i+1]] + return _ScanResult_name[_ScanResult_index[idx]:_ScanResult_index[idx+1]] } diff --git a/pkg/metrics/op_string.go b/pkg/metrics/op_string.go index 0aea8d9ef4266..ebb1f7ee9a70d 100644 --- a/pkg/metrics/op_string.go +++ b/pkg/metrics/op_string.go @@ -36,17 +36,19 @@ func _() { _ = x[UpsertAll-25] _ = x[Walk-26] _ = x[WalkByQuery-27] - _ = x[Unset-28] - _ = x[Dropped-29] + _ = x[WalkMetadataByQuery-28] + _ = x[Unset-29] + _ = x[Dropped-30] } -const _Op_name = "AddAddManyCountDedupeExistsGetGetAllGetManyGetExternalFlowsForDeploymentGetFlowsForDeploymentGetByQueryGetGroupedGetProcessListeningOnPortListPruneResetRenameRemoveRemoveManyRemoveFlowsByDeploymentSearchSyncUpdateUpdateManyUpsertUpsertAllWalkWalkByQueryUnsetDropped" +const _Op_name = "AddAddManyCountDedupeExistsGetGetAllGetManyGetExternalFlowsForDeploymentGetFlowsForDeploymentGetByQueryGetGroupedGetProcessListeningOnPortListPruneResetRenameRemoveRemoveManyRemoveFlowsByDeploymentSearchSyncUpdateUpdateManyUpsertUpsertAllWalkWalkByQueryWalkMetadataByQueryUnsetDropped" -var _Op_index = [...]uint16{0, 3, 10, 15, 21, 27, 30, 36, 43, 72, 93, 103, 113, 138, 142, 147, 152, 158, 164, 174, 197, 203, 207, 213, 223, 229, 238, 242, 253, 258, 265} +var _Op_index = [...]uint16{0, 3, 10, 15, 21, 27, 30, 36, 43, 72, 93, 103, 113, 138, 142, 147, 152, 158, 164, 174, 197, 203, 207, 213, 223, 229, 238, 242, 253, 272, 277, 284} func (i Op) String() string { - if i < 0 || i >= Op(len(_Op_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Op_index)-1 { return "Op(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Op_name[_Op_index[i]:_Op_index[i+1]] + return _Op_name[_Op_index[idx]:_Op_index[idx+1]] } diff --git a/pkg/metrics/operations.go b/pkg/metrics/operations.go index 895597a3ac9ea..29ac2683f8831 100644 --- a/pkg/metrics/operations.go +++ b/pkg/metrics/operations.go @@ -49,6 +49,7 @@ const ( Walk WalkByQuery + WalkMetadataByQuery Unset diff --git a/pkg/metrics/resolver_string.go b/pkg/metrics/resolver_string.go index 3b6413bf83e19..6f61cefbb3cf2 100644 --- a/pkg/metrics/resolver_string.go +++ b/pkg/metrics/resolver_string.go @@ -45,8 +45,9 @@ const _Resolver_name = "ClusterComplianceComlianceControlCVEsDeploymentsGroupsIm var _Resolver_index = [...]uint16{0, 7, 17, 33, 37, 48, 54, 60, 75, 83, 93, 98, 107, 121, 129, 134, 138, 145, 160, 168, 174, 184, 188, 206, 215, 223, 234, 248, 260, 275, 286} func (i Resolver) String() string { - if i < 0 || i >= Resolver(len(_Resolver_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Resolver_index)-1 { return "Resolver(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Resolver_name[_Resolver_index[i]:_Resolver_index[i+1]] + return _Resolver_name[_Resolver_index[idx]:_Resolver_index[idx+1]] } diff --git a/pkg/metrics/resource_string.go b/pkg/metrics/resource_string.go index 4ce5809e66591..669c27972f8a2 100644 --- a/pkg/metrics/resource_string.go +++ b/pkg/metrics/resource_string.go @@ -49,8 +49,9 @@ const _Resource_name = "AlertDeploymentProcessIndicatorProcessListeningOnPortIma var _Resource_index = [...]uint16{0, 5, 15, 31, 53, 58, 64, 73, 86, 90, 103, 119, 135, 151, 165, 178, 182, 193, 212, 215, 244, 269, 305, 327, 349, 371, 402, 426, 453, 477, 502, 533, 542, 561, 575} func (i Resource) String() string { - if i < 0 || i >= Resource(len(_Resource_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Resource_index)-1 { return "Resource(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Resource_name[_Resource_index[i]:_Resource_index[i+1]] + return _Resource_name[_Resource_index[idx]:_Resource_index[idx+1]] } diff --git a/pkg/postgres/batch.go b/pkg/postgres/batch.go index c9bf890bb8ed6..72f07b798fff5 100644 --- a/pkg/postgres/batch.go +++ b/pkg/postgres/batch.go @@ -13,6 +13,10 @@ type BatchResults struct { cancel context.CancelFunc } +func BatchResultsFromPgx(b pgx.BatchResults) *BatchResults { + return &BatchResults{BatchResults: b, cancel: func() {}} +} + // Close wraps pgx.BatchResults Close func (b *BatchResults) Close() error { defer b.cancel() diff --git a/pkg/postgres/conn.go b/pkg/postgres/conn.go index d542789bc09a7..661c8bbe2256d 100644 --- a/pkg/postgres/conn.go +++ b/pkg/postgres/conn.go @@ -21,13 +21,14 @@ func (c *Conn) Release() { } // Begin wraps pgxpool.Conn Begin -func (c *Conn) Begin(ctx context.Context) (*Tx, error) { +func (c *Conn) Begin(ctx context.Context) (*Tx, context.Context, error) { if tx, ok := TxFromContext(ctx); ok { - return &Tx{ + t := &Tx{ Tx: tx.Tx, cancelFunc: tx.cancelFunc, mode: inner, - }, nil + } + return t, ContextWithTx(ctx, t), nil } ctx, cancel := contextutil.ContextWithTimeoutIfNotExists(ctx, defaultTimeout) @@ -35,12 +36,13 @@ func (c *Conn) Begin(ctx context.Context) (*Tx, error) { tx, err := c.PgxPoolConn.Begin(ctx) if err != nil { incQueryErrors("begin", err) - return nil, err + return nil, ctx, err } - return &Tx{ + t := &Tx{ Tx: tx, cancelFunc: cancel, - }, nil + } + return t, ContextWithTx(ctx, t), nil } // Exec wraps pgxpool.Conn Exec diff --git a/pkg/postgres/pgadmin/admin_utils.go b/pkg/postgres/pgadmin/admin_utils.go index c822f94206083..1de44acc1480d 100644 --- a/pkg/postgres/pgadmin/admin_utils.go +++ b/pkg/postgres/pgadmin/admin_utils.go @@ -304,7 +304,7 @@ func getAvailablePostgresCapacity(postgresConfig *postgres.Config) (int64, error defer conn.Release() // Start a transaction - tx, err := conn.Begin(ctx) + tx, ctx, err := conn.Begin(ctx) if err != nil { return 0, err } diff --git a/pkg/postgres/tests/conn_test.go b/pkg/postgres/tests/conn_test.go index a89a880ea770d..d8858c2a1a14c 100644 --- a/pkg/postgres/tests/conn_test.go +++ b/pkg/postgres/tests/conn_test.go @@ -57,21 +57,29 @@ func (s *postgresConnTestSuite) TestConnBegin() { s.mockPgxPoolConn.EXPECT().Begin(gomock.Any()).Times(1).DoAndReturn(func(ctx context.Context) (pgx.Tx, error) { return s.mockTx, nil }) - tx1, err := s.conn.Begin(context.Background()) + tx1, ctx1, err := s.conn.Begin(context.Background()) s.NoError(err) s.NotNil(tx1) + fromContext, ok := postgres.TxFromContext(ctx1) + s.Same(fromContext, tx1) + s.True(ok) + + //// With tx + ctxWithTx := postgres.ContextWithTx(context.Background(), &postgres.Tx{}) + s.PanicsWithValue("it is not allowed to wrap a tx twice", func() { + _, _, _ = s.conn.Begin(ctxWithTx) + }) - // With tx - ctxWithTx := postgres.ContextWithTx(context.Background(), tx1) - tx2, err := s.conn.Begin(ctxWithTx) - s.NoError(err) - s.Same(tx1.Tx, tx2.Tx) + // With tx from another context + s.PanicsWithValue("it is not allowed to use one tx in two or more contexts", func() { + postgres.ContextWithTx(context.Background(), tx1) + }) // Error s.mockPgxPoolConn.EXPECT().Begin(gomock.Any()).Times(1).DoAndReturn(func(ctx context.Context) (pgx.Tx, error) { return nil, errFake }) - tx3, err := s.conn.Begin(context.Background()) + tx3, _, err := s.conn.Begin(context.Background()) s.Equal(errFake, err) s.Nil(tx3) } diff --git a/pkg/postgres/tests/tx_test.go b/pkg/postgres/tests/tx_test.go new file mode 100644 index 0000000000000..7762584ca84ec --- /dev/null +++ b/pkg/postgres/tests/tx_test.go @@ -0,0 +1,88 @@ +package tests + +import ( + "context" + "testing" + "time" + + pkgmocks "github.com/stackrox/rox/pkg/mocks/github.com/jackc/pgx/v5/mocks" + "github.com/stackrox/rox/pkg/postgres" + "github.com/stretchr/testify/suite" + "go.uber.org/mock/gomock" +) + +func TestTx(t *testing.T) { + suite.Run(t, new(postgresTxTestSuite)) +} + +type postgresTxTestSuite struct { + suite.Suite + + mockCtrl *gomock.Controller + mockTx *pkgmocks.MockTx + tx *postgres.Tx +} + +func (s *postgresTxTestSuite) SetupSuite() { + s.mockCtrl = gomock.NewController(s.T()) +} + +func (s *postgresTxTestSuite) TearDownSuite() { + s.mockCtrl.Finish() +} + +func (s *postgresTxTestSuite) SetupTest() { + s.mockTx = pkgmocks.NewMockTx(s.mockCtrl) + s.tx = &postgres.Tx{} + s.tx.Tx = s.mockTx +} + +// TestCommitWithExpiredContext verifies that Commit succeeds even when called with an expired context. +func (s *postgresTxTestSuite) TestCommitWithExpiredContext() { + // Create an already-expired context + ctx, cancel := context.WithTimeout(context.Background(), 1*time.Nanosecond) + defer cancel() + time.Sleep(2 * time.Millisecond) + + s.Error(ctx.Err(), "context should be expired") + + s.mockTx.EXPECT().Commit(gomock.Any()).Times(1).Return(nil) + + err := s.tx.Commit(ctx) + s.NoError(err) +} + +// TestRollbackWithExpiredContext verifies that Rollback succeeds even when called with an expired context. +func (s *postgresTxTestSuite) TestRollbackWithExpiredContext() { + // Create an already-expired context + ctx, cancel := context.WithTimeout(context.Background(), 1*time.Nanosecond) + defer cancel() + time.Sleep(2 * time.Millisecond) + + s.Error(ctx.Err(), "context should be expired") + + s.mockTx.EXPECT().Rollback(gomock.Any()).Times(1).Return(nil) + + err := s.tx.Rollback(ctx) + s.NoError(err) +} + +// TestCommitWithValidContext verifies normal Commit behavior works +func (s *postgresTxTestSuite) TestCommitWithValidContext() { + ctx := context.Background() + + s.mockTx.EXPECT().Commit(gomock.Any()).Times(1).Return(nil) + + err := s.tx.Commit(ctx) + s.NoError(err) +} + +// TestRollbackWithValidContext verifies normal Rollback behavior works +func (s *postgresTxTestSuite) TestRollbackWithValidContext() { + ctx := context.Background() + + s.mockTx.EXPECT().Rollback(gomock.Any()).Times(1).Return(nil) + + err := s.tx.Rollback(ctx) + s.NoError(err) +} diff --git a/pkg/postgres/tx.go b/pkg/postgres/tx.go index 7fed156bc7aa9..dc4feca81b058 100644 --- a/pkg/postgres/tx.go +++ b/pkg/postgres/tx.go @@ -63,9 +63,15 @@ func (t *Tx) QueryRow(ctx context.Context, sql string, args ...interface{}) pgx. return t.Tx.QueryRow(ctx, sql, args...) } -// Commit wraps pgx.Tx Commit +// Commit wraps pgx.Tx Commit but is a NOOP for inner transaction func (t *Tx) Commit(ctx context.Context) error { - defer t.cancelFunc() + // Ensure commit completes even if parent context is cancelled + ctx = context.WithoutCancel(ctx) + defer func() { + if t.cancelFunc != nil { + t.cancelFunc() + } + }() if t.mode == inner { return nil } @@ -77,9 +83,17 @@ func (t *Tx) Commit(ctx context.Context) error { return nil } -// Rollback wraps pgx.Tx Rollback +// Rollback wraps pgx.Tx Rollback safe to use even if inner transaction was reverted. +// In case Rollback or Commit might have the same effect (e.g. read only transaction) +// prefer Commit. func (t *Tx) Rollback(ctx context.Context) error { - defer t.cancelFunc() + // Ensure rollback completes even if parent context is cancelled + ctx = context.WithoutCancel(ctx) + defer func() { + if t.cancelFunc != nil { + t.cancelFunc() + } + }() if err := t.Tx.Rollback(ctx); err != nil { if t.mode == outer && errors.Is(err, pgx.ErrTxClosed) { @@ -108,3 +122,31 @@ func (t *Tx) UseInContext() { utils.Must(errors.New("it is not allowed to use one tx in two or more contexts")) } } + +// GetTransaction returns a new transaction or one from context. +func GetTransaction(ctx context.Context, db DB) (*Tx, context.Context, error) { + if tx, ok := TxFromContext(ctx); ok { + return &Tx{ + Tx: tx.Tx, + cancelFunc: tx.cancelFunc, + mode: inner, + }, ctx, nil + } + + tx, err := db.Begin(ctx) + if err != nil { + return nil, nil, err + } + ctxWithTx := ContextWithTx(ctx, tx) + return tx, ctxWithTx, nil +} + +// FinishReadOnlyTransaction commits the transaction and log error. +// Since context might be already done it uses its own background context. +func FinishReadOnlyTransaction(tx interface { + Commit(ctx context.Context) error +}) { + if err := tx.Commit(context.Background()); err != nil { + log.Errorf("failed to commit transaction: %v", err) + } +} diff --git a/pkg/protoconv/resources/resources.go b/pkg/protoconv/resources/resources.go index 5c84b62443d9b..d91d57efa3350 100644 --- a/pkg/protoconv/resources/resources.go +++ b/pkg/protoconv/resources/resources.go @@ -454,7 +454,11 @@ func (w *DeploymentWrap) populateImages(podSpec v1.PodSpec) { func (w *DeploymentWrap) populateSecurityContext(podSpec v1.PodSpec) { for i, c := range podSpec.Containers { - sc := &storage.SecurityContext{} + sc := &storage.SecurityContext{ + // allowPrivilegeEscalation default value is true. + // See: https://github.com/kubernetes/website/pull/51909 + AllowPrivilegeEscalation: true, + } s := c.SecurityContext if s != nil { if p := s.Privileged; p != nil { @@ -465,6 +469,10 @@ func (w *DeploymentWrap) populateSecurityContext(podSpec v1.PodSpec) { sc.ReadOnlyRootFilesystem = *p } + if ape := s.AllowPrivilegeEscalation; ape != nil { + sc.AllowPrivilegeEscalation = *ape + } + if capabilities := s.Capabilities; capabilities != nil { for _, add := range capabilities.Add { sc.AddCapabilities = append(sc.AddCapabilities, string(add)) @@ -474,13 +482,6 @@ func (w *DeploymentWrap) populateSecurityContext(podSpec v1.PodSpec) { sc.DropCapabilities = append(sc.DropCapabilities, string(drop)) } } - // If allowPrivilegeEscalation is not defined explicitly in the container's security context - // its default value is true - if ape := s.AllowPrivilegeEscalation; ape != nil { - sc.AllowPrivilegeEscalation = *ape - } else { - sc.AllowPrivilegeEscalation = true - } } sc.Selinux = makeSELinuxWithDefaults(s, podSpec.SecurityContext) sc.SeccompProfile = makeSeccompProfileWithDefaults(s, podSpec.SecurityContext) diff --git a/pkg/protoconv/resources/resources_test.go b/pkg/protoconv/resources/resources_test.go index 1b0eaf97efc7d..6c2c096e6f25e 100644 --- a/pkg/protoconv/resources/resources_test.go +++ b/pkg/protoconv/resources/resources_test.go @@ -349,24 +349,33 @@ func TestSecurityContext(t *testing.T) { trueBool := true falseBool := false for _, testCase := range []struct { - caseName string - allowPrivilegeEscalationInSpec *bool - result bool + caseName string + securityContext *v1.SecurityContext + result bool }{ { - caseName: "Allow privilege escalation explicitly set to true", - allowPrivilegeEscalationInSpec: &trueBool, - result: true, + caseName: "Allow privilege escalation explicitly set to true", + securityContext: &v1.SecurityContext{ + AllowPrivilegeEscalation: &trueBool, + }, + result: true, + }, + { + caseName: "Allow privilege escalation explicitly set to false", + securityContext: &v1.SecurityContext{ + AllowPrivilegeEscalation: &falseBool, + }, + result: false, }, { - caseName: "Allow privilege escalation explicitly set to false", - allowPrivilegeEscalationInSpec: &falseBool, - result: false, + caseName: "Allow privilege escalation is nil, defaults to true", + securityContext: &v1.SecurityContext{}, + result: true, }, { - caseName: "Allow privilege escalation is nil", - allowPrivilegeEscalationInSpec: nil, - result: true, + caseName: "SecurityContext is nil, Allow privilege escalation defaults to true", + securityContext: nil, + result: true, }, } { @@ -375,9 +384,9 @@ func TestSecurityContext(t *testing.T) { emptyContainer := &storage.Container{} containers := []*storage.Container{emptyContainer} deploymentWrap := &DeploymentWrap{Deployment: &storage.Deployment{Containers: containers}} - spec := v1.PodSpec{Containers: []v1.Container{{SecurityContext: &v1.SecurityContext{}}}} - if testCase.allowPrivilegeEscalationInSpec != nil { - spec.Containers[0].SecurityContext.AllowPrivilegeEscalation = testCase.allowPrivilegeEscalationInSpec + spec := v1.PodSpec{Containers: []v1.Container{{SecurityContext: testCase.securityContext}}} + if testCase.securityContext != nil && testCase.securityContext.AllowPrivilegeEscalation != nil { + spec.Containers[0].SecurityContext.AllowPrivilegeEscalation = testCase.securityContext.AllowPrivilegeEscalation } deploymentWrap.populateSecurityContext(spec) actualAllowPrivilegeEscalationValue := deploymentWrap.GetContainers()[0].GetSecurityContext().GetAllowPrivilegeEscalation() diff --git a/pkg/renderer/mode_string.go b/pkg/renderer/mode_string.go index 1889125ef7b0a..4627ce4aa272b 100644 --- a/pkg/renderer/mode_string.go +++ b/pkg/renderer/mode_string.go @@ -22,8 +22,9 @@ const _mode_name = "renderAllscannerOnlycentralTLSOnlycentralDBTLSOnlyscannerTLS var _mode_index = [...]uint8{0, 9, 20, 34, 50, 64, 77, 93} func (i mode) String() string { - if i < 0 || i >= mode(len(_mode_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_mode_index)-1 { return "mode(" + strconv.FormatInt(int64(i), 10) + ")" } - return _mode_name[_mode_index[i]:_mode_index[i+1]] + return _mode_name[_mode_index[idx]:_mode_index[idx+1]] } diff --git a/pkg/scancomponent/component_id.go b/pkg/scancomponent/component_id.go index 33cc3caff91b0..063389ea8c100 100644 --- a/pkg/scancomponent/component_id.go +++ b/pkg/scancomponent/component_id.go @@ -3,7 +3,6 @@ package scancomponent import ( "strconv" - "github.com/mitchellh/hashstructure/v2" "github.com/stackrox/rox/generated/storage" pgSearch "github.com/stackrox/rox/pkg/search/postgres" ) @@ -14,19 +13,8 @@ func ComponentID(name, version, os string) string { } // ComponentIDV2 creates a component ID from the given name and version and architecture and imageID. -func ComponentIDV2(component *storage.EmbeddedImageScanComponent, imageID string) (string, error) { - // A little future proofing here. Just hashing the component to ensure uniqueness. If a field is added, the data - // will be replaced anyway. We just need to ensure uniqueness within the scan since we tack on the imageID. - // We must make a clone of the incoming object to use in our hash. The `SetTopCvss` must be set to nil before hashing - // as that is added by the enricher and may vary. So we want to ignore it. Since it is - // a oneof we cannot simply flag it as ignore in the proto, sadly. - clonedComponent := component.CloneVT() - clonedComponent.SetTopCvss = nil - - hash, err := hashstructure.Hash(clonedComponent, hashstructure.FormatV2, &hashstructure.HashOptions{ZeroNil: true}) - if err != nil { - return "", err - } - - return pgSearch.IDFromPks([]string{component.GetName(), strconv.FormatUint(hash, 10), imageID}), nil +func ComponentIDV2(component *storage.EmbeddedImageScanComponent, imageID string, index int) string { + // The index it occurs in the component list is sufficient for uniqueness. We do not need to be able to + // rebuild this ID at query time from an embedded object. Which is why we were forced to use a hash before. + return pgSearch.IDFromPks([]string{component.GetName(), strconv.Itoa(index), imageID}) } diff --git a/pkg/search/derivationtype_string.go b/pkg/search/derivationtype_string.go index d99da7d9f828a..f854e764cd599 100644 --- a/pkg/search/derivationtype_string.go +++ b/pkg/search/derivationtype_string.go @@ -21,8 +21,9 @@ const _DerivationType_name = "CountDerivationTypeSimpleReverseSortDerivationType var _DerivationType_index = [...]uint8{0, 19, 50, 67, 82, 99, 127} func (i DerivationType) String() string { - if i < 0 || i >= DerivationType(len(_DerivationType_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_DerivationType_index)-1 { return "DerivationType(" + strconv.FormatInt(int64(i), 10) + ")" } - return _DerivationType_name[_DerivationType_index[i]:_DerivationType_index[i+1]] + return _DerivationType_name[_DerivationType_index[idx]:_DerivationType_index[idx+1]] } diff --git a/pkg/search/postgres/common.go b/pkg/search/postgres/common.go index f82af4826282f..936486ee7862c 100644 --- a/pkg/search/postgres/common.go +++ b/pkg/search/postgres/common.go @@ -1224,15 +1224,29 @@ func RunCursorQueryForSchemaFn[T any, PT pgutils.Unmarshaler[T]](ctx context.Con } defer cursor.close() + rowsData := make([]PT, 0, cursorBatchSize) for { + rowsData = rowsData[:0] rows, err := cursor.tx.Query(ctx, fmt.Sprintf("FETCH %d FROM %s", cursorBatchSize, cursor.id)) if err != nil { return errors.Wrap(err, "advancing in cursor") } - rowsAffected, err := handleRowsWithCallback(ctx, rows, callback) + rowsAffected, err := handleRowsWithCallback(ctx, rows, func(obj PT) error { + rowsData = append(rowsData, obj) + return nil + }) if err != nil { - return errors.Wrap(err, "processing rows") + return errors.Wrap(err, "reading rows from cursor") + } + + for _, obj := range rowsData { + if ctx.Err() != nil { + return errors.Wrap(ctx.Err(), "iterating over rows") + } + if err := callback(obj); err != nil { + return errors.Wrap(err, "processing rows") + } } if rowsAffected != cursorBatchSize { diff --git a/pkg/search/postgres/querytype_string.go b/pkg/search/postgres/querytype_string.go index d8d0e24eb211e..7ffaac0cabd10 100644 --- a/pkg/search/postgres/querytype_string.go +++ b/pkg/search/postgres/querytype_string.go @@ -21,8 +21,9 @@ const _QueryType_name = "SEARCHGETCOUNTDELETESELECTDELETERETURNINGIDS" var _QueryType_index = [...]uint8{0, 6, 9, 14, 20, 26, 44} func (i QueryType) String() string { - if i < 0 || i >= QueryType(len(_QueryType_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_QueryType_index)-1 { return "QueryType(" + strconv.FormatInt(int64(i), 10) + ")" } - return _QueryType_name[_QueryType_index[i]:_QueryType_index[i+1]] + return _QueryType_name[_QueryType_index[idx]:_QueryType_index[idx+1]] } diff --git a/pkg/search/postgres/store.go b/pkg/search/postgres/store.go index 9744ae0fd91b5..bd33c654ed0c7 100644 --- a/pkg/search/postgres/store.go +++ b/pkg/search/postgres/store.go @@ -409,7 +409,7 @@ func (s *genericStore[T, PT]) UpsertMany(ctx context.Context, objs []PT) error { // Lock since copyFrom requires a delete first before being executed. If multiple processes are updating // same subset of rows, both deletes could occur before the copyFrom resulting in unique constraint // violations - if len(objs) < batchAfter { + if len(objs) < batchAfter || s.copyFromObj == nil { s.mutex.RLock() defer s.mutex.RUnlock() @@ -417,11 +417,6 @@ func (s *genericStore[T, PT]) UpsertMany(ctx context.Context, objs []PT) error { } s.mutex.Lock() defer s.mutex.Unlock() - - if s.copyFromObj == nil { - return s.upsert(ctx, objs...) - } - return s.copyFrom(ctx, objs...) }) } @@ -454,11 +449,6 @@ func (s *genericStore[T, PT]) upsert(ctx context.Context, objs ...PT) error { if s.insertInto == nil { return utils.ShouldErr(errInvalidOperation) } - conn, err := s.acquireConn(ctx, ops.Upsert) - if err != nil { - return err - } - defer conn.Release() batch := &pgx.Batch{} for _, obj := range objs { @@ -466,6 +456,21 @@ func (s *genericStore[T, PT]) upsert(ctx context.Context, objs ...PT) error { return errors.Wrap(err, "error on insertInto") } } + + if tx, parentTxExists := postgres.TxFromContext(ctx); parentTxExists { + batchResults := postgres.BatchResultsFromPgx(tx.SendBatch(ctx, batch)) + if err := batchResults.Close(); err != nil { + return errors.Wrap(err, "closing batch on transaction") + } + return nil + } + + conn, err := s.acquireConn(ctx, ops.Upsert) + if err != nil { + return err + } + defer conn.Release() + batchResults := conn.SendBatch(ctx, batch) if err := batchResults.Close(); err != nil { return errors.Wrap(err, "closing batch") @@ -478,25 +483,36 @@ func (s *genericStore[T, PT]) copyFrom(ctx context.Context, objs ...PT) error { return utils.ShouldErr(errInvalidOperation) } - conn, err := s.acquireConn(ctx, ops.UpsertAll) - if err != nil { - return err - } - defer conn.Release() - - tx, err := conn.Begin(ctx) - if err != nil { - return errors.Wrap(err, "could not begin transaction") + // Check if we are already in transaction. + // If not let's create one. + tx, parentTxExists := postgres.TxFromContext(ctx) + if !parentTxExists { + conn, err := s.acquireConn(ctx, ops.UpsertAll) + if err != nil { + return err + } + defer conn.Release() + tx, ctx, err = conn.Begin(ctx) + if err != nil { + return errors.Wrap(err, "could not begin transaction") + } } if err := s.copyFromObj(ctx, s, tx, objs...); err != nil { - if rollbackErr := tx.Rollback(ctx); rollbackErr != nil { - return errors.Wrap(rollbackErr, "could not rollback transaction") + // Only rollback if we created the transaction + if !parentTxExists { + if rollbackErr := tx.Rollback(ctx); rollbackErr != nil { + return errors.Wrap(rollbackErr, "could not rollback transaction") + } } return errors.Wrap(err, "copy from objects failed") } - if err := tx.Commit(ctx); err != nil { - return errors.Wrap(err, "could not commit transaction") + + // Only commit if we created the transaction + if !parentTxExists { + if err := tx.Commit(ctx); err != nil { + return errors.Wrap(err, "could not commit transaction") + } } return nil } diff --git a/pkg/search/querymodifier_string.go b/pkg/search/querymodifier_string.go index d7d1aa27f30c6..b6c338a4bb2fd 100644 --- a/pkg/search/querymodifier_string.go +++ b/pkg/search/querymodifier_string.go @@ -19,8 +19,9 @@ const _QueryModifier_name = "AtLeastOneNegationRegexEquality" var _QueryModifier_index = [...]uint8{0, 10, 18, 23, 31} func (i QueryModifier) String() string { - if i < 0 || i >= QueryModifier(len(_QueryModifier_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_QueryModifier_index)-1 { return "QueryModifier(" + strconv.FormatInt(int64(i), 10) + ")" } - return _QueryModifier_name[_QueryModifier_index[i]:_QueryModifier_index[i+1]] + return _QueryModifier_name[_QueryModifier_index[idx]:_QueryModifier_index[idx+1]] } diff --git a/pkg/sensor/event/event.go b/pkg/sensor/event/event.go index 525dd7c92017c..01dd9f17417b9 100644 --- a/pkg/sensor/event/event.go +++ b/pkg/sensor/event/event.go @@ -8,8 +8,13 @@ import ( "github.com/stackrox/rox/pkg/stringutils" ) +const UnknownEventType = "UnknownEventType" + // GetEventTypeWithoutPrefix trims the *central.SensorEvent_ from the event type func GetEventTypeWithoutPrefix(i interface{}) string { + if i == nil { + return UnknownEventType + } return stringutils.GetAfter(reflectutils.Type(i), "_") } diff --git a/pkg/sensor/event/event_test.go b/pkg/sensor/event/event_test.go new file mode 100644 index 0000000000000..55f2d9031261a --- /dev/null +++ b/pkg/sensor/event/event_test.go @@ -0,0 +1,157 @@ +package event + +import ( + "testing" + + "github.com/stackrox/rox/generated/internalapi/central" + "github.com/stackrox/rox/generated/storage" + "github.com/stretchr/testify/assert" +) + +func TestGetEventTypeWithoutPrefix(t *testing.T) { + var nilDeployment *central.SensorEvent_Deployment = nil + var nilMap map[string]string = nil + var nilSlice []string = nil + var nilStruct any = nil + + tests := map[string]struct { + input interface{} + expected string + }{ + "should return UnknownEventType for nil input": { + input: nil, + expected: UnknownEventType, + }, + "should extract type even for typed nil pointer": { + input: nilDeployment, + expected: "Deployment", + }, + "should extract type even for map nil pointer": { + input: nilMap, + expected: "map[string]string", + }, + "should extract type even for slice nil pointer": { + input: nilSlice, + expected: "[]string", + }, + "should return UnknownEventType for any nil pointer": { + input: nilStruct, + expected: UnknownEventType, + }, + "should extract type for Deployment resource": { + input: ¢ral.SensorEvent_Deployment{Deployment: &storage.Deployment{}}, + expected: "Deployment", + }, + "should extract type for Pod resource": { + input: ¢ral.SensorEvent_Pod{Pod: &storage.Pod{}}, + expected: "Pod", + }, + "should extract type for NetworkPolicy resource": { + input: ¢ral.SensorEvent_NetworkPolicy{NetworkPolicy: &storage.NetworkPolicy{}}, + expected: "NetworkPolicy", + }, + "should extract type for ProcessIndicator resource": { + input: ¢ral.SensorEvent_ProcessIndicator{ProcessIndicator: &storage.ProcessIndicator{}}, + expected: "ProcessIndicator", + }, + } + + for name, tt := range tests { + t.Run(name, func(t *testing.T) { + result := GetEventTypeWithoutPrefix(tt.input) + assert.Equal(t, tt.expected, result) + }) + } +} + +func TestGetKeyFromMessage(t *testing.T) { + tests := map[string]struct { + msg *central.MsgFromSensor + expected string + }{ + "should generate key with known resource type": { + msg: ¢ral.MsgFromSensor{ + Msg: ¢ral.MsgFromSensor_Event{ + Event: ¢ral.SensorEvent{ + Id: "test-id-123", + Resource: ¢ral.SensorEvent_Deployment{ + Deployment: &storage.Deployment{}, + }, + }, + }, + }, + expected: "Deployment:test-id-123", + }, + "should generate key with UnknownEventType for nil resource": { + msg: ¢ral.MsgFromSensor{ + Msg: ¢ral.MsgFromSensor_Event{ + Event: ¢ral.SensorEvent{ + Id: "test-id-456", + Resource: nil, + }, + }, + }, + expected: "UnknownEventType:test-id-456", + }, + } + + for name, tt := range tests { + t.Run(name, func(t *testing.T) { + result := GetKeyFromMessage(tt.msg) + assert.Equal(t, tt.expected, result) + }) + } +} + +func TestParseIDFromKey(t *testing.T) { + tests := map[string]struct { + key string + expected string + }{ + "should extract ID from properly formatted key": { + key: "Deployment:test-id-123", + expected: "test-id-123", + }, + "should extract ID from key with empty type": { + key: ":test-id-456", + expected: "test-id-456", + }, + "should return full string when colon not found": { + key: "invalid-key", + expected: "invalid-key", + }, + } + + for name, tt := range tests { + t.Run(name, func(t *testing.T) { + result := ParseIDFromKey(tt.key) + assert.Equal(t, tt.expected, result) + }) + } +} + +func TestFormatKey(t *testing.T) { + tests := map[string]struct { + typ string + id string + expected string + }{ + "should format key with type and ID": { + typ: "Deployment", + id: "test-id-123", + expected: "Deployment:test-id-123", + }, + "should format key with empty type": { + typ: "", + id: "test-id-456", + expected: ":test-id-456", + }, + } + + for name, tt := range tests { + t.Run(name, func(t *testing.T) { + result := FormatKey(tt.typ, tt.id) + assert.Equal(t, tt.expected, result) + }) + } +} diff --git a/pkg/sensorupgrader/stage_string.go b/pkg/sensorupgrader/stage_string.go index 5c26b12d84317..a83ec51afb138 100644 --- a/pkg/sensorupgrader/stage_string.go +++ b/pkg/sensorupgrader/stage_string.go @@ -30,8 +30,9 @@ const _Stage_name = "UnsetStageCleanupForeignStateStageSnapshotForRollForwardSta var _Stage_index = [...]uint16{0, 10, 34, 61, 85, 107, 123, 145, 162, 187, 201, 221, 233, 250, 270, 289} func (i Stage) String() string { - if i < 0 || i >= Stage(len(_Stage_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Stage_index)-1 { return "Stage(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Stage_name[_Stage_index[i]:_Stage_index[i+1]] + return _Stage_name[_Stage_index[idx]:_Stage_index[idx+1]] } diff --git a/pkg/signatures/cosign_sig_fetcher.go b/pkg/signatures/cosign_sig_fetcher.go index 3d7d6e35590db..bf72a1942b6e8 100644 --- a/pkg/signatures/cosign_sig_fetcher.go +++ b/pkg/signatures/cosign_sig_fetcher.go @@ -18,9 +18,9 @@ import ( "github.com/google/go-containerregistry/pkg/v1/remote/transport" dockerRegistry "github.com/heroku/docker-registry-client/registry" "github.com/pkg/errors" - "github.com/sigstore/cosign/v2/pkg/cosign" - "github.com/sigstore/cosign/v2/pkg/oci" - ociremote "github.com/sigstore/cosign/v2/pkg/oci/remote" + "github.com/sigstore/cosign/v3/pkg/cosign" + "github.com/sigstore/cosign/v3/pkg/oci" + ociremote "github.com/sigstore/cosign/v3/pkg/oci/remote" "github.com/sigstore/sigstore/pkg/cryptoutils" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/errox" diff --git a/pkg/signatures/cosign_sig_fetcher_test.go b/pkg/signatures/cosign_sig_fetcher_test.go index 5403301917c44..3309dc6390d38 100644 --- a/pkg/signatures/cosign_sig_fetcher_test.go +++ b/pkg/signatures/cosign_sig_fetcher_test.go @@ -19,9 +19,9 @@ import ( "github.com/google/go-containerregistry/pkg/v1/remote/transport" dockerRegistry "github.com/heroku/docker-registry-client/registry" "github.com/pkg/errors" - "github.com/sigstore/cosign/v2/pkg/oci/mutate" - ociremote "github.com/sigstore/cosign/v2/pkg/oci/remote" - "github.com/sigstore/cosign/v2/pkg/oci/static" + "github.com/sigstore/cosign/v3/pkg/oci/mutate" + ociremote "github.com/sigstore/cosign/v3/pkg/oci/remote" + "github.com/sigstore/cosign/v3/pkg/oci/static" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/images/types" imgUtils "github.com/stackrox/rox/pkg/images/utils" diff --git a/pkg/signatures/cosign_sig_verifier.go b/pkg/signatures/cosign_sig_verifier.go index 6872ef6ec8686..6440384fbc145 100644 --- a/pkg/signatures/cosign_sig_verifier.go +++ b/pkg/signatures/cosign_sig_verifier.go @@ -13,11 +13,11 @@ import ( gcrv1 "github.com/google/go-containerregistry/pkg/v1" "github.com/hashicorp/go-multierror" "github.com/pkg/errors" - "github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio" - "github.com/sigstore/cosign/v2/pkg/cosign" - "github.com/sigstore/cosign/v2/pkg/cosign/bundle" - "github.com/sigstore/cosign/v2/pkg/oci" - "github.com/sigstore/cosign/v2/pkg/oci/static" + "github.com/sigstore/cosign/v3/cmd/cosign/cli/fulcio" + "github.com/sigstore/cosign/v3/pkg/cosign" + "github.com/sigstore/cosign/v3/pkg/cosign/bundle" + "github.com/sigstore/cosign/v3/pkg/oci" + "github.com/sigstore/cosign/v3/pkg/oci/static" rekorClient "github.com/sigstore/rekor/pkg/client" "github.com/sigstore/sigstore/pkg/cryptoutils" "github.com/sigstore/sigstore/pkg/signature" diff --git a/pkg/signatures/cosign_sig_verifier_test.go b/pkg/signatures/cosign_sig_verifier_test.go index f1cd3a4f7588e..f15ff47975b83 100644 --- a/pkg/signatures/cosign_sig_verifier_test.go +++ b/pkg/signatures/cosign_sig_verifier_test.go @@ -6,7 +6,7 @@ import ( "os" "testing" - "github.com/sigstore/cosign/v2/pkg/cosign/bundle" + "github.com/sigstore/cosign/v3/pkg/cosign/bundle" "github.com/stackrox/rox/generated/storage" "github.com/stackrox/rox/pkg/errox" "github.com/stackrox/rox/pkg/images/types" diff --git a/pkg/version/kind_string.go b/pkg/version/kind_string.go index 0dd6a95694db1..d5a5555a336b4 100644 --- a/pkg/version/kind_string.go +++ b/pkg/version/kind_string.go @@ -20,8 +20,9 @@ const _Kind_name = "InvalidKindDevelopmentKindRCKindReleaseKindNightlyKind" var _Kind_index = [...]uint8{0, 11, 26, 32, 43, 54} func (i Kind) String() string { - if i < 0 || i >= Kind(len(_Kind_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Kind_index)-1 { return "Kind(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Kind_name[_Kind_index[i]:_Kind_index[i+1]] + return _Kind_name[_Kind_index[idx]:_Kind_index[idx+1]] } diff --git a/proto/storage/vulnerability.proto b/proto/storage/vulnerability.proto index 9b79cb57ca395..75aa948b6bcfa 100644 --- a/proto/storage/vulnerability.proto +++ b/proto/storage/vulnerability.proto @@ -42,9 +42,9 @@ message EmbeddedVulnerability { // For internal purposes only. VulnerabilityType vulnerability_type = 11; repeated VulnerabilityType vulnerability_types = 18; // @gotags: hash:"ignore" - bool suppressed = 12; // @gotags: search:"CVE Snoozed" hash:"ignore" - google.protobuf.Timestamp suppress_activation = 13; // @gotags: hash:"ignore" - google.protobuf.Timestamp suppress_expiry = 14; // @gotags: hash:"ignore" + bool suppressed = 12; // @gotags: search:"CVE Snoozed" + google.protobuf.Timestamp suppress_activation = 13; + google.protobuf.Timestamp suppress_expiry = 14; // Time when the CVE was first seen, for this specific distro, in the system. google.protobuf.Timestamp first_system_occurrence = 15; // @gotags: policy:"First System Occurrence Timestamp" hash:"ignore" // Time when the CVE was first seen in this image. @@ -53,7 +53,7 @@ message EmbeddedVulnerability { reserved 17; VulnerabilitySeverity severity = 19; // @gotags: policy:"Severity" - VulnerabilityState state = 20; // @gotags: search:"Vulnerability State" hash:"ignore" + VulnerabilityState state = 20; // @gotags: search:"Vulnerability State" // cvss_metrics stores list of cvss scores from different sources like nvd, Redhat etc repeated CVSSScore cvss_metrics = 21; float nvd_cvss = 22; // @gotags: search:"NVD CVSS,store" diff --git a/qa-tests-backend/src/test/groovy/ProcessesListeningOnPortsTest.groovy b/qa-tests-backend/src/test/groovy/ProcessesListeningOnPortsTest.groovy index d4450570335d3..19c723a5833ec 100644 --- a/qa-tests-backend/src/test/groovy/ProcessesListeningOnPortsTest.groovy +++ b/qa-tests-backend/src/test/groovy/ProcessesListeningOnPortsTest.groovy @@ -283,7 +283,7 @@ class ProcessesListeningOnPortsTest extends BaseSpecification { assert list.size() > 1 assert processesListeningOnPorts.totalListeningEndpoints >= 2 - def endpoint1 = list[0] + def endpoint1 = list.find { it.endpoint.port == 8080 } verifyAll(endpoint1) { deploymentId @@ -297,7 +297,7 @@ class ProcessesListeningOnPortsTest extends BaseSpecification { endpoint.port == 8080 } - def endpoint2 = list[1] + def endpoint2 = list.find { it.endpoint.port == 9090 } verifyAll(endpoint2) { deploymentId diff --git a/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy b/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy index 8f9fc597002f0..4c0e1663fa6c9 100644 --- a/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy +++ b/qa-tests-backend/src/test/groovy/VulnScanWithGraphQLTest.groovy @@ -40,7 +40,7 @@ class VulnScanWithGraphQLTest extends BaseSpecification { tag } scan { - components { + imageComponents { name layerIndex version @@ -49,7 +49,7 @@ class VulnScanWithGraphQLTest extends BaseSpecification { type url } - vulns { + imageVulnerabilities { cve cvss link @@ -136,8 +136,8 @@ class VulnScanWithGraphQLTest extends BaseSpecification { then: assert resultRet.getValue() != null def image = resultRet.getValue().image - assert image?.scan?.components?.vulns != null - int cve = getCVEs(image.scan.components.vulns) + assert image?.scan?.imageComponents?.imageVulnerabilities != null + int cve = getCVEs(image.scan.imageComponents.imageVulnerabilities) assert cve >= vuln_cve where: "Data inputs are :" diff --git a/roxctl/declarativeconfig/create/access_scope_test.go b/roxctl/declarativeconfig/create/access_scope_test.go index e14e430193c50..bf61b90fbf167 100644 --- a/roxctl/declarativeconfig/create/access_scope_test.go +++ b/roxctl/declarativeconfig/create/access_scope_test.go @@ -74,7 +74,7 @@ func TestCreateAccessScope_Failures(t *testing.T) { "--cluster-label-selector=key=some-key;operator=EXISTS;values=some-value", }, errOut: `Error: validating access scope: 1 error occurred: - * values: Invalid value: []string{"some-value"}: values set must be empty for exists and does not exist + * values: Invalid value: ["some-value"]: values set must be empty for exists and does not exist `, diff --git a/rpms.lock.yaml b/rpms.lock.yaml index e3a0b968d4806..db083b59887fd 100644 --- a/rpms.lock.yaml +++ b/rpms.lock.yaml @@ -25,20 +25,20 @@ arches: name: oniguruma evr: 6.8.2-3.el8 sourcerpm: oniguruma-6.8.2-3.