diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5540fb7fd93e6..e10453f61b17b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -17,6 +17,11 @@ updates: schedule: interval: "daily" + - package-ecosystem: "npm" + directory: "/ui-test/" + schedule: + interval: "daily" + - package-ecosystem: "docker" directory: "/" schedule: diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 6d4302d2b540c..2e876c1095f73 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -6,9 +6,10 @@ | codeql.yaml | CodeQL analysis | | image-reuse.yaml | Build, push, and Sign container images | | image.yaml | Build container image for PR's & publish for push events | -| pr-title-check.yaml| Lint PR for semantic information | | init-release.yaml | Build manifests and version then create a PR for release branch| +| pr-title-check.yaml| Lint PR for semantic information | | release.yaml | Build images, cli-binaries, provenances, and post actions | +| scorecard.yaml | Generate scorecard for supply-chain security | | update-snyk.yaml | Scheduled snyk reports | # Reusable workflows diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 4aa502e318bef..5d014b36ccdb6 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -13,7 +13,7 @@ on: env: # Golang version to use across CI steps - GOLANG_VERSION: '1.21' + GOLANG_VERSION: '1.22' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -55,7 +55,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ env.GOLANG_VERSION }} - name: Download all Go modules @@ -76,11 +76,11 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ env.GOLANG_VERSION }} - name: Restore go build cache - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -103,14 +103,14 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint - uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0 + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: - version: v1.54.0 - args: --enable gofmt --timeout 10m --exclude SA5011 --verbose --max-issues-per-linter 0 --max-same-issues 0 + version: v1.58.2 + args: --verbose test-go: name: Run unit tests for Go packages @@ -130,7 +130,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -150,7 +150,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -171,12 +171,12 @@ jobs: - name: Run all unit tests run: make test-local - name: Generate code coverage artifacts - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: code-coverage path: coverage.out - name: Generate test results artifacts - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: test-results path: test-results/ @@ -199,7 +199,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -219,7 +219,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -240,7 +240,7 @@ jobs: - name: Run all unit tests run: make test-race-local - name: Generate test results artifacts - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: race-results path: test-results/ @@ -255,7 +255,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ env.GOLANG_VERSION }} - name: Create symlink in GOPATH @@ -298,7 +298,8 @@ jobs: build-ui: name: Build, test & lint UI code - if: ${{ needs.changes.outputs.frontend == 'true' }} + # We run UI logic for backend changes so that we have a complete set of coverage documents to send to codecov. + if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.frontend == 'true' }} runs-on: ubuntu-22.04 needs: - changes @@ -306,12 +307,12 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup NodeJS - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: '21.6.1' - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} @@ -348,7 +349,7 @@ jobs: fetch-depth: 0 - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} @@ -359,18 +360,21 @@ jobs: run: | mkdir -p test-results - name: Get code coverage artifact - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: code-coverage - name: Get test result artifact - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: test-results path: test-results - name: Upload code coverage information to codecov.io - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 + uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 with: file: coverage.out + fail_ci_if_error: true + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - name: Perform static code analysis using SonarCloud env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -427,7 +431,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ env.GOLANG_VERSION }} - name: GH actions workaround - Kill XSP4 process @@ -446,7 +450,7 @@ jobs: sudo chmod go-r $HOME/.kube/config kubectl version - name: Restore go build cache - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -502,7 +506,7 @@ jobs: set -x make test-e2e-local - name: Upload e2e-server logs - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: e2e-server-k8s${{ matrix.k3s-version }}.log path: /tmp/e2e-server.log @@ -529,4 +533,4 @@ jobs: exit 0 else exit 1 - fi \ No newline at end of file + fi diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5d745d222d2fb..7dcc9f6e24bca 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,13 +33,13 @@ jobs: # Use correct go version. https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version-file: go.mod # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33 + uses: github/codeql-action/init@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2 # Override language selection by uncommenting this and choosing your languages # with: # languages: go, javascript, csharp, python, cpp, java @@ -47,7 +47,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33 + uses: github/codeql-action/autobuild@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -61,4 +61,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33 + uses: github/codeql-action/analyze@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2 diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index 5b5a12b346fa1..7510f0571670d 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -69,14 +69,14 @@ jobs: if: ${{ github.ref_type != 'tag'}} - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ inputs.go-version }} - name: Install cosign - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 + uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 + - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Setup tags for container image as a CSV type @@ -104,7 +104,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV - name: Login to Quay.io - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: quay.io username: ${{ secrets.quay_username }} @@ -112,7 +112,7 @@ jobs: if: ${{ inputs.quay_image_name && inputs.push }} - name: Login to GitHub Container Registry - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ secrets.ghcr_username }} @@ -120,7 +120,7 @@ jobs: if: ${{ inputs.ghcr_image_name && inputs.push }} - name: Login to dockerhub Container Registry - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: username: ${{ secrets.docker_username }} password: ${{ secrets.docker_password }} @@ -134,7 +134,7 @@ jobs: echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@4d9e71b726748f254fe64fa44d273194bd18ec91 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be with: large-packages: false docker-images: false diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index a7174e10de9db..3102e8361aa06 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -52,7 +52,7 @@ jobs: uses: ./.github/workflows/image-reuse.yaml with: # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.21 + go-version: 1.22 platforms: ${{ needs.set-vars.outputs.platforms }} push: false @@ -68,7 +68,7 @@ jobs: quay_image_name: quay.io/argoproj/argocd:latest ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.21 + go-version: 1.22 platforms: ${{ needs.set-vars.outputs.platforms }} push: true secrets: @@ -86,7 +86,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }} # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 with: image: ghcr.io/argoproj/argo-cd/argocd digest: ${{ needs.build-and-publish.outputs.image-digest }} diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml index 0a0430f27f96b..70de72d391dba 100644 --- a/.github/workflows/init-release.yaml +++ b/.github/workflows/init-release.yaml @@ -64,7 +64,7 @@ jobs: git stash pop - name: Create pull request - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 with: commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}" title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch" diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml index 020535d7b8afa..61c38548cf6ba 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check.yml @@ -23,7 +23,7 @@ jobs: name: Validate PR Title runs-on: ubuntu-latest steps: - - uses: thehanimo/pr-title-checker@0cf5902181e78341bb97bb06646396e5bd354b3f # v1.4.0 + - uses: thehanimo/pr-title-checker@1d8cd483a2b73118406a187f54dca8a9415f1375 # v1.4.2 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} configuration_path: ".github/pr-title-checker-config.json" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d332c075d0bd0..a255049f62a85 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ on: permissions: {} env: - GOLANG_VERSION: '1.21' # Note: go-version must also be set in job argocd-image.with.go-version + GOLANG_VERSION: '1.22' # Note: go-version must also be set in job argocd-image.with.go-version jobs: argocd-image: @@ -23,7 +23,7 @@ jobs: with: quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.21 + go-version: 1.22 platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le push: true secrets: @@ -38,7 +38,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator if: github.repository == 'argoproj/argo-cd' - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 with: image: quay.io/argoproj/argocd digest: ${{ needs.argocd-image.outputs.image-digest }} @@ -77,7 +77,7 @@ jobs: fi - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ env.GOLANG_VERSION }} @@ -88,7 +88,7 @@ jobs: echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@4d9e71b726748f254fe64fa44d273194bd18ec91 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be with: large-packages: false docker-images: false @@ -96,7 +96,7 @@ jobs: tool-cache: false - name: Run GoReleaser - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 + uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 id: run-goreleaser with: version: latest @@ -128,7 +128,7 @@ jobs: contents: write # Needed for release uploads if: github.repository == 'argoproj/argo-cd' # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" provenance-name: "argocd-cli.intoto.jsonl" @@ -153,7 +153,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ env.GOLANG_VERSION }} @@ -197,7 +197,7 @@ jobs: echo "hashes=$(sha256sum /tmp/sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT" - name: Upload SBOM - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 + uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -212,7 +212,7 @@ jobs: contents: write # Needed for release uploads if: github.repository == 'argoproj/argo-cd' # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 with: base64-subjects: "${{ needs.generate-sbom.outputs.hashes }}" provenance-name: "argocd-sbom.intoto.jsonl" @@ -295,7 +295,7 @@ jobs: if: ${{ env.UPDATE_VERSION == 'true' }} - name: Create PR to update VERSION on master branch - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 with: commit-message: Bump version in master title: "chore: Bump version in master" diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index ec3151949541d..28621c86666c5 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -35,7 +35,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif @@ -54,7 +54,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file path: results.sarif @@ -62,6 +62,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@83a02f7883b12e0e4e1a146174f5e2292a01e601 # v2.16.4 + uses: github/codeql-action/upload-sarif@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2 with: sarif_file: results.sarif diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile index d105f49fde2b1..87afd912bcef0 100644 --- a/.gitpod.Dockerfile +++ b/.gitpod.Dockerfile @@ -1,4 +1,4 @@ -FROM gitpod/workspace-full@sha256:511cecde4dc129ca9eb4cc4c479d61f95e5485ebe320a07f5b902f11899956a3 +FROM gitpod/workspace-full@sha256:8dd34e72ae5b9e6f60d267dd6287befc2cf5ad1a11c64e9d93daa60c952a2154 USER root diff --git a/.golangci.yaml b/.golangci.yaml new file mode 100644 index 0000000000000..96299f53fab27 --- /dev/null +++ b/.golangci.yaml @@ -0,0 +1,17 @@ +issues: + exclude: + - SA5011 + max-issues-per-linter: 0 + max-same-issues: 0 +linters: + enable: + - errcheck + - gofmt + - gosimple + - govet + - ineffassign + - misspell + - staticcheck + - unused +run: + timeout: 50m diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 26341aa1d80c1..c156d37b19081 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -114,7 +114,7 @@ changelog: exclude: - '^test:' - '^.*?Bump(\([[:word:]]+\))?.+$' - - '^.*?[Bot](\([[:word:]]+\))?.+$' + - '^.*?\[Bot\](\([[:word:]]+\))?.+$' # yaml-language-server: $schema=https://goreleaser.com/static/schema.json diff --git a/.readthedocs.yml b/.readthedocs.yaml similarity index 100% rename from .readthedocs.yml rename to .readthedocs.yaml diff --git a/Dockerfile b/Dockerfile index c6eb601ca3216..eec71307482e7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:0bced47fffa3361afa981854fcabcd4577cd43cebbb808cea2b1f33a3dd7f508 +ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 #################################################################################################### # Builder image # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.21.9@sha256:81811f8a883e238666dbadee6928ae2902243a3cd3f3e860f21c102543c6b5a7 AS builder +FROM docker.io/library/golang:1.22.1@sha256:0b55ab82ac2a54a6f8f85ec8b943b9e470c39e32c109b766bbc1b801f3fa8d3b AS builder RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -83,7 +83,7 @@ WORKDIR /home/argocd #################################################################################################### # Argo CD UI stage #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/node:21.6.2@sha256:65998e325b06014d4f1417a8a6afb1540d1ac66521cca76f2221a6953947f9ee AS argocd-ui +FROM --platform=$BUILDPLATFORM docker.io/library/node:22.2.0@sha256:a8ba58f54e770a0f910ec36d25f8a4f1670e741a58c2e6358b2c30b575c84263 AS argocd-ui WORKDIR /src COPY ["ui/package.json", "ui/yarn.lock", "./"] @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.21.9@sha256:81811f8a883e238666dbadee6928ae2902243a3cd3f3e860f21c102543c6b5a7 AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22.1@sha256:0b55ab82ac2a54a6f8f85ec8b943b9e470c39e32c109b766bbc1b801f3fa8d3b AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd diff --git a/Makefile b/Makefile index 96275f9bff76e..a53be342a2cfe 100644 --- a/Makefile +++ b/Makefile @@ -188,7 +188,7 @@ all: cli image .PHONY: gogen gogen: export GO111MODULE=off - go generate ./util/argo/... + go generate ./... .PHONY: protogen protogen: mod-vendor-local protogen-fast @@ -357,7 +357,7 @@ lint-local: golangci-lint --version # NOTE: If you get a "Killed" OOM message, try reducing the value of GOGC # See https://github.com/golangci/golangci-lint#memory-usage-of-golangci-lint - GOGC=$(ARGOCD_LINT_GOGC) GOMAXPROCS=2 golangci-lint run --enable gofmt --fix --verbose --timeout 3000s --max-issues-per-linter 0 --max-same-issues 0 + GOGC=$(ARGOCD_LINT_GOGC) GOMAXPROCS=2 golangci-lint run --fix --verbose .PHONY: lint-ui lint-ui: test-tools-image diff --git a/USERS.md b/USERS.md index 35249b0903cbf..50a66a3af8d13 100644 --- a/USERS.md +++ b/USERS.md @@ -18,9 +18,11 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Albert Heijn](https://ah.nl/) 1. [Alibaba Group](https://www.alibabagroup.com/) 1. [Allianz Direct](https://www.allianzdirect.de/) +1. [AlphaSense](https://www.alpha-sense.com/) 1. [Amadeus IT Group](https://amadeus.com/) 1. [Ambassador Labs](https://www.getambassador.io/) 1. [Ancestry](https://www.ancestry.com/) +1. [Andgo Systems](https://www.andgosystems.com/) 1. [ANSTO - Australian Synchrotron](https://www.synchrotron.org.au/) 1. [Ant Group](https://www.antgroup.com/) 1. [AppDirect](https://www.appdirect.com) @@ -42,6 +44,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [BMW Group](https://www.bmwgroup.com/) 1. [Boozt](https://www.booztgroup.com/) 1. [Boticario](https://www.boticario.com.br/) +1. [Broker Consulting, a.s.](https://www.bcas.cz/en/) 1. [Bulder Bank](https://bulderbank.no) 1. [CAM](https://cam-inc.co.jp) 1. [Camptocamp](https://camptocamp.com) @@ -66,6 +69,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Codefresh](https://www.codefresh.io/) 1. [Codility](https://www.codility.com/) 1. [Commonbond](https://commonbond.co/) +1. [Contlo](https://contlo.com/) 1. [Coralogix](https://coralogix.com/) 1. [Crédit Agricole CIB](https://www.ca-cib.com) 1. [CROZ d.o.o.](https://croz.net/) @@ -162,6 +166,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [KubeSphere](https://github.com/kubesphere) 1. [Kurly](https://www.kurly.com/) 1. [Kvist](https://kvistsolutions.com) +1. [Kyriba](https://www.kyriba.com/) 1. [LexisNexis](https://www.lexisnexis.com/) 1. [Lian Chu Securities](https://lczq.com) 1. [Liatrio](https://www.liatrio.com) @@ -230,7 +235,9 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Percona](https://percona.com/) 1. [PGS](https://www.pgs.com) 1. [Pigment](https://www.gopigment.com/) +1. [Pipedrive](https://www.pipedrive.com/) 1. [Pipefy](https://www.pipefy.com/) +1. [Pipekit](https://pipekit.io/) 1. [Pismo](https://pismo.io/) 1. [PITS Globale Datenrettungsdienste](https://www.pitsdatenrettung.de/) 1. [Platform9 Systems](https://platform9.com/) @@ -249,7 +256,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Quipper](https://www.quipper.com/) 1. [RapidAPI](https://www.rapidapi.com/) 1. [rebuy](https://www.rebuy.de/) -1. [Recreation.gov](https://www.recreation.gov/) 1. [Red Hat](https://www.redhat.com/) 1. [Redpill Linpro](https://www.redpill-linpro.com/) 1. [Reenigne Cloud](https://reenigne.ca) @@ -260,6 +266,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Riskified](https://www.riskified.com/) 1. [Robotinfra](https://www.robotinfra.com) 1. [Rocket.Chat](https://rocket.chat) +1. [Rogo](https://rogodata.com) 1. [Rubin Observatory](https://www.lsst.org) 1. [Saildrone](https://www.saildrone.com/) 1. [Salad Technologies](https://salad.com/) @@ -324,6 +331,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Urbantz](https://urbantz.com/) 1. [Vectra](https://www.vectra.ai) 1. [Veepee](https://www.veepee.com) +1. [Verkada](https://www.verkada.com) 1. [Viaduct](https://www.viaduct.ai/) 1. [VietMoney](https://vietmoney.vn/) 1. [Vinted](https://vinted.com/) diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index e1275e75d3ba2..dc57e6ab410be 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -17,9 +17,11 @@ package controllers import ( "context" "fmt" - "reflect" + "strings" "time" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" log "github.com/sirupsen/logrus" corev1 "k8s.io/api/core/v1" apierr "k8s.io/apimachinery/pkg/api/errors" @@ -39,7 +41,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/event" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/predicate" - "sigs.k8s.io/controller-runtime/pkg/source" "github.com/argoproj/argo-cd/v2/applicationset/generators" "github.com/argoproj/argo-cd/v2/applicationset/utils" @@ -50,6 +51,7 @@ import ( argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" argoutil "github.com/argoproj/argo-cd/v2/util/argo" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" "github.com/argoproj/argo-cd/v2/pkg/apis/application" ) @@ -108,15 +110,19 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque // Do not attempt to further reconcile the ApplicationSet if it is being deleted. if applicationSetInfo.ObjectMeta.DeletionTimestamp != nil { + appsetName := applicationSetInfo.ObjectMeta.Name + logCtx.Debugf("DeletionTimestamp is set on %s", appsetName) deleteAllowed := utils.DefaultPolicy(applicationSetInfo.Spec.SyncPolicy, r.Policy, r.EnablePolicyOverride).AllowDelete() if !deleteAllowed { + logCtx.Debugf("ApplicationSet policy does not allow to delete") if err := r.removeOwnerReferencesOnDeleteAppSet(ctx, applicationSetInfo); err != nil { return ctrl.Result{}, err } - controllerutil.RemoveFinalizer(&applicationSetInfo, argov1alpha1.ResourcesFinalizerName) - if err := r.Update(ctx, &applicationSetInfo); err != nil { - return ctrl.Result{}, err - } + logCtx.Debugf("ownerReferences referring %s is deleted from generated applications", appsetName) + } + controllerutil.RemoveFinalizer(&applicationSetInfo, argov1alpha1.ResourcesFinalizerName) + if err := r.Update(ctx, &applicationSetInfo); err != nil { + return ctrl.Result{}, err } return ctrl.Result{}, nil } @@ -165,6 +171,16 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque return ctrl.Result{RequeueAfter: ReconcileRequeueOnValidationError}, nil } + currentApplications, err := r.getCurrentApplications(ctx, applicationSetInfo) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) + } + + err = r.updateResourcesStatus(ctx, logCtx, &applicationSetInfo, currentApplications) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to get update resources status for application set: %w", err) + } + // appMap is a name->app collection of Applications in this ApplicationSet. appMap := map[string]argov1alpha1.Application{} // appSyncMap tracks which apps will be synced during this reconciliation. @@ -181,16 +197,11 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque } } else if applicationSetInfo.Spec.Strategy != nil { // appset uses progressive sync - applications, err := r.getCurrentApplications(ctx, applicationSetInfo) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) - } - - for _, app := range applications { + for _, app := range currentApplications { appMap[app.Name] = app } - appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, applications, desiredApplications, appMap) + appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, currentApplications, desiredApplications, appMap) if err != nil { return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err) } @@ -611,7 +622,7 @@ func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProg Owns(&argov1alpha1.Application{}, builder.WithPredicates(ownsHandler)). WithEventFilter(ignoreNotAllowedNamespaces(r.ApplicationSetNamespaces)). Watches( - &source.Kind{Type: &corev1.Secret{}}, + &corev1.Secret{}, &clusterSecretEventHandler{ Client: mgr.GetClient(), Log: log.WithField("type", "createSecretEventHandler"), @@ -668,7 +679,7 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context, }, } - action, err := utils.CreateOrUpdate(ctx, appLog, r.Client, applicationSet.Spec.IgnoreApplicationDifferences, found, func() error { + action, err := utils.CreateOrUpdate(ctx, appLog, r.Client, applicationSet.Spec.IgnoreApplicationDifferences, normalizers.IgnoreNormalizerOpts{}, found, func() error { // Copy only the Application/ObjectMeta fields that are significant, from the generatedApp found.Spec = generatedApp.Spec @@ -716,6 +727,17 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context, } } + // Preserve post-delete finalizers: + // https://github.com/argoproj/argo-cd/issues/17181 + for _, finalizer := range found.ObjectMeta.Finalizers { + if strings.HasPrefix(finalizer, argov1alpha1.PostDeleteFinalizerName) { + if generatedApp.Finalizers == nil { + generatedApp.Finalizers = []string{} + } + generatedApp.Finalizers = append(generatedApp.Finalizers, finalizer) + } + } + found.ObjectMeta.Annotations = generatedApp.Annotations found.ObjectMeta.Finalizers = generatedApp.Finalizers @@ -1351,7 +1373,87 @@ func findApplicationStatusIndex(appStatuses []argov1alpha1.ApplicationSetApplica return -1 } -// setApplicationSetApplicationStatus updates the ApplicatonSet's status field +func (r *ApplicationSetReconciler) updateResourcesStatus(ctx context.Context, logCtx *log.Entry, appset *argov1alpha1.ApplicationSet, apps []argov1alpha1.Application) error { + statusMap := getResourceStatusMap(appset) + statusMap = buildResourceStatus(statusMap, apps) + + statuses := []argov1alpha1.ResourceStatus{} + for _, status := range statusMap { + statuses = append(statuses, status) + } + appset.Status.Resources = statuses + + namespacedName := types.NamespacedName{Namespace: appset.Namespace, Name: appset.Name} + err := r.Client.Status().Update(ctx, appset) + if err != nil { + + logCtx.Errorf("unable to set application set status: %v", err) + return fmt.Errorf("unable to set application set status: %v", err) + } + + if err := r.Get(ctx, namespacedName, appset); err != nil { + if client.IgnoreNotFound(err) != nil { + return nil + } + return fmt.Errorf("error fetching updated application set: %v", err) + } + + return nil +} + +func buildResourceStatus(statusMap map[string]argov1alpha1.ResourceStatus, apps []argov1alpha1.Application) map[string]argov1alpha1.ResourceStatus { + appMap := map[string]argov1alpha1.Application{} + for _, app := range apps { + appCopy := app + appMap[app.Name] = app + + gvk := app.GroupVersionKind() + // Create status if it does not exist + status, ok := statusMap[app.Name] + if !ok { + status = argov1alpha1.ResourceStatus{ + Group: gvk.Group, + Version: gvk.Version, + Kind: gvk.Kind, + Name: app.Name, + Namespace: app.Namespace, + Status: app.Status.Sync.Status, + Health: &appCopy.Status.Health, + } + } + + status.Group = gvk.Group + status.Version = gvk.Version + status.Kind = gvk.Kind + status.Name = app.Name + status.Namespace = app.Namespace + status.Status = app.Status.Sync.Status + status.Health = &appCopy.Status.Health + + statusMap[app.Name] = status + } + cleanupDeletedApplicationStatuses(statusMap, appMap) + + return statusMap +} + +func getResourceStatusMap(appset *argov1alpha1.ApplicationSet) map[string]argov1alpha1.ResourceStatus { + statusMap := map[string]argov1alpha1.ResourceStatus{} + for _, status := range appset.Status.Resources { + statusMap[status.Name] = status + } + return statusMap +} + +func cleanupDeletedApplicationStatuses(statusMap map[string]argov1alpha1.ResourceStatus, apps map[string]argov1alpha1.Application) { + for name := range statusMap { + if _, ok := apps[name]; !ok { + delete(statusMap, name) + } + } +} + +// setApplicationSetApplicationStatus updates the ApplicationSet's status field // with any new/changed Application statuses. func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, applicationStatuses []argov1alpha1.ApplicationSetApplicationStatus) error { needToUpdateStatus := false @@ -1528,10 +1630,14 @@ func shouldRequeueApplicationSet(appOld *argov1alpha1.Application, appNew *argov } // the applicationset controller owns the application spec, labels, annotations, and finalizers on the applications - if !reflect.DeepEqual(appOld.Spec, appNew.Spec) || - !reflect.DeepEqual(appOld.ObjectMeta.GetAnnotations(), appNew.ObjectMeta.GetAnnotations()) || - !reflect.DeepEqual(appOld.ObjectMeta.GetLabels(), appNew.ObjectMeta.GetLabels()) || - !reflect.DeepEqual(appOld.ObjectMeta.GetFinalizers(), appNew.ObjectMeta.GetFinalizers()) { + // reflect.DeepEqual considers nil slices/maps not equal to empty slices/maps + // https://pkg.go.dev/reflect#DeepEqual + // ApplicationDestination has an unexported field so we can just use the == for comparison + if !cmp.Equal(appOld.Spec, appNew.Spec, cmpopts.EquateEmpty(), cmpopts.EquateComparable(argov1alpha1.ApplicationDestination{})) || + !cmp.Equal(appOld.ObjectMeta.GetAnnotations(), appNew.ObjectMeta.GetAnnotations(), cmpopts.EquateEmpty()) || + !cmp.Equal(appOld.ObjectMeta.GetLabels(), appNew.ObjectMeta.GetLabels(), cmpopts.EquateEmpty()) || + !cmp.Equal(appOld.ObjectMeta.GetFinalizers(), appNew.ObjectMeta.GetFinalizers(), cmpopts.EquateEmpty()) { + return true } diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index c3c5f3845bea5..ea6b39456f235 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -23,6 +23,7 @@ import ( "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/cache" + crtcache "sigs.k8s.io/controller-runtime/pkg/cache" crtclient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" @@ -66,7 +67,7 @@ type fakeCache struct { cache.Cache } -func (f *fakeCache) GetInformer(ctx context.Context, obj crtclient.Object) (cache.Informer, error) { +func (f *fakeCache) GetInformer(ctx context.Context, obj crtclient.Object, opt ...crtcache.InformerGetOption) (cache.Informer, error) { return &fakeInformer{}, nil } @@ -1281,6 +1282,71 @@ func TestCreateOrUpdateInCluster(t *testing.T) { }, }, }, + }, { + name: "Ensure that argocd post-delete finalizers are preserved from an existing app", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "namespace", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Template: v1alpha1.ApplicationSetTemplate{ + Spec: v1alpha1.ApplicationSpec{ + Project: "project", + }, + }, + }, + }, + existingApps: []v1alpha1.Application{ + { + TypeMeta: metav1.TypeMeta{ + Kind: application.ApplicationKind, + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + Namespace: "namespace", + ResourceVersion: "2", + Finalizers: []string{ + v1alpha1.PostDeleteFinalizerName, + v1alpha1.PostDeleteFinalizerName + "/mystage", + }, + }, + Spec: v1alpha1.ApplicationSpec{ + Project: "project", + }, + }, + }, + desiredApps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + }, + Spec: v1alpha1.ApplicationSpec{ + Project: "project", + }, + }, + }, + expected: []v1alpha1.Application{ + { + TypeMeta: metav1.TypeMeta{ + Kind: application.ApplicationKind, + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + Namespace: "namespace", + ResourceVersion: "2", + Finalizers: []string{ + v1alpha1.PostDeleteFinalizerName, + v1alpha1.PostDeleteFinalizerName + "/mystage", + }, + }, + Spec: v1alpha1.ApplicationSpec{ + Project: "project", + }, + }, + }, }, } { @@ -2374,7 +2440,7 @@ func TestReconcilerValidationProjectErrorBehaviour(t *testing.T) { argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{&project} - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} badCluster := v1alpha1.Cluster{Server: "https://bad-cluster", Name: "bad-cluster"} argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) @@ -2470,7 +2536,7 @@ func TestReconcilerCreateAppsRecoveringRenderError(t *testing.T) { argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{&project} - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() r := ApplicationSetReconciler{ Client: client, @@ -2613,7 +2679,7 @@ func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{&defaultProject} - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ @@ -2783,7 +2849,7 @@ func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{&defaultProject} - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ @@ -3104,7 +3170,7 @@ func TestPolicies(t *testing.T) { }, } - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() r := ApplicationSetReconciler{ Client: client, @@ -3267,7 +3333,7 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { t.Run(cc.name, func(t *testing.T) { - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() r := ApplicationSetReconciler{ Client: client, @@ -4047,7 +4113,7 @@ func TestBuildAppDependencyList(t *testing.T) { } appDependencyList, appStepMap, err := r.buildAppDependencyList(log.NewEntry(log.StandardLogger()), cc.appSet, cc.apps) - assert.Equal(t, err, nil, "expected no errors, but errors occured") + assert.Equal(t, err, nil, "expected no errors, but errors occurred") assert.Equal(t, cc.expectedList, appDependencyList, "expected appDependencyList did not match actual") assert.Equal(t, cc.expectedStepMap, appStepMap, "expected appStepMap did not match actual") }) @@ -4641,7 +4707,7 @@ func TestBuildAppSyncMap(t *testing.T) { } appSyncMap, err := r.buildAppSyncMap(context.TODO(), cc.appSet, cc.appDependencyList, cc.appMap) - assert.Equal(t, err, nil, "expected no errors, but errors occured") + assert.Equal(t, err, nil, "expected no errors, but errors occurred") assert.Equal(t, cc.expectedMap, appSyncMap, "expected appSyncMap did not match actual") }) } @@ -5287,7 +5353,7 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() r := ApplicationSetReconciler{ Client: client, @@ -5307,7 +5373,7 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { appStatuses[i].LastTransitionTime = nil } - assert.Equal(t, err, nil, "expected no errors, but errors occured") + assert.Equal(t, err, nil, "expected no errors, but errors occurred") assert.Equal(t, cc.expectedAppStatus, appStatuses, "expected appStatuses did not match actual") }) } @@ -6041,7 +6107,7 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) { argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() r := ApplicationSetReconciler{ Client: client, @@ -6061,12 +6127,225 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) { appStatuses[i].LastTransitionTime = nil } - assert.Equal(t, err, nil, "expected no errors, but errors occured") + assert.Equal(t, err, nil, "expected no errors, but errors occurred") assert.Equal(t, cc.expectedAppStatus, appStatuses, "expected appStatuses did not match actual") }) } } +func TestUpdateResourceStatus(t *testing.T) { + + scheme := runtime.NewScheme() + err := v1alpha1.AddToScheme(scheme) + assert.Nil(t, err) + + err = v1alpha1.AddToScheme(scheme) + assert.Nil(t, err) + + for _, cc := range []struct { + name string + appSet v1alpha1.ApplicationSet + apps []v1alpha1.Application + expectedResources []v1alpha1.ResourceStatus + }{ + { + name: "handles an empty application list", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Status: v1alpha1.ApplicationSetStatus{ + Resources: []v1alpha1.ResourceStatus{}, + }, + }, + apps: []v1alpha1.Application{}, + expectedResources: nil, + }, + { + name: "adds status if no existing statuses", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Status: v1alpha1.ApplicationSetStatus{ + ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{}, + }, + }, + apps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + }, + Status: v1alpha1.ApplicationStatus{ + Sync: v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, + }, + Health: v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + }, + }, + }, + expectedResources: []v1alpha1.ResourceStatus{ + { + Name: "app1", + Status: v1alpha1.SyncStatusCodeSynced, + Health: &v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + }, + }, + }, + { + name: "handles an applicationset with existing and up-to-date status", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Status: v1alpha1.ApplicationSetStatus{ + Resources: []v1alpha1.ResourceStatus{ + { + Name: "app1", + Status: v1alpha1.SyncStatusCodeSynced, + Health: &v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + }, + }, + }, + }, + apps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + }, + Status: v1alpha1.ApplicationStatus{ + Sync: v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, + }, + Health: v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + }, + }, + }, + expectedResources: []v1alpha1.ResourceStatus{ + { + Name: "app1", + Status: v1alpha1.SyncStatusCodeSynced, + Health: &v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + }, + }, + }, + { + name: "updates an applicationset with existing and out of date status", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Status: v1alpha1.ApplicationSetStatus{ + Resources: []v1alpha1.ResourceStatus{ + { + Name: "app1", + Status: v1alpha1.SyncStatusCodeOutOfSync, + Health: &v1alpha1.HealthStatus{ + Status: health.HealthStatusProgressing, + Message: "Progressing", + }, + }, + }, + }, + }, + apps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "app1", + }, + Status: v1alpha1.ApplicationStatus{ + Sync: v1alpha1.SyncStatus{ + Status: v1alpha1.SyncStatusCodeSynced, + }, + Health: v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + }, + }, + }, + expectedResources: []v1alpha1.ResourceStatus{ + { + Name: "app1", + Status: v1alpha1.SyncStatusCodeSynced, + Health: &v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + }, + }, + }, + { + name: "deletes an applicationset status if the application no longer exists", + appSet: v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "argocd", + }, + Status: v1alpha1.ApplicationSetStatus{ + Resources: []v1alpha1.ResourceStatus{ + { + Name: "app1", + Status: v1alpha1.SyncStatusCodeSynced, + Health: &v1alpha1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + }, + }, + }, + }, + apps: []v1alpha1.Application{}, + expectedResources: nil, + }, + } { + + t.Run(cc.name, func(t *testing.T) { + + kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) + argoDBMock := dbmocks.ArgoDB{} + argoObjs := []runtime.Object{} + + client := fake.NewClientBuilder().WithScheme(scheme).WithStatusSubresource(&cc.appSet).WithObjects(&cc.appSet).Build() + + r := ApplicationSetReconciler{ + Client: client, + Scheme: scheme, + Recorder: record.NewFakeRecorder(1), + Cache: &fakeCache{}, + Generators: map[string]generators.Generator{}, + ArgoDB: &argoDBMock, + ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), + KubeClientset: kubeclientset, + } + + err := r.updateResourcesStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.apps) + + assert.Equal(t, err, nil, "expected no errors, but errors occurred") + assert.Equal(t, cc.expectedResources, cc.appSet.Status.Resources, "expected resources did not match actual") + }) + } +} + func TestOwnsHandler(t *testing.T) { // progressive syncs do not affect create, delete, or generic ownsHandler := getOwnsHandlerPredicates(true) @@ -6172,14 +6451,70 @@ func TestOwnsHandler(t *testing.T) { ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Labels: map[string]string{"foo": "bar"}}}, ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Labels: map[string]string{"bar": "foo"}}}, }}, want: true}, + {name: "DifferentApplicationLabelsNil", args: args{e: event.UpdateEvent{ + ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Labels: map[string]string{}}}, + ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Labels: nil}}, + }}, want: false}, {name: "DifferentApplicationAnnotations", args: args{e: event.UpdateEvent{ ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Annotations: map[string]string{"foo": "bar"}}}, ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Annotations: map[string]string{"bar": "foo"}}}, }}, want: true}, + {name: "DifferentApplicationAnnotationsNil", args: args{e: event.UpdateEvent{ + ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Annotations: map[string]string{}}}, + ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Annotations: nil}}, + }}, want: false}, {name: "DifferentApplicationFinalizers", args: args{e: event.UpdateEvent{ ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Finalizers: []string{"argo"}}}, ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Finalizers: []string{"none"}}}, }}, want: true}, + {name: "DifferentApplicationFinalizersNil", args: args{e: event.UpdateEvent{ + ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Finalizers: []string{}}}, + ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Finalizers: nil}}, + }}, want: false}, + {name: "ApplicationDestinationSame", args: args{e: event.UpdateEvent{ + ObjectOld: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{ + Destination: v1alpha1.ApplicationDestination{ + Server: "server", + Namespace: "ns", + Name: "name", + }, + }, + }, + ObjectNew: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{ + Destination: v1alpha1.ApplicationDestination{ + Server: "server", + Namespace: "ns", + Name: "name", + }, + }, + }, + }, + enableProgressiveSyncs: true, + }, want: false}, + {name: "ApplicationDestinationDiff", args: args{e: event.UpdateEvent{ + ObjectOld: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{ + Destination: v1alpha1.ApplicationDestination{ + Server: "server", + Namespace: "ns", + Name: "name", + }, + }, + }, + ObjectNew: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{ + Destination: v1alpha1.ApplicationDestination{ + Server: "notSameServer", + Namespace: "ns", + Name: "name", + }, + }, + }, + }, + enableProgressiveSyncs: true, + }, want: true}, {name: "NotAnAppOld", args: args{e: event.UpdateEvent{ ObjectOld: &v1alpha1.AppProject{}, ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Labels: map[string]string{"bar": "foo"}}}, diff --git a/applicationset/controllers/clustereventhandler.go b/applicationset/controllers/clustereventhandler.go index 951da0cb6bc44..0aa4ab64fe256 100644 --- a/applicationset/controllers/clustereventhandler.go +++ b/applicationset/controllers/clustereventhandler.go @@ -24,20 +24,20 @@ type clusterSecretEventHandler struct { Client client.Client } -func (h *clusterSecretEventHandler) Create(e event.CreateEvent, q workqueue.RateLimitingInterface) { - h.queueRelatedAppGenerators(q, e.Object) +func (h *clusterSecretEventHandler) Create(ctx context.Context, e event.CreateEvent, q workqueue.RateLimitingInterface) { + h.queueRelatedAppGenerators(ctx, q, e.Object) } -func (h *clusterSecretEventHandler) Update(e event.UpdateEvent, q workqueue.RateLimitingInterface) { - h.queueRelatedAppGenerators(q, e.ObjectNew) +func (h *clusterSecretEventHandler) Update(ctx context.Context, e event.UpdateEvent, q workqueue.RateLimitingInterface) { + h.queueRelatedAppGenerators(ctx, q, e.ObjectNew) } -func (h *clusterSecretEventHandler) Delete(e event.DeleteEvent, q workqueue.RateLimitingInterface) { - h.queueRelatedAppGenerators(q, e.Object) +func (h *clusterSecretEventHandler) Delete(ctx context.Context, e event.DeleteEvent, q workqueue.RateLimitingInterface) { + h.queueRelatedAppGenerators(ctx, q, e.Object) } -func (h *clusterSecretEventHandler) Generic(e event.GenericEvent, q workqueue.RateLimitingInterface) { - h.queueRelatedAppGenerators(q, e.Object) +func (h *clusterSecretEventHandler) Generic(ctx context.Context, e event.GenericEvent, q workqueue.RateLimitingInterface) { + h.queueRelatedAppGenerators(ctx, q, e.Object) } // addRateLimitingInterface defines the Add method of workqueue.RateLimitingInterface, allow us to easily mock @@ -46,7 +46,7 @@ type addRateLimitingInterface interface { Add(item interface{}) } -func (h *clusterSecretEventHandler) queueRelatedAppGenerators(q addRateLimitingInterface, object client.Object) { +func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Context, q addRateLimitingInterface, object client.Object) { // Check for label, lookup all ApplicationSets that might match the cluster, queue them all if object.GetLabels()[generators.ArgoCDSecretTypeLabel] != generators.ArgoCDSecretTypeCluster { return @@ -58,7 +58,7 @@ func (h *clusterSecretEventHandler) queueRelatedAppGenerators(q addRateLimitingI }).Info("processing event for cluster secret") appSetList := &argoprojiov1alpha1.ApplicationSetList{} - err := h.Client.List(context.Background(), appSetList) + err := h.Client.List(ctx, appSetList) if err != nil { h.Log.WithError(err).Error("unable to list ApplicationSets") return diff --git a/applicationset/controllers/clustereventhandler_test.go b/applicationset/controllers/clustereventhandler_test.go index 7e850fc44c66d..e2b33210820af 100644 --- a/applicationset/controllers/clustereventhandler_test.go +++ b/applicationset/controllers/clustereventhandler_test.go @@ -1,6 +1,7 @@ package controllers import ( + "context" "testing" log "github.com/sirupsen/logrus" @@ -550,7 +551,7 @@ func TestClusterEventHandler(t *testing.T) { mockAddRateLimitingInterface := mockAddRateLimitingInterface{} - handler.queueRelatedAppGenerators(&mockAddRateLimitingInterface, &test.secret) + handler.queueRelatedAppGenerators(context.Background(), &mockAddRateLimitingInterface, &test.secret) assert.False(t, mockAddRateLimitingInterface.errorOccurred) assert.ElementsMatch(t, mockAddRateLimitingInterface.addedItems, test.expectedRequests) diff --git a/applicationset/services/mocks/Repos.go b/applicationset/services/mocks/Repos.go index b7620b22f08bb..37f946bbb01f5 100644 --- a/applicationset/services/mocks/Repos.go +++ b/applicationset/services/mocks/Repos.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.25.1. DO NOT EDIT. +// Code generated by mockery v2.40.2. DO NOT EDIT. package mocks @@ -17,6 +17,10 @@ type Repos struct { func (_m *Repos) GetDirectories(ctx context.Context, repoURL string, revision string, noRevisionCache bool) ([]string, error) { ret := _m.Called(ctx, repoURL, revision, noRevisionCache) + if len(ret) == 0 { + panic("no return value specified for GetDirectories") + } + var r0 []string var r1 error if rf, ok := ret.Get(0).(func(context.Context, string, string, bool) ([]string, error)); ok { @@ -43,6 +47,10 @@ func (_m *Repos) GetDirectories(ctx context.Context, repoURL string, revision st func (_m *Repos) GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache bool) (map[string][]byte, error) { ret := _m.Called(ctx, repoURL, revision, pattern, noRevisionCache) + if len(ret) == 0 { + panic("no return value specified for GetFiles") + } + var r0 map[string][]byte var r1 error if rf, ok := ret.Get(0).(func(context.Context, string, string, string, bool) (map[string][]byte, error)); ok { @@ -65,13 +73,12 @@ func (_m *Repos) GetFiles(ctx context.Context, repoURL string, revision string, return r0, r1 } -type mockConstructorTestingTNewRepos interface { +// NewRepos creates a new instance of Repos. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewRepos(t interface { mock.TestingT Cleanup(func()) -} - -// NewRepos creates a new instance of Repos. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewRepos(t mockConstructorTestingTNewRepos) *Repos { +}) *Repos { mock := &Repos{} mock.Mock.Test(t) diff --git a/applicationset/services/mocks/RepositoryDB.go b/applicationset/services/mocks/RepositoryDB.go index 9d6240d342776..79176385fc5e4 100644 --- a/applicationset/services/mocks/RepositoryDB.go +++ b/applicationset/services/mocks/RepositoryDB.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.21.1. DO NOT EDIT. +// Code generated by mockery v2.40.2. DO NOT EDIT. package mocks @@ -19,6 +19,10 @@ type RepositoryDB struct { func (_m *RepositoryDB) GetRepository(ctx context.Context, url string) (*v1alpha1.Repository, error) { ret := _m.Called(ctx, url) + if len(ret) == 0 { + panic("no return value specified for GetRepository") + } + var r0 *v1alpha1.Repository var r1 error if rf, ok := ret.Get(0).(func(context.Context, string) (*v1alpha1.Repository, error)); ok { @@ -41,13 +45,12 @@ func (_m *RepositoryDB) GetRepository(ctx context.Context, url string) (*v1alpha return r0, r1 } -type mockConstructorTestingTNewRepositoryDB interface { +// NewRepositoryDB creates a new instance of RepositoryDB. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewRepositoryDB(t interface { mock.TestingT Cleanup(func()) -} - -// NewRepositoryDB creates a new instance of RepositoryDB. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewRepositoryDB(t mockConstructorTestingTNewRepositoryDB) *RepositoryDB { +}) *RepositoryDB { mock := &RepositoryDB{} mock.Mock.Test(t) diff --git a/applicationset/services/repo_service.go b/applicationset/services/repo_service.go index 64fedc34390b8..608d22f365637 100644 --- a/applicationset/services/repo_service.go +++ b/applicationset/services/repo_service.go @@ -11,7 +11,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/io" ) -//go:generate go run github.com/vektra/mockery/v2@v2.25.1 --name=RepositoryDB +//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --name=RepositoryDB // RepositoryDB Is a lean facade for ArgoDB, // Using a lean interface makes it easier to test the functionality of the git generator @@ -27,7 +27,7 @@ type argoCDService struct { newFileGlobbingEnabled bool } -//go:generate go run github.com/vektra/mockery/v2@v2.25.1 --name=Repos +//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --name=Repos type Repos interface { diff --git a/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go b/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go index 7843753c9df5b..902859672cd0e 100644 --- a/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go +++ b/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.10.4. DO NOT EDIT. +// Code generated by mockery v2.40.2. DO NOT EDIT. package mocks @@ -24,7 +24,15 @@ type Client struct { func (_m *Client) CreateAnnotatedTag(_a0 context.Context, _a1 git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateAnnotatedTag") + } + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) *git.GitAnnotatedTag); ok { r0 = rf(_a0, _a1) } else { @@ -33,7 +41,6 @@ func (_m *Client) CreateAnnotatedTag(_a0 context.Context, _a1 git.CreateAnnotate } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateAnnotatedTagArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -47,7 +54,15 @@ func (_m *Client) CreateAnnotatedTag(_a0 context.Context, _a1 git.CreateAnnotate func (_m *Client) CreateAttachment(_a0 context.Context, _a1 git.CreateAttachmentArgs) (*git.Attachment, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateAttachment") + } + var r0 *git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) (*git.Attachment, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) *git.Attachment); ok { r0 = rf(_a0, _a1) } else { @@ -56,7 +71,6 @@ func (_m *Client) CreateAttachment(_a0 context.Context, _a1 git.CreateAttachment } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateAttachmentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -70,7 +84,15 @@ func (_m *Client) CreateAttachment(_a0 context.Context, _a1 git.CreateAttachment func (_m *Client) CreateCherryPick(_a0 context.Context, _a1 git.CreateCherryPickArgs) (*git.GitCherryPick, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateCherryPick") + } + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) *git.GitCherryPick); ok { r0 = rf(_a0, _a1) } else { @@ -79,7 +101,6 @@ func (_m *Client) CreateCherryPick(_a0 context.Context, _a1 git.CreateCherryPick } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateCherryPickArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -93,7 +114,15 @@ func (_m *Client) CreateCherryPick(_a0 context.Context, _a1 git.CreateCherryPick func (_m *Client) CreateComment(_a0 context.Context, _a1 git.CreateCommentArgs) (*git.Comment, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateComment") + } + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) *git.Comment); ok { r0 = rf(_a0, _a1) } else { @@ -102,7 +131,6 @@ func (_m *Client) CreateComment(_a0 context.Context, _a1 git.CreateCommentArgs) } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -116,7 +144,15 @@ func (_m *Client) CreateComment(_a0 context.Context, _a1 git.CreateCommentArgs) func (_m *Client) CreateCommitStatus(_a0 context.Context, _a1 git.CreateCommitStatusArgs) (*git.GitStatus, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateCommitStatus") + } + var r0 *git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) (*git.GitStatus, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) *git.GitStatus); ok { r0 = rf(_a0, _a1) } else { @@ -125,7 +161,6 @@ func (_m *Client) CreateCommitStatus(_a0 context.Context, _a1 git.CreateCommitSt } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommitStatusArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -139,7 +174,15 @@ func (_m *Client) CreateCommitStatus(_a0 context.Context, _a1 git.CreateCommitSt func (_m *Client) CreateFavorite(_a0 context.Context, _a1 git.CreateFavoriteArgs) (*git.GitRefFavorite, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateFavorite") + } + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) *git.GitRefFavorite); ok { r0 = rf(_a0, _a1) } else { @@ -148,7 +191,6 @@ func (_m *Client) CreateFavorite(_a0 context.Context, _a1 git.CreateFavoriteArgs } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateFavoriteArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -162,7 +204,15 @@ func (_m *Client) CreateFavorite(_a0 context.Context, _a1 git.CreateFavoriteArgs func (_m *Client) CreateForkSyncRequest(_a0 context.Context, _a1 git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateForkSyncRequest") + } + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) *git.GitForkSyncRequest); ok { r0 = rf(_a0, _a1) } else { @@ -171,7 +221,6 @@ func (_m *Client) CreateForkSyncRequest(_a0 context.Context, _a1 git.CreateForkS } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateForkSyncRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -185,7 +234,15 @@ func (_m *Client) CreateForkSyncRequest(_a0 context.Context, _a1 git.CreateForkS func (_m *Client) CreateImportRequest(_a0 context.Context, _a1 git.CreateImportRequestArgs) (*git.GitImportRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateImportRequest") + } + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) *git.GitImportRequest); ok { r0 = rf(_a0, _a1) } else { @@ -194,7 +251,6 @@ func (_m *Client) CreateImportRequest(_a0 context.Context, _a1 git.CreateImportR } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateImportRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -208,6 +264,10 @@ func (_m *Client) CreateImportRequest(_a0 context.Context, _a1 git.CreateImportR func (_m *Client) CreateLike(_a0 context.Context, _a1 git.CreateLikeArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateLike") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.CreateLikeArgs) error); ok { r0 = rf(_a0, _a1) @@ -222,7 +282,15 @@ func (_m *Client) CreateLike(_a0 context.Context, _a1 git.CreateLikeArgs) error func (_m *Client) CreateMergeRequest(_a0 context.Context, _a1 git.CreateMergeRequestArgs) (*git.GitMerge, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateMergeRequest") + } + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) *git.GitMerge); ok { r0 = rf(_a0, _a1) } else { @@ -231,7 +299,6 @@ func (_m *Client) CreateMergeRequest(_a0 context.Context, _a1 git.CreateMergeReq } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateMergeRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -245,7 +312,15 @@ func (_m *Client) CreateMergeRequest(_a0 context.Context, _a1 git.CreateMergeReq func (_m *Client) CreatePullRequest(_a0 context.Context, _a1 git.CreatePullRequestArgs) (*git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreatePullRequest") + } + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) *git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -254,7 +329,6 @@ func (_m *Client) CreatePullRequest(_a0 context.Context, _a1 git.CreatePullReque } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -268,7 +342,15 @@ func (_m *Client) CreatePullRequest(_a0 context.Context, _a1 git.CreatePullReque func (_m *Client) CreatePullRequestIterationStatus(_a0 context.Context, _a1 git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestIterationStatus") + } + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -277,7 +359,6 @@ func (_m *Client) CreatePullRequestIterationStatus(_a0 context.Context, _a1 git. } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestIterationStatusArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -291,7 +372,15 @@ func (_m *Client) CreatePullRequestIterationStatus(_a0 context.Context, _a1 git. func (_m *Client) CreatePullRequestLabel(_a0 context.Context, _a1 git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestLabel") + } + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) *core.WebApiTagDefinition); ok { r0 = rf(_a0, _a1) } else { @@ -300,7 +389,6 @@ func (_m *Client) CreatePullRequestLabel(_a0 context.Context, _a1 git.CreatePull } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestLabelArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -314,7 +402,15 @@ func (_m *Client) CreatePullRequestLabel(_a0 context.Context, _a1 git.CreatePull func (_m *Client) CreatePullRequestReviewer(_a0 context.Context, _a1 git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewer") + } + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) *git.IdentityRefWithVote); ok { r0 = rf(_a0, _a1) } else { @@ -323,7 +419,6 @@ func (_m *Client) CreatePullRequestReviewer(_a0 context.Context, _a1 git.CreateP } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewerArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -337,7 +432,15 @@ func (_m *Client) CreatePullRequestReviewer(_a0 context.Context, _a1 git.CreateP func (_m *Client) CreatePullRequestReviewers(_a0 context.Context, _a1 git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestReviewers") + } + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { r0 = rf(_a0, _a1) } else { @@ -346,7 +449,6 @@ func (_m *Client) CreatePullRequestReviewers(_a0 context.Context, _a1 git.Create } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewersArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -360,7 +462,15 @@ func (_m *Client) CreatePullRequestReviewers(_a0 context.Context, _a1 git.Create func (_m *Client) CreatePullRequestStatus(_a0 context.Context, _a1 git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreatePullRequestStatus") + } + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) *git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -369,7 +479,6 @@ func (_m *Client) CreatePullRequestStatus(_a0 context.Context, _a1 git.CreatePul } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestStatusArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -383,7 +492,15 @@ func (_m *Client) CreatePullRequestStatus(_a0 context.Context, _a1 git.CreatePul func (_m *Client) CreatePush(_a0 context.Context, _a1 git.CreatePushArgs) (*git.GitPush, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreatePush") + } + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) *git.GitPush); ok { r0 = rf(_a0, _a1) } else { @@ -392,7 +509,6 @@ func (_m *Client) CreatePush(_a0 context.Context, _a1 git.CreatePushArgs) (*git. } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePushArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -406,7 +522,15 @@ func (_m *Client) CreatePush(_a0 context.Context, _a1 git.CreatePushArgs) (*git. func (_m *Client) CreateRepository(_a0 context.Context, _a1 git.CreateRepositoryArgs) (*git.GitRepository, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateRepository") + } + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) *git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -415,7 +539,6 @@ func (_m *Client) CreateRepository(_a0 context.Context, _a1 git.CreateRepository } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateRepositoryArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -429,7 +552,15 @@ func (_m *Client) CreateRepository(_a0 context.Context, _a1 git.CreateRepository func (_m *Client) CreateRevert(_a0 context.Context, _a1 git.CreateRevertArgs) (*git.GitRevert, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateRevert") + } + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) *git.GitRevert); ok { r0 = rf(_a0, _a1) } else { @@ -438,7 +569,6 @@ func (_m *Client) CreateRevert(_a0 context.Context, _a1 git.CreateRevertArgs) (* } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateRevertArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -452,7 +582,15 @@ func (_m *Client) CreateRevert(_a0 context.Context, _a1 git.CreateRevertArgs) (* func (_m *Client) CreateThread(_a0 context.Context, _a1 git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for CreateThread") + } + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) *git.GitPullRequestCommentThread); ok { r0 = rf(_a0, _a1) } else { @@ -461,7 +599,6 @@ func (_m *Client) CreateThread(_a0 context.Context, _a1 git.CreateThreadArgs) (* } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateThreadArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -475,6 +612,10 @@ func (_m *Client) CreateThread(_a0 context.Context, _a1 git.CreateThreadArgs) (* func (_m *Client) DeleteAttachment(_a0 context.Context, _a1 git.DeleteAttachmentArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for DeleteAttachment") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteAttachmentArgs) error); ok { r0 = rf(_a0, _a1) @@ -489,6 +630,10 @@ func (_m *Client) DeleteAttachment(_a0 context.Context, _a1 git.DeleteAttachment func (_m *Client) DeleteComment(_a0 context.Context, _a1 git.DeleteCommentArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for DeleteComment") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteCommentArgs) error); ok { r0 = rf(_a0, _a1) @@ -503,6 +648,10 @@ func (_m *Client) DeleteComment(_a0 context.Context, _a1 git.DeleteCommentArgs) func (_m *Client) DeleteLike(_a0 context.Context, _a1 git.DeleteLikeArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for DeleteLike") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteLikeArgs) error); ok { r0 = rf(_a0, _a1) @@ -517,6 +666,10 @@ func (_m *Client) DeleteLike(_a0 context.Context, _a1 git.DeleteLikeArgs) error func (_m *Client) DeletePullRequestIterationStatus(_a0 context.Context, _a1 git.DeletePullRequestIterationStatusArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestIterationStatus") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestIterationStatusArgs) error); ok { r0 = rf(_a0, _a1) @@ -531,6 +684,10 @@ func (_m *Client) DeletePullRequestIterationStatus(_a0 context.Context, _a1 git. func (_m *Client) DeletePullRequestLabels(_a0 context.Context, _a1 git.DeletePullRequestLabelsArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestLabels") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestLabelsArgs) error); ok { r0 = rf(_a0, _a1) @@ -545,6 +702,10 @@ func (_m *Client) DeletePullRequestLabels(_a0 context.Context, _a1 git.DeletePul func (_m *Client) DeletePullRequestReviewer(_a0 context.Context, _a1 git.DeletePullRequestReviewerArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestReviewer") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestReviewerArgs) error); ok { r0 = rf(_a0, _a1) @@ -559,6 +720,10 @@ func (_m *Client) DeletePullRequestReviewer(_a0 context.Context, _a1 git.DeleteP func (_m *Client) DeletePullRequestStatus(_a0 context.Context, _a1 git.DeletePullRequestStatusArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for DeletePullRequestStatus") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestStatusArgs) error); ok { r0 = rf(_a0, _a1) @@ -573,6 +738,10 @@ func (_m *Client) DeletePullRequestStatus(_a0 context.Context, _a1 git.DeletePul func (_m *Client) DeleteRefFavorite(_a0 context.Context, _a1 git.DeleteRefFavoriteArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for DeleteRefFavorite") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRefFavoriteArgs) error); ok { r0 = rf(_a0, _a1) @@ -587,6 +756,10 @@ func (_m *Client) DeleteRefFavorite(_a0 context.Context, _a1 git.DeleteRefFavori func (_m *Client) DeleteRepository(_a0 context.Context, _a1 git.DeleteRepositoryArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for DeleteRepository") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryArgs) error); ok { r0 = rf(_a0, _a1) @@ -601,6 +774,10 @@ func (_m *Client) DeleteRepository(_a0 context.Context, _a1 git.DeleteRepository func (_m *Client) DeleteRepositoryFromRecycleBin(_a0 context.Context, _a1 git.DeleteRepositoryFromRecycleBinArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for DeleteRepositoryFromRecycleBin") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryFromRecycleBinArgs) error); ok { r0 = rf(_a0, _a1) @@ -615,7 +792,15 @@ func (_m *Client) DeleteRepositoryFromRecycleBin(_a0 context.Context, _a1 git.De func (_m *Client) GetAnnotatedTag(_a0 context.Context, _a1 git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetAnnotatedTag") + } + var r0 *git.GitAnnotatedTag + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) *git.GitAnnotatedTag); ok { r0 = rf(_a0, _a1) } else { @@ -624,7 +809,6 @@ func (_m *Client) GetAnnotatedTag(_a0 context.Context, _a1 git.GetAnnotatedTagAr } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetAnnotatedTagArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -638,7 +822,15 @@ func (_m *Client) GetAnnotatedTag(_a0 context.Context, _a1 git.GetAnnotatedTagAr func (_m *Client) GetAttachmentContent(_a0 context.Context, _a1 git.GetAttachmentContentArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetAttachmentContent") + } + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -647,7 +839,6 @@ func (_m *Client) GetAttachmentContent(_a0 context.Context, _a1 git.GetAttachmen } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentContentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -661,7 +852,15 @@ func (_m *Client) GetAttachmentContent(_a0 context.Context, _a1 git.GetAttachmen func (_m *Client) GetAttachmentZip(_a0 context.Context, _a1 git.GetAttachmentZipArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetAttachmentZip") + } + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -670,7 +869,6 @@ func (_m *Client) GetAttachmentZip(_a0 context.Context, _a1 git.GetAttachmentZip } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentZipArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -684,7 +882,15 @@ func (_m *Client) GetAttachmentZip(_a0 context.Context, _a1 git.GetAttachmentZip func (_m *Client) GetAttachments(_a0 context.Context, _a1 git.GetAttachmentsArgs) (*[]git.Attachment, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetAttachments") + } + var r0 *[]git.Attachment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) (*[]git.Attachment, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) *[]git.Attachment); ok { r0 = rf(_a0, _a1) } else { @@ -693,7 +899,6 @@ func (_m *Client) GetAttachments(_a0 context.Context, _a1 git.GetAttachmentsArgs } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -707,7 +912,15 @@ func (_m *Client) GetAttachments(_a0 context.Context, _a1 git.GetAttachmentsArgs func (_m *Client) GetBlob(_a0 context.Context, _a1 git.GetBlobArgs) (*git.GitBlobRef, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetBlob") + } + var r0 *git.GitBlobRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) (*git.GitBlobRef, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) *git.GitBlobRef); ok { r0 = rf(_a0, _a1) } else { @@ -716,7 +929,6 @@ func (_m *Client) GetBlob(_a0 context.Context, _a1 git.GetBlobArgs) (*git.GitBlo } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -730,7 +942,15 @@ func (_m *Client) GetBlob(_a0 context.Context, _a1 git.GetBlobArgs) (*git.GitBlo func (_m *Client) GetBlobContent(_a0 context.Context, _a1 git.GetBlobContentArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetBlobContent") + } + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -739,7 +959,6 @@ func (_m *Client) GetBlobContent(_a0 context.Context, _a1 git.GetBlobContentArgs } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobContentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -753,7 +972,15 @@ func (_m *Client) GetBlobContent(_a0 context.Context, _a1 git.GetBlobContentArgs func (_m *Client) GetBlobZip(_a0 context.Context, _a1 git.GetBlobZipArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetBlobZip") + } + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -762,7 +989,6 @@ func (_m *Client) GetBlobZip(_a0 context.Context, _a1 git.GetBlobZipArgs) (io.Re } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobZipArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -776,7 +1002,15 @@ func (_m *Client) GetBlobZip(_a0 context.Context, _a1 git.GetBlobZipArgs) (io.Re func (_m *Client) GetBlobsZip(_a0 context.Context, _a1 git.GetBlobsZipArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetBlobsZip") + } + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -785,7 +1019,6 @@ func (_m *Client) GetBlobsZip(_a0 context.Context, _a1 git.GetBlobsZipArgs) (io. } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobsZipArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -799,7 +1032,15 @@ func (_m *Client) GetBlobsZip(_a0 context.Context, _a1 git.GetBlobsZipArgs) (io. func (_m *Client) GetBranch(_a0 context.Context, _a1 git.GetBranchArgs) (*git.GitBranchStats, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetBranch") + } + var r0 *git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) (*git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) *git.GitBranchStats); ok { r0 = rf(_a0, _a1) } else { @@ -808,7 +1049,6 @@ func (_m *Client) GetBranch(_a0 context.Context, _a1 git.GetBranchArgs) (*git.Gi } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -822,7 +1062,15 @@ func (_m *Client) GetBranch(_a0 context.Context, _a1 git.GetBranchArgs) (*git.Gi func (_m *Client) GetBranches(_a0 context.Context, _a1 git.GetBranchesArgs) (*[]git.GitBranchStats, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetBranches") + } + var r0 *[]git.GitBranchStats + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) (*[]git.GitBranchStats, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) *[]git.GitBranchStats); ok { r0 = rf(_a0, _a1) } else { @@ -831,7 +1079,6 @@ func (_m *Client) GetBranches(_a0 context.Context, _a1 git.GetBranchesArgs) (*[] } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -845,7 +1092,15 @@ func (_m *Client) GetBranches(_a0 context.Context, _a1 git.GetBranchesArgs) (*[] func (_m *Client) GetChanges(_a0 context.Context, _a1 git.GetChangesArgs) (*git.GitCommitChanges, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetChanges") + } + var r0 *git.GitCommitChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) (*git.GitCommitChanges, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) *git.GitCommitChanges); ok { r0 = rf(_a0, _a1) } else { @@ -854,7 +1109,6 @@ func (_m *Client) GetChanges(_a0 context.Context, _a1 git.GetChangesArgs) (*git. } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetChangesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -868,7 +1122,15 @@ func (_m *Client) GetChanges(_a0 context.Context, _a1 git.GetChangesArgs) (*git. func (_m *Client) GetCherryPick(_a0 context.Context, _a1 git.GetCherryPickArgs) (*git.GitCherryPick, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetCherryPick") + } + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) *git.GitCherryPick); ok { r0 = rf(_a0, _a1) } else { @@ -877,7 +1139,6 @@ func (_m *Client) GetCherryPick(_a0 context.Context, _a1 git.GetCherryPickArgs) } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -891,7 +1152,15 @@ func (_m *Client) GetCherryPick(_a0 context.Context, _a1 git.GetCherryPickArgs) func (_m *Client) GetCherryPickForRefName(_a0 context.Context, _a1 git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetCherryPickForRefName") + } + var r0 *git.GitCherryPick + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) *git.GitCherryPick); ok { r0 = rf(_a0, _a1) } else { @@ -900,7 +1169,6 @@ func (_m *Client) GetCherryPickForRefName(_a0 context.Context, _a1 git.GetCherry } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickForRefNameArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -914,7 +1182,15 @@ func (_m *Client) GetCherryPickForRefName(_a0 context.Context, _a1 git.GetCherry func (_m *Client) GetComment(_a0 context.Context, _a1 git.GetCommentArgs) (*git.Comment, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetComment") + } + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) *git.Comment); ok { r0 = rf(_a0, _a1) } else { @@ -923,7 +1199,6 @@ func (_m *Client) GetComment(_a0 context.Context, _a1 git.GetCommentArgs) (*git. } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -937,7 +1212,15 @@ func (_m *Client) GetComment(_a0 context.Context, _a1 git.GetCommentArgs) (*git. func (_m *Client) GetComments(_a0 context.Context, _a1 git.GetCommentsArgs) (*[]git.Comment, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetComments") + } + var r0 *[]git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) (*[]git.Comment, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) *[]git.Comment); ok { r0 = rf(_a0, _a1) } else { @@ -946,7 +1229,6 @@ func (_m *Client) GetComments(_a0 context.Context, _a1 git.GetCommentsArgs) (*[] } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -960,7 +1242,15 @@ func (_m *Client) GetComments(_a0 context.Context, _a1 git.GetCommentsArgs) (*[] func (_m *Client) GetCommit(_a0 context.Context, _a1 git.GetCommitArgs) (*git.GitCommit, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetCommit") + } + var r0 *git.GitCommit + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) (*git.GitCommit, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) *git.GitCommit); ok { r0 = rf(_a0, _a1) } else { @@ -969,7 +1259,6 @@ func (_m *Client) GetCommit(_a0 context.Context, _a1 git.GetCommitArgs) (*git.Gi } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -983,7 +1272,15 @@ func (_m *Client) GetCommit(_a0 context.Context, _a1 git.GetCommitArgs) (*git.Gi func (_m *Client) GetCommitDiffs(_a0 context.Context, _a1 git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetCommitDiffs") + } + var r0 *git.GitCommitDiffs + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) *git.GitCommitDiffs); ok { r0 = rf(_a0, _a1) } else { @@ -992,7 +1289,6 @@ func (_m *Client) GetCommitDiffs(_a0 context.Context, _a1 git.GetCommitDiffsArgs } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitDiffsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1006,7 +1302,15 @@ func (_m *Client) GetCommitDiffs(_a0 context.Context, _a1 git.GetCommitDiffsArgs func (_m *Client) GetCommits(_a0 context.Context, _a1 git.GetCommitsArgs) (*[]git.GitCommitRef, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetCommits") + } + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) *[]git.GitCommitRef); ok { r0 = rf(_a0, _a1) } else { @@ -1015,7 +1319,6 @@ func (_m *Client) GetCommits(_a0 context.Context, _a1 git.GetCommitsArgs) (*[]gi } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1029,7 +1332,15 @@ func (_m *Client) GetCommits(_a0 context.Context, _a1 git.GetCommitsArgs) (*[]gi func (_m *Client) GetCommitsBatch(_a0 context.Context, _a1 git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetCommitsBatch") + } + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) *[]git.GitCommitRef); ok { r0 = rf(_a0, _a1) } else { @@ -1038,7 +1349,6 @@ func (_m *Client) GetCommitsBatch(_a0 context.Context, _a1 git.GetCommitsBatchAr } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsBatchArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1052,7 +1362,15 @@ func (_m *Client) GetCommitsBatch(_a0 context.Context, _a1 git.GetCommitsBatchAr func (_m *Client) GetDeletedRepositories(_a0 context.Context, _a1 git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetDeletedRepositories") + } + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) *[]git.GitDeletedRepository); ok { r0 = rf(_a0, _a1) } else { @@ -1061,7 +1379,6 @@ func (_m *Client) GetDeletedRepositories(_a0 context.Context, _a1 git.GetDeleted } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetDeletedRepositoriesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1075,7 +1392,15 @@ func (_m *Client) GetDeletedRepositories(_a0 context.Context, _a1 git.GetDeleted func (_m *Client) GetForkSyncRequest(_a0 context.Context, _a1 git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequest") + } + var r0 *git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) *git.GitForkSyncRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1084,7 +1409,6 @@ func (_m *Client) GetForkSyncRequest(_a0 context.Context, _a1 git.GetForkSyncReq } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1098,7 +1422,15 @@ func (_m *Client) GetForkSyncRequest(_a0 context.Context, _a1 git.GetForkSyncReq func (_m *Client) GetForkSyncRequests(_a0 context.Context, _a1 git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetForkSyncRequests") + } + var r0 *[]git.GitForkSyncRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) *[]git.GitForkSyncRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1107,7 +1439,6 @@ func (_m *Client) GetForkSyncRequests(_a0 context.Context, _a1 git.GetForkSyncRe } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1121,7 +1452,15 @@ func (_m *Client) GetForkSyncRequests(_a0 context.Context, _a1 git.GetForkSyncRe func (_m *Client) GetForks(_a0 context.Context, _a1 git.GetForksArgs) (*[]git.GitRepositoryRef, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetForks") + } + var r0 *[]git.GitRepositoryRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) (*[]git.GitRepositoryRef, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) *[]git.GitRepositoryRef); ok { r0 = rf(_a0, _a1) } else { @@ -1130,7 +1469,6 @@ func (_m *Client) GetForks(_a0 context.Context, _a1 git.GetForksArgs) (*[]git.Gi } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetForksArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1144,7 +1482,15 @@ func (_m *Client) GetForks(_a0 context.Context, _a1 git.GetForksArgs) (*[]git.Gi func (_m *Client) GetImportRequest(_a0 context.Context, _a1 git.GetImportRequestArgs) (*git.GitImportRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetImportRequest") + } + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) *git.GitImportRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1153,7 +1499,6 @@ func (_m *Client) GetImportRequest(_a0 context.Context, _a1 git.GetImportRequest } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetImportRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1167,7 +1512,15 @@ func (_m *Client) GetImportRequest(_a0 context.Context, _a1 git.GetImportRequest func (_m *Client) GetItem(_a0 context.Context, _a1 git.GetItemArgs) (*git.GitItem, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetItem") + } + var r0 *git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) (*git.GitItem, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) *git.GitItem); ok { r0 = rf(_a0, _a1) } else { @@ -1176,7 +1529,6 @@ func (_m *Client) GetItem(_a0 context.Context, _a1 git.GetItemArgs) (*git.GitIte } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1190,7 +1542,15 @@ func (_m *Client) GetItem(_a0 context.Context, _a1 git.GetItemArgs) (*git.GitIte func (_m *Client) GetItemContent(_a0 context.Context, _a1 git.GetItemContentArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetItemContent") + } + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -1199,7 +1559,6 @@ func (_m *Client) GetItemContent(_a0 context.Context, _a1 git.GetItemContentArgs } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemContentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1213,7 +1572,15 @@ func (_m *Client) GetItemContent(_a0 context.Context, _a1 git.GetItemContentArgs func (_m *Client) GetItemText(_a0 context.Context, _a1 git.GetItemTextArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetItemText") + } + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -1222,7 +1589,6 @@ func (_m *Client) GetItemText(_a0 context.Context, _a1 git.GetItemTextArgs) (io. } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemTextArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1236,7 +1602,15 @@ func (_m *Client) GetItemText(_a0 context.Context, _a1 git.GetItemTextArgs) (io. func (_m *Client) GetItemZip(_a0 context.Context, _a1 git.GetItemZipArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetItemZip") + } + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -1245,7 +1619,6 @@ func (_m *Client) GetItemZip(_a0 context.Context, _a1 git.GetItemZipArgs) (io.Re } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemZipArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1259,7 +1632,15 @@ func (_m *Client) GetItemZip(_a0 context.Context, _a1 git.GetItemZipArgs) (io.Re func (_m *Client) GetItems(_a0 context.Context, _a1 git.GetItemsArgs) (*[]git.GitItem, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetItems") + } + var r0 *[]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) (*[]git.GitItem, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) *[]git.GitItem); ok { r0 = rf(_a0, _a1) } else { @@ -1268,7 +1649,6 @@ func (_m *Client) GetItems(_a0 context.Context, _a1 git.GetItemsArgs) (*[]git.Gi } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1282,7 +1662,15 @@ func (_m *Client) GetItems(_a0 context.Context, _a1 git.GetItemsArgs) (*[]git.Gi func (_m *Client) GetItemsBatch(_a0 context.Context, _a1 git.GetItemsBatchArgs) (*[][]git.GitItem, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetItemsBatch") + } + var r0 *[][]git.GitItem + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) (*[][]git.GitItem, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) *[][]git.GitItem); ok { r0 = rf(_a0, _a1) } else { @@ -1291,7 +1679,6 @@ func (_m *Client) GetItemsBatch(_a0 context.Context, _a1 git.GetItemsBatchArgs) } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsBatchArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1305,7 +1692,15 @@ func (_m *Client) GetItemsBatch(_a0 context.Context, _a1 git.GetItemsBatchArgs) func (_m *Client) GetLikes(_a0 context.Context, _a1 git.GetLikesArgs) (*[]webapi.IdentityRef, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetLikes") + } + var r0 *[]webapi.IdentityRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) (*[]webapi.IdentityRef, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) *[]webapi.IdentityRef); ok { r0 = rf(_a0, _a1) } else { @@ -1314,7 +1709,6 @@ func (_m *Client) GetLikes(_a0 context.Context, _a1 git.GetLikesArgs) (*[]webapi } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetLikesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1328,7 +1722,15 @@ func (_m *Client) GetLikes(_a0 context.Context, _a1 git.GetLikesArgs) (*[]webapi func (_m *Client) GetMergeBases(_a0 context.Context, _a1 git.GetMergeBasesArgs) (*[]git.GitCommitRef, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetMergeBases") + } + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) *[]git.GitCommitRef); ok { r0 = rf(_a0, _a1) } else { @@ -1337,7 +1739,6 @@ func (_m *Client) GetMergeBases(_a0 context.Context, _a1 git.GetMergeBasesArgs) } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeBasesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1351,7 +1752,15 @@ func (_m *Client) GetMergeBases(_a0 context.Context, _a1 git.GetMergeBasesArgs) func (_m *Client) GetMergeRequest(_a0 context.Context, _a1 git.GetMergeRequestArgs) (*git.GitMerge, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetMergeRequest") + } + var r0 *git.GitMerge + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) (*git.GitMerge, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) *git.GitMerge); ok { r0 = rf(_a0, _a1) } else { @@ -1360,7 +1769,6 @@ func (_m *Client) GetMergeRequest(_a0 context.Context, _a1 git.GetMergeRequestAr } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1374,7 +1782,15 @@ func (_m *Client) GetMergeRequest(_a0 context.Context, _a1 git.GetMergeRequestAr func (_m *Client) GetPolicyConfigurations(_a0 context.Context, _a1 git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPolicyConfigurations") + } + var r0 *git.GitPolicyConfigurationResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) *git.GitPolicyConfigurationResponse); ok { r0 = rf(_a0, _a1) } else { @@ -1383,7 +1799,6 @@ func (_m *Client) GetPolicyConfigurations(_a0 context.Context, _a1 git.GetPolicy } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPolicyConfigurationsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1397,7 +1812,15 @@ func (_m *Client) GetPolicyConfigurations(_a0 context.Context, _a1 git.GetPolicy func (_m *Client) GetPullRequest(_a0 context.Context, _a1 git.GetPullRequestArgs) (*git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequest") + } + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) *git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1406,7 +1829,6 @@ func (_m *Client) GetPullRequest(_a0 context.Context, _a1 git.GetPullRequestArgs } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1420,7 +1842,15 @@ func (_m *Client) GetPullRequest(_a0 context.Context, _a1 git.GetPullRequestArgs func (_m *Client) GetPullRequestById(_a0 context.Context, _a1 git.GetPullRequestByIdArgs) (*git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestById") + } + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) *git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1429,7 +1859,6 @@ func (_m *Client) GetPullRequestById(_a0 context.Context, _a1 git.GetPullRequest } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestByIdArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1443,7 +1872,15 @@ func (_m *Client) GetPullRequestById(_a0 context.Context, _a1 git.GetPullRequest func (_m *Client) GetPullRequestCommits(_a0 context.Context, _a1 git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestCommits") + } + var r0 *git.GetPullRequestCommitsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) *git.GetPullRequestCommitsResponseValue); ok { r0 = rf(_a0, _a1) } else { @@ -1452,7 +1889,6 @@ func (_m *Client) GetPullRequestCommits(_a0 context.Context, _a1 git.GetPullRequ } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestCommitsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1466,7 +1902,15 @@ func (_m *Client) GetPullRequestCommits(_a0 context.Context, _a1 git.GetPullRequ func (_m *Client) GetPullRequestIteration(_a0 context.Context, _a1 git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIteration") + } + var r0 *git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) *git.GitPullRequestIteration); ok { r0 = rf(_a0, _a1) } else { @@ -1475,7 +1919,6 @@ func (_m *Client) GetPullRequestIteration(_a0 context.Context, _a1 git.GetPullRe } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1489,7 +1932,15 @@ func (_m *Client) GetPullRequestIteration(_a0 context.Context, _a1 git.GetPullRe func (_m *Client) GetPullRequestIterationChanges(_a0 context.Context, _a1 git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationChanges") + } + var r0 *git.GitPullRequestIterationChanges + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) *git.GitPullRequestIterationChanges); ok { r0 = rf(_a0, _a1) } else { @@ -1498,7 +1949,6 @@ func (_m *Client) GetPullRequestIterationChanges(_a0 context.Context, _a1 git.Ge } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationChangesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1512,7 +1962,15 @@ func (_m *Client) GetPullRequestIterationChanges(_a0 context.Context, _a1 git.Ge func (_m *Client) GetPullRequestIterationCommits(_a0 context.Context, _a1 git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationCommits") + } + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) *[]git.GitCommitRef); ok { r0 = rf(_a0, _a1) } else { @@ -1521,7 +1979,6 @@ func (_m *Client) GetPullRequestIterationCommits(_a0 context.Context, _a1 git.Ge } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationCommitsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1535,7 +1992,15 @@ func (_m *Client) GetPullRequestIterationCommits(_a0 context.Context, _a1 git.Ge func (_m *Client) GetPullRequestIterationStatus(_a0 context.Context, _a1 git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatus") + } + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -1544,7 +2009,6 @@ func (_m *Client) GetPullRequestIterationStatus(_a0 context.Context, _a1 git.Get } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1558,7 +2022,15 @@ func (_m *Client) GetPullRequestIterationStatus(_a0 context.Context, _a1 git.Get func (_m *Client) GetPullRequestIterationStatuses(_a0 context.Context, _a1 git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterationStatuses") + } + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) *[]git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -1567,7 +2039,6 @@ func (_m *Client) GetPullRequestIterationStatuses(_a0 context.Context, _a1 git.G } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1581,7 +2052,15 @@ func (_m *Client) GetPullRequestIterationStatuses(_a0 context.Context, _a1 git.G func (_m *Client) GetPullRequestIterations(_a0 context.Context, _a1 git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestIterations") + } + var r0 *[]git.GitPullRequestIteration + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) *[]git.GitPullRequestIteration); ok { r0 = rf(_a0, _a1) } else { @@ -1590,7 +2069,6 @@ func (_m *Client) GetPullRequestIterations(_a0 context.Context, _a1 git.GetPullR } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1604,7 +2082,15 @@ func (_m *Client) GetPullRequestIterations(_a0 context.Context, _a1 git.GetPullR func (_m *Client) GetPullRequestLabel(_a0 context.Context, _a1 git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabel") + } + var r0 *core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) *core.WebApiTagDefinition); ok { r0 = rf(_a0, _a1) } else { @@ -1613,7 +2099,6 @@ func (_m *Client) GetPullRequestLabel(_a0 context.Context, _a1 git.GetPullReques } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1627,7 +2112,15 @@ func (_m *Client) GetPullRequestLabel(_a0 context.Context, _a1 git.GetPullReques func (_m *Client) GetPullRequestLabels(_a0 context.Context, _a1 git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestLabels") + } + var r0 *[]core.WebApiTagDefinition + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) *[]core.WebApiTagDefinition); ok { r0 = rf(_a0, _a1) } else { @@ -1636,7 +2129,6 @@ func (_m *Client) GetPullRequestLabels(_a0 context.Context, _a1 git.GetPullReque } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1650,7 +2142,15 @@ func (_m *Client) GetPullRequestLabels(_a0 context.Context, _a1 git.GetPullReque func (_m *Client) GetPullRequestProperties(_a0 context.Context, _a1 git.GetPullRequestPropertiesArgs) (interface{}, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestProperties") + } + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) interface{}); ok { r0 = rf(_a0, _a1) } else { @@ -1659,7 +2159,6 @@ func (_m *Client) GetPullRequestProperties(_a0 context.Context, _a1 git.GetPullR } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestPropertiesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1673,7 +2172,15 @@ func (_m *Client) GetPullRequestProperties(_a0 context.Context, _a1 git.GetPullR func (_m *Client) GetPullRequestQuery(_a0 context.Context, _a1 git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestQuery") + } + var r0 *git.GitPullRequestQuery + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) *git.GitPullRequestQuery); ok { r0 = rf(_a0, _a1) } else { @@ -1682,7 +2189,6 @@ func (_m *Client) GetPullRequestQuery(_a0 context.Context, _a1 git.GetPullReques } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestQueryArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1696,7 +2202,15 @@ func (_m *Client) GetPullRequestQuery(_a0 context.Context, _a1 git.GetPullReques func (_m *Client) GetPullRequestReviewer(_a0 context.Context, _a1 git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewer") + } + var r0 *git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) *git.IdentityRefWithVote); ok { r0 = rf(_a0, _a1) } else { @@ -1705,7 +2219,6 @@ func (_m *Client) GetPullRequestReviewer(_a0 context.Context, _a1 git.GetPullReq } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewerArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1719,7 +2232,15 @@ func (_m *Client) GetPullRequestReviewer(_a0 context.Context, _a1 git.GetPullReq func (_m *Client) GetPullRequestReviewers(_a0 context.Context, _a1 git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestReviewers") + } + var r0 *[]git.IdentityRefWithVote + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { r0 = rf(_a0, _a1) } else { @@ -1728,7 +2249,6 @@ func (_m *Client) GetPullRequestReviewers(_a0 context.Context, _a1 git.GetPullRe } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewersArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1742,7 +2262,15 @@ func (_m *Client) GetPullRequestReviewers(_a0 context.Context, _a1 git.GetPullRe func (_m *Client) GetPullRequestStatus(_a0 context.Context, _a1 git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatus") + } + var r0 *git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) *git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -1751,7 +2279,6 @@ func (_m *Client) GetPullRequestStatus(_a0 context.Context, _a1 git.GetPullReque } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1765,7 +2292,15 @@ func (_m *Client) GetPullRequestStatus(_a0 context.Context, _a1 git.GetPullReque func (_m *Client) GetPullRequestStatuses(_a0 context.Context, _a1 git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestStatuses") + } + var r0 *[]git.GitPullRequestStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) *[]git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -1774,7 +2309,6 @@ func (_m *Client) GetPullRequestStatuses(_a0 context.Context, _a1 git.GetPullReq } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1788,7 +2322,15 @@ func (_m *Client) GetPullRequestStatuses(_a0 context.Context, _a1 git.GetPullReq func (_m *Client) GetPullRequestThread(_a0 context.Context, _a1 git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestThread") + } + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) *git.GitPullRequestCommentThread); ok { r0 = rf(_a0, _a1) } else { @@ -1797,7 +2339,6 @@ func (_m *Client) GetPullRequestThread(_a0 context.Context, _a1 git.GetPullReque } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestThreadArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1811,7 +2352,15 @@ func (_m *Client) GetPullRequestThread(_a0 context.Context, _a1 git.GetPullReque func (_m *Client) GetPullRequestWorkItemRefs(_a0 context.Context, _a1 git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestWorkItemRefs") + } + var r0 *[]webapi.ResourceRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) *[]webapi.ResourceRef); ok { r0 = rf(_a0, _a1) } else { @@ -1820,7 +2369,6 @@ func (_m *Client) GetPullRequestWorkItemRefs(_a0 context.Context, _a1 git.GetPul } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1834,7 +2382,15 @@ func (_m *Client) GetPullRequestWorkItemRefs(_a0 context.Context, _a1 git.GetPul func (_m *Client) GetPullRequests(_a0 context.Context, _a1 git.GetPullRequestsArgs) (*[]git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequests") + } + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) *[]git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1843,7 +2399,6 @@ func (_m *Client) GetPullRequests(_a0 context.Context, _a1 git.GetPullRequestsAr } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1857,7 +2412,15 @@ func (_m *Client) GetPullRequests(_a0 