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/Packages/p/postgresql-15.14-1.module+el8.10.0+23423+5a199198.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/Packages/p/postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.aarch64.rpm repoid: rhel-8-for-aarch64-appstream-rpms - size: 1785883 - checksum: sha256:24562212b8673ccfbcfb80f7b3f6eca08ae83d65a2e2aadc924472a7bd97d6db + size: 1798263 + checksum: sha256:252c77d8411563980a3faa4fd4afca997bbd6f3456c1891036edaf429f676e34 name: postgresql - evr: 15.14-1.module+el8.10.0+23423+5a199198 - sourcerpm: postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/Packages/p/postgresql-private-libs-15.14-1.module+el8.10.0+23423+5a199198.aarch64.rpm + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 + sourcerpm: postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/Packages/p/postgresql-private-libs-15.15-1.module+el8.10.0+23782+2d6b2a31.aarch64.rpm repoid: rhel-8-for-aarch64-appstream-rpms - size: 129399 - checksum: sha256:94c27b96fd1a6d76c801cdbfc07da04d6220640c2f83a533b21711789e347714 + size: 129939 + checksum: sha256:48e3f2c86fe94721c78b0c824a3dc6c75bd848291a502493cccb3ea953a09810 name: postgresql-private-libs - evr: 15.14-1.module+el8.10.0+23423+5a199198 - sourcerpm: postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 + sourcerpm: postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/Packages/x/xkeyboard-config-2.28-1.el8.noarch.rpm repoid: rhel-8-for-aarch64-appstream-rpms size: 801000 @@ -88,13 +88,13 @@ arches: name: bzip2-libs evr: 1.0.6-28.el8_10 sourcerpm: bzip2-1.0.6-28.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/c/ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.noarch.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/c/ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.noarch.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1006212 - checksum: sha256:5b97c63d4978f82a8d73cb83c81c438d69309bc929d35c6bebf5868f128da13f + size: 1048264 + checksum: sha256:01d249b3d9889ab05adea246a1e84571e817013e06b24bbfc4bb42a1d7d8aa50 name: ca-certificates - evr: 2024.2.69_v8.0.303-80.0.el8_10 - sourcerpm: ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.src.rpm + evr: 2025.2.80_v9.0.304-80.2.el8_10 + sourcerpm: ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/c/chkconfig-1.19.2-1.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 201832 @@ -102,20 +102,20 @@ arches: name: chkconfig evr: 1.19.2-1.el8 sourcerpm: chkconfig-1.19.2-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/c/coreutils-8.30-15.el8.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/c/coreutils-8.30-16.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1246096 - checksum: sha256:b49621011495971f9702c42908d7fd2fa783ae7e73f9d971d5ccaef7098626bb + size: 1245188 + checksum: sha256:8c243cc95942ad93537f0d0f70679b05b67673e8f26012907e6495a82a208fce name: coreutils - evr: 8.30-15.el8 - sourcerpm: coreutils-8.30-15.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/c/coreutils-common-8.30-15.el8.aarch64.rpm + evr: 8.30-16.el8_10 + sourcerpm: coreutils-8.30-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/c/coreutils-common-8.30-16.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 2092812 - checksum: sha256:a8f0249bd4727364971fab711713f5e41cf017cc1bdcda0adb7a8065b6f2c504 + size: 2091860 + checksum: sha256:2bcab8061ab9388cb4f81584f6b279dd0212eb67807f4bcd401121c609ea27dc name: coreutils-common - evr: 8.30-15.el8 - sourcerpm: coreutils-8.30-15.el8.src.rpm + evr: 8.30-16.el8_10 + sourcerpm: coreutils-8.30-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/c/cpio-2.12-11.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 266436 @@ -158,13 +158,13 @@ arches: name: cryptsetup-libs evr: 2.3.7-7.el8 sourcerpm: cryptsetup-2.3.7-7.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/c/curl-7.61.1-34.el8_10.3.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/c/curl-7.61.1-34.el8_10.9.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 358408 - checksum: sha256:a549593cacde9f7520701db7a1222584eb05239d635d69ab441536891cb65e9e + size: 358108 + checksum: sha256:eb6b2b9bbe7f5eeec0d259c59995303c7e266dbf6e6e4f20ceca13427dfaf2a6 name: curl - evr: 7.61.1-34.el8_10.3 - sourcerpm: curl-7.61.1-34.el8_10.3.src.rpm + evr: 7.61.1-34.el8_10.9 + sourcerpm: curl-7.61.1-34.el8_10.9.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/c/cyrus-sasl-lib-2.1.27-6.el8_5.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 125352 @@ -228,13 +228,13 @@ arches: name: diffutils evr: 3.6-6.el8 sourcerpm: diffutils-3.6-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/d/dracut-049-237.git20250603.el8_10.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/d/dracut-049-239.git20251127.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 386612 - checksum: sha256:485383318e0416890ceaa3e50a54607b7a72faa1dc7bca5308b5b8bf18a419ab + size: 385684 + checksum: sha256:5134465376f9c8e8a9418c449a13d69bef53eaeb5670681e03b36ae9e1316dcb name: dracut - evr: 049-237.git20250603.el8_10 - sourcerpm: dracut-049-237.git20250603.el8_10.src.rpm + evr: 049-239.git20251127.el8_10 + sourcerpm: dracut-049-239.git20251127.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/e/elfutils-debuginfod-client-0.190-2.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 76564 @@ -263,27 +263,27 @@ arches: name: elfutils-libs evr: 0.190-2.el8 sourcerpm: elfutils-0.190-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/e/expat-2.2.5-17.el8_10.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/e/expat-2.5.0-1.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 107844 - checksum: sha256:7a560a41ad9b82fbbe3a5dd65c31ce5b996a76732d856561567d9ba795d04868 + size: 124144 + checksum: sha256:b5791923f62b8666b34052bd76a3ff745d3733110fdd4a7a3502a9a777afac2f name: expat - evr: 2.2.5-17.el8_10 - sourcerpm: expat-2.2.5-17.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/f/file-5.33-26.el8.aarch64.rpm + evr: 2.5.0-1.el8_10 + sourcerpm: expat-2.5.0-1.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/f/file-5.33-27.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 79544 - checksum: sha256:189652eff29020c9af762dff7a0217ebcc0008607d83efc81335c49259512fa4 + size: 79708 + checksum: sha256:b120b319b1d29ddef6047bda622ae4ee12b2021d9482b903788c2239078c3395 name: file - evr: 5.33-26.el8 - sourcerpm: file-5.33-26.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/f/file-libs-5.33-26.el8.aarch64.rpm + evr: 5.33-27.el8_10 + sourcerpm: file-5.33-27.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/f/file-libs-5.33-27.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 554600 - checksum: sha256:3ad6f1c221728c3e44a30d76c90a2e9f56c8d72676e4413f615a21129951f863 + size: 554732 + checksum: sha256:651f54ac9fbd3c49c7638fbc8993754319245e98bb0a99b49a6ecddfc0338e5f name: file-libs - evr: 5.33-26.el8 - sourcerpm: file-5.33-26.el8.src.rpm + evr: 5.33-27.el8_10 + sourcerpm: file-5.33-27.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/f/filesystem-3.8-6.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 1135824 @@ -291,13 +291,13 @@ arches: name: filesystem evr: 3.8-6.el8 sourcerpm: filesystem-3.8-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/f/findutils-4.6.0-23.el8_10.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/f/findutils-4.6.0-24.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 537232 - checksum: sha256:eb493cd562274cf498265a7d1afef06f22424ad5dff90c66f990e2edfbb40f8a + size: 535972 + checksum: sha256:138d1c305bc551259311e1a909caf3b433c8564a6a228690ff04817cd4091c2a name: findutils - evr: 1:4.6.0-23.el8_10 - sourcerpm: findutils-4.6.0-23.el8_10.src.rpm + evr: 1:4.6.0-24.el8_10 + sourcerpm: findutils-4.6.0-24.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/gawk-4.2.1-4.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 1162284 @@ -333,41 +333,41 @@ arches: name: gettext-libs evr: 0.19.8.1-17.el8 sourcerpm: gettext-0.19.8.1-17.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glib2-2.56.4-166.el8_10.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glib2-2.56.4-167.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 2555616 - checksum: sha256:dbf51028cd8c382a646153bef3b5f5b3a2da5031ce363155cea7f4726b68cb7e + size: 2555008 + checksum: sha256:7b666d9dda0acf4abba674ee76037c390aeeb91230367603302acae208f701a5 name: glib2 - evr: 2.56.4-166.el8_10 - sourcerpm: glib2-2.56.4-166.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-2.28-251.el8_10.25.aarch64.rpm + evr: 2.56.4-167.el8_10 + sourcerpm: glib2-2.56.4-167.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-2.28-251.el8_10.27.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1883952 - checksum: sha256:838377f266587d4f2d0f6094ca35a53108e4f8c47cb51a98f73317ff83103728 + size: 1884224 + checksum: sha256:2bd1aa65fd75e285289a4caa26f38021bcc9b56d41280fecbfe2bed363429ea2 name: glibc - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.25.aarch64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.27.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 26704288 - checksum: sha256:13fbfcfc89cf02c7052c64a8ee54231fca8e679e6d5d913c3204870630dab4bb + size: 26704852 + checksum: sha256:6253d5b7966eb1199457033ece014d940fd530e9066703796bbb7ee3d9081f31 name: glibc-all-langpacks - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.25.aarch64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.27.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1040192 - checksum: sha256:d338bd8738cc09c4e8b8252055eebf4fe5aa0550f3624a5e0c0920c9af55b17c + size: 1040484 + checksum: sha256:70f9ea83c964d4026908579933df9e24c1051ce63f4dac9662d109e3d7094664 name: glibc-common - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.25.aarch64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.27.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1849376 - checksum: sha256:d37555102f5b6de2d1867a10159f373909f30eba4f9532ba9b46b02306c9ce4b + size: 1849408 + checksum: sha256:77140513142bd8b300f4a131e0fd5744a79cb59f756f2c07fa61f3124bb89586 name: glibc-gconv-extra - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/gmp-6.1.2-11.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 269880 @@ -375,13 +375,13 @@ arches: name: gmp evr: 1:6.1.2-11.el8 sourcerpm: gmp-6.1.2-11.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/gnutls-3.6.16-8.el8_10.3.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/gnutls-3.6.16-8.el8_10.4.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 963296 - checksum: sha256:6e88307b29583b0983dbfb0aa90fa0c127b98768963b93cfe5a6ad6ac6b8883b + size: 962116 + checksum: sha256:39f8830e09cd29553725c04e11db68860b06e46fe374a045ed67bc378fc637be name: gnutls - evr: 3.6.16-8.el8_10.3 - sourcerpm: gnutls-3.6.16-8.el8_10.3.src.rpm + evr: 3.6.16-8.el8_10.4 + sourcerpm: gnutls-3.6.16-8.el8_10.4.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/grep-3.1-6.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 274592 @@ -389,27 +389,27 @@ arches: name: grep evr: 3.1-6.el8 sourcerpm: grep-3.1-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/grub2-common-2.02-167.el8_10.noarch.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/grub2-common-2.02-169.el8_10.noarch.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 919308 - checksum: sha256:54f4de37148044c83b997c6bea4bc7f222f6fda272347f7fa4907ff0eef5d29e + size: 918448 + checksum: sha256:4439fe4a6403508b74d5d8913543a74195411f69acbc81213ca32e5645939004 name: grub2-common - evr: 1:2.02-167.el8_10 - sourcerpm: grub2-2.02-167.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/grub2-tools-2.02-167.el8_10.aarch64.rpm + evr: 1:2.02-169.el8_10 + sourcerpm: grub2-2.02-169.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/grub2-tools-2.02-169.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1898868 - checksum: sha256:ed0ca5ac6dd4cb1cada522b0c82ca599776a14ce9bf4bed869e8b91e51050c66 + size: 1897992 + checksum: sha256:f188b34d5aaf1867da1d5c4af4eb66c32d8a80b731e58958c749528c1447faf7 name: grub2-tools - evr: 1:2.02-167.el8_10 - sourcerpm: grub2-2.02-167.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/grub2-tools-minimal-2.02-167.el8_10.aarch64.rpm + evr: 1:2.02-169.el8_10 + sourcerpm: grub2-2.02-169.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/grub2-tools-minimal-2.02-169.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 211400 - checksum: sha256:2e6edd449e53000b0ccd779ad1d3739d87ef73ab85a0c8a80f5d4167fb08fc6a + size: 210524 + checksum: sha256:ad5f0700bf2194a3c04cd0ea69e39c5bf33c776949f023e7c6e88aa9764227f5 name: grub2-tools-minimal - evr: 1:2.02-167.el8_10 - sourcerpm: grub2-2.02-167.el8_10.src.rpm + evr: 1:2.02-169.el8_10 + sourcerpm: grub2-2.02-169.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/grubby-8.40-49.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 51500 @@ -522,13 +522,13 @@ arches: name: libattr evr: 2.4.48-3.el8 sourcerpm: attr-2.4.48-3.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libblkid-2.32.1-46.el8.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libblkid-2.32.1-47.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 219896 - checksum: sha256:436d9798b9c36395eb1477dd3ab8b5340af83d8a63f71115c647913372f58737 + size: 218828 + checksum: sha256:f095a01eb9eb5d47a41beebfb0f9069365ca0a67ab2e137bc8501c748344b3ea name: libblkid - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libcap-2.48-6.el8_9.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 75344 @@ -543,13 +543,13 @@ arches: name: libcap-ng evr: 0.7.11-1.el8 sourcerpm: libcap-ng-0.7.11-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libcom_err-1.45.6-6.el8_10.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libcom_err-1.45.6-7.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 50440 - checksum: sha256:c0992c852e8ce45e734850c87e9a5191c605486df98a9a90d0a01f95c519e12e + size: 49420 + checksum: sha256:de3f523bb5b05df4853f3134c1529c33a24178a4f7b952e1f25c5d6ceb9dad18 name: libcom_err - evr: 1.45.6-6.el8_10 - sourcerpm: e2fsprogs-1.45.6-6.el8_10.src.rpm + evr: 1.45.6-7.el8_10 + sourcerpm: e2fsprogs-1.45.6-7.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libcroco-0.6.12-4.el8_2.1.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 110936 @@ -557,13 +557,13 @@ arches: name: libcroco evr: 0.6.12-4.el8_2.1 sourcerpm: libcroco-0.6.12-4.el8_2.1.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libcurl-7.61.1-34.el8_10.3.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libcurl-7.61.1-34.el8_10.9.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 292736 - checksum: sha256:ef0e425cc03bb69410885ca4e1204ab73965c108f507fd173050dc4fc31f6eed + size: 292648 + checksum: sha256:855a2115646f802403e292094874fce962680a4432426d63b0179152815c1b9e name: libcurl - evr: 7.61.1-34.el8_10.3 - sourcerpm: curl-7.61.1-34.el8_10.3.src.rpm + evr: 7.61.1-34.el8_10.9 + sourcerpm: curl-7.61.1-34.el8_10.9.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libdb-5.3.28-42.el8_4.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 703388 @@ -578,13 +578,13 @@ arches: name: libdb-utils evr: 5.3.28-42.el8_4 sourcerpm: libdb-5.3.28-42.el8_4.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libfdisk-2.32.1-46.el8.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libfdisk-2.32.1-47.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 250116 - checksum: sha256:e6ecba3121a293a8ac1cc6f391d79dd869de17766678c6d8ea29658ece48450b + size: 249284 + checksum: sha256:77480a0068650a9b639f0d8ce7875be243e8577c85d1453b17a7360bc30999cf name: libfdisk - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libffi-3.1-24.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 37560 @@ -641,13 +641,13 @@ arches: name: libkcapi-hmaccalc evr: 1.4.0-2.el8 sourcerpm: libkcapi-1.4.0-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libmount-2.32.1-46.el8.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libmount-2.32.1-47.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 235308 - checksum: sha256:96e0de09a90f39bb5efd3e43d7d83b5323b5da0c6ecc56680541a99e6d727d51 + size: 234412 + checksum: sha256:9515a7b004a80109e8d7097403cb85f93d2ea886be7663fd7df7371e3cf3cb4b name: libmount - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libnghttp2-1.33.0-6.el8_10.1.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 77144 @@ -711,27 +711,27 @@ arches: name: libsigsegv evr: 2.11-5.el8 sourcerpm: libsigsegv-2.11-5.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libsmartcols-2.32.1-46.el8.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libsmartcols-2.32.1-47.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 179572 - checksum: sha256:8bd107c857b7cd292e02374203498a3f7d8ac3778adec1dbad2e2fe51308926d + size: 178592 + checksum: sha256:c0038da4290bbbad241f36f5f7f9b16b0bb11baf108973eef0b9a9dc41301e65 name: libsmartcols - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libssh-0.9.6-14.el8.aarch64.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libssh-0.9.6-16.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 215484 - checksum: sha256:042b6674ad8110318cd335df145a61c8868d8d4ea5b8ca03532fef6d5790068b + size: 214584 + checksum: sha256:065f7ea1a082be300172266d6152a788739355406506227a4fed1943298c376e name: libssh - evr: 0.9.6-14.el8 - sourcerpm: libssh-0.9.6-14.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libssh-config-0.9.6-14.el8.noarch.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libssh-config-0.9.6-16.el8_10.noarch.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 21548 - checksum: sha256:e8281fb82a512c0bbfdd4bbd0f7f9657fce2ad547189fb93d0a0bf814173a2a4 + size: 20644 + checksum: sha256:2471adc5113ee9a2ff70bbbd3c9ef2a8d63e2da99bcfb00566b0869b2f037d27 name: libssh-config - evr: 0.9.6-14.el8 - sourcerpm: libssh-0.9.6-14.el8.src.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libstdc++-8.5.0-28.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 454548 @@ -767,13 +767,13 @@ arches: name: libutempter evr: 1.1.6-14.el8 sourcerpm: libutempter-1.1.6-14.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libuuid-2.32.1-46.el8.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libuuid-2.32.1-47.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 101008 - checksum: sha256:c6d49dd76df0b6e71a6de73bee9fd12727a839c0477586838d1d3ad922267436 + size: 100032 + checksum: sha256:24ecbd85e9f6a07435abd85815526ad7d3f2292451424b41685d377a3088fd29 name: libuuid - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libverto-0.3.2-2.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 24168 @@ -865,20 +865,20 @@ arches: name: openldap evr: 2.4.46-21.el8_10 sourcerpm: openldap-2.4.46-21.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/o/openssl-1.1.1k-14.el8_6.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/o/openssl-1.1.1k-14.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 708628 - checksum: sha256:1367e3cc6f59b4afa0a326455e2c381f7b5b9ca00e5de86663895cdaec70e52b + size: 707496 + checksum: sha256:03d16f9f6696aeba40c37dbf84eda09b66a6256d5eea3196294ea3ba00902bea name: openssl - evr: 1:1.1.1k-14.el8_6 - sourcerpm: openssl-1.1.1k-14.el8_6.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/o/openssl-libs-1.1.1k-14.el8_6.aarch64.rpm + evr: 1:1.1.1k-14.el8_10 + sourcerpm: openssl-1.1.1k-14.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/o/openssl-libs-1.1.1k-14.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1414628 - checksum: sha256:3c7765ebc6604e682302377a8e20a8fb99f1e4f833699ddad11c5ed98530d4ec + size: 1413872 + checksum: sha256:4e1ca86c5e80840de38684dabeffa73f2ed45eff748e09abfaaefa7ee4030f5e name: openssl-libs - evr: 1:1.1.1k-14.el8_6 - sourcerpm: openssl-1.1.1k-14.el8_6.src.rpm + evr: 1:1.1.1k-14.el8_10 + sourcerpm: openssl-1.1.1k-14.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/o/openssl-pkcs11-0.4.10-3.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 66436 @@ -907,13 +907,13 @@ arches: name: p11-kit-trust evr: 0.23.22-2.el8 sourcerpm: p11-kit-0.23.22-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/p/pam-1.3.1-38.el8_10.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/p/pam-1.3.1-39.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 760744 - checksum: sha256:3cc2caeb4d85c06b13dba9d8cac0ea82c25c3acd0ffb703646936ba2c09cfb2a + size: 760956 + checksum: sha256:aaa134b795b6e6a121d41c20589af4a2bd19a109a1fad429652c55c72676a45b name: pam - evr: 1.3.1-38.el8_10 - sourcerpm: pam-1.3.1-38.el8_10.src.rpm + evr: 1.3.1-39.el8_10 + sourcerpm: pam-1.3.1-39.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/p/pcre-8.42-6.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 191584 @@ -1047,13 +1047,13 @@ arches: name: setup evr: 2.12.2-9.el8 sourcerpm: setup-2.12.2-9.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/s/shadow-utils-4.6-22.el8.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/s/shadow-utils-4.6-23.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1272288 - checksum: sha256:3ccea243f8c0f86e2a0b2c93933bfd475a62134f0a556ee2e1212dcf8d7e5240 + size: 1272108 + checksum: sha256:4eb70bee470ee47520aae0acdc1f5547e2127e9f2eccde4b05ba8e9ee4782bae name: shadow-utils - evr: 2:4.6-22.el8 - sourcerpm: shadow-utils-4.6-22.el8.src.rpm + evr: 2:4.6-23.el8_10 + sourcerpm: shadow-utils-4.6-23.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/s/shared-mime-info-1.9-4.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 335752 @@ -1068,34 +1068,34 @@ arches: name: sqlite-libs evr: 3.26.0-20.el8_10 sourcerpm: sqlite-3.26.0-20.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/s/systemd-239-82.el8_10.5.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/s/systemd-239-82.el8_10.8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 3511384 - checksum: sha256:92439fcaf30212e095e4fdbce91732a249cd6fc60604cb8699dafce4b0622808 + size: 3513088 + checksum: sha256:c94f8fcedeb97ef9908137ec0d8b9a7618ab82618b3ecf7f345e25aa7ed5a267 name: systemd - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/s/systemd-libs-239-82.el8_10.5.aarch64.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/s/systemd-libs-239-82.el8_10.8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1096532 - checksum: sha256:8a472b51e524b3d75ecd7ca6f447a3e827928ade26ba086e4b7fb73fecdc9626 + size: 1097868 + checksum: sha256:422451943b582df3f0ed2b30347c5fef85455beffe5a58cb67c2f1783d8a11a2 name: systemd-libs - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/s/systemd-pam-239-82.el8_10.5.aarch64.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/s/systemd-pam-239-82.el8_10.8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 486552 - checksum: sha256:66dfa343cf41088a092184335322ecc896e7f4d843fdcdfa4864bddc8b865e6c + size: 487656 + checksum: sha256:af8b62ab3a3b79c2cbd7130c8a5a97801dfe1f4a3c266ef1b421db443bf90eb4 name: systemd-pam - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/s/systemd-udev-239-82.el8_10.5.aarch64.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/s/systemd-udev-239-82.el8_10.8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1625132 - checksum: sha256:3add487d5e8d6d4e3ddd9559ab912880acaf5727ffcc5811c4f4798e3256de8b + size: 1626444 + checksum: sha256:a77e034e5905688284937ae0ba9c998a6e1dd926240dd428653c09840f94ef9e name: systemd-udev - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/t/trousers-0.3.15-2.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 151356 @@ -1110,20 +1110,20 @@ arches: name: trousers-lib evr: 0.3.15-2.el8 sourcerpm: trousers-0.3.15-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/t/tzdata-2025b-1.el8.noarch.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/t/tzdata-2025c-1.el8.noarch.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 488428 - checksum: sha256:338539f7f0cd2770694153af81e2e65121b050a1bb555ad66a6fb6f562732602 + size: 560812 + checksum: sha256:e4b6cf905fb2111d9a45c3b6b95f6e0c5199bf9b3d576f2a06b4dcb49a63d55e name: tzdata - evr: 2025b-1.el8 - sourcerpm: tzdata-2025b-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/u/util-linux-2.32.1-46.el8.aarch64.rpm + evr: 2025c-1.el8 + sourcerpm: tzdata-2025c-1.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/u/util-linux-2.32.1-47.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 2588284 - checksum: sha256:0e77f52a016be9db4e88137ab48234d987a4cc0137606c56376705e7fb380689 + size: 2587504 + checksum: sha256:5632571c56cabce61cd6c7f88411e0f77743a9cc163f677a73a6b603b8f15044 name: util-linux - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/w/which-2.21-21.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 50372 @@ -1171,12 +1171,12 @@ arches: checksum: sha256:31cd372131f6eb404ce90285210fd74021914b4eb52e933b2aeebfa955099faa name: oniguruma evr: 6.8.2-3.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/source/SRPMS/Packages/p/postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/source/SRPMS/Packages/p/postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm repoid: rhel-8-for-aarch64-appstream-source-rpms - size: 53572917 - checksum: sha256:4a2c66b6b48cbf761ed5d454022f80fd6e63f89a84f095dac2683663960e9272 + size: 45654458 + checksum: sha256:30795de4ed7a01becc64ee50796e7c76b9195ff1eed0a341b279aeb3e4b15527 name: postgresql - evr: 15.14-1.module+el8.10.0+23423+5a199198 + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/source/SRPMS/Packages/x/xkeyboard-config-2.28-1.el8.src.rpm repoid: rhel-8-for-aarch64-appstream-source-rpms size: 1699339 @@ -1225,24 +1225,24 @@ arches: checksum: sha256:9c1d697f675f5889c57e7f983afa4b3e3f6e2334887ded9d7c10c5a205d1b06a name: bzip2 evr: 1.0.6-28.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/c/ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/c/ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 715540 - checksum: sha256:a066b501d49019ad53d7a8bd7badd1b073f317e406561f0cfad59b7bdfaba0a6 + size: 742547 + checksum: sha256:879547af21a33e8e0a2356bc7cbd8c4fdc17d4830fbcadbf9aac1cfbbcf140f5 name: ca-certificates - evr: 2024.2.69_v8.0.303-80.0.el8_10 + evr: 2025.2.80_v9.0.304-80.2.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/c/chkconfig-1.19.2-1.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 221618 checksum: sha256:7cf522c35fa5a5906c8c793ece9e599e80aba6c37d3f57afbf436c9abb8629c6 name: chkconfig evr: 1.19.2-1.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/c/coreutils-8.30-15.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/c/coreutils-8.30-16.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 5550193 - checksum: sha256:8e6d8f3d8929cfd896c09a6d7ebfdd0d78fd028169042f7df9e35803189e4eee + size: 5552304 + checksum: sha256:a765698d09c82865c7b71c2125273ed393aee734cdb2a999458bbbed9ccfe098 name: coreutils - evr: 8.30-15.el8 + evr: 8.30-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/c/cpio-2.12-11.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 1312438 @@ -1267,12 +1267,12 @@ arches: checksum: sha256:21bb087ab9a3d64c89295a1bd45b5e5b6189832a972d4b3ddccb2ff5437ac2ed name: cryptsetup evr: 2.3.7-7.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/c/curl-7.61.1-34.el8_10.3.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/c/curl-7.61.1-34.el8_10.9.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 2629169 - checksum: sha256:da74fbd455075a1e124a5251e17946c0a2c8b8bd023e349d0c52b3cee8e3d37c + size: 2637559 + checksum: sha256:b69dcfee680f356433e48929a3b447b72d6e99bf8ad61b5a6c9ac2eededf87cd name: curl - evr: 7.61.1-34.el8_10.3 + evr: 7.61.1-34.el8_10.9 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/c/cyrus-sasl-2.1.27-6.el8_5.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 4032772 @@ -1297,48 +1297,48 @@ arches: checksum: sha256:1308e782ad4f9b17a5cbbac9734be496948db857de7458b3388645bf1786892d name: diffutils evr: 3.6-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/d/dracut-049-237.git20250603.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/d/dracut-049-239.git20251127.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 584456 - checksum: sha256:82c025577bb9b0b42696376d7db8a9e2271995d8b42ab79af42911863b7928d0 + size: 585830 + checksum: sha256:559705b03309fdae2474df8798242da457ed1dd7d4014c37462188975bb3bf2e name: dracut - evr: 049-237.git20250603.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/e/e2fsprogs-1.45.6-6.el8_10.src.rpm + evr: 049-239.git20251127.el8_10 + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/e/e2fsprogs-1.45.6-7.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 5677469 - checksum: sha256:2e1f498b0924f164c828a6779756a00a7c69992e0ea90161e5b05270c0232716 + size: 5680546 + checksum: sha256:7adebb4cf95886f8dc9cdfa518378ba4609a2f9800782b8330ca5ddf4409d3bf name: e2fsprogs - evr: 1.45.6-6.el8_10 + evr: 1.45.6-7.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/e/elfutils-0.190-2.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 9288737 checksum: sha256:54fe49a6fd4f87d6fd594b62c465105fc3efab05a1ffcc216f053c277ab619bf name: elfutils evr: 0.190-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/e/expat-2.2.5-17.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/e/expat-2.5.0-1.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 8345318 - checksum: sha256:41de03fcbf3a8f7fa42e7017058ae0186e98a0e448ce01772de7af0a856a749d + size: 8388946 + checksum: sha256:566456bc755b628dc5a4ce77b6a643769165202f0ddd852ba73dd9512b994d2b name: expat - evr: 2.2.5-17.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/f/file-5.33-26.el8.src.rpm + evr: 2.5.0-1.el8_10 + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/f/file-5.33-27.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 899551 - checksum: sha256:1bdcfa5032e3ef5ff5f9f72233b6c9c67c0c7ff994a04df131d3b64b213b99cb + size: 900161 + checksum: sha256:f6996986985a11cebdb085b30dc7281eb320ee6234fa12ae43e39cd2d1de1afc name: file - evr: 5.33-26.el8 + evr: 5.33-27.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/f/filesystem-3.8-6.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 37286 checksum: sha256:113b7c5e28cc1d44e21c564c17d8c592a3f8a20b4c268cdaad6a407dee4d1540 name: filesystem evr: 3.8-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/f/findutils-4.6.0-23.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/f/findutils-4.6.0-24.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 3831527 - checksum: sha256:28510e1bb0c939d1b945f889611cf572e03ee18faaa5bff6f0ad203fd696fb29 + size: 3832656 + checksum: sha256:4ee9287c4f007ef160f3e2f61ddd3d6ff75dfa82ab99ba27f5c6ca673d97d529 name: findutils - evr: 1:4.6.0-23.el8_10 + evr: 1:4.6.0-24.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/gawk-4.2.1-4.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 3036497 @@ -1363,42 +1363,42 @@ arches: checksum: sha256:114be9b072a7726f2ac557fda6b8a86254ae3b7ed984ed14cfa7733bea9005d4 name: gettext evr: 0.19.8.1-17.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/glib2-2.56.4-166.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/glib2-2.56.4-167.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 7164223 - checksum: sha256:1c3428c7032aa0ba80754efd2b97d1e3b432eb151ed9de4db7a09ad96e5ecd33 + size: 7164394 + checksum: sha256:80ee50b39aa478e1503dbd18626df91a023d30e3f9b6fb588fa82e6ce2b5972e name: glib2 - evr: 2.56.4-166.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.25.src.rpm + evr: 2.56.4-167.el8_10 + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.27.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 18515112 - checksum: sha256:cf4f9d4cf5af467b7c42faedc1b12e6457e8d0fee07cedb9e122e6ba52d86938 + size: 18525139 + checksum: sha256:c3f8d7e92cffbd4e81c33871b5c55034b3f11c7417e6d84805a67e52cc6ebec1 name: glibc - evr: 2.28-251.el8_10.25 + evr: 2.28-251.el8_10.27 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/gmp-6.1.2-11.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 2430007 checksum: sha256:0be11faec5810961b3b5b2f0e8a54c4628b62bb2bec4e282f47682c4be0cef64 name: gmp evr: 1:6.1.2-11.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/gnutls-3.6.16-8.el8_10.3.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/gnutls-3.6.16-8.el8_10.4.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 5774773 - checksum: sha256:e3dc1e166a626f8ff303c9d9a260d4a1ac68cd2a62d28bfec51d6b1aa3670053 + size: 5783117 + checksum: sha256:62b0fb59ca7babdf1f2558c69ff1ceb67358d455bbf107d32db851f0af8ef185 name: gnutls - evr: 3.6.16-8.el8_10.3 + evr: 3.6.16-8.el8_10.4 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/grep-3.1-6.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 1412532 checksum: sha256:c5d8342de1536365d5ccb340a4a381b40529eb98a6866981df956e4adc2727ac name: grep evr: 3.1-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/grub2-2.02-167.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/grub2-2.02-169.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 8328141 - checksum: sha256:f4628c23c03e887679455a758545da6b4c54a31210fc665df55cd192c440ecd0 + size: 8327955 + checksum: sha256:1f583a9551862935908b05cfe9c75f5d0fd7b3eb46896a938341fbdc700d51c2 name: grub2 - evr: 1:2.02-167.el8_10 + evr: 1:2.02-169.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/grubby-8.40-49.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 233771 @@ -1555,12 +1555,12 @@ arches: checksum: sha256:a139e44850d9210e2a662e676dd57a6a40323b1744a14be7a87221f8e36cffe5 name: libsigsegv evr: 2.11-5.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/l/libssh-0.9.6-14.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/l/libssh-0.9.6-16.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 1151415 - checksum: sha256:a04fb32a5bdaf33053918c3c931891fe7415a8ace08069b74d055931413056eb + size: 1151564 + checksum: sha256:71e885a125f15dbbce25f515cc80bd2df63a93c904e0b71c5645d27c18c9f98c name: libssh - evr: 0.9.6-14.el8 + evr: 0.9.6-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/l/libtasn1-4.13-5.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 1968290 @@ -1657,12 +1657,12 @@ arches: checksum: sha256:42a8826001f6a49c1385746f1c5ef3967c3f15fe6fa510fe001d5a232732661a name: openldap evr: 2.4.46-21.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/o/openssl-1.1.1k-14.el8_6.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/o/openssl-1.1.1k-14.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 7741480 - checksum: sha256:c97b10d6a034e025a19ec8443ef7c80755e3a407fe29a77dda95af958b199eed + size: 7743036 + checksum: sha256:01ef6da2173fdd58138e983a69f7213698673c3eddb23539d4876eaca0efc07d name: openssl - evr: 1:1.1.1k-14.el8_6 + evr: 1:1.1.1k-14.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/o/openssl-pkcs11-0.4.10-3.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 520347 @@ -1681,12 +1681,12 @@ arches: checksum: sha256:9dece924ffd6e5698e7cb865f01976d7786b8c3cc65e743cf9ce3a856baff95e name: p11-kit evr: 0.23.22-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/p/pam-1.3.1-38.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/p/pam-1.3.1-39.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 1183015 - checksum: sha256:868a69dca0a6655a20c150bff64b3fdb058a9b9ee763094ff4b70052d9db6c74 + size: 1185014 + checksum: sha256:dbbbd55c9700e19c59e4e425a6b6f08eb4cb77f68967e773b318a8dfbdfdfb93 name: pam - evr: 1.3.1-38.el8_10 + evr: 1.3.1-39.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/p/pcre-8.42-6.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 1617186 @@ -1771,12 +1771,12 @@ arches: checksum: sha256:72f87a1c0c92c9486bdb3748db880281fcc1f947bbedb99edbcebf189e4a5c40 name: setup evr: 2.12.2-9.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/s/shadow-utils-4.6-22.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/s/shadow-utils-4.6-23.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 1845120 - checksum: sha256:140a4273738ea9cfd1fc5627ebd66ad1696a5e3c959092b41bf5dc6d7657d8a6 + size: 1845199 + checksum: sha256:1f73218c7981d0fe5008adfb4b8460626ba2dfe43c4075f50045c48f8d9e30cd name: shadow-utils - evr: 2:4.6-22.el8 + evr: 2:4.6-23.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/s/shared-mime-info-1.9-4.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 644720 @@ -1789,12 +1789,12 @@ arches: checksum: sha256:26dc49ea369dc145166e0a3959cc132f45e3345b99a75420c8932af24f44668c name: sqlite evr: 3.26.0-20.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/s/systemd-239-82.el8_10.5.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/s/systemd-239-82.el8_10.8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 9161850 - checksum: sha256:a20ae7bd2f13fd756b2389ec6ba6f84e6a9be28df01b5a7d04dab93b492a0eab + size: 9188443 + checksum: sha256:a3ade60f73bb3137b94ac38205c321511b70e2bf61b79e2a25e31015fb415844 name: systemd - evr: 239-82.el8_10.5 + evr: 239-82.el8_10.8 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/t/texinfo-6.5-7.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 4544531 @@ -1807,18 +1807,18 @@ arches: checksum: sha256:ad79eab11673ac2f172276a993d98f2bf98c77728863f656d7cc0ab595d5b593 name: trousers evr: 0.3.15-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/t/tzdata-2025b-1.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/t/tzdata-2025c-1.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 946701 - checksum: sha256:2f0ba51d371713287a690d9d1635b534113258aa2571862603d52870c1c8b60d + size: 960798 + checksum: sha256:c9798a08b98344921713d3183bda98727df494d83f96924604b6b755ddc30f61 name: tzdata - evr: 2025b-1.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/u/util-linux-2.32.1-46.el8.src.rpm + evr: 2025c-1.el8 + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/u/util-linux-2.32.1-47.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 4816801 - checksum: sha256:3fb688481dd062d917d8119cd64582a9e6ffa6736a6dbbf956d038a9115c6004 + size: 4817466 + checksum: sha256:e10e379f1386bdd6315e20cf735616747690c137ada562f47da85ca90ea966ee name: util-linux - evr: 2.32.1-46.el8 + evr: 2.32.1-47.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/w/which-2.21-21.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 171834 @@ -1844,10 +1844,10 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/repodata/337919e65aec0e3c74c2a5673973175374bd8ead0afdeef2925d98f3ba37e94a-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/repodata/0951060feeae60d5e7ffa7fc231d82cbce71f4d00a8180db49735be84fa66d16-modules.yaml.gz repoid: rhel-8-for-aarch64-appstream-rpms - size: 732675 - checksum: sha256:337919e65aec0e3c74c2a5673973175374bd8ead0afdeef2925d98f3ba37e94a + size: 756439 + checksum: sha256:0951060feeae60d5e7ffa7fc231d82cbce71f4d00a8180db49735be84fa66d16 - arch: ppc64le packages: - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/Packages/j/jq-1.6-11.el8_10.ppc64le.rpm @@ -1871,20 +1871,20 @@ arches: name: oniguruma evr: 6.8.2-3.el8 sourcerpm: oniguruma-6.8.2-3.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/Packages/p/postgresql-15.14-1.module+el8.10.0+23423+5a199198.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/Packages/p/postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.ppc64le.rpm repoid: rhel-8-for-ppc64le-appstream-rpms - size: 1864363 - checksum: sha256:6eb4836967b76fc22d7fe6c58cfeee10f51e7fd8902e99597d0ed5ee8328a600 + size: 1877303 + checksum: sha256:e60f7686d3bea0245ef49253c5705f2b66a2f23ba68b2c2768955bd3c303748c name: postgresql - evr: 15.14-1.module+el8.10.0+23423+5a199198 - sourcerpm: postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/Packages/p/postgresql-private-libs-15.14-1.module+el8.10.0+23423+5a199198.ppc64le.rpm + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 + sourcerpm: postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/Packages/p/postgresql-private-libs-15.15-1.module+el8.10.0+23782+2d6b2a31.ppc64le.rpm repoid: rhel-8-for-ppc64le-appstream-rpms - size: 150687 - checksum: sha256:d50be28a27596fc611792e11609c61a8e5163615ab09bbd5db4ac6df562ae7c4 + size: 151435 + checksum: sha256:80c3061d69e75e725dd9de7084f948b82e37ec98e62a8522c7a79dcea803b74a name: postgresql-private-libs - evr: 15.14-1.module+el8.10.0+23423+5a199198 - sourcerpm: postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 + sourcerpm: postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/Packages/x/xkeyboard-config-2.28-1.el8.noarch.rpm repoid: rhel-8-for-ppc64le-appstream-rpms size: 801000 @@ -1934,13 +1934,13 @@ arches: name: bzip2-libs evr: 1.0.6-28.el8_10 sourcerpm: bzip2-1.0.6-28.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/c/ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.noarch.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/c/ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.noarch.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1006212 - checksum: sha256:5b97c63d4978f82a8d73cb83c81c438d69309bc929d35c6bebf5868f128da13f + size: 1048264 + checksum: sha256:01d249b3d9889ab05adea246a1e84571e817013e06b24bbfc4bb42a1d7d8aa50 name: ca-certificates - evr: 2024.2.69_v8.0.303-80.0.el8_10 - sourcerpm: ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.src.rpm + evr: 2025.2.80_v9.0.304-80.2.el8_10 + sourcerpm: ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/c/chkconfig-1.19.2-1.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 209036 @@ -1948,20 +1948,20 @@ arches: name: chkconfig evr: 1.19.2-1.el8 sourcerpm: chkconfig-1.19.2-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/c/coreutils-8.30-15.el8.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/c/coreutils-8.30-16.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1369068 - checksum: sha256:e68dc6775d28c27ca343fdd74ebfeab892adb29dcf696d1d77f3b60c71749e35 + size: 1367560 + checksum: sha256:a345f9a852aeaea2132d295ab9a7841db8646bce372cb9da8f1e4cac8267e2ad name: coreutils - evr: 8.30-15.el8 - sourcerpm: coreutils-8.30-15.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/c/coreutils-common-8.30-15.el8.ppc64le.rpm + evr: 8.30-16.el8_10 + sourcerpm: coreutils-8.30-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/c/coreutils-common-8.30-16.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 2092696 - checksum: sha256:b5bf122e33328f6dba0dc0796259a39518886bac9714d00d044ab5cf1471a700 + size: 2091852 + checksum: sha256:fa122cf627a83bc686c185c520fa1dd2497a76090e53c9d7c52626cbbbb8929c name: coreutils-common - evr: 8.30-15.el8 - sourcerpm: coreutils-8.30-15.el8.src.rpm + evr: 8.30-16.el8_10 + sourcerpm: coreutils-8.30-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/c/cpio-2.12-11.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 276460 @@ -2004,13 +2004,13 @@ arches: name: cryptsetup-libs evr: 2.3.7-7.el8 sourcerpm: cryptsetup-2.3.7-7.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/c/curl-7.61.1-34.el8_10.3.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/c/curl-7.61.1-34.el8_10.9.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 366608 - checksum: sha256:167590bbdb52fdda1a6a7c1ade6c07b07ad7e737a744fa01cf94ec32dff9d8a6 + size: 366296 + checksum: sha256:099c46e57263838ec3a35d6ecb017ca3ded6054dfa2f189b22e410e8899ea5b7 name: curl - evr: 7.61.1-34.el8_10.3 - sourcerpm: curl-7.61.1-34.el8_10.3.src.rpm + evr: 7.61.1-34.el8_10.9 + sourcerpm: curl-7.61.1-34.el8_10.9.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/c/cyrus-sasl-lib-2.1.27-6.el8_5.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 137896 @@ -2074,13 +2074,13 @@ arches: name: diffutils evr: 3.6-6.el8 sourcerpm: diffutils-3.6-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/d/dracut-049-237.git20250603.el8_10.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/d/dracut-049-239.git20251127.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 393168 - checksum: sha256:1a8b74595e1b73d7e5cdbdda7324f598e83de9f402bab09d62cbb6c86ef3d5d1 + size: 392252 + checksum: sha256:dbdc5c407045d45227507d079dcad14a43939aef0d2ca1900b508af0eb938025 name: dracut - evr: 049-237.git20250603.el8_10 - sourcerpm: dracut-049-237.git20250603.el8_10.src.rpm + evr: 049-239.git20251127.el8_10 + sourcerpm: dracut-049-239.git20251127.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/e/elfutils-debuginfod-client-0.190-2.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 78824 @@ -2109,27 +2109,27 @@ arches: name: elfutils-libs evr: 0.190-2.el8 sourcerpm: elfutils-0.190-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/e/expat-2.2.5-17.el8_10.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/e/expat-2.5.0-1.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 119236 - checksum: sha256:c7fad5d488549d79f4566b701be1f65c322096b55fd021abb4fe662eb08bf9d6 + size: 136140 + checksum: sha256:2568a6eca06a1d26161eb976577b719cbdb979690f1b6f3dbeecb2ad75402029 name: expat - evr: 2.2.5-17.el8_10 - sourcerpm: expat-2.2.5-17.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/f/file-5.33-26.el8.ppc64le.rpm + evr: 2.5.0-1.el8_10 + sourcerpm: expat-2.5.0-1.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/f/file-5.33-27.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 80044 - checksum: sha256:70f8b9303f3c64aef8dba92b81a801fdfcba2e1e19a4ade593289a2fe22196b8 + size: 80200 + checksum: sha256:a80a4a35c7784d76e4359699e751533741876699b4f572fbb1f0edae1bfc1869 name: file - evr: 5.33-26.el8 - sourcerpm: file-5.33-26.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/f/file-libs-5.33-26.el8.ppc64le.rpm + evr: 5.33-27.el8_10 + sourcerpm: file-5.33-27.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/f/file-libs-5.33-27.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 565384 - checksum: sha256:791ac2fa9d810c0fb55041274982e1f1bdd6b9a4fb833a792cea0217a074e2ba + size: 565504 + checksum: sha256:14f6e619dcd73fe706f89e202a5a3938bd8c06cba94770a4493a440199b5342e name: file-libs - evr: 5.33-26.el8 - sourcerpm: file-5.33-26.el8.src.rpm + evr: 5.33-27.el8_10 + sourcerpm: file-5.33-27.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/f/filesystem-3.8-6.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 1135836 @@ -2137,13 +2137,13 @@ arches: name: filesystem evr: 3.8-6.el8 sourcerpm: filesystem-3.8-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/f/findutils-4.6.0-23.el8_10.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/f/findutils-4.6.0-24.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 555032 - checksum: sha256:e082308da55a744cba3ceba76539c9ce8174d01ce9c6f2f3ec4bba625d8d612f + size: 553836 + checksum: sha256:ca7edcc090ecfc534e720d9b3e7cacaf1d5cd08dc0397040eef1c2821ed5e3c4 name: findutils - evr: 1:4.6.0-23.el8_10 - sourcerpm: findutils-4.6.0-23.el8_10.src.rpm + evr: 1:4.6.0-24.el8_10 + sourcerpm: findutils-4.6.0-24.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/gawk-4.2.1-4.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 1205792 @@ -2179,41 +2179,41 @@ arches: name: gettext-libs evr: 0.19.8.1-17.el8 sourcerpm: gettext-0.19.8.1-17.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glib2-2.56.4-166.el8_10.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glib2-2.56.4-167.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 2706072 - checksum: sha256:931859203495911e5f030bfcba117c5ac5ec9335017143897744cca0813ef533 + size: 2705184 + checksum: sha256:be9bc79cace8aa17ac4e654cc8029b0a96e353e245eb9992e25db83bb9133568 name: glib2 - evr: 2.56.4-166.el8_10 - sourcerpm: glib2-2.56.4-166.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-2.28-251.el8_10.25.ppc64le.rpm + evr: 2.56.4-167.el8_10 + sourcerpm: glib2-2.56.4-167.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-2.28-251.el8_10.27.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 3516808 - checksum: sha256:094b5376183d831dcc17a543598a98c1ff29a08568b5d2b3285dffbeea00fadd + size: 3516168 + checksum: sha256:d97d81a14385cea294b40e17a9f8df18438154d4e7318aa59e3304e708c87f4d name: glibc - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.25.ppc64le.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.27.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 26767584 - checksum: sha256:9631b55e046cf10e2ba49b9c22677e56752364edbe8e10a521f047014d768b52 + size: 26768148 + checksum: sha256:fad7e00a47528172e9b6c2346a2d6979dff35fe1c4e9592aed25da51408b156c name: glibc-all-langpacks - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.25.ppc64le.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.27.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1055260 - checksum: sha256:e62ac475c1cb8521b88d7baa64dc348b3705bdfa380176e30fc4145bd821ae08 + size: 1055520 + checksum: sha256:fc0c8f8937b1c25828495ff3b1f72b4b3b4017bc3e43583d1c425c9597ca4f88 name: glibc-common - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.25.ppc64le.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.27.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1867560 - checksum: sha256:b0dae5b019df1d6cff5b015bed1146ca5712bcfc758a0a792d50109b7e1c9685 + size: 1867904 + checksum: sha256:29a05af3b712836004f8c58c11f29e7855419d261dea10ea894a33e002fc9f9f name: glibc-gconv-extra - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/gmp-6.1.2-11.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 296280 @@ -2221,13 +2221,13 @@ arches: name: gmp evr: 1:6.1.2-11.el8 sourcerpm: gmp-6.1.2-11.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/gnutls-3.6.16-8.el8_10.3.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/gnutls-3.6.16-8.el8_10.4.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1016908 - checksum: sha256:8a21a848d756e4694816f28b33954596c045ca47b74e84ca7d886a4ac50dd8be + size: 1015860 + checksum: sha256:ec7866e54ec4687c5dbbeff49196d39c52ee072416cb4fdbac8e2e7caf388370 name: gnutls - evr: 3.6.16-8.el8_10.3 - sourcerpm: gnutls-3.6.16-8.el8_10.3.src.rpm + evr: 3.6.16-8.el8_10.4 + sourcerpm: gnutls-3.6.16-8.el8_10.4.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/grep-3.1-6.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 289552 @@ -2235,27 +2235,27 @@ arches: name: grep evr: 3.1-6.el8 sourcerpm: grep-3.1-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/grub2-common-2.02-167.el8_10.noarch.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/grub2-common-2.02-169.el8_10.noarch.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 919308 - checksum: sha256:54f4de37148044c83b997c6bea4bc7f222f6fda272347f7fa4907ff0eef5d29e + size: 918448 + checksum: sha256:4439fe4a6403508b74d5d8913543a74195411f69acbc81213ca32e5645939004 name: grub2-common - evr: 1:2.02-167.el8_10 - sourcerpm: grub2-2.02-167.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/grub2-tools-2.02-167.el8_10.ppc64le.rpm + evr: 1:2.02-169.el8_10 + sourcerpm: grub2-2.02-169.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/grub2-tools-2.02-169.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1980416 - checksum: sha256:7ef71315e98ed90c069d726880a42b8196f985a7662d62ac7a8aae76fdb08642 + size: 1979556 + checksum: sha256:4a27cd5fd83b7d7c6d82bb73740651ad53c726e32931aa95048819e613a19cf6 name: grub2-tools - evr: 1:2.02-167.el8_10 - sourcerpm: grub2-2.02-167.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/grub2-tools-minimal-2.02-167.el8_10.ppc64le.rpm + evr: 1:2.02-169.el8_10 + sourcerpm: grub2-2.02-169.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/grub2-tools-minimal-2.02-169.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 219804 - checksum: sha256:cc84f7899331ee26bb4ef120ec5ff6777b31e125605e46bcc4212d586a182078 + size: 218912 + checksum: sha256:bcc7b436c2711954b2ea5df032402b658a6cf1628d1d8b9f9d37496aa8a5453e name: grub2-tools-minimal - evr: 1:2.02-167.el8_10 - sourcerpm: grub2-2.02-167.el8_10.src.rpm + evr: 1:2.02-169.el8_10 + sourcerpm: grub2-2.02-169.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/grubby-8.40-49.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 52660 @@ -2368,13 +2368,13 @@ arches: name: libattr evr: 2.4.48-3.el8 sourcerpm: attr-2.4.48-3.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libblkid-2.32.1-46.el8.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libblkid-2.32.1-47.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 248148 - checksum: sha256:6fc94c84cdf7978b59448f501ae70f65dd26982fdd4ac19f40910f5881be22dd + size: 247084 + checksum: sha256:0588a0f4ec7a55aaee28a3c34f2c02fc90d01af3a2a9b2a3e10bffc371b239c1 name: libblkid - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libcap-2.48-6.el8_9.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 81276 @@ -2389,13 +2389,13 @@ arches: name: libcap-ng evr: 0.7.11-1.el8 sourcerpm: libcap-ng-0.7.11-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libcom_err-1.45.6-6.el8_10.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libcom_err-1.45.6-7.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 51012 - checksum: sha256:f604163be24ff27e250627a86cef6247e2de43e9a47f6efaa21fe6cac93bb069 + size: 50004 + checksum: sha256:e3f142b9c790e7dce0349119241060146a8d4c3b2f8bdc35af2e969aafb74ee3 name: libcom_err - evr: 1.45.6-6.el8_10 - sourcerpm: e2fsprogs-1.45.6-6.el8_10.src.rpm + evr: 1.45.6-7.el8_10 + sourcerpm: e2fsprogs-1.45.6-7.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libcroco-0.6.12-4.el8_2.1.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 126044 @@ -2403,13 +2403,13 @@ arches: name: libcroco evr: 0.6.12-4.el8_2.1 sourcerpm: libcroco-0.6.12-4.el8_2.1.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libcurl-7.61.1-34.el8_10.3.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libcurl-7.61.1-34.el8_10.9.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 328780 - checksum: sha256:1300b5b03339a6ffc756f1710e182fe5562504529337ce073618fb66e227c44d + size: 328672 + checksum: sha256:18cff1828997288bf377355316b7e81d91e21dd01bb37d4888aefa1a3ac83a68 name: libcurl - evr: 7.61.1-34.el8_10.3 - sourcerpm: curl-7.61.1-34.el8_10.3.src.rpm + evr: 7.61.1-34.el8_10.9 + sourcerpm: curl-7.61.1-34.el8_10.9.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libdb-5.3.28-42.el8_4.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 807032 @@ -2424,13 +2424,13 @@ arches: name: libdb-utils evr: 5.3.28-42.el8_4 sourcerpm: libdb-5.3.28-42.el8_4.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libfdisk-2.32.1-46.el8.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libfdisk-2.32.1-47.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 276876 - checksum: sha256:8d5ff444821ea99876d618a334312472eef861e5270e61f9b9554e209a273d23 + size: 275884 + checksum: sha256:3fee492a9a891261d9a38749ceece9ee6511549033ec7ab6c9a5d7c9b28803fb name: libfdisk - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libffi-3.1-24.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 40004 @@ -2487,13 +2487,13 @@ arches: name: libkcapi-hmaccalc evr: 1.4.0-2.el8 sourcerpm: libkcapi-1.4.0-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libmount-2.32.1-46.el8.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libmount-2.32.1-47.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 266360 - checksum: sha256:6ce023efeb37f29a17f92b5def9fc835e48e9e3c436210463586feaeb17fe9ea + size: 265396 + checksum: sha256:d8652ce55eff19ee1b6be7521bac17fa0b0a3f4db1feeaf9be8fd85b9a3336af name: libmount - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libnghttp2-1.33.0-6.el8_10.1.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 87792 @@ -2564,27 +2564,27 @@ arches: name: libsigsegv evr: 2.11-5.el8 sourcerpm: libsigsegv-2.11-5.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libsmartcols-2.32.1-46.el8.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libsmartcols-2.32.1-47.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 196536 - checksum: sha256:e5ed04fe83a621f8ae92f1e9152b1c592dc9e95fbdcd4b1d8e4d221a0a350090 + size: 195556 + checksum: sha256:0dc6f9098a57ee71436a48337927da6b47e2d5312e52b725ce99d9a05d311d6e name: libsmartcols - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libssh-0.9.6-14.el8.ppc64le.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libssh-0.9.6-16.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 246788 - checksum: sha256:e87fabf19e917162b4e06713239f02dec859b5041e8332a1394e40db93329ea5 + size: 245868 + checksum: sha256:a56e1939241a2ada72fcfddce3bedfa2ee55d68a20d38c19792d2cc78ddedbf5 name: libssh - evr: 0.9.6-14.el8 - sourcerpm: libssh-0.9.6-14.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libssh-config-0.9.6-14.el8.noarch.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libssh-config-0.9.6-16.el8_10.noarch.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 21548 - checksum: sha256:e8281fb82a512c0bbfdd4bbd0f7f9657fce2ad547189fb93d0a0bf814173a2a4 + size: 20644 + checksum: sha256:2471adc5113ee9a2ff70bbbd3c9ef2a8d63e2da99bcfb00566b0869b2f037d27 name: libssh-config - evr: 0.9.6-14.el8 - sourcerpm: libssh-0.9.6-14.el8.src.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libstdc++-8.5.0-28.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 528908 @@ -2620,13 +2620,13 @@ arches: name: libutempter evr: 1.1.6-14.el8 sourcerpm: libutempter-1.1.6-14.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libuuid-2.32.1-46.el8.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libuuid-2.32.1-47.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 103444 - checksum: sha256:e74caf1e55cd53a08ce78f772e9d1b1c3b7f8b8f407221a06087ece0998a223a + size: 102548 + checksum: sha256:0b3bbe3ae4996e754868de28635ff8a696987ab2e316e75b4389608edf4348fa name: libuuid - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libverto-0.3.2-2.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 26016 @@ -2718,20 +2718,20 @@ arches: name: openldap evr: 2.4.46-21.el8_10 sourcerpm: openldap-2.4.46-21.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/o/openssl-1.1.1k-14.el8_6.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/o/openssl-1.1.1k-14.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 731808 - checksum: sha256:13616f555100e3a9b4617fe4d3aa13c4a1f46237708572b379749863ee1fb7ae + size: 730868 + checksum: sha256:582368e2b737656ab875b57f292dc04426eb5f93136696c3d55523cc49fcc399 name: openssl - evr: 1:1.1.1k-14.el8_6 - sourcerpm: openssl-1.1.1k-14.el8_6.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/o/openssl-libs-1.1.1k-14.el8_6.ppc64le.rpm + evr: 1:1.1.1k-14.el8_10 + sourcerpm: openssl-1.1.1k-14.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/o/openssl-libs-1.1.1k-14.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1580468 - checksum: sha256:92db3c863ae63eb9e59c9adacba4d7e80a0ebfd466c2074102fc051272642892 + size: 1579712 + checksum: sha256:0883b5f4e8acf649cfb5491f7dde772e9329e6e1709e56c563bea833b3a192b0 name: openssl-libs - evr: 1:1.1.1k-14.el8_6 - sourcerpm: openssl-1.1.1k-14.el8_6.src.rpm + evr: 1:1.1.1k-14.el8_10 + sourcerpm: openssl-1.1.1k-14.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/o/openssl-pkcs11-0.4.10-3.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 73064 @@ -2760,13 +2760,13 @@ arches: name: p11-kit-trust evr: 0.23.22-2.el8 sourcerpm: p11-kit-0.23.22-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/p/pam-1.3.1-38.el8_10.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/p/pam-1.3.1-39.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 813804 - checksum: sha256:b6644c8cd92d7d7778011a7e13bdad7267e3d5f5265e348f3da1bbe22ed03502 + size: 814188 + checksum: sha256:124fb0871d7ec940aab122357dd21ff64954fc8e9ab9840046c2cf9a80900496 name: pam - evr: 1.3.1-38.el8_10 - sourcerpm: pam-1.3.1-38.el8_10.src.rpm + evr: 1.3.1-39.el8_10 + sourcerpm: pam-1.3.1-39.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/p/pcre-8.42-6.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 211436 @@ -2900,13 +2900,13 @@ arches: name: setup evr: 2.12.2-9.el8 sourcerpm: setup-2.12.2-9.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/s/shadow-utils-4.6-22.el8.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/s/shadow-utils-4.6-23.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1310120 - checksum: sha256:20e487410c60bf49e6f80649f374387738e8a5d11ebf6b3e418298e0887237f0 + size: 1310152 + checksum: sha256:9b8fe8267ae9adb123c25d28a546e10e5377e657b6cc727b7e3117c4abee7845 name: shadow-utils - evr: 2:4.6-22.el8 - sourcerpm: shadow-utils-4.6-22.el8.src.rpm + evr: 2:4.6-23.el8_10 + sourcerpm: shadow-utils-4.6-23.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/s/shared-mime-info-1.9-4.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 341608 @@ -2921,34 +2921,34 @@ arches: name: sqlite-libs evr: 3.26.0-20.el8_10 sourcerpm: sqlite-3.26.0-20.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/s/systemd-239-82.el8_10.5.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/s/systemd-239-82.el8_10.8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 3884024 - checksum: sha256:76958d20032f290e803f274e3636ec052c2b75ec1c283dfe5e311cca5e282e73 + size: 3886804 + checksum: sha256:861ab3ad615884b38cd186ade1cc74249e0b5a3e7465318504ab08c8355c4842 name: systemd - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/s/systemd-libs-239-82.el8_10.5.ppc64le.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/s/systemd-libs-239-82.el8_10.8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1200964 - checksum: sha256:4290159f325f478e602ac5758f787b12b84d265713fffae6310a2ffd5eff0212 + size: 1201844 + checksum: sha256:255bcea5675d0b6415cf95f7e44993cb5d2c9dbe300c0199fb5e7875f277af1c name: systemd-libs - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/s/systemd-pam-239-82.el8_10.5.ppc64le.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/s/systemd-pam-239-82.el8_10.8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 551196 - checksum: sha256:0b8f8c99434ca12a31ea86412609f926ffe0519cc5668ad64526d0f6aeba2ad9 + size: 552628 + checksum: sha256:f8800e69da7366f813d16c43c22d5ad77a36cc2b6befbbcdbcf71819adc97283 name: systemd-pam - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/s/systemd-udev-239-82.el8_10.5.ppc64le.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/s/systemd-udev-239-82.el8_10.8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1625756 - checksum: sha256:3a43942c51205285c3bc759e98999ebf8647b55bdc740041164547856dcc4d51 + size: 1627128 + checksum: sha256:45511abfd2506c0145cefbac5cc195cf526f6c71c484f15491937db7f0f1ce43 name: systemd-udev - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/t/trousers-0.3.15-2.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 159044 @@ -2963,20 +2963,20 @@ arches: name: trousers-lib evr: 0.3.15-2.el8 sourcerpm: trousers-0.3.15-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/t/tzdata-2025b-1.el8.noarch.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/t/tzdata-2025c-1.el8.noarch.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 488428 - checksum: sha256:338539f7f0cd2770694153af81e2e65121b050a1bb555ad66a6fb6f562732602 + size: 560812 + checksum: sha256:e4b6cf905fb2111d9a45c3b6b95f6e0c5199bf9b3d576f2a06b4dcb49a63d55e name: tzdata - evr: 2025b-1.el8 - sourcerpm: tzdata-2025b-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/u/util-linux-2.32.1-46.el8.ppc64le.rpm + evr: 2025c-1.el8 + sourcerpm: tzdata-2025c-1.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/u/util-linux-2.32.1-47.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 2701400 - checksum: sha256:67ac1c1d100dd3022074c357030dab31c776b74ac10d1a14cda6c3b45f10f8e2 + size: 2700484 + checksum: sha256:b48627739d83c990f30f2fb460a9aff87182e9a3160704e2a818c00a65dc7f03 name: util-linux - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/w/which-2.21-21.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 52168 @@ -3024,12 +3024,12 @@ arches: checksum: sha256:31cd372131f6eb404ce90285210fd74021914b4eb52e933b2aeebfa955099faa name: oniguruma evr: 6.8.2-3.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/source/SRPMS/Packages/p/postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/source/SRPMS/Packages/p/postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm repoid: rhel-8-for-ppc64le-appstream-source-rpms - size: 53572917 - checksum: sha256:4a2c66b6b48cbf761ed5d454022f80fd6e63f89a84f095dac2683663960e9272 + size: 45654458 + checksum: sha256:30795de4ed7a01becc64ee50796e7c76b9195ff1eed0a341b279aeb3e4b15527 name: postgresql - evr: 15.14-1.module+el8.10.0+23423+5a199198 + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/source/SRPMS/Packages/x/xkeyboard-config-2.28-1.el8.src.rpm repoid: rhel-8-for-ppc64le-appstream-source-rpms size: 1699339 @@ -3078,24 +3078,24 @@ arches: checksum: sha256:9c1d697f675f5889c57e7f983afa4b3e3f6e2334887ded9d7c10c5a205d1b06a name: bzip2 evr: 1.0.6-28.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/c/ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/c/ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 715540 - checksum: sha256:a066b501d49019ad53d7a8bd7badd1b073f317e406561f0cfad59b7bdfaba0a6 + size: 742547 + checksum: sha256:879547af21a33e8e0a2356bc7cbd8c4fdc17d4830fbcadbf9aac1cfbbcf140f5 name: ca-certificates - evr: 2024.2.69_v8.0.303-80.0.el8_10 + evr: 2025.2.80_v9.0.304-80.2.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/c/chkconfig-1.19.2-1.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 221618 checksum: sha256:7cf522c35fa5a5906c8c793ece9e599e80aba6c37d3f57afbf436c9abb8629c6 name: chkconfig evr: 1.19.2-1.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/c/coreutils-8.30-15.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/c/coreutils-8.30-16.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 5550193 - checksum: sha256:8e6d8f3d8929cfd896c09a6d7ebfdd0d78fd028169042f7df9e35803189e4eee + size: 5552304 + checksum: sha256:a765698d09c82865c7b71c2125273ed393aee734cdb2a999458bbbed9ccfe098 name: coreutils - evr: 8.30-15.el8 + evr: 8.30-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/c/cpio-2.12-11.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 1312438 @@ -3120,12 +3120,12 @@ arches: checksum: sha256:21bb087ab9a3d64c89295a1bd45b5e5b6189832a972d4b3ddccb2ff5437ac2ed name: cryptsetup evr: 2.3.7-7.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/c/curl-7.61.1-34.el8_10.3.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/c/curl-7.61.1-34.el8_10.9.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 2629169 - checksum: sha256:da74fbd455075a1e124a5251e17946c0a2c8b8bd023e349d0c52b3cee8e3d37c + size: 2637559 + checksum: sha256:b69dcfee680f356433e48929a3b447b72d6e99bf8ad61b5a6c9ac2eededf87cd name: curl - evr: 7.61.1-34.el8_10.3 + evr: 7.61.1-34.el8_10.9 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/c/cyrus-sasl-2.1.27-6.el8_5.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 4032772 @@ -3150,48 +3150,48 @@ arches: checksum: sha256:1308e782ad4f9b17a5cbbac9734be496948db857de7458b3388645bf1786892d name: diffutils evr: 3.6-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/d/dracut-049-237.git20250603.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/d/dracut-049-239.git20251127.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 584456 - checksum: sha256:82c025577bb9b0b42696376d7db8a9e2271995d8b42ab79af42911863b7928d0 + size: 585830 + checksum: sha256:559705b03309fdae2474df8798242da457ed1dd7d4014c37462188975bb3bf2e name: dracut - evr: 049-237.git20250603.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/e/e2fsprogs-1.45.6-6.el8_10.src.rpm + evr: 049-239.git20251127.el8_10 + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/e/e2fsprogs-1.45.6-7.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 5677469 - checksum: sha256:2e1f498b0924f164c828a6779756a00a7c69992e0ea90161e5b05270c0232716 + size: 5680546 + checksum: sha256:7adebb4cf95886f8dc9cdfa518378ba4609a2f9800782b8330ca5ddf4409d3bf name: e2fsprogs - evr: 1.45.6-6.el8_10 + evr: 1.45.6-7.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/e/elfutils-0.190-2.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 9288737 checksum: sha256:54fe49a6fd4f87d6fd594b62c465105fc3efab05a1ffcc216f053c277ab619bf name: elfutils evr: 0.190-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/e/expat-2.2.5-17.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/e/expat-2.5.0-1.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 8345318 - checksum: sha256:41de03fcbf3a8f7fa42e7017058ae0186e98a0e448ce01772de7af0a856a749d + size: 8388946 + checksum: sha256:566456bc755b628dc5a4ce77b6a643769165202f0ddd852ba73dd9512b994d2b name: expat - evr: 2.2.5-17.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/f/file-5.33-26.el8.src.rpm + evr: 2.5.0-1.el8_10 + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/f/file-5.33-27.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 899551 - checksum: sha256:1bdcfa5032e3ef5ff5f9f72233b6c9c67c0c7ff994a04df131d3b64b213b99cb + size: 900161 + checksum: sha256:f6996986985a11cebdb085b30dc7281eb320ee6234fa12ae43e39cd2d1de1afc name: file - evr: 5.33-26.el8 + evr: 5.33-27.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/f/filesystem-3.8-6.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 37286 checksum: sha256:113b7c5e28cc1d44e21c564c17d8c592a3f8a20b4c268cdaad6a407dee4d1540 name: filesystem evr: 3.8-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/f/findutils-4.6.0-23.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/f/findutils-4.6.0-24.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 3831527 - checksum: sha256:28510e1bb0c939d1b945f889611cf572e03ee18faaa5bff6f0ad203fd696fb29 + size: 3832656 + checksum: sha256:4ee9287c4f007ef160f3e2f61ddd3d6ff75dfa82ab99ba27f5c6ca673d97d529 name: findutils - evr: 1:4.6.0-23.el8_10 + evr: 1:4.6.0-24.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/gawk-4.2.1-4.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 3036497 @@ -3216,42 +3216,42 @@ arches: checksum: sha256:114be9b072a7726f2ac557fda6b8a86254ae3b7ed984ed14cfa7733bea9005d4 name: gettext evr: 0.19.8.1-17.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/glib2-2.56.4-166.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/glib2-2.56.4-167.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 7164223 - checksum: sha256:1c3428c7032aa0ba80754efd2b97d1e3b432eb151ed9de4db7a09ad96e5ecd33 + size: 7164394 + checksum: sha256:80ee50b39aa478e1503dbd18626df91a023d30e3f9b6fb588fa82e6ce2b5972e name: glib2 - evr: 2.56.4-166.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.25.src.rpm + evr: 2.56.4-167.el8_10 + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.27.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 18515112 - checksum: sha256:cf4f9d4cf5af467b7c42faedc1b12e6457e8d0fee07cedb9e122e6ba52d86938 + size: 18525139 + checksum: sha256:c3f8d7e92cffbd4e81c33871b5c55034b3f11c7417e6d84805a67e52cc6ebec1 name: glibc - evr: 2.28-251.el8_10.25 + evr: 2.28-251.el8_10.27 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/gmp-6.1.2-11.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 2430007 checksum: sha256:0be11faec5810961b3b5b2f0e8a54c4628b62bb2bec4e282f47682c4be0cef64 name: gmp evr: 1:6.1.2-11.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/gnutls-3.6.16-8.el8_10.3.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/gnutls-3.6.16-8.el8_10.4.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 5774773 - checksum: sha256:e3dc1e166a626f8ff303c9d9a260d4a1ac68cd2a62d28bfec51d6b1aa3670053 + size: 5783117 + checksum: sha256:62b0fb59ca7babdf1f2558c69ff1ceb67358d455bbf107d32db851f0af8ef185 name: gnutls - evr: 3.6.16-8.el8_10.3 + evr: 3.6.16-8.el8_10.4 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/grep-3.1-6.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 1412532 checksum: sha256:c5d8342de1536365d5ccb340a4a381b40529eb98a6866981df956e4adc2727ac name: grep evr: 3.1-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/grub2-2.02-167.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/grub2-2.02-169.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 8328141 - checksum: sha256:f4628c23c03e887679455a758545da6b4c54a31210fc665df55cd192c440ecd0 + size: 8327955 + checksum: sha256:1f583a9551862935908b05cfe9c75f5d0fd7b3eb46896a938341fbdc700d51c2 name: grub2 - evr: 1:2.02-167.el8_10 + evr: 1:2.02-169.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/grubby-8.40-49.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 233771 @@ -3414,12 +3414,12 @@ arches: checksum: sha256:a139e44850d9210e2a662e676dd57a6a40323b1744a14be7a87221f8e36cffe5 name: libsigsegv evr: 2.11-5.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/l/libssh-0.9.6-14.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/l/libssh-0.9.6-16.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 1151415 - checksum: sha256:a04fb32a5bdaf33053918c3c931891fe7415a8ace08069b74d055931413056eb + size: 1151564 + checksum: sha256:71e885a125f15dbbce25f515cc80bd2df63a93c904e0b71c5645d27c18c9f98c name: libssh - evr: 0.9.6-14.el8 + evr: 0.9.6-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/l/libtasn1-4.13-5.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 1968290 @@ -3516,12 +3516,12 @@ arches: checksum: sha256:42a8826001f6a49c1385746f1c5ef3967c3f15fe6fa510fe001d5a232732661a name: openldap evr: 2.4.46-21.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/o/openssl-1.1.1k-14.el8_6.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/o/openssl-1.1.1k-14.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 7741480 - checksum: sha256:c97b10d6a034e025a19ec8443ef7c80755e3a407fe29a77dda95af958b199eed + size: 7743036 + checksum: sha256:01ef6da2173fdd58138e983a69f7213698673c3eddb23539d4876eaca0efc07d name: openssl - evr: 1:1.1.1k-14.el8_6 + evr: 1:1.1.1k-14.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/o/openssl-pkcs11-0.4.10-3.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 520347 @@ -3540,12 +3540,12 @@ arches: checksum: sha256:9dece924ffd6e5698e7cb865f01976d7786b8c3cc65e743cf9ce3a856baff95e name: p11-kit evr: 0.23.22-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/p/pam-1.3.1-38.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/p/pam-1.3.1-39.