context.Context, _a1 git.GetPullRequestsAr func (_m *Client) GetPullRequestsByProject(_a0 context.Context, _a1 git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPullRequestsByProject") + } + var r0 *[]git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) *[]git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1866,7 +2429,6 @@ func (_m *Client) GetPullRequestsByProject(_a0 context.Context, _a1 git.GetPullR } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsByProjectArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1880,7 +2442,15 @@ func (_m *Client) GetPullRequestsByProject(_a0 context.Context, _a1 git.GetPullR func (_m *Client) GetPush(_a0 context.Context, _a1 git.GetPushArgs) (*git.GitPush, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPush") + } + var r0 *git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) (*git.GitPush, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) *git.GitPush); ok { r0 = rf(_a0, _a1) } else { @@ -1889,7 +2459,6 @@ func (_m *Client) GetPush(_a0 context.Context, _a1 git.GetPushArgs) (*git.GitPus } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPushArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1903,7 +2472,15 @@ func (_m *Client) GetPush(_a0 context.Context, _a1 git.GetPushArgs) (*git.GitPus func (_m *Client) GetPushCommits(_a0 context.Context, _a1 git.GetPushCommitsArgs) (*[]git.GitCommitRef, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPushCommits") + } + var r0 *[]git.GitCommitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) (*[]git.GitCommitRef, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) *[]git.GitCommitRef); ok { r0 = rf(_a0, _a1) } else { @@ -1912,7 +2489,6 @@ func (_m *Client) GetPushCommits(_a0 context.Context, _a1 git.GetPushCommitsArgs } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPushCommitsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1926,7 +2502,15 @@ func (_m *Client) GetPushCommits(_a0 context.Context, _a1 git.GetPushCommitsArgs func (_m *Client) GetPushes(_a0 context.Context, _a1 git.GetPushesArgs) (*[]git.GitPush, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetPushes") + } + var r0 *[]git.GitPush + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) (*[]git.GitPush, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) *[]git.GitPush); ok { r0 = rf(_a0, _a1) } else { @@ -1935,7 +2519,6 @@ func (_m *Client) GetPushes(_a0 context.Context, _a1 git.GetPushesArgs) (*[]git. } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPushesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1949,7 +2532,15 @@ func (_m *Client) GetPushes(_a0 context.Context, _a1 git.GetPushesArgs) (*[]git. func (_m *Client) GetRecycleBinRepositories(_a0 context.Context, _a1 git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetRecycleBinRepositories") + } + var r0 *[]git.GitDeletedRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) *[]git.GitDeletedRepository); ok { r0 = rf(_a0, _a1) } else { @@ -1958,7 +2549,6 @@ func (_m *Client) GetRecycleBinRepositories(_a0 context.Context, _a1 git.GetRecy } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRecycleBinRepositoriesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1972,7 +2562,15 @@ func (_m *Client) GetRecycleBinRepositories(_a0 context.Context, _a1 git.GetRecy func (_m *Client) GetRefFavorite(_a0 context.Context, _a1 git.GetRefFavoriteArgs) (*git.GitRefFavorite, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetRefFavorite") + } + var r0 *git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) (*git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) *git.GitRefFavorite); ok { r0 = rf(_a0, _a1) } else { @@ -1981,7 +2579,6 @@ func (_m *Client) GetRefFavorite(_a0 context.Context, _a1 git.GetRefFavoriteArgs } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoriteArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1995,7 +2592,15 @@ func (_m *Client) GetRefFavorite(_a0 context.Context, _a1 git.GetRefFavoriteArgs func (_m *Client) GetRefFavorites(_a0 context.Context, _a1 git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetRefFavorites") + } + var r0 *[]git.GitRefFavorite + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) *[]git.GitRefFavorite); ok { r0 = rf(_a0, _a1) } else { @@ -2004,7 +2609,6 @@ func (_m *Client) GetRefFavorites(_a0 context.Context, _a1 git.GetRefFavoritesAr } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoritesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2018,7 +2622,15 @@ func (_m *Client) GetRefFavorites(_a0 context.Context, _a1 git.GetRefFavoritesAr func (_m *Client) GetRefs(_a0 context.Context, _a1 git.GetRefsArgs) (*git.GetRefsResponseValue, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetRefs") + } + var r0 *git.GetRefsResponseValue + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) (*git.GetRefsResponseValue, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) *git.GetRefsResponseValue); ok { r0 = rf(_a0, _a1) } else { @@ -2027,7 +2639,6 @@ func (_m *Client) GetRefs(_a0 context.Context, _a1 git.GetRefsArgs) (*git.GetRef } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRefsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2041,7 +2652,15 @@ func (_m *Client) GetRefs(_a0 context.Context, _a1 git.GetRefsArgs) (*git.GetRef func (_m *Client) GetRepositories(_a0 context.Context, _a1 git.GetRepositoriesArgs) (*[]git.GitRepository, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetRepositories") + } + var r0 *[]git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) (*[]git.GitRepository, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) *[]git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -2050,7 +2669,6 @@ func (_m *Client) GetRepositories(_a0 context.Context, _a1 git.GetRepositoriesAr } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoriesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2064,7 +2682,15 @@ func (_m *Client) GetRepositories(_a0 context.Context, _a1 git.GetRepositoriesAr func (_m *Client) GetRepository(_a0 context.Context, _a1 git.GetRepositoryArgs) (*git.GitRepository, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetRepository") + } + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) *git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -2073,7 +2699,6 @@ func (_m *Client) GetRepository(_a0 context.Context, _a1 git.GetRepositoryArgs) } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2087,7 +2712,15 @@ func (_m *Client) GetRepository(_a0 context.Context, _a1 git.GetRepositoryArgs) func (_m *Client) GetRepositoryWithParent(_a0 context.Context, _a1 git.GetRepositoryWithParentArgs) (*git.GitRepository, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetRepositoryWithParent") + } + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) *git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -2096,7 +2729,6 @@ func (_m *Client) GetRepositoryWithParent(_a0 context.Context, _a1 git.GetReposi } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryWithParentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2110,7 +2742,15 @@ func (_m *Client) GetRepositoryWithParent(_a0 context.Context, _a1 git.GetReposi func (_m *Client) GetRevert(_a0 context.Context, _a1 git.GetRevertArgs) (*git.GitRevert, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetRevert") + } + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) *git.GitRevert); ok { r0 = rf(_a0, _a1) } else { @@ -2119,7 +2759,6 @@ func (_m *Client) GetRevert(_a0 context.Context, _a1 git.GetRevertArgs) (*git.Gi } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2133,7 +2772,15 @@ func (_m *Client) GetRevert(_a0 context.Context, _a1 git.GetRevertArgs) (*git.Gi func (_m *Client) GetRevertForRefName(_a0 context.Context, _a1 git.GetRevertForRefNameArgs) (*git.GitRevert, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetRevertForRefName") + } + var r0 *git.GitRevert + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) (*git.GitRevert, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) *git.GitRevert); ok { r0 = rf(_a0, _a1) } else { @@ -2142,7 +2789,6 @@ func (_m *Client) GetRevertForRefName(_a0 context.Context, _a1 git.GetRevertForR } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertForRefNameArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2156,7 +2802,15 @@ func (_m *Client) GetRevertForRefName(_a0 context.Context, _a1 git.GetRevertForR func (_m *Client) GetStatuses(_a0 context.Context, _a1 git.GetStatusesArgs) (*[]git.GitStatus, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetStatuses") + } + var r0 *[]git.GitStatus + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) (*[]git.GitStatus, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) *[]git.GitStatus); ok { r0 = rf(_a0, _a1) } else { @@ -2165,7 +2819,6 @@ func (_m *Client) GetStatuses(_a0 context.Context, _a1 git.GetStatusesArgs) (*[] } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetStatusesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2179,7 +2832,15 @@ func (_m *Client) GetStatuses(_a0 context.Context, _a1 git.GetStatusesArgs) (*[] func (_m *Client) GetSuggestions(_a0 context.Context, _a1 git.GetSuggestionsArgs) (*[]git.GitSuggestion, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetSuggestions") + } + var r0 *[]git.GitSuggestion + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) (*[]git.GitSuggestion, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) *[]git.GitSuggestion); ok { r0 = rf(_a0, _a1) } else { @@ -2188,7 +2849,6 @@ func (_m *Client) GetSuggestions(_a0 context.Context, _a1 git.GetSuggestionsArgs } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetSuggestionsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2202,7 +2862,15 @@ func (_m *Client) GetSuggestions(_a0 context.Context, _a1 git.GetSuggestionsArgs func (_m *Client) GetThreads(_a0 context.Context, _a1 git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetThreads") + } + var r0 *[]git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) *[]git.GitPullRequestCommentThread); ok { r0 = rf(_a0, _a1) } else { @@ -2211,7 +2879,6 @@ func (_m *Client) GetThreads(_a0 context.Context, _a1 git.GetThreadsArgs) (*[]gi } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetThreadsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2225,7 +2892,15 @@ func (_m *Client) GetThreads(_a0 context.Context, _a1 git.GetThreadsArgs) (*[]gi func (_m *Client) GetTree(_a0 context.Context, _a1 git.GetTreeArgs) (*git.GitTreeRef, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetTree") + } + var r0 *git.GitTreeRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) (*git.GitTreeRef, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) *git.GitTreeRef); ok { r0 = rf(_a0, _a1) } else { @@ -2234,7 +2909,6 @@ func (_m *Client) GetTree(_a0 context.Context, _a1 git.GetTreeArgs) (*git.GitTre } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2248,7 +2922,15 @@ func (_m *Client) GetTree(_a0 context.Context, _a1 git.GetTreeArgs) (*git.GitTre func (_m *Client) GetTreeZip(_a0 context.Context, _a1 git.GetTreeZipArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for GetTreeZip") + } + var r0 io.ReadCloser + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) (io.ReadCloser, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -2257,7 +2939,6 @@ func (_m *Client) GetTreeZip(_a0 context.Context, _a1 git.GetTreeZipArgs) (io.Re } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeZipArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2271,7 +2952,15 @@ func (_m *Client) GetTreeZip(_a0 context.Context, _a1 git.GetTreeZipArgs) (io.Re func (_m *Client) QueryImportRequests(_a0 context.Context, _a1 git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for QueryImportRequests") + } + var r0 *[]git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) *[]git.GitImportRequest); ok { r0 = rf(_a0, _a1) } else { @@ -2280,7 +2969,6 @@ func (_m *Client) QueryImportRequests(_a0 context.Context, _a1 git.QueryImportRe } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.QueryImportRequestsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2294,7 +2982,15 @@ func (_m *Client) QueryImportRequests(_a0 context.Context, _a1 git.QueryImportRe func (_m *Client) RestoreRepositoryFromRecycleBin(_a0 context.Context, _a1 git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for RestoreRepositoryFromRecycleBin") + } + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) *git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -2303,7 +2999,6 @@ func (_m *Client) RestoreRepositoryFromRecycleBin(_a0 context.Context, _a1 git.R } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2317,6 +3012,10 @@ func (_m *Client) RestoreRepositoryFromRecycleBin(_a0 context.Context, _a1 git.R func (_m *Client) SharePullRequest(_a0 context.Context, _a1 git.SharePullRequestArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for SharePullRequest") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.SharePullRequestArgs) error); ok { r0 = rf(_a0, _a1) @@ -2331,7 +3030,15 @@ func (_m *Client) SharePullRequest(_a0 context.Context, _a1 git.SharePullRequest func (_m *Client) UpdateComment(_a0 context.Context, _a1 git.UpdateCommentArgs) (*git.Comment, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for UpdateComment") + } + var r0 *git.Comment + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) (*git.Comment, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) *git.Comment); ok { r0 = rf(_a0, _a1) } else { @@ -2340,7 +3047,6 @@ func (_m *Client) UpdateComment(_a0 context.Context, _a1 git.UpdateCommentArgs) } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateCommentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2354,7 +3060,15 @@ func (_m *Client) UpdateComment(_a0 context.Context, _a1 git.UpdateCommentArgs) func (_m *Client) UpdateImportRequest(_a0 context.Context, _a1 git.UpdateImportRequestArgs) (*git.GitImportRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for UpdateImportRequest") + } + var r0 *git.GitImportRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) (*git.GitImportRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) *git.GitImportRequest); ok { r0 = rf(_a0, _a1) } else { @@ -2363,7 +3077,6 @@ func (_m *Client) UpdateImportRequest(_a0 context.Context, _a1 git.UpdateImportR } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateImportRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2377,7 +3090,15 @@ func (_m *Client) UpdateImportRequest(_a0 context.Context, _a1 git.UpdateImportR func (_m *Client) UpdatePullRequest(_a0 context.Context, _a1 git.UpdatePullRequestArgs) (*git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequest") + } + var r0 *git.GitPullRequest + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) (*git.GitPullRequest, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) *git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -2386,7 +3107,6 @@ func (_m *Client) UpdatePullRequest(_a0 context.Context, _a1 git.UpdatePullReque } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2400,6 +3120,10 @@ func (_m *Client) UpdatePullRequest(_a0 context.Context, _a1 git.UpdatePullReque func (_m *Client) UpdatePullRequestIterationStatuses(_a0 context.Context, _a1 git.UpdatePullRequestIterationStatusesArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestIterationStatuses") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestIterationStatusesArgs) error); ok { r0 = rf(_a0, _a1) @@ -2414,7 +3138,15 @@ func (_m *Client) UpdatePullRequestIterationStatuses(_a0 context.Context, _a1 gi func (_m *Client) UpdatePullRequestProperties(_a0 context.Context, _a1 git.UpdatePullRequestPropertiesArgs) (interface{}, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestProperties") + } + var r0 interface{} + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) (interface{}, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) interface{}); ok { r0 = rf(_a0, _a1) } else { @@ -2423,7 +3155,6 @@ func (_m *Client) UpdatePullRequestProperties(_a0 context.Context, _a1 git.Updat } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestPropertiesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2437,6 +3168,10 @@ func (_m *Client) UpdatePullRequestProperties(_a0 context.Context, _a1 git.Updat func (_m *Client) UpdatePullRequestReviewers(_a0 context.Context, _a1 git.UpdatePullRequestReviewersArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestReviewers") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestReviewersArgs) error); ok { r0 = rf(_a0, _a1) @@ -2451,6 +3186,10 @@ func (_m *Client) UpdatePullRequestReviewers(_a0 context.Context, _a1 git.Update func (_m *Client) UpdatePullRequestStatuses(_a0 context.Context, _a1 git.UpdatePullRequestStatusesArgs) error { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for UpdatePullRequestStatuses") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestStatusesArgs) error); ok { r0 = rf(_a0, _a1) @@ -2465,7 +3204,15 @@ func (_m *Client) UpdatePullRequestStatuses(_a0 context.Context, _a1 git.UpdateP func (_m *Client) UpdateRef(_a0 context.Context, _a1 git.UpdateRefArgs) (*git.GitRef, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for UpdateRef") + } + var r0 *git.GitRef + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) (*git.GitRef, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) *git.GitRef); ok { r0 = rf(_a0, _a1) } else { @@ -2474,7 +3221,6 @@ func (_m *Client) UpdateRef(_a0 context.Context, _a1 git.UpdateRefArgs) (*git.Gi } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2488,7 +3234,15 @@ func (_m *Client) UpdateRef(_a0 context.Context, _a1 git.UpdateRefArgs) (*git.Gi func (_m *Client) UpdateRefs(_a0 context.Context, _a1 git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for UpdateRefs") + } + var r0 *[]git.GitRefUpdateResult + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) *[]git.GitRefUpdateResult); ok { r0 = rf(_a0, _a1) } else { @@ -2497,7 +3251,6 @@ func (_m *Client) UpdateRefs(_a0 context.Context, _a1 git.UpdateRefsArgs) (*[]gi } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2511,7 +3264,15 @@ func (_m *Client) UpdateRefs(_a0 context.Context, _a1 git.UpdateRefsArgs) (*[]gi func (_m *Client) UpdateRepository(_a0 context.Context, _a1 git.UpdateRepositoryArgs) (*git.GitRepository, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for UpdateRepository") + } + var r0 *git.GitRepository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) (*git.GitRepository, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) *git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -2520,7 +3281,6 @@ func (_m *Client) UpdateRepository(_a0 context.Context, _a1 git.UpdateRepository } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRepositoryArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2534,7 +3294,15 @@ func (_m *Client) UpdateRepository(_a0 context.Context, _a1 git.UpdateRepository func (_m *Client) UpdateThread(_a0 context.Context, _a1 git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for UpdateThread") + } + var r0 *git.GitPullRequestCommentThread + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) *git.GitPullRequestCommentThread); ok { r0 = rf(_a0, _a1) } else { @@ -2543,7 +3311,6 @@ func (_m *Client) UpdateThread(_a0 context.Context, _a1 git.UpdateThreadArgs) (* } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateThreadArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2552,3 +3319,17 @@ func (_m *Client) UpdateThread(_a0 context.Context, _a1 git.UpdateThreadArgs) (* return r0, r1 } + +// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewClient(t interface { + mock.TestingT + Cleanup(func()) +}) *Client { + mock := &Client{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/services/scm_provider/azure_devops_test.go b/applicationset/services/scm_provider/azure_devops_test.go index 219e770d71250..f7492c662fe0f 100644 --- a/applicationset/services/scm_provider/azure_devops_test.go +++ b/applicationset/services/scm_provider/azure_devops_test.go @@ -8,15 +8,17 @@ import ( "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" azureMock "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/azure_devops/git/mocks" "github.com/microsoft/azure-devops-go-api/azuredevops" azureGit "github.com/microsoft/azure-devops-go-api/azuredevops/git" ) +//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --srcpkg=github.com/microsoft/azure-devops-go-api/azuredevops/git --name=Client --output=azure_devops/git/mocks --outpkg=mocks + func s(input string) *string { - return pointer.String(input) + return ptr.To(input) } func TestAzureDevopsRepoHasPath(t *testing.T) { diff --git a/applicationset/utils/clusterUtils.go b/applicationset/utils/clusterUtils.go index 3b34a5a863dbd..c53f449f5b700 100644 --- a/applicationset/utils/clusterUtils.go +++ b/applicationset/utils/clusterUtils.go @@ -17,7 +17,7 @@ import ( appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "k8s.io/client-go/kubernetes" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) // The contents of this file are from @@ -180,7 +180,7 @@ func secretToCluster(s *corev1.Secret) (*appv1.Cluster, error) { if val, err := strconv.Atoi(string(shardStr)); err != nil { log.Warnf("Error while parsing shard in cluster secret '%s': %v", s.Name, err) } else { - shard = pointer.Int64(int64(val)) + shard = ptr.To(int64(val)) } } cluster := appv1.Cluster{ diff --git a/applicationset/utils/createOrUpdate.go b/applicationset/utils/createOrUpdate.go index 1f2a8a9c4a54c..301d477bab2db 100644 --- a/applicationset/utils/createOrUpdate.go +++ b/applicationset/utils/createOrUpdate.go @@ -20,6 +20,7 @@ import ( argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/argo" argodiff "github.com/argoproj/argo-cd/v2/util/argo/diff" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" ) // CreateOrUpdate overrides "sigs.k8s.io/controller-runtime" function @@ -35,7 +36,7 @@ import ( // The MutateFn is called regardless of creating or updating an object. // // It returns the executed operation and an error. -func CreateOrUpdate(ctx context.Context, logCtx *log.Entry, c client.Client, ignoreAppDifferences argov1alpha1.ApplicationSetIgnoreDifferences, obj *argov1alpha1.Application, f controllerutil.MutateFn) (controllerutil.OperationResult, error) { +func CreateOrUpdate(ctx context.Context, logCtx *log.Entry, c client.Client, ignoreAppDifferences argov1alpha1.ApplicationSetIgnoreDifferences, ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts, obj *argov1alpha1.Application, f controllerutil.MutateFn) (controllerutil.OperationResult, error) { key := client.ObjectKeyFromObject(obj) if err := c.Get(ctx, key, obj); err != nil { @@ -60,7 +61,7 @@ func CreateOrUpdate(ctx context.Context, logCtx *log.Entry, c client.Client, ign // Apply ignoreApplicationDifferences rules to remove ignored fields from both the live and the desired state. This // prevents those differences from appearing in the diff and therefore in the patch. - err := applyIgnoreDifferences(ignoreAppDifferences, normalizedLive, obj) + err := applyIgnoreDifferences(ignoreAppDifferences, normalizedLive, obj, ignoreNormalizerOpts) if err != nil { return controllerutil.OperationResultNone, fmt.Errorf("failed to apply ignore differences: %w", err) } @@ -134,14 +135,14 @@ func mutate(f controllerutil.MutateFn, key client.ObjectKey, obj client.Object) } // applyIgnoreDifferences applies the ignore differences rules to the found application. It modifies the applications in place. -func applyIgnoreDifferences(applicationSetIgnoreDifferences argov1alpha1.ApplicationSetIgnoreDifferences, found *argov1alpha1.Application, generatedApp *argov1alpha1.Application) error { +func applyIgnoreDifferences(applicationSetIgnoreDifferences argov1alpha1.ApplicationSetIgnoreDifferences, found *argov1alpha1.Application, generatedApp *argov1alpha1.Application, ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts) error { if len(applicationSetIgnoreDifferences) == 0 { return nil } generatedAppCopy := generatedApp.DeepCopy() diffConfig, err := argodiff.NewDiffConfigBuilder(). - WithDiffSettings(applicationSetIgnoreDifferences.ToApplicationIgnoreDifferences(), nil, false). + WithDiffSettings(applicationSetIgnoreDifferences.ToApplicationIgnoreDifferences(), nil, false, ignoreNormalizerOpts). WithNoCache(). Build() if err != nil { diff --git a/applicationset/utils/createOrUpdate_test.go b/applicationset/utils/createOrUpdate_test.go index a294e89281974..2dc5945d2d2cc 100644 --- a/applicationset/utils/createOrUpdate_test.go +++ b/applicationset/utils/createOrUpdate_test.go @@ -9,6 +9,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" ) func Test_applyIgnoreDifferences(t *testing.T) { @@ -222,7 +223,7 @@ spec: generatedApp := v1alpha1.Application{TypeMeta: appMeta} err = yaml.Unmarshal([]byte(tc.generatedApp), &generatedApp) require.NoError(t, err, tc.generatedApp) - err = applyIgnoreDifferences(tc.ignoreDifferences, &foundApp, &generatedApp) + err = applyIgnoreDifferences(tc.ignoreDifferences, &foundApp, &generatedApp, normalizers.IgnoreNormalizerOpts{}) require.NoError(t, err) yamlFound, err := yaml.Marshal(tc.foundApp) require.NoError(t, err) diff --git a/assets/swagger.json b/assets/swagger.json index 878d98410b5a7..8eb01ef642551 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -384,7 +384,7 @@ "parameters": [ { "type": "string", - "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names\n+optional", + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names\n+optional", "name": "application.metadata.name", "in": "path", "required": true @@ -2030,6 +2030,43 @@ } } }, + "/api/v1/applicationsets/{name}/resource-tree": { + "get": { + "tags": [ + "ApplicationSetService" + ], + "summary": "ResourceTree returns resource tree", + "operationId": "ApplicationSetService_ResourceTree", + "parameters": [ + { + "type": "string", + "name": "name", + "in": "path", + "required": true + }, + { + "type": "string", + "description": "The application set namespace. Default empty is argocd control plane namespace.", + "name": "appsetNamespace", + "in": "query" + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "$ref": "#/definitions/v1alpha1ApplicationSetTree" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "#/definitions/runtimeError" + } + } + } + } + }, "/api/v1/certificates": { "get": { "tags": [ @@ -2931,7 +2968,7 @@ "parameters": [ { "type": "string", - "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names\n+optional", + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names\n+optional", "name": "project.metadata.name", "in": "path", "required": true @@ -4238,6 +4275,19 @@ "revision": { "type": "string" }, + "revisions": { + "type": "array", + "items": { + "type": "string" + } + }, + "sourcePositions": { + "type": "array", + "items": { + "type": "string", + "format": "int64" + } + }, "strategy": { "$ref": "#/definitions/v1alpha1SyncStrategy" }, @@ -5353,8 +5403,8 @@ "type": "object", "properties": { "key": { - "type": "string", - "title": "key is the label key that the selector applies to.\n+patchMergeKey=key\n+patchStrategy=merge" + "description": "key is the label key that the selector applies to.", + "type": "string" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", @@ -5404,6 +5454,10 @@ "type": "string", "title": "IP is set for load-balancer ingress points that are IP based\n(typically GCE or OpenStack load-balancers)\n+optional" }, + "ipMode": { + "type": "string", + "title": "IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified.\nSetting this to \"VIP\" indicates that traffic is delivered to the node with\nthe destination set to the load-balancer's IP and port.\nSetting this to \"Proxy\" indicates that traffic is delivered to the node or pod with\nthe destination set to the node's IP and node port or the pod's IP and port.\nService implementations may use this information to adjust traffic routing.\n+optional" + }, "ports": { "type": "array", "title": "Ports is a list of records of service ports\nIf used, every port defined in the service should have an entry in it\n+listType=atomic\n+optional", @@ -5513,7 +5567,7 @@ "properties": { "annotations": { "type": "object", - "title": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations\n+optional", + "title": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n+optional", "additionalProperties": { "type": "string" } @@ -5547,7 +5601,7 @@ }, "labels": { "type": "object", - "title": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels\n+optional", + "title": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels\n+optional", "additionalProperties": { "type": "string" } @@ -5561,10 +5615,10 @@ }, "name": { "type": "string", - "title": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names\n+optional" + "title": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names\n+optional" }, "namespace": { - "description": "Namespace defines the space within which each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/namespaces\n+optional", + "description": "Namespace defines the space within which each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces\n+optional", "type": "string" }, "ownerReferences": { @@ -5583,7 +5637,7 @@ "title": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.\n+optional" }, "uid": { - "description": "UID is the unique in time and space value for this object. It is typically generated by\nthe server on successful creation of a resource and is not allowed to change on PUT\noperations.\n\nPopulated by the system.\nRead-only.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#uids\n+optional", + "description": "UID is the unique in time and space value for this object. It is typically generated by\nthe server on successful creation of a resource and is not allowed to change on PUT\noperations.\n\nPopulated by the system.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids\n+optional", "type": "string" } } @@ -5644,11 +5698,11 @@ }, "name": { "type": "string", - "title": "Name of the referent.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names" + "title": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" }, "uid": { "type": "string", - "title": "UID of the referent.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#uids" + "title": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" } } }, @@ -5825,7 +5879,7 @@ }, "v1alpha1Application": { "type": "object", - "title": "Application is a definition of Application resource.\n+genclient\n+genclient:noStatus\n+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object\n+kubebuilder:resource:path=applications,shortName=app;apps\n+kubebuilder:printcolumn:name=\"Sync Status\",type=string,JSONPath=`.status.sync.status`\n+kubebuilder:printcolumn:name=\"Health Status\",type=string,JSONPath=`.status.health.status`\n+kubebuilder:printcolumn:name=\"Revision\",type=string,JSONPath=`.status.sync.revision`,priority=10", + "title": "Application is a definition of Application resource.\n+genclient\n+genclient:noStatus\n+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object\n+kubebuilder:resource:path=applications,shortName=app;apps\n+kubebuilder:printcolumn:name=\"Sync Status\",type=string,JSONPath=`.status.sync.status`\n+kubebuilder:printcolumn:name=\"Health Status\",type=string,JSONPath=`.status.health.status`\n+kubebuilder:printcolumn:name=\"Revision\",type=string,JSONPath=`.status.sync.revision`,priority=10\n+kubebuilder:printcolumn:name=\"Project\",type=string,JSONPath=`.spec.project`,priority=10", "properties": { "metadata": { "$ref": "#/definitions/v1ObjectMeta" @@ -5967,7 +6021,7 @@ }, "v1alpha1ApplicationSetCondition": { "type": "object", - "title": "ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning", + "title": "ApplicationSetCondition contains details about an applicationset condition, which is usually an error or warning", "properties": { "lastTransitionTime": { "$ref": "#/definitions/v1Time" @@ -6188,6 +6242,13 @@ "items": { "$ref": "#/definitions/v1alpha1ApplicationSetCondition" } + }, + "resources": { + "description": "Resources is a list of Applications resources managed by this application set.", + "type": "array", + "items": { + "$ref": "#/definitions/v1alpha1ResourceStatus" + } } } }, @@ -6259,6 +6320,19 @@ } } }, + "v1alpha1ApplicationSetTree": { + "type": "object", + "title": "ApplicationSetTree holds nodes which belongs to the application\nUsed to build a tree of an ApplicationSet and its children", + "properties": { + "nodes": { + "type": "array", + "title": "Nodes contains list of nodes which are directly managed by the applicationset", + "items": { + "$ref": "#/definitions/v1alpha1ResourceNode" + } + } + } + }, "v1alpha1ApplicationSource": { "type": "object", "title": "ApplicationSource contains all required information about the source of an application", diff --git a/cmd/argocd-application-controller/commands/argocd_application_controller.go b/cmd/argocd-application-controller/commands/argocd_application_controller.go index 3c7fe8bbac107..a7c7f92fab2a6 100644 --- a/cmd/argocd-application-controller/commands/argocd_application_controller.go +++ b/cmd/argocd-application-controller/commands/argocd_application_controller.go @@ -21,6 +21,7 @@ import ( appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" "github.com/argoproj/argo-cd/v2/pkg/ratelimiter" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate" "github.com/argoproj/argo-cd/v2/util/cli" @@ -72,6 +73,7 @@ func NewCommand() *cobra.Command { shardingAlgorithm string enableDynamicClusterDistribution bool serverSideDiff bool + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts ) var command = cobra.Command{ Use: cliName, @@ -169,6 +171,7 @@ func NewCommand() *cobra.Command { &workqueueRateLimit, serverSideDiff, enableDynamicClusterDistribution, + ignoreNormalizerOpts, ) errors.CheckError(err) cacheutil.CollectMetrics(redisClient, appController.GetMetricsServer()) @@ -229,6 +232,7 @@ func NewCommand() *cobra.Command { command.Flags().Float64Var(&workqueueRateLimit.BackoffFactor, "wq-backoff-factor", env.ParseFloat64FromEnv("WORKQUEUE_BACKOFF_FACTOR", 1.5, 0, math.MaxFloat64), "Set Workqueue Per Item Rate Limiter Backoff Factor, default is 1.5") command.Flags().BoolVar(&enableDynamicClusterDistribution, "dynamic-cluster-distribution-enabled", env.ParseBoolFromEnv(common.EnvEnableDynamicClusterDistribution, false), "Enables dynamic cluster distribution.") command.Flags().BoolVar(&serverSideDiff, "server-side-diff-enabled", env.ParseBoolFromEnv(common.EnvServerSideDiff, false), "Feature flag to enable ServerSide diff. Default (\"false\")") + command.Flags().DurationVar(&ignoreNormalizerOpts.JQExecutionTimeout, "ignore-normalizer-jq-execution-timeout-seconds", env.ParseDurationFromEnv("ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT", 0*time.Second, 0, math.MaxInt64), "Set ignore normalizer JQ execution timeout") cacheSource = appstatecache.AddCacheFlagsToCmd(&command, cacheutil.Options{ OnClientCreated: func(client *redis.Client) { redisClient = client diff --git a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go index 9adbc3e64a685..4720123860ed2 100644 --- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go +++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go @@ -30,6 +30,9 @@ import ( clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" "k8s.io/client-go/tools/clientcmd" + ctrlcache "sigs.k8s.io/controller-runtime/pkg/cache" + ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" "github.com/argoproj/argo-cd/v2/applicationset/services" appv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -113,15 +116,28 @@ func NewCommand() *cobra.Command { os.Exit(1) } + var cacheOpt ctrlcache.Options + + if watchedNamespace != "" { + cacheOpt = ctrlcache.Options{ + DefaultNamespaces: map[string]ctrlcache.Config{ + watchedNamespace: {}, + }, + } + } + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ - Scheme: scheme, - MetricsBindAddress: metricsAddr, - Namespace: watchedNamespace, + Scheme: scheme, + Metrics: metricsserver.Options{ + BindAddress: metricsAddr, + }, + Cache: cacheOpt, HealthProbeBindAddress: probeBindAddr, - Port: 9443, LeaderElection: enableLeaderElection, LeaderElectionID: "58ac56fa.applicationsets.argoproj.io", - DryRunClient: dryRun, + Client: ctrlclient.Options{ + DryRun: &dryRun, + }, }) if err != nil { diff --git a/cmd/argocd-repo-server/commands/argocd_repo_server.go b/cmd/argocd-repo-server/commands/argocd_repo_server.go index 2ba17cd9b64ba..f80968cf76f37 100644 --- a/cmd/argocd-repo-server/commands/argocd_repo_server.go +++ b/cmd/argocd-repo-server/commands/argocd_repo_server.go @@ -70,6 +70,7 @@ func NewCommand() *cobra.Command { helmManifestMaxExtractedSize string helmRegistryMaxIndexSize string disableManifestMaxExtractedSize bool + includeHiddenDirectories bool ) var command = cobra.Command{ Use: cliName, @@ -130,6 +131,7 @@ func NewCommand() *cobra.Command { StreamedManifestMaxTarSize: streamedManifestMaxTarSizeQuantity.ToDec().Value(), HelmManifestMaxExtractedSize: helmManifestMaxExtractedSizeQuantity.ToDec().Value(), HelmRegistryMaxIndexSize: helmRegistryMaxIndexSizeQuantity.ToDec().Value(), + IncludeHiddenDirectories: includeHiddenDirectories, }, askPassServer) errors.CheckError(err) @@ -215,6 +217,7 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&helmManifestMaxExtractedSize, "helm-manifest-max-extracted-size", env.StringFromEnv("ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE", "1G"), "Maximum size of helm manifest archives when extracted") command.Flags().StringVar(&helmRegistryMaxIndexSize, "helm-registry-max-index-size", env.StringFromEnv("ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_INDEX_SIZE", "1G"), "Maximum size of registry index file") command.Flags().BoolVar(&disableManifestMaxExtractedSize, "disable-helm-manifest-max-extracted-size", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE", false), "Disable maximum size of helm manifest archives when extracted") + command.Flags().BoolVar(&includeHiddenDirectories, "include-hidden-directories", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES", false), "Include hidden directories from Git") tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(&command) cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, cacheutil.Options{ OnClientCreated: func(client *redis.Client) { diff --git a/cmd/argocd/commands/admin/admin.go b/cmd/argocd/commands/admin/admin.go index 49c81e4da4bfe..9c56b066d552c 100644 --- a/cmd/argocd/commands/admin/admin.go +++ b/cmd/argocd/commands/admin/admin.go @@ -48,84 +48,9 @@ func NewAdminCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { Run: func(c *cobra.Command, args []string) { c.HelpFunc()(c, args) }, - Example: `# List all clusters -$ argocd admin cluster list - -# Add a new cluster -$ argocd admin cluster add my-cluster --name my-cluster --in-cluster-context - -# Remove a cluster -argocd admin cluster remove my-cluster - -# List all projects -$ argocd admin project list - -# Create a new project -$argocd admin project create my-project --src-namespace my-source-namespace --dest-namespace my-dest-namespace - -# Update a project -$ argocd admin project update my-project --src-namespace my-updated-source-namespace --dest-namespace my-updated-dest-namespace - -# Delete a project -$ argocd admin project delete my-project - -# List all settings -$ argocd admin settings list - -# Get the current settings -$ argocd admin settings get - -# Update settings -$ argocd admin settings update --repository.resync --value 15 - -# List all applications -$ argocd admin app list - -# Get application details -$ argocd admin app get my-app - -# Sync an application -$ argocd admin app sync my-app - -# Pause an application -$ argocd admin app pause my-app - -# Resume an application -$ argocd admin app resume my-app - -# List all repositories -$ argocd admin repo list - -# Add a repository -$ argocd admin repo add https://github.com/argoproj/my-repo.git - -# Remove a repository -$ argocd admin repo remove https://github.com/argoproj/my-repo.git - -# Import an application from a YAML file -$ argocd admin app import -f my-app.yaml - -# Export an application to a YAML file -$ argocd admin app export my-app -o my-exported-app.yaml - -# Access the Argo CD web UI + Example: `# Access the Argo CD web UI $ argocd admin dashboard -# List notifications -$ argocd admin notification list - -# Get notification details -$ argocd admin notification get my-notification - -# Create a new notification -$ argocd admin notification create my-notification -f notification-config.yaml - -# Update a notification -$ argocd admin notification update my-notification -f updated-notification-config.yaml - -# Delete a notification -$ argocd admin notification delete my-notification - # Reset the initial admin password $ argocd admin initial-password reset `, @@ -141,6 +66,7 @@ $ argocd admin initial-password reset command.AddCommand(NewDashboardCommand(clientOpts)) command.AddCommand(NewNotificationsCommand()) command.AddCommand(NewInitialPasswordCommand()) + command.AddCommand(NewRedisInitialPasswordCommand()) command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json") command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error") diff --git a/cmd/argocd/commands/admin/app.go b/cmd/argocd/commands/admin/app.go index ebdec7f261ffc..7374a6315978e 100644 --- a/cmd/argocd/commands/admin/app.go +++ b/cmd/argocd/commands/admin/app.go @@ -31,6 +31,7 @@ import ( appinformers "github.com/argoproj/argo-cd/v2/pkg/client/informers/externalversions" reposerverclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/util/argo" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate" "github.com/argoproj/argo-cd/v2/util/cli" @@ -239,12 +240,13 @@ func diffReconcileResults(res1 reconcileResults, res2 reconcileResults) error { func NewReconcileCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( - clientConfig clientcmd.ClientConfig - selector string - repoServerAddress string - outputFormat string - refresh bool - serverSideDiff bool + clientConfig clientcmd.ClientConfig + selector string + repoServerAddress string + outputFormat string + refresh bool + serverSideDiff bool + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts ) var command = &cobra.Command{ @@ -290,7 +292,7 @@ func NewReconcileCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command repoServerAddress = fmt.Sprintf("localhost:%d", repoServerPort) } repoServerClient := reposerverclient.NewRepoServerClientset(repoServerAddress, 60, reposerverclient.TLSConfiguration{DisableTLS: false, StrictValidation: false}) - result, err = reconcileApplications(ctx, kubeClientset, appClientset, namespace, repoServerClient, selector, newLiveStateCache, serverSideDiff) + result, err = reconcileApplications(ctx, kubeClientset, appClientset, namespace, repoServerClient, selector, newLiveStateCache, serverSideDiff, ignoreNormalizerOpts) errors.CheckError(err) } else { appClientset := appclientset.NewForConfigOrDie(cfg) @@ -306,7 +308,7 @@ func NewReconcileCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command command.Flags().StringVar(&outputFormat, "o", "yaml", "Output format (yaml|json)") command.Flags().BoolVar(&refresh, "refresh", false, "If set to true then recalculates apps reconciliation") command.Flags().BoolVar(&serverSideDiff, "server-side-diff", false, "If set to \"true\" will use server-side diff while comparing resources. Default (\"false\")") - + command.Flags().DurationVar(&ignoreNormalizerOpts.JQExecutionTimeout, "ignore-normalizer-jq-execution-timeout", normalizers.DefaultJQExecutionTimeout, "Set ignore normalizer JQ execution timeout") return command } @@ -356,6 +358,7 @@ func reconcileApplications( selector string, createLiveStateCache func(argoDB db.ArgoDB, appInformer kubecache.SharedIndexInformer, settingsMgr *settings.SettingsManager, server *metrics.MetricsServer) cache.LiveStateCache, serverSideDiff bool, + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts, ) ([]appReconcileResult, error) { settingsMgr := settings.NewSettingsManager(ctx, kubeClientset, namespace) argoDB := db.NewDB(namespace, settingsMgr, kubeClientset) @@ -396,7 +399,7 @@ func reconcileApplications( ) appStateManager := controller.NewAppStateManager( - argoDB, appClientset, repoServerClient, namespace, kubeutil.NewKubectl(), settingsMgr, stateCache, projInformer, server, cache, time.Second, argo.NewResourceTracking(), false, 0, serverSideDiff) + argoDB, appClientset, repoServerClient, namespace, kubeutil.NewKubectl(), settingsMgr, stateCache, projInformer, server, cache, time.Second, argo.NewResourceTracking(), false, 0, serverSideDiff, ignoreNormalizerOpts) appsList, err := appClientset.ArgoprojV1alpha1().Applications(namespace).List(ctx, v1.ListOptions{LabelSelector: selector}) if err != nil { diff --git a/cmd/argocd/commands/admin/app_test.go b/cmd/argocd/commands/admin/app_test.go index a0284fe8ffa09..c7bc515094439 100644 --- a/cmd/argocd/commands/admin/app_test.go +++ b/cmd/argocd/commands/admin/app_test.go @@ -23,6 +23,7 @@ import ( argocdclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks" "github.com/argoproj/argo-cd/v2/test" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/settings" ) @@ -114,6 +115,7 @@ func TestGetReconcileResults_Refresh(t *testing.T) { return &liveStateCache }, false, + normalizers.IgnoreNormalizerOpts{}, ) if !assert.NoError(t, err) { diff --git a/cmd/argocd/commands/admin/cluster.go b/cmd/argocd/commands/admin/cluster.go index 2e833a68927f4..9d70ac3f8c778 100644 --- a/cmd/argocd/commands/admin/cluster.go +++ b/cmd/argocd/commands/admin/cluster.go @@ -19,7 +19,7 @@ import ( "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" cmdutil "github.com/argoproj/argo-cd/v2/cmd/util" "github.com/argoproj/argo-cd/v2/common" @@ -141,7 +141,7 @@ func loadClusters(ctx context.Context, kubeClient *kubernetes.Clientset, appClie cluster := batch[i] if replicas > 0 { clusterShard = clusterShards[cluster.Server] - cluster.Shard = pointer.Int64(int64(clusterShard)) + cluster.Shard = ptr.To(int64(clusterShard)) log.Infof("Cluster with uid: %s will be processed by shard %d", cluster.ID, clusterShard) } if shard != -1 && clusterShard != shard { diff --git a/cmd/argocd/commands/admin/redis_initial_password.go b/cmd/argocd/commands/admin/redis_initial_password.go new file mode 100644 index 0000000000000..8fa1e70ad890e --- /dev/null +++ b/cmd/argocd/commands/admin/redis_initial_password.go @@ -0,0 +1,98 @@ +package admin + +import ( + "context" + "crypto/rand" + "fmt" + "math/big" + + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/cli" + apierr "k8s.io/apimachinery/pkg/api/errors" + + "github.com/argoproj/argo-cd/v2/util/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" + + "github.com/spf13/cobra" + corev1 "k8s.io/api/core/v1" +) + +const defaulRedisInitialPasswordSecretName = "argocd-redis" +const defaultResisInitialPasswordKey = "auth" + +func generateRandomPassword() (string, error) { + const initialPasswordLength = 16 + const letters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-" + randBytes := make([]byte, initialPasswordLength) + for i := 0; i < initialPasswordLength; i++ { + num, err := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) + if err != nil { + return "", err + } + randBytes[i] = letters[num.Int64()] + } + initialPassword := string(randBytes) + return initialPassword, nil +} + +// NewRedisInitialPasswordCommand defines a new command to ensure Argo CD Redis password secret exists. +func NewRedisInitialPasswordCommand() *cobra.Command { + var ( + clientConfig clientcmd.ClientConfig + ) + var command = cobra.Command{ + Use: "redis-initial-password", + Short: "Ensure the Redis password exists, creating a new one if necessary.", + Run: func(c *cobra.Command, args []string) { + namespace, _, err := clientConfig.Namespace() + errors.CheckError(err) + + redisInitialPasswordSecretName := defaulRedisInitialPasswordSecretName + redisInitialPasswordKey := defaultResisInitialPasswordKey + fmt.Printf("Checking for initial Redis password in secret %s/%s at key %s. \n", namespace, redisInitialPasswordSecretName, redisInitialPasswordKey) + + config, err := clientConfig.ClientConfig() + errors.CheckError(err) + errors.CheckError(v1alpha1.SetK8SConfigDefaults(config)) + + kubeClientset := kubernetes.NewForConfigOrDie(config) + + randomPassword, err := generateRandomPassword() + errors.CheckError(err) + + data := map[string][]byte{ + redisInitialPasswordKey: []byte(randomPassword), + } + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: redisInitialPasswordSecretName, + Namespace: namespace, + }, + Data: data, + Type: corev1.SecretTypeOpaque, + } + _, err = kubeClientset.CoreV1().Secrets(namespace).Create(context.Background(), secret, metav1.CreateOptions{}) + if err != nil && !apierr.IsAlreadyExists(err) { + errors.CheckError(err) + } + + fmt.Println("Argo CD Redis secret state confirmed: secret name argocd-redis.") + secret, err = kubeClientset.CoreV1().Secrets(namespace).Get(context.Background(), redisInitialPasswordSecretName, v1.GetOptions{}) + errors.CheckError(err) + + if _, ok := secret.Data[redisInitialPasswordKey]; ok { + fmt.Println("Password secret is configured properly.") + } else { + err := fmt.Errorf("key %s doesn't exist in secret %s. \n", redisInitialPasswordKey, redisInitialPasswordSecretName) + errors.CheckError(err) + } + }, + } + + clientConfig = cli.AddKubectlFlagsToCmd(&command) + + return &command +} diff --git a/cmd/argocd/commands/admin/settings.go b/cmd/argocd/commands/admin/settings.go index 0274b4a422f09..d739031a7944a 100644 --- a/cmd/argocd/commands/admin/settings.go +++ b/cmd/argocd/commands/admin/settings.go @@ -428,7 +428,7 @@ argocd admin settings resource-overrides ignore-differences ./deploy.yaml --argo // configurations. This requires access to live resources which is not the // purpose of this command. This will just apply jsonPointers and // jqPathExpressions configurations. - normalizer, err := normalizers.NewIgnoreNormalizer(nil, overrides) + normalizer, err := normalizers.NewIgnoreNormalizer(nil, overrides, normalizers.IgnoreNormalizerOpts{}) errors.CheckError(err) normalizedRes := res.DeepCopy() @@ -453,6 +453,9 @@ argocd admin settings resource-overrides ignore-differences ./deploy.yaml --argo } func NewResourceIgnoreResourceUpdatesCommand(cmdCtx commandContext) *cobra.Command { + var ( + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts + ) var command = &cobra.Command{ Use: "ignore-resource-updates RESOURCE_YAML_PATH", Short: "Renders fields excluded from resource updates", @@ -474,7 +477,7 @@ argocd admin settings resource-overrides ignore-resource-updates ./deploy.yaml - return } - normalizer, err := normalizers.NewIgnoreNormalizer(nil, overrides) + normalizer, err := normalizers.NewIgnoreNormalizer(nil, overrides, ignoreNormalizerOpts) errors.CheckError(err) normalizedRes := res.DeepCopy() @@ -495,6 +498,7 @@ argocd admin settings resource-overrides ignore-resource-updates ./deploy.yaml - }) }, } + command.Flags().DurationVar(&ignoreNormalizerOpts.JQExecutionTimeout, "ignore-normalizer-jq-execution-timeout", normalizers.DefaultJQExecutionTimeout, "Set ignore normalizer JQ execution timeout") return command } diff --git a/cmd/argocd/commands/admin/settings_rbac.go b/cmd/argocd/commands/admin/settings_rbac.go index 1c09fa0d1cfe7..eaf12e67a1a17 100644 --- a/cmd/argocd/commands/admin/settings_rbac.go +++ b/cmd/argocd/commands/admin/settings_rbac.go @@ -21,6 +21,12 @@ import ( "github.com/argoproj/argo-cd/v2/util/rbac" ) +type actionTraitMap map[string]rbacTrait + +type rbacTrait struct { + allowPath bool +} + // Provide a mapping of short-hand resource names to their RBAC counterparts var resourceMap map[string]string = map[string]string{ "account": rbacpolicy.ResourceAccounts, @@ -32,6 +38,7 @@ var resourceMap map[string]string = map[string]string{ "certs": rbacpolicy.ResourceCertificates, "certificate": rbacpolicy.ResourceCertificates, "cluster": rbacpolicy.ResourceClusters, + "extension": rbacpolicy.ResourceExtensions, "gpgkey": rbacpolicy.ResourceGPGKeys, "key": rbacpolicy.ResourceGPGKeys, "log": rbacpolicy.ResourceLogs, @@ -46,28 +53,53 @@ var resourceMap map[string]string = map[string]string{ } // List of allowed RBAC resources -var validRBACResources map[string]bool = map[string]bool{ - rbacpolicy.ResourceAccounts: true, - rbacpolicy.ResourceApplications: true, - rbacpolicy.ResourceApplicationSets: true, - rbacpolicy.ResourceCertificates: true, - rbacpolicy.ResourceClusters: true, - rbacpolicy.ResourceGPGKeys: true, - rbacpolicy.ResourceLogs: true, - rbacpolicy.ResourceExec: true, - rbacpolicy.ResourceProjects: true, - rbacpolicy.ResourceRepositories: true, +var validRBACResourcesActions map[string]actionTraitMap = map[string]actionTraitMap{ + rbacpolicy.ResourceAccounts: accountsActions, + rbacpolicy.ResourceApplications: applicationsActions, + rbacpolicy.ResourceApplicationSets: defaultCRUDActions, + rbacpolicy.ResourceCertificates: defaultCRDActions, + rbacpolicy.ResourceClusters: defaultCRUDActions, + rbacpolicy.ResourceExtensions: extensionActions, + rbacpolicy.ResourceGPGKeys: defaultCRDActions, + rbacpolicy.ResourceLogs: logsActions, + rbacpolicy.ResourceExec: execActions, + rbacpolicy.ResourceProjects: defaultCRUDActions, + rbacpolicy.ResourceRepositories: defaultCRUDActions, } // List of allowed RBAC actions -var validRBACActions map[string]bool = map[string]bool{ - rbacpolicy.ActionAction: true, - rbacpolicy.ActionCreate: true, - rbacpolicy.ActionDelete: true, - rbacpolicy.ActionGet: true, - rbacpolicy.ActionOverride: true, - rbacpolicy.ActionSync: true, - rbacpolicy.ActionUpdate: true, +var defaultCRUDActions = actionTraitMap{ + rbacpolicy.ActionCreate: rbacTrait{}, + rbacpolicy.ActionGet: rbacTrait{}, + rbacpolicy.ActionUpdate: rbacTrait{}, + rbacpolicy.ActionDelete: rbacTrait{}, +} +var defaultCRDActions = actionTraitMap{ + rbacpolicy.ActionCreate: rbacTrait{}, + rbacpolicy.ActionGet: rbacTrait{}, + rbacpolicy.ActionDelete: rbacTrait{}, +} +var applicationsActions = actionTraitMap{ + rbacpolicy.ActionCreate: rbacTrait{}, + rbacpolicy.ActionGet: rbacTrait{}, + rbacpolicy.ActionUpdate: rbacTrait{allowPath: true}, + rbacpolicy.ActionDelete: rbacTrait{allowPath: true}, + rbacpolicy.ActionAction: rbacTrait{allowPath: true}, + rbacpolicy.ActionOverride: rbacTrait{}, + rbacpolicy.ActionSync: rbacTrait{}, +} +var accountsActions = actionTraitMap{ + rbacpolicy.ActionCreate: rbacTrait{}, + rbacpolicy.ActionUpdate: rbacTrait{}, +} +var execActions = actionTraitMap{ + rbacpolicy.ActionCreate: rbacTrait{}, +} +var logsActions = actionTraitMap{ + rbacpolicy.ActionGet: rbacTrait{}, +} +var extensionActions = actionTraitMap{ + rbacpolicy.ActionInvoke: rbacTrait{}, } // NewRBACCommand is the command for 'rbac' @@ -221,8 +253,8 @@ argocd admin settings rbac validate --policy-file policy.csv # i.e. 'policy.csv' and (optionally) 'policy.default' argocd admin settings rbac validate --policy-file argocd-rbac-cm.yaml -# If --policy-file is not given, and instead --namespace is giventhe ConfigMap 'argocd-rbac-cm' -# from K8s is used. +# If --policy-file is not given, and instead --namespace is giventhe ConfigMap 'argocd-rbac-cm' +# from K8s is used. argocd admin settings rbac validate --namespace argocd # Either --policy-file or --namespace must be given. @@ -376,11 +408,9 @@ func checkPolicy(subject, action, resource, subResource, builtinPolicy, userPoli // If in strict mode, validate that given RBAC resource and action are // actually valid tokens. if strict { - if !isValidRBACResource(realResource) { - log.Fatalf("error in RBAC request: '%s' is not a valid resource name", realResource) - } - if !isValidRBACAction(action) { - log.Fatalf("error in RBAC request: '%s' is not a valid action name", action) + if err := validateRBACResourceAction(realResource, action); err != nil { + log.Fatalf("error in RBAC request: %v", err) + return false } } @@ -406,17 +436,18 @@ func resolveRBACResourceName(name string) string { } } -// isValidRBACAction checks whether a given action is a valid RBAC action -func isValidRBACAction(action string) bool { - if strings.HasPrefix(action, rbacpolicy.ActionAction+"/") { - return true +// validateRBACResourceAction checks whether a given resource is a valid RBAC resource. +// If it is, it validates that the action is a valid RBAC action for this resource. +func validateRBACResourceAction(resource, action string) error { + validActions, ok := validRBACResourcesActions[resource] + if !ok { + return fmt.Errorf("'%s' is not a valid resource name", resource) } - _, ok := validRBACActions[action] - return ok -} -// isValidRBACResource checks whether a given resource is a valid RBAC resource -func isValidRBACResource(resource string) bool { - _, ok := validRBACResources[resource] - return ok + realAction, _, hasPath := strings.Cut(action, "/") + actionTrait, ok := validActions[realAction] + if !ok || hasPath && !actionTrait.allowPath { + return fmt.Errorf("'%s' is not a valid action for %s", action, resource) + } + return nil } diff --git a/cmd/argocd/commands/admin/settings_rbac_test.go b/cmd/argocd/commands/admin/settings_rbac_test.go index 79835ffd0c14d..1821d7a7af796 100644 --- a/cmd/argocd/commands/admin/settings_rbac_test.go +++ b/cmd/argocd/commands/admin/settings_rbac_test.go @@ -5,6 +5,7 @@ import ( "os" "testing" + "github.com/argoproj/argo-cd/v2/server/rbacpolicy" "github.com/argoproj/argo-cd/v2/util/assets" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -41,35 +42,75 @@ func (f *FakeClientConfig) ConfigAccess() clientcmd.ConfigAccess { return nil } -func Test_isValidRBACAction(t *testing.T) { - for k := range validRBACActions { - t.Run(k, func(t *testing.T) { - ok := isValidRBACAction(k) - assert.True(t, ok) - }) +func Test_validateRBACResourceAction(t *testing.T) { + type args struct { + resource string + action string + } + tests := []struct { + name string + args args + valid bool + }{ + { + name: "Test valid resource and action", + args: args{ + resource: rbacpolicy.ResourceApplications, + action: rbacpolicy.ActionCreate, + }, + valid: true, + }, + { + name: "Test invalid resource", + args: args{ + resource: "invalid", + }, + valid: false, + }, + { + name: "Test invalid action", + args: args{ + resource: rbacpolicy.ResourceApplications, + action: "invalid", + }, + valid: false, + }, + { + name: "Test invalid action for resource", + args: args{ + resource: rbacpolicy.ResourceLogs, + action: rbacpolicy.ActionCreate, + }, + valid: false, + }, + { + name: "Test valid action with path", + args: args{ + resource: rbacpolicy.ResourceApplications, + action: rbacpolicy.ActionAction + "/apps/Deployment/restart", + }, + valid: true, + }, + { + name: "Test invalid action with path", + args: args{ + resource: rbacpolicy.ResourceApplications, + action: rbacpolicy.ActionGet + "/apps/Deployment/restart", + }, + valid: false, + }, } - t.Run("invalid", func(t *testing.T) { - ok := isValidRBACAction("invalid") - assert.False(t, ok) - }) -} - -func Test_isValidRBACAction_ActionAction(t *testing.T) { - ok := isValidRBACAction("action/apps/Deployment/restart") - assert.True(t, ok) -} -func Test_isValidRBACResource(t *testing.T) { - for k := range validRBACResources { - t.Run(k, func(t *testing.T) { - ok := isValidRBACResource(k) - assert.True(t, ok) + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := validateRBACResourceAction(tt.args.resource, tt.args.action) + if tt.valid { + assert.NoError(t, result) + } else { + assert.NotNil(t, result) + } }) } - t.Run("invalid", func(t *testing.T) { - ok := isValidRBACResource("invalid") - assert.False(t, ok) - }) } func Test_PolicyFromCSV(t *testing.T) { diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index 0bfa8a7242801..ced5b3b0b1f81 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -29,7 +29,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" k8swatch "k8s.io/apimachinery/pkg/watch" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/yaml" "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless" @@ -45,11 +45,13 @@ import ( "github.com/argoproj/argo-cd/v2/reposerver/repository" "github.com/argoproj/argo-cd/v2/util/argo" argodiff "github.com/argoproj/argo-cd/v2/util/argo/diff" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" "github.com/argoproj/argo-cd/v2/util/cli" "github.com/argoproj/argo-cd/v2/util/errors" "github.com/argoproj/argo-cd/v2/util/git" "github.com/argoproj/argo-cd/v2/util/grpc" argoio "github.com/argoproj/argo-cd/v2/util/io" + logutils "github.com/argoproj/argo-cd/v2/util/log" "github.com/argoproj/argo-cd/v2/util/manifeststream" "github.com/argoproj/argo-cd/v2/util/templates" "github.com/argoproj/argo-cd/v2/util/text/label" @@ -495,16 +497,16 @@ func NewApplicationLogsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co stream, err := appIf.PodLogs(ctx, &application.ApplicationPodLogsQuery{ Name: &appName, Group: &group, - Namespace: pointer.String(namespace), + Namespace: ptr.To(namespace), Kind: &kind, ResourceName: &resourceName, - Follow: pointer.Bool(follow), - TailLines: pointer.Int64(tail), - SinceSeconds: pointer.Int64(sinceSeconds), + Follow: ptr.To(follow), + TailLines: ptr.To(tail), + SinceSeconds: ptr.To(sinceSeconds), UntilTime: &untilTime, Filter: &filter, - Container: pointer.String(container), - Previous: pointer.Bool(previous), + Container: ptr.To(container), + Previous: ptr.To(previous), AppNamespace: &appNs, }) if err != nil { @@ -879,7 +881,7 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C } } - source := app.Spec.GetSourcePtr(sourcePosition) + source := app.Spec.GetSourcePtrByPosition(sourcePosition) updated, nothingToUnset := unset(source, opts) if nothingToUnset { @@ -1116,17 +1118,18 @@ type objKeyLiveTarget struct { // NewApplicationDiffCommand returns a new instance of an `argocd app diff` command func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( - refresh bool - hardRefresh bool - exitCode bool - local string - revision string - localRepoRoot string - serverSideGenerate bool - localIncludes []string - appNamespace string - revisions []string - sourcePositions []int64 + refresh bool + hardRefresh bool + exitCode bool + local string + revision string + localRepoRoot string + serverSideGenerate bool + localIncludes []string + appNamespace string + revisions []string + sourcePositions []int64 + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts ) shortDesc := "Perform a diff against the target and live state." var command = &cobra.Command{ @@ -1218,7 +1221,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co } } proj := getProject(c, clientOpts, ctx, app.Spec.Project) - foundDiffs := findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption) + foundDiffs := findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption, ignoreNormalizerOpts) if foundDiffs && exitCode { os.Exit(1) } @@ -1235,6 +1238,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co command.Flags().StringVarP(&appNamespace, "app-namespace", "N", "", "Only render the difference in namespace") command.Flags().StringArrayVar(&revisions, "revisions", []string{}, "Show manifests at specific revisions for source position in source-positions") command.Flags().Int64SliceVar(&sourcePositions, "source-positions", []int64{}, "List of source positions. Default is empty array. Counting start at 1.") + command.Flags().DurationVar(&ignoreNormalizerOpts.JQExecutionTimeout, "ignore-normalizer-jq-execution-timeout", normalizers.DefaultJQExecutionTimeout, "Set ignore normalizer JQ execution timeout") return command } @@ -1251,7 +1255,7 @@ type DifferenceOption struct { } // findandPrintDiff ... Prints difference between application current state and state stored in git or locally, returns boolean as true if difference is found else returns false -func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, resources *application.ManagedResourcesResponse, argoSettings *settings.Settings, diffOptions *DifferenceOption) bool { +func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, resources *application.ManagedResourcesResponse, argoSettings *settings.Settings, diffOptions *DifferenceOption, ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts) bool { var foundDiffs bool liveObjs, err := cmdutil.LiveObjects(resources.Items) errors.CheckError(err) @@ -1306,9 +1310,10 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg // compareOptions in the protobuf ignoreAggregatedRoles := false diffConfig, err := argodiff.NewDiffConfigBuilder(). - WithDiffSettings(app.Spec.IgnoreDifferences, overrides, ignoreAggregatedRoles). + WithDiffSettings(app.Spec.IgnoreDifferences, overrides, ignoreAggregatedRoles, ignoreNormalizerOpts). WithTracking(argoSettings.AppLabelKey, argoSettings.TrackingMethod). WithNoCache(). + WithLogger(logutils.NewLogrusLogger(logutils.NewWithCurrentConfig())). Build() errors.CheckError(err) diffRes, err := argodiff.StateDiff(item.live, item.target, diffConfig) @@ -1552,7 +1557,7 @@ func NewApplicationListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() defer argoio.Close(conn) apps, err := appIf.List(ctx, &application.ApplicationQuery{ - Selector: pointer.String(selector), + Selector: ptr.To(selector), AppNamespace: &appNamespace, }) @@ -1744,7 +1749,7 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co closer, appIf := acdClient.NewApplicationClientOrDie() defer argoio.Close(closer) if selector != "" { - list, err := appIf.List(ctx, &application.ApplicationQuery{Selector: pointer.String(selector)}) + list, err := appIf.List(ctx, &application.ApplicationQuery{Selector: ptr.To(selector)}) errors.CheckError(err) for _, i := range list.Items { appNames = append(appNames, i.QualifiedName()) @@ -1804,6 +1809,8 @@ func printTreeViewDetailed(nodeMapping map[string]argoappv1.ResourceNode, parent func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( revision string + revisions []string + sourcePositions []int64 resources []string labels []string selector string @@ -1828,6 +1835,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co projects []string output string appNamespace string + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts ) var command = &cobra.Command{ Use: "sync [APPNAME... | -l selector | --project project-name]", @@ -1845,6 +1853,9 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co argocd app sync -l '!app.kubernetes.io/instance' argocd app sync -l 'app.kubernetes.io/instance notin (my-app,other-app)' + # Sync a multi-source application for specific revision of specific sources + argocd app manifests my-app --revisions 0.0.1 --source-positions 1 --revisions 0.0.2 --source-positions 2 + # Sync a specific resource # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME argocd app sync my-app --resource :Service:my-service @@ -1863,6 +1874,21 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co if len(args) > 1 && selector != "" { log.Fatal("Cannot use selector option when application name(s) passed as argument(s)") } + + if len(args) != 1 && (len(revisions) > 0 || len(sourcePositions) > 0) { + log.Fatal("Cannot use --revisions and --source-positions options when 0 or more than 1 application names are passed as argument(s)") + } + + if len(revisions) != len(sourcePositions) { + log.Fatal("While using --revisions and --source-positions, length of values for both flags should be same.") + } + + for _, pos := range sourcePositions { + if pos <= 0 { + log.Fatal("source-position cannot be less than or equal to 0, Counting starts at 1") + } + } + acdClient := headless.NewClientOrDie(clientOpts, c) conn, appIf := acdClient.NewApplicationClientOrDie() defer argoio.Close(conn) @@ -1873,7 +1899,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co appNames := args if selector != "" || len(projects) > 0 { list, err := appIf.List(ctx, &application.ApplicationQuery{ - Selector: pointer.String(selector), + Selector: ptr.To(selector), AppNamespace: &appNamespace, Projects: projects}) errors.CheckError(err) @@ -1904,9 +1930,11 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co if len(selectedLabels) > 0 { q := application.ApplicationManifestQuery{ - Name: &appName, - AppNamespace: &appNs, - Revision: &revision, + Name: &appName, + AppNamespace: &appNs, + Revision: &revision, + Revisions: revisions, + SourcePositions: sourcePositions, } res, err := appIf.GetManifests(ctx, &q) @@ -1949,7 +1977,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co if app.Spec.HasMultipleSources() { if revision != "" { - log.Fatal("argocd cli does not work on multi-source app with --revision flag") + log.Fatal("argocd cli does not work on multi-source app with --revision flag. Use --revisions and --source-position instead.") return } @@ -2014,15 +2042,17 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co } syncReq := application.ApplicationSyncRequest{ - Name: &appName, - AppNamespace: &appNs, - DryRun: &dryRun, - Revision: &revision, - Resources: filteredResources, - Prune: &prune, - Manifests: localObjsStrings, - Infos: getInfos(infos), - SyncOptions: syncOptionsFactory(), + Name: &appName, + AppNamespace: &appNs, + DryRun: &dryRun, + Revision: &revision, + Resources: filteredResources, + Prune: &prune, + Manifests: localObjsStrings, + Infos: getInfos(infos), + SyncOptions: syncOptionsFactory(), + Revisions: revisions, + SourcePositions: sourcePositions, } switch strategy { @@ -2041,7 +2071,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co Backoff: &argoappv1.Backoff{ Duration: retryBackoffDuration.String(), MaxDuration: retryBackoffMaxDuration.String(), - Factor: pointer.Int64(retryBackoffFactor), + Factor: ptr.To(retryBackoffFactor), }, } } @@ -2059,7 +2089,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co fmt.Printf("====== Previewing differences between live and desired state of application %s ======\n", appQualifiedName) proj := getProject(c, clientOpts, ctx, app.Spec.Project) - foundDiffs = findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption) + foundDiffs = findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption, ignoreNormalizerOpts) if foundDiffs { if !diffChangesConfirm { yesno := cli.AskToProceed(fmt.Sprintf("Please review changes to application %s shown above. Do you want to continue the sync process? (y/n): ", appQualifiedName)) @@ -2118,13 +2148,16 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co command.Flags().StringArrayVar(&projects, "project", []string{}, "Sync apps that belong to the specified projects. This option may be specified repeatedly.") command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|tree|tree=detailed") command.Flags().StringVarP(&appNamespace, "app-namespace", "N", "", "Only sync an application in namespace") + command.Flags().DurationVar(&ignoreNormalizerOpts.JQExecutionTimeout, "ignore-normalizer-jq-execution-timeout", normalizers.DefaultJQExecutionTimeout, "Set ignore normalizer JQ execution timeout") + command.Flags().StringArrayVar(&revisions, "revisions", []string{}, "Show manifests at specific revisions for source position in source-positions") + command.Flags().Int64SliceVar(&sourcePositions, "source-positions", []int64{}, "List of source positions. Default is empty array. Counting start at 1.") return command } func getAppNamesBySelector(ctx context.Context, appIf application.ApplicationServiceClient, selector string) ([]string, error) { appNames := []string{} if selector != "" { - list, err := appIf.List(ctx, &application.ApplicationQuery{Selector: pointer.String(selector)}) + list, err := appIf.List(ctx, &application.ApplicationQuery{Selector: ptr.To(selector)}) if err != nil { return []string{}, err } @@ -2306,7 +2339,7 @@ func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string func resourceParentChild(ctx context.Context, acdClient argocdclient.Client, appName string, appNs string) (map[string]argoappv1.ResourceNode, map[string][]string, map[string]struct{}, map[string]*resourceState) { _, appIf := acdClient.NewApplicationClientOrDie() mapUidToNode, mapParentToChild, parentNode := parentChildDetails(appIf, ctx, appName, appNs) - app, err := appIf.Get(ctx, &application.ApplicationQuery{Name: pointer.String(appName), AppNamespace: pointer.String(appNs)}) + app, err := appIf.Get(ctx, &application.ApplicationQuery{Name: ptr.To(appName), AppNamespace: ptr.To(appNs)}) errors.CheckError(err) mapNodeNameToResourceState := make(map[string]*resourceState) for _, res := range getResourceStates(app, nil) { @@ -2500,7 +2533,7 @@ func setParameterOverrides(app *argoappv1.Application, parameters []string, sour if len(parameters) == 0 { return } - source := app.Spec.GetSourcePtr(sourcePosition) + source := app.Spec.GetSourcePtrByPosition(sourcePosition) var sourceType argoappv1.ApplicationSourceType if st, _ := source.ExplicitType(); st != nil { sourceType = *st @@ -2686,8 +2719,8 @@ func NewApplicationRollbackCommand(clientOpts *argocdclient.ClientOptions) *cobr _, err = appIf.Rollback(ctx, &application.ApplicationRollbackRequest{ Name: &appName, AppNamespace: &appNs, - Id: pointer.Int64(depInfo.ID), - Prune: pointer.Bool(prune), + Id: ptr.To(depInfo.ID), + Prune: ptr.To(prune), }) errors.CheckError(err) @@ -2810,7 +2843,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob q := application.ApplicationManifestQuery{ Name: &appName, AppNamespace: &appNs, - Revision: pointer.String(revision), + Revision: ptr.To(revision), Revisions: revisions, SourcePositions: sourcePositions, } @@ -2826,7 +2859,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob q := application.ApplicationManifestQuery{ Name: &appName, AppNamespace: &appNs, - Revision: pointer.String(revision), + Revision: ptr.To(revision), } res, err := appIf.GetManifests(ctx, &q) errors.CheckError(err) diff --git a/cmd/argocd/commands/app_actions.go b/cmd/argocd/commands/app_actions.go index 866aed5ae349e..6c28ac6eed627 100644 --- a/cmd/argocd/commands/app_actions.go +++ b/cmd/argocd/commands/app_actions.go @@ -4,16 +4,17 @@ import ( "context" "encoding/json" "fmt" - "github.com/argoproj/argo-cd/v2/util/templates" "os" "strconv" "text/tabwriter" + "github.com/argoproj/argo-cd/v2/util/templates" + "github.com/argoproj/argo-cd/v2/cmd/util" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/yaml" "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless" @@ -96,11 +97,11 @@ func NewApplicationResourceActionsListCommand(clientOpts *argocdclient.ClientOpt availActionsForResource, err := appIf.ListResourceActions(ctx, &applicationpkg.ApplicationResourceRequest{ Name: &appName, AppNamespace: &appNs, - Namespace: pointer.String(obj.GetNamespace()), - ResourceName: pointer.String(obj.GetName()), - Group: pointer.String(gvk.Group), - Kind: pointer.String(gvk.Kind), - Version: pointer.String(gvk.Version), + Namespace: ptr.To(obj.GetNamespace()), + ResourceName: ptr.To(obj.GetName()), + Group: ptr.To(gvk.Group), + Kind: ptr.To(gvk.Kind), + Version: ptr.To(gvk.Version), }) errors.CheckError(err) for _, action := range availActionsForResource.Actions { @@ -195,12 +196,12 @@ func NewApplicationResourceActionsRunCommand(clientOpts *argocdclient.ClientOpti _, err := appIf.RunResourceAction(ctx, &applicationpkg.ResourceActionRunRequest{ Name: &appName, AppNamespace: &appNs, - Namespace: pointer.String(obj.GetNamespace()), - ResourceName: pointer.String(objResourceName), - Group: pointer.String(gvk.Group), - Kind: pointer.String(gvk.Kind), - Version: pointer.String(gvk.GroupVersion().Version), - Action: pointer.String(actionName), + Namespace: ptr.To(obj.GetNamespace()), + ResourceName: ptr.To(objResourceName), + Group: ptr.To(gvk.Group), + Kind: ptr.To(gvk.Kind), + Version: ptr.To(gvk.GroupVersion().Version), + Action: ptr.To(actionName), }) errors.CheckError(err) } diff --git a/cmd/argocd/commands/app_resources.go b/cmd/argocd/commands/app_resources.go index 4cffb706ff1bc..d58808f96f243 100644 --- a/cmd/argocd/commands/app_resources.go +++ b/cmd/argocd/commands/app_resources.go @@ -11,7 +11,7 @@ import ( log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "k8s.io/apimachinery/pkg/types" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless" argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient" @@ -71,14 +71,14 @@ func NewApplicationPatchResourceCommand(clientOpts *argocdclient.ClientOptions) _, err = appIf.PatchResource(ctx, &applicationpkg.ApplicationResourcePatchRequest{ Name: &appName, AppNamespace: &appNs, - Namespace: pointer.String(obj.GetNamespace()), - ResourceName: pointer.String(obj.GetName()), - Version: pointer.String(gvk.Version), - Group: pointer.String(gvk.Group), - Kind: pointer.String(gvk.Kind), - Patch: pointer.String(patch), - PatchType: pointer.String(patchType), - Project: pointer.String(project), + Namespace: ptr.To(obj.GetNamespace()), + ResourceName: ptr.To(obj.GetName()), + Version: ptr.To(gvk.Version), + Group: ptr.To(gvk.Group), + Kind: ptr.To(gvk.Kind), + Patch: ptr.To(patch), + PatchType: ptr.To(patchType), + Project: ptr.To(project), }) errors.CheckError(err) log.Infof("Resource '%s' patched", obj.GetName()) @@ -108,8 +108,8 @@ func NewApplicationDeleteResourceCommand(clientOpts *argocdclient.ClientOptions) errors.CheckError(err) command.Flags().StringVar(&group, "group", "", "Group") command.Flags().StringVar(&namespace, "namespace", "", "Namespace") - command.Flags().BoolVar(&force, "force", false, "Indicates whether to orphan the dependents of the deleted resource") - command.Flags().BoolVar(&orphan, "orphan", false, "Indicates whether to force delete the resource") + command.Flags().BoolVar(&force, "force", false, "Indicates whether to force delete the resource") + command.Flags().BoolVar(&orphan, "orphan", false, "Indicates whether to orphan the dependents of the deleted resource") command.Flags().BoolVar(&all, "all", false, "Indicates whether to patch multiple matching of resources") command.Flags().StringVar(&project, "project", "", `The name of the application's project - specifying this allows the command to report "not found" instead of "permission denied" if the app does not exist`) command.Run = func(c *cobra.Command, args []string) { @@ -136,14 +136,14 @@ func NewApplicationDeleteResourceCommand(clientOpts *argocdclient.ClientOptions) _, err = appIf.DeleteResource(ctx, &applicationpkg.ApplicationResourceDeleteRequest{ Name: &appName, AppNamespace: &appNs, - Namespace: pointer.String(obj.GetNamespace()), - ResourceName: pointer.String(obj.GetName()), - Version: pointer.String(gvk.Version), - Group: pointer.String(gvk.Group), - Kind: pointer.String(gvk.Kind), + Namespace: ptr.To(obj.GetNamespace()), + ResourceName: ptr.To(obj.GetName()), + Version: ptr.To(gvk.Version), + Group: ptr.To(gvk.Group), + Kind: ptr.To(gvk.Kind), Force: &force, Orphan: &orphan, - Project: pointer.String(project), + Project: ptr.To(project), }) errors.CheckError(err) log.Infof("Resource '%s' deleted", obj.GetName()) diff --git a/cmd/argocd/commands/app_test.go b/cmd/argocd/commands/app_test.go index ec9dcdf0f8e65..82cfc6cf76377 100644 --- a/cmd/argocd/commands/app_test.go +++ b/cmd/argocd/commands/app_test.go @@ -1357,47 +1357,47 @@ func TestFilterAppResources(t *testing.T) { expectedResult []*v1alpha1.SyncOperationResource }{ // --resource apps:ReplicaSet:replicaSet-name1 --resource *:Service:* - {testName: "Include ReplicaSet replicaSet-name1 resouce and all service resources", + {testName: "Include ReplicaSet replicaSet-name1 resource and all service resources", selectedResources: []*v1alpha1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSet1Resource}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &service1, &service2}, }, // --resource apps:ReplicaSet:replicaSet-name1 --resource !*:Service:* - {testName: "Include ReplicaSet replicaSet-name1 resouce and exclude all service resources", + {testName: "Include ReplicaSet replicaSet-name1 resource and exclude all service resources", selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllServiceResources, &includeReplicaSet1Resource}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, }, // --resource !apps:ReplicaSet:replicaSet-name2 --resource !*:Service:* - {testName: "Exclude ReplicaSet replicaSet-name2 resouce and all service resources", + {testName: "Exclude ReplicaSet replicaSet-name2 resource and all service resources", selectedResources: []*v1alpha1.SyncOperationResource{&excludeReplicaSet2Resource, &excludeAllServiceResources}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, }, // --resource !apps:ReplicaSet:replicaSet-name2 - {testName: "Exclude ReplicaSet replicaSet-name2 resouce", + {testName: "Exclude ReplicaSet replicaSet-name2 resource", selectedResources: []*v1alpha1.SyncOperationResource{&excludeReplicaSet2Resource}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &job, &service1, &service2, &deployment}, }, // --resource apps:ReplicaSet:replicaSet-name1 - {testName: "Include ReplicaSet replicaSet-name1 resouce", + {testName: "Include ReplicaSet replicaSet-name1 resource", selectedResources: []*v1alpha1.SyncOperationResource{&includeReplicaSet1Resource}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1}, }, // --resource !*:Service:* - {testName: "Exclude Service resouces", + {testName: "Exclude Service resources", selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllServiceResources}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, }, // --resource *:Service:* - {testName: "Include Service resouces", + {testName: "Include Service resources", selectedResources: []*v1alpha1.SyncOperationResource{&includeAllServiceResources}, expectedResult: []*v1alpha1.SyncOperationResource{&service1, &service2}, }, // --resource !*:*:* - {testName: "Exclude all resouces", + {testName: "Exclude all resources", selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllResources}, expectedResult: nil, }, // --resource *:*:* - {testName: "Include all resouces", + {testName: "Include all resources", selectedResources: []*v1alpha1.SyncOperationResource{&includeAllResources}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, }, diff --git a/cmd/argocd/commands/cluster.go b/cmd/argocd/commands/cluster.go index f203b82ae9ac0..9fbe0806c3e4a 100644 --- a/cmd/argocd/commands/cluster.go +++ b/cmd/argocd/commands/cluster.go @@ -490,7 +490,7 @@ func NewClusterListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comman # List Clusters in Default "Wide" Format argocd cluster list -# List Cluster via specifing the server +# List Cluster via specifying the server argocd cluster list --server # List Clusters in JSON Format diff --git a/cmd/argocd/commands/headless/headless.go b/cmd/argocd/commands/headless/headless.go index eca3cb0fb498a..179def9b845c1 100644 --- a/cmd/argocd/commands/headless/headless.go +++ b/cmd/argocd/commands/headless/headless.go @@ -23,7 +23,7 @@ import ( "k8s.io/client-go/kubernetes" cache2 "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/clientcmd" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/argoproj/argo-cd/v2/pkg/apiclient" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -205,7 +205,7 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti log.SetLevel(log.ErrorLevel) os.Setenv(v1alpha1.EnvVarFakeInClusterConfig, "true") if address == nil { - address = pointer.String("localhost") + address = ptr.To("localhost") } if port == nil || *port == 0 { addr := fmt.Sprintf("%s:0", *address) diff --git a/cmd/argocd/commands/login.go b/cmd/argocd/commands/login.go index abb2b004291c2..2b356706a0792 100644 --- a/cmd/argocd/commands/login.go +++ b/cmd/argocd/commands/login.go @@ -31,6 +31,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/localconfig" oidcutil "github.com/argoproj/argo-cd/v2/util/oidc" "github.com/argoproj/argo-cd/v2/util/rand" + oidcconfig "github.com/argoproj/argo-cd/v2/util/settings" ) // NewLoginCommand returns a new instance of `argocd login` command @@ -306,6 +307,7 @@ func oauth2Login( fmt.Printf("Opening browser for authentication\n") var url string + var oidcconfig oidcconfig.OIDCConfig grantType := oidcutil.InferGrantType(oidcConf) opts := []oauth2.AuthCodeOption{oauth2.AccessTypeOffline} if claimsRequested := oidcSettings.GetIDTokenClaims(); claimsRequested != nil { @@ -316,6 +318,9 @@ func oauth2Login( case oidcutil.GrantTypeAuthorizationCode: opts = append(opts, oauth2.SetAuthURLParam("code_challenge", codeChallenge)) opts = append(opts, oauth2.SetAuthURLParam("code_challenge_method", "S256")) + if oidcconfig.DomainHint != "" { + opts = append(opts, oauth2.SetAuthURLParam("domain_hint", oidcconfig.DomainHint)) + } url = oauth2conf.AuthCodeURL(stateNonce, opts...) case oidcutil.GrantTypeImplicit: url, err = oidcutil.ImplicitFlowURL(oauth2conf, stateNonce, opts...) diff --git a/cmd/argocd/commands/projectwindows.go b/cmd/argocd/commands/projectwindows.go index 93843130ebb13..35a3441351280 100644 --- a/cmd/argocd/commands/projectwindows.go +++ b/cmd/argocd/commands/projectwindows.go @@ -58,7 +58,7 @@ func NewProjectWindowsDisableManualSyncCommand(clientOpts *argocdclient.ClientOp #Disable manual sync for a sync window for the Project argocd proj windows disable-manual-sync PROJECT ID -#Disbaling manual sync for a windows set on the default project with Id 0 +#Disabling manual sync for a windows set on the default project with Id 0 argocd proj windows disable-manual-sync default 0`, Run: func(c *cobra.Command, args []string) { ctx := c.Context() diff --git a/cmd/util/app.go b/cmd/util/app.go index b1693689004c4..5653f60e585c4 100644 --- a/cmd/util/app.go +++ b/cmd/util/app.go @@ -17,7 +17,7 @@ import ( "github.com/spf13/cobra" "github.com/spf13/pflag" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/argoproj/argo-cd/v2/pkg/apis/application" argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -139,21 +139,21 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) { command.Flags().StringVar(&opts.ref, "ref", "", "Ref is reference to another source within sources field") } -func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, appOpts *AppOptions, index int) int { +func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, appOpts *AppOptions, sourcePosition int) int { visited := 0 if flags == nil { return visited } - source := spec.GetSourcePtr(index) + source := spec.GetSourcePtrByPosition(sourcePosition) if source == nil { source = &argoappv1.ApplicationSource{} } source, visited = ConstructSource(source, *appOpts, flags) if spec.HasMultipleSources() { - if index == 0 { - spec.Sources[index] = *source - } else if index > 0 { - spec.Sources[index-1] = *source + if sourcePosition == 0 { + spec.Sources[sourcePosition] = *source + } else if sourcePosition > 0 { + spec.Sources[sourcePosition-1] = *source } else { spec.Sources = append(spec.Sources, *source) } @@ -218,7 +218,7 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap Backoff: &argoappv1.Backoff{ Duration: appOpts.retryBackoffDuration.String(), MaxDuration: appOpts.retryBackoffMaxDuration.String(), - Factor: pointer.Int64(appOpts.retryBackoffFactor), + Factor: ptr.To(appOpts.retryBackoffFactor), }, } } else if appOpts.retryLimit == 0 { @@ -428,7 +428,7 @@ func SetParameterOverrides(app *argoappv1.Application, parameters []string, inde if len(parameters) == 0 { return } - source := app.Spec.GetSourcePtr(index) + source := app.Spec.GetSourcePtrByIndex(index) var sourceType argoappv1.ApplicationSourceType if st, _ := source.ExplicitType(); st != nil { sourceType = *st diff --git a/cmd/util/project.go b/cmd/util/project.go index fa446ceb3b41c..f84d93ea32c68 100644 --- a/cmd/util/project.go +++ b/cmd/util/project.go @@ -11,7 +11,7 @@ import ( "github.com/spf13/cobra" "github.com/spf13/pflag" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "github.com/argoproj/argo-cd/v2/pkg/apis/application" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -115,7 +115,7 @@ func GetOrphanedResourcesSettings(flagSet *pflag.FlagSet, opts ProjectOpts) *v1a if opts.orphanedResourcesEnabled || warnChanged { settings := v1alpha1.OrphanedResourcesMonitorSettings{} if warnChanged { - settings.Warn = pointer.Bool(opts.orphanedResourcesWarn) + settings.Warn = ptr.To(opts.orphanedResourcesWarn) } return &settings } diff --git a/cmpserver/plugin/plugin.go b/cmpserver/plugin/plugin.go index ca1e7592218ea..89b329beaf994 100644 --- a/cmpserver/plugin/plugin.go +++ b/cmpserver/plugin/plugin.go @@ -128,8 +128,8 @@ func runCommand(ctx context.Context, command Command, path string, env []string) if len(output) == 0 { logCtx.Warn("Plugin command returned zero output") } else { - // Log stderr even on successfull commands to help develop plugins - logCtx.Info("Plugin command successfull") + // Log stderr even on successful commands to help develop plugins + logCtx.Info("Plugin command successful") } return strings.TrimSuffix(output, "\n"), nil diff --git a/cmpserver/server.go b/cmpserver/server.go index 1d07e531394d3..13abb1c02aed0 100644 --- a/cmpserver/server.go +++ b/cmpserver/server.go @@ -46,13 +46,13 @@ func NewServer(initConstants plugin.CMPServerInitConstants) (*ArgoCDCMPServer, e serverLog := log.NewEntry(log.StandardLogger()) streamInterceptors := []grpc.StreamServerInterceptor{ - otelgrpc.StreamServerInterceptor(), + otelgrpc.StreamServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.StreamServerInterceptor(serverLog), grpc_prometheus.StreamServerInterceptor, grpc_util.PanicLoggerStreamServerInterceptor(serverLog), } unaryInterceptors := []grpc.UnaryServerInterceptor{ - otelgrpc.UnaryServerInterceptor(), + otelgrpc.UnaryServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.UnaryServerInterceptor(serverLog), grpc_prometheus.UnaryServerInterceptor, grpc_util.PanicLoggerUnaryServerInterceptor(serverLog), diff --git a/common/common.go b/common/common.go index b825ccddef91f..090cd33965e54 100644 --- a/common/common.go +++ b/common/common.go @@ -113,7 +113,7 @@ const ( // LegacyShardingAlgorithm is the default value for Sharding Algorithm it uses an `uid` based distribution (non-uniform) LegacyShardingAlgorithm = "legacy" - // RoundRobinShardingAlgorithm is a flag value that can be opted for Sharding Algorithm it uses an equal distribution accross all shards + // RoundRobinShardingAlgorithm is a flag value that can be opted for Sharding Algorithm it uses an equal distribution across all shards RoundRobinShardingAlgorithm = "round-robin" // AppControllerHeartbeatUpdateRetryCount is the retry count for updating the Shard Mapping to the Shard Mapping ConfigMap used by Application Controller AppControllerHeartbeatUpdateRetryCount = 3 @@ -206,7 +206,7 @@ const ( EnvVarTLSDataPath = "ARGOCD_TLS_DATA_PATH" // EnvGitAttemptsCount specifies number of git remote operations attempts count EnvGitAttemptsCount = "ARGOCD_GIT_ATTEMPTS_COUNT" - // EnvGitRetryMaxDuration specifices max duration of git remote operation retry + // EnvGitRetryMaxDuration specifies max duration of git remote operation retry EnvGitRetryMaxDuration = "ARGOCD_GIT_RETRY_MAX_DURATION" // EnvGitRetryDuration specifies duration of git remote operation retry EnvGitRetryDuration = "ARGOCD_GIT_RETRY_DURATION" @@ -353,7 +353,7 @@ func GetCMPChunkSize() int { } // GetCMPWorkDir will return the full path of the work directory used by the CMP server. -// This directory and all it's contents will be deleted durring CMP bootstrap. +// This directory and all it's contents will be deleted during CMP bootstrap. func GetCMPWorkDir() string { if workDir := os.Getenv(EnvCMPWorkDir); workDir != "" { return filepath.Join(workDir, DefaultCMPWorkDirName) diff --git a/controller/appcontroller.go b/controller/appcontroller.go index 9d89b6e6b37d6..115e522fde897 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -54,6 +54,7 @@ import ( "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/util/argo" argodiff "github.com/argoproj/argo-cd/v2/util/argo/diff" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" "github.com/argoproj/argo-cd/v2/util/env" kubeerrors "k8s.io/apimachinery/pkg/api/errors" @@ -96,6 +97,15 @@ func (a CompareWith) Pointer() *CompareWith { return &a } +func getAppLog(app *appv1.Application) *log.Entry { + return log.WithFields(log.Fields{ + "application": app.Name, + "app-namespace": app.Namespace, + "app-qualified-name": app.QualifiedName(), + "project": app.Spec.Project, + }) +} + // ApplicationController is the controller for application resources. type ApplicationController struct { cache *appstatecache.Cache @@ -129,6 +139,7 @@ type ApplicationController struct { clusterSharding sharding.ClusterShardingCache projByNameCache sync.Map applicationNamespaces []string + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts // dynamicClusterDistributionEnabled if disabled deploymentInformer is never initialized dynamicClusterDistributionEnabled bool @@ -159,6 +170,7 @@ func NewApplicationController( rateLimiterConfig *ratelimiter.AppControllerRateLimiterConfig, serverSideDiff bool, dynamicClusterDistributionEnabled bool, + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts, ) (*ApplicationController, error) { log.Infof("appResyncPeriod=%v, appHardResyncPeriod=%v, appResyncJitter=%v", appResyncPeriod, appHardResyncPeriod, appResyncJitter) db := db.NewDB(namespace, settingsMgr, kubeClientset) @@ -190,6 +202,7 @@ func NewApplicationController( projByNameCache: sync.Map{}, applicationNamespaces: applicationNamespaces, dynamicClusterDistributionEnabled: dynamicClusterDistributionEnabled, + ignoreNormalizerOpts: ignoreNormalizerOpts, } if kubectlParallelismLimit > 0 { ctrl.kubectlSemaphore = semaphore.NewWeighted(kubectlParallelismLimit) @@ -277,7 +290,7 @@ func NewApplicationController( } } stateCache := statecache.NewLiveStateCache(db, appInformer, ctrl.settingsMgr, kubectl, ctrl.metricsServer, ctrl.handleObjectUpdated, clusterSharding, argo.NewResourceTracking()) - appStateManager := NewAppStateManager(db, applicationClientset, repoClientset, namespace, kubectl, ctrl.settingsMgr, stateCache, projInformer, ctrl.metricsServer, argoCache, ctrl.statusRefreshTimeout, argo.NewResourceTracking(), persistResourceHealth, repoErrorGracePeriod, serverSideDiff) + appStateManager := NewAppStateManager(db, applicationClientset, repoClientset, namespace, kubectl, ctrl.settingsMgr, stateCache, projInformer, ctrl.metricsServer, argoCache, ctrl.statusRefreshTimeout, argo.NewResourceTracking(), persistResourceHealth, repoErrorGracePeriod, serverSideDiff, ignoreNormalizerOpts) ctrl.appInformer = appInformer ctrl.appLister = appLister ctrl.projInformer = projInformer @@ -409,10 +422,11 @@ func (ctrl *ApplicationController) handleObjectUpdated(managedByApp map[string]b continue } + logCtx := getAppLog(app) // Enforce application's permission for the source namespace _, err = ctrl.getAppProj(app) if err != nil { - log.Errorf("Unable to determine project for app '%s': %v", app.QualifiedName(), err) + logCtx.Errorf("Unable to determine project for app '%s': %v", app.QualifiedName(), err) continue } @@ -425,15 +439,14 @@ func (ctrl *ApplicationController) handleObjectUpdated(managedByApp map[string]b if ref.Namespace == "" { namespace = "(cluster-scoped)" } - log.WithFields(log.Fields{ - "application": appKey, - "level": level, - "namespace": namespace, - "name": ref.Name, - "api-version": ref.APIVersion, - "kind": ref.Kind, - "server": app.Spec.Destination.Server, - "cluster-name": app.Spec.Destination.Name, + logCtx.WithFields(log.Fields{ + "comparison-level": level, + "namespace": namespace, + "name": ref.Name, + "api-version": ref.APIVersion, + "kind": ref.Kind, + "server": app.Spec.Destination.Server, + "cluster-name": app.Spec.Destination.Name, }).Debug("Requesting app refresh caused by object update") ctrl.requestAppRefresh(app.QualifiedName(), &level, nil) @@ -728,7 +741,7 @@ func (ctrl *ApplicationController) hideSecretData(app *appv1.Application, compar return nil, fmt.Errorf("error getting cluster cache: %s", err) } diffConfig, err := argodiff.NewDiffConfigBuilder(). - WithDiffSettings(app.Spec.IgnoreDifferences, resourceOverrides, compareOptions.IgnoreAggregatedRoles). + WithDiffSettings(app.Spec.IgnoreDifferences, resourceOverrides, compareOptions.IgnoreAggregatedRoles, ctrl.ignoreNormalizerOpts). WithTracking(appLabelKey, trackingMethod). WithNoCache(). WithLogger(logutils.NewLogrusLogger(logutils.NewWithCurrentConfig())). @@ -910,7 +923,7 @@ func (ctrl *ApplicationController) processAppOperationQueueItem() (processNext b // We cannot rely on informer since applications might be updated by both application controller and api server. freshApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.ObjectMeta.Namespace).Get(context.Background(), app.ObjectMeta.Name, metav1.GetOptions{}) if err != nil { - log.Errorf("Failed to retrieve latest application state: %v", err) + getAppLog(app).Errorf("Failed to retrieve latest application state: %v", err) return } app = freshApp @@ -1057,23 +1070,24 @@ func (ctrl *ApplicationController) getPermittedAppLiveObjects(app *appv1.Applica } func (ctrl *ApplicationController) isValidDestination(app *appv1.Application) (bool, *appv1.Cluster) { + logCtx := getAppLog(app) // Validate the cluster using the Application destination's `name` field, if applicable, // and set the Server field, if needed. if err := argo.ValidateDestination(context.Background(), &app.Spec.Destination, ctrl.db); err != nil { - log.Warnf("Unable to validate destination of the Application being deleted: %v", err) + logCtx.Warnf("Unable to validate destination of the Application being deleted: %v", err) return false, nil } cluster, err := ctrl.db.GetCluster(context.Background(), app.Spec.Destination.Server) if err != nil { - log.Warnf("Unable to locate cluster URL for Application being deleted: %v", err) + logCtx.Warnf("Unable to locate cluster URL for Application being deleted: %v", err) return false, nil } return true, cluster } func (ctrl *ApplicationController) finalizeApplicationDeletion(app *appv1.Application, projectClusters func(project string) ([]*appv1.Cluster, error)) error { - logCtx := log.WithField("application", app.QualifiedName()) + logCtx := getAppLog(app) // Get refreshed application info, since informer app copy might be stale app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace).Get(context.Background(), app.Name, metav1.GetOptions{}) if err != nil { @@ -1221,6 +1235,7 @@ func (ctrl *ApplicationController) updateFinalizers(app *appv1.Application) erro } func (ctrl *ApplicationController) setAppCondition(app *appv1.Application, condition appv1.ApplicationCondition) { + logCtx := getAppLog(app) // do nothing if app already has same condition for _, c := range app.Status.Conditions { if c.Message == condition.Message && c.Type == condition.Type { @@ -1240,12 +1255,12 @@ func (ctrl *ApplicationController) setAppCondition(app *appv1.Application, condi _, err = ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace).Patch(context.Background(), app.Name, types.MergePatchType, patch, metav1.PatchOptions{}) } if err != nil { - log.Errorf("Unable to set application condition: %v", err) + logCtx.Errorf("Unable to set application condition: %v", err) } } func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Application) { - logCtx := log.WithField("application", app.QualifiedName()) + logCtx := getAppLog(app) var state *appv1.OperationState // Recover from any unexpected panics and automatically set the status to be failed defer func() { @@ -1352,7 +1367,7 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli // sync/health information if _, err := cache.MetaNamespaceKeyFunc(app); err == nil { // force app refresh with using CompareWithLatest comparison type and trigger app reconciliation loop - ctrl.requestAppRefresh(app.QualifiedName(), CompareWithLatest.Pointer(), nil) + ctrl.requestAppRefresh(app.QualifiedName(), CompareWithLatestForceResolve.Pointer(), nil) } else { logCtx.Warnf("Fails to requeue application: %v", err) } @@ -1360,8 +1375,7 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli } func (ctrl *ApplicationController) setOperationState(app *appv1.Application, state *appv1.OperationState) { - logCtx := log.WithFields(log.Fields{"application": app.Name, "appNamespace": app.Namespace, "project": app.Spec.Project}) - + logCtx := getAppLog(app) if state.Phase == "" { // expose any bugs where we neglect to set phase panic("no phase was set") @@ -1439,7 +1453,7 @@ func (ctrl *ApplicationController) setOperationState(app *appv1.Application, sta // writeBackToInformer writes a just recently updated App back into the informer cache. // This prevents the situation where the controller operates on a stale app and repeats work func (ctrl *ApplicationController) writeBackToInformer(app *appv1.Application) { - logCtx := log.WithFields(log.Fields{"application": app.Name, "appNamespace": app.Namespace, "project": app.Spec.Project, "informer-writeBack": true}) + logCtx := getAppLog(app).WithField("informer-writeBack", true) err := ctrl.appInformer.GetStore().Update(app) if err != nil { logCtx.Errorf("failed to update informer store: %v", err) @@ -1493,12 +1507,11 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo return } app := origApp.DeepCopy() - logCtx := log.WithFields(log.Fields{ - "application": app.QualifiedName(), - "level": comparisonLevel, - "dest-server": origApp.Spec.Destination.Server, - "dest-name": origApp.Spec.Destination.Name, - "dest-namespace": origApp.Spec.Destination.Namespace, + logCtx := getAppLog(app).WithFields(log.Fields{ + "comparison-level": comparisonLevel, + "dest-server": origApp.Spec.Destination.Server, + "dest-name": origApp.Spec.Destination.Name, + "dest-namespace": origApp.Spec.Destination.Namespace, }) startTime := time.Now() @@ -1538,10 +1551,10 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo patchMs = ctrl.persistAppStatus(origApp, &app.Status) if err := ctrl.cache.SetAppResourcesTree(app.InstanceName(ctrl.namespace), &appv1.ApplicationTree{}); err != nil { - log.Warnf("failed to set app resource tree: %v", err) + logCtx.Warnf("failed to set app resource tree: %v", err) } if err := ctrl.cache.SetAppManagedResources(app.InstanceName(ctrl.namespace), nil); err != nil { - log.Warnf("failed to set app managed resources tree: %v", err) + logCtx.Warnf("failed to set app managed resources tree: %v", err) } return } @@ -1665,7 +1678,7 @@ func currentSourceEqualsSyncedSource(app *appv1.Application) bool { // Additionally, it returns whether full refresh was requested or not. // If full refresh is requested then target and live state should be reconciled, else only live state tree should be updated. func (ctrl *ApplicationController) needRefreshAppStatus(app *appv1.Application, statusRefreshTimeout, statusHardRefreshTimeout time.Duration) (bool, appv1.RefreshType, CompareWith) { - logCtx := log.WithFields(log.Fields{"application": app.QualifiedName()}) + logCtx := getAppLog(app) var reason string compareWith := CompareWithLatest refreshType := appv1.RefreshTypeNormal @@ -1742,8 +1755,8 @@ func (ctrl *ApplicationController) refreshAppConditions(app *appv1.Application) // normalizeApplication normalizes an application.spec and additionally persists updates if it changed func (ctrl *ApplicationController) normalizeApplication(orig, app *appv1.Application) { - logCtx := log.WithFields(log.Fields{"application": app.QualifiedName()}) app.Spec = *argo.NormalizeApplicationSpec(&app.Spec) + logCtx := getAppLog(app) patch, modified, err := diff.CreateTwoWayMergePatch(orig, app, appv1.Application{}) @@ -1761,7 +1774,7 @@ func (ctrl *ApplicationController) normalizeApplication(orig, app *appv1.Applica // persistAppStatus persists updates to application status. If no changes were made, it is a no-op func (ctrl *ApplicationController) persistAppStatus(orig *appv1.Application, newStatus *appv1.ApplicationStatus) (patchMs time.Duration) { - logCtx := log.WithFields(log.Fields{"application": orig.QualifiedName()}) + logCtx := getAppLog(orig) if orig.Status.Sync.Status != newStatus.Sync.Status { message := fmt.Sprintf("Updated sync status: %s -> %s", orig.Status.Sync.Status, newStatus.Sync.Status) ctrl.auditLogger.LogAppEvent(orig, argo.EventInfo{Reason: argo.EventReasonResourceUpdated, Type: v1.EventTypeNormal}, message, "") @@ -1808,7 +1821,7 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * if app.Spec.SyncPolicy == nil || app.Spec.SyncPolicy.Automated == nil { return nil, 0 } - logCtx := log.WithFields(log.Fields{"application": app.QualifiedName()}) + logCtx := getAppLog(app) if app.Operation != nil { logCtx.Infof("Skipping auto-sync: another operation is in progress") @@ -1919,7 +1932,15 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * } else { ctrl.writeBackToInformer(updatedApp) } - message := fmt.Sprintf("Initiated automated sync to '%s'", desiredCommitSHA) + + var target string + if updatedApp.Spec.HasMultipleSources() { + target = strings.Join(desiredCommitSHAsMS, ", ") + } else { + target = desiredCommitSHA + } + message := fmt.Sprintf("Initiated automated sync to '%s'", target) + ctrl.auditLogger.LogAppEvent(app, argo.EventInfo{Reason: argo.EventReasonOperationStarted, Type: v1.EventTypeNormal}, message, "") logCtx.Info(message) return nil, setOpTime @@ -1998,7 +2019,7 @@ func (ctrl *ApplicationController) canProcessApp(obj interface{}) bool { if annotations := app.GetAnnotations(); annotations != nil { if skipVal, ok := annotations[common.AnnotationKeyAppSkipReconcile]; ok { - logCtx := log.WithFields(log.Fields{"application": app.QualifiedName()}) + logCtx := getAppLog(app) if skipReconcile, err := strconv.ParseBool(skipVal); err == nil { if skipReconcile { logCtx.Debugf("Skipping Application reconcile based on annotation %s", common.AnnotationKeyAppSkipReconcile) @@ -2134,7 +2155,7 @@ func (ctrl *ApplicationController) newApplicationInformerAndLister() (cache.Shar newApp, newOK := new.(*appv1.Application) if oldOK && newOK { if automatedSyncEnabled(oldApp, newApp) { - log.WithField("application", newApp.QualifiedName()).Info("Enabled automated sync") + getAppLog(newApp).Info("Enabled automated sync") compareWith = CompareWithLatest.Pointer() } if ctrl.statusRefreshJitter != 0 && oldApp.ResourceVersion == newApp.ResourceVersion { diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index 37518dad10f1e..9415ca8e945ec 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -42,6 +42,7 @@ import ( "github.com/argoproj/argo-cd/v2/reposerver/apiclient" mockrepoclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks" "github.com/argoproj/argo-cd/v2/test" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate" "github.com/argoproj/argo-cd/v2/util/settings" @@ -158,9 +159,9 @@ func newFakeController(data *fakeData, repoErr error) *ApplicationController { nil, data.applicationNamespaces, nil, - false, false, + normalizers.IgnoreNormalizerOpts{}, ) db := &dbmocks.ArgoDB{} db.On("GetApplicationControllerReplicas").Return(1) @@ -988,7 +989,7 @@ func TestNormalizeApplication(t *testing.T) { normalized := false fakeAppCs.AddReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { if patchAction, ok := action.(kubetesting.PatchAction); ok { - if string(patchAction.GetPatch()) == `{"spec":{"project":"default"}}` { + if string(patchAction.GetPatch()) == `{"spec":{"project":"default"},"status":{"sync":{"comparedTo":{"destination":{},"source":{"repoURL":""}}}}}` { normalized = true } } @@ -1010,7 +1011,7 @@ func TestNormalizeApplication(t *testing.T) { normalized := false fakeAppCs.AddReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { if patchAction, ok := action.(kubetesting.PatchAction); ok { - if string(patchAction.GetPatch()) == `{"spec":{"project":"default"}}` { + if string(patchAction.GetPatch()) == `{"spec":{"project":"default"},"status":{"sync":{"comparedTo":{"destination":{},"source":{"repoURL":""}}}}}` { normalized = true } } @@ -1717,6 +1718,36 @@ func TestProcessRequestedAppOperation_HasRetriesTerminated(t *testing.T) { assert.Equal(t, string(synccommon.OperationFailed), phase) } +func TestProcessRequestedAppOperation_Successful(t *testing.T) { + app := newFakeApp() + app.Spec.Project = "default" + app.Operation = &v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{}, + } + ctrl := newFakeController(&fakeData{ + apps: []runtime.Object{app, &defaultProj}, + manifestResponses: []*apiclient.ManifestResponse{{ + Manifests: []string{}, + }}, + }, nil) + fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) + receivedPatch := map[string]interface{}{} + fakeAppCs.PrependReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { + if patchAction, ok := action.(kubetesting.PatchAction); ok { + assert.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) + } + return true, &v1alpha1.Application{}, nil + }) + + ctrl.processRequestedAppOperation(app) + + phase, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "phase") + assert.Equal(t, string(synccommon.OperationSucceeded), phase) + ok, level := ctrl.isRefreshRequested(ctrl.toAppKey(app.Name)) + assert.True(t, ok) + assert.Equal(t, CompareWithLatestForceResolve, level) +} + func TestGetAppHosts(t *testing.T) { app := newFakeApp() data := &fakeData{ diff --git a/controller/cache/cache.go b/controller/cache/cache.go index 826079d62cda3..d3e8a67cf3dc2 100644 --- a/controller/cache/cache.go +++ b/controller/cache/cache.go @@ -33,6 +33,7 @@ import ( "github.com/argoproj/argo-cd/v2/pkg/apis/application" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/argo" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/env" logutils "github.com/argoproj/argo-cd/v2/util/log" @@ -40,6 +41,8 @@ import ( "github.com/argoproj/argo-cd/v2/util/settings" ) +//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --name=LiveStateCache + const ( // EnvClusterCacheResyncDuration is the env variable that holds cluster cache re-sync duration EnvClusterCacheResyncDuration = "ARGOCD_CLUSTER_CACHE_RESYNC_DURATION" @@ -197,14 +200,15 @@ type cacheSettings struct { } type liveStateCache struct { - db db.ArgoDB - appInformer cache.SharedIndexInformer - onObjectUpdated ObjectUpdatedHandler - kubectl kube.Kubectl - settingsMgr *settings.SettingsManager - metricsServer *metrics.MetricsServer - clusterSharding sharding.ClusterShardingCache - resourceTracking argo.ResourceTracking + db db.ArgoDB + appInformer cache.SharedIndexInformer + onObjectUpdated ObjectUpdatedHandler + kubectl kube.Kubectl + settingsMgr *settings.SettingsManager + metricsServer *metrics.MetricsServer + clusterSharding sharding.ClusterShardingCache + resourceTracking argo.ResourceTracking + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts clusters map[string]clustercache.ClusterCache cacheSettings cacheSettings @@ -288,7 +292,8 @@ func isRootAppNode(r *clustercache.Resource) bool { } func getApp(r *clustercache.Resource, ns map[kube.ResourceKey]*clustercache.Resource) string { - return getAppRecursive(r, ns, map[kube.ResourceKey]bool{}) + name, _ := getAppRecursive(r, ns, map[kube.ResourceKey]bool{}) + return name } func ownerRefGV(ownerRef metav1.OwnerReference) schema.GroupVersion { @@ -299,27 +304,31 @@ func ownerRefGV(ownerRef metav1.OwnerReference) schema.GroupVersion { return gv } -func getAppRecursive(r *clustercache.Resource, ns map[kube.ResourceKey]*clustercache.Resource, visited map[kube.ResourceKey]bool) string { +func getAppRecursive(r *clustercache.Resource, ns map[kube.ResourceKey]*clustercache.Resource, visited map[kube.ResourceKey]bool) (string, bool) { if !visited[r.ResourceKey()] { visited[r.ResourceKey()] = true } else { log.Warnf("Circular dependency detected: %v.", visited) - return resInfo(r).AppName + return resInfo(r).AppName, false } if resInfo(r).AppName != "" { - return resInfo(r).AppName + return resInfo(r).AppName, true } for _, ownerRef := range r.OwnerRefs { gv := ownerRefGV(ownerRef) if parent, ok := ns[kube.NewResourceKey(gv.Group, ownerRef.Kind, r.Ref.Namespace, ownerRef.Name)]; ok { - app := getAppRecursive(parent, ns, visited) - if app != "" { - return app + visited_branch := make(map[kube.ResourceKey]bool, len(visited)) + for k, v := range visited { + visited_branch[k] = v + } + app, ok := getAppRecursive(parent, ns, visited_branch) + if app != "" || !ok { + return app, ok } } } - return "" + return "", true } var ( @@ -496,7 +505,7 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e gvk := un.GroupVersionKind() if cacheSettings.ignoreResourceUpdatesEnabled && shouldHashManifest(appName, gvk) { - hash, err := generateManifestHash(un, nil, cacheSettings.resourceOverrides) + hash, err := generateManifestHash(un, nil, cacheSettings.resourceOverrides, c.ignoreNormalizerOpts) if err != nil { log.Errorf("Failed to generate manifest hash: %v", err) } else { diff --git a/controller/cache/cache_test.go b/controller/cache/cache_test.go index 53a03ca81995e..584f311f2ee30 100644 --- a/controller/cache/cache_test.go +++ b/controller/cache/cache_test.go @@ -18,6 +18,7 @@ import ( "github.com/argoproj/gitops-engine/pkg/cache" "github.com/argoproj/gitops-engine/pkg/cache/mocks" "github.com/argoproj/gitops-engine/pkg/health" + "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/stretchr/testify/mock" "k8s.io/client-go/kubernetes/fake" @@ -319,6 +320,216 @@ func Test_asResourceNode_owner_refs(t *testing.T) { assert.Equal(t, expected, resNode) } +func Test_getAppRecursive(t *testing.T) { + for _, tt := range []struct { + name string + r *cache.Resource + ns map[kube.ResourceKey]*cache.Resource + wantName string + wantOK assert.BoolAssertionFunc + }{ + { + name: "ok: cm1->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + name: "ok: cm1->cm2->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + name: "cm1->cm2->app1 & cm1->cm3->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + {Name: "cm3"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "cm3"): { + Ref: v1.ObjectReference{ + Name: "cm3", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + // Nothing cycle. + // Issue #11699, fixed #12667. + name: "ok: cm1->cm2 & cm1->cm3->cm2 & cm1->cm3->app1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + {Name: "cm3"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + }, + kube.NewResourceKey("", "", "", "cm3"): { + Ref: v1.ObjectReference{ + Name: "cm3", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + {Name: "app1"}, + }, + }, + kube.NewResourceKey("", "", "", "app1"): { + Info: &ResourceInfo{ + AppName: "app1", + }, + }, + }, + wantName: "app1", + wantOK: assert.True, + }, + { + name: "cycle: cm1<->cm2", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm1"): { + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm1"}, + }, + }, + }, + wantName: "", + wantOK: assert.False, + }, + { + name: "cycle: cm1->cm2->cm3->cm1", + r: &cache.Resource{ + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + ns: map[kube.ResourceKey]*cache.Resource{ + kube.NewResourceKey("", "", "", "cm1"): { + Ref: v1.ObjectReference{ + Name: "cm1", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm2"}, + }, + }, + kube.NewResourceKey("", "", "", "cm2"): { + Ref: v1.ObjectReference{ + Name: "cm2", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm3"}, + }, + }, + kube.NewResourceKey("", "", "", "cm3"): { + Ref: v1.ObjectReference{ + Name: "cm3", + }, + OwnerRefs: []metav1.OwnerReference{ + {Name: "cm1"}, + }, + }, + }, + wantName: "", + wantOK: assert.False, + }, + } { + t.Run(tt.name, func(t *testing.T) { + visited := map[kube.ResourceKey]bool{} + got, ok := getAppRecursive(tt.r, tt.ns, visited) + assert.Equal(t, tt.wantName, got) + tt.wantOK(t, ok) + }) + } +} + func TestSkipResourceUpdate(t *testing.T) { var ( hash1_x string = "x" diff --git a/controller/cache/info.go b/controller/cache/info.go index 53512de6b713a..0734e2d118678 100644 --- a/controller/cache/info.go +++ b/controller/cache/info.go @@ -408,8 +408,8 @@ func populateHostNodeInfo(un *unstructured.Unstructured, res *ResourceInfo) { } } -func generateManifestHash(un *unstructured.Unstructured, ignores []v1alpha1.ResourceIgnoreDifferences, overrides map[string]v1alpha1.ResourceOverride) (string, error) { - normalizer, err := normalizers.NewIgnoreNormalizer(ignores, overrides) +func generateManifestHash(un *unstructured.Unstructured, ignores []v1alpha1.ResourceIgnoreDifferences, overrides map[string]v1alpha1.ResourceOverride, opts normalizers.IgnoreNormalizerOpts) (string, error) { + normalizer, err := normalizers.NewIgnoreNormalizer(ignores, overrides, opts) if err != nil { return "", fmt.Errorf("error creating normalizer: %w", err) } diff --git a/controller/cache/info_test.go b/controller/cache/info_test.go index 7b48040009284..d0d67244ca4f9 100644 --- a/controller/cache/info_test.go +++ b/controller/cache/info_test.go @@ -16,6 +16,7 @@ import ( "sigs.k8s.io/yaml" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" ) func strToUnstructured(jsonStr string) *unstructured.Unstructured { @@ -749,7 +750,7 @@ func TestManifestHash(t *testing.T) { expected := hash(data) - hash, err := generateManifestHash(manifest, ignores, nil) + hash, err := generateManifestHash(manifest, ignores, nil, normalizers.IgnoreNormalizerOpts{}) assert.Equal(t, expected, hash) assert.Nil(t, err) } diff --git a/controller/cache/mocks/LiveStateCache.go b/controller/cache/mocks/LiveStateCache.go index 7dc4d6b7710e2..fa15794356ce8 100644 --- a/controller/cache/mocks/LiveStateCache.go +++ b/controller/cache/mocks/LiveStateCache.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0. DO NOT EDIT. +// Code generated by mockery v2.40.2. DO NOT EDIT. package mocks @@ -29,7 +29,15 @@ type LiveStateCache struct { func (_m *LiveStateCache) GetClusterCache(server string) (cache.ClusterCache, error) { ret := _m.Called(server) + if len(ret) == 0 { + panic("no return value specified for GetClusterCache") + } + var r0 cache.ClusterCache + var r1 error + if rf, ok := ret.Get(0).(func(string) (cache.ClusterCache, error)); ok { + return rf(server) + } if rf, ok := ret.Get(0).(func(string) cache.ClusterCache); ok { r0 = rf(server) } else { @@ -38,7 +46,6 @@ func (_m *LiveStateCache) GetClusterCache(server string) (cache.ClusterCache, er } } - var r1 error if rf, ok := ret.Get(1).(func(string) error); ok { r1 = rf(server) } else { @@ -52,6 +59,10 @@ func (_m *LiveStateCache) GetClusterCache(server string) (cache.ClusterCache, er func (_m *LiveStateCache) GetClustersInfo() []cache.ClusterInfo { ret := _m.Called() + if len(ret) == 0 { + panic("no return value specified for GetClustersInfo") + } + var r0 []cache.ClusterInfo if rf, ok := ret.Get(0).(func() []cache.ClusterInfo); ok { r0 = rf() @@ -68,7 +79,15 @@ func (_m *LiveStateCache) GetClustersInfo() []cache.ClusterInfo { func (_m *LiveStateCache) GetManagedLiveObjs(a *v1alpha1.Application, targetObjs []*unstructured.Unstructured) (map[kube.ResourceKey]*unstructured.Unstructured, error) { ret := _m.Called(a, targetObjs) + if len(ret) == 0 { + panic("no return value specified for GetManagedLiveObjs") + } + var r0 map[kube.ResourceKey]*unstructured.Unstructured + var r1 error + if rf, ok := ret.Get(0).(func(*v1alpha1.Application, []*unstructured.Unstructured) (map[kube.ResourceKey]*unstructured.Unstructured, error)); ok { + return rf(a, targetObjs) + } if rf, ok := ret.Get(0).(func(*v1alpha1.Application, []*unstructured.Unstructured) map[kube.ResourceKey]*unstructured.Unstructured); ok { r0 = rf(a, targetObjs) } else { @@ -77,7 +96,6 @@ func (_m *LiveStateCache) GetManagedLiveObjs(a *v1alpha1.Application, targetObjs } } - var r1 error if rf, ok := ret.Get(1).(func(*v1alpha1.Application, []*unstructured.Unstructured) error); ok { r1 = rf(a, targetObjs) } else { @@ -91,7 +109,15 @@ func (_m *LiveStateCache) GetManagedLiveObjs(a *v1alpha1.Application, targetObjs func (_m *LiveStateCache) GetNamespaceTopLevelResources(server string, namespace string) (map[kube.ResourceKey]v1alpha1.ResourceNode, error) { ret := _m.Called(server, namespace) + if len(ret) == 0 { + panic("no return value specified for GetNamespaceTopLevelResources") + } + var r0 map[kube.ResourceKey]v1alpha1.ResourceNode + var r1 error + if rf, ok := ret.Get(0).(func(string, string) (map[kube.ResourceKey]v1alpha1.ResourceNode, error)); ok { + return rf(server, namespace) + } if rf, ok := ret.Get(0).(func(string, string) map[kube.ResourceKey]v1alpha1.ResourceNode); ok { r0 = rf(server, namespace) } else { @@ -100,7 +126,6 @@ func (_m *LiveStateCache) GetNamespaceTopLevelResources(server string, namespace } } - var r1 error if rf, ok := ret.Get(1).(func(string, string) error); ok { r1 = rf(server, namespace) } else { @@ -114,14 +139,22 @@ func (_m *LiveStateCache) GetNamespaceTopLevelResources(server string, namespace func (_m *LiveStateCache) GetVersionsInfo(serverURL string) (string, []kube.APIResourceInfo, error) { ret := _m.Called(serverURL) + if len(ret) == 0 { + panic("no return value specified for GetVersionsInfo") + } + var r0 string + var r1 []kube.APIResourceInfo + var r2 error + if rf, ok := ret.Get(0).(func(string) (string, []kube.APIResourceInfo, error)); ok { + return rf(serverURL) + } if rf, ok := ret.Get(0).(func(string) string); ok { r0 = rf(serverURL) } else { r0 = ret.Get(0).(string) } - var r1 []kube.APIResourceInfo if rf, ok := ret.Get(1).(func(string) []kube.APIResourceInfo); ok { r1 = rf(serverURL) } else { @@ -130,7 +163,6 @@ func (_m *LiveStateCache) GetVersionsInfo(serverURL string) (string, []kube.APIR } } - var r2 error if rf, ok := ret.Get(2).(func(string) error); ok { r2 = rf(serverURL) } else { @@ -144,6 +176,10 @@ func (_m *LiveStateCache) GetVersionsInfo(serverURL string) (string, []kube.APIR func (_m *LiveStateCache) Init() error { ret := _m.Called() + if len(ret) == 0 { + panic("no return value specified for Init") + } + var r0 error if rf, ok := ret.Get(0).(func() error); ok { r0 = rf() @@ -158,14 +194,21 @@ func (_m *LiveStateCache) Init() error { func (_m *LiveStateCache) IsNamespaced(server string, gk schema.GroupKind) (bool, error) { ret := _m.Called(server, gk) + if len(ret) == 0 { + panic("no return value specified for IsNamespaced") + } + var r0 bool + var r1 error + if rf, ok := ret.Get(0).(func(string, schema.GroupKind) (bool, error)); ok { + return rf(server, gk) + } if rf, ok := ret.Get(0).(func(string, schema.GroupKind) bool); ok { r0 = rf(server, gk) } else { r0 = ret.Get(0).(bool) } - var r1 error if rf, ok := ret.Get(1).(func(string, schema.GroupKind) error); ok { r1 = rf(server, gk) } else { @@ -179,6 +222,10 @@ func (_m *LiveStateCache) IsNamespaced(server string, gk schema.GroupKind) (bool func (_m *LiveStateCache) IterateHierarchy(server string, key kube.ResourceKey, action func(v1alpha1.ResourceNode, string) bool) error { ret := _m.Called(server, key, action) + if len(ret) == 0 { + panic("no return value specified for IterateHierarchy") + } + var r0 error if rf, ok := ret.Get(0).(func(string, kube.ResourceKey, func(v1alpha1.ResourceNode, string) bool) error); ok { r0 = rf(server, key, action) @@ -193,6 +240,10 @@ func (_m *LiveStateCache) IterateHierarchy(server string, key kube.ResourceKey, func (_m *LiveStateCache) IterateResources(server string, callback func(*cache.Resource, *controllercache.ResourceInfo)) error { ret := _m.Called(server, callback) + if len(ret) == 0 { + panic("no return value specified for IterateResources") + } + var r0 error if rf, ok := ret.Get(0).(func(string, func(*cache.Resource, *controllercache.ResourceInfo)) error); ok { r0 = rf(server, callback) @@ -207,6 +258,10 @@ func (_m *LiveStateCache) IterateResources(server string, callback func(*cache.R func (_m *LiveStateCache) Run(ctx context.Context) error { ret := _m.Called(ctx) + if len(ret) == 0 { + panic("no return value specified for Run") + } + var r0 error if rf, ok := ret.Get(0).(func(context.Context) error); ok { r0 = rf(ctx) @@ -216,3 +271,17 @@ func (_m *LiveStateCache) Run(ctx context.Context) error { return r0 } + +// NewLiveStateCache creates a new instance of LiveStateCache. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewLiveStateCache(t interface { + mock.TestingT + Cleanup(func()) +}) *LiveStateCache { + mock := &LiveStateCache{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/controller/health.go b/controller/health.go index b1acac8ac5b9b..f713a574f57d3 100644 --- a/controller/health.go +++ b/controller/health.go @@ -80,7 +80,7 @@ func setApplicationHealth(resources []managedResource, statuses []appv1.Resource app.Status.ResourceHealthSource = appv1.ResourceHealthLocationAppTree } if savedErr != nil && errCount > 1 { - savedErr = fmt.Errorf("see applicaton-controller logs for %d other errors; most recent error was: %w", errCount-1, savedErr) + savedErr = fmt.Errorf("see application-controller logs for %d other errors; most recent error was: %w", errCount-1, savedErr) } return &appHealth, savedErr } diff --git a/controller/metrics/metrics.go b/controller/metrics/metrics.go index 94405b51eac75..b195c3bff8870 100644 --- a/controller/metrics/metrics.go +++ b/controller/metrics/metrics.go @@ -113,7 +113,7 @@ var ( reconcileHistogram = prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "argocd_app_reconcile", - Help: "Application reconciliation performance.", + Help: "Application reconciliation performance in seconds.", // Buckets chosen after observing a ~2100ms mean reconcile time Buckets: []float64{0.25, .5, 1, 2, 4, 8, 16}, }, diff --git a/controller/metrics/metrics_test.go b/controller/metrics/metrics_test.go index 6d88933410ffc..81e724e9274f3 100644 --- a/controller/metrics/metrics_test.go +++ b/controller/metrics/metrics_test.go @@ -391,7 +391,7 @@ func TestReconcileMetrics(t *testing.T) { assert.NoError(t, err) appReconcileMetrics := ` -# HELP argocd_app_reconcile Application reconciliation performance. +# HELP argocd_app_reconcile Application reconciliation performance in seconds. # TYPE argocd_app_reconcile histogram argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="0.25"} 0 argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="0.5"} 0 diff --git a/controller/sharding/cache.go b/controller/sharding/cache.go index 2f3ffcbcb95c6..e7a8db4c5fb19 100644 --- a/controller/sharding/cache.go +++ b/controller/sharding/cache.go @@ -51,7 +51,7 @@ func NewClusterSharding(_ db.ArgoDB, shard, replicas int, shardingAlgorithm stri return clusterSharding } -// IsManagedCluster returns wheter or not the cluster should be processed by a given shard. +// IsManagedCluster returns whether or not the cluster should be processed by a given shard. func (s *ClusterSharding) IsManagedCluster(c *v1alpha1.Cluster) bool { s.lock.RLock() defer s.lock.RUnlock() diff --git a/controller/sharding/sharding.go b/controller/sharding/sharding.go index e4af7010931c6..c415acf0b8b04 100644 --- a/controller/sharding/sharding.go +++ b/controller/sharding/sharding.go @@ -54,7 +54,7 @@ type shardApplicationControllerMapping struct { } // GetClusterFilter returns a ClusterFilterFunction which is a function taking a cluster as a parameter -// and returns wheter or not the cluster should be processed by a given shard. It calls the distributionFunction +// and returns whether or not the cluster should be processed by a given shard. It calls the distributionFunction // to determine which shard will process the cluster, and if the given shard is equal to the calculated shard // the function will return true. func GetClusterFilter(db db.ArgoDB, distributionFunction DistributionFunction, replicas, shard int) ClusterFilterFunction { @@ -128,13 +128,13 @@ func LegacyDistributionFunction(replicas int) DistributionFunction { // for a given cluster the function will return the shard number based on the modulo of the cluster rank in // the cluster's list sorted by uid on the shard number. // This function ensures an homogenous distribution: each shards got assigned the same number of -// clusters +/-1 , but with the drawback of a reshuffling of clusters accross shards in case of some changes +// clusters +/-1 , but with the drawback of a reshuffling of clusters across shards in case of some changes // in the cluster list func RoundRobinDistributionFunction(clusters clusterAccessor, replicas int) DistributionFunction { return func(c *v1alpha1.Cluster) int { if replicas > 0 { - if c == nil { // in-cluster does not necessarly have a secret assigned. So we are receiving a nil cluster here. + if c == nil { // in-cluster does not necessary have a secret assigned. So we are receiving a nil cluster here. return 0 } // if Shard is manually set and the assigned value is lower than the number of replicas, diff --git a/controller/state.go b/controller/state.go index 17cfbe015e8e2..80678b74790e7 100644 --- a/controller/state.go +++ b/controller/state.go @@ -36,6 +36,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/app/path" "github.com/argoproj/argo-cd/v2/util/argo" argodiff "github.com/argoproj/argo-cd/v2/util/argo/diff" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/gpg" @@ -118,6 +119,7 @@ type appStateManager struct { repoErrorCache goSync.Map repoErrorGracePeriod time.Duration serverSideDiff bool + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts } // GetRepoObjs will generate the manifests for the given application delegating the @@ -638,7 +640,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 useDiffCache := useDiffCache(noCache, manifestInfos, sources, app, manifestRevisions, m.statusRefreshTimeout, serverSideDiff, logCtx) diffConfigBuilder := argodiff.NewDiffConfigBuilder(). - WithDiffSettings(app.Spec.IgnoreDifferences, resourceOverrides, compareOptions.IgnoreAggregatedRoles). + WithDiffSettings(app.Spec.IgnoreDifferences, resourceOverrides, compareOptions.IgnoreAggregatedRoles, m.ignoreNormalizerOpts). WithTracking(appLabelKey, string(trackingMethod)) if useDiffCache { @@ -979,6 +981,7 @@ func NewAppStateManager( persistResourceHealth bool, repoErrorGracePeriod time.Duration, serverSideDiff bool, + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts, ) AppStateManager { return &appStateManager{ liveStateCache: liveStateCache, @@ -996,6 +999,7 @@ func NewAppStateManager( persistResourceHealth: persistResourceHealth, repoErrorGracePeriod: repoErrorGracePeriod, serverSideDiff: serverSideDiff, + ignoreNormalizerOpts: ignoreNormalizerOpts, } } diff --git a/controller/sync_test.go b/controller/sync_test.go index a7916b53e82d7..a526548b089bd 100644 --- a/controller/sync_test.go +++ b/controller/sync_test.go @@ -18,6 +18,7 @@ import ( "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/test" "github.com/argoproj/argo-cd/v2/util/argo/diff" + "github.com/argoproj/argo-cd/v2/util/argo/normalizers" ) func TestPersistRevisionHistory(t *testing.T) { @@ -330,7 +331,7 @@ func TestNormalizeTargetResources(t *testing.T) { setup := func(t *testing.T, ignores []v1alpha1.ResourceIgnoreDifferences) *fixture { t.Helper() dc, err := diff.NewDiffConfigBuilder(). - WithDiffSettings(ignores, nil, true). + WithDiffSettings(ignores, nil, true, normalizers.IgnoreNormalizerOpts{}). WithNoCache(). Build() require.NoError(t, err) @@ -463,7 +464,7 @@ func TestNormalizeTargetResourcesWithList(t *testing.T) { setupHttpProxy := func(t *testing.T, ignores []v1alpha1.ResourceIgnoreDifferences) *fixture { t.Helper() dc, err := diff.NewDiffConfigBuilder(). - WithDiffSettings(ignores, nil, true). + WithDiffSettings(ignores, nil, true, normalizers.IgnoreNormalizerOpts{}). WithNoCache(). Build() require.NoError(t, err) diff --git a/docs/assets/argocd_architecture.png b/docs/assets/argocd_architecture.png index 3de4dd9f93d4e..84fe437a9ace9 100644 Binary files a/docs/assets/argocd_architecture.png and b/docs/assets/argocd_architecture.png differ diff --git a/docs/assets/versions.css b/docs/assets/versions.css index b8bb066929dd0..ae75d223d1335 100644 --- a/docs/assets/versions.css +++ b/docs/assets/versions.css @@ -53,7 +53,7 @@ div[data-md-component=announce]>div#announce-msg>a{ } /* from https://assets.readthedocs.org/static/css/badge_only.css, -most styles have to be overriden here */ +most styles have to be overridden here */ .rst-versions{ position: relative !important; bottom: 0; diff --git a/docs/developer-guide/dependencies.md b/docs/developer-guide/dependencies.md index 410fd1241b1b2..2a4c869825e31 100644 --- a/docs/developer-guide/dependencies.md +++ b/docs/developer-guide/dependencies.md @@ -6,31 +6,32 @@ https://github.com/argoproj/gitops-engine -### Pulling changes from `gitops-engine` +### Pulling changes from `gitops-engine` -After your GitOps Engine PR has been merged, ArgoCD needs to be updated to pull in the version of the GitOps engine that contains your change. Here are the steps: +After your GitOps Engine PR has been merged, ArgoCD needs to be updated to pull in the version of the GitOps engine that contains your change. Here are the steps: -* Retrieve the SHA hash for your commit. You will use this in the next step. -* From the `argo-cd` folder, run the following command +- Retrieve the SHA hash for your commit. You will use this in the next step. +- From the `argo-cd` folder, run the following command - `go get github.com/argoproj/gitops-engine@` + `go get github.com/argoproj/gitops-engine@` - If you get an error message `invalid version: unknown revision` then you got the wrong SHA hash + If you get an error message `invalid version: unknown revision` then you got the wrong SHA hash -* Run: +- Run: - `go mod tidy` + `go mod tidy` -* The following files are changed: +- The following files are changed: - - `go.mod` - - `go.sum` + - `go.mod` + - `go.sum` -* Create an ArgoCD PR with a `refactor:` type in its title for the two file changes. +- Create an ArgoCD PR with a `refactor:` type in its title for the two file changes. ### Tips: -* See https://github.com/argoproj/argo-cd/pull/4434 as an example -* The PR might require additional, dependent changes in ArgoCD that are directly impacted by the changes made in the engine. + +- See https://github.com/argoproj/argo-cd/pull/4434 as an example +- The PR might require additional, dependent changes in ArgoCD that are directly impacted by the changes made in the engine. ## Argo UI Components @@ -45,10 +46,8 @@ If you make changes to the Argo UI component, and your Argo CD changes depend on 1. Make changes to Argo UI and submit the PR request. 2. Also, prepare your Argo CD changes, but don't create the PR just yet. 3. **After** the Argo UI PR has been merged to master, then as part of your Argo CD changes: - - Run `yarn add git+https://github.com/argoproj/argo-ui.git` in the `ui/` directory, and then, - - Check in the regenerated yarn.lock file as part of your Argo CD commit -4. Create the Argo CD PR when you are ready. The PR build and test checks should pass. + - Run `yarn add git+https://github.com/argoproj/argo-ui.git` in the `ui/` directory, and then, + - Check in the regenerated yarn.lock file as part of your Argo CD commit +4. Create the Argo CD PR when you are ready. The PR build and test checks should pass. If your Argo UI change is a 'stand-alone' fix, and you simply want Argo CD to pull in your change, then simply create an Argo CD PR with the yarn.lock file change. - - diff --git a/docs/developer-guide/extensions/proxy-extensions.md b/docs/developer-guide/extensions/proxy-extensions.md index c53946cade95f..5d561657eb873 100644 --- a/docs/developer-guide/extensions/proxy-extensions.md +++ b/docs/developer-guide/extensions/proxy-extensions.md @@ -120,7 +120,7 @@ Is the address where the extension backend must be available. If provided, the headers list will be added on all outgoing requests for this service config. Existing headers in the incoming request with -the same name will be overriden by the one in this list. Reserved header +the same name will be overridden by the one in this list. Reserved header names will be ignored (see the [headers](#incoming-request-headers) below). #### `extensions.backend.services.headers.name` (*string*) diff --git a/docs/developer-guide/static-code-analysis.md b/docs/developer-guide/static-code-analysis.md index ef4d72c99a3b6..90798a70f5a32 100644 --- a/docs/developer-guide/static-code-analysis.md +++ b/docs/developer-guide/static-code-analysis.md @@ -2,7 +2,7 @@ We use the following static code analysis tools: -* golangci-lint and tslint for compile time linting +* golangci-lint and eslint for compile time linting * [codecov.io](https://codecov.io/gh/argoproj/argo-cd) - for code coverage * [snyk.io](https://app.snyk.io/org/argoproj/projects) - for image scanning * [sonarcloud.io](https://sonarcloud.io/organizations/argoproj/projects) - for code scans and security alerts diff --git a/docs/faq.md b/docs/faq.md index 83bdf8d7d38b5..5ce6ca134ff1b 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -268,3 +268,45 @@ The most common instance of this error is with `env:` fields for `containers`. !!! note "Dynamic applications" It's possible that your application is being generated by a tool in which case the duplication might not be evident within the scope of a single file. If you have trouble debugging this problem, consider filing a ticket to the owner of the generator tool asking them to improve its validation and error reporting. + +## How to rotate Redis secret? +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. +```bash +kubectl delete secret argocd-redis -n +``` +* If you are running Redis in HA mode, restart Redis in HA. +```bash +kubectl rollout restart deployment argocd-redis-ha-haproxy +kubectl rollout restart statefulset argocd-redis-ha-server +``` +* If you are running Redis in non-HA mode, restart Redis. +```bash +kubectl rollout restart deployment argocd-redis +``` +* Restart other components. +```bash +kubectl rollout restart deployment argocd-server argocd-repo-server +kubectl rollout restart statefulset argocd-application-controller +``` + +## How to turn off Redis auth if users really want to? + +Argo CD default installation is now configured automatically enable Redis authentication. +If for some reason authenticated Redis does not work for you and you want to use non-authenticated Redis, here are the steps: + +* You need to have your own Redis installation. +* Configure Argo CD to use your own Redis instance. See this [doc](https://argo-cd.readthedocs.io/en/stable/operator-manual/argocd-cmd-params-cm-yaml/) for the Argo CD configuration. +* If you already installed Redis shipped with Argo CD, you also need to clean up the existing components: + * When HA Redis is used: + * kubectl delete deployment argocd-redis-ha-haproxy + * kubectl delete statefulset argocd-redis-ha-server + * When non-HA Redis is used: + * kubectl delete deployment argocd-redis +* Remove environment variable `REDIS_PASSWORD` from the following manifests + * Deployment: argocd-repo-server: + * Deployment: argocd-server + * StatefulSet: argocd-application-controller + +## How do I provide my own Redis credentials? +The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. +You can config your secret provider to generate Kubernetes secret accordingly. \ No newline at end of file diff --git a/docs/getting_started.md b/docs/getting_started.md index 68d9f8f9e8872..ce0d9688e7963 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -23,7 +23,7 @@ This will create a new namespace, `argocd`, where Argo CD services and applicati namespace then make sure to update the namespace reference. !!! tip - If you are not interested in UI, SSO, and multi-cluster features, then you can install only the [core](operator-manual/core/#installing) Argo CD components. + If you are not interested in UI, SSO, and multi-cluster features, then you can install only the [core](operator-manual/core.md#installing) Argo CD components. This default installation will have a self-signed certificate and cannot be accessed without a bit of extra work. Do one of: @@ -40,6 +40,9 @@ Do one of: Use `argocd login --core` to [configure](./user-guide/commands/argocd_login.md) CLI access and skip steps 3-5. +!!! note + This default installation for Redis is using password authentication. The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. + ## 2. Download Argo CD CLI Download the latest Argo CD version from [https://github.com/argoproj/argo-cd/releases/latest](https://github.com/argoproj/argo-cd/releases/latest). More detailed installation instructions can be found via the [CLI installation documentation](cli_installation.md). @@ -214,6 +217,12 @@ events, and assessed health status. ### Syncing via UI +On the Applications page, click on *Sync* button of the guestbook application: + ![guestbook app](assets/guestbook-app.png) -![view app](assets/guestbook-tree.png) +A panel will be opened and then, click on *Synchronize* button. + +You can see more details by clicking at the guestbook application: + +![view app](assets/guestbook-tree.png) diff --git a/docs/operator-manual/app-any-namespace.md b/docs/operator-manual/app-any-namespace.md index 5f4a76d610afd..dfd24f75b65f3 100644 --- a/docs/operator-manual/app-any-namespace.md +++ b/docs/operator-manual/app-any-namespace.md @@ -11,10 +11,6 @@ Argo CD administrators can define a certain set of namespaces where `Application Some manual steps will need to be performed by the Argo CD administrator in order to enable this feature. -!!! note - This feature is considered beta as of now. Some of the implementation details may change over the course of time until it is promoted to a stable status. We will be happy if early adopters use this feature and provide us with bug reports and feedback. - - One additional advantage of adopting applications in any namespace is to allow end-users to configure notifications for their Argo CD application in the namespace where Argo CD application is running in. See notifications [namespace based