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 1183015 - checksum: sha256:868a69dca0a6655a20c150bff64b3fdb058a9b9ee763094ff4b70052d9db6c74 + size: 1185014 + checksum: sha256:dbbbd55c9700e19c59e4e425a6b6f08eb4cb77f68967e773b318a8dfbdfdfb93 name: pam - evr: 1.3.1-38.el8_10 + evr: 1.3.1-39.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/p/pcre-8.42-6.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 1617186 @@ -3630,12 +3630,12 @@ arches: checksum: sha256:72f87a1c0c92c9486bdb3748db880281fcc1f947bbedb99edbcebf189e4a5c40 name: setup evr: 2.12.2-9.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/s/shadow-utils-4.6-22.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/s/shadow-utils-4.6-23.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 1845120 - checksum: sha256:140a4273738ea9cfd1fc5627ebd66ad1696a5e3c959092b41bf5dc6d7657d8a6 + size: 1845199 + checksum: sha256:1f73218c7981d0fe5008adfb4b8460626ba2dfe43c4075f50045c48f8d9e30cd name: shadow-utils - evr: 2:4.6-22.el8 + evr: 2:4.6-23.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/s/shared-mime-info-1.9-4.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 644720 @@ -3648,12 +3648,12 @@ arches: checksum: sha256:26dc49ea369dc145166e0a3959cc132f45e3345b99a75420c8932af24f44668c name: sqlite evr: 3.26.0-20.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/s/systemd-239-82.el8_10.5.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/s/systemd-239-82.el8_10.8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 9161850 - checksum: sha256:a20ae7bd2f13fd756b2389ec6ba6f84e6a9be28df01b5a7d04dab93b492a0eab + size: 9188443 + checksum: sha256:a3ade60f73bb3137b94ac38205c321511b70e2bf61b79e2a25e31015fb415844 name: systemd - evr: 239-82.el8_10.5 + evr: 239-82.el8_10.8 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/t/texinfo-6.5-7.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 4544531 @@ -3666,18 +3666,18 @@ arches: checksum: sha256:ad79eab11673ac2f172276a993d98f2bf98c77728863f656d7cc0ab595d5b593 name: trousers evr: 0.3.15-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/t/tzdata-2025b-1.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/t/tzdata-2025c-1.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 946701 - checksum: sha256:2f0ba51d371713287a690d9d1635b534113258aa2571862603d52870c1c8b60d + size: 960798 + checksum: sha256:c9798a08b98344921713d3183bda98727df494d83f96924604b6b755ddc30f61 name: tzdata - evr: 2025b-1.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/u/util-linux-2.32.1-46.el8.src.rpm + evr: 2025c-1.el8 + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/u/util-linux-2.32.1-47.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 4816801 - checksum: sha256:3fb688481dd062d917d8119cd64582a9e6ffa6736a6dbbf956d038a9115c6004 + size: 4817466 + checksum: sha256:e10e379f1386bdd6315e20cf735616747690c137ada562f47da85ca90ea966ee name: util-linux - evr: 2.32.1-46.el8 + evr: 2.32.1-47.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/w/which-2.21-21.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 171834 @@ -3703,10 +3703,10 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/repodata/bf46cf42a6afde0f481675c4a790ef070692bb6c23ff34f44650792930bc021d-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/repodata/26fdc5fabf8bb878dc73a0dc561e6c10ccaeb1b6237175e98be15de9fb9f8fd9-modules.yaml.gz repoid: rhel-8-for-ppc64le-appstream-rpms - size: 728060 - checksum: sha256:bf46cf42a6afde0f481675c4a790ef070692bb6c23ff34f44650792930bc021d + size: 754812 + checksum: sha256:26fdc5fabf8bb878dc73a0dc561e6c10ccaeb1b6237175e98be15de9fb9f8fd9 - arch: s390x packages: - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/Packages/j/jq-1.6-11.el8_10.s390x.rpm @@ -3786,20 +3786,20 @@ arches: name: perl-libnet evr: 3.11-3.el8 sourcerpm: perl-libnet-3.11-3.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/Packages/p/postgresql-15.14-1.module+el8.10.0+23423+5a199198.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/Packages/p/postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.s390x.rpm repoid: rhel-8-for-s390x-appstream-rpms - size: 1769979 - checksum: sha256:cb724993ae1ac5099ba3eebd84fdb7acc8716f3502a3c794f011046c00bfadd8 + size: 1782631 + checksum: sha256:f0afab8138e3ce7ab6bb930e9a3ac03f03c1616abedbca3390c0fde2a3f39479 name: postgresql - evr: 15.14-1.module+el8.10.0+23423+5a199198 - sourcerpm: postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/Packages/p/postgresql-private-libs-15.14-1.module+el8.10.0+23423+5a199198.s390x.rpm + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 + sourcerpm: postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/Packages/p/postgresql-private-libs-15.15-1.module+el8.10.0+23782+2d6b2a31.s390x.rpm repoid: rhel-8-for-s390x-appstream-rpms - size: 128367 - checksum: sha256:bb5e475ffe306636145ecc909d945341326346ea34f1564674f46e933aff3dea + size: 128795 + checksum: sha256:32f31046e29c5dc0d48ae70fd732028069dbb5d6531a2bd72b538b850f27ffd1 name: postgresql-private-libs - evr: 15.14-1.module+el8.10.0+23423+5a199198 - sourcerpm: postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 + sourcerpm: postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/Packages/x/xkeyboard-config-2.28-1.el8.noarch.rpm repoid: rhel-8-for-s390x-appstream-rpms size: 801000 @@ -3849,13 +3849,13 @@ arches: name: bzip2-libs evr: 1.0.6-28.el8_10 sourcerpm: bzip2-1.0.6-28.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/c/ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.noarch.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/c/ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.noarch.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 1006212 - checksum: sha256:5b97c63d4978f82a8d73cb83c81c438d69309bc929d35c6bebf5868f128da13f + size: 1048264 + checksum: sha256:01d249b3d9889ab05adea246a1e84571e817013e06b24bbfc4bb42a1d7d8aa50 name: ca-certificates - evr: 2024.2.69_v8.0.303-80.0.el8_10 - sourcerpm: ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.src.rpm + evr: 2025.2.80_v9.0.304-80.2.el8_10 + sourcerpm: ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/c/chkconfig-1.19.2-1.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 201200 @@ -3863,20 +3863,20 @@ arches: name: chkconfig evr: 1.19.2-1.el8 sourcerpm: chkconfig-1.19.2-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/c/coreutils-8.30-15.el8.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/c/coreutils-8.30-16.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 1246652 - checksum: sha256:f97f9dae4064ad495d10733ed152bfa520cab09eac99732a1b2b13963d2b244a + size: 1245376 + checksum: sha256:d88dd6e3dc2b74102bc628522646ff610450a46c29fac1cd3c74fd64f2642b29 name: coreutils - evr: 8.30-15.el8 - sourcerpm: coreutils-8.30-15.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/c/coreutils-common-8.30-15.el8.s390x.rpm + evr: 8.30-16.el8_10 + sourcerpm: coreutils-8.30-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/c/coreutils-common-8.30-16.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 2092220 - checksum: sha256:08d68a219cf2fd4ac6b0c0f503535cebf494cfd3db04ab85caf54323828bd7f2 + size: 2091268 + checksum: sha256:176bb249783d66b6783a059bd747840f5865f1de951cf9ba38012c9af6e62100 name: coreutils-common - evr: 8.30-15.el8 - sourcerpm: coreutils-8.30-15.el8.src.rpm + evr: 8.30-16.el8_10 + sourcerpm: coreutils-8.30-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/c/cracklib-2.9.6-15.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 95348 @@ -3912,13 +3912,13 @@ arches: name: cryptsetup-libs evr: 2.3.7-7.el8 sourcerpm: cryptsetup-2.3.7-7.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/c/curl-7.61.1-34.el8_10.3.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/c/curl-7.61.1-34.el8_10.9.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 359508 - checksum: sha256:caf51eb9d33122711339585a17aa4c2b2c14bd1af4c2ae52e30006a9f82641f0 + size: 359204 + checksum: sha256:deb89d87cdc83b3ed7c9206c5f3b6a148c6e0de82eaa7bff235d7838910e176c name: curl - evr: 7.61.1-34.el8_10.3 - sourcerpm: curl-7.61.1-34.el8_10.3.src.rpm + evr: 7.61.1-34.el8_10.9 + sourcerpm: curl-7.61.1-34.el8_10.9.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/c/cyrus-sasl-lib-2.1.27-6.el8_5.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 123440 @@ -4017,27 +4017,27 @@ arches: name: ethtool evr: 2:5.13-2.el8 sourcerpm: ethtool-5.13-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/e/expat-2.2.5-17.el8_10.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/e/expat-2.5.0-1.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 112836 - checksum: sha256:14984a7a7991b4c31d71c853e6390386bed64d70b00616e1c3f8761d271b9663 + size: 129316 + checksum: sha256:557227064a4eeb6065f44be3e84f1320540bf816d4790bc328995e69992b2319 name: expat - evr: 2.2.5-17.el8_10 - sourcerpm: expat-2.2.5-17.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/f/file-5.33-26.el8.s390x.rpm + evr: 2.5.0-1.el8_10 + sourcerpm: expat-2.5.0-1.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/f/file-5.33-27.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 79028 - checksum: sha256:6867ff45a6e9affb79908c5412c3e44a5e604988d1fb52e9a909c49df989332f + size: 79180 + checksum: sha256:fe03bf5467f379f3d1605882edc36e44991eb4612fad46a293e1f7a1bf3e8695 name: file - evr: 5.33-26.el8 - sourcerpm: file-5.33-26.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/f/file-libs-5.33-26.el8.s390x.rpm + evr: 5.33-27.el8_10 + sourcerpm: file-5.33-27.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/f/file-libs-5.33-27.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 554644 - checksum: sha256:c87bc137abea1ca77924475fede97a2e00a2f48b9deadee7d632af8466d70c23 + size: 554756 + checksum: sha256:45261ad26b62dedd93c3ea30ee73b741077de532c0d56ab2ad98d60f728dba60 name: file-libs - evr: 5.33-26.el8 - sourcerpm: file-5.33-26.el8.src.rpm + evr: 5.33-27.el8_10 + sourcerpm: file-5.33-27.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/f/filesystem-3.8-6.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 1135720 @@ -4045,13 +4045,13 @@ arches: name: filesystem evr: 3.8-6.el8 sourcerpm: filesystem-3.8-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/f/findutils-4.6.0-23.el8_10.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/f/findutils-4.6.0-24.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 535572 - checksum: sha256:b23855a924a4df2772243a707899f96220f5072443cfb57f80ed3a8db5e9d4e4 + size: 534300 + checksum: sha256:ad5056cc34d6e9ba28bf8a2f4006002cc96d6d99d3de88b39ac1c683fa01c3d4 name: findutils - evr: 1:4.6.0-23.el8_10 - sourcerpm: findutils-4.6.0-23.el8_10.src.rpm + evr: 1:4.6.0-24.el8_10 + sourcerpm: findutils-4.6.0-24.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/f/fuse3-libs-3.3.0-19.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 93052 @@ -4080,41 +4080,41 @@ arches: name: gdbm-libs evr: 1:1.18-2.el8 sourcerpm: gdbm-1.18-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glib2-2.56.4-166.el8_10.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glib2-2.56.4-167.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 2534880 - checksum: sha256:613067cee576275bbd45eaf39190fc2fd009fe1de97d45718176f0671dedff96 + size: 2533872 + checksum: sha256:2a62ce51041c154b6fd8eb53d047282f8a24c564bdea96e03bda3f2b0073d468 name: glib2 - evr: 2.56.4-166.el8_10 - sourcerpm: glib2-2.56.4-166.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-2.28-251.el8_10.25.s390x.rpm + evr: 2.56.4-167.el8_10 + sourcerpm: glib2-2.56.4-167.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-2.28-251.el8_10.27.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 1876452 - checksum: sha256:fac8df4ecd6aea4213786aca01d24a9e5211d6b8ff674660ad4dd268673ac676 + size: 1876988 + checksum: sha256:c944278e98456a7a28df9b3e3210e717f19111152be728bbe6e0bdd5d1ca8e93 name: glibc - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.25.s390x.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.27.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 25899496 - checksum: sha256:e6c755142065999fbeead361eb3ceca70da40c4774302b6446b17ee668702ea0 + size: 25900128 + checksum: sha256:da42288138b51afe5d7473ba4f69a87044a91f0cca7a91c34fc94efc1c7a67d6 name: glibc-all-langpacks - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.25.s390x.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.27.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 1220760 - checksum: sha256:52836fabdf2695da3b2fd0dc0b22a1ceb1b94e96f531875864ccd558181db0bd + size: 1220936 + checksum: sha256:610bc4457f38e9b31bb3014ad3d8429a3c59cf20a5fb7807643796831a4c6006 name: glibc-common - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.25.s390x.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.27.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 1588004 - checksum: sha256:c833f3bc8653379f829ed2fa3709bc5642b331bbb508758feb8000e884672e12 + size: 1588036 + checksum: sha256:1c8a4dcadc9c7a6a4ffdba6737bb7195b9948dba6fcb7bc68d235632d5a1b68e name: glibc-gconv-extra - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/gmp-6.1.2-11.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 288604 @@ -4122,13 +4122,13 @@ arches: name: gmp evr: 1:6.1.2-11.el8 sourcerpm: gmp-6.1.2-11.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/gnutls-3.6.16-8.el8_10.3.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/gnutls-3.6.16-8.el8_10.4.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 927232 - checksum: sha256:edf01d1c367b63cf02ee778145fc48f189b2782946202c33b2c364682eb6aa0e + size: 926672 + checksum: sha256:7db1f4bc61e6aa6c8ed8575b6586a69f0e78f6c42c2cfefcefda4cf07b747cc3 name: gnutls - evr: 3.6.16-8.el8_10.3 - sourcerpm: gnutls-3.6.16-8.el8_10.3.src.rpm + evr: 3.6.16-8.el8_10.4 + sourcerpm: gnutls-3.6.16-8.el8_10.4.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/grep-3.1-6.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 278780 @@ -4213,13 +4213,13 @@ arches: name: libattr evr: 2.4.48-3.el8 sourcerpm: attr-2.4.48-3.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libblkid-2.32.1-46.el8.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libblkid-2.32.1-47.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 218432 - checksum: sha256:ca3d91333a4b45644b78cdf9bf0451268531ccd8ac4f2477e832499f36915afc + size: 217464 + checksum: sha256:8a29b8ce7cafb898bcc8a3998eb1faf948538d4e293902eb36cd8caeaa732ca8 name: libblkid - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libcap-2.48-6.el8_9.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 75024 @@ -4234,20 +4234,20 @@ arches: name: libcap-ng evr: 0.7.11-1.el8 sourcerpm: libcap-ng-0.7.11-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libcom_err-1.45.6-6.el8_10.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libcom_err-1.45.6-7.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 50428 - checksum: sha256:a0c24f96a45a50b655ae53f88e8aa92418b7a9d8be3346020582b188f9e95144 + size: 49432 + checksum: sha256:01cc0b4a9ade73f13ef87271d12304f18382570afcdbde18ddff51bde5e2b5de name: libcom_err - evr: 1.45.6-6.el8_10 - sourcerpm: e2fsprogs-1.45.6-6.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libcurl-7.61.1-34.el8_10.3.s390x.rpm + evr: 1.45.6-7.el8_10 + sourcerpm: e2fsprogs-1.45.6-7.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libcurl-7.61.1-34.el8_10.9.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 295448 - checksum: sha256:89c1381e99e6a961bc6c0d9f2596ade4e963385451e41342f78f92e47b9532fa + size: 295252 + checksum: sha256:46d9a691c61bce34ce30e39ae3bb9fb7ca744dbc0c8fc2fe01522ab79aca1867 name: libcurl - evr: 7.61.1-34.el8_10.3 - sourcerpm: curl-7.61.1-34.el8_10.3.src.rpm + evr: 7.61.1-34.el8_10.9 + sourcerpm: curl-7.61.1-34.el8_10.9.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libdb-5.3.28-42.el8_4.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 704836 @@ -4262,13 +4262,13 @@ arches: name: libdb-utils evr: 5.3.28-42.el8_4 sourcerpm: libdb-5.3.28-42.el8_4.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libfdisk-2.32.1-46.el8.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libfdisk-2.32.1-47.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 250224 - checksum: sha256:c5d6ee8b8e11fa183f249251dbca889caa9124372e769c7415cdd6f8be150192 + size: 249252 + checksum: sha256:ace74b38dd4fc20e28ac047ac97b895189cfba9f7f6af1fa19ad3883c4a294e4 name: libfdisk - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libffi-3.1-24.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 36696 @@ -4311,13 +4311,13 @@ arches: name: libmnl evr: 1.0.4-6.el8 sourcerpm: libmnl-1.0.4-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libmount-2.32.1-46.el8.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libmount-2.32.1-47.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 234100 - checksum: sha256:774b0d1a7f919f711bfbde3ba4215724ab7e371675a3c8ba8b144ee14beb44b8 + size: 233224 + checksum: sha256:8ad944179fb0335b551cc6d7de8da6186b9b6f13f89898c6dbb71103f923776d name: libmount - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libnghttp2-1.33.0-6.el8_10.1.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 76440 @@ -4381,27 +4381,27 @@ arches: name: libsigsegv evr: 2.11-5.el8 sourcerpm: libsigsegv-2.11-5.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libsmartcols-2.32.1-46.el8.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libsmartcols-2.32.1-47.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 179604 - checksum: sha256:056af1b75b452c62146ffc711ae44467c5289f5637132421f759baff56a41937 + size: 178524 + checksum: sha256:f9e67d9af7a2e93b3ff169d4998828956ac51c55b85405282913bcfcb322f501 name: libsmartcols - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libssh-0.9.6-14.el8.s390x.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libssh-0.9.6-16.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 209516 - checksum: sha256:05734cf33939986e279a19daaa55e142214273b5c27c13f6139081b70f1028db + size: 208564 + checksum: sha256:8f51b2c41b1d960278171ec5df483cffc538f4edc8ca0a1bc366d1d7d87e2e12 name: libssh - evr: 0.9.6-14.el8 - sourcerpm: libssh-0.9.6-14.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libssh-config-0.9.6-14.el8.noarch.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libssh-config-0.9.6-16.el8_10.noarch.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 21548 - checksum: sha256:e8281fb82a512c0bbfdd4bbd0f7f9657fce2ad547189fb93d0a0bf814173a2a4 + size: 20644 + checksum: sha256:2471adc5113ee9a2ff70bbbd3c9ef2a8d63e2da99bcfb00566b0869b2f037d27 name: libssh-config - evr: 0.9.6-14.el8 - sourcerpm: libssh-0.9.6-14.el8.src.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libstdc++-8.5.0-28.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 487712 @@ -4437,13 +4437,13 @@ arches: name: libutempter evr: 1.1.6-14.el8 sourcerpm: libutempter-1.1.6-14.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libuuid-2.32.1-46.el8.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libuuid-2.32.1-47.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 101748 - checksum: sha256:3cde4971e145902c007ab1a0cb544a674b51cc9ff9907a925c5bbce2c94e0479 + size: 100760 + checksum: sha256:187bf3a3f84fcb072e650ad7319304cc266965046f522b010345291b2fa6f551 name: libuuid - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libverto-0.3.2-2.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 23952 @@ -4528,20 +4528,20 @@ arches: name: openldap evr: 2.4.46-21.el8_10 sourcerpm: openldap-2.4.46-21.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/o/openssl-1.1.1k-14.el8_6.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/o/openssl-1.1.1k-14.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 714804 - checksum: sha256:2f7e70c08d50e1f6314e5d130d77c6285e3133c57903ee692e49579ecf09963b + size: 713908 + checksum: sha256:671a1a421599b359980a8b9385653636673a9bd2d3fccef8cd3619d529d5a7ae name: openssl - evr: 1:1.1.1k-14.el8_6 - sourcerpm: openssl-1.1.1k-14.el8_6.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/o/openssl-libs-1.1.1k-14.el8_6.s390x.rpm + evr: 1:1.1.1k-14.el8_10 + sourcerpm: openssl-1.1.1k-14.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/o/openssl-libs-1.1.1k-14.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 1214152 - checksum: sha256:1d4a53c1b5aebd49857e16f7ba74a9263147df4e646883e8dc570ae454f273e1 + size: 1213744 + checksum: sha256:5afefe16ce70e9284ed2dfca9829c1392875c721ce50bd354882d28f051048a5 name: openssl-libs - evr: 1:1.1.1k-14.el8_6 - sourcerpm: openssl-1.1.1k-14.el8_6.src.rpm + evr: 1:1.1.1k-14.el8_10 + sourcerpm: openssl-1.1.1k-14.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/o/openssl-pkcs11-0.4.10-3.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 65896 @@ -4563,13 +4563,13 @@ arches: name: p11-kit-trust evr: 0.23.22-2.el8 sourcerpm: p11-kit-0.23.22-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/p/pam-1.3.1-38.el8_10.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/p/pam-1.3.1-39.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 745604 - checksum: sha256:52835d115a32fc8c29e83195bd9290368b48ace8709582b81a911597fd6d5719 + size: 745912 + checksum: sha256:acce7bdddf4ac5c3a25f3042f3f90b490cf0e575c246d0b659a13699fe97e11f name: pam - evr: 1.3.1-38.el8_10 - sourcerpm: pam-1.3.1-38.el8_10.src.rpm + evr: 1.3.1-39.el8_10 + sourcerpm: pam-1.3.1-39.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/p/pcre-8.42-6.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 133532 @@ -4906,27 +4906,27 @@ arches: name: rpm-libs evr: 4.14.3-32.el8_10 sourcerpm: rpm-4.14.3-32.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/s390utils-base-2.29.0-3.el8_10.1.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/s390utils-base-2.29.0-3.el8_10.3.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 3145168 - checksum: sha256:d9e96d24766f7786fd261dde753f19a052e002f8191486a5d7e2cb8251bf678b + size: 3143836 + checksum: sha256:038d666cbdaffb99d0f607e97ca34a55bd7b56528341854f7f209280efb36114 name: s390utils-base - evr: 2:2.29.0-3.el8_10.1 - sourcerpm: s390utils-2.29.0-3.el8_10.1.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/s390utils-core-2.29.0-3.el8_10.1.s390x.rpm + evr: 2:2.29.0-3.el8_10.3 + sourcerpm: s390utils-2.29.0-3.el8_10.3.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/s390utils-core-2.29.0-3.el8_10.3.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 492464 - checksum: sha256:198b0f5533ad0bed7667eb8f8ff8c0133a1a3c6105fff20145ed02507b599418 + size: 491788 + checksum: sha256:c8d7d1382d16a13e6952c08ed6b62dcc354f16bb12d0adb1657473cebcde7cf7 name: s390utils-core - evr: 2:2.29.0-3.el8_10.1 - sourcerpm: s390utils-2.29.0-3.el8_10.1.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/s390utils-se-data-2.29.0-3.el8_10.1.noarch.rpm + evr: 2:2.29.0-3.el8_10.3 + sourcerpm: s390utils-2.29.0-3.el8_10.3.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/s390utils-se-data-2.29.0-3.el8_10.3.noarch.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 57180 - checksum: sha256:ad0716f0d2d16e20e413972140ca581ef2ffc34e5a4f803178390c25dc7ee605 + size: 56388 + checksum: sha256:05e7e8241d1cb0955239bb2570c6294c9d6583ea03e2695ad681cc67c905d9cb name: s390utils-se-data - evr: 2:2.29.0-3.el8_10.1 - sourcerpm: s390utils-2.29.0-3.el8_10.1.src.rpm + evr: 2:2.29.0-3.el8_10.3 + sourcerpm: s390utils-2.29.0-3.el8_10.3.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/sed-4.5-5.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 304464 @@ -4955,13 +4955,13 @@ arches: name: sg3_utils-libs evr: 1.44-6.el8 sourcerpm: sg3_utils-1.44-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/shadow-utils-4.6-22.el8.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/shadow-utils-4.6-23.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 1270628 - checksum: sha256:760c020a571c1dfa7951b72375d35f4d57aca662151d56be383c8bbd71303171 + size: 1270700 + checksum: sha256:86f5d1c59319dbdc6872d94f0fb89f1fdfd6c8c4a942b540427e1e19e8244a34 name: shadow-utils - evr: 2:4.6-22.el8 - sourcerpm: shadow-utils-4.6-22.el8.src.rpm + evr: 2:4.6-23.el8_10 + sourcerpm: shadow-utils-4.6-23.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/shared-mime-info-1.9-4.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 335100 @@ -4976,27 +4976,27 @@ arches: name: sqlite-libs evr: 3.26.0-20.el8_10 sourcerpm: sqlite-3.26.0-20.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/systemd-239-82.el8_10.5.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/systemd-239-82.el8_10.8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 3519740 - checksum: sha256:612d4d8b5ebc4491d7cd7231e4139b71f481fde7d355e65666b9852e99a9504e + size: 3520204 + checksum: sha256:dd8d041a9dc0c0657ba446245f36e2aef4dfe36821d7678df431cc91e1389a44 name: systemd - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/systemd-libs-239-82.el8_10.5.s390x.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/systemd-libs-239-82.el8_10.8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 1063872 - checksum: sha256:3f5046b998abf0fb3c4ec0d39f5d02fb68f844936e71533eab8048b153fef3c6 + size: 1065440 + checksum: sha256:233b13eae1aa0000b2deafd6d1e95e6dfa352887833a710794ad9ce62f4aa027 name: systemd-libs - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/systemd-pam-239-82.el8_10.5.s390x.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/s/systemd-pam-239-82.el8_10.8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 485876 - checksum: sha256:c04ec1536e57aefc8f1cb7de4adb632c75f2f8ae5b1b76a53d39eea3a58b4221 + size: 487296 + checksum: sha256:0ef21f20d6154582fc178ecb94e9a326b53357ccd54e3c16eaa8d4dbad8cef34 name: systemd-pam - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/t/tar-1.30-11.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 852716 @@ -5018,20 +5018,20 @@ arches: name: trousers-lib evr: 0.3.15-2.el8 sourcerpm: trousers-0.3.15-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/t/tzdata-2025b-1.el8.noarch.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/t/tzdata-2025c-1.el8.noarch.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 488428 - checksum: sha256:338539f7f0cd2770694153af81e2e65121b050a1bb555ad66a6fb6f562732602 + size: 560812 + checksum: sha256:e4b6cf905fb2111d9a45c3b6b95f6e0c5199bf9b3d576f2a06b4dcb49a63d55e name: tzdata - evr: 2025b-1.el8 - sourcerpm: tzdata-2025b-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/u/util-linux-2.32.1-46.el8.s390x.rpm + evr: 2025c-1.el8 + sourcerpm: tzdata-2025c-1.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/u/util-linux-2.32.1-47.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 2499112 - checksum: sha256:b38a06ea761769397787d24ce03c654a379720ab805f58a3c54be52828f707e0 + size: 2497388 + checksum: sha256:b3adf172d10ca587a37806ba7f0ae4a65caaee9836014498b998a2a214e24d6b name: util-linux - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/x/xz-libs-5.2.4-4.el8_6.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 95736 @@ -5113,12 +5113,12 @@ arches: checksum: sha256:dc91b0b1230e700b03f6bf9b67e7e1888a40fb3cba04407be800ebe03b3f6632 name: perl-libnet evr: 3.11-3.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/source/SRPMS/Packages/p/postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/source/SRPMS/Packages/p/postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm repoid: rhel-8-for-s390x-appstream-source-rpms - size: 53572917 - checksum: sha256:4a2c66b6b48cbf761ed5d454022f80fd6e63f89a84f095dac2683663960e9272 + size: 45654458 + checksum: sha256:30795de4ed7a01becc64ee50796e7c76b9195ff1eed0a341b279aeb3e4b15527 name: postgresql - evr: 15.14-1.module+el8.10.0+23423+5a199198 + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/source/SRPMS/Packages/x/xkeyboard-config-2.28-1.el8.src.rpm repoid: rhel-8-for-s390x-appstream-source-rpms size: 1699339 @@ -5167,24 +5167,24 @@ arches: checksum: sha256:9c1d697f675f5889c57e7f983afa4b3e3f6e2334887ded9d7c10c5a205d1b06a name: bzip2 evr: 1.0.6-28.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/c/ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/c/ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 715540 - checksum: sha256:a066b501d49019ad53d7a8bd7badd1b073f317e406561f0cfad59b7bdfaba0a6 + size: 742547 + checksum: sha256:879547af21a33e8e0a2356bc7cbd8c4fdc17d4830fbcadbf9aac1cfbbcf140f5 name: ca-certificates - evr: 2024.2.69_v8.0.303-80.0.el8_10 + evr: 2025.2.80_v9.0.304-80.2.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/c/chkconfig-1.19.2-1.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 221618 checksum: sha256:7cf522c35fa5a5906c8c793ece9e599e80aba6c37d3f57afbf436c9abb8629c6 name: chkconfig evr: 1.19.2-1.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/c/coreutils-8.30-15.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/c/coreutils-8.30-16.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 5550193 - checksum: sha256:8e6d8f3d8929cfd896c09a6d7ebfdd0d78fd028169042f7df9e35803189e4eee + size: 5552304 + checksum: sha256:a765698d09c82865c7b71c2125273ed393aee734cdb2a999458bbbed9ccfe098 name: coreutils - evr: 8.30-15.el8 + evr: 8.30-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/c/cracklib-2.9.6-15.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 6423670 @@ -5203,12 +5203,12 @@ arches: checksum: sha256:21bb087ab9a3d64c89295a1bd45b5e5b6189832a972d4b3ddccb2ff5437ac2ed name: cryptsetup evr: 2.3.7-7.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/c/curl-7.61.1-34.el8_10.3.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/c/curl-7.61.1-34.el8_10.9.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 2629169 - checksum: sha256:da74fbd455075a1e124a5251e17946c0a2c8b8bd023e349d0c52b3cee8e3d37c + size: 2637559 + checksum: sha256:b69dcfee680f356433e48929a3b447b72d6e99bf8ad61b5a6c9ac2eededf87cd name: curl - evr: 7.61.1-34.el8_10.3 + evr: 7.61.1-34.el8_10.9 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/c/cyrus-sasl-2.1.27-6.el8_5.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 4032772 @@ -5227,12 +5227,12 @@ arches: checksum: sha256:1308e782ad4f9b17a5cbbac9734be496948db857de7458b3388645bf1786892d name: diffutils evr: 3.6-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/e/e2fsprogs-1.45.6-6.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/e/e2fsprogs-1.45.6-7.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 5677469 - checksum: sha256:2e1f498b0924f164c828a6779756a00a7c69992e0ea90161e5b05270c0232716 + size: 5680546 + checksum: sha256:7adebb4cf95886f8dc9cdfa518378ba4609a2f9800782b8330ca5ddf4409d3bf name: e2fsprogs - evr: 1.45.6-6.el8_10 + evr: 1.45.6-7.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/e/elfutils-0.190-2.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 9288737 @@ -5245,30 +5245,30 @@ arches: checksum: sha256:9d27b5c50f4ed21ada0e3a2a4e3ffab0df5b0856f052b2ae602d3e04f75f853e name: ethtool evr: 2:5.13-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/e/expat-2.2.5-17.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/e/expat-2.5.0-1.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 8345318 - checksum: sha256:41de03fcbf3a8f7fa42e7017058ae0186e98a0e448ce01772de7af0a856a749d + size: 8388946 + checksum: sha256:566456bc755b628dc5a4ce77b6a643769165202f0ddd852ba73dd9512b994d2b name: expat - evr: 2.2.5-17.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/f/file-5.33-26.el8.src.rpm + evr: 2.5.0-1.el8_10 + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/f/file-5.33-27.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 899551 - checksum: sha256:1bdcfa5032e3ef5ff5f9f72233b6c9c67c0c7ff994a04df131d3b64b213b99cb + size: 900161 + checksum: sha256:f6996986985a11cebdb085b30dc7281eb320ee6234fa12ae43e39cd2d1de1afc name: file - evr: 5.33-26.el8 + evr: 5.33-27.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/f/filesystem-3.8-6.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 37286 checksum: sha256:113b7c5e28cc1d44e21c564c17d8c592a3f8a20b4c268cdaad6a407dee4d1540 name: filesystem evr: 3.8-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/f/findutils-4.6.0-23.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/f/findutils-4.6.0-24.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 3831527 - checksum: sha256:28510e1bb0c939d1b945f889611cf572e03ee18faaa5bff6f0ad203fd696fb29 + size: 3832656 + checksum: sha256:4ee9287c4f007ef160f3e2f61ddd3d6ff75dfa82ab99ba27f5c6ca673d97d529 name: findutils - evr: 1:4.6.0-23.el8_10 + evr: 1:4.6.0-24.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/f/fuse-2.9.7-19.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 993464 @@ -5293,30 +5293,30 @@ arches: checksum: sha256:e91abeb46538fc264936c0eed825c28eab9eef47288c9eb1d2d4d078bccad5d1 name: gdbm evr: 1:1.18-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/g/glib2-2.56.4-166.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/g/glib2-2.56.4-167.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 7164223 - checksum: sha256:1c3428c7032aa0ba80754efd2b97d1e3b432eb151ed9de4db7a09ad96e5ecd33 + size: 7164394 + checksum: sha256:80ee50b39aa478e1503dbd18626df91a023d30e3f9b6fb588fa82e6ce2b5972e name: glib2 - evr: 2.56.4-166.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.25.src.rpm + evr: 2.56.4-167.el8_10 + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.27.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 18515112 - checksum: sha256:cf4f9d4cf5af467b7c42faedc1b12e6457e8d0fee07cedb9e122e6ba52d86938 + size: 18525139 + checksum: sha256:c3f8d7e92cffbd4e81c33871b5c55034b3f11c7417e6d84805a67e52cc6ebec1 name: glibc - evr: 2.28-251.el8_10.25 + evr: 2.28-251.el8_10.27 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/g/gmp-6.1.2-11.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 2430007 checksum: sha256:0be11faec5810961b3b5b2f0e8a54c4628b62bb2bec4e282f47682c4be0cef64 name: gmp evr: 1:6.1.2-11.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/g/gnutls-3.6.16-8.el8_10.3.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/g/gnutls-3.6.16-8.el8_10.4.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 5774773 - checksum: sha256:e3dc1e166a626f8ff303c9d9a260d4a1ac68cd2a62d28bfec51d6b1aa3670053 + size: 5783117 + checksum: sha256:62b0fb59ca7babdf1f2558c69ff1ceb67358d455bbf107d32db851f0af8ef185 name: gnutls - evr: 3.6.16-8.el8_10.3 + evr: 3.6.16-8.el8_10.4 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/g/grep-3.1-6.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 1412532 @@ -5467,12 +5467,12 @@ arches: checksum: sha256:a139e44850d9210e2a662e676dd57a6a40323b1744a14be7a87221f8e36cffe5 name: libsigsegv evr: 2.11-5.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/l/libssh-0.9.6-14.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/l/libssh-0.9.6-16.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 1151415 - checksum: sha256:a04fb32a5bdaf33053918c3c931891fe7415a8ace08069b74d055931413056eb + size: 1151564 + checksum: sha256:71e885a125f15dbbce25f515cc80bd2df63a93c904e0b71c5645d27c18c9f98c name: libssh - evr: 0.9.6-14.el8 + evr: 0.9.6-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/l/libtasn1-4.13-5.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 1968290 @@ -5563,12 +5563,12 @@ arches: checksum: sha256:42a8826001f6a49c1385746f1c5ef3967c3f15fe6fa510fe001d5a232732661a name: openldap evr: 2.4.46-21.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/o/openssl-1.1.1k-14.el8_6.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/o/openssl-1.1.1k-14.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 7741480 - checksum: sha256:c97b10d6a034e025a19ec8443ef7c80755e3a407fe29a77dda95af958b199eed + size: 7743036 + checksum: sha256:01ef6da2173fdd58138e983a69f7213698673c3eddb23539d4876eaca0efc07d name: openssl - evr: 1:1.1.1k-14.el8_6 + evr: 1:1.1.1k-14.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/o/openssl-pkcs11-0.4.10-3.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 520347 @@ -5581,12 +5581,12 @@ arches: checksum: sha256:9dece924ffd6e5698e7cb865f01976d7786b8c3cc65e743cf9ce3a856baff95e name: p11-kit evr: 0.23.22-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/p/pam-1.3.1-38.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/p/pam-1.3.1-39.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 1183015 - checksum: sha256:868a69dca0a6655a20c150bff64b3fdb058a9b9ee763094ff4b70052d9db6c74 + size: 1185014 + checksum: sha256:dbbbd55c9700e19c59e4e425a6b6f08eb4cb77f68967e773b318a8dfbdfdfb93 name: pam - evr: 1.3.1-38.el8_10 + evr: 1.3.1-39.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/p/pcre-8.42-6.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 1617186 @@ -5821,12 +5821,12 @@ arches: checksum: sha256:b43436849f8b9fa3dfe8e42e87e814906f0cae191f9d159ea24ec9732d379d58 name: rpm evr: 4.14.3-32.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/s/s390utils-2.29.0-3.el8_10.1.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/s/s390utils-2.29.0-3.el8_10.3.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 27794480 - checksum: sha256:88de35447426a307ee5aa62abf6ed34c2c5907c3d7bea5aa4147c84352d07779 + size: 27795142 + checksum: sha256:ee27d86404b429c452229c5e70454c4d603efd184f73ee5b4b4ad14cc78e0975 name: s390utils - evr: 2:2.29.0-3.el8_10.1 + evr: 2:2.29.0-3.el8_10.3 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/s/sed-4.5-5.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 1358944 @@ -5845,12 +5845,12 @@ arches: checksum: sha256:8ac8582cec218ef4a39e3b89ad24903b141bf0e1290036711e9ecda5b9df7bc8 name: sg3_utils evr: 1.44-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/s/shadow-utils-4.6-22.