configuration](notifications/index.md#namespace-based-configuration) page for more information. ## Prerequisites diff --git a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md index d72cee60ad401..ae65fa3462e5b 100644 --- a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md +++ b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md @@ -32,16 +32,19 @@ spec: ``` -- Policy `create-only`: Prevents ApplicationSet controller from modifying or deleting Applications. Prevents Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/). -- Policy `create-update`: Prevents ApplicationSet controller from deleting Applications. Update is allowed. Prevents Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/). +- Policy `create-only`: Prevents ApplicationSet controller from modifying or deleting Applications. **WARNING**: It doesn't prevent Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/) when deleting ApplicationSet. +- Policy `create-update`: Prevents ApplicationSet controller from deleting Applications. Update is allowed. **WARNING**: It doesn't prevent Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/) when deleting ApplicationSet. - Policy `create-delete`: Prevents ApplicationSet controller from modifying Applications. Delete is allowed. - Policy `sync`: Update and Delete are allowed. If the controller parameter `--policy` is set, it takes precedence on the field `applicationsSync`. It is possible to allow per ApplicationSet sync policy by setting variable `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE` to argocd-cmd-params-cm `applicationsetcontroller.enable.policy.override` or directly with controller parameter `--enable-policy-override` (default to `false`). -### Controller parameter +### Policy - `create-only`: Prevent ApplicationSet controller from modifying and deleting Applications + +To allow the ApplicationSet controller to *create* `Application` resources, but prevent any further modification, such as *deletion*, or modification of Application fields, add this parameter in the ApplicationSet controller: + +**WARNING**: "*deletion*" indicates the case as the result of comparing generated Application between before and after, there are Applications which no longer exist. It doesn't indicate the case Applications are deleted according to ownerReferences to ApplicationSet. See [How to prevent Application controller from deleting Applications when deleting ApplicationSet](#how-to-prevent-application-controller-from-deleting-applications-when-deleting-applicationset) -To allow the ApplicationSet controller to *create* `Application` resources, but prevent any further modification, such as deletion, or modification of Application fields, add this parameter in the ApplicationSet controller: ``` --policy create-only ``` @@ -57,9 +60,12 @@ spec: applicationsSync: create-only ``` -## Policy - `create-update`: Prevent ApplicationSet controller from deleting Applications +### Policy - `create-update`: Prevent ApplicationSet controller from deleting Applications To allow the ApplicationSet controller to create or modify `Application` resources, but prevent Applications from being deleted, add the following parameter to the ApplicationSet controller `Deployment`: + +**WARNING**: "*deletion*" indicates the case as the result of comparing generated Application between before and after, there are Applications which no longer exist. It doesn't indicate the case Applications are deleted according to ownerReferences to ApplicationSet. See [How to prevent Application controller from deleting Applications when deleting ApplicationSet](#how-to-prevent-application-controller-from-deleting-applications-when-deleting-applicationset) + ``` --policy create-update ``` @@ -77,6 +83,22 @@ spec: applicationsSync: create-update ``` +### How to prevent Application controller from deleting Applications when deleting ApplicationSet + +By default, `create-only` and `create-update` policy isn't effective against preventing deletion of Applications when deleting ApplicationSet. +You must set the finalizer to ApplicationSet to prevent deletion in such case, and use background cascading deletion. +If you use foreground cascading deletion, there's no guarantee to preserve applications. + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + # (...) +``` + ## Ignore certain changes to Applications The ApplicationSet spec includes an `ignoreApplicationDifferences` field, which allows you to specify which fields of diff --git a/docs/operator-manual/applicationset/Generators-Cluster.md b/docs/operator-manual/applicationset/Generators-Cluster.md index aa18983fe3d54..de769b94deed9 100644 --- a/docs/operator-manual/applicationset/Generators-Cluster.md +++ b/docs/operator-manual/applicationset/Generators-Cluster.md @@ -64,6 +64,7 @@ In this example, the cluster secret's `name` and `server` fields are used to pop A label selector may be used to narrow the scope of targeted clusters to only those matching a specific label: ```yaml +apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: name: guestbook @@ -75,7 +76,7 @@ spec: - clusters: selector: matchLabels: - staging: true + staging: "true" # The cluster generator also supports matchExpressions. #matchExpressions: # - key: staging @@ -88,6 +89,7 @@ spec: This would match an Argo CD cluster secret containing: ```yaml +apiVersion: v1 kind: Secret data: # (... fields as above ...) diff --git a/docs/operator-manual/applicationset/Generators-Git-File-Globbing.md b/docs/operator-manual/applicationset/Generators-Git-File-Globbing.md index 4f8967b5937fa..04efabecebab9 100644 --- a/docs/operator-manual/applicationset/Generators-Git-File-Globbing.md +++ b/docs/operator-manual/applicationset/Generators-Git-File-Globbing.md @@ -53,7 +53,7 @@ It can be enabled in any of these ways: 1. Pass `--enable-new-git-file-globbing` to the ApplicationSet controller args. 1. Set `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING=true` in the ApplicationSet controller environment variables. -1. Set `applicationsetcontroller.enable.new.git.file.globbing: true` in the Argo CD ConfigMap. +1. Set `applicationsetcontroller.enable.new.git.file.globbing: "true"` in the `argocd-cmd-params-cm` ConfigMap. Note that the default may change in the future. diff --git a/docs/operator-manual/applicationset/Generators-List.md b/docs/operator-manual/applicationset/Generators-List.md index e5696f37b9745..fdd2a91559344 100644 --- a/docs/operator-manual/applicationset/Generators-List.md +++ b/docs/operator-manual/applicationset/Generators-List.md @@ -15,8 +15,8 @@ spec: elements: - cluster: engineering-dev url: https://kubernetes.default.svc - - cluster: engineering-prod - url: https://kubernetes.default.svc + # - cluster: engineering-prod + # url: https://kubernetes.default.svc template: metadata: name: '{{.cluster}}-guestbook' @@ -61,7 +61,7 @@ The List generator can also dynamically generate its elements based on a yaml/js apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: - name: elementsYaml + name: elements-yaml namespace: argocd spec: goTemplate: true diff --git a/docs/operator-manual/applicationset/Generators-Plugin.md b/docs/operator-manual/applicationset/Generators-Plugin.md index d0888b9949b8e..13e7bcdb01f36 100644 --- a/docs/operator-manual/applicationset/Generators-Plugin.md +++ b/docs/operator-manual/applicationset/Generators-Plugin.md @@ -77,10 +77,12 @@ metadata: data: token: "$plugin.myplugin.token" # Alternatively $:plugin.myplugin.token baseUrl: "http://myplugin.plugin-ns.svc.cluster.local." + requestTimeout: "60" ``` - `token`: Pre-shared token used to authenticate HTTP request (points to the right key you created in the `argocd-secret` Secret) - `baseUrl`: BaseUrl of the k8s service exposing your plugin in the cluster. +- `requestTimeout`: Timeout of the request to the plugin in seconds (default: 30) ### Store credentials diff --git a/docs/operator-manual/applicationset/Generators-Post-Selector.md b/docs/operator-manual/applicationset/Generators-Post-Selector.md index 896e89e267d7c..bcfe7f280ce8d 100644 --- a/docs/operator-manual/applicationset/Generators-Post-Selector.md +++ b/docs/operator-manual/applicationset/Generators-Post-Selector.md @@ -1,8 +1,57 @@ # Post Selector all generators -The Selector allows to post-filter based on generated values using the Kubernetes common labelSelector format. In the example, the list generator generates a set of two application which then filter by the key value to only select the `env` with value `staging`: +The `selector` field on a generator allows an `ApplciationSet` to post-filter results using [the Kubernetes common labelSelector format](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) and the generated values. -## Example: List generator + Post Selector +`matchLabels` is a map of `{key,value}` pairs. This `list` generator generates a set of two `Applications`, which is then filtered using `matchLabels` to only the list element containing the key `env` with value `staging`: +``` +spec: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + env: staging + - cluster: engineering-prod + url: https://kubernetes.default.svc + env: prod + selector: + matchLabels: + env: staging +``` + +The `list` generator + `matchLabels` selector generates a single set of parameters: +```yaml +- cluster: engineering-dev + url: https://kubernetes.default.svc + env: staging +``` + +It is also possible to use `matchExpressions` for more powerful selectors. + +A single `{key,value}` in the `matchLabels` map is equivalent to an element of `matchExpressions`, whose `key` field is the "key", the `operator` is "In", and the `values` array contains only the "value". So the same example using `matchExpressions` looks like: +```yaml +spec: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://kubernetes.default.svc + env: staging + - cluster: engineering-prod + url: https://kubernetes.default.svc + env: prod + selector: + matchExpressions: + - key: env + operator: In + values: + - staging +``` + +Valid `operators` include `In`, `NotIn`, `Exists`, and `DoesNotExist`. The `values` set must be non-empty in the case of `In` and `NotIn`. + +## Full Example +In the example, the list generator generates a set of two applications, which then filter by the key value to only select the `env` with value `staging`: ```yaml apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet @@ -36,26 +85,3 @@ spec: server: '{{.url}}' namespace: guestbook ``` - -The List generator + Post Selector generates a single set of parameters: - -```yaml -- cluster: engineering-dev - url: https://kubernetes.default.svc - env: staging -``` - -It is also possible to use `matchExpressions` for more powerful selectors. - -```yaml -spec: - generators: - - clusters: {} - selector: - matchExpressions: - - key: server - operator: In - values: - - https://kubernetes.default.svc - - https://some-other-cluster -``` diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml index 3cb79d85f3150..ae2072a18fb53 100644 --- a/docs/operator-manual/argocd-cmd-params-cm.yaml +++ b/docs/operator-manual/argocd-cmd-params-cm.yaml @@ -58,7 +58,7 @@ data: controller.resource.health.persist: "true" # Cache expiration default (default 24h0m0s) controller.default.cache.expiration: "24h0m0s" - # Sharding algorithm used to balance clusters accross application controller shards (default "legacy") + # Sharding algorithm used to balance clusters across application controller shards (default "legacy") controller.sharding.algorithm: legacy # Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit. controller.kubectl.parallelism.limit: "20" @@ -179,6 +179,8 @@ data: reposerver.git.lsremote.parallelism.limit: "0" # Git requests timeout. reposerver.git.request.timeout: "15s" + # Include hidden directories from Git + reposerver.include.hidden.directories: "false" # Disable TLS on the HTTP endpoint dexserver.disable.tls: "false" diff --git a/docs/operator-manual/config-management-plugins.md b/docs/operator-manual/config-management-plugins.md index 7c86075ff2f7f..d37c514493d37 100644 --- a/docs/operator-manual/config-management-plugins.md +++ b/docs/operator-manual/config-management-plugins.md @@ -178,7 +178,7 @@ entrypoint. You can use either off-the-shelf or custom-built plugin image as sid containers: - name: my-plugin command: [/var/run/argocd/argocd-cmp-server] # Entrypoint should be Argo CD lightweight CMP server i.e. argocd-cmp-server - image: busybox # This can be off-the-shelf or custom-built image + image: ubuntu # This can be off-the-shelf or custom-built image securityContext: runAsNonRoot: true runAsUser: 999 @@ -458,7 +458,7 @@ Plugins configured with argocd-cm ran on the Argo CD image. This gave it access image by default (see the [Dockerfile](https://github.com/argoproj/argo-cd/blob/master/Dockerfile) for base image and installed tools). -You can either use a stock image (like busybox, or alpine/k8s) or design your own base image with the tools your plugin needs. For +You can either use a stock image (like ubuntu, busybox, or alpine/k8s) or design your own base image with the tools your plugin needs. For security, avoid using images with more binaries installed than what your plugin actually needs. ### Test the plugin diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md index 3830cb610796a..2851ac953082f 100644 --- a/docs/operator-manual/declarative-setup.md +++ b/docs/operator-manual/declarative-setup.md @@ -929,7 +929,9 @@ If your AKS cluster utilizes the [Mutating Admission Webhook](https://azure.gith 2. **Create Federated Identity Credential**: Generate an Azure federated identity credential for the `argocd-application-controller` and `argocd-server` service accounts. Refer to the [Federated Identity Credential](https://azure.github.io/azure-workload-identity/docs/topics/federated-identity-credential.html) documentation for detailed instructions. -3. **Set the AZURE_CLIENT_ID**: Update the `AZURE_CLIENT_ID` in the cluster secret to match the client id of the newly created federated identity credential. +3. **Add Annotations to Service Account** Add `"azure.workload.identity/client-id": "$CLIENT_ID"` and `"azure.workload.identity/tenant-id": "$TENANT_ID"` annotations to the `argocd-application-controller` and `argocd-server` service accounts using the details from the federated credential. + +4. **Set the AZURE_CLIENT_ID**: Update the `AZURE_CLIENT_ID` in the cluster secret to match the client id of the newly created federated identity credential. ```yaml diff --git a/docs/operator-manual/deep_links.md b/docs/operator-manual/deep_links.md index c166a1d25d75d..6a5ab8ba56772 100644 --- a/docs/operator-manual/deep_links.md +++ b/docs/operator-manual/deep_links.md @@ -75,4 +75,9 @@ An example `argocd-cm.yaml` file with deep links and their variations : - url: https://mycompany.splunk.com?search={{.resource.metadata.name}}&env={{.project.metadata.labels.env}} title: Splunk if: resource.kind == "Pod" || resource.kind == "Deployment" + + # sample checking a tag exists that contains - or / and how to alternatively access it + - url: https://mycompany.splunk.com?tag={{ index .resource.metadata.labels "some.specific.kubernetes.like/tag" }} + title: Tag Service + if: resource.metadata.labels["some.specific.kubernetes.like/tag"] != nil && resource.metadata.labels["some.specific.kubernetes.like/tag"] != "" ``` diff --git a/docs/operator-manual/health.md b/docs/operator-manual/health.md index 8566d6460e6db..e958d1a7634ac 100644 --- a/docs/operator-manual/health.md +++ b/docs/operator-manual/health.md @@ -174,6 +174,31 @@ The [PR#1139](https://github.com/argoproj/argo-cd/pull/1139) is an example of Ce Please note that bundled health checks with wildcards are not supported. +## Overriding Go-Based Health Checks + +Health checks for some resources were [hardcoded as Go code](https://github.com/argoproj/gitops-engine/tree/master/pkg/health) +because Lua support was introduced later. Also, the logic of health checks for some resources were too complex, so it +was easier to implement it in Go. + +It is possible to override health checks for built-in resource. Argo will prefer the configured health check over the +Go-based built-in check. + +The following resources have Go-based health checks: + +* PersistentVolumeClaim +* Pod +* Service +* apiregistration.k8s.io/APIService +* apps/DaemonSet +* apps/Deployment +* apps/ReplicaSet +* apps/StatefulSet +* argoproj.io/Workflow +* autoscaling/HorizontalPodAutoscaler +* batch/Job +* extensions/Ingress +* networking.k8s.io/Ingress + ## Health Checks An Argo CD App's health is inferred from the health of its immediate child resources (the resources represented in diff --git a/docs/operator-manual/high_availability.md b/docs/operator-manual/high_availability.md index 00f493350aa41..60ea048ffca68 100644 --- a/docs/operator-manual/high_availability.md +++ b/docs/operator-manual/high_availability.md @@ -82,7 +82,7 @@ spec: ``` * In order to manually set the cluster's shard number, specify the optional `shard` property when creating a cluster. If not specified, it will be calculated on the fly by the application controller. -* The shard distribution algorithm of the `argocd-application-controller` can be set by using the `--sharding-method` parameter. Supported sharding methods are : [legacy (default), round-robin]. `legacy` mode uses an `uid` based distribution (non-uniform). `round-robin` uses an equal distribution across all shards. The `--sharding-method` parameter can also be overriden by setting the key `controller.sharding.algorithm` in the `argocd-cmd-params-cm` `configMap` (preferably) or by setting the `ARGOCD_CONTROLLER_SHARDING_ALGORITHM` environment variable and by specifiying the same possible values. +* The shard distribution algorithm of the `argocd-application-controller` can be set by using the `--sharding-method` parameter. Supported sharding methods are : [legacy (default), round-robin]. `legacy` mode uses an `uid` based distribution (non-uniform). `round-robin` uses an equal distribution across all shards. The `--sharding-method` parameter can also be overridden by setting the key `controller.sharding.algorithm` in the `argocd-cmd-params-cm` `configMap` (preferably) or by setting the `ARGOCD_CONTROLLER_SHARDING_ALGORITHM` environment variable and by specifiying the same possible values. !!! warning "Alpha Feature" The `round-robin` shard distribution algorithm is an experimental feature. Reshuffling is known to occur in certain scenarios with cluster removal. If the cluster at rank-0 is removed, reshuffling all clusters across shards will occur and may temporarily have negative performance impacts. @@ -126,7 +126,7 @@ stringData: **metrics** -* `argocd_app_reconcile` - reports application reconciliation duration. Can be used to build reconciliation duration heat map to get a high-level reconciliation performance picture. +* `argocd_app_reconcile` - reports application reconciliation duration in seconds. Can be used to build reconciliation duration heat map to get a high-level reconciliation performance picture. * `argocd_app_k8s_request_total` - number of k8s requests per application. The number of fallback Kubernetes API queries - useful to identify which application has a resource with non-preferred version and causes performance issues. @@ -248,6 +248,25 @@ spec: # ... ``` +* **Glob paths** The annotation might contain a glob pattern path, which can be any pattern supported by the [Go filepath Match function](https://pkg.go.dev/path/filepath#Match): + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: guestbook + namespace: argocd + annotations: + # resolves to any file matching the pattern of *-secret.yaml in the top level shared folder + argocd.argoproj.io/manifest-generate-paths: "/shared/*-secret.yaml" +spec: + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook +# ... +``` + ### Application Sync Timeout & Jitter Argo CD has a timeout for application syncs. It will trigger a refresh for each application periodically when the timeout expires. diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md index aad2208c21873..c13a18fbe3f5b 100644 --- a/docs/operator-manual/ingress.md +++ b/docs/operator-manual/ingress.md @@ -350,7 +350,7 @@ the API server -- one for gRPC and the other for HTTP/HTTPS. However it allows T happen at the ingress controller. -## [Traefik (v2.2)](https://docs.traefik.io/) +## [Traefik (v3.0)](https://docs.traefik.io/) Traefik can be used as an edge router and provide [TLS](https://docs.traefik.io/user-guides/grpc/) termination within the same deployment. @@ -360,7 +360,7 @@ The API server should be run with TLS disabled. Edit the `argocd-server` deploym ### IngressRoute CRD ```yaml -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: argocd-server @@ -376,7 +376,7 @@ spec: - name: argocd-server port: 80 - kind: Rule - match: Host(`argocd.example.com`) && Headers(`Content-Type`, `application/grpc`) + match: Host(`argocd.example.com`) && Header(`Content-Type`, `application/grpc`) priority: 11 services: - name: argocd-server @@ -492,7 +492,7 @@ spec: - --staticassets - /shared/app - --redis - - argocd-redis-ha-haproxy:6379 + - argocd-redis:6379 - --insecure - --basehref - /argocd @@ -510,7 +510,7 @@ After that install Argo CD (there should be only 3 yml file defined above in cu kubectl apply -k ./ -n argocd --wait=true ``` -Be sure you create secret for Isito ( in our case secretname is argocd-server-tls on argocd Namespace). After that we create Istio Resources +Be sure you create secret for Istio ( in our case secretname is argocd-server-tls on argocd Namespace). After that we create Istio Resources ```yaml apiVersion: networking.istio.io/v1alpha3 diff --git a/docs/operator-manual/metrics.md b/docs/operator-manual/metrics.md index a3ddbfe9904d3..5aebb9245c0ae 100644 --- a/docs/operator-manual/metrics.md +++ b/docs/operator-manual/metrics.md @@ -10,7 +10,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin | `argocd_app_info` | gauge | Information about Applications. It contains labels such as `sync_status` and `health_status` that reflect the application state in Argo CD. | | `argocd_app_k8s_request_total` | counter | Number of Kubernetes requests executed during application reconciliation | | `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section below about how to enable it. | -| `argocd_app_reconcile` | histogram | Application reconciliation performance. | +| `argocd_app_reconcile` | histogram | Application reconciliation performance in seconds. | | `argocd_app_sync_total` | counter | Counter for application sync history | | `argocd_cluster_api_resource_objects` | gauge | Number of k8s resource objects in the cache. | | `argocd_cluster_api_resources` | gauge | Number of monitored Kubernetes API resources. | diff --git a/docs/operator-manual/notifications/catalog.md b/docs/operator-manual/notifications/catalog.md index add7084304b98..f4d88d2cf6aeb 100644 --- a/docs/operator-manual/notifications/catalog.md +++ b/docs/operator-manual/notifications/catalog.md @@ -1,4 +1,9 @@ # Triggers and Templates Catalog +## Getting Started +* Install Triggers and Templates from the catalog + ```bash + kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/notifications_catalog/install.yaml + ``` ## Triggers | NAME | DESCRIPTION | TEMPLATE | |------------------------|---------------------------------------------------------------|-----------------------------------------------------| diff --git a/docs/operator-manual/notifications/services/github.md b/docs/operator-manual/notifications/services/github.md index 1fa1a985d2682..36fbda5a100ba 100755 --- a/docs/operator-manual/notifications/services/github.md +++ b/docs/operator-manual/notifications/services/github.md @@ -4,21 +4,21 @@ The GitHub notification service changes commit status using [GitHub Apps](https://docs.github.com/en/developers/apps) and requires specifying the following settings: -* `appID` - the app id -* `installationID` - the app installation id -* `privateKey` - the app private key -* `enterpriseBaseURL` - optional URL, e.g. https://git.example.com/ +- `appID` - the app id +- `installationID` - the app installation id +- `privateKey` - the app private key +- `enterpriseBaseURL` - optional URL, e.g. https://git.example.com/ ## Configuration 1. Create a GitHub Apps using https://github.com/settings/apps/new -2. Change repository permissions to enable write commit statuses and/or deployments and/or pull requests comments -![2](https://user-images.githubusercontent.com/18019529/108397381-3ca57980-725b-11eb-8d17-5b8992dc009e.png) -3. Generate a private key, and download it automatically -![3](https://user-images.githubusercontent.com/18019529/108397926-d4a36300-725b-11eb-83fe-74795c8c3e03.png) -4. Install app to account -5. Store privateKey in `argocd-notifications-secret` Secret and configure GitHub integration -in `argocd-notifications-cm` ConfigMap +1. Change repository permissions to enable write commit statuses and/or deployments and/or pull requests comments + ![2](https://user-images.githubusercontent.com/18019529/108397381-3ca57980-725b-11eb-8d17-5b8992dc009e.png) +1. Generate a private key, and download it automatically + ![3](https://user-images.githubusercontent.com/18019529/108397926-d4a36300-725b-11eb-83fe-74795c8c3e03.png) +1. Install app to account +1. Store privateKey in `argocd-notifications-secret` Secret and configure GitHub integration + in `argocd-notifications-cm` ConfigMap ```yaml apiVersion: v1 @@ -77,6 +77,7 @@ template.app-deployed: | requiredContexts: [] autoMerge: true transientEnvironment: false + reference: v1.0.0 pullRequestComment: content: | Application {{.app.metadata.name}} is now running new version of deployments manifests. @@ -84,9 +85,11 @@ template.app-deployed: | ``` **Notes**: + - If the message is set to 140 characters or more, it will be truncated. - If `github.repoURLPath` and `github.revisionPath` are same as above, they can be omitted. - Automerge is optional and `true` by default for github deployments to ensure the requested ref is up to date with the default branch. Setting this option to `false` is required if you would like to deploy older refs in your default branch. For more information see the [GitHub Deployment API Docs](https://docs.github.com/en/rest/deployments/deployments?apiVersion=2022-11-28#create-a-deployment). - If `github.pullRequestComment.content` is set to 65536 characters or more, it will be truncated. +- Reference is optional. When set, it will be used as the ref to deploy. If not set, the revision will be used as the ref to deploy. diff --git a/docs/operator-manual/notifications/services/opsgenie.md b/docs/operator-manual/notifications/services/opsgenie.md index e92ee99756ab8..2cc1ebff62abf 100755 --- a/docs/operator-manual/notifications/services/opsgenie.md +++ b/docs/operator-manual/notifications/services/opsgenie.md @@ -7,14 +7,23 @@ To be able to send notifications with argocd-notifications you have to create an 3. Click "Teams" in the Menu on the left 4. Select the team that you want to notify 5. In the teams configuration menu select "Integrations" -6. click "Add Integration" in the top right corner +6. Click "Add Integration" in the top right corner 7. Select "API" integration 8. Give your integration a name, copy the "API key" and safe it somewhere for later -9. Make sure the checkboxes for "Create and Update Access" and "enable" are selected, disable the other checkboxes to remove unnecessary permissions -10. Click "Safe Integration" at the bottom -11. Check your browser for the correct server apiURL. If it is "app.opsgenie.com" then use the US/international api url `api.opsgenie.com` in the next step, otherwise use `api.eu.opsgenie.com` (European API). -12. You are finished with configuring Opsgenie. Now you need to configure argocd-notifications. Use the apiUrl, the team name and the apiKey to configure the Opsgenie integration in the `argocd-notifications-secret` secret. +9. Click "Edit" in the integration settings +10. Make sure the checkbox for "Create and Update Access" is selected, disable the other checkboxes to remove unnecessary permissions +11. Click "Save" at the bottom +12. Click "Turn on integration" in the top right corner +13. Check your browser for the correct server apiURL. If it is "app.opsgenie.com" then use the US/international api url `api.opsgenie.com` in the next step, otherwise use `api.eu.opsgenie.com` (European API). +14. You are finished with configuring Opsgenie. Now you need to configure argocd-notifications. Use the apiUrl, the team name and the apiKey to configure the Opsgenie integration in the `argocd-notifications-secret` secret. +15. You can find the example `argocd-notifications-cm` configuration at the below. +| **Option** | **Required** | **Type** | **Description** | **Example** | +| ------------- | ------------ | -------- | -------------------------------------------------------------------------------------------------------- | -------------------------------- | +| `description` | True | `string` | Description field of the alert that is generally used to provide a detailed information about the alert. | `Hello from Argo CD!` | +| `priority` | False | `string` | Priority level of the alert. Possible values are P1, P2, P3, P4 and P5. Default value is P3. | `P1` | +| `alias` | False | `string` | Client-defined identifier of the alert, that is also the key element of Alert De-Duplication. | `Life is too short for no alias` | +| `note` | False | `string` | Additional note that will be added while creating the alert. | `Error from Argo CD!` | ```yaml apiVersion: v1 @@ -26,4 +35,30 @@ data: apiUrl: apiKeys: : + template.opsgenie: | + message: | + [Argo CD] Application {{.app.metadata.name}} has a problem. + opsgenie: + description: | + Application: {{.app.metadata.name}} + Health Status: {{.app.status.health.status}} + Operation State Phase: {{.app.status.operationState.phase}} + Sync Status: {{.app.status.sync.status}} + priority: P1 + alias: {{.app.metadata.name}} + note: Error from Argo CD! + trigger.on-a-problem: | + - description: Application has a problem. + send: + - opsgenie + when: app.status.health.status == 'Degraded' or app.status.operationState.phase in ['Error', 'Failed'] or app.status.sync.status == 'Unknown' +``` + +16. Add annotation in application yaml file to enable notifications for specific Argo CD app. +```yaml + apiVersion: argoproj.io/v1alpha1 + kind: Application + metadata: + annotations: + notifications.argoproj.io/subscribe.on-a-problem.opsgenie: ``` \ No newline at end of file diff --git a/docs/operator-manual/notifications/services/telegram.md b/docs/operator-manual/notifications/services/telegram.md index 8612a09d1ca84..d370e4fc2359b 100755 --- a/docs/operator-manual/notifications/services/telegram.md +++ b/docs/operator-manual/notifications/services/telegram.md @@ -33,3 +33,12 @@ metadata: annotations: notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: -1000000000000 ``` + +If your private chat contains threads, you can optionally specify a thread id by seperating it with a `|`: +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + annotations: + notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: -1000000000000|2 +``` diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md index b1d386fb5eb8e..8b318e77b7060 100644 --- a/docs/operator-manual/rbac.md +++ b/docs/operator-manual/rbac.md @@ -1,195 +1,286 @@ # RBAC Configuration -The RBAC feature enables restriction of access to Argo CD resources. Argo CD does not have its own -user management system and has only one built-in user `admin`. The `admin` user is a superuser and +The RBAC feature enables restrictions of access to Argo CD resources. Argo CD does not have its own +user management system and has only one built-in user, `admin`. The `admin` user is a superuser and it has unrestricted access to the system. RBAC requires [SSO configuration](user-management/index.md) or [one or more local users setup](user-management/index.md). Once SSO or local users are configured, additional RBAC roles can be defined, and SSO groups or local users can then be mapped to roles. +There are two main components where RBAC configuration can be defined: + +- The global RBAC config map (see [argo-rbac-cm.yaml](argocd-rbac-cm-yaml.md)) +- The [AppProject's roles](../user-guide/projects.md#project-roles) + ## Basic Built-in Roles Argo CD has two pre-defined roles but RBAC configuration allows defining roles and groups (see below). -* `role:readonly` - read-only access to all resources -* `role:admin` - unrestricted access to all resources +- `role:readonly`: read-only access to all resources +- `role:admin`: unrestricted access to all resources These default built-in role definitions can be seen in [builtin-policy.csv](https://github.com/argoproj/argo-cd/blob/master/assets/builtin-policy.csv) -### RBAC Permission Structure +## Default Policy for Authenticated Users + +When a user is authenticated in Argo CD, it will be granted the role specified in `policy.default`. + +!!! warning "Restricting Default Permissions" + + **All authenticated users get _at least_ the permissions granted by the default policies. This access cannot be blocked + by a `deny` rule.** It is recommended to create a new `role:authenticated` with the minimum set of permissions possible, + then grant permissions to individual roles as needed. + +## Anonymous Access + +Enabling anonymous access to the Argo CD instance allows users to assume the default role permissions specified by `policy.default` **without being authenticated**. + +The anonymous access to Argo CD can be enabled using the `users.anonymous.enabled` field in `argocd-cm` (see [argocd-cm.yaml](argocd-cm-yaml.md)). + +!!! warning + + When enabling anonymous access, consider creating a new default role and assigning it to the default policies + with `policy.default: role:unauthenticated`. + +## RBAC Model Structure + +The model syntax is based on [Casbin](https://casbin.org/docs/overview). There are two different types of syntax: one for assigning policies, and another one for assigning users to internal roles. + +**Group**: Allows to assign authenticated users/groups to internal roles. + +Syntax: `g, , ` + +- ``: The entity to whom the role will be assigned. It can be a local user or a user authenticated with SSO. + When SSO is used, the `user` will be based on the `sub` claims, while the group is one of the values returned by the `scopes` configuration. +- ``: The internal role to which the entity will be assigned. + +**Policy**: Allows to assign permissions to an entity. + +Syntax: `p, , , , , ` + +- ``: The entity to whom the policy will be assigned +- ``: The type of resource on which the action is performed. +- ``: The operation that is being performed on the resource. +- ``: The object identifier representing the resource on which the action is performed. Depending on the resource, the object's format will vary. +- ``: Whether this policy should grant or restrict the operation on the target object. One of `allow` or `deny`. + +Below is a table that summarizes all possible resources and which actions are valid for each of them. + +| Resource\Action | get | create | update | delete | sync | action | override | invoke | +| :------------------ | :-: | :----: | :----: | :----: | :--: | :----: | :------: | :----: | +| **applications** | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | +| **applicationsets** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | +| **clusters** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | +| **projects** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | +| **repositories** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | +| **accounts** | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | +| **certificates** | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | +| **gpgkeys** | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | +| **logs** | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| **exec** | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | +| **extensions** | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | + +### Application-Specific Policy + +Some policy only have meaning within an application. It is the case with the following resources: + +- `applications` +- `applicationsets` +- `logs` +- `exec` + +While they can be set in the global configuration, they can also be configured in [AppProject's roles](../user-guide/projects.md#project-roles). +The expected `` value in the policy structure is replaced by `/`. + +For instance, these policies would grant `example-user` access to get any applications, +but only be able to see logs in `my-app` application part of the `example-project` project. + +```csv +p, example-user, applications, get, *, allow +p, example-user, logs, get, example-project/my-app, allow +``` + +#### Application in Any Namespaces + +When [application in any namespace](app-any-namespace.md) is enabled, the expected `` value in the policy structure is replaced by `//`. +Since multiple applications could have the same name in the same project, the policy below makes sure to restrict access only to `app-namespace`. + +```csv +p, example-user, applications, get, */app-namespace/*, allow +p, example-user, logs, get, example-project/app-namespace/my-app, allow +``` + +### The `applications` resource -Breaking down the permissions definition differs slightly between applications and every other resource type in Argo CD. +The `applications` resource is an [Application-Specific Policy](#application-specific-policy). -* All resources *except* application-specific permissions (see next bullet): +#### Fine-grained Permissions for `update`/`delete` action - `p, , , , ` +The `update` and `delete` actions, when granted on an application, will allow the user to perform the operation on the application itself **and** all of its resources. +It can be desirable to only allow `update` or `delete` on specific resources within an application. -* Applications, applicationsets, logs, and exec (which belong to an `AppProject`): +To do so, when the action if performed on an application's resource, the `` will have the `////` format. - `p, , , , /` +For instance, to grant access to `example-user` to only delete Pods in the `prod-app` Application, the policy could be: -### RBAC Resources and Actions +```csv +p, example-user, applications, delete/*/Pod/*, default/prod-app, allow +``` -Resources: `clusters`, `projects`, `applications`, `applicationsets`, -`repositories`, `certificates`, `accounts`, `gpgkeys`, `logs`, `exec`, -`extensions` +If we want to grant access to the user to update all resources of an application, but not the application itself: -Actions: `get`, `create`, `update`, `delete`, `sync`, `override`,`action/` +```csv +p, example-user, applications, update/*, default/prod-app, allow +``` -Note that `sync`, `override`, and `action/` only have meaning for the `applications` resource. +If we want to explicitly deny delete of the application, but allow the user to delete Pods: -#### Application resources +```csv +p, example-user, applications, delete, default/prod-app, deny +p, example-user, applications, delete/*/Pod/*, default/prod-app, allow +``` -The resource path for application objects is of the form -`/`. +!!! note -Delete access to sub-resources of a project, such as a rollout or a pod, cannot -be managed granularly. `/` grants access to all -subresources of an application. + It is not possible to deny fine-grained permissions for a sub-resource if the action was **explicitly allowed on the application**. + For instance, the following policies will **allow** a user to delete the Pod and any other resources in the application: + + ```csv + p, example-user, applications, delete, default/prod-app, allow + p, example-user, applications, delete/*/Pod/*, default/prod-app, deny + ``` #### The `action` action The `action` action corresponds to either built-in resource customizations defined [in the Argo CD repository](https://github.com/argoproj/argo-cd/tree/master/resource_customizations), or to [custom resource actions](resource_actions.md#custom-resource-actions) defined by you. -The `action` path is of the form `action///`. For -example, a resource customization path -`resource_customizations/extensions/DaemonSet/actions/restart/action.lua` -corresponds to the `action` path `action/extensions/DaemonSet/restart`. You can -also use glob patterns in the action path: `action/*` (or regex patterns if you have -[enabled the `regex` match mode](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-rbac-cm.yaml)). -If the resource is not under a group (for examples, Pods or ConfigMaps), then omit the group name from your RBAC -configuration: +The `` has the `action///` format. + +For example, a resource customization path `resource_customizations/extensions/DaemonSet/actions/restart/action.lua` +corresponds to the `action` path `action/extensions/DaemonSet/restart`. If the resource is not under a group (for example, Pods or ConfigMaps), +then the path will be `action//Pod/action-name`. + +The following policies allows the user to perform any action on the DaemonSet resources, as well as the `maintenance-off` action on a Pod: ```csv p, example-user, applications, action//Pod/maintenance-off, default/*, allow +p, example-user, applications, action/extensions/DaemonSet/*, default/*, allow ``` -#### The `exec` resource +To allow the user to perform any actions: -`exec` is a special resource. When enabled with the `create` action, this privilege allows a user to `exec` into Pods via -the Argo CD UI. The functionality is similar to `kubectl exec`. +```csv +p, example-user, applications, action/*, default/*, allow +``` -See [Web-based Terminal](web_based_terminal.md) for more info. +#### The `override` action + +When granted along with the `sync` action, the override action will allow a user to synchronize local manifests to the Application. +These manifests will be used instead of the configured source, until the next sync is performed. -#### The `applicationsets` resource +### The `applicationsets` resource + +The `applicationsets` resource is an [Application-Specific policy](#application-specific-policy). [ApplicationSets](applicationset/index.md) provide a declarative way to automatically create/update/delete Applications. -Granting `applicationsets, create` effectively grants the ability to create Applications. While it doesn't allow the +Allowing the `create` action on the resource effectively grants the ability to create Applications. While it doesn't allow the user to create Applications directly, they can create Applications via an ApplicationSet. -In v2.5, it is not possible to create an ApplicationSet with a templated Project field (e.g. `project: {{path.basename}}`) -via the API (or, by extension, the CLI). Disallowing templated projects makes project restrictions via RBAC safe: +!!! note + + In v2.5, it is not possible to create an ApplicationSet with a templated Project field (e.g. `project: {{path.basename}}`) + via the API (or, by extension, the CLI). Disallowing templated projects makes project restrictions via RBAC safe: + +With the resource being application-specific, the `` of the applicationsets policy will have the format `/`. +However, since an ApplicationSet does belong to any project, the `` value represents the projects in which the ApplicationSet will be able to create Applications. + +With the following policy, a `dev-group` user will be unable to create an ApplicationSet capable of creating Applications +outside the `dev-project` project. ```csv p, dev-group, applicationsets, *, dev-project/*, allow ``` -With this rule in place, a `dev-group` user will be unable to create an ApplicationSet capable of creating Applications -outside the `dev-project` project. +### The `logs` resource -#### The `extensions` resource +The `logs` resource is an [Application-Specific Policy](#application-specific-policy). -With the `extensions` resource it is possible configure permissions to -invoke [proxy -extensions](../developer-guide/extensions/proxy-extensions.md). The -`extensions` RBAC validation works in conjunction with the -`applications` resource. A user logged in Argo CD (UI or CLI), needs -to have at least read permission on the project, namespace and -application where the request is originated from. +When granted with the `get` action, this policy allows a user to see Pod's logs of an application via +the Argo CD UI. The functionality is similar to `kubectl logs`. -Consider the example below: +### The `exec` resource + +The `exec` resource is an [Application-Specific Policy](#application-specific-policy). + +When granted with the `create` action, this policy allows a user to `exec` into Pods of an application via +the Argo CD UI. The functionality is similar to `kubectl exec`. + +See [Web-based Terminal](web_based_terminal.md) for more info. + +### The `extensions` resource + +With the `extensions` resource, it is possible to configure permissions to invoke [proxy extensions](../developer-guide/extensions/proxy-extensions.md). +The `extensions` RBAC validation works in conjunction with the `applications` resource. +A user **needs to have read permission on the application** where the request is originated from. + +Consider the example below, it will allow the `example-user` to invoke the `httpbin` extensions in all +applications under the `default` project. ```csv -g, ext, role:extension -p, role:extension, applications, get, default/httpbin-app, allow -p, role:extension, extensions, invoke, httpbin, allow +p, example-user, applications, get, default/*, allow +p, example-user, extensions, invoke, httpbin, allow ``` -Explanation: +### The `deny` effect -* *line1*: defines the group `role:extension` associated with the - subject `ext`. -* *line2*: defines a policy allowing this role to read (`get`) the - `httpbin-app` application in the `default` project. -* *line3*: defines another policy allowing this role to `invoke` the - `httpbin` extension. +When `deny` is used as an effect in a policy, it will be effective if the policy matches. +Even if more specific policies with the `allow` effect match as well, the `deny` will have priority. -**Note 1**: that for extensions requests to be allowed, the policy defined -in the *line2* is also required. +The order in which the policies appears in the policy file configuration has no impact, and the result is deterministic. -**Note 2**: `invoke` is a new action introduced specifically to be used -with the `extensions` resource. The current actions for `extensions` -are `*` or `invoke`. +## Policies Evaluation and Matching -## Tying It All Together +The evaluation of access is done in two parts: validating against the default policy configuration, then validating against the policies for the current user. -Additional roles and groups can be configured in `argocd-rbac-cm` ConfigMap. The example below -configures a custom role, named `org-admin`. The role is assigned to any user which belongs to -`your-github-org:your-team` group. All other users get the default policy of `role:readonly`, -which cannot modify Argo CD settings. +**If an action is allowed or denied by the default policies, then this effect will be effective without further evaluation**. +When the effect is undefined, the evaluation will continue with subject-specific policies. -!!! warning - All authenticated users get *at least* the permissions granted by the default policy. This access cannot be blocked - by a `deny` rule. Instead, restrict the default policy and then grant permissions to individual roles as needed. +The access will be evaluated for the user, then for each configured group that the user is part of. -*ArgoCD ConfigMap `argocd-rbac-cm` Example:* +The matching engine, configured in `policy.matchMode`, can use two different match modes to compare the values of tokens: -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-rbac-cm - namespace: argocd -data: - policy.default: role:readonly - policy.csv: | - p, role:org-admin, applications, *, */*, allow - p, role:org-admin, clusters, get, *, allow - p, role:org-admin, repositories, get, *, allow - p, role:org-admin, repositories, create, *, allow - p, role:org-admin, repositories, update, *, allow - p, role:org-admin, repositories, delete, *, allow - p, role:org-admin, projects, get, *, allow - p, role:org-admin, projects, create, *, allow - p, role:org-admin, projects, update, *, allow - p, role:org-admin, projects, delete, *, allow - p, role:org-admin, logs, get, *, allow - p, role:org-admin, exec, create, */*, allow - - g, your-github-org:your-team, role:org-admin -``` +- `glob`: based on the [`glob` package](https://pkg.go.dev/github.com/gobwas/glob). +- `regex`: based on the [`regexp` package](https://pkg.go.dev/regexp). ----- +When all tokens match during the evaluation, the effect will be returned. The evaluation will continue until all matching policies are evaluated, or until a policy with the `deny` effect matches. +After all policies are evaluated, if there was at least one `allow` effect and no `deny`, access will be granted. -Another `policy.csv` example might look as follows: +### Glob matching -```csv -p, role:staging-db-admin, applications, create, staging-db-project/*, allow -p, role:staging-db-admin, applications, delete, staging-db-project/*, allow -p, role:staging-db-admin, applications, get, staging-db-project/*, allow -p, role:staging-db-admin, applications, override, staging-db-project/*, allow -p, role:staging-db-admin, applications, sync, staging-db-project/*, allow -p, role:staging-db-admin, applications, update, staging-db-project/*, allow -p, role:staging-db-admin, logs, get, staging-db-project/*, allow -p, role:staging-db-admin, exec, create, staging-db-project/*, allow -p, role:staging-db-admin, projects, get, staging-db-project, allow -g, db-admins, role:staging-db-admin +When `glob` is used, the policy tokens are treated as single terms, without separators. + +Consider the following policy: + +``` +p, example-user, applications, action/extensions/*, default/*, allow ``` -This example defines a *role* called `staging-db-admin` with nine *permissions* that allow users with that role to perform the following *actions*: +When the `example-user` executes the `extensions/DaemonSet/test` action, the following `glob` matches will happen: -* `create`, `delete`, `get`, `override`, `sync` and `update` for applications in the `staging-db-project` project, -* `get` logs for objects in the `staging-db-project` project, -* `create` exec for objects in the `staging-db-project` project, and -* `get` for the project named `staging-db-project`. +1. The current user `example-user` matches the token `example-user`. +2. The value `applications` matches the token `applications`. +3. The value `action/extensions/DaemonSet/test` matches `action/extensions/*`. Note that `/` is not treated as a separator and the use of `**` is not necessary. +4. The value `default/my-app` matches `default/*`. -!!! note - The `scopes` field controls which OIDC scopes to examine during rbac - enforcement (in addition to `sub` scope). If omitted, defaults to: - `'[groups]'`. The scope value can be a string, or a list of strings. +## Using SSO Users/Groups + +The `scopes` field controls which OIDC scopes to examine during RBAC enforcement (in addition to `sub` scope). +If omitted, it defaults to `'[groups]'`. The scope value can be a string, or a list of strings. + +For more information on `scopes` please review the [User Management Documentation](user-management/index.md). -Following example shows targeting `email` as well as `groups` from your OIDC provider. +The following example shows targeting `email` as well as `groups` from your OIDC provider. ```yaml apiVersion: v1 @@ -209,128 +300,102 @@ data: scopes: '[groups, email]' ``` -For more information on `scopes` please review the [User Management Documentation](user-management/index.md). - -## Policy CSV Composition - -It is possible to provide additional entries in the `argocd-rbac-cm` -configmap to compose the final policy csv. In this case the key must -follow the pattern `policy..csv`. Argo CD will concatenate -all additional policies it finds with this pattern below the main one -('policy.csv'). The order of additional provided policies are -determined by the key string. Example: if two additional policies are -provided with keys `policy.A.csv` and `policy.B.csv`, it will first -concatenate `policy.A.csv` and then `policy.B.csv`. - -This is useful to allow composing policies in config management tools -like Kustomize, Helm, etc. - -The example below shows how a Kustomize patch can be provided in an -overlay to add additional configuration to an existing RBAC policy. +This can be useful to associate users' emails and groups directly in AppProject. ```yaml -apiVersion: v1 -kind: ConfigMap +apiVersion: argoproj.io/v1alpha1 +kind: AppProject metadata: - name: argocd-rbac-cm + name: team-beta-project namespace: argocd -data: - policy.tester-overlay.csv: | - p, role:tester, applications, *, */*, allow - p, role:tester, projects, *, *, allow - g, my-org:team-qa, role:tester +spec: + roles: + - name: admin + description: Admin privileges to team-beta + policies: + - p, proj:team-beta-project:admin, applications, *, *, allow + groups: + - user@example.org # Value from the email scope + - my-org:team-beta # Value from the groups scope ``` -## Anonymous Access - -The anonymous access to Argo CD can be enabled using `users.anonymous.enabled` field in `argocd-cm` (see [argocd-cm.yaml](argocd-cm.yaml)). -The anonymous users get default role permissions specified by `policy.default` in `argocd-rbac-cm.yaml`. For read-only access you'll want `policy.default: role:readonly` as above - -## Validating and testing your RBAC policies - -If you want to ensure that your RBAC policies are working as expected, you can -use the `argocd admin settings rbac` command to validate them. This tool allows you to -test whether a certain role or subject can perform the requested action with a -policy that's not live yet in the system, i.e. from a local file or config map. -Additionally, it can be used against the live policy in the cluster your Argo -CD is running in. +## Local Users/Accounts -To check whether your new policy is valid and understood by Argo CD's RBAC -implementation, you can use the `argocd admin settings rbac validate` command. - -### Validating a policy +[Local users](user-management/index.md#local-usersaccounts) are assigned access by either grouping them with a role or by assigning policies directly +to them. -To validate a policy stored in a local text file: +The example below shows how to assign a policy directly to a local user. -```shell -argocd admin settings rbac validate --policy-file somepolicy.csv +```yaml +p, my-local-user, applications, sync, my-project/*, allow ``` -To validate a policy stored in a local K8s ConfigMap definition in a YAML file: +This example shows how to assign a role to a local user. -```shell -argocd admin settings rbac validate --policy-file argocd-rbac-cm.yaml +```yaml +g, my-local-user, role:admin ``` -To validate a policy stored in K8s, used by Argo CD in namespace `argocd`, -ensure that your current context in `~/.kube/config` is pointing to your -Argo CD cluster and give appropriate namespace: +!!! warning "Ambiguous Group Assignments" -```shell -argocd admin settings rbac validate --namespace argocd -``` + If you have [enabled SSO](user-management/index.md#sso), any SSO user with a scope that matches a local user will be + added to the same roles as the local user. For example, if local user `sally` is assigned to `role:admin`, and if an + SSO user has a scope which happens to be named `sally`, that SSO user will also be assigned to `role:admin`. -### Testing a policy + An example of where this may be a problem is if your SSO provider is an SCM, and org members are automatically + granted scopes named after the orgs. If a user can create or add themselves to an org in the SCM, they can gain the + permissions of the local user with the same name. -To test whether a role or subject (group or local user) has sufficient -permissions to execute certain actions on certain resources, you can -use the `argocd admin settings rbac can` command. Its general syntax is + To avoid ambiguity, if you are using local users and SSO, it is recommended to assign policies directly to local + users, and not to assign roles to local users. In other words, instead of using `g, my-local-user, role:admin`, you + should explicitly assign policies to `my-local-user`: -```shell -argocd admin settings rbac can SOMEROLE ACTION RESOURCE SUBRESOURCE [flags] -``` + ```yaml + p, my-local-user, *, *, *, allow + ``` -Given the example from the above ConfigMap, which defines the role -`role:org-admin`, and is stored on your local system as `argocd-rbac-cm-yaml`, -you can test whether that role can do something like follows: +## Policy CSV Composition -```console -$ argocd admin settings rbac can role:org-admin get applications --policy-file argocd-rbac-cm.yaml -Yes +It is possible to provide additional entries in the `argocd-rbac-cm` configmap to compose the final policy csv. +In this case, the key must follow the pattern `policy..csv`. +Argo CD will concatenate all additional policies it finds with this pattern below the main one ('policy.csv'). +The order of additional provided policies are determined by the key string. -$ argocd admin settings rbac can role:org-admin get clusters --policy-file argocd-rbac-cm.yaml -Yes +Example: if two additional policies are provided with keys `policy.A.csv` and `policy.B.csv`, +it will first concatenate `policy.A.csv` and then `policy.B.csv`. -$ argocd admin settings rbac can role:org-admin create clusters 'somecluster' --policy-file argocd-rbac-cm.yaml -No +This is useful to allow composing policies in config management tools like Kustomize, Helm, etc. -$ argocd admin settings rbac can role:org-admin create applications 'someproj/someapp' --policy-file argocd-rbac-cm.yaml -Yes -``` +The example below shows how a Kustomize patch can be provided in an overlay to add additional configuration to an existing RBAC ConfigMap. -Another example, given the policy above from `policy.csv`, which defines the -role `role:staging-db-admin` and associates the group `db-admins` with it. -Policy is stored locally as `policy.csv`: +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-rbac-cm + namespace: argocd +data: + policy.tester-overlay.csv: | + p, role:tester, applications, *, */*, allow + p, role:tester, projects, *, *, allow + g, my-org:team-qa, role:tester +``` -You can test against the role: +## Validating and testing your RBAC policies -```console -$ # Plain policy, without a default role defined -$ argocd admin settings rbac can role:staging-db-admin get applications --policy-file policy.csv -No +If you want to ensure that your RBAC policies are working as expected, you can +use the [`argocd admin settings rbac` command](../user-guide/commands/argocd_admin_settings_rbac.md) to validate them. +This tool allows you to test whether a certain role or subject can perform the requested action with a policy +that's not live yet in the system, i.e. from a local file or config map. +Additionally, it can be used against the live RBAC configuration in the cluster your Argo CD is running in. -$ argocd admin settings rbac can role:staging-db-admin get applications 'staging-db-project/*' --policy-file policy.csv -Yes +### Validating a policy -$ # Argo CD augments a builtin policy with two roles defined, the default role -$ # being 'role:readonly' - You can include a named default role to use: -$ argocd admin settings rbac can role:staging-db-admin get applications --policy-file policy.csv --default-role role:readonly -Yes -``` +To check whether your new policy configuration is valid and understood by Argo CD's RBAC implementation, +you can use the [`argocd admin settings rbac validate` command](../user-guide/commands/argocd_admin_settings_rbac_validate.md). -Or against the group defined: +### Testing a policy -```console -$ argocd admin settings rbac can db-admins get applications 'staging-db-project/*' --policy-file policy.csv -Yes -``` +To test whether a role or subject (group or local user) has sufficient +permissions to execute certain actions on certain resources, you can +use the [`argocd admin settings rbac can` command](../user-guide/commands/argocd_admin_settings_rbac_can.md). diff --git a/docs/operator-manual/secret-management.md b/docs/operator-manual/secret-management.md index aa224e20ff742..95343789c4868 100644 --- a/docs/operator-manual/secret-management.md +++ b/docs/operator-manual/secret-management.md @@ -19,13 +19,14 @@ Here are some ways people are doing GitOps secrets: * [argocd-vault-replacer](https://github.com/crumbhole/argocd-vault-replacer) * [Kubernetes Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) * [Vals-Operator](https://github.com/digitalis-io/vals-operator) +* [argocd-secret-replacer](https://github.com/mmalyska/argocd-secret-replacer) For discussion, see [#1364](https://github.com/argoproj/argo-cd/issues/1364) ## Mitigating Risks of Secret-Injection Plugins -Argo CD caches the manifests generated by plugins, along with the injected secrets, in its Redis instance. Those -manifests are also available via the repo-server API (a gRPC service). This means that the secrets are available to +Argo CD caches the manifests generated by plugins, along with the injected secrets, in its Redis instance. Those +manifests are also available via the repo-server API (a gRPC service). This means that the secrets are available to anyone who has access to the Redis instance or to the repo-server. Consider these steps to mitigate the risks of secret-injection plugins: @@ -33,5 +34,4 @@ Consider these steps to mitigate the risks of secret-injection plugins: 1. Set up network policies to prevent direct access to Argo CD components (Redis and the repo-server). Make sure your cluster supports those network policies and can actually enforce them. 2. Consider running Argo CD on its own cluster, with no other applications running on it. -3. [Enable password authentication on the Redis instance](https://github.com/argoproj/argo-cd/issues/3130) (currently - only supported for non-HA Argo CD installations). + diff --git a/docs/operator-manual/server-commands/argocd-application-controller.md b/docs/operator-manual/server-commands/argocd-application-controller.md index 61c0c32119895..caab2770e07aa 100644 --- a/docs/operator-manual/server-commands/argocd-application-controller.md +++ b/docs/operator-manual/server-commands/argocd-application-controller.md @@ -15,71 +15,72 @@ argocd-application-controller [flags] ### Options ``` - --app-hard-resync int Time period in seconds for application hard resync. - --app-resync int Time period in seconds for application resync. (default 180) - --app-resync-jitter int Maximum time period in seconds to add as a delay jitter for application resync. - --app-state-cache-expiration duration Cache expiration for app state (default 1h0m0s) - --application-namespaces strings List of additional namespaces that applications are allowed to be reconciled from - --as string Username to impersonate for the operation - --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. - --as-uid string UID to impersonate for the operation - --certificate-authority string Path to a cert file for the certificate authority - --client-certificate string Path to a client certificate file for TLS - --client-key string Path to a client key file for TLS - --cluster string The name of the kubeconfig cluster to use - --context string The name of the kubeconfig context to use - --default-cache-expiration duration Cache expiration default (default 24h0m0s) - --disable-compression If true, opt-out of response compression for all requests to the server - --dynamic-cluster-distribution-enabled Enables dynamic cluster distribution. - --gloglevel int Set the glog logging level - -h, --help help for argocd-application-controller - --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure - --kubeconfig string Path to a kube config. Only required if out-of-cluster - --kubectl-parallelism-limit int Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit. (default 20) - --logformat string Set the logging format. One of: text|json (default "text") - --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") - --metrics-application-labels strings List of Application labels that will be added to the argocd_application_labels metric - --metrics-cache-expiration duration Prometheus metrics cache expiration (disabled by default. e.g. 24h0m0s) - --metrics-port int Start metrics server on given port (default 8082) - -n, --namespace string If present, the namespace scope for this CLI request - --operation-processors int Number of application operation processors (default 10) - --otlp-address string OpenTelemetry collector address to send traces to - --otlp-attrs strings List of OpenTelemetry collector extra attrs when send traces, each attribute is separated by a colon(e.g. key:value) - --otlp-headers stringToString List of OpenTelemetry collector extra headers sent with traces, headers are comma-separated key-value pairs(e.g. key1=value1,key2=value2) (default []) - --otlp-insecure OpenTelemetry collector insecure mode (default true) - --password string Password for basic authentication to the API server - --persist-resource-health Enables storing the managed resources health in the Application CRD (default true) - --proxy-url string If provided, this URL will be used to connect via proxy - --redis string Redis server hostname and port (e.g. argocd-redis:6379). - --redis-ca-certificate string Path to Redis server CA certificate (e.g. /etc/certs/redis/ca.crt). If not specified, system trusted CAs will be used for server certificate validation. - --redis-client-certificate string Path to Redis client certificate (e.g. /etc/certs/redis/client.crt). - --redis-client-key string Path to Redis client key (e.g. /etc/certs/redis/client.crt). - --redis-compress string Enable compression for data sent to Redis with the required compression algorithm. (possible values: gzip, none) (default "gzip") - --redis-insecure-skip-tls-verify Skip Redis server certificate validation. - --redis-use-tls Use TLS when connecting to Redis. - --redisdb int Redis database. - --repo-error-grace-period-seconds int Grace period in seconds for ignoring consecutive errors while communicating with repo server. (default 180) - --repo-server string Repo server address. (default "argocd-repo-server:8081") - --repo-server-plaintext Disable TLS on connections to repo server - --repo-server-strict-tls Whether to use strict validation of the TLS cert presented by the repo server - --repo-server-timeout-seconds int Repo server RPC call timeout seconds. (default 60) - --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") - --self-heal-timeout-seconds int Specifies timeout between application self heal attempts (default 5) - --sentinel stringArray Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). - --sentinelmaster string Redis sentinel master group name. (default "master") - --server string The address and port of the Kubernetes API server - --server-side-diff-enabled Feature flag to enable ServerSide diff. Default ("false") - --sharding-method string Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin] (default "legacy") - --status-processors int Number of application status processors (default 20) - --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. - --token string Bearer token for authentication to the API server - --user string The name of the kubeconfig user to use - --username string Username for basic authentication to the API server - --wq-backoff-factor float Set Workqueue Per Item Rate Limiter Backoff Factor, default is 1.5 (default 1.5) - --wq-basedelay-ns duration Set Workqueue Per Item Rate Limiter Base Delay duration in nanoseconds, default 1000000 (1ms) (default 1ms) - --wq-bucket-qps float Set Workqueue Rate Limiter Bucket QPS, default set to MaxFloat64 which disables the bucket limiter (default 1.7976931348623157e+308) - --wq-bucket-size int Set Workqueue Rate Limiter Bucket Size, default 500 (default 500) - --wq-cooldown-ns duration Set Workqueue Per Item Rate Limiter Cooldown duration in ns, default 0(per item rate limiter disabled) - --wq-maxdelay-ns duration Set Workqueue Per Item Rate Limiter Max Delay duration in nanoseconds, default 1000000000 (1s) (default 1s) + --app-hard-resync int Time period in seconds for application hard resync. + --app-resync int Time period in seconds for application resync. (default 180) + --app-resync-jitter int Maximum time period in seconds to add as a delay jitter for application resync. + --app-state-cache-expiration duration Cache expiration for app state (default 1h0m0s) + --application-namespaces strings List of additional namespaces that applications are allowed to be reconciled from + --as string Username to impersonate for the operation + --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. + --as-uid string UID to impersonate for the operation + --certificate-authority string Path to a cert file for the certificate authority + --client-certificate string Path to a client certificate file for TLS + --client-key string Path to a client key file for TLS + --cluster string The name of the kubeconfig cluster to use + --context string The name of the kubeconfig context to use + --default-cache-expiration duration Cache expiration default (default 24h0m0s) + --disable-compression If true, opt-out of response compression for all requests to the server + --dynamic-cluster-distribution-enabled Enables dynamic cluster distribution. + --gloglevel int Set the glog logging level + -h, --help help for argocd-application-controller + --ignore-normalizer-jq-execution-timeout-seconds duration Set ignore normalizer JQ execution timeout + --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + --kubeconfig string Path to a kube config. Only required if out-of-cluster + --kubectl-parallelism-limit int Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit. (default 20) + --logformat string Set the logging format. One of: text|json (default "text") + --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --metrics-application-labels strings List of Application labels that will be added to the argocd_application_labels metric + --metrics-cache-expiration duration Prometheus metrics cache expiration (disabled by default. e.g. 24h0m0s) + --metrics-port int Start metrics server on given port (default 8082) + -n, --namespace string If present, the namespace scope for this CLI request + --operation-processors int Number of application operation processors (default 10) + --otlp-address string OpenTelemetry collector address to send traces to + --otlp-attrs strings List of OpenTelemetry collector extra attrs when send traces, each attribute is separated by a colon(e.g. key:value) + --otlp-headers stringToString List of OpenTelemetry collector extra headers sent with traces, headers are comma-separated key-value pairs(e.g. key1=value1,key2=value2) (default []) + --otlp-insecure OpenTelemetry collector insecure mode (default true) + --password string Password for basic authentication to the API server + --persist-resource-health Enables storing the managed resources health in the Application CRD (default true) + --proxy-url string If provided, this URL will be used to connect via proxy + --redis string Redis server hostname and port (e.g. argocd-redis:6379). + --redis-ca-certificate string Path to Redis server CA certificate (e.g. /etc/certs/redis/ca.crt). If not specified, system trusted CAs will be used for server certificate validation. + --redis-client-certificate string Path to Redis client certificate (e.g. /etc/certs/redis/client.crt). + --redis-client-key string Path to Redis client key (e.g. /etc/certs/redis/client.crt). + --redis-compress string Enable compression for data sent to Redis with the required compression algorithm. (possible values: gzip, none) (default "gzip") + --redis-insecure-skip-tls-verify Skip Redis server certificate validation. + --redis-use-tls Use TLS when connecting to Redis. + --redisdb int Redis database. + --repo-error-grace-period-seconds int Grace period in seconds for ignoring consecutive errors while communicating with repo server. (default 180) + --repo-server string Repo server address. (default "argocd-repo-server:8081") + --repo-server-plaintext Disable TLS on connections to repo server + --repo-server-strict-tls Whether to use strict validation of the TLS cert presented by the repo server + --repo-server-timeout-seconds int Repo server RPC call timeout seconds. (default 60) + --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") + --self-heal-timeout-seconds int Specifies timeout between application self heal attempts (default 5) + --sentinel stringArray Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). + --sentinelmaster string Redis sentinel master group name. (default "master") + --server string The address and port of the Kubernetes API server + --server-side-diff-enabled Feature flag to enable ServerSide diff. Default ("false") + --sharding-method string Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin] (default "legacy") + --status-processors int Number of application status processors (default 20) + --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. + --token string Bearer token for authentication to the API server + --user string The name of the kubeconfig user to use + --username string Username for basic authentication to the API server + --wq-backoff-factor float Set Workqueue Per Item Rate Limiter Backoff Factor, default is 1.5 (default 1.5) + --wq-basedelay-ns duration Set Workqueue Per Item Rate Limiter Base Delay duration in nanoseconds, default 1000000 (1ms) (default 1ms) + --wq-bucket-qps float Set Workqueue Rate Limiter Bucket QPS, default set to MaxFloat64 which disables the bucket limiter (default 1.7976931348623157e+308) + --wq-bucket-size int Set Workqueue Rate Limiter Bucket Size, default 500 (default 500) + --wq-cooldown-ns duration Set Workqueue Per Item Rate Limiter Cooldown duration in ns, default 0(per item rate limiter disabled) + --wq-maxdelay-ns duration Set Workqueue Per Item Rate Limiter Max Delay duration in nanoseconds, default 1000000000 (1s) (default 1s) ``` diff --git a/docs/operator-manual/server-commands/argocd-repo-server.md b/docs/operator-manual/server-commands/argocd-repo-server.md index 0f824f494f2af..3532fc6c30b4a 100644 --- a/docs/operator-manual/server-commands/argocd-repo-server.md +++ b/docs/operator-manual/server-commands/argocd-repo-server.md @@ -23,6 +23,7 @@ argocd-repo-server [flags] --helm-manifest-max-extracted-size string Maximum size of helm manifest archives when extracted (default "1G") --helm-registry-max-index-size string Maximum size of registry index file (default "1G") -h, --help help for argocd-repo-server + --include-hidden-directories Include hidden directories from Git --logformat string Set the logging format. One of: text|json (default "text") --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") --max-combined-directory-manifests-size string Max combined size of manifest files in a directory-type Application (default "10M") @@ -50,7 +51,7 @@ argocd-repo-server [flags] --sentinelmaster string Redis sentinel master group name. (default "master") --streamed-manifest-max-extracted-size string Maximum size of streamed manifest archives when extracted (default "1G") --streamed-manifest-max-tar-size string Maximum size of streamed manifest archives (default "100M") - --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") + --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") --tlsmaxversion string The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") --tlsminversion string The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") ``` diff --git a/docs/operator-manual/server-commands/argocd-server.md b/docs/operator-manual/server-commands/argocd-server.md index 659a19de3d3e1..5b3fd72ebff00 100644 --- a/docs/operator-manual/server-commands/argocd-server.md +++ b/docs/operator-manual/server-commands/argocd-server.md @@ -100,7 +100,7 @@ argocd-server [flags] --server string The address and port of the Kubernetes API server --staticassets string Directory path that contains additional static assets (default "/shared/app") --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. - --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") + --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") --tlsmaxversion string The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") --tlsminversion string The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") --token string Bearer token for authentication to the API server diff --git a/docs/operator-manual/upgrading/2.10-2.11.md b/docs/operator-manual/upgrading/2.10-2.11.md index 4cf5c8ed02b0b..ea06a89e6d7d7 100644 --- a/docs/operator-manual/upgrading/2.10-2.11.md +++ b/docs/operator-manual/upgrading/2.10-2.11.md @@ -2,4 +2,57 @@ ## initiatedBy added in Application CRD -In order to address [argoproj/argo-cd#16612](https://github.com/argoproj/argo-cd/issues/16612), initiatedBy has been added in the Application CRD. \ No newline at end of file +In order to address [argoproj/argo-cd#16612](https://github.com/argoproj/argo-cd/issues/16612), initiatedBy has been added in the Application CRD. + +## Egress NetworkPolicy for `argocd-redis` and `argocd-redis-ha-haproxy` + +Starting with Argo CD 2.11.2, the NetworkPolicy for the `argocd-redis` and `argocd-redis-ha-haproxy` dropped Egress restrictions. This change was made +to allow access to the Kubernetes API to create a secret to secure Redis access. + +To retain similar networking restrictions as before 2.11.2, you can add an Egress rule to allow access only to the +Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your +Kubernetes setup. The access for Redis itself can be allowed by adding the following to the +`argocd-redis-network-policy` NetworkPolicy: + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-network-policy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-ha-haproxy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 6379 ++ protocol: TCP ++ - port: 26379 ++ protocol: TCP ++ to: ++ - podSelector: ++ matchLabels: ++ app.kubernetes.io/name: argocd-redis-ha ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` \ No newline at end of file diff --git a/docs/operator-manual/upgrading/2.11-2.12.md b/docs/operator-manual/upgrading/2.11-2.12.md new file mode 100644 index 0000000000000..a2f10b61bb60f --- /dev/null +++ b/docs/operator-manual/upgrading/2.11-2.12.md @@ -0,0 +1,42 @@ +# v2.11 to 2.12 + +## Image Registry Change for `redis` and `haproxy` + +Argo CD 2.12 upgraded its [upstream redis-ha Helm chart](https://artifacthub.io/packages/helm/dandydev-charts/redis-ha/) +version from 4.22.3 to 4.26.6. + +As part of the upgrade, the image registry for `redis` and `haproxy` was changed from DockerHub to ECR. + +Make sure that the registry change will work for your environment. One example of a problem would be that your +environment can use Cosign to verify the image signature for DockerHub but not for ECR. You would need to make sure your +Image Validation policy includes the AWS ECR as an approved registry. Please validate that the registry change is +acceptable before upgrading. + +## Server-Side Apply Management of ApplicationSet Fields + +### Summary + +If you are using server-side apply with multiple field managers to manage a single `selector` or `labelSelector` field +in an ApplicationSet, that field management must be changed to be atomic starting with 2.12. + +### Details + +Argo CD 2.12 upgraded its controller-gen version from 0.4.1 to 0.14.0. As part of that change, several ApplicationSet +CRD fields now have `x-kubernetes-map-type: atomic`. + +Each of the affected fields is a label selector with two child keys: `matchLabels` and `matchExpressions`. + +Prior to this change, two field managers could manage the `matchLabels` and `matchExpressions` fields independently. +Starting with the 2.12 CRD, a single field manager must manage both of those fields. This behavior is in line with the +upstream behavior of the label selector struct. + +See the [Kubernetes server-side apply merge strategy docs](https://kubernetes.io/docs/reference/using-api/server-side-apply/#merge-strategy) +for more information about the fields' behavior. + +The affected ApplicationSet fields are the following (jq selector syntax): + +* `.spec.generators[].selector` +* `.spec.generators[].cluster.selector` +* `.spec.generators[].clusterDecisionResource.labelSelector` +* `.spec.generators[].matrix.generators[].selector` +* `.spec.generators[].merge.generators[].selector` diff --git a/docs/operator-manual/upgrading/2.4-2.5.md b/docs/operator-manual/upgrading/2.4-2.5.md index 8971c7cd8e3a4..5ae6772dad9f9 100644 --- a/docs/operator-manual/upgrading/2.4-2.5.md +++ b/docs/operator-manual/upgrading/2.4-2.5.md @@ -86,7 +86,7 @@ p, role:org-admin, exec, create, *, allow ## argocd-cm plugins (CMPs) are deprecated Starting with Argo CD v2.5, installing config management plugins (CMPs) via the `argocd-cm` ConfigMap is deprecated. -~~Support will be removed in v2.6.~~ Support will be removed in v2.7. +Support will be removed in v2.7. You can continue to use the plugins by [installing them as sidecars](https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/) on the repo-server Deployment. @@ -151,7 +151,7 @@ When using `argocd app diff --local`, code from the repo server is run on the us In order to support CMPs and reduce local requirements, we have implemented *server-side generation* of local manifests via the `--server-side-generate` argument. For example, `argocd app diff --local repoDir --server-side-generate` will upload the contents of `repoDir` to the repo server and run your manifest generation pipeline against it, the same as it would for a Git repo. -In ~~v2.6~~ v2.7, the `--server-side-generate` argument will become the default, ~~and client-side generation will be removed~~ and client-side generation will be supported as an alternative. +In v2.7, the `--server-side-generate` argument will become the default, and client-side generation will be supported as an alternative. !!! warning The semantics of *where* Argo will start generating manifests within a repo has changed between client-side and server-side generation. With client-side generation, the application's path (`spec.source.path`) was ignored and the value of `--local-repo-root` was effectively used (by default `/` relative to `--local`). diff --git a/docs/operator-manual/upgrading/2.8-2.9.md b/docs/operator-manual/upgrading/2.8-2.9.md index ef99e09587814..43b5f80e1e6c9 100644 --- a/docs/operator-manual/upgrading/2.8-2.9.md +++ b/docs/operator-manual/upgrading/2.8-2.9.md @@ -3,3 +3,56 @@ ## Upgraded Kustomize Version Note that bundled Kustomize version has been upgraded from 5.1.0 to 5.2.1. + +## Egress NetworkPolicy for `argocd-redis` and `argocd-redis-ha-haproxy` + +Starting with Argo CD 2.9.16, the NetworkPolicy for the `argocd-redis` and `argocd-redis-ha-haproxy` dropped Egress restrictions. This change was made +to allow access to the Kubernetes API to create a secret to secure Redis access. + +To retain similar networking restrictions as before 2.9.16, you can add an Egress rule to allow access only to the +Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your +Kubernetes setup. The access for Redis itself can be allowed by adding the following to the +`argocd-redis-network-policy` NetworkPolicy: + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-network-policy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-ha-haproxy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 6379 ++ protocol: TCP ++ - port: 26379 ++ protocol: TCP ++ to: ++ - podSelector: ++ matchLabels: ++ app.kubernetes.io/name: argocd-redis-ha ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` \ No newline at end of file diff --git a/docs/operator-manual/upgrading/2.9-2.10.md b/docs/operator-manual/upgrading/2.9-2.10.md index 7fddc75ab7e86..7803ce84df237 100644 --- a/docs/operator-manual/upgrading/2.9-2.10.md +++ b/docs/operator-manual/upgrading/2.9-2.10.md @@ -14,3 +14,56 @@ before enabling `managedNamespaceMetadata` on an existing namespace. ## Upgraded Helm Version Note that bundled Helm version has been upgraded from 3.13.2 to 3.14.3. + +## Egress NetworkPolicy for `argocd-redis` and `argocd-redis-ha-haproxy` + +Starting with Argo CD 2.10.11, the NetworkPolicy for the `argocd-redis` and `argocd-redis-ha-haproxy` dropped Egress restrictions. This change was made +to allow access to the Kubernetes API to create a secret to secure Redis access. + +To retain similar networking restrictions as before 2.10.11, you can add an Egress rule to allow access only to the +Kubernetes API and access needed by Redis itself. The Egress rule for Kubernetes access will depend entirely on your +Kubernetes setup. The access for Redis itself can be allowed by adding the following to the +`argocd-redis-network-policy` NetworkPolicy: + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-network-policy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` + +```diff +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: argocd-redis-ha-haproxy +spec: + policyTypes: + - Ingress ++ - Egress ++ egress: ++ - ports: ++ - port: 6379 ++ protocol: TCP ++ - port: 26379 ++ protocol: TCP ++ to: ++ - podSelector: ++ matchLabels: ++ app.kubernetes.io/name: argocd-redis-ha ++ - ports: ++ - port: 53 ++ protocol: UDP ++ - port: 53 ++ protocol: TCP +``` \ No newline at end of file diff --git a/docs/operator-manual/upgrading/overview.md b/docs/operator-manual/upgrading/overview.md index 742c7b191b57a..b4f1c397b62fb 100644 --- a/docs/operator-manual/upgrading/overview.md +++ b/docs/operator-manual/upgrading/overview.md @@ -5,7 +5,7 @@ This section contains information on upgrading Argo CD. Before upgrading please make sure to read details about the breaking changes between Argo CD versions. -Argo CD uses the semver versioning and ensures that following rules: +Argo CD uses semver-like versioning that ensures the following rules: * The patch release does not introduce any breaking changes. So if you are upgrading from v1.5.1 to v1.5.3 there should be no special instructions to follow. @@ -37,6 +37,8 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/ +* [v2.11 to v2.12](./2.11-2.12.md) +* [v2.10 to v2.11](./2.10-2.11.md) * [v2.9 to v2.10](./2.9-2.10.md) * [v2.8 to v2.9](./2.8-2.9.md) * [v2.7 to v2.8](./2.7-2.8.md) diff --git a/docs/operator-manual/user-management/auth0.md b/docs/operator-manual/user-management/auth0.md index 411517df05e06..c20b5f5af30c9 100644 --- a/docs/operator-manual/user-management/auth0.md +++ b/docs/operator-manual/user-management/auth0.md @@ -39,6 +39,7 @@ data: issuer: https://..auth0.com/ clientID: clientSecret: + domain_hint: requestedScopes: - openid - profile diff --git a/docs/operator-manual/user-management/microsoft.md b/docs/operator-manual/user-management/microsoft.md index 486d647fde3d0..19e28cf6fd289 100644 --- a/docs/operator-manual/user-management/microsoft.md +++ b/docs/operator-manual/user-management/microsoft.md @@ -160,7 +160,7 @@ p, role:org-admin, repositories, delete, *, allow g, "84ce98d1-e359-4f3b-85af-985b458de3c6", role:org-admin -4. Mapping role from jwt token to argo +4. Mapping role from jwt token to argo. If you want to map the roles from the jwt token to match the default roles (readonly and admin) then you must change the scope variable in the rbac-configmap. policy.default: role:readonly diff --git a/docs/proposals/application-name-identifier.md b/docs/proposals/application-name-identifier.md index 3d425e9432dbc..0554c4139b817 100644 --- a/docs/proposals/application-name-identifier.md +++ b/docs/proposals/application-name-identifier.md @@ -31,7 +31,7 @@ managed (i.e. reconciled from Git). The default label used is the well-known label `app.kubernetes.io/instance`. This proposal suggests to introduce the `trackingMethod` setting that allows -controlling how applicaton resources are identified and allows switching to +controlling how application resources are identified and allows switching to using the annotation instead of `app.kubernetes.io/instance` label. ## Motivation diff --git a/docs/requirements.txt b/docs/requirements.txt index d350ac4870ee2..7245c6823c935 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,6 +4,6 @@ mkdocs==1.3.0 mkdocs-material==7.1.8 markdown_include==0.6.0 pygments==2.15.0 -jinja2==3.0.3 +jinja2==3.1.4 markdown==3.3.7 pymdown-extensions==10.2.1 \ No newline at end of file diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 7d86536e1bc76..1e02829a1cdf6 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -13,63 +13,51 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](master/argocd-test.html) | 0 | 1 | 7 | 0 | +| [go.mod](master/argocd-test.html) | 0 | 0 | 6 | 0 | | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 2 | -| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 8 | 14 | -| [redis:7.0.14-alpine](master/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 2 | +| [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 3 | +| [haproxy:2.6.14-alpine](master/public.ecr.aws_docker_library_haproxy_2.6.14-alpine.html) | 0 | 1 | 4 | 3 | +| [redis:7.0.15-alpine](master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 9 | +| [redis:7.0.15-alpine](master/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.11.0-rc1 +### v2.11.2 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.11.0-rc1/argocd-test.html) | 0 | 1 | 10 | 0 | -| [ui/yarn.lock](v2.11.0-rc1/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](v2.11.0-rc1/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 2 | -| [haproxy:2.6.14-alpine](v2.11.0-rc1/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.11.0-rc1](v2.11.0-rc1/quay.io_argoproj_argocd_v2.11.0-rc1.html) | 0 | 0 | 8 | 14 | -| [redis:7.0.14-alpine](v2.11.0-rc1/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 2 | -| [install.yaml](v2.11.0-rc1/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.11.0-rc1/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.11.2/argocd-test.html) | 0 | 1 | 6 | 0 | +| [ui/yarn.lock](v2.11.2/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.38.0](v2.11.2/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 3 | +| [haproxy:2.6.14-alpine](v2.11.2/haproxy_2.6.14-alpine.html) | 0 | 1 | 4 | 3 | +| [argocd:v2.11.2](v2.11.2/quay.io_argoproj_argocd_v2.11.2.html) | 0 | 0 | 3 | 16 | +| [redis:7.0.14-alpine](v2.11.2/redis_7.0.14-alpine.html) | 0 | 0 | 6 | 3 | +| [install.yaml](v2.11.2/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.11.2/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.10.6 +### v2.10.11 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.10.6/argocd-test.html) | 0 | 1 | 12 | 0 | -| [ui/yarn.lock](v2.10.6/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.10.6/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.10.6/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.10.6](v2.10.6/quay.io_argoproj_argocd_v2.10.6.html) | 0 | 0 | 8 | 14 | -| [redis:7.0.14-alpine](v2.10.6/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 2 | -| [install.yaml](v2.10.6/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.10.6/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.10.11/argocd-test.html) | 0 | 1 | 7 | 0 | +| [ui/yarn.lock](v2.10.11/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.37.0](v2.10.11/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 7 | 3 | +| [haproxy:2.6.14-alpine](v2.10.11/haproxy_2.6.14-alpine.html) | 0 | 1 | 4 | 3 | +| [argocd:v2.10.11](v2.10.11/quay.io_argoproj_argocd_v2.10.11.html) | 0 | 0 | 3 | 16 | +| [redis:7.0.15-alpine](v2.10.11/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.10.11/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.10.11/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.9.11 +### v2.9.16 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.9.11/argocd-test.html) | 0 | 2 | 11 | 0 | -| [ui/yarn.lock](v2.9.11/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.9.11/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.9.11/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.9.11](v2.9.11/quay.io_argoproj_argocd_v2.9.11.html) | 0 | 0 | 8 | 14 | -| [redis:7.0.11-alpine](v2.9.11/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 2 | -| [install.yaml](v2.9.11/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.9.11/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.8.15 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.8.15/argocd-test.html) | 0 | 2 | 11 | 0 | -| [ui/yarn.lock](v2.8.15/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.8.15/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.8.15/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.8.15](v2.8.15/quay.io_argoproj_argocd_v2.8.15.html) | 0 | 0 | 8 | 14 | -| [redis:7.0.11-alpine](v2.8.15/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 2 | -| [install.yaml](v2.8.15/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.8.15/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.9.16/argocd-test.html) | 0 | 2 | 7 | 0 | +| [ui/yarn.lock](v2.9.16/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.37.0](v2.9.16/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 7 | 3 | +| [haproxy:2.6.14-alpine](v2.9.16/haproxy_2.6.14-alpine.html) | 0 | 1 | 4 | 3 | +| [argocd:v2.9.16](v2.9.16/quay.io_argoproj_argocd_v2.9.16.html) | 0 | 0 | 3 | 16 | +| [redis:7.0.15-alpine](v2.9.16/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.9.16/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.9.16/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index b538bfea3dbfa..b6717dac7c68b 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