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/s/shadow-utils-4.6-23.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 1845120 - checksum: sha256:140a4273738ea9cfd1fc5627ebd66ad1696a5e3c959092b41bf5dc6d7657d8a6 + size: 1845199 + checksum: sha256:1f73218c7981d0fe5008adfb4b8460626ba2dfe43c4075f50045c48f8d9e30cd name: shadow-utils - evr: 2:4.6-22.el8 + evr: 2:4.6-23.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/s/shared-mime-info-1.9-4.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 644720 @@ -5863,12 +5863,12 @@ arches: checksum: sha256:26dc49ea369dc145166e0a3959cc132f45e3345b99a75420c8932af24f44668c name: sqlite evr: 3.26.0-20.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/s/systemd-239-82.el8_10.5.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/s/systemd-239-82.el8_10.8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 9161850 - checksum: sha256:a20ae7bd2f13fd756b2389ec6ba6f84e6a9be28df01b5a7d04dab93b492a0eab + size: 9188443 + checksum: sha256:a3ade60f73bb3137b94ac38205c321511b70e2bf61b79e2a25e31015fb415844 name: systemd - evr: 239-82.el8_10.5 + evr: 239-82.el8_10.8 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/t/tar-1.30-11.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 2173356 @@ -5887,18 +5887,18 @@ arches: checksum: sha256:ad79eab11673ac2f172276a993d98f2bf98c77728863f656d7cc0ab595d5b593 name: trousers evr: 0.3.15-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/t/tzdata-2025b-1.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/t/tzdata-2025c-1.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 946701 - checksum: sha256:2f0ba51d371713287a690d9d1635b534113258aa2571862603d52870c1c8b60d + size: 960798 + checksum: sha256:c9798a08b98344921713d3183bda98727df494d83f96924604b6b755ddc30f61 name: tzdata - evr: 2025b-1.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/u/util-linux-2.32.1-46.el8.src.rpm + evr: 2025c-1.el8 + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/u/util-linux-2.32.1-47.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 4816801 - checksum: sha256:3fb688481dd062d917d8119cd64582a9e6ffa6736a6dbbf956d038a9115c6004 + size: 4817466 + checksum: sha256:e10e379f1386bdd6315e20cf735616747690c137ada562f47da85ca90ea966ee name: util-linux - evr: 2.32.1-46.el8 + evr: 2.32.1-47.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/x/xz-5.2.4-4.el8_6.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 1077113 @@ -5918,10 +5918,10 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/repodata/f2f15bde67390b71c590a505a54289eff00142444fa9d833b9b3256abf0318c4-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/repodata/ee9767f45e91c28b36f93c262da80185cba75b530b6fd4f4e8103b16be4e079b-modules.yaml.gz repoid: rhel-8-for-s390x-appstream-rpms - size: 733651 - checksum: sha256:f2f15bde67390b71c590a505a54289eff00142444fa9d833b9b3256abf0318c4 + size: 756364 + checksum: sha256:ee9767f45e91c28b36f93c262da80185cba75b530b6fd4f4e8103b16be4e079b - arch: x86_64 packages: - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/Packages/j/jq-1.6-11.el8_10.x86_64.rpm @@ -5945,20 +5945,20 @@ arches: name: oniguruma evr: 6.8.2-3.el8 sourcerpm: oniguruma-6.8.2-3.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/Packages/p/postgresql-15.14-1.module+el8.10.0+23423+5a199198.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/Packages/p/postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.x86_64.rpm repoid: rhel-8-for-x86_64-appstream-rpms - size: 1813083 - checksum: sha256:c2cf4c01ed074e4516957fb5f846e667b47a5743d99897713906f0d45290477f + size: 1825339 + checksum: sha256:f2a10392b2b79daaa1d16f10792f51abe4d1a2bbb1478827fd96a2d70b943d52 name: postgresql - evr: 15.14-1.module+el8.10.0+23423+5a199198 - sourcerpm: postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/Packages/p/postgresql-private-libs-15.14-1.module+el8.10.0+23423+5a199198.x86_64.rpm + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 + sourcerpm: postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/Packages/p/postgresql-private-libs-15.15-1.module+el8.10.0+23782+2d6b2a31.x86_64.rpm repoid: rhel-8-for-x86_64-appstream-rpms - size: 135811 - checksum: sha256:81a9c927ccdca57c8087daebdda3727b4324089c86da2f748b567d200b4b17a4 + size: 136383 + checksum: sha256:895d79b877c063d33ef9806403e5a70815e7c5720556dd93b1aa3d041b1703e8 name: postgresql-private-libs - evr: 15.14-1.module+el8.10.0+23423+5a199198 - sourcerpm: postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 + sourcerpm: postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/Packages/x/xkeyboard-config-2.28-1.el8.noarch.rpm repoid: rhel-8-for-x86_64-appstream-rpms size: 801000 @@ -6008,13 +6008,13 @@ arches: name: bzip2-libs evr: 1.0.6-28.el8_10 sourcerpm: bzip2-1.0.6-28.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/c/ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.noarch.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/c/ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.noarch.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 1006212 - checksum: sha256:5b97c63d4978f82a8d73cb83c81c438d69309bc929d35c6bebf5868f128da13f + size: 1048264 + checksum: sha256:01d249b3d9889ab05adea246a1e84571e817013e06b24bbfc4bb42a1d7d8aa50 name: ca-certificates - evr: 2024.2.69_v8.0.303-80.0.el8_10 - sourcerpm: ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.src.rpm + evr: 2025.2.80_v9.0.304-80.2.el8_10 + sourcerpm: ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/c/chkconfig-1.19.2-1.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 203364 @@ -6022,20 +6022,20 @@ arches: name: chkconfig evr: 1.19.2-1.el8 sourcerpm: chkconfig-1.19.2-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/c/coreutils-8.30-15.el8.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/c/coreutils-8.30-16.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 1274536 - checksum: sha256:c7e02ffc3471e2d7ea8fbf19f1800742eeb0ea729ab6ec5796b1c9e1f65c1ef6 + size: 1272924 + checksum: sha256:83ad90c54f099ce9a4f1df020dbd6169e56b52dd6fc14583eb88c3cf4cdb162a name: coreutils - evr: 8.30-15.el8 - sourcerpm: coreutils-8.30-15.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/c/coreutils-common-8.30-15.el8.x86_64.rpm + evr: 8.30-16.el8_10 + sourcerpm: coreutils-8.30-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/c/coreutils-common-8.30-16.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 2092844 - checksum: sha256:f916e02672303e038ed39fee2bba94096db4d87d9ea061b1aba0e95930ecc28f + size: 2091880 + checksum: sha256:3a948401c294eb75b1399f82509b5590262894df4d51890dfb56045d9b2906e7 name: coreutils-common - evr: 8.30-15.el8 - sourcerpm: coreutils-8.30-15.el8.src.rpm + evr: 8.30-16.el8_10 + sourcerpm: coreutils-8.30-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/c/cpio-2.12-11.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 272056 @@ -6078,13 +6078,13 @@ arches: name: cryptsetup-libs evr: 2.3.7-7.el8 sourcerpm: cryptsetup-2.3.7-7.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/c/curl-7.61.1-34.el8_10.3.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/c/curl-7.61.1-34.el8_10.9.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 362392 - checksum: sha256:9982a2c567a50bdadee162a853d77b6c556fb4d2b2483c9c21197ed8af706327 + size: 362072 + checksum: sha256:80a15ee8d048cc81629020d2ad8c4037e63eb6c8d06017c7e8b2109751e7425d name: curl - evr: 7.61.1-34.el8_10.3 - sourcerpm: curl-7.61.1-34.el8_10.3.src.rpm + evr: 7.61.1-34.el8_10.9 + sourcerpm: curl-7.61.1-34.el8_10.9.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/c/cyrus-sasl-lib-2.1.27-6.el8_5.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 126324 @@ -6148,13 +6148,13 @@ arches: name: diffutils evr: 3.6-6.el8 sourcerpm: diffutils-3.6-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/d/dracut-049-237.git20250603.el8_10.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/d/dracut-049-239.git20251127.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 389684 - checksum: sha256:8f3e8df550a96923e1ab3d1004c10a640d7218a1242d9a59fdd88c86707e8cc4 + size: 388772 + checksum: sha256:02e50ff63cdfd01e3a2b9f6b83efb3ea20ec35aa65c632b6f2dd9dfd343f7bc0 name: dracut - evr: 049-237.git20250603.el8_10 - sourcerpm: dracut-049-237.git20250603.el8_10.src.rpm + evr: 049-239.git20251127.el8_10 + sourcerpm: dracut-049-239.git20251127.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/e/elfutils-debuginfod-client-0.190-2.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 77672 @@ -6183,27 +6183,27 @@ arches: name: elfutils-libs evr: 0.190-2.el8 sourcerpm: elfutils-0.190-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/e/expat-2.2.5-17.el8_10.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/e/expat-2.5.0-1.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 117960 - checksum: sha256:d01df6f542762d94bd73a87f61d19fb98a6304eb9a2eb114a872a91d3312ea34 + size: 134428 + checksum: sha256:ea9b034a79279668a1eca4be141617e6a9f04ffc616033f035380f80c073837a name: expat - evr: 2.2.5-17.el8_10 - sourcerpm: expat-2.2.5-17.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/f/file-5.33-26.el8.x86_64.rpm + evr: 2.5.0-1.el8_10 + sourcerpm: expat-2.5.0-1.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/f/file-5.33-27.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 79320 - checksum: sha256:620ff70a4c50745bb242153f0a13ac4cc43b61ebbd0cd817e984efd2966ce1c9 + size: 79492 + checksum: sha256:a9775db69d9c918e3f8d311ee94b5543ea53ebce9aa69020cfa3fcd284d39c4e name: file - evr: 5.33-26.el8 - sourcerpm: file-5.33-26.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/f/file-libs-5.33-26.el8.x86_64.rpm + evr: 5.33-27.el8_10 + sourcerpm: file-5.33-27.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/f/file-libs-5.33-27.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 557180 - checksum: sha256:3576169d440647ebfbcdda7bdd53c250a1fba14c7c1cad6e96a58e8f7e6b7ab9 + size: 557336 + checksum: sha256:a7d04bca397f96e138713668a6172822dbb952368d67bccb6286fde7b11b3bec name: file-libs - evr: 5.33-26.el8 - sourcerpm: file-5.33-26.el8.src.rpm + evr: 5.33-27.el8_10 + sourcerpm: file-5.33-27.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/f/filesystem-3.8-6.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 1135804 @@ -6211,13 +6211,13 @@ arches: name: filesystem evr: 3.8-6.el8 sourcerpm: filesystem-3.8-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/f/findutils-4.6.0-23.el8_10.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/f/findutils-4.6.0-24.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 540248 - checksum: sha256:cb645de7da1bd495a6df969de4b0f84f10ccf8d299c26099f1cd9075ed9c32cb + size: 538912 + checksum: sha256:d41cc52d67548b14a2cb4984073bbf4c6451126e5f11bf51c6e61565439ab0c7 name: findutils - evr: 1:4.6.0-23.el8_10 - sourcerpm: findutils-4.6.0-23.el8_10.src.rpm + evr: 1:4.6.0-24.el8_10 + sourcerpm: findutils-4.6.0-24.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/gawk-4.2.1-4.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 1190704 @@ -6253,41 +6253,41 @@ arches: name: gettext-libs evr: 0.19.8.1-17.el8 sourcerpm: gettext-0.19.8.1-17.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glib2-2.56.4-166.el8_10.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glib2-2.56.4-167.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 2616140 - checksum: sha256:4263704506f6bfb3de7bdad1442c52b90aad11ae483bc8b6fd2ba0d0d58f7fe8 + size: 2614852 + checksum: sha256:c3f59a03d02b1ee00cca137485a66b63842e395eca465f0663426ac6933bd6ff name: glib2 - evr: 2.56.4-166.el8_10 - sourcerpm: glib2-2.56.4-166.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-2.28-251.el8_10.25.x86_64.rpm + evr: 2.56.4-167.el8_10 + sourcerpm: glib2-2.56.4-167.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-2.28-251.el8_10.27.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 2307440 - checksum: sha256:67268caded60da2761ad9129cc5e137a9354ec3d82cf04faff37aad6f4aac5cd + size: 2307356 + checksum: sha256:73f2be29dc8efc28f1952424f8ca93caff70758be821eef76a3a19bd8b27eae8 name: glibc - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.25.x86_64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.27.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 26776648 - checksum: sha256:259cabde2b4fe5c56e3d40eaa64cbe7d699f717b5342cdd7b78ae162fe40cb02 + size: 26777212 + checksum: sha256:b1e3db05ee8fcf0d849376022537dd306aa2b11919cc06c7a9f1521b0a020102 name: glibc-all-langpacks - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.25.x86_64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.27.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 1052268 - checksum: sha256:81b4674165aaf00314eb2d0543e015c98f0429f8ae6f0f9115061af4db8754fa + size: 1052412 + checksum: sha256:1ae6a4a88193309d4074744e4a21402c6b10f886d24564108024addc3dfa3ab8 name: glibc-common - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.25.x86_64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.27.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 1626580 - checksum: sha256:d5b12f8689cc4c880cbe0b68c241d08b762736286f7cd228c681f9353a167f38 + size: 1628144 + checksum: sha256:7cb343f85ab0aff5caeddf596474908e136088704c7c90f745bcda6aa8dd29cd name: glibc-gconv-extra - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/gmp-6.1.2-11.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 325760 @@ -6295,13 +6295,13 @@ arches: name: gmp evr: 1:6.1.2-11.el8 sourcerpm: gmp-6.1.2-11.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/gnutls-3.6.16-8.el8_10.3.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/gnutls-3.6.16-8.el8_10.4.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 1043200 - checksum: sha256:a38e3151ae2430ff3b2baf87dfcf900ca290881dbfc7c61c3a651dbe3cb944b7 + size: 1041476 + checksum: sha256:34d4938f45b708dc7ebbfa7ce459252c705510ebb2541b4a16c89e0a0a1024b9 name: gnutls - evr: 3.6.16-8.el8_10.3 - sourcerpm: gnutls-3.6.16-8.el8_10.3.src.rpm + evr: 3.6.16-8.el8_10.4 + sourcerpm: gnutls-3.6.16-8.el8_10.4.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/grep-3.1-6.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 280356 @@ -6309,27 +6309,27 @@ arches: name: grep evr: 3.1-6.el8 sourcerpm: grep-3.1-6.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/grub2-common-2.02-167.el8_10.noarch.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/grub2-common-2.02-169.el8_10.noarch.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 919308 - checksum: sha256:54f4de37148044c83b997c6bea4bc7f222f6fda272347f7fa4907ff0eef5d29e + size: 918448 + checksum: sha256:4439fe4a6403508b74d5d8913543a74195411f69acbc81213ca32e5645939004 name: grub2-common - evr: 1:2.02-167.el8_10 - sourcerpm: grub2-2.02-167.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/grub2-tools-2.02-167.el8_10.x86_64.rpm + evr: 1:2.02-169.el8_10 + sourcerpm: grub2-2.02-169.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/grub2-tools-2.02-169.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 2090956 - checksum: sha256:ad3753978e2a948f0fd86bf9c1fee59ab9b9cbaaeee762b713f1b6414a768025 + size: 2090060 + checksum: sha256:f5d4afedb52f80b63712b765e3207334ffeafdd95115b09222f283aa1e428711 name: grub2-tools - evr: 1:2.02-167.el8_10 - sourcerpm: grub2-2.02-167.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/grub2-tools-minimal-2.02-167.el8_10.x86_64.rpm + evr: 1:2.02-169.el8_10 + sourcerpm: grub2-2.02-169.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/grub2-tools-minimal-2.02-169.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 221712 - checksum: sha256:2b989e671f34313f39e5481afcf09dc72325022e0f62de29d8ae92feca3131c6 + size: 220844 + checksum: sha256:c659e85e2f20340e9251dcbaf2cbf9f3c2eb12cfc5667d7f17f106e4a66592c0 name: grub2-tools-minimal - evr: 1:2.02-167.el8_10 - sourcerpm: grub2-2.02-167.el8_10.src.rpm + evr: 1:2.02-169.el8_10 + sourcerpm: grub2-2.02-169.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/grubby-8.40-49.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 51660 @@ -6442,13 +6442,13 @@ arches: name: libattr evr: 2.4.48-3.el8 sourcerpm: attr-2.4.48-3.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libblkid-2.32.1-46.el8.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libblkid-2.32.1-47.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 226324 - checksum: sha256:4d03b6b8d7c80936ea81b1d0cfa1b65a995a931819e1e9991fdd2c52b44756da + size: 225348 + checksum: sha256:d20de50e05c6c7a6a3232c57ba69a2e62d0aebe4ebe5540f6b4776eb762465a8 name: libblkid - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libcap-2.48-6.el8_9.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 76264 @@ -6463,13 +6463,13 @@ arches: name: libcap-ng evr: 0.7.11-1.el8 sourcerpm: libcap-ng-0.7.11-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libcom_err-1.45.6-6.el8_10.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libcom_err-1.45.6-7.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 50708 - checksum: sha256:6e5cf114792ff8009914134c5168f7f38a11c1a6debe84d9966c3c48415e5ec1 + size: 49688 + checksum: sha256:41cf8fba1811352ca28838e0f401af390cb58e8572df792daf1c24fb5fa06e07 name: libcom_err - evr: 1.45.6-6.el8_10 - sourcerpm: e2fsprogs-1.45.6-6.el8_10.src.rpm + evr: 1.45.6-7.el8_10 + sourcerpm: e2fsprogs-1.45.6-7.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libcroco-0.6.12-4.el8_2.1.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 115260 @@ -6477,13 +6477,13 @@ arches: name: libcroco evr: 0.6.12-4.el8_2.1 sourcerpm: libcroco-0.6.12-4.el8_2.1.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libcurl-7.61.1-34.el8_10.3.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libcurl-7.61.1-34.el8_10.9.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 311596 - checksum: sha256:0642990d55ecd1cda963404cf8dcc7776302722a68bceabd610339a92660d52f + size: 311308 + checksum: sha256:7afd52dae8ea3545897e5d83e47668472a5434200f696ee7755be6a4ecf96608 name: libcurl - evr: 7.61.1-34.el8_10.3 - sourcerpm: curl-7.61.1-34.el8_10.3.src.rpm + evr: 7.61.1-34.el8_10.9 + sourcerpm: curl-7.61.1-34.el8_10.9.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libdb-5.3.28-42.el8_4.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 769444 @@ -6498,13 +6498,13 @@ arches: name: libdb-utils evr: 5.3.28-42.el8_4 sourcerpm: libdb-5.3.28-42.el8_4.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libfdisk-2.32.1-46.el8.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libfdisk-2.32.1-47.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 260128 - checksum: sha256:e7793c66af8f2cdd7893527bc81971e50f985f27c67dc22bbf118e3e0468f1a9 + size: 259176 + checksum: sha256:93d94607b800a70cffe242fdaf13ebcf9a62eb77aa98564bab7087f86a8e0832 name: libfdisk - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libffi-3.1-24.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 38584 @@ -6561,13 +6561,13 @@ arches: name: libkcapi-hmaccalc evr: 1.4.0-2.el8 sourcerpm: libkcapi-1.4.0-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libmount-2.32.1-46.el8.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libmount-2.32.1-47.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 242716 - checksum: sha256:eff5e4d50998b9f7ecfcea058cc0bebde00b2d792ab198072ac8bb165deabb0c + size: 241732 + checksum: sha256:c92289f2e195e15fece08617be1d675abfd513109a0bd14c5cf45fcd68fb84a9 name: libmount - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libnghttp2-1.33.0-6.el8_10.1.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 80224 @@ -6631,27 +6631,27 @@ arches: name: libsigsegv evr: 2.11-5.el8 sourcerpm: libsigsegv-2.11-5.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libsmartcols-2.32.1-46.el8.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libsmartcols-2.32.1-47.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 184132 - checksum: sha256:69598308df2327d9bca762c9d52041fa9837d51984f8bbc13e16016d49af8273 + size: 183072 + checksum: sha256:7203046a7bbf0c72965933901614a682a220800c43f69748f8a4cb209193061c name: libsmartcols - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libssh-0.9.6-14.el8.x86_64.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libssh-0.9.6-16.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 225336 - checksum: sha256:3acf41aee9f1bf30fbf498becb44a695209e4fe3172354c1ee4796cdf6dd05b4 + size: 224400 + checksum: sha256:752f11a5a8d6e9218427504dd49a42c0deb897665a7abf31306877d3568ef0bb name: libssh - evr: 0.9.6-14.el8 - sourcerpm: libssh-0.9.6-14.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libssh-config-0.9.6-14.el8.noarch.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libssh-config-0.9.6-16.el8_10.noarch.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 21548 - checksum: sha256:e8281fb82a512c0bbfdd4bbd0f7f9657fce2ad547189fb93d0a0bf814173a2a4 + size: 20644 + checksum: sha256:2471adc5113ee9a2ff70bbbd3c9ef2a8d63e2da99bcfb00566b0869b2f037d27 name: libssh-config - evr: 0.9.6-14.el8 - sourcerpm: libssh-0.9.6-14.el8.src.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libstdc++-8.5.0-28.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 485052 @@ -6687,13 +6687,13 @@ arches: name: libutempter evr: 1.1.6-14.el8 sourcerpm: libutempter-1.1.6-14.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libuuid-2.32.1-46.el8.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libuuid-2.32.1-47.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 101656 - checksum: sha256:5f24ded4d1436da0fef69b6c9288768ce41e1d2caf4849c49426e06d5212f5af + size: 100768 + checksum: sha256:9ba65072e9949c2c6dfa85b8daa36292264f4c3e6a35a515b6ef572d3405aaba name: libuuid - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libverto-0.3.2-2.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 24636 @@ -6785,20 +6785,20 @@ arches: name: openldap evr: 2.4.46-21.el8_10 sourcerpm: openldap-2.4.46-21.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/o/openssl-1.1.1k-14.el8_6.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/o/openssl-1.1.1k-14.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 728108 - checksum: sha256:a8e4ff3346cfa24713f54d2a9e2b53ad7f3c9d84a6c639ba2150b7cb09550af0 + size: 727084 + checksum: sha256:53536a8f76a30cb67a288dc7c9ded095e5bb1976fd11d113101c932b2878ca6b name: openssl - evr: 1:1.1.1k-14.el8_6 - sourcerpm: openssl-1.1.1k-14.el8_6.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/o/openssl-libs-1.1.1k-14.el8_6.x86_64.rpm + evr: 1:1.1.1k-14.el8_10 + sourcerpm: openssl-1.1.1k-14.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/o/openssl-libs-1.1.1k-14.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 1542788 - checksum: sha256:5c87e7ec6269dbe1ec4922adc4016b5117fd5ecf8177015e76f471699f0de5f1 + size: 1541912 + checksum: sha256:0a28a74fb4b00d923b8d495c8875f6ffaeb7fee5b23388b42d2e3583c4b88be0 name: openssl-libs - evr: 1:1.1.1k-14.el8_6 - sourcerpm: openssl-1.1.1k-14.el8_6.src.rpm + evr: 1:1.1.1k-14.el8_10 + sourcerpm: openssl-1.1.1k-14.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/o/openssl-pkcs11-0.4.10-3.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 67740 @@ -6827,13 +6827,13 @@ arches: name: p11-kit-trust evr: 0.23.22-2.el8 sourcerpm: p11-kit-0.23.22-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/p/pam-1.3.1-38.el8_10.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/p/pam-1.3.1-39.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 766432 - checksum: sha256:b81e74975a11ce17f0ab9ccf40ddfafa7f942b1f6b729c62eeb0b3692811bd8c + size: 766824 + checksum: sha256:55f3b294c9a4fbfaea0353a5ed38d15fb87fb9ca79f6cbfe4238923bd76cf4f3 name: pam - evr: 1.3.1-38.el8_10 - sourcerpm: pam-1.3.1-38.el8_10.src.rpm + evr: 1.3.1-39.el8_10 + sourcerpm: pam-1.3.1-39.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/p/pcre-8.42-6.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 215668 @@ -6967,13 +6967,13 @@ arches: name: setup evr: 2.12.2-9.el8 sourcerpm: setup-2.12.2-9.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/s/shadow-utils-4.6-22.el8.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/s/shadow-utils-4.6-23.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 1292332 - checksum: sha256:ea73ee201451bbca0d6d14ca434c93800f01c8fb1b9daef727a5af1a27356d07 + size: 1292212 + checksum: sha256:14c51c9595e5af1b0949b230b03fd83becd05560f6e380a737436246d267b9a5 name: shadow-utils - evr: 2:4.6-22.el8 - sourcerpm: shadow-utils-4.6-22.el8.src.rpm + evr: 2:4.6-23.el8_10 + sourcerpm: shadow-utils-4.6-23.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/s/shared-mime-info-1.9-4.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 336852 @@ -6988,34 +6988,34 @@ arches: name: sqlite-libs evr: 3.26.0-20.el8_10 sourcerpm: sqlite-3.26.0-20.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/s/systemd-239-82.el8_10.5.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/s/systemd-239-82.el8_10.8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 3825744 - checksum: sha256:116ad89ce7a4368e19e1a22f07fb5e6d1c5227fc8eee708f2df697b68c77d6e5 + size: 3828188 + checksum: sha256:f4610daaffe36789deafdead6dfb621e1e722b151541bf259bffcaf892ce9bb2 name: systemd - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/s/systemd-libs-239-82.el8_10.5.x86_64.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/s/systemd-libs-239-82.el8_10.8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 1196408 - checksum: sha256:064b35388b6c188002193500c53fbee2e7d4bb754810d62cdf37883d4361df94 + size: 1197600 + checksum: sha256:d77b012f317bb7736f25e2b03bc912f983bb265c4447890eb41a009ce3f5fa56 name: systemd-libs - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/s/systemd-pam-239-82.el8_10.5.x86_64.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/s/systemd-pam-239-82.el8_10.8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 526292 - checksum: sha256:35fe48ea4c2fc1b364b901b42a432b9fd1fb4edece973aca8a6e4773b04cf0a3 + size: 527476 + checksum: sha256:41a9be02b2a65f87bdf1546a3a034c5cd5aea85e187e9e1bc45efbe30897b3ee name: systemd-pam - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/s/systemd-udev-239-82.el8_10.5.x86_64.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/s/systemd-udev-239-82.el8_10.8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 1663872 - checksum: sha256:a55541d2ba40e1a2ae356e6135f71dbf95d60e9c1545a7d51074709fbb466c0e + size: 1665148 + checksum: sha256:c6b70e68144dc63475ef6bc43eb1483dd9b06b56929d1d22f660ebfe871f487b name: systemd-udev - evr: 239-82.el8_10.5 - sourcerpm: systemd-239-82.el8_10.5.src.rpm + evr: 239-82.el8_10.8 + sourcerpm: systemd-239-82.el8_10.8.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/t/trousers-0.3.15-2.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 156324 @@ -7030,20 +7030,20 @@ arches: name: trousers-lib evr: 0.3.15-2.el8 sourcerpm: trousers-0.3.15-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/t/tzdata-2025b-1.el8.noarch.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/t/tzdata-2025c-1.el8.noarch.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 488428 - checksum: sha256:338539f7f0cd2770694153af81e2e65121b050a1bb555ad66a6fb6f562732602 + size: 560812 + checksum: sha256:e4b6cf905fb2111d9a45c3b6b95f6e0c5199bf9b3d576f2a06b4dcb49a63d55e name: tzdata - evr: 2025b-1.el8 - sourcerpm: tzdata-2025b-1.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/u/util-linux-2.32.1-46.el8.x86_64.rpm + evr: 2025c-1.el8 + sourcerpm: tzdata-2025c-1.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/u/util-linux-2.32.1-47.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 2597616 - checksum: sha256:1accef88d06655139903a7b4aa6a01cab62b3c899a93d297cb7ac92a476abed6 + size: 2596592 + checksum: sha256:4861ff37cf00bd0bab78a81004dfed1e7b0ee5355403510b9e78e2a90fc7226c name: util-linux - evr: 2.32.1-46.el8 - sourcerpm: util-linux-2.32.1-46.el8.src.rpm + evr: 2.32.1-47.el8_10 + sourcerpm: util-linux-2.32.1-47.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/w/which-2.21-21.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 51220 @@ -7091,12 +7091,12 @@ arches: checksum: sha256:31cd372131f6eb404ce90285210fd74021914b4eb52e933b2aeebfa955099faa name: oniguruma evr: 6.8.2-3.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/source/SRPMS/Packages/p/postgresql-15.14-1.module+el8.10.0+23423+5a199198.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/source/SRPMS/Packages/p/postgresql-15.15-1.module+el8.10.0+23782+2d6b2a31.src.rpm repoid: rhel-8-for-x86_64-appstream-source-rpms - size: 53572917 - checksum: sha256:4a2c66b6b48cbf761ed5d454022f80fd6e63f89a84f095dac2683663960e9272 + size: 45654458 + checksum: sha256:30795de4ed7a01becc64ee50796e7c76b9195ff1eed0a341b279aeb3e4b15527 name: postgresql - evr: 15.14-1.module+el8.10.0+23423+5a199198 + evr: 15.15-1.module+el8.10.0+23782+2d6b2a31 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/source/SRPMS/Packages/x/xkeyboard-config-2.28-1.el8.src.rpm repoid: rhel-8-for-x86_64-appstream-source-rpms size: 1699339 @@ -7145,24 +7145,24 @@ arches: checksum: sha256:9c1d697f675f5889c57e7f983afa4b3e3f6e2334887ded9d7c10c5a205d1b06a name: bzip2 evr: 1.0.6-28.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/c/ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/c/ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 715540 - checksum: sha256:a066b501d49019ad53d7a8bd7badd1b073f317e406561f0cfad59b7bdfaba0a6 + size: 742547 + checksum: sha256:879547af21a33e8e0a2356bc7cbd8c4fdc17d4830fbcadbf9aac1cfbbcf140f5 name: ca-certificates - evr: 2024.2.69_v8.0.303-80.0.el8_10 + evr: 2025.2.80_v9.0.304-80.2.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/c/chkconfig-1.19.2-1.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 221618 checksum: sha256:7cf522c35fa5a5906c8c793ece9e599e80aba6c37d3f57afbf436c9abb8629c6 name: chkconfig evr: 1.19.2-1.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/c/coreutils-8.30-15.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/c/coreutils-8.30-16.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 5550193 - checksum: sha256:8e6d8f3d8929cfd896c09a6d7ebfdd0d78fd028169042f7df9e35803189e4eee + size: 5552304 + checksum: sha256:a765698d09c82865c7b71c2125273ed393aee734cdb2a999458bbbed9ccfe098 name: coreutils - evr: 8.30-15.el8 + evr: 8.30-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/c/cpio-2.12-11.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 1312438 @@ -7187,12 +7187,12 @@ arches: checksum: sha256:21bb087ab9a3d64c89295a1bd45b5e5b6189832a972d4b3ddccb2ff5437ac2ed name: cryptsetup evr: 2.3.7-7.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/c/curl-7.61.1-34.el8_10.3.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/c/curl-7.61.1-34.el8_10.9.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 2629169 - checksum: sha256:da74fbd455075a1e124a5251e17946c0a2c8b8bd023e349d0c52b3cee8e3d37c + size: 2637559 + checksum: sha256:b69dcfee680f356433e48929a3b447b72d6e99bf8ad61b5a6c9ac2eededf87cd name: curl - evr: 7.61.1-34.el8_10.3 + evr: 7.61.1-34.el8_10.9 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/c/cyrus-sasl-2.1.27-6.el8_5.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 4032772 @@ -7217,48 +7217,48 @@ arches: checksum: sha256:1308e782ad4f9b17a5cbbac9734be496948db857de7458b3388645bf1786892d name: diffutils evr: 3.6-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/d/dracut-049-237.git20250603.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/d/dracut-049-239.git20251127.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 584456 - checksum: sha256:82c025577bb9b0b42696376d7db8a9e2271995d8b42ab79af42911863b7928d0 + size: 585830 + checksum: sha256:559705b03309fdae2474df8798242da457ed1dd7d4014c37462188975bb3bf2e name: dracut - evr: 049-237.git20250603.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/e/e2fsprogs-1.45.6-6.el8_10.src.rpm + evr: 049-239.git20251127.el8_10 + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/e/e2fsprogs-1.45.6-7.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 5677469 - checksum: sha256:2e1f498b0924f164c828a6779756a00a7c69992e0ea90161e5b05270c0232716 + size: 5680546 + checksum: sha256:7adebb4cf95886f8dc9cdfa518378ba4609a2f9800782b8330ca5ddf4409d3bf name: e2fsprogs - evr: 1.45.6-6.el8_10 + evr: 1.45.6-7.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/e/elfutils-0.190-2.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 9288737 checksum: sha256:54fe49a6fd4f87d6fd594b62c465105fc3efab05a1ffcc216f053c277ab619bf name: elfutils evr: 0.190-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/e/expat-2.2.5-17.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/e/expat-2.5.0-1.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 8345318 - checksum: sha256:41de03fcbf3a8f7fa42e7017058ae0186e98a0e448ce01772de7af0a856a749d + size: 8388946 + checksum: sha256:566456bc755b628dc5a4ce77b6a643769165202f0ddd852ba73dd9512b994d2b name: expat - evr: 2.2.5-17.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/f/file-5.33-26.el8.src.rpm + evr: 2.5.0-1.el8_10 + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/f/file-5.33-27.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 899551 - checksum: sha256:1bdcfa5032e3ef5ff5f9f72233b6c9c67c0c7ff994a04df131d3b64b213b99cb + size: 900161 + checksum: sha256:f6996986985a11cebdb085b30dc7281eb320ee6234fa12ae43e39cd2d1de1afc name: file - evr: 5.33-26.el8 + evr: 5.33-27.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/f/filesystem-3.8-6.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 37286 checksum: sha256:113b7c5e28cc1d44e21c564c17d8c592a3f8a20b4c268cdaad6a407dee4d1540 name: filesystem evr: 3.8-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/f/findutils-4.6.0-23.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/f/findutils-4.6.0-24.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 3831527 - checksum: sha256:28510e1bb0c939d1b945f889611cf572e03ee18faaa5bff6f0ad203fd696fb29 + size: 3832656 + checksum: sha256:4ee9287c4f007ef160f3e2f61ddd3d6ff75dfa82ab99ba27f5c6ca673d97d529 name: findutils - evr: 1:4.6.0-23.el8_10 + evr: 1:4.6.0-24.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/gawk-4.2.1-4.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 3036497 @@ -7283,42 +7283,42 @@ arches: checksum: sha256:114be9b072a7726f2ac557fda6b8a86254ae3b7ed984ed14cfa7733bea9005d4 name: gettext evr: 0.19.8.1-17.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/glib2-2.56.4-166.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/glib2-2.56.4-167.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 7164223 - checksum: sha256:1c3428c7032aa0ba80754efd2b97d1e3b432eb151ed9de4db7a09ad96e5ecd33 + size: 7164394 + checksum: sha256:80ee50b39aa478e1503dbd18626df91a023d30e3f9b6fb588fa82e6ce2b5972e name: glib2 - evr: 2.56.4-166.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.25.src.rpm + evr: 2.56.4-167.el8_10 + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.27.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 18515112 - checksum: sha256:cf4f9d4cf5af467b7c42faedc1b12e6457e8d0fee07cedb9e122e6ba52d86938 + size: 18525139 + checksum: sha256:c3f8d7e92cffbd4e81c33871b5c55034b3f11c7417e6d84805a67e52cc6ebec1 name: glibc - evr: 2.28-251.el8_10.25 + evr: 2.28-251.el8_10.27 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/gmp-6.1.2-11.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 2430007 checksum: sha256:0be11faec5810961b3b5b2f0e8a54c4628b62bb2bec4e282f47682c4be0cef64 name: gmp evr: 1:6.1.2-11.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/gnutls-3.6.16-8.el8_10.3.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/gnutls-3.6.16-8.el8_10.4.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 5774773 - checksum: sha256:e3dc1e166a626f8ff303c9d9a260d4a1ac68cd2a62d28bfec51d6b1aa3670053 + size: 5783117 + checksum: sha256:62b0fb59ca7babdf1f2558c69ff1ceb67358d455bbf107d32db851f0af8ef185 name: gnutls - evr: 3.6.16-8.el8_10.3 + evr: 3.6.16-8.el8_10.4 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/grep-3.1-6.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 1412532 checksum: sha256:c5d8342de1536365d5ccb340a4a381b40529eb98a6866981df956e4adc2727ac name: grep evr: 3.1-6.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/grub2-2.02-167.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/grub2-2.02-169.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 8328141 - checksum: sha256:f4628c23c03e887679455a758545da6b4c54a31210fc665df55cd192c440ecd0 + size: 8327955 + checksum: sha256:1f583a9551862935908b05cfe9c75f5d0fd7b3eb46896a938341fbdc700d51c2 name: grub2 - evr: 1:2.02-167.el8_10 + evr: 1:2.02-169.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/grubby-8.40-49.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 233771 @@ -7475,12 +7475,12 @@ arches: checksum: sha256:a139e44850d9210e2a662e676dd57a6a40323b1744a14be7a87221f8e36cffe5 name: libsigsegv evr: 2.11-5.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/l/libssh-0.9.6-14.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/l/libssh-0.9.6-16.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 1151415 - checksum: sha256:a04fb32a5bdaf33053918c3c931891fe7415a8ace08069b74d055931413056eb + size: 1151564 + checksum: sha256:71e885a125f15dbbce25f515cc80bd2df63a93c904e0b71c5645d27c18c9f98c name: libssh - evr: 0.9.6-14.el8 + evr: 0.9.6-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/l/libtasn1-4.13-5.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 1968290 @@ -7577,12 +7577,12 @@ arches: checksum: sha256:42a8826001f6a49c1385746f1c5ef3967c3f15fe6fa510fe001d5a232732661a name: openldap evr: 2.4.46-21.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/o/openssl-1.1.1k-14.el8_6.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/o/openssl-1.1.1k-14.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 7741480 - checksum: sha256:c97b10d6a034e025a19ec8443ef7c80755e3a407fe29a77dda95af958b199eed + size: 7743036 + checksum: sha256:01ef6da2173fdd58138e983a69f7213698673c3eddb23539d4876eaca0efc07d name: openssl - evr: 1:1.1.1k-14.el8_6 + evr: 1:1.1.1k-14.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/o/openssl-pkcs11-0.4.10-3.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 520347 @@ -7601,12 +7601,12 @@ arches: checksum: sha256:9dece924ffd6e5698e7cb865f01976d7786b8c3cc65e743cf9ce3a856baff95e name: p11-kit evr: 0.23.22-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/p/pam-1.3.1-38.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/p/pam-1.3.1-39.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 1183015 - checksum: sha256:868a69dca0a6655a20c150bff64b3fdb058a9b9ee763094ff4b70052d9db6c74 + size: 1185014 + checksum: sha256:dbbbd55c9700e19c59e4e425a6b6f08eb4cb77f68967e773b318a8dfbdfdfb93 name: pam - evr: 1.3.1-38.el8_10 + evr: 1.3.1-39.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/p/pcre-8.42-6.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 1617186 @@ -7691,12 +7691,12 @@ arches: checksum: sha256:72f87a1c0c92c9486bdb3748db880281fcc1f947bbedb99edbcebf189e4a5c40 name: setup evr: 2.12.2-9.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/s/shadow-utils-4.6-22.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/s/shadow-utils-4.6-23.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 1845120 - checksum: sha256:140a4273738ea9cfd1fc5627ebd66ad1696a5e3c959092b41bf5dc6d7657d8a6 + size: 1845199 + checksum: sha256:1f73218c7981d0fe5008adfb4b8460626ba2dfe43c4075f50045c48f8d9e30cd name: shadow-utils - evr: 2:4.6-22.el8 + evr: 2:4.6-23.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/s/shared-mime-info-1.9-4.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 644720 @@ -7709,12 +7709,12 @@ arches: checksum: sha256:26dc49ea369dc145166e0a3959cc132f45e3345b99a75420c8932af24f44668c name: sqlite evr: 3.26.0-20.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/s/systemd-239-82.el8_10.5.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/s/systemd-239-82.el8_10.8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 9161850 - checksum: sha256:a20ae7bd2f13fd756b2389ec6ba6f84e6a9be28df01b5a7d04dab93b492a0eab + size: 9188443 + checksum: sha256:a3ade60f73bb3137b94ac38205c321511b70e2bf61b79e2a25e31015fb415844 name: systemd - evr: 239-82.el8_10.5 + evr: 239-82.el8_10.8 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/t/texinfo-6.5-7.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 4544531 @@ -7727,18 +7727,18 @@ arches: checksum: sha256:ad79eab11673ac2f172276a993d98f2bf98c77728863f656d7cc0ab595d5b593 name: trousers evr: 0.3.15-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/t/tzdata-2025b-1.el8.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/t/tzdata-2025c-1.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 946701 - checksum: sha256:2f0ba51d371713287a690d9d1635b534113258aa2571862603d52870c1c8b60d + size: 960798 + checksum: sha256:c9798a08b98344921713d3183bda98727df494d83f96924604b6b755ddc30f61 name: tzdata - evr: 2025b-1.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/u/util-linux-2.32.1-46.el8.src.rpm + evr: 2025c-1.el8 + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/u/util-linux-2.32.1-47.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 4816801 - checksum: sha256:3fb688481dd062d917d8119cd64582a9e6ffa6736a6dbbf956d038a9115c6004 + size: 4817466 + checksum: sha256:e10e379f1386bdd6315e20cf735616747690c137ada562f47da85ca90ea966ee name: util-linux - evr: 2.32.1-46.el8 + evr: 2.32.1-47.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/w/which-2.21-21.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 171834 @@ -7764,7 +7764,7 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/d2a4f2509172c5298814ec415a405ff54f0e979c66a7a48997dc1f6f018aa77d-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/4f4dd2b3da4093890d352fbb8bc0953f32c6bb80367d50387512bbe7a5a96902-modules.yaml.gz repoid: rhel-8-for-x86_64-appstream-rpms - size: 754207 - checksum: sha256:d2a4f2509172c5298814ec415a405ff54f0e979c66a7a48997dc1f6f018aa77d + size: 780995 + checksum: sha256:4f4dd2b3da4093890d352fbb8bc0953f32c6bb80367d50387512bbe7a5a96902 diff --git a/scale/signatures/deploy.yaml b/scale/signatures/deploy.yaml index ce19a3fce5589..acfe97d1589c1 100644 --- a/scale/signatures/deploy.yaml +++ b/scale/signatures/deploy.yaml @@ -11,7 +11,7 @@ spec: spec: containers: - name: update-signature - image: quay.io/rhacs-eng/apollo-ci:stackrox-test-0.4.9 + image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 imagePullPolicy: IfNotPresent command: - /bin/bash diff --git a/scanner/enricher/csaf/internal/zreader/compression_string.go b/scanner/enricher/csaf/internal/zreader/compression_string.go index 50a5eb446f4e0..f0f1ab3bc02c8 100644 --- a/scanner/enricher/csaf/internal/zreader/compression_string.go +++ b/scanner/enricher/csaf/internal/zreader/compression_string.go @@ -19,8 +19,9 @@ const _Compression_name = "KindGzipKindZstdKindBzip2KindNone" var _Compression_index = [...]uint8{0, 8, 16, 25, 33} func (i Compression) String() string { - if i < 0 || i >= Compression(len(_Compression_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Compression_index)-1 { return "Compression(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Compression_name[_Compression_index[i]:_Compression_index[i+1]] + return _Compression_name[_Compression_index[idx]:_Compression_index[idx+1]] } diff --git a/scanner/enricher/fixedby/versiontype_string.go b/scanner/enricher/fixedby/versiontype_string.go index ca4539400f4a2..f98b5bfbe06d5 100644 --- a/scanner/enricher/fixedby/versiontype_string.go +++ b/scanner/enricher/fixedby/versiontype_string.go @@ -20,8 +20,9 @@ const _versionType_name = "unknownVersionTypenormalVersionTypeurlEncodedVersionT var _versionType_index = [...]uint8{0, 18, 35, 56, 73, 92} func (i versionType) String() string { - if i < 0 || i >= versionType(len(_versionType_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_versionType_index)-1 { return "versionType(" + strconv.FormatInt(int64(i), 10) + ")" } - return _versionType_name[_versionType_index[i]:_versionType_index[i+1]] + return _versionType_name[_versionType_index[idx]:_versionType_index[idx+1]] } diff --git a/scanner/image/db/konflux.Dockerfile b/scanner/image/db/konflux.Dockerfile index b5b7a29a5ccd0..101eb2e1ce5ab 100644 --- a/scanner/image/db/konflux.Dockerfile +++ b/scanner/image/db/konflux.Dockerfile @@ -1,4 +1,4 @@ -FROM registry.redhat.io/rhel8/postgresql-15:latest@sha256:b70af4767a5b34c4a67761aa28bee72b4f9cd1ce31245596640371f670d0dbba +FROM registry.redhat.io/rhel8/postgresql-15:latest@sha256:f5ff8f1968b4c842da981e234efee065c66bc5208d93055c3135b536f421d432 ARG BUILD_TAG RUN if [[ "$BUILD_TAG" == "" ]]; then >&2 echo "error: required BUILD_TAG arg is unset"; exit 6; fi @@ -11,7 +11,7 @@ LABEL \ io.k8s.display-name="scanner-v4-db" \ io.openshift.tags="rhacs,scanner-v4-db,stackrox" \ maintainer="Red Hat, Inc." \ - name="rhacs-scanner-v4-db-rhel8" \ + name="advanced-cluster-security/rhacs-scanner-v4-db-rhel8" \ # Custom Snapshot creation in `operator-bundle-pipeline` depends on source-location label to be set correctly. source-location="https://github.com/stackrox/stackrox" \ summary="Scanner v4 DB for Red Hat Advanced Cluster Security for Kubernetes" \ diff --git a/scanner/image/scanner/konflux.Dockerfile b/scanner/image/scanner/konflux.Dockerfile index fe683fe12793e..a937ca796ee82 100644 --- a/scanner/image/scanner/konflux.Dockerfile +++ b/scanner/image/scanner/konflux.Dockerfile @@ -1,4 +1,4 @@ -FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.24@sha256:beed4519c775d6123c11351048be29e6f93ab0adaea2c7d55977b445966f5b27 AS builder +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.25@sha256:527782f4a0270f786192281f68d0374f4a21b3ab759643eee4bfcafb6f539468 AS builder ARG BUILD_TAG RUN if [[ "$BUILD_TAG" == "" ]]; then >&2 echo "error: required BUILD_TAG arg is unset"; exit 6; fi @@ -17,7 +17,7 @@ WORKDIR /src RUN make -C scanner NODEPS=1 CGO_ENABLED=1 image/scanner/bin/scanner copy-scripts -FROM registry.access.redhat.com/ubi8-minimal:latest@sha256:43dde01be4e94afd22d8d95ee8abcc9f610b4e50aff5bcc141b558c74d4c68b5 +FROM registry.access.redhat.com/ubi8-minimal:latest@sha256:9f5006710578c36da022efbc740b27821056d504d582e1aeb204a602d2e8e4ce ARG BUILD_TAG @@ -29,7 +29,7 @@ LABEL \ io.k8s.display-name="scanner-v4" \ io.openshift.tags="rhacs,scanner-v4,stackrox" \ maintainer="Red Hat, Inc." \ - name="rhacs-scanner-v4-rhel8" \ + name="advanced-cluster-security/rhacs-scanner-v4-rhel8" \ # Custom Snapshot creation in `operator-bundle-pipeline` depends on source-location label to be set correctly. source-location="https://github.com/stackrox/stackrox" \ summary="The image scanner v4 for Red Hat Advanced Cluster Security for Kubernetes" \ diff --git a/scripts/ci/artifacts-publish/prepare-cli.sh b/scripts/ci/artifacts-publish/prepare-cli.sh new file mode 100755 index 0000000000000..739c014de13bf --- /dev/null +++ b/scripts/ci/artifacts-publish/prepare-cli.sh @@ -0,0 +1,67 @@ +#!/usr/bin/env bash + +# prepare-cli.sh +# Prepares cli artifacts in a layout in which they should be stored in a remote GCS bucket. + +set -euo pipefail + +die() { + echo >&2 "$@" + exit 1 +} + +source_dir="${1:-}" +target_dir="${2:-}" + +[[ -d "$source_dir" ]] || die "Source directory ${source_dir} does not exist" +[[ -d "$target_dir" ]] || die "Target directory ${target_dir} does not exist" + +# Define supported platforms for each app. +declare -A app_platforms +app_platforms[roxagent]="Linux linux" +app_platforms[roxctl]="Linux linux Darwin darwin Windows windows" + +# Set up directory structure +mkdir "${target_dir}/bin" + +# Process each app and its supported platforms +for app in roxagent roxctl; do + declare -a platforms="(${app_platforms["${app}"]})" + for platform in "${platforms[@]}"; do + mkdir -p "${target_dir}/bin/${platform}" + + app_bin="${app}" + if [[ "${platform}" =~ Windows|windows ]]; then + app_bin="${app}.exe" + fi + + platform_lower="$(echo "$platform" | tr '[:upper:]' '[:lower:]')" + + # x86_64 binaries don't mention architecture for compatibility with existing users (and their scripts). + cp "${source_dir}/bin/${platform_lower}_amd64/${app_bin}" "${target_dir}/bin/${platform}/${app_bin}" + + # Binaries for other architectures should mention arch. The suggestion is to do it in the filename: + # https://mirror.openshift.com/pub/rhacs/assets///roxctl-[.filetype] + # See https://issues.redhat.com/browse/ROX-14701. + # We may later want to add binaries with explicit x86_64 architecture which would be roxctl-amd64[.exe]. + if [[ "${platform}" =~ Linux|linux ]]; then + for arch in "arm64" "ppc64le" "s390x"; do + cp "${source_dir}/bin/${platform_lower}_${arch}/${app_bin}" "${target_dir}/bin/${platform}/${app_bin}-${arch}" + done + fi + + if [[ "${platform}" =~ Darwin|darwin ]]; then + cp "${source_dir}/bin/${platform_lower}_arm64/${app_bin}" "${target_dir}/bin/${platform}/${app_bin}-arm64" + fi + done +done + +# Create sha256sum.txt checksum files + +find "${target_dir}" -name "sha256sum.txt" -exec rm {} \; +while IFS='' read -r dir || [[ -n "$dir" ]]; do + ( + cd "$dir" + sha256sum ./* >sha256sum.txt + ) +done < <(find "${target_dir}" -type f -print0 | xargs -0 -n 1 dirname | sort -u) diff --git a/scripts/ci/artifacts-publish/prepare-roxctl.sh b/scripts/ci/artifacts-publish/prepare-roxctl.sh deleted file mode 100755 index adf0d25ac049c..0000000000000 --- a/scripts/ci/artifacts-publish/prepare-roxctl.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env bash - -# prepare.sh -# Prepares roxctl artifacts in a layout in which they should be stored in a remote GCS bucket. - -set -euo pipefail - -die() { - echo >&2 "$@" - exit 1 -} - -source_dir="${1:-}" -target_dir="${2:-}" - -[[ -d "$source_dir" ]] || die "Source directory ${source_dir} does not exist" -[[ -d "$target_dir" ]] || die "Target directory ${target_dir} does not exist" - -# Set up directory structure - -mkdir "${target_dir}/bin" - -for platform in Linux Darwin Windows; do - platform_lower="$(echo "$platform" | tr '[:upper:]' '[:lower:]')" - - mkdir "${target_dir}/bin/${platform}" - mkdir "${target_dir}/bin/${platform_lower}" - - roxctl_bin="roxctl" - if [[ "${platform}" == "Windows" ]]; then - roxctl_bin="roxctl.exe" - fi - - # x86_64 binaries don't mention architecture for compatibility with existing users (and their scripts). - cp "${source_dir}/bin/${platform_lower}_amd64/${roxctl_bin}" "${target_dir}/bin/${platform}/${roxctl_bin}" - cp "${source_dir}/bin/${platform_lower}_amd64/${roxctl_bin}" "${target_dir}/bin/${platform_lower}/${roxctl_bin}" - - # Binaries for other architectures should mention arch. The suggestion is to do it in the filename: - # https://mirror.openshift.com/pub/rhacs/assets///roxctl-[.filetype] - # See https://issues.redhat.com/browse/ROX-14701. - # We may later want to add binaries with explicit x86_64 architecture which would be roxctl-amd64[.exe]. - if [[ "${platform}" == "Linux" ]]; then - cp "${source_dir}/bin/${platform_lower}_arm64/${roxctl_bin}" "${target_dir}/bin/${platform}/${roxctl_bin}-arm64" - cp "${source_dir}/bin/${platform_lower}_arm64/${roxctl_bin}" "${target_dir}/bin/${platform_lower}/${roxctl_bin}-arm64" - - cp "${source_dir}/bin/${platform_lower}_ppc64le/${roxctl_bin}" "${target_dir}/bin/${platform}/${roxctl_bin}-ppc64le" - cp "${source_dir}/bin/${platform_lower}_ppc64le/${roxctl_bin}" "${target_dir}/bin/${platform_lower}/${roxctl_bin}-ppc64le" - - cp "${source_dir}/bin/${platform_lower}_s390x/${roxctl_bin}" "${target_dir}/bin/${platform}/${roxctl_bin}-s390x" - cp "${source_dir}/bin/${platform_lower}_s390x/${roxctl_bin}" "${target_dir}/bin/${platform_lower}/${roxctl_bin}-s390x" - fi - - if [[ "${platform}" == "Darwin" ]]; then - cp "${source_dir}/bin/${platform_lower}_arm64/${roxctl_bin}" "${target_dir}/bin/${platform}/${roxctl_bin}-arm64" - cp "${source_dir}/bin/${platform_lower}_arm64/${roxctl_bin}" "${target_dir}/bin/${platform_lower}/${roxctl_bin}-arm64" - fi -done - -# Create sha256sum.txt checksum files - -find "${target_dir}" -name "sha256sum.txt" -exec rm {} \; -while IFS='' read -r dir || [[ -n "$dir" ]]; do - ( cd "$dir" ; sha256sum ./* >sha256sum.txt ) -done < <(find "${target_dir}" -type f -print0 | xargs -0 -n 1 dirname | sort -u) diff --git a/scripts/ci/jobs/check-konflux-setup.sh b/scripts/ci/jobs/check-konflux-setup.sh index 052e768a1f1a7..d150a5482c963 100755 --- a/scripts/ci/jobs/check-konflux-setup.sh +++ b/scripts/ci/jobs/check-konflux-setup.sh @@ -8,58 +8,13 @@ set -euo pipefail FAIL_FLAG="$(mktemp)" trap 'rm -f $FAIL_FLAG' EXIT -check_create_snapshot_runs_last() { - local -r pipeline_path=".tekton/operator-bundle-pipeline.yaml" - local -r task_name="create-acs-style-snapshot" - - local expected_runafter - expected_runafter="$(yq eval '.spec.tasks[] | select(.name != '\"${task_name}\"') | .name' "${pipeline_path}" | sort)" - - local actual_runafter - actual_runafter="$(yq eval '.spec.tasks[] | select(.name == '\"${task_name}\"') | .runAfter[]' "${pipeline_path}")" - - echo - echo "➤ ${pipeline_path} // checking ${task_name}: task's runAfter contents shall match the expected ones." - if ! compare "${expected_runafter}" "${actual_runafter}"; then - echo >&2 -e "How to resolve: -1. Open ${pipeline_path} and locate the ${task_name} task -2. Update the runAfter attribute of this task to the following list (all previous tasks in the pipeline, sorted alphabetically): -${expected_runafter}" - record_failure "${FUNCNAME[0]}" - fi -} - -check_all_components_are_part_of_custom_snapshot() { - local -r pipeline_path=".tekton/operator-bundle-pipeline.yaml" - local -r task_name="create-acs-style-snapshot" - - # Actual components are based on the COMPONENTS parameter and stored as sorted multi-line string. - local actual_components - actual_components="$(yq eval '.spec.tasks[] | select(.name == '\"${task_name}\"') | .params[] | select(.name == "COMPONENTS") | .value' "${pipeline_path}" | yq eval '.[].name' - | tr " " "\n" | sort)" - - # Expected components are based on the wait-for-*-image task plus the operator-bundle and stored as a sorted multi-line string. - local expected_components_from_images - local expected_components - expected_components_from_images="$(yq eval '.spec.tasks[] | select(.name == "wait-for-*-image") | .name | sub("(wait-for-|-image)", "")' ${pipeline_path})" - expected_components=$(echo "${expected_components_from_images} operator-bundle" | tr " " "\n" | sort) - - echo - echo "➤ ${pipeline_path} // checking ${task_name}: COMPONENTS contents shall include all ACS images." - if ! compare "${expected_components}" "${actual_components}"; then - echo >&2 -e "How to resolve: -1. Open ${pipeline_path} and locate the ${task_name} task -2. Update the COMPONENTS parameter of this task to include entries for the missing components or delete references to removed components. COMPONENTS should include entries for (sorted alphabetically): -${expected_components}" - record_failure "${FUNCNAME[0]}" - fi -} - check_example_rpmdb_files_are_ignored() { # At the time of this writing, Konflux uses syft to generate SBOMs for built containers. # If we happen to have test rpmdb databases in the repo, syft will union their contents with RPMs that it finds # installed in the container resulting in a misleading SBOM. # This check is to make sure the exclusion list in Syft config enumerates all such rpmdbs. # Ref https://github.com/anchore/syft/wiki/configuration + # TODO: the check can be removed after KONFLUX-3515 is implemented. local -r syft_config=".syft.yaml" local -r exclude_attribute=".exclude" @@ -99,8 +54,6 @@ record_failure() { } echo "Checking our Konflux pipelines and builds setup." -check_create_snapshot_runs_last -check_all_components_are_part_of_custom_snapshot check_example_rpmdb_files_are_ignored if [[ -s "$FAIL_FLAG" ]]; then diff --git a/scripts/ci/lib.sh b/scripts/ci/lib.sh index 491388d97d6b1..23fe73e625db2 100755 --- a/scripts/ci/lib.sh +++ b/scripts/ci/lib.sh @@ -83,21 +83,25 @@ handle_dangling_processes() { info "Process state at exit:" ps -e -O ppid - local psline this_pid pid - ps -e -O ppid | while read -r psline; do + local psline pid ppid + ps -e -O ppid | while read -r pid ppid psline; do + # Example output: + # PID PPID S TTY TIME COMMAND + # 1 0 S ? 00:00:00 /tmp/entrypoint-wrapper/entrypoint-wrapper /tools/entrypoint + # [...] + # 179283 25 R ? 00:00:00 ps -e -O ppid + # trim leading whitespace - psline="$(echo "$psline" | xargs)" - if [[ "$psline" =~ ^PID ]]; then + psline="$pid $ppid $psline" + if [[ "$pid" == "PID" ]]; then # Ignoring header continue fi - this_pid="$$" - if [[ "$psline" =~ ^$this_pid ]]; then + if [[ "$pid" == "$$" ]]; then echo "Ignoring self: $psline" continue fi - # shellcheck disable=SC1087 - if [[ "$psline" =~ [[:space:]]$this_pid[[:space:]] ]]; then + if [[ "$ppid" == "$$" ]]; then echo "Ignoring child: $psline" continue fi @@ -106,7 +110,6 @@ handle_dangling_processes() { continue fi echo "A candidate to kill: $psline" - pid="$(echo "$psline" | cut -d' ' -f1)" echo "Will kill $pid" kill "$pid" || { echo "Error killing $pid" @@ -949,9 +952,9 @@ check_collector_version() { fi } -publish_roxctl() { +publish_cli() { if [[ "$#" -ne 1 ]]; then - die "missing arg. usage: publish_roxctl " + die "missing arg. usage: publish_cli " fi local tag="$1" @@ -960,7 +963,7 @@ publish_roxctl() { local temp_dir temp_dir="$(mktemp -d)" - "${SCRIPTS_ROOT}/scripts/ci/artifacts-publish/prepare-roxctl.sh" . "${temp_dir}" + "${SCRIPTS_ROOT}/scripts/ci/artifacts-publish/prepare-cli.sh" . "${temp_dir}" "${SCRIPTS_ROOT}/scripts/ci/artifacts-publish/publish.sh" "${temp_dir}" "${tag}" "gs://sr-roxc" "${SCRIPTS_ROOT}/scripts/ci/artifacts-publish/publish.sh" "${temp_dir}" "${tag}" "gs://rhacs-openshift-mirror-src/assets" } diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-connections.yml b/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-connections.yml index caa5ffa9d97e3..b69487ad4912e 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-connections.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-connections.yml @@ -13,10 +13,10 @@ data: server = true address = "223.42.0.1" target_port = 1337 - arrival_rate = 10 - departure_rate = 10 + arrival_rate = 0.1 + departure_rate = 0.1 conns_per_addr = 2 - nconnections = 4000 + nconnections = 100 network-client.toml: | restart_interval = 10 @@ -28,7 +28,7 @@ data: server = false address = "223.42.0.1" target_port = 1337 - arrival_rate = 10 - departure_rate = 10 + arrival_rate = 0.1 + departure_rate = 0.1 conns_per_addr = 2 - nconnections = 4000 + nconnections = 100 diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-endpoints-zipf.yml b/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-endpoints-zipf.yml index a221a17326dff..8841c5541cd58 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-endpoints-zipf.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-endpoints-zipf.yml @@ -10,5 +10,5 @@ data: [workload] type = "endpoints" distribution = "zipf" - n_ports = 2000 + n_ports = 200 exponent = 1.4 diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-processes.yml b/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-processes.yml deleted file mode 100644 index c006a48b997a9..0000000000000 --- a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-processes.yml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{.JobName}}-berserker-process-config -data: - workload.toml: | - restart_interval = 10 - - [workload] - type = "processes" - arrival_rate = 1000.0 - departure_rate = 200.0 - random_process = true diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/config.yml b/scripts/release-tools/kube-burner-configs/berserker-load/config.yml index 52a2c63efb9c8..466080c1e1c7d 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/config.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/config.yml @@ -19,10 +19,10 @@ jobs: waitWhenFinished: true preLoadImages: true preLoadPeriod: 30s - churn: true + churn: false churnDuration: 1000h - churnDelay: 10m - churnPercent: 80 + churnDelay: 200h + churnPercent: 20 namespaceLabels: security.openshift.io/scc.podSecurityLabelSync: false pod-security.kubernetes.io/enforce: privileged @@ -30,23 +30,23 @@ jobs: pod-security.kubernetes.io/warn: privileged objects: - - objectTemplate: process-load-daemonset.yml - replicas: 6 + - objectTemplate: process-load-deployment.yml + replicas: 5 inputVars: podReplicas: 2 - - objectTemplate: endpoint-load-daemonset.yml - replicas: 6 + - objectTemplate: endpoint-load-deployment.yml + replicas: 5 inputVars: podReplicas: 2 - - objectTemplate: connection-load-daemonset.yml - replicas: 6 + - objectTemplate: connection-load-deployment.yml + replicas: 5 inputVars: podReplicas: 2 - objectTemplate: service.yml - replicas: 10 + replicas: 5 - objectTemplate: secret.yml replicas: 10 @@ -56,6 +56,3 @@ jobs: - objectTemplate: berserker-configmap-connections.yml replicas: 10 - - - objectTemplate: berserker-configmap-processes.yml - replicas: 10 diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/connection-load-daemonset.yml b/scripts/release-tools/kube-burner-configs/berserker-load/connection-load-deployment.yml similarity index 95% rename from scripts/release-tools/kube-burner-configs/berserker-load/connection-load-daemonset.yml rename to scripts/release-tools/kube-burner-configs/berserker-load/connection-load-deployment.yml index 4a6d8a3a53985..6e218d4ac8909 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/connection-load-daemonset.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/connection-load-deployment.yml @@ -1,5 +1,5 @@ # We only want unicast addresses -{{ $ip1 := randInt 1 223 }} +{{ $ip1 := randInt 0 223 }} {{ $ip2 := randInt 0 255 }} {{ $ip3 := randInt 0 255 }} {{ $ip4 := randInt 0 255 }} @@ -7,11 +7,12 @@ {{ $ip := printf "%d.%d.%d.%d/16" $ip1 $ip2 $ip3 $ip4 }} {{ $berserker_address := printf "%d.%d.%d.%d" $ip1 $ip2 $ip3 $ip4 }} -kind: DaemonSet +kind: Deployment apiVersion: apps/v1 metadata: name: connection-load-{{.Replica}} spec: + replicas: {{.podReplicas}} selector: matchLabels: app: connection-load-{{.Replica}} @@ -29,7 +30,7 @@ spec: memory: "100Mi" cpu: "25m" limits: - memory: "180Mi" + memory: "100Mi" cpu: "25m" env: - name: IP_BASE diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-daemonset.yml b/scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-deployment.yml similarity index 95% rename from scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-daemonset.yml rename to scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-deployment.yml index 969c475fcc4d7..45b34a80a8019 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-daemonset.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-deployment.yml @@ -1,9 +1,10 @@ --- -kind: DaemonSet +kind: Deployment apiVersion: apps/v1 metadata: name: endpoint-load-{{.Replica}} spec: + replicas: {{.podReplicas}} selector: matchLabels: app: endpoint-load-{{.Replica}} @@ -21,7 +22,7 @@ spec: memory: "100Mi" cpu: "25m" limits: - memory: "180Mi" + memory: "100Mi" cpu: "25m" volumeMounts: - name: config diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/process-load-daemonset.yml b/scripts/release-tools/kube-burner-configs/berserker-load/process-load-deployment.yml similarity index 74% rename from scripts/release-tools/kube-burner-configs/berserker-load/process-load-daemonset.yml rename to scripts/release-tools/kube-burner-configs/berserker-load/process-load-deployment.yml index 8c11c9c4223d9..11d638907e4bb 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/process-load-daemonset.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/process-load-deployment.yml @@ -1,9 +1,10 @@ --- -kind: DaemonSet +kind: Deployment apiVersion: apps/v1 metadata: name: process-load-{{.Replica}} spec: + replicas: {{.podReplicas}} selector: matchLabels: app: process-load-{{.Replica}} @@ -21,15 +22,11 @@ spec: image: quay.io/rhacs-eng/qa:berserker-1.0-63-g7b0a20bf5f resources: requests: - memory: "10Mi" - cpu: "15m" + memory: "100Mi" + cpu: "25m" limits: - memory: "10Mi" - cpu: "15m" - volumeMounts: - - name: config - mountPath: "/etc/berserker" - readOnly: true + memory: "100Mi" + cpu: "25m" imagePullPolicy: IfNotPresent name: berserker env: @@ -42,13 +39,6 @@ spec: - path: "labels" fieldRef: fieldPath: metadata.labels - volumes: - - name: config - configMap: - name: {{.JobName}}-berserker-process-config - items: - - key: workload.toml - path: workload.toml # Add not-ready/unreachable tolerations for 15 minutes so that node # failure doesn't trigger pod deletion. tolerations: diff --git a/sensor/kubernetes/listener/resource_event_handler.go b/sensor/kubernetes/listener/resource_event_handler.go index 62d190beb4dda..ad0788d38ed6d 100644 --- a/sensor/kubernetes/listener/resource_event_handler.go +++ b/sensor/kubernetes/listener/resource_event_handler.go @@ -11,6 +11,7 @@ import ( "github.com/stackrox/rox/pkg/complianceoperator" "github.com/stackrox/rox/pkg/concurrency" "github.com/stackrox/rox/pkg/env" + "github.com/stackrox/rox/pkg/features" kubernetesPkg "github.com/stackrox/rox/pkg/kubernetes" "github.com/stackrox/rox/pkg/sync" "github.com/stackrox/rox/pkg/utils" @@ -188,34 +189,41 @@ func (k *listenerImpl) handleAllEvents() { } // VirtualMachine Watcher and Informers + // We should track virtual machines only if the feature is enabled and CRDs are available. + shouldTrackVirtualMachines := features.VirtualMachines.Enabled() var virtualMachineInformer, virtualMachineInstanceInformer cache.SharedIndexInformer - vmWatcher := crd.NewCRDWatcher(&k.stopSig, dynamicSif) - vmAvailabilityChecker := virtualMachineAvailabilityChecker.NewAvailabilityChecker() - if err := vmAvailabilityChecker.AppendToCRDWatcher(vmWatcher); err != nil { - log.Errorf("Unable to add the Resource to the VirtualMachine CRD Watcher: %v", err) - } - - vmCrdHandlerFn := crdWatcherCallbackWrapper(k.context, - allResourcesAvailable(), - k.pubSub, - "VirtualMachine resources have been updated. Connection will restart to force reconciliation with Central") + // Leaving this check explicitly here for clarity, that we don't want to + // call this code when the feature is disabled. + if features.VirtualMachines.Enabled() { + vmWatcher := crd.NewCRDWatcher(&k.stopSig, dynamicSif) + vmAvailabilityChecker := virtualMachineAvailabilityChecker.NewAvailabilityChecker() + if err := vmAvailabilityChecker.AppendToCRDWatcher(vmWatcher); err != nil { + log.Errorf("Unable to add the Resource to the VirtualMachine CRD Watcher: %v", err) + } - virtualMachineIsAvailable, err := vmAvailabilityChecker.Available(k.client) - if err != nil { - log.Errorf("Failed to check the availability of Virtual Machine resources: %v", err) - } - if virtualMachineIsAvailable { - log.Info("Initializing virtual machine informers") - virtualMachineInformer = crdSharedInformerFactory.ForResource(virtualmachine.VirtualMachine.GroupVersionResource()).Informer() - virtualMachineInstanceInformer = crdSharedInformerFactory.ForResource(virtualmachine.VirtualMachineInstance.GroupVersionResource()).Informer() - // Override the vmCrdHandlerFn to only handle when the resources become unavailable - vmCrdHandlerFn = crdWatcherCallbackWrapper(k.context, - resourcesUnavailable(), + vmCrdHandlerFn := crdWatcherCallbackWrapper(k.context, + allResourcesAvailable(), k.pubSub, - "VirtualMachine resources have been removed. Connection will restart to force reconciliation with Central") - } - if err := vmWatcher.Watch(vmCrdHandlerFn); err != nil { - log.Errorf("Failed to start watching the VirtualMachine CRDs: %v", err) + "VirtualMachine resources have been updated. Connection will restart to force reconciliation with Central") + + shouldTrackVirtualMachines, err = vmAvailabilityChecker.Available(k.client) + if err != nil { + log.Errorf("Failed to check the availability of Virtual Machine resources: %v", err) + } + + if shouldTrackVirtualMachines { + log.Info("Initializing virtual machine informers") + virtualMachineInformer = crdSharedInformerFactory.ForResource(virtualmachine.VirtualMachine.GroupVersionResource()).Informer() + virtualMachineInstanceInformer = crdSharedInformerFactory.ForResource(virtualmachine.VirtualMachineInstance.GroupVersionResource()).Informer() + // Override the vmCrdHandlerFn to only handle when the resources become unavailable + vmCrdHandlerFn = crdWatcherCallbackWrapper(k.context, + resourcesUnavailable(), + k.pubSub, + "VirtualMachine resources have been removed. Connection will restart to force reconciliation with Central") + } + if err := vmWatcher.Watch(vmCrdHandlerFn); err != nil { + log.Errorf("Failed to start watching the VirtualMachine CRDs: %v", err) + } } // This call to clusterID.Get might block if a cluster ID is initially unavailable, which is okay. @@ -316,7 +324,7 @@ func (k *listenerImpl) handleAllEvents() { handle(k.context, complianceRemediationInformer, dispatchers.ForComplianceOperatorRemediations(), k.outputQueue, &syncingResources, noDependencyWaitGroup, stopSignal, &eventLock) } - if virtualMachineIsAvailable { + if shouldTrackVirtualMachines { // We sync first the VirtualMachineInstances // This is because if both informers are racing in the sync, we could // send duplicate update events during sync @@ -329,7 +337,7 @@ func (k *listenerImpl) handleAllEvents() { } log.Info("Successfully synced secrets, service accounts and roles") - if virtualMachineIsAvailable { + if shouldTrackVirtualMachines { // At this point the VirtualMachineInstances should be synced log.Info("Syncing virtual machines") vmWaitGroup := &concurrency.WaitGroup{} diff --git a/sensor/kubernetes/listener/resources/convert_mutating_test.go b/sensor/kubernetes/listener/resources/convert_mutating_test.go index bcc79ba3a3394..f0678db1b77fe 100644 --- a/sensor/kubernetes/listener/resources/convert_mutating_test.go +++ b/sensor/kubernetes/listener/resources/convert_mutating_test.go @@ -19,6 +19,9 @@ import ( func TestConvertDifferentContainerNumbers(t *testing.T) { + defaultSecurityContext := &storage.SecurityContext{ + AllowPrivilegeEscalation: true, + } storeProvider := InitializeStore(nil) cases := []struct { name string @@ -139,7 +142,7 @@ func TestConvertDifferentContainerNumbers(t *testing.T) { Config: &storage.ContainerConfig{ Env: []*storage.ContainerConfig_EnvironmentConfig{}, }, - SecurityContext: &storage.SecurityContext{}, + SecurityContext: defaultSecurityContext, Resources: &storage.Resources{}, LivenessProbe: &storage.LivenessProbe{Defined: false}, ReadinessProbe: &storage.ReadinessProbe{Defined: false}, @@ -160,7 +163,7 @@ func TestConvertDifferentContainerNumbers(t *testing.T) { Config: &storage.ContainerConfig{ Env: []*storage.ContainerConfig_EnvironmentConfig{}, }, - SecurityContext: &storage.SecurityContext{}, + SecurityContext: defaultSecurityContext, Resources: &storage.Resources{}, LivenessProbe: &storage.LivenessProbe{Defined: false}, ReadinessProbe: &storage.ReadinessProbe{Defined: false}, @@ -277,7 +280,7 @@ func TestConvertDifferentContainerNumbers(t *testing.T) { Config: &storage.ContainerConfig{ Env: []*storage.ContainerConfig_EnvironmentConfig{}, }, - SecurityContext: &storage.SecurityContext{}, + SecurityContext: defaultSecurityContext, Resources: &storage.Resources{}, LivenessProbe: &storage.LivenessProbe{Defined: false}, ReadinessProbe: &storage.ReadinessProbe{Defined: false}, @@ -298,7 +301,7 @@ func TestConvertDifferentContainerNumbers(t *testing.T) { Config: &storage.ContainerConfig{ Env: []*storage.ContainerConfig_EnvironmentConfig{}, }, - SecurityContext: &storage.SecurityContext{}, + SecurityContext: defaultSecurityContext, Resources: &storage.Resources{}, LivenessProbe: &storage.LivenessProbe{Defined: false}, ReadinessProbe: &storage.ReadinessProbe{Defined: false}, diff --git a/sensor/kubernetes/listener/resources/convert_override_test.go b/sensor/kubernetes/listener/resources/convert_override_test.go index a211369893f93..1c2ab16328cae 100644 --- a/sensor/kubernetes/listener/resources/convert_override_test.go +++ b/sensor/kubernetes/listener/resources/convert_override_test.go @@ -18,6 +18,9 @@ import ( ) func TestConvertWithRegistryOverride(t *testing.T) { + defaultSecurityContext := &storage.SecurityContext{ + AllowPrivilegeEscalation: true, + } base := struct { inputObj interface{} deploymentType string @@ -124,7 +127,7 @@ func TestConvertWithRegistryOverride(t *testing.T) { Config: &storage.ContainerConfig{ Env: []*storage.ContainerConfig_EnvironmentConfig{}, }, - SecurityContext: &storage.SecurityContext{}, + SecurityContext: defaultSecurityContext, Resources: &storage.Resources{}, Image: &storage.ContainerImage{ Id: "sha256:aa561c3bb9fed1b028520cce3852e6c9a6a91161df9b92ca0c3a20ebecc0581a", @@ -144,7 +147,7 @@ func TestConvertWithRegistryOverride(t *testing.T) { Id: "sha256:6b561c3bb9fed1b028520cce3852e6c9a6a91161df9b92ca0c3a20ebecc0581a", Name: &storage.ImageName{}, }, - SecurityContext: &storage.SecurityContext{}, + SecurityContext: defaultSecurityContext, Resources: &storage.Resources{}, LivenessProbe: &storage.LivenessProbe{Defined: false}, ReadinessProbe: &storage.ReadinessProbe{Defined: false}, diff --git a/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachineinstances.go b/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachineinstances.go index 1ad8d2d8ead7c..8539e62668459 100644 --- a/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachineinstances.go +++ b/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachineinstances.go @@ -2,6 +2,7 @@ package dispatcher import ( "github.com/stackrox/rox/generated/internalapi/central" + "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/logging" "github.com/stackrox/rox/sensor/common/virtualmachine" "github.com/stackrox/rox/sensor/kubernetes/eventpipeline/component" @@ -40,6 +41,9 @@ func (d *VirtualMachineInstanceDispatcher) ProcessEvent( _ interface{}, action central.ResourceAction, ) *component.ResourceEvent { + if !features.VirtualMachines.Enabled() { + return nil + } virtualMachineInstance := &kubeVirtV1.VirtualMachineInstance{} if err := k8sUtils.FromUnstructuredToSpecificTypePointer(obj, virtualMachineInstance); err != nil { log.Errorf("unable to convert 'Unstructured' to 'VirtualMachineInstance': %v", err) diff --git a/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachineinstances_test.go b/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachineinstances_test.go index 16c5c1c360454..4e5b7267cbc8a 100644 --- a/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachineinstances_test.go +++ b/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachineinstances_test.go @@ -6,6 +6,7 @@ import ( "github.com/stackrox/rox/generated/internalapi/central" virtualMachineV1 "github.com/stackrox/rox/generated/internalapi/virtualmachine/v1" + "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/pkg/virtualmachine" vmInfo "github.com/stackrox/rox/sensor/common/virtualmachine" "github.com/stackrox/rox/sensor/kubernetes/eventpipeline/component" @@ -43,6 +44,8 @@ var _ suite.SetupSubTest = (*virtualMachineInstanceSuite)(nil) var _ suite.TearDownSubTest = (*virtualMachineInstanceSuite)(nil) func (s *virtualMachineInstanceSuite) SetupSubTest() { + s.T().Setenv(features.VirtualMachines.EnvVar(), "true") + s.mockCtrl = gomock.NewController(s.T()) s.store = mocks.NewMockvirtualMachineStore(s.mockCtrl) s.dispatcher = NewVirtualMachineInstanceDispatcher(clusterID, s.store) diff --git a/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachines.go b/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachines.go index 77fc512e8fdd6..eec3b540118cf 100644 --- a/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachines.go +++ b/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachines.go @@ -2,6 +2,7 @@ package dispatcher import ( "github.com/stackrox/rox/generated/internalapi/central" + "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/sensor/common/virtualmachine" "github.com/stackrox/rox/sensor/kubernetes/eventpipeline/component" "github.com/stackrox/rox/sensor/kubernetes/utils" @@ -30,6 +31,9 @@ func (d *VirtualMachineDispatcher) ProcessEvent( _ interface{}, action central.ResourceAction, ) *component.ResourceEvent { + if !features.VirtualMachines.Enabled() { + return nil + } virtualMachine := &kubeVirtV1.VirtualMachine{} if err := utils.FromUnstructuredToSpecificTypePointer(obj, virtualMachine); err != nil { log.Errorf("unable to convert 'Unstructured' to 'VirtualMachine': %v", err) diff --git a/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachines_test.go b/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachines_test.go index a937ef44285a0..e90e714a4c11c 100644 --- a/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachines_test.go +++ b/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/virtualmachines_test.go @@ -5,6 +5,7 @@ import ( "github.com/stackrox/rox/generated/internalapi/central" virtualMachineV1 "github.com/stackrox/rox/generated/internalapi/virtualmachine/v1" + "github.com/stackrox/rox/pkg/features" "github.com/stackrox/rox/sensor/common/virtualmachine" "github.com/stackrox/rox/sensor/kubernetes/eventpipeline/component" "github.com/stackrox/rox/sensor/kubernetes/listener/resources/virtualmachine/dispatcher/mocks" @@ -37,6 +38,8 @@ var _ suite.SetupSubTest = (*virtualMachineSuite)(nil) var _ suite.TearDownSubTest = (*virtualMachineSuite)(nil) func (s *virtualMachineSuite) SetupSubTest() { + s.T().Setenv(features.VirtualMachines.EnvVar(), "true") + s.mockCtrl = gomock.NewController(s.T()) s.store = mocks.NewMockvirtualMachineStore(s.mockCtrl) s.dispatcher = NewVirtualMachineDispatcher(clusterID, s.store) diff --git a/sensor/upgrader/resources/purpose_string.go b/sensor/upgrader/resources/purpose_string.go index 9c2cfd29db16f..7b690efe6087a 100644 --- a/sensor/upgrader/resources/purpose_string.go +++ b/sensor/upgrader/resources/purpose_string.go @@ -17,9 +17,9 @@ const _Purpose_name = "StateResourceBundleResource" var _Purpose_index = [...]uint8{0, 13, 27} func (i Purpose) String() string { - i -= 1 - if i < 0 || i >= Purpose(len(_Purpose_index)-1) { - return "Purpose(" + strconv.FormatInt(int64(i+1), 10) + ")" + idx := int(i) - 1 + if i < 1 || idx >= len(_Purpose_index)-1 { + return "Purpose(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Purpose_name[_Purpose_index[i]:_Purpose_index[i+1]] + return _Purpose_name[_Purpose_index[idx]:_Purpose_index[idx+1]] } diff --git a/tests/common.go b/tests/common.go index 06d905783f8d3..9781255a65829 100644 --- a/tests/common.go +++ b/tests/common.go @@ -337,7 +337,10 @@ func createK8sClientWithConfig(t T, restCfg *rest.Config) kubernetes.Interface { retryClient.RetryWaitMax = 2 * time.Second retryClient.Logger = logWrapper{t: t} if restCfg.Timeout == 0 { - restCfg.Timeout = 10 * time.Second + // Increased from 10s to 30s to handle slower API responses, especially + // in compatibility test scenarios with mixed versions (e.g., old Central + // with new Sensor). + restCfg.Timeout = 30 * time.Second } // Set retryable timeout to 90% of rest config timeout to allow retries retryClient.HTTPClient.Timeout = (9 * restCfg.Timeout) / 10 diff --git a/tests/compliance_operator_v2_test.go b/tests/compliance_operator_v2_test.go index 37eaf47d7df53..404d4cabc2206 100644 --- a/tests/compliance_operator_v2_test.go +++ b/tests/compliance_operator_v2_test.go @@ -46,7 +46,7 @@ const ( var ( scanName = "sync-test" initialProfiles = []string{"ocp4-cis"} - updatedProfiles = []string{"ocp4-cis-1-4", "ocp4-cis-node-1-4"} + updatedProfiles = []string{"ocp4-high", "ocp4-cis-node"} initialSchedule = &v2.Schedule{ Hour: 12, Minute: 0, @@ -179,9 +179,22 @@ func assertResourceDoesExist(ctx context.Context, t T, resourceName string, name func assertResourceWasUpdated(ctx context.Context, t T, resourceName string, namespace string, obj dynclient.Object) dynclient.Object { client := createDynamicClient(t) oldResourceVersion := obj.GetResourceVersion() - require.Eventually(t, func() bool { - return client.Get(ctx, types.NamespacedName{Name: resourceName, Namespace: namespace}, obj) == nil && obj.GetResourceVersion() != oldResourceVersion - }, 60*time.Second, 10*time.Millisecond) + timeout := time.NewTimer(60 * time.Second) + ticker := time.NewTicker(10 * time.Millisecond) + for { + select { + case <-ticker.C: + if client.Get(ctx, types.NamespacedName{Name: resourceName, Namespace: namespace}, obj) == nil && obj.GetResourceVersion() != oldResourceVersion { + return obj + } + case <-timeout.C: + // Timing-out in here does not necessarily indicate that the + // resource was not updated as the retrieval and assertion of the + // resource can race. + t.Logf("Timeout before we got a new resource version for %s %s (this might be ok)", obj.GetObjectKind().GroupVersionKind().String(), resourceName) + return obj + } + } return obj } diff --git a/tests/e2e/run-e2e-tests.sh b/tests/e2e/run-e2e-tests.sh index c77701afe82be..b03d0b0cd6e67 100755 --- a/tests/e2e/run-e2e-tests.sh +++ b/tests/e2e/run-e2e-tests.sh @@ -148,7 +148,7 @@ if [[ ! -f "/i-am-rox-ci-image" ]]; then --platform linux/amd64 \ --rm -it \ --entrypoint="$0" \ - quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 "$@" + quay.io/stackrox-io/apollo-ci:stackrox-test-0.5.1 "$@" exit 0 fi diff --git a/tests/performance/scale/go.mod b/tests/performance/scale/go.mod index cdde1ed5dd629..47cafa6d21a43 100644 --- a/tests/performance/scale/go.mod +++ b/tests/performance/scale/go.mod @@ -1,6 +1,6 @@ module github.com/stackrox/stackrox/performance-scale-tests -go 1.24 +go 1.25 require ( github.com/cloud-bulldozer/go-commons v1.0.11 diff --git a/tests/roxctl/bats-tests/helpers.bash b/tests/roxctl/bats-tests/helpers.bash index 8b5ed298678a0..4d78a10446f5c 100644 --- a/tests/roxctl/bats-tests/helpers.bash +++ b/tests/roxctl/bats-tests/helpers.bash @@ -40,7 +40,7 @@ roxctl-development-cmd() { if [[ ! -x "${tmp_roxctl}/roxctl-dev" ]]; then _uname="$(luname)" mkdir -p "$tmp_roxctl" - make -s "cli-${_uname}" GOTAGS='' 2>&3 + make -s "roxctl-${_uname}" GOTAGS='' 2>&3 mv "bin/${_uname}_amd64/roxctl" "${tmp_roxctl}/roxctl-dev" fi echo "${tmp_roxctl}/roxctl-dev" @@ -56,7 +56,7 @@ roxctl-release-cmd() { if [[ ! -x "${tmp_roxctl}/roxctl-release" ]]; then _uname="$(luname)" mkdir -p "$tmp_roxctl" - make -s "cli-${_uname}" GOTAGS='release' 2>&3 + make -s "roxctl-${_uname}" GOTAGS='release' 2>&3 mv "bin/${_uname}_amd64/roxctl" "${tmp_roxctl}/roxctl-release" fi echo "${tmp_roxctl}/roxctl-release" diff --git a/tools/check-workflow-run/go.mod b/tools/check-workflow-run/go.mod index 977bbae834fea..eb58422b0e5d6 100644 --- a/tools/check-workflow-run/go.mod +++ b/tools/check-workflow-run/go.mod @@ -1,6 +1,6 @@ module github.com/stackrox/stackrox/tools/check-workflow-run -go 1.24 +go 1.25 require github.com/google/go-github/v61 v61.0.0 diff --git a/tools/generate-helpers/pg-table-bindings/singleton.go.tpl b/tools/generate-helpers/pg-table-bindings/singleton.go.tpl index fd1192b784c48..c54f864541ce6 100644 --- a/tools/generate-helpers/pg-table-bindings/singleton.go.tpl +++ b/tools/generate-helpers/pg-table-bindings/singleton.go.tpl @@ -112,31 +112,26 @@ func (s *storeImpl) Upsert(ctx context.Context, obj *{{.Type}}) error { } func (s *storeImpl) retryableUpsert(ctx context.Context, obj *{{.Type}}) error { - conn, release, err := s.acquireConn(ctx, ops.Get, "{{.TrimmedType}}") + tx, ctx, err := s.begin(ctx) if err != nil { - return err + return err } - defer release() - tx, err := conn.Begin(ctx) - if err != nil { - return err + if _, err := tx.Exec(ctx, deleteStmt); err != nil { + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from {{.Table}}") } - if _, err := tx.Exec(ctx, deleteStmt); err != nil { - return err - } - if err := {{ template "insertFunctionName" .Schema }}(ctx, tx, obj); err != nil { - if err := tx.Rollback(ctx); err != nil { - return err + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) } - return err - } - if err := tx.Commit(ctx); err != nil { - return err - } - return nil + return errors.Wrap(err, "inserting into {{.Table}}") + } + + return tx.Commit(ctx) } // Get returns the object, if it exists from the store. @@ -154,13 +149,7 @@ func (s *storeImpl) Get(ctx context.Context) (*{{.Type}}, bool, error) { } func (s *storeImpl) retryableGet(ctx context.Context) (*{{.Type}}, bool, error) { - conn, release, err := s.acquireConn(ctx, ops.Get, "{{.TrimmedType}}") - if err != nil { - return nil, false, err - } - defer release() - - row := conn.QueryRow(ctx, getStmt) + row := s.db.QueryRow(ctx, getStmt) var data []byte if err := row.Scan(&data); err != nil { return nil, false, pgutils.ErrNilIfNoRows(err) @@ -168,18 +157,13 @@ func (s *storeImpl) retryableGet(ctx context.Context) (*{{.Type}}, bool, error) var msg {{.Type}} if err := msg.UnmarshalVTUnsafe(data); err != nil { - return nil, false, err + return nil, false, err } return &msg, true, nil } -func (s *storeImpl) acquireConn(ctx context.Context, op ops.Op, typ string) (*postgres.Conn, func(), error) { - defer metrics.SetAcquireDBConnDuration(time.Now(), op, typ) - conn, err := s.db.Acquire(ctx) - if err != nil { - return nil, nil, err - } - return conn, conn.Release, nil +func (s *storeImpl) begin(ctx context.Context) (*postgres.Tx, context.Context, error) { + return postgres.GetTransaction(ctx, s.db) } // Delete removes the singleton from the store @@ -197,16 +181,18 @@ func (s *storeImpl) Delete(ctx context.Context) error { } func (s *storeImpl) retryableDelete(ctx context.Context) error { - conn, release, err := s.acquireConn(ctx, ops.Remove, "{{.TrimmedType}}") + tx, ctx, err := s.begin(ctx) if err != nil { - return err + return err } - defer release() - if _, err := conn.Exec(ctx, deleteStmt); err != nil { - return err + if _, err := tx.Exec(ctx, deleteStmt); err != nil { + if errTx := tx.Rollback(ctx); errTx != nil { + return errors.Wrapf(errTx, "rolling back transaction due to: %v", err) + } + return errors.Wrap(err, "deleting from {{.Table}}") } - return nil + return tx.Commit(ctx) } // Used for Testing diff --git a/tools/generate-helpers/pg-table-bindings/singleton_test.go.tpl b/tools/generate-helpers/pg-table-bindings/singleton_test.go.tpl index 8709202c1f4a2..47232886cc87f 100644 --- a/tools/generate-helpers/pg-table-bindings/singleton_test.go.tpl +++ b/tools/generate-helpers/pg-table-bindings/singleton_test.go.tpl @@ -87,3 +87,25 @@ func (s *{{$namePrefix}}StoreSuite) TestStore() { s.True(exists) protoassert.Equal(s.T(), {{$name}}, found{{.TrimmedType|upperCamelCase}}) } + +func (s *{{$namePrefix}}StoreSuite) TestGetWithTransactionContext() { + ctx := sac.WithAllAccess(context.Background()) + store := s.store + + {{$name}} := &{{.Type}}{} + s.NoError(testutils.FullInit({{$name}}, testutils.SimpleInitializer(), testutils.JSONFieldsFilter)) + s.NoError(store.Upsert(ctx, {{$name}})) + + // Create explicit transaction + tx, err := s.testDB.DB.Begin(ctx) + s.NoError(err) + defer tx.Rollback(ctx) + + // Pass transaction context to Get + txCtx := postgres.ContextWithTx(ctx, tx) + retrieved, exists, err := store.Get(txCtx) + + s.NoError(err) + s.True(exists) + protoassert.Equal(s.T(), {{$name}}, retrieved) +} diff --git a/tools/linters/go.mod b/tools/linters/go.mod index ba815aa98cd9b..e0b7f59dd9c81 100644 --- a/tools/linters/go.mod +++ b/tools/linters/go.mod @@ -1,6 +1,6 @@ module github.com/stackrox/stackrox/tools/linters -go 1.24.0 +go 1.25 require ( github.com/golangci/golangci-lint/v2 v2.5.0 diff --git a/tools/proto/go.mod b/tools/proto/go.mod index e0c7c7da89da2..2f14cce2bcd97 100644 --- a/tools/proto/go.mod +++ b/tools/proto/go.mod @@ -1,6 +1,6 @@ module github.com/stackrox/stackrox/tools/proto -go 1.24.0 +go 1.25 require ( github.com/bufbuild/buf v1.57.2 diff --git a/tools/test/go.mod b/tools/test/go.mod index d6fac5331845f..2bf3207be89da 100644 --- a/tools/test/go.mod +++ b/tools/test/go.mod @@ -1,6 +1,6 @@ module github.com/stackrox/stackrox/tools/test -go 1.24 +go 1.25 require ( github.com/jstemmer/go-junit-report/v2 v2.1.0 diff --git a/ui/apps/platform/package-lock.json b/ui/apps/platform/package-lock.json index a0c819f92a63e..7129720a4d9ad 100644 --- a/ui/apps/platform/package-lock.json +++ b/ui/apps/platform/package-lock.json @@ -43,15 +43,15 @@ "html2canvas": "1.0.0-rc.7", "initials": "^3.1.2", "js-base64": "^3.7.2", - "jspdf": "^3.0.2", - "jspdf-autotable": "^5.0.2", + "jspdf": "^4.0.0", + "jspdf-autotable": "^5.0.7", "lodash": "^4.17.21", "mobx": "^6.13.7", "mobx-react": "^7.6.0", "object-resolve-path": "^1.1.1", "pluralize": "^8.0.0", "prop-types": "^15.7.2", - "qs": "^6.14.0", + "qs": "^6.14.1", "raven-for-redux": "^1.3.1", "raven-js": "^3.27.0", "react": "^18.2.0", @@ -69,7 +69,7 @@ "react-redux": "^7.2.6", "react-responsive": "^9.0.2", "react-router-dom": "^5.3.4", - "react-router-dom-v5-compat": "^6.30.0", + "react-router-dom-v5-compat": "^6.30.3", "react-router-hash-link": "^2.4.3", "react-select": "^2.0.0", "react-spinners": "^0.10.4", @@ -134,6 +134,7 @@ "eslint-plugin-react-hooks": "^5.2.0", "eslint-plugin-testing-library": "^7.6.8", "globals": "^16.3.0", + "jsdom": "^20.0.3", "levenary": "^1.1.1", "mocha-junit-reporter": "^2.2.0", "mocha-multi-reporters": "^1.5.1", @@ -1910,9 +1911,9 @@ } }, "node_modules/@babel/runtime": { - "version": "7.28.2", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.2.tgz", - "integrity": "sha512-KHp2IflsnGywDjBWDkR9iEqiWSpc8GIi0lgTT3mOElT0PP1tG26P4tmFI2YvAdzgq9RGyoHZQEIEdZy6Ec5xCA==", + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.4.tgz", + "integrity": "sha512-Q/N6JNWvIvPnLDvjlE1OUBLPQHH6l3CltCEsHIujp45zQUSSh8K+gHnaEX45yAT1nyngnINhvWtzN+Nb9D8RAQ==", "license": "MIT", "engines": { "node": ">=6.9.0" @@ -1964,9 +1965,9 @@ } }, "node_modules/@cypress/request": { - "version": "3.0.8", - "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.8.tgz", - "integrity": "sha512-h0NFgh1mJmm1nr4jCwkGHwKneVYKghUyWe6TMNrk0B9zsjAJxpg8C4/+BAcmLgCPa1vj1V8rNUaILl+zYRUWBQ==", + "version": "3.0.10", + "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.10.tgz", + "integrity": "sha512-hauBrOdvu08vOsagkZ/Aju5XuiZx6ldsLfByg1htFeldhex+PeMrYauANzFsMJeAA0+dyPLbDoX2OYuvVoLDkQ==", "dev": true, "license": "Apache-2.0", "dependencies": { @@ -1976,14 +1977,14 @@ "combined-stream": "~1.0.6", "extend": "~3.0.2", "forever-agent": "~0.6.1", - "form-data": "~4.0.0", + "form-data": "~4.0.4", "http-signature": "~1.4.0", "is-typedarray": "~1.0.0", "isstream": "~0.1.2", "json-stringify-safe": "~5.0.1", "mime-types": "~2.1.19", "performance-now": "^2.1.0", - "qs": "6.14.0", + "qs": "~6.14.1", "safe-buffer": "^5.1.2", "tough-cookie": "^5.0.0", "tunnel-agent": "^0.6.0", @@ -3911,9 +3912,9 @@ } }, "node_modules/@remix-run/router": { - "version": "1.23.0", - "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.23.0.tgz", - "integrity": "sha512-O3rHJzAQKamUz1fvE0Qaw0xSFqsA/yafi2iqeE0pvdFtCO1viYx8QL6f3Ln/aCCTLxs68SLf0KPM9eSeM8yBnA==", + "version": "1.23.2", + "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.23.2.tgz", + "integrity": "sha512-Ic6m2U/rMjTkhERIa/0ZtXJP17QUi2CbWE7cqx4J58M8aA3QTfW+2UlQ4psvTX9IO1RfNVhK3pcpdjej7L+t2w==", "license": "MIT", "engines": { "node": ">=14.0.0" @@ -4371,8 +4372,6 @@ "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz", "integrity": "sha1-9UShSNOrNYAcH2M6dEH9h8LkhL8= sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==", "dev": true, - "optional": true, - "peer": true, "engines": { "node": ">= 10" } @@ -4865,9 +4864,9 @@ } }, "node_modules/@types/node-forge": { - "version": "1.3.13", - "resolved": "https://registry.npmjs.org/@types/node-forge/-/node-forge-1.3.13.tgz", - "integrity": "sha512-zePQJSW5QkwSHKRApqWCVKeKoSOt4xvEnLENZPjyvm9Ezdf/EyDeJM7jqLzOwjVICQQzvLZ63T55MKdJB5H6ww==", + "version": "1.3.14", + "resolved": "https://registry.npmjs.org/@types/node-forge/-/node-forge-1.3.14.tgz", + "integrity": "sha512-mhVF2BnD4BO+jtOp7z1CdzaK4mbuK0LLQYAvdOLqHTavxFNq4zA1EmYkpnFjP8HOUzedfQkRnp0E2ulSAYSzAw==", "dev": true, "license": "MIT", "dependencies": { @@ -6169,9 +6168,7 @@ "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.6.tgz", "integrity": "sha1-QbgPLIcdGWhiFrgjCSMc/Tyz0pE= sha512-j2afSsaIENvHZN2B8GOpF566vZ5WVk5opAiMTvWgaQT8DkbOqsTfvNAvHoRGU2zzP8cPoqys+xHTRDWW8L+/BA==", "deprecated": "Use your platform's native atob() and btoa() methods instead", - "dev": true, - "optional": true, - "peer": true + "dev": true }, "node_modules/abbrev": { "version": "1.1.1", @@ -6220,8 +6217,6 @@ "resolved": "https://registry.npmjs.org/acorn-globals/-/acorn-globals-7.0.1.tgz", "integrity": "sha1-Db8FxE+nyUMykUwCBm1b7/YsQMM= sha512-umOSDSDrfHbTNPuNpC2NSnnA3LUrqpevPb4T9jRx4MagXNS0rs+gwiTcAvqCRmsD6utzsrzNt+ebm00SNWiC3Q==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "acorn": "^8.1.0", "acorn-walk": "^8.0.2" @@ -6232,8 +6227,6 @@ "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.0.tgz", "integrity": "sha1-IJdmWvUP0M96LfzNK5Nolk5mVA8= sha512-FS7hV565M5l1R08MXqo8odwMTB02C2UqzB17RVgu9EyuYFBqJZ3/ZY97sQD5FewVu1UyDFc1yztUDrAwT0EypA==", "dev": true, - "optional": true, - "peer": true, "engines": { "node": ">=0.4.0" } @@ -6298,8 +6291,6 @@ "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", "integrity": "sha1-Sf/1hXfP7j83F2/qtMIuAPhtf3c= sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "debug": "4" }, @@ -7078,24 +7069,24 @@ "dev": true }, "node_modules/body-parser": { - "version": "1.20.3", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz", - "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==", + "version": "1.20.4", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz", + "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==", "dev": true, "license": "MIT", "dependencies": { - "bytes": "3.1.2", + "bytes": "~3.1.2", "content-type": "~1.0.5", "debug": "2.6.9", "depd": "2.0.0", - "destroy": "1.2.0", - "http-errors": "2.0.0", - "iconv-lite": "0.4.24", - "on-finished": "2.4.1", - "qs": "6.13.0", - "raw-body": "2.5.2", + "destroy": "~1.2.0", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "on-finished": "~2.4.1", + "qs": "~6.14.0", + "raw-body": "~2.5.3", "type-is": "~1.6.18", - "unpipe": "1.0.0" + "unpipe": "~1.0.0" }, "engines": { "node": ">= 0.8", @@ -7112,6 +7103,27 @@ "ms": "2.0.0" } }, + "node_modules/body-parser/node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, "node_modules/body-parser/node_modules/iconv-lite": { "version": "0.4.24", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", @@ -7132,20 +7144,14 @@ "dev": true, "license": "MIT" }, - "node_modules/body-parser/node_modules/qs": { - "version": "6.13.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz", - "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==", + "node_modules/body-parser/node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", "dev": true, - "license": "BSD-3-Clause", - "dependencies": { - "side-channel": "^1.0.6" - }, + "license": "MIT", "engines": { - "node": ">=0.6" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" + "node": ">= 0.8" } }, "node_modules/bonjour-service": { @@ -8212,17 +8218,13 @@ "version": "0.5.0", "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.5.0.tgz", "integrity": "sha1-0lT6ks2Lb72DgRufuu00ZjzBfDY= sha512-iKuQcq+NdHqlAcwUY0o/HL69XQrUaQdMjmStJ8JFmUaiiQErlhrmuigkg/CU4E2J0IyUKUrMAgl36TvN67MqTw==", - "dev": true, - "optional": true, - "peer": true + "dev": true }, "node_modules/cssstyle": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-2.3.0.tgz", "integrity": "sha1-/2ZaDdvcMYZLCWR/NBY0Q9kLCFI= sha512-AZL67abkUzIuvcHqk7c09cezpGNcxUxU4Ioi/05xHk4DQeTkWmGYftIE6ctU6AEt+Gn4n1lDStOtj7FKycP71A==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "cssom": "~0.3.6" }, @@ -8234,9 +8236,7 @@ "version": "0.3.8", "resolved": "https://registry.npmjs.org/cssom/-/cssom-0.3.8.tgz", "integrity": "sha1-nxJ29bK0Y/IRTT8sdSUK+MGjb0o= sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==", - "dev": true, - "optional": true, - "peer": true + "dev": true }, "node_modules/csstype": { "version": "2.6.6", @@ -8743,11 +8743,6 @@ "node": ">=12" } }, - "node_modules/d3-scale/node_modules/d3-format": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/d3-format/-/d3-format-2.0.0.tgz", - "integrity": "sha1-oQvMD5hsNytym6RHOCQTqr9bB2c= sha512-Ab3S6XuE/Q+flY96HXT0jOXcM4EAClYFnRGY5zsjRGNy6qCYrQsMffs7cV5Q9xejb35zxW5hf/guKw34kvIKsA==" - }, "node_modules/d3-selection": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/d3-selection/-/d3-selection-3.0.0.tgz", @@ -8852,52 +8847,6 @@ "node": ">=12" } }, - "node_modules/d3/node_modules/d3-color": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz", - "integrity": "sha1-OVsoM9+scVB/EqwvevI7+BneJOI= sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA==", - "engines": { - "node": ">=12" - } - }, - "node_modules/d3/node_modules/d3-contour": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/d3-contour/-/d3-contour-4.0.2.tgz", - "integrity": "sha1-u5IGO8jFZjrLJCL5nHPLtsauO8w= sha512-4EzFTRIikzs47RGmdxbeUvLWtGedDUNkTcmzoeyg4sP/dvCexO47AaQL7VKy/gul85TOxw+IBgA8US2xwbToNA==", - "dependencies": { - "d3-array": "^3.2.0" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/d3/node_modules/d3-format": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/d3-format/-/d3-format-3.1.0.tgz", - "integrity": "sha1-kmDiOijqXLEJ6TshoG4k4uvVVkE= sha512-YyUI6AEuY/Wpt8KWLgZHsIU86atmikuoOmCfommt0LYHiQSPjvX2AcFc38PX0CBpr2RCyZhjex+NS/LPOv6YqA==", - "engines": { - "node": ">=12" - } - }, - "node_modules/d3/node_modules/d3-geo": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/d3-geo/-/d3-geo-3.1.1.tgz", - "integrity": "sha1-YCfPUSRvmy69ZPmeAdx8M2QDOk0= sha512-637ln3gXKXOwhalDzinUgY83KzNWZRKbYubaG+fGVuc/dxO64RRljtCTnf5ecMyE1RIdtqpkVcq0IbtU2S8j2Q==", - "dependencies": { - "d3-array": "2.5.0 - 3" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/d3/node_modules/d3-hierarchy": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/d3-hierarchy/-/d3-hierarchy-3.1.2.tgz", - "integrity": "sha1-sBzULB7tPUbbd6WWbPcm+MCRYMY= sha512-FX/9frcub54beBdugHjDCdikxThEqjnR93Qt7PvQTOHxyiNCAlvMrHhclk3cD5VeAaq9fxmfRp+CnWw9rEMBuA==", - "engines": { - "node": ">=12" - } - }, "node_modules/d3/node_modules/d3-path": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/d3-path/-/d3-path-3.1.0.tgz", @@ -8944,8 +8893,6 @@ "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-3.0.2.tgz", "integrity": "sha1-nPJKR3riK871zV9vC/vB0tO+kUM= sha512-Jy/tj3ldjZJo63sVAvg6LHt2mHvl4V6AgRAmNDtLdm7faqtsx+aJG42rsyCo9JCoRVKwPFzKlIPx3DIibwSIaQ==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "abab": "^2.0.6", "whatwg-mimetype": "^3.0.0", @@ -9054,9 +9001,7 @@ "version": "10.4.3", "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.4.3.tgz", "integrity": "sha1-EEQJKITSRdG39lcl+krUxveBzCM= sha512-VBBaLc1MgL5XpzgIP7ny5Z6Nx3UrRkIViUkPUdtl9aya5amy3De1gsUUSB1g3+3sExYNjCAsAznmukyxCb1GRA==", - "dev": true, - "optional": true, - "peer": true + "dev": true }, "node_modules/decko": { "version": "1.2.0", @@ -9362,8 +9307,6 @@ "integrity": "sha1-StG+VsytyG/HbQMzU5magDfQNnM= sha512-A2is4PLG+eeSfoTMA95/s4pvAoSo2mKtiM5jlHkAVewmiO8ISFTFKZjH7UAM1Atli/OT/7JHOrJRJiMKUZKYBw==", "deprecated": "Use your platform's native DOMException instead", "dev": true, - "optional": true, - "peer": true, "dependencies": { "webidl-conversions": "^7.0.0" }, @@ -9774,8 +9717,6 @@ "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-2.1.0.tgz", "integrity": "sha1-upO7t6Q5htKdYEH5n1Ji2nc+Lhc= sha512-2NlIDTwUWJN0mRPQOdtQBzbUHvdGY2P1VXSyU83Q3xKxM7WHX2Ql8dKq782Q9TgQUNOLEzEYu9bzLNj1q88I5w==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "esprima": "^4.0.1", "estraverse": "^5.2.0", @@ -10112,18 +10053,6 @@ "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0" } }, - "node_modules/eslint-plugin-react/node_modules/minimatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "integrity": "sha1-Gc0ZS/0+Qo8EmnCBfAONiatL41s= sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", - "dev": true, - "dependencies": { - "brace-expansion": "^1.1.7" - }, - "engines": { - "node": "*" - } - }, "node_modules/eslint-plugin-react/node_modules/resolve": { "version": "2.0.0-next.5", "resolved": "https://registry.npmjs.org/resolve/-/resolve-2.0.0-next.5.tgz", @@ -10394,40 +10323,40 @@ } }, "node_modules/express": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", - "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", + "version": "4.22.1", + "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz", + "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==", "dev": true, "license": "MIT", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", - "body-parser": "1.20.3", - "content-disposition": "0.5.4", + "body-parser": "~1.20.3", + "content-disposition": "~0.5.4", "content-type": "~1.0.4", - "cookie": "0.7.1", - "cookie-signature": "1.0.6", + "cookie": "~0.7.1", + "cookie-signature": "~1.0.6", "debug": "2.6.9", "depd": "2.0.0", "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "etag": "~1.8.1", - "finalhandler": "1.3.1", - "fresh": "0.5.2", - "http-errors": "2.0.0", + "finalhandler": "~1.3.1", + "fresh": "~0.5.2", + "http-errors": "~2.0.0", "merge-descriptors": "1.0.3", "methods": "~1.1.2", - "on-finished": "2.4.1", + "on-finished": "~2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.12", + "path-to-regexp": "~0.1.12", "proxy-addr": "~2.0.7", - "qs": "6.13.0", + "qs": "~6.14.0", "range-parser": "~1.2.1", "safe-buffer": "5.2.1", - "send": "0.19.0", - "serve-static": "1.16.2", + "send": "~0.19.0", + "serve-static": "~1.16.2", "setprototypeof": "1.2.0", - "statuses": "2.0.1", + "statuses": "~2.0.1", "type-is": "~1.6.18", "utils-merge": "1.0.1", "vary": "~1.1.2" @@ -10464,22 +10393,6 @@ "dev": true, "license": "MIT" }, - "node_modules/express/node_modules/qs": { - "version": "6.13.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz", - "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==", - "dev": true, - "license": "BSD-3-Clause", - "dependencies": { - "side-channel": "^1.0.6" - }, - "engines": { - "node": ">=0.6" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, "node_modules/extend": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", @@ -11666,8 +11579,6 @@ "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-3.0.0.tgz", "integrity": "sha1-LLGozw21JBR3blsqegTV3ZgVjek= sha512-oWv4T4yJ52iKrufjnyZPkrN0CH3QnrUqdB6In1g5Fe1mia8GmF36gnfNySxoZtxD5+NmYw1EElVXiBk93UeskA==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "whatwg-encoding": "^2.0.0" }, @@ -11761,8 +11672,6 @@ "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz", "integrity": "sha1-USmAAgNSDUNPFCvHj/PBcIAPK0M= sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "@tootallnate/once": "2", "agent-base": "6", @@ -11829,8 +11738,6 @@ "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", "integrity": "sha1-xZ7yJKBP6LdU89sAY6Jeow0ABdY= sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "agent-base": "6", "debug": "4" @@ -12580,9 +12487,7 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz", "integrity": "sha1-Fx7W8Z46xVQ5Tt94yqBXhKRb67U= sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==", - "dev": true, - "optional": true, - "peer": true + "dev": true }, "node_modules/is-promise": { "version": "2.1.0", @@ -12969,8 +12874,6 @@ "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-20.0.3.tgz", "integrity": "sha1-iGpBuh1HJvZ6iFgCjJlIn+1q1Ns= sha512-SYhBvTh89tTfCD/CRdSOm13mOBa42iTaTyfyEWBdKcGdPxPtLFBXuHR8XHb33YNYaP+lLbmSvBTsnoesCNJEsQ==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "abab": "^2.0.6", "acorn": "^8.8.1", @@ -13017,8 +12920,6 @@ "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==", "dev": true, "license": "MIT", - "optional": true, - "peer": true, "dependencies": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", @@ -13119,12 +13020,12 @@ } }, "node_modules/jspdf": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/jspdf/-/jspdf-3.0.2.tgz", - "integrity": "sha512-G0fQDJ5fAm6UW78HG6lNXyq09l0PrA1rpNY5i+ly17Zb1fMMFSmS+3lw4cnrAPGyouv2Y0ylujbY2Ieq3DSlKA==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/jspdf/-/jspdf-4.0.0.tgz", + "integrity": "sha512-w12U97Z6edKd2tXDn3LzTLg7C7QLJlx0BPfM3ecjK2BckUl9/81vZ+r5gK4/3KQdhAcEZhENUxRhtgYBj75MqQ==", "license": "MIT", "dependencies": { - "@babel/runtime": "^7.26.9", + "@babel/runtime": "^7.28.4", "fast-png": "^6.2.0", "fflate": "^0.8.1" }, @@ -13136,11 +13037,12 @@ } }, "node_modules/jspdf-autotable": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/jspdf-autotable/-/jspdf-autotable-5.0.2.tgz", - "integrity": "sha512-YNKeB7qmx3pxOLcNeoqAv3qTS7KuvVwkFe5AduCawpop3NOkBUtqDToxNc225MlNecxT4kP2Zy3z/y/yvGdXUQ==", + "version": "5.0.7", + "resolved": "https://registry.npmjs.org/jspdf-autotable/-/jspdf-autotable-5.0.7.tgz", + "integrity": "sha512-2wr7H6liNDBYNwt25hMQwXkEWFOEopgKIvR1Eukuw6Zmprm/ZcnmLTQEjW7Xx3FCbD3v7pflLcnMAv/h1jFDQw==", + "license": "MIT", "peerDependencies": { - "jspdf": "^2 || ^3" + "jspdf": "^2 || ^3 || ^4" } }, "node_modules/jsprim": { @@ -14419,9 +14321,9 @@ } }, "node_modules/node-forge": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", - "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==", + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.3.tgz", + "integrity": "sha512-rLvcdSyRCyouf6jcOIPe/BgwG/d7hKjzMKOas33/pHEr6gbq18IK9zV7DiPvzsz0oBJPme6qr6H6kGZuI9/DZg==", "dev": true, "license": "(BSD-3-Clause OR GPL-2.0)", "engines": { @@ -14515,9 +14417,7 @@ "version": "2.2.7", "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.7.tgz", "integrity": "sha1-c44HB9MSjLdQ3dz+kORhBILfDzA= sha512-ub5E4+FBPKwAZx0UwIQOjYWGHTEq5sPqHQNRN8Z9e4A7u3Tj1weLJsL59yH9vmvqEtBHaOmT6cYQKIZOxp35FQ==", - "dev": true, - "optional": true, - "peer": true + "dev": true }, "node_modules/oas-kit-common": { "version": "1.0.8", @@ -15019,8 +14919,6 @@ "resolved": "https://registry.npmjs.org/parse5/-/parse5-7.1.2.tgz", "integrity": "sha1-Bza+u/13eTgjJAojt/xeAQt/jjI= sha512-Czj1WaSVpaoj0wbhMzLmWD69anp2WH7FXMB9n1Sy8/ZFF9jolSQVMu1Ij5WIyGmcBmhk7EOndpO4mIpihVqAXw==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "entities": "^4.4.0" }, @@ -15033,8 +14931,6 @@ "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", "integrity": "sha1-XSaOpecRPsdMTQM7eepaNaSI+0g= sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", "dev": true, - "optional": true, - "peer": true, "engines": { "node": ">=0.12" }, @@ -15814,9 +15710,7 @@ "version": "1.9.0", "resolved": "https://registry.npmjs.org/psl/-/psl-1.9.0.tgz", "integrity": "sha1-0N8qE38AeUVl/K87LADNCfjVpac= sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==", - "dev": true, - "optional": true, - "peer": true + "dev": true }, "node_modules/pump": { "version": "3.0.0", @@ -15853,9 +15747,9 @@ } }, "node_modules/qs": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", - "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==", + "version": "6.14.1", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz", + "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==", "license": "BSD-3-Clause", "dependencies": { "side-channel": "^1.1.0" @@ -15871,9 +15765,7 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz", "integrity": "sha1-M0WUG0FTy50ILY7uTNogFqmu9/Y= sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==", - "dev": true, - "optional": true, - "peer": true + "dev": true }, "node_modules/queue-microtask": { "version": "1.2.3", @@ -15937,21 +15829,42 @@ "deprecated": "Please upgrade to @sentry/browser. See the migration guide https://bit.ly/3ybOlo7" }, "node_modules/raw-body": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", - "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", + "version": "2.5.3", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz", + "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==", "dev": true, "license": "MIT", "dependencies": { - "bytes": "3.1.2", - "http-errors": "2.0.0", - "iconv-lite": "0.4.24", - "unpipe": "1.0.0" + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "unpipe": "~1.0.0" }, "engines": { "node": ">= 0.8" } }, + "node_modules/raw-body/node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, "node_modules/raw-body/node_modules/iconv-lite": { "version": "0.4.24", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", @@ -15965,6 +15878,16 @@ "node": ">=0.10.0" } }, + "node_modules/raw-body/node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/react": { "version": "18.2.0", "resolved": "https://registry.npmjs.org/react/-/react-18.2.0.tgz", @@ -16368,14 +16291,14 @@ } }, "node_modules/react-router-dom-v5-compat": { - "version": "6.30.0", - "resolved": "https://registry.npmjs.org/react-router-dom-v5-compat/-/react-router-dom-v5-compat-6.30.0.tgz", - "integrity": "sha512-MAVRASbdQ3+ZOTPPjAa7jKcF0F9LkHWKB/iib3hf+jzzIazL4GEpMDDdTswCsqRQNU+zNnT3qD0WiNbzJ6ncPw==", + "version": "6.30.3", + "resolved": "https://registry.npmjs.org/react-router-dom-v5-compat/-/react-router-dom-v5-compat-6.30.3.tgz", + "integrity": "sha512-WWZtwGYyoaeUDNrhzzDkh4JvN5nU0MIz80Dxim6pznQrfS+dv0mvtVoHTA6HlUl/OiJl7WWjbsQwjTnYXejEHg==", "license": "MIT", "dependencies": { - "@remix-run/router": "1.23.0", + "@remix-run/router": "1.23.2", "history": "^5.3.0", - "react-router": "6.30.0" + "react-router": "6.30.3" }, "engines": { "node": ">=14.0.0" @@ -16396,12 +16319,12 @@ } }, "node_modules/react-router-dom-v5-compat/node_modules/react-router": { - "version": "6.30.0", - "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.30.0.tgz", - "integrity": "sha512-D3X8FyH9nBcTSHGdEKurK7r8OYE1kKFn3d/CF+CoxbSHkxU7o37+Uh7eAHRXr6k2tSExXYO++07PeXJtA/dEhQ==", + "version": "6.30.3", + "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.30.3.tgz", + "integrity": "sha512-XRnlbKMTmktBkjCLE8/XcZFlnHvr2Ltdr1eJX4idL55/9BbORzyZEaIkBFDhFGCEWBBItsVrDxwx3gnisMitdw==", "license": "MIT", "dependencies": { - "@remix-run/router": "1.23.0" + "@remix-run/router": "1.23.2" }, "engines": { "node": ">=14.0.0" @@ -17376,8 +17299,6 @@ "resolved": "https://registry.npmjs.org/saxes/-/saxes-6.0.0.tgz", "integrity": "sha1-/ltKR2jfTxSiAbG6amXB89mYjMU= sha512-xAg7SOnEhrm5zI3puOOKyy1OMcMlIJZYNJY7xLBwSze0UjhPLnWfj2GF2EpT0jmzaJKIWKHLsaSSajf35bcYnA==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "xmlchars": "^2.2.0" }, @@ -18555,9 +18476,7 @@ "version": "3.2.4", "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz", "integrity": "sha1-QwY30ki6d+B4iDlR+5qg7tfGP6I= sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==", - "dev": true, - "optional": true, - "peer": true + "dev": true }, "node_modules/synckit": { "version": "0.11.8", @@ -18942,8 +18861,6 @@ "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz", "integrity": "sha1-l7mtsHKLQigKo9gUtrmZsv8DGL8= sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "psl": "^1.1.33", "punycode": "^2.1.1", @@ -18959,8 +18876,6 @@ "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz", "integrity": "sha1-ZFF2BWb6hXU0dFqx3elS0bF2G+A= sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==", "dev": true, - "optional": true, - "peer": true, "engines": { "node": ">= 4.0.0" } @@ -18970,8 +18885,6 @@ "resolved": "https://registry.npmjs.org/tr46/-/tr46-3.0.0.tgz", "integrity": "sha1-VVxOKXqVBhfo7t3vYzyH1NnWy/k= sha512-l7FvfAHlcmulp8kr+flpQZmVwtu7nfRV7NZujtN0OqES8EL4O4e0qqzL0DC5gAvx/ZC/9lk6rhcUwYvkBnBnYA==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "punycode": "^2.1.1" }, @@ -19437,8 +19350,6 @@ "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", "integrity": "sha1-nTwvc2wddd070r5QfcwRHx4uqcE= sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "querystringify": "^2.1.1", "requires-port": "^1.0.0" @@ -20482,8 +20393,6 @@ "resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-4.0.0.tgz", "integrity": "sha1-rr3ISSDYBiIpNuPNzkCOMkiKMHM= sha512-d+BFHzbiCx6zGfz0HyQ6Rg69w9k19nviJspaj4yNscGjrHu94sVP+aRm75yEbCh+r2/yR+7q6hux9LVtbuTGBw==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "xml-name-validator": "^4.0.0" }, @@ -20571,8 +20480,6 @@ "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-7.0.0.tgz", "integrity": "sha1-JWtOGIK+feu/AdBfCqIDl3jqCAo= sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==", "dev": true, - "optional": true, - "peer": true, "engines": { "node": ">=12" } @@ -20843,8 +20750,6 @@ "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-2.0.0.tgz", "integrity": "sha1-52NfWX/YcCCFhiaAWicp+naYrFM= sha512-p41ogyeMUrw3jWclHWTQg1k05DSVXPLcVxRTYsXUk+ZooOCZLcoYgPZ/HL/D/N+uQPOtcp1me1WhBEaX02mhWg==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "iconv-lite": "0.6.3" }, @@ -20857,8 +20762,6 @@ "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-3.0.0.tgz", "integrity": "sha1-X6GnYjhn/xr2yj3HKta4pCCL66c= sha512-nt+N2dzIutVRxARx1nghPKGv1xHikU7HKdfafKkLNLindmPU/ch3U31NOCGGA/dmPcmb1VlofO0vnKAcsm0o/Q==", "dev": true, - "optional": true, - "peer": true, "engines": { "node": ">=12" } @@ -20868,8 +20771,6 @@ "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-11.0.0.tgz", "integrity": "sha1-CoSe67X68hGbkBu3b9eVwoSNQBg= sha512-RKT8HExMpoYx4igMiVMY83lN6UeITKJlBQ+vR/8ZJ8OCdSiN3RwCq+9gH0+Xzj0+5IrM6i4j/6LuvzbZIQgEcQ==", "dev": true, - "optional": true, - "peer": true, "dependencies": { "tr46": "^3.0.0", "webidl-conversions": "^7.0.0" @@ -21105,8 +21006,6 @@ "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-4.0.0.tgz", "integrity": "sha1-eaAG4uYxSahgDxVDDwpHJdFSSDU= sha512-ICP2e+jsHvAj2E2lIHxa5tjXRlKDJo4IdvPvCXbXQGdzSfmSpNVyIKMvoZHjDY9DP0zV17iI85o90vRFXNccRw==", "dev": true, - "optional": true, - "peer": true, "engines": { "node": ">=12" } @@ -21115,9 +21014,7 @@ "version": "2.2.0", "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz", "integrity": "sha1-Bg/hvLf5x2/ioX24apvDq4lCEMs= sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==", - "dev": true, - "optional": true, - "peer": true + "dev": true }, "node_modules/xtend": { "version": "4.0.2", diff --git a/ui/apps/platform/package.json b/ui/apps/platform/package.json index bbad0d02278b0..1158c28090eb7 100644 --- a/ui/apps/platform/package.json +++ b/ui/apps/platform/package.json @@ -46,15 +46,15 @@ "html2canvas": "1.0.0-rc.7", "initials": "^3.1.2", "js-base64": "^3.7.2", - "jspdf": "^3.0.2", - "jspdf-autotable": "^5.0.2", + "jspdf": "^4.0.0", + "jspdf-autotable": "^5.0.7", "lodash": "^4.17.21", "mobx": "^6.13.7", "mobx-react": "^7.6.0", "object-resolve-path": "^1.1.1", "pluralize": "^8.0.0", "prop-types": "^15.7.2", - "qs": "^6.14.0", + "qs": "^6.14.1", "raven-for-redux": "^1.3.1", "raven-js": "^3.27.0", "react": "^18.2.0", @@ -72,7 +72,7 @@ "react-redux": "^7.2.6", "react-responsive": "^9.0.2", "react-router-dom": "^5.3.4", - "react-router-dom-v5-compat": "^6.30.0", + "react-router-dom-v5-compat": "^6.30.3", "react-router-hash-link": "^2.4.3", "react-select": "^2.0.0", "react-spinners": "^0.10.4", @@ -163,6 +163,7 @@ "eslint-plugin-testing-library": "^7.6.8", "globals": "^16.3.0", "levenary": "^1.1.1", + "jsdom": "^20.0.3", "mocha-junit-reporter": "^2.2.0", "mocha-multi-reporters": "^1.5.1", "node-fetch": "^2.6.1", diff --git a/ui/apps/platform/src/Components/WorkflowPDFExportButton.jsx b/ui/apps/platform/src/Components/WorkflowPDFExportButton.jsx index 5436dc21e7b89..9a7dd2043ad92 100644 --- a/ui/apps/platform/src/Components/WorkflowPDFExportButton.jsx +++ b/ui/apps/platform/src/Components/WorkflowPDFExportButton.jsx @@ -1,14 +1,18 @@ import React, { Component } from 'react'; import PropTypes from 'prop-types'; import html2canvas from 'html2canvas'; -import jsPDF from 'jspdf'; -import 'jspdf-autotable'; +import { jsPDF } from 'jspdf'; +import { applyPlugin } from 'jspdf-autotable'; import computedStyleToInlineStyle from 'computed-style-to-inline-style'; import { Button } from '@patternfly/react-core'; import { getDate } from 'utils/dateUtils'; import { enhanceWordBreak } from 'utils/pdfUtils'; import { getProductBranding } from 'constants/productBranding'; +import logError from 'utils/logError'; + +// Register the AutoTable plugin with jsPDF +applyPlugin(jsPDF); const printClassName = 'pdf-page'; const imagesClassName = 'pdf-page-image'; @@ -212,75 +216,80 @@ class WorkflowPDFExportButton extends Component { } setTimeout(() => { - Promise.all(this.beforePDFPrinting()).then((canvases) => { - const printClonedElements = Array.from( - element.getElementsByClassName('clonedNode') - ); - const header = document.getElementById('pdf-header'); - canvases.forEach((canvas, index) => { - const isWidgetsView = - id.includes('capture-dashboard') || id.includes('capture-widgets'); - const imgData = canvas.toDataURL('image/jpeg'); - if (isWidgetsView && index > 0) { - imgWidth = canvas.classList.contains('pdf-stretch') - ? (WIDGET_WIDTH + paddingX) * 2 - : WIDGET_WIDTH; - } - const imgHeight = (canvas.height * imgWidth) / canvas.width; - - // for PDF page header - if (index === 0) { - doc.addImage( - imgData, - 'jpg', - positionX, - positionY, - imgWidth, - imgHeight, - `Image${index}`, - 'FAST' - ); - positionY = imgHeight + paddingY; - remainingHeight -= imgHeight; - } else { - if (isWidgetsView) { - if (id === 'capture-dashboard' || id === 'capture-widgets') { - drawPDF(imgHeight, imgWidth, index, imgData, canvases); - } else { - drawStretchPDF(imgHeight, index, imgData); - } + Promise.all(this.beforePDFPrinting()) + .then((canvases) => { + const printClonedElements = Array.from( + element.getElementsByClassName('clonedNode') + ); + const header = document.getElementById('pdf-header'); + canvases.forEach((canvas, index) => { + const isWidgetsView = + id.includes('capture-dashboard') || id.includes('capture-widgets'); + const imgData = canvas.toDataURL('image/jpeg'); + if (isWidgetsView && index > 0) { + imgWidth = canvas.classList.contains('pdf-stretch') + ? (WIDGET_WIDTH + paddingX) * 2 + : WIDGET_WIDTH; } - if (id === 'capture-list') { + const imgHeight = (canvas.height * imgWidth) / canvas.width; + + // for PDF page header + if (index === 0) { doc.addImage( imgData, - 'JPEG', + 'jpg', positionX, positionY, imgWidth, - imgHeight + imgHeight, + `Image${index}`, + 'FAST' ); - positionY += imgHeight; - this.drawTable(positionY, doc); + positionY = imgHeight + paddingY; + remainingHeight -= imgHeight; + } else { + if (isWidgetsView) { + if (id === 'capture-dashboard' || id === 'capture-widgets') { + drawPDF(imgHeight, imgWidth, index, imgData, canvases); + } else { + drawStretchPDF(imgHeight, index, imgData); + } + } + if (id === 'capture-list') { + doc.addImage( + imgData, + 'JPEG', + positionX, + positionY, + imgWidth, + imgHeight + ); + positionY += imgHeight; + this.drawTable(positionY, doc); + } } - } - }); + }); - // only header and table - if (canvases.length === 1) { - if (id === 'capture-list') { - this.drawTable(positionY, doc); + // only header and table + if (canvases.length === 1) { + if (id === 'capture-list') { + this.drawTable(positionY, doc); + } } - } - Array.from(imgElements).forEach((el, index) => { - printElements[index].className = - printClonedElements[index].getAttribute('data-class-name'); - el.parentNode.removeChild(printClonedElements[index]); - el.parentNode.removeChild(el); + Array.from(imgElements).forEach((el, index) => { + printElements[index].className = + printClonedElements[index].getAttribute('data-class-name'); + el.parentNode.removeChild(printClonedElements[index]); + el.parentNode.removeChild(el); + }); + element.removeChild(header); + doc.save(`${fileName}.pdf`); + setIsExporting(false); + }) + .catch((error) => { + logError(error); + setIsExporting(false); }); - element.removeChild(header); - doc.save(`${fileName}.pdf`); - setIsExporting(false); - }); }, 0); }; diff --git a/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx b/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx index 0fd7546df494d..65192d2d4a3ba 100644 --- a/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx +++ b/ui/apps/platform/src/Containers/ConfigManagement/Entity/ConfigManagementEntityImage.jsx @@ -69,11 +69,11 @@ const ConfigManagementEntityImage = ({ tag } scan { - components { + imageComponents { name layerIndex version - vulns { + imageVulnerabilities { cve cvss link @@ -162,9 +162,14 @@ const ConfigManagementEntityImage = ({ layers.forEach((layer, i) => { layers[i].components = []; }); - scan.components.forEach((component) => { + scan.imageComponents.forEach((component) => { if (component.layerIndex !== undefined && layers[component.layerIndex]) { - layers[component.layerIndex].components.push(component); + // Transform imageVulnerabilities to vulns for CVETable compatibility + const transformedComponent = { + ...component, + vulns: component.imageVulnerabilities || [], + }; + layers[component.layerIndex].components.push(transformedComponent); } }); diff --git a/ui/apps/platform/src/Containers/Policies/Wizard/Step3/policyCriteriaDescriptors.tsx b/ui/apps/platform/src/Containers/Policies/Wizard/Step3/policyCriteriaDescriptors.tsx index 3dbfcb5805f7f..94ab74d03167d 100644 --- a/ui/apps/platform/src/Containers/Policies/Wizard/Step3/policyCriteriaDescriptors.tsx +++ b/ui/apps/platform/src/Containers/Policies/Wizard/Step3/policyCriteriaDescriptors.tsx @@ -1389,17 +1389,6 @@ export const policyCriteriaDescriptors: Descriptor[] = [ canBooleanLogic: false, lifecycleStages: ['RUNTIME'], }, - { - label: 'Kubernetes API verb', - name: 'Kubernetes API Verb', - shortName: 'Kubernetes API verb', - category: policyCriteriaCategories.USER_ISSUED_CONTAINER_COMMANDS, - type: 'select', - placeholder: 'Select an API verb', - options: [{ label: 'CREATE', value: 'CREATE' }], - canBooleanLogic: false, - lifecycleStages: ['RUNTIME'], - }, { label: 'Kubernetes user name', name: 'Kubernetes User Name', diff --git a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx index 2ac84a0d17323..c4b83db70c277 100644 --- a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx +++ b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtEntityImage.jsx @@ -67,7 +67,7 @@ const VulnMgmtEntityImage = ({ name } notes - components: imageComponents { + imageComponents { id priority name @@ -75,7 +75,7 @@ const VulnMgmtEntityImage = ({ version source location - vulns: imageVulnerabilities { + imageVulnerabilities { ...cveFields } } diff --git a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx index d947307984269..2b09743811ec7 100644 --- a/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx +++ b/ui/apps/platform/src/Containers/VulnMgmt/Entity/Image/VulnMgmtImageOverview.jsx @@ -36,7 +36,7 @@ const emptyImage = { name: {}, priority: 0, scan: { - components: [], + imageComponents: [], }, topVuln: {}, vulnCount: 0, @@ -46,31 +46,35 @@ const VulnMgmtImageOverview = ({ data, entityContext }) => { // guard against incomplete GraphQL-cached data const safeData = { ...emptyImage, ...data }; const { metadata, scan, topVuln, priority, notes } = safeData; - safeData.componentCount = scan?.components?.length || 0; + safeData.componentCount = scan?.imageComponents?.length || 0; - // TODO: replace this hack with feature flag selection of components or imageComponents, - // after `layerIndex` is available on ImageComponent - safeData.imageComponentCount = scan?.components?.length || 0; + // Updated to use imageComponents now that layerIndex is available on ImageComponent + safeData.imageComponentCount = scan?.imageComponents?.length || 0; const layers = metadata ? cloneDeep(metadata.v1.layers) : []; const fixableCves = []; // If we have a scan, then we can try and assume we have layers - if (scan) { + if (scan && scan.imageComponents) { layers.forEach((layer, i) => { layers[i].components = []; layers[i].cvesCount = 0; }); - scan.components.forEach((component) => { - component.vulns.forEach((cve) => { + scan.imageComponents.forEach((component) => { + component.imageVulnerabilities.forEach((cve) => { if (cve.isFixable) { fixableCves.push(cve); } }); if (component.layerIndex !== undefined && layers[component.layerIndex]) { - layers[component.layerIndex].components.push(component); - layers[component.layerIndex].cvesCount += component.vulns.length; + // Transform imageVulnerabilities to vulns for CVETable compatibility + const transformedComponent = { + ...component, + vulns: component.imageVulnerabilities || [], + }; + layers[component.layerIndex].components.push(transformedComponent); + layers[component.layerIndex].cvesCount += component.imageVulnerabilities.length; } }); } diff --git a/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/Overview/VirtualMachineCvesOverviewPage.tsx b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/Overview/VirtualMachineCvesOverviewPage.tsx index a56e591da7aef..f700be3bd1d40 100644 --- a/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/Overview/VirtualMachineCvesOverviewPage.tsx +++ b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/Overview/VirtualMachineCvesOverviewPage.tsx @@ -4,6 +4,7 @@ import { Card, CardBody, Flex, PageSection, Text, Title } from '@patternfly/reac import PageTitle from 'Components/PageTitle'; import DeveloperPreviewLabel from 'Components/PatternFly/DeveloperPreviewLabel'; +import VirtualMachineScanScopeAlert from '../components/VirtualMachineScanScopeAlert'; import VirtualMachinesCvesTable from './VirtualMachinesCvesTable'; function VirtualMachineCvesOverviewPage() { @@ -23,6 +24,7 @@ function VirtualMachineCvesOverviewPage() { + diff --git a/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/Overview/VirtualMachinesCvesTable.tsx b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/Overview/VirtualMachinesCvesTable.tsx index c32f922982bc9..12f1ea0bc504d 100644 --- a/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/Overview/VirtualMachinesCvesTable.tsx +++ b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/Overview/VirtualMachinesCvesTable.tsx @@ -26,20 +26,24 @@ import { listVirtualMachines } from 'services/VirtualMachineService'; import { getTableUIState } from 'utils/getTableUIState'; import { getHasSearchApplied } from 'utils/searchUtils'; -import { getVirtualMachineSeveritiesCount } from '../aggregateUtils'; +import { + getVirtualMachineScannedPackagesCount, + getVirtualMachineSeveritiesCount, +} from '../aggregateUtils'; import AdvancedFiltersToolbar from '../../components/AdvancedFiltersToolbar'; import SeverityCountLabels from '../../components/SeverityCountLabels'; import { DEFAULT_VM_PAGE_SIZE } from '../../constants'; import { getVirtualMachineEntityPagePath } from '../../utils/searchUtils'; +import { VIRTUAL_MACHINE_SORT_FIELD } from '../../utils/sortFields'; const searchFilterConfig = [ virtualMachinesSearchFilterConfig, virtualMachinesClusterSearchFilterConfig, ]; -export const sortFields = ['Virtual Machine Name']; +export const sortFields = [VIRTUAL_MACHINE_SORT_FIELD]; -export const defaultSortOption = { field: 'Virtual Machine Name', direction: 'asc' } as const; +export const defaultSortOption = { field: VIRTUAL_MACHINE_SORT_FIELD, direction: 'asc' } as const; function VirtualMachinesCvesTable() { const { page, perPage, setPage, setPerPage } = useURLPagination(DEFAULT_VM_PAGE_SIZE); @@ -169,7 +173,11 @@ function VirtualMachinesCvesTable() { {virtualMachine.namespace} - ? + + {getVirtualMachineScannedPackagesCount( + virtualMachine + )} + diff --git a/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePackagesTable.tsx b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePackagesTable.tsx new file mode 100644 index 0000000000000..642704dd427d2 --- /dev/null +++ b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePackagesTable.tsx @@ -0,0 +1,68 @@ +import React from 'react'; +import { Table, Tbody, Td, Th, Thead, Tr } from '@patternfly/react-table'; + +import TbodyUnified from 'Components/TableStateTemplates/TbodyUnified'; +import type { UseURLSortResult } from 'hooks/useURLSort'; +import type { TableUIState } from 'utils/getTableUIState'; + +import type { PackageTableRow } from '../aggregateUtils'; +import { COMPONENT_SORT_FIELD } from '../../utils/sortFields'; + +export type VirtualMachinePackagesTableProps = { + tableState: TableUIState; + getSortParams: UseURLSortResult['getSortParams']; + onClearFilters: () => void; +}; + +function VirtualMachinePackagesTable({ + tableState, + getSortParams, + onClearFilters, +}: VirtualMachinePackagesTableProps) { + const colSpan = 3; + + return ( + + + + + + + + + ( + + {data.map((packageRow) => { + return ( + + + + + + ); + })} + + )} + /> +
NameStatusVersion
{packageRow.name} + {packageRow.isScannable ? 'Scanned' : 'Not scanned'} + {packageRow.version}
+ ); +} + +export default VirtualMachinePackagesTable; diff --git a/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePage.tsx b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePage.tsx index 05684e786130f..6524a39335172 100644 --- a/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePage.tsx +++ b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePage.tsx @@ -14,13 +14,25 @@ import { import PageTitle from 'Components/PageTitle'; import BreadcrumbItemLink from 'Components/BreadcrumbItemLink'; +import { DEFAULT_VM_PAGE_SIZE } from 'Containers/Vulnerabilities/constants'; import useRestQuery from 'hooks/useRestQuery'; +import useURLPagination from 'hooks/useURLPagination'; +import useURLSearch from 'hooks/useURLSearch'; +import useURLSort from 'hooks/useURLSort'; import useURLStringUnion from 'hooks/useURLStringUnion'; import { getVirtualMachine } from 'services/VirtualMachineService'; import { detailsTabValues } from '../../types'; import { getOverviewPagePath } from '../../utils/searchUtils'; +import { + COMPONENT_SORT_FIELD, + CVE_EPSS_PROBABILITY_SORT_FIELD, + CVE_SEVERITY_SORT_FIELD, + CVE_SORT_FIELD, + CVSS_SORT_FIELD, +} from '../../utils/sortFields'; import VirtualMachinePageHeader from './VirtualMachinePageHeader'; +import VirtualMachinePagePackages from './VirtualMachinePagePackages'; import VirtualMachinePageVulnerabilities from './VirtualMachinePageVulnerabilities'; const VULNERABILITIES_TAB_ID = 'vulnerabilities-tab-content'; @@ -30,8 +42,30 @@ const virtualMachineCveOverviewPath = getOverviewPagePath('VirtualMachine', { entityTab: 'VirtualMachine', }); +const sortFields = [ + COMPONENT_SORT_FIELD, + CVE_EPSS_PROBABILITY_SORT_FIELD, + CVE_SORT_FIELD, + CVE_SEVERITY_SORT_FIELD, + CVSS_SORT_FIELD, +]; + +const defaultPackagesSortOption = { field: COMPONENT_SORT_FIELD, direction: 'asc' } as const; + +const defaultVulnerabilitiesSortOption = { + field: CVE_SEVERITY_SORT_FIELD, + direction: 'desc', +} as const; + function VirtualMachinePage() { const { virtualMachineId } = useParams() as { virtualMachineId: string }; + const urlPagination = useURLPagination(DEFAULT_VM_PAGE_SIZE); + const urlSearch = useURLSearch(); + const urlSorting = useURLSort({ + sortFields, + defaultSortOption: defaultVulnerabilitiesSortOption, + onSort: () => urlPagination.setPage(1, 'replace'), + }); const fetchVirtualMachine = useCallback( () => getVirtualMachine(virtualMachineId), @@ -47,6 +81,17 @@ function VirtualMachinePage() { const virtualMachineName = virtualMachineData?.name; + function onTabChange(value: string | number) { + if (value === packagesTabKey) { + urlSorting.setSortOption(defaultPackagesSortOption); + } else { + urlSorting.setSortOption(defaultVulnerabilitiesSortOption); + } + setActiveTabKey(value); + urlPagination.setPage(1, 'replace'); + urlSearch.setSearchFilter({}); + } + return ( <> @@ -77,7 +122,7 @@ function VirtualMachinePage() { { - setActiveTabKey(key); + onTabChange(key); }} className="pf-v5-u-pl-md pf-v5-u-background-color-100" > @@ -117,11 +162,23 @@ function VirtualMachinePage() { virtualMachineData={virtualMachineData} isLoadingVirtualMachineData={isLoading} errorVirtualMachineData={error} + urlSearch={urlSearch} + urlSorting={urlSorting} + urlPagination={urlPagination} /> )} {activeTabKey === packagesTabKey && ( - packages table here + + + )} diff --git a/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePagePackages.tsx b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePagePackages.tsx new file mode 100644 index 0000000000000..0886eb445c088 --- /dev/null +++ b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePagePackages.tsx @@ -0,0 +1,191 @@ +import React, { useMemo } from 'react'; +import { + Flex, + PageSection, + Pagination, + pluralize, + Skeleton, + Split, + SplitItem, + Title, + Toolbar, + ToolbarContent, + ToolbarGroup, + ToolbarItem, +} from '@patternfly/react-core'; + +import CompoundSearchFilter from 'Components/CompoundSearchFilter/components/CompoundSearchFilter'; +import ComponentScannableStatusDropdown from 'Containers/Vulnerabilities/components/ComponentScannableStatusDropdown'; +import type { OnSearchPayload } from 'Components/CompoundSearchFilter/types'; +import { onURLSearch } from 'Components/CompoundSearchFilter/utils/utils'; +import { DynamicTableLabel } from 'Components/DynamicIcon'; +import SearchFilterChips from 'Components/PatternFly/SearchFilterChips'; +import type { UseURLPaginationResult } from 'hooks/useURLPagination'; +import type { UseUrlSearchReturn } from 'hooks/useURLSearch'; +import type { UseURLSortResult } from 'hooks/useURLSort'; +import type { VirtualMachine } from 'services/VirtualMachineService'; +import { getTableUIState } from 'utils/getTableUIState'; +import { getHasSearchApplied } from 'utils/searchUtils'; + +import { + applyVirtualMachinePackagesTableFilters, + applyVirtualMachinePackagesTableSort, + getVirtualMachinePackagesTableData, +} from '../aggregateUtils'; +import { virtualMachineComponentSearchFilterConfig } from '../../searchFilterConfig'; +import VirtualMachinePackagesTable from './VirtualMachinePackagesTable'; + +export type VirtualMachinePagePackagesProps = { + virtualMachineData: VirtualMachine | undefined; + isLoadingVirtualMachineData: boolean; + errorVirtualMachineData: Error | undefined; + urlSearch: UseUrlSearchReturn; + urlSorting: UseURLSortResult; + urlPagination: UseURLPaginationResult; +}; + +const searchFilterConfig = [virtualMachineComponentSearchFilterConfig]; + +function VirtualMachinePagePackages({ + virtualMachineData, + isLoadingVirtualMachineData, + errorVirtualMachineData, + urlSearch, + urlSorting, + urlPagination, +}: VirtualMachinePagePackagesProps) { + const { searchFilter, setSearchFilter } = urlSearch; + const { page, perPage, setPage, setPerPage } = urlPagination; + const { sortOption, getSortParams } = urlSorting; + + const isFiltered = getHasSearchApplied(searchFilter); + + const virtualMachinePackagesTableData = useMemo( + () => getVirtualMachinePackagesTableData(virtualMachineData), + [virtualMachineData] + ); + + const filteredVirtualMachinePackagesTableData = useMemo( + () => + applyVirtualMachinePackagesTableFilters(virtualMachinePackagesTableData, searchFilter), + [virtualMachinePackagesTableData, searchFilter] + ); + + const sortedVirtualMachinePackagesTableData = useMemo( + () => + applyVirtualMachinePackagesTableSort( + filteredVirtualMachinePackagesTableData, + Array.isArray(sortOption) ? sortOption[0].field : sortOption.field, + Array.isArray(sortOption) ? sortOption[0].reversed : sortOption.reversed + ), + [filteredVirtualMachinePackagesTableData, sortOption] + ); + + const paginatedVirtualMachinePackagesTableData = useMemo(() => { + const totalRows = sortedVirtualMachinePackagesTableData.length; + const maxPage = Math.max(1, Math.ceil(totalRows / perPage) || 1); + const safePage = Math.min(page, maxPage); + + const start = (safePage - 1) * perPage; + const end = start + perPage; + return sortedVirtualMachinePackagesTableData.slice(start, end); + }, [sortedVirtualMachinePackagesTableData, page, perPage]); + + const tableState = getTableUIState({ + isLoading: isLoadingVirtualMachineData, + data: paginatedVirtualMachinePackagesTableData, + error: errorVirtualMachineData, + searchFilter, + }); + + function onClearFilters() { + setSearchFilter({}); + setPage(1); + } + + const onSearch = (payload: OnSearchPayload) => { + onURLSearch(searchFilter, setSearchFilter, payload); + setPage(1); + }; + + const onScannableStatusSelect = ( + filterType: 'SCANNABLE', + checked: boolean, + selection: string + ) => { + const action = checked ? 'ADD' : 'REMOVE'; + const category = filterType; + const value = selection; + onURLSearch(searchFilter, setSearchFilter, { action, category, value }); + setPage(1); + }; + + return ( + + + + + + + + + + + + + + + + +
+ + + + + {!isLoadingVirtualMachineData ? ( + `${pluralize(filteredVirtualMachinePackagesTableData.length, 'result')} found` + ) : ( + <Skeleton screenreaderText="Loading virtual machine vulnerability count" /> + )} + + {isFiltered && } + + + + setPage(newPage)} + onPerPageSelect={(_, newPerPage) => { + setPerPage(newPerPage); + }} + /> + + + +
+ + ); +} + +export default VirtualMachinePagePackages; diff --git a/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePageVulnerabilities.tsx b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePageVulnerabilities.tsx index 754b944457d32..2106f69bf9ef9 100644 --- a/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePageVulnerabilities.tsx +++ b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/VirtualMachine/VirtualMachinePageVulnerabilities.tsx @@ -11,14 +11,13 @@ import { } from '@patternfly/react-core'; import { DynamicTableLabel } from 'Components/DynamicIcon'; -import { DEFAULT_VM_PAGE_SIZE } from 'Containers/Vulnerabilities/constants'; import { virtualMachineCVESearchFilterConfig, virtualMachineComponentSearchFilterConfig, } from 'Containers/Vulnerabilities/searchFilterConfig'; -import useURLPagination from 'hooks/useURLPagination'; -import useURLSearch from 'hooks/useURLSearch'; -import useURLSort from 'hooks/useURLSort'; +import type { UseURLPaginationResult } from 'hooks/useURLPagination'; +import type { UseUrlSearchReturn } from 'hooks/useURLSearch'; +import type { UseURLSortResult } from 'hooks/useURLSort'; import type { VirtualMachine } from 'services/VirtualMachineService'; import { getTableUIState } from 'utils/getTableUIState'; @@ -33,17 +32,12 @@ import AdvancedFiltersToolbar from '../../components/AdvancedFiltersToolbar'; import BySeveritySummaryCard from '../../components/BySeveritySummaryCard'; import CvesByStatusSummaryCard from '../../components/CvesByStatusSummaryCard'; import { SummaryCard, SummaryCardLayout } from '../../components/SummaryCardLayout'; +import VirtualMachineScanScopeAlert from '../components/VirtualMachineScanScopeAlert'; import { getHiddenSeverities, getHiddenStatuses, parseQuerySearchFilter, } from '../../utils/searchUtils'; -import { - CVE_EPSS_PROBABILITY_SORT_FIELD, - CVE_SEVERITY_SORT_FIELD, - CVE_SORT_FIELD, - CVSS_SORT_FIELD, -} from '../../utils/sortFields'; import VirtualMachineVulnerabilitiesTable from './VirtualMachineVulnerabilitiesTable'; // Currently we need all vm info to be fetched in the root component, hence this being passed in @@ -52,6 +46,9 @@ export type VirtualMachinePageVulnerabilitiesProps = { virtualMachineData: VirtualMachine | undefined; isLoadingVirtualMachineData: boolean; errorVirtualMachineData: Error | undefined; + urlSearch: UseUrlSearchReturn; + urlSorting: UseURLSortResult; + urlPagination: UseURLPaginationResult; }; const searchFilterConfig = [ @@ -59,28 +56,17 @@ const searchFilterConfig = [ virtualMachineComponentSearchFilterConfig, ]; -const sortFields = [ - CVE_EPSS_PROBABILITY_SORT_FIELD, - CVE_SORT_FIELD, - CVE_SEVERITY_SORT_FIELD, - CVSS_SORT_FIELD, -]; - -const defaultSortOption = { field: CVE_SEVERITY_SORT_FIELD, direction: 'desc' } as const; - function VirtualMachinePageVulnerabilities({ virtualMachineData, isLoadingVirtualMachineData, errorVirtualMachineData, + urlSearch, + urlSorting, + urlPagination, }: VirtualMachinePageVulnerabilitiesProps) { - const pagination = useURLPagination(DEFAULT_VM_PAGE_SIZE); - const { sortOption, getSortParams } = useURLSort({ - sortFields, - defaultSortOption, - onSort: () => setPage(1, 'replace'), - }); - const { page, perPage, setPage, setPerPage } = pagination; - const { searchFilter, setSearchFilter } = useURLSearch(); + const { searchFilter, setSearchFilter } = urlSearch; + const { sortOption, getSortParams } = urlSorting; + const { page, perPage, setPage, setPerPage } = urlPagination; const querySearchFilter = parseQuerySearchFilter(searchFilter); const hiddenStatuses = getHiddenStatuses(querySearchFilter); const hiddenSeverities = getHiddenSeverities(querySearchFilter); @@ -130,6 +116,7 @@ function VirtualMachinePageVulnerabilities({ return ( + !component.notes?.includes('UNSCANNED') + ).length; + + return `${scannedComponents}/${totalComponents} scanned packages`; +} + export function getVirtualMachineCveSeverityStatusCounts( cveTableData: CveTableRow[] ): ResourceCountByCveSeverityAndStatus { @@ -238,3 +253,106 @@ export function applyVirtualMachineCveTableSort( return [...rows].sort(comparator); } + +export type PackageTableRow = { + name: ScanComponent['name']; + version: string; + isScannable: boolean; +}; + +export function getVirtualMachinePackagesTableData( + virtualMachine?: VirtualMachine +): PackageTableRow[] { + if (!virtualMachine) { + return []; + } + + const packagesTableData: PackageTableRow[] = []; + + virtualMachine.scan?.components?.forEach((component) => { + packagesTableData.push({ + name: component.name, + version: component.version, + isScannable: !component.notes.includes('UNSCANNED'), + }); + }); + + return packagesTableData; +} + +export function applyVirtualMachinePackagesTableFilters( + packagesTableData: PackageTableRow[], + searchFilter: SearchFilter +): PackageTableRow[] { + if (!searchFilter || Object.keys(searchFilter).length === 0) { + return packagesTableData; + } + + const componentFilters = searchValueAsArray(searchFilter.Component).map((component) => + component.toLowerCase() + ); + const componentVersionFilters = searchValueAsArray(searchFilter['Component Version']).map( + (version) => version.toLowerCase() + ); + + const scannableFilters = searchValueAsArray(searchFilter.SCANNABLE); + + return packagesTableData.filter((packageTableRow) => { + // "Component" filter, case insensitive and substring + if (componentFilters.length > 0) { + const componentNameLowerCase = packageTableRow.name.toLowerCase(); + if (!componentFilters.some((filter) => componentNameLowerCase.includes(filter))) { + return false; + } + } + + // "Component Version" filter, case insensitive and substring + if (componentVersionFilters.length > 0) { + const componentVersionLowerCase = packageTableRow.version.toLowerCase(); + if ( + !componentVersionFilters.some((filter) => + componentVersionLowerCase.includes(filter) + ) + ) { + return false; + } + } + + // "SCANNABLE" filter, exact + if (scannableFilters.length > 0) { + const rowScannable: ScannableStatus = packageTableRow.isScannable + ? 'Scanned' + : 'Not scanned'; + if (!scannableFilters.includes(rowScannable)) { + return false; + } + } + + return true; // passed all filter conditions + }); +} + +export function applyVirtualMachinePackagesTableSort( + rows: PackageTableRow[], + sortKey: string, + reversed: boolean +): PackageTableRow[] { + const comparator = (a: PackageTableRow, b: PackageTableRow) => { + let compareResult = 0; + + switch (sortKey) { + case COMPONENT_SORT_FIELD: + compareResult = a.name.localeCompare(b.name); + break; + default: + break; + } + if (compareResult !== 0) { + return reversed ? compareResult * -1 : compareResult; + } + + return 0; + }; + + return [...rows].sort(comparator); +} diff --git a/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/components/VirtualMachineScanScopeAlert.tsx b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/components/VirtualMachineScanScopeAlert.tsx new file mode 100644 index 0000000000000..1b04b7b50a395 --- /dev/null +++ b/ui/apps/platform/src/Containers/Vulnerabilities/VirtualMachineCves/components/VirtualMachineScanScopeAlert.tsx @@ -0,0 +1,15 @@ +import React from 'react'; +import { Alert } from '@patternfly/react-core'; + +function VirtualMachineScanScopeAlert() { + return ( + + ); +} + +export default VirtualMachineScanScopeAlert; diff --git a/ui/apps/platform/src/Containers/Vulnerabilities/components/ComponentScannableStatusDropdown.tsx b/ui/apps/platform/src/Containers/Vulnerabilities/components/ComponentScannableStatusDropdown.tsx new file mode 100644 index 0000000000000..07344ecf91ddc --- /dev/null +++ b/ui/apps/platform/src/Containers/Vulnerabilities/components/ComponentScannableStatusDropdown.tsx @@ -0,0 +1,43 @@ +import React, { useState } from 'react'; +import { Select, SelectOption } from '@patternfly/react-core/deprecated'; + +import { SearchFilter } from 'types/search'; + +import './FilterDropdowns.css'; + +type ComponentScannableStatusDropdownProps = { + searchFilter: SearchFilter; + onSelect: (filterType: 'SCANNABLE', checked: boolean, selection: string) => void; +}; + +function ComponentScannableStatusDropdown({ + searchFilter, + onSelect, +}: ComponentScannableStatusDropdownProps) { + const [componentScannableStatusIsOpen, setComponentScannableStatusIsOpen] = useState(false); + + function onComponentScannableStatusToggle(isOpen: boolean) { + setComponentScannableStatusIsOpen(isOpen); + } + + return ( + + ); +} + +export default ComponentScannableStatusDropdown; diff --git a/ui/apps/platform/src/Containers/Vulnerabilities/types.ts b/ui/apps/platform/src/Containers/Vulnerabilities/types.ts index 407c33f0e480e..10427b026632d 100644 --- a/ui/apps/platform/src/Containers/Vulnerabilities/types.ts +++ b/ui/apps/platform/src/Containers/Vulnerabilities/types.ts @@ -20,6 +20,12 @@ export function isFixableStatus(value: unknown): value is FixableStatus { return fixableStatuses.some((status) => status === value); } +const scannableStatuses = ['Scanned', 'Not scanned'] as const; +export type ScannableStatus = (typeof scannableStatuses)[number]; +export function isScannableStatus(value: unknown): value is ScannableStatus { + return scannableStatuses.some((status) => status === value); +} + // `QuerySearchFilter` is a restricted subset of the `SearchFilter` obtained from the URL that // has been parsed to convert values to the format expected by the backend. It also restricts // the filter values to a `string[]` for consistency. diff --git a/ui/apps/platform/src/Containers/Vulnerabilities/utils/sortFields.ts b/ui/apps/platform/src/Containers/Vulnerabilities/utils/sortFields.ts index c52b035db8c6f..d79fe2c8b0c28 100644 --- a/ui/apps/platform/src/Containers/Vulnerabilities/utils/sortFields.ts +++ b/ui/apps/platform/src/Containers/Vulnerabilities/utils/sortFields.ts @@ -7,6 +7,7 @@ export const CVE_STATUS_SORT_FIELD = 'Fixable'; export const CVE_TYPE_SORT_FIELD = 'CVE Type'; export const CVE_COUNT_SORT_FIELD = 'CVE Count'; export const OPERATING_SYSTEM_SORT_FIELD = 'Operating System'; +export const COMPONENT_SORT_FIELD = 'Component'; // Cluster sort fields export const CLUSTER_SORT_FIELD = 'Cluster'; @@ -19,3 +20,6 @@ export const NODE_SORT_FIELD = 'Node'; export const NODE_TOP_CVSS_SORT_FIELD = 'CVSS'; export const NODE_COUNT_SORT_FIELD = 'Node Count'; export const NODE_SCAN_TIME_SORT_FIELD = 'Node Scan Time'; + +// Virtual Machine sort fields +export const VIRTUAL_MACHINE_SORT_FIELD = 'Virtual Machine Name'; diff --git a/ui/apps/platform/src/queries/image.js b/ui/apps/platform/src/queries/image.js index 434dd913edc09..c70cd9e92671d 100644 --- a/ui/apps/platform/src/queries/image.js +++ b/ui/apps/platform/src/queries/image.js @@ -29,11 +29,11 @@ export const IMAGE_FRAGMENT = gql` tag } scan { - components { + imageComponents { name layerIndex version - vulns { + imageVulnerabilities { cve cvss link diff --git a/ui/apps/platform/src/types/scanComponent.proto.ts b/ui/apps/platform/src/types/scanComponent.proto.ts index cbb9e4548ee30..09d4e8fc1249f 100644 --- a/ui/apps/platform/src/types/scanComponent.proto.ts +++ b/ui/apps/platform/src/types/scanComponent.proto.ts @@ -14,6 +14,7 @@ export type ScanComponent = { fixedBy: string; executables: ScanComponentExecutable[]; architecture: string; + notes: Note[]; }; type ScanComponentExecutable = { @@ -21,6 +22,8 @@ type ScanComponentExecutable = { dependencies: string[]; }; +type Note = 'UNSPECIFIED' | 'UNSCANNED'; + export type SourceType = | 'OS' | 'PYTHON' diff --git a/ui/apps/platform/src/utils/getEntityName.test.js b/ui/apps/platform/src/utils/getEntityName.test.js index c318486563d47..2fe98ec2c5cff 100644 --- a/ui/apps/platform/src/utils/getEntityName.test.js +++ b/ui/apps/platform/src/utils/getEntityName.test.js @@ -163,7 +163,7 @@ describe('getEntityName', () => { component: { id: 'bGlieG1sMg:Mi45LjErZGZzZzEtNStkZWI4dTQ', name: 'libxml2', - __typename: 'EmbeddedImageScanComponent', + __typename: 'ImageComponent', }, }; diff --git a/ui/apps/platform/src/utils/pdfUtils.js b/ui/apps/platform/src/utils/pdfUtils.js index 82b83f2372f4c..6d13dd0ded81e 100644 --- a/ui/apps/platform/src/utils/pdfUtils.js +++ b/ui/apps/platform/src/utils/pdfUtils.js @@ -117,9 +117,15 @@ const createPDFTable = (tableData, entityType, query, pdfId, tableColumns) => { headerKeys.forEach((key, index) => { const td = document.createElement('td'); let colValue = ''; - if (filteredColumns[index] && filteredColumns[index].Cell) { + // Adjust column index if type was prepended + const columnIndex = tableData[0].rows && type ? index - 1 : index; + if ( + columnIndex >= 0 && + filteredColumns[columnIndex] && + filteredColumns[columnIndex].Cell + ) { colValue = ReactDOMServer.renderToString( - filteredColumns[index].Cell({ original: val, pdf: true }) + filteredColumns[columnIndex].Cell({ original: val, pdf: true }) ); } else { const flattenedObj = flattenObject(val);