April 14th 2024, 12:19:42 am (UTC+00:00)

+

May 26th 2024, 12:17:52 am (UTC+00:00)

Scanned the following path: @@ -466,7 +466,7 @@

Snyk test report

-
39 total issues
+
44 total issues
@@ -498,7 +498,7 @@

Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 16] + [DocId: 17] rules[5] @@ -507,7 +507,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 21035 + Line number: 21098
    • @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20744 + Line number: 20783
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20829 + Line number: 20868
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20857 + Line number: 20896
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20887 + Line number: 20926
    • @@ -737,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20905 + Line number: 20944
    • @@ -783,7 +783,53 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20921 + Line number: 20962 +
    • + + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    + + +
    +

    More about this issue

    +
    + + +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 15] + + rules[0] + + resources + +
      • + +
    • + Line number: 20984
    @@ -820,7 +866,59 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 47] + [DocId: 48] + + spec + + template + + spec + + initContainers[secret-init] + + imagePullPolicy + +
    • + +
  • + Line number: 22030 +
    • + + +
    + +

    Impact

    +

    The container may run with outdated or unauthorized image

    + +

    Remediation

    +

    Set `imagePullPolicy` attribute to `Always`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container could be running with outdated image

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-42 +
      • + +
    • Introduced through: + [DocId: 49] spec @@ -835,7 +933,7 @@

      Container could be running with outdated image

    • - Line number: 22215 + Line number: 22323
    @@ -872,7 +970,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 43] + [DocId: 45] input @@ -893,7 +991,7 @@

    Container has no CPU limit

  • - Line number: 21512 + Line number: 21591
    • @@ -930,7 +1028,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 46] input @@ -951,7 +1049,7 @@

    Container has no CPU limit

  • - Line number: 21763 + Line number: 21842
    • @@ -988,7 +1086,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 46] input @@ -1009,7 +1107,7 @@

    Container has no CPU limit

  • - Line number: 21729 + Line number: 21808
    • @@ -1046,7 +1144,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 45] + [DocId: 47] input @@ -1067,7 +1165,7 @@

    Container has no CPU limit

  • - Line number: 21823 + Line number: 21902
    • @@ -1104,7 +1202,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 46] + [DocId: 48] input @@ -1125,7 +1223,7 @@

    Container has no CPU limit

  • - Line number: 21922 + Line number: 22001
    • @@ -1162,7 +1260,65 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 48] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + cpu + +
    • + +
  • + Line number: 22025 +
    • + + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 49] input @@ -1183,7 +1339,7 @@

      Container has no CPU limit

    • - Line number: 22215 + Line number: 22323
    @@ -1220,7 +1376,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 49] input @@ -1241,7 +1397,7 @@

    Container has no CPU limit

  • - Line number: 21979 + Line number: 22082
    • @@ -1278,7 +1434,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 48] + [DocId: 50] input @@ -1299,7 +1455,7 @@

    Container has no CPU limit

  • - Line number: 22300 + Line number: 22408
    • @@ -1336,7 +1492,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 49] + [DocId: 51] input @@ -1357,7 +1513,7 @@

    Container has no CPU limit

  • - Line number: 22646 + Line number: 22759
    • @@ -1394,7 +1550,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 44] + [DocId: 46] spec @@ -1409,7 +1565,7 @@

    Container is running with multiple open ports

  • - Line number: 21743 + Line number: 21822
    • @@ -1446,7 +1602,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 43] + [DocId: 45] spec @@ -1461,7 +1617,7 @@

    Container is running without liveness probe

  • - Line number: 21512 + Line number: 21591
    • @@ -1498,7 +1654,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 44] + [DocId: 46] spec @@ -1513,7 +1669,7 @@

    Container is running without liveness probe

  • - Line number: 21729 + Line number: 21808
    • @@ -1550,7 +1706,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 46] + [DocId: 48] spec @@ -1565,7 +1721,7 @@

    Container is running without liveness probe

  • - Line number: 21922 + Line number: 22001
    • @@ -1602,7 +1758,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 43] + [DocId: 45] input @@ -1623,7 +1779,7 @@

    Container is running without memory limit

  • - Line number: 21512 + Line number: 21591
    • @@ -1660,7 +1816,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 46] input @@ -1681,7 +1837,7 @@

    Container is running without memory limit

  • - Line number: 21729 + Line number: 21808
    • @@ -1718,7 +1874,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 46] input @@ -1739,7 +1895,7 @@

    Container is running without memory limit

  • - Line number: 21763 + Line number: 21842
    • @@ -1776,7 +1932,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 45] + [DocId: 47] input @@ -1797,7 +1953,7 @@

    Container is running without memory limit

  • - Line number: 21823 + Line number: 21902
    • @@ -1834,7 +1990,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 46] + [DocId: 48] input @@ -1855,7 +2011,7 @@

    Container is running without memory limit

  • - Line number: 21922 + Line number: 22001
    • @@ -1892,7 +2048,65 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 48] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + memory + +
    • + +
  • + Line number: 22025 +
    • + + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 49] input @@ -1913,7 +2127,7 @@

      Container is running without memory limit

    • - Line number: 22215 + Line number: 22323
    @@ -1950,7 +2164,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 49] input @@ -1971,7 +2185,7 @@

    Container is running without memory limit

  • - Line number: 21979 + Line number: 22082
    • @@ -2008,7 +2222,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 48] + [DocId: 50] input @@ -2029,7 +2243,7 @@

    Container is running without memory limit

  • - Line number: 22300 + Line number: 22408
    • @@ -2066,7 +2280,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 49] + [DocId: 51] input @@ -2087,7 +2301,7 @@

    Container is running without memory limit

  • - Line number: 22646 + Line number: 22759
    • @@ -2124,7 +2338,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 43] + [DocId: 45] input @@ -2143,7 +2357,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21653 + Line number: 21732
    • @@ -2180,7 +2394,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 46] input @@ -2199,7 +2413,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21771 + Line number: 21850
    • @@ -2236,7 +2450,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 46] input @@ -2255,7 +2469,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21746 + Line number: 21825
    • @@ -2292,7 +2506,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 45] + [DocId: 47] input @@ -2311,7 +2525,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21856 + Line number: 21935
    • @@ -2348,7 +2562,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 46] + [DocId: 48] input @@ -2367,7 +2581,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21932 + Line number: 22018
    • @@ -2404,7 +2618,63 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 48] + + input + + spec + + template + + spec + + initContainers[secret-init] + + securityContext + + runAsUser + +
    • + +
  • + Line number: 22032 +
    • + + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 49] input @@ -2423,7 +2693,7 @@

      Container's or Pod's UID could clash with hos

    • - Line number: 22222 + Line number: 22330
    @@ -2460,7 +2730,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 49] input @@ -2479,7 +2749,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22188 + Line number: 22296
    • @@ -2516,7 +2786,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 48] + [DocId: 50] input @@ -2535,7 +2805,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22556 + Line number: 22669
    • @@ -2572,7 +2842,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 49] + [DocId: 51] input @@ -2591,7 +2861,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22836 + Line number: 22960
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index e0c6ffd9641d4..54c52fab97d7f 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:19:50 am (UTC+00:00)

    +

    May 26th 2024, 12:18:02 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    38 total issues
    +
    43 total issues

    @@ -737,7 +737,53 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 254 + Line number: 256 +
    • + + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + + +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 12] + + rules[0] + + resources + +
      • + +
    • + Line number: 278
    @@ -774,7 +820,59 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 38] + [DocId: 39] + + spec + + template + + spec + + initContainers[secret-init] + + imagePullPolicy + +
    • + +
  • + Line number: 1112 +
    • + + +
    + +

    Impact

    +

    The container may run with outdated or unauthorized image

    + +

    Remediation

    +

    Set `imagePullPolicy` attribute to `Always`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container could be running with outdated image

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-42 +
      • + +
    • Introduced through: + [DocId: 40] spec @@ -789,7 +887,7 @@

      Container could be running with outdated image

    • - Line number: 1336 + Line number: 1405
    @@ -826,7 +924,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 34] + [DocId: 36] input @@ -847,7 +945,7 @@

    Container has no CPU limit

  • - Line number: 633 + Line number: 673
    • @@ -884,7 +982,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -905,7 +1003,7 @@

    Container has no CPU limit

  • - Line number: 884 + Line number: 924
    • @@ -942,7 +1040,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -963,7 +1061,7 @@

    Container has no CPU limit

  • - Line number: 850 + Line number: 890
    • @@ -1000,7 +1098,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 38] input @@ -1021,7 +1119,7 @@

    Container has no CPU limit

  • - Line number: 944 + Line number: 984
    • @@ -1058,7 +1156,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 39] input @@ -1079,7 +1177,7 @@

    Container has no CPU limit

  • - Line number: 1043 + Line number: 1083
    • @@ -1116,7 +1214,65 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + cpu + +
    • + +
  • + Line number: 1107 +
    • + + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 40] input @@ -1137,7 +1293,7 @@

      Container has no CPU limit

    • - Line number: 1336 + Line number: 1405
    @@ -1174,7 +1330,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 40] input @@ -1195,7 +1351,7 @@

    Container has no CPU limit

  • - Line number: 1100 + Line number: 1164
    • @@ -1232,7 +1388,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 41] input @@ -1253,7 +1409,7 @@

    Container has no CPU limit

  • - Line number: 1421 + Line number: 1490
    • @@ -1290,7 +1446,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 42] input @@ -1311,7 +1467,7 @@

    Container has no CPU limit

  • - Line number: 1767 + Line number: 1841
    • @@ -1348,7 +1504,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 35] + [DocId: 37] spec @@ -1363,7 +1519,7 @@

    Container is running with multiple open ports

  • - Line number: 864 + Line number: 904
    • @@ -1400,7 +1556,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 34] + [DocId: 36] spec @@ -1415,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 633 + Line number: 673
    • @@ -1452,7 +1608,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 35] + [DocId: 37] spec @@ -1467,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 850 + Line number: 890
    • @@ -1504,7 +1660,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 37] + [DocId: 39] spec @@ -1519,7 +1675,7 @@

    Container is running without liveness probe

  • - Line number: 1043 + Line number: 1083
    • @@ -1556,7 +1712,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 34] + [DocId: 36] input @@ -1577,7 +1733,7 @@

    Container is running without memory limit

  • - Line number: 633 + Line number: 673
    • @@ -1614,7 +1770,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -1635,7 +1791,7 @@

    Container is running without memory limit

  • - Line number: 850 + Line number: 890
    • @@ -1672,7 +1828,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -1693,7 +1849,7 @@

    Container is running without memory limit

  • - Line number: 884 + Line number: 924
    • @@ -1730,7 +1886,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 38] input @@ -1751,7 +1907,7 @@

    Container is running without memory limit

  • - Line number: 944 + Line number: 984
    • @@ -1788,7 +1944,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 39] input @@ -1809,7 +1965,7 @@

    Container is running without memory limit

  • - Line number: 1043 + Line number: 1083
    • @@ -1846,7 +2002,65 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + memory + +
    • + +
  • + Line number: 1107 +
    • + + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 40] input @@ -1867,7 +2081,7 @@

      Container is running without memory limit

    • - Line number: 1336 + Line number: 1405
    @@ -1904,7 +2118,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 40] input @@ -1925,7 +2139,7 @@

    Container is running without memory limit

  • - Line number: 1100 + Line number: 1164
    • @@ -1962,7 +2176,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 41] input @@ -1983,7 +2197,7 @@

    Container is running without memory limit

  • - Line number: 1421 + Line number: 1490
    • @@ -2020,7 +2234,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 42] input @@ -2041,7 +2255,7 @@

    Container is running without memory limit

  • - Line number: 1767 + Line number: 1841
    • @@ -2078,7 +2292,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 34] + [DocId: 36] input @@ -2097,7 +2311,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 774 + Line number: 814
    • @@ -2134,7 +2348,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -2153,7 +2367,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 892 + Line number: 932
    • @@ -2190,7 +2404,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -2209,7 +2423,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 867 + Line number: 907
    • @@ -2246,7 +2460,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 36] + [DocId: 38] input @@ -2265,7 +2479,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 977 + Line number: 1017
    • @@ -2302,7 +2516,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 39] input @@ -2321,7 +2535,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1053 + Line number: 1100
    • @@ -2358,7 +2572,63 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + securityContext + + runAsUser + +
    • + +
  • + Line number: 1114 +
    • + + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 40] input @@ -2377,7 +2647,7 @@

      Container's or Pod's UID could clash with hos

    • - Line number: 1343 + Line number: 1412
    @@ -2414,7 +2684,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 40] input @@ -2433,7 +2703,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1309 + Line number: 1378
    • @@ -2470,7 +2740,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 39] + [DocId: 41] input @@ -2489,7 +2759,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1677 + Line number: 1751
    • @@ -2526,7 +2796,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 42] input @@ -2545,7 +2815,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1957 + Line number: 2042
    • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 679420771bb59..e01fc71d84551 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:17:45 am (UTC+00:00)

    +

    May 26th 2024, 12:15:49 am (UTC+00:00)

    Scanned the following paths: @@ -467,9 +467,9 @@

    Snyk test report

    -
    9 known vulnerabilities
    -
    170 vulnerable dependency paths
    -
    2039 dependencies
    +
    7 known vulnerabilities
    +
    25 vulnerable dependency paths
    +
    2057 dependencies

    @@ -477,2668 +477,6 @@

    Snyk test report

    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.26.11 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#5fd9f449e757 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/tools/reference@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#5fd9f449e757 - - k8s.io/kubectl/pkg/cmd/util@0.26.11 - - k8s.io/kubectl/pkg/validation@0.26.11 - - k8s.io/cli-runtime/pkg/resource@0.26.11 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#5fd9f449e757 - - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - - k8s.io/api/storage/v1alpha1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    LGPL-3.0 license

    @@ -3200,221 +538,6 @@

    Detailed paths

    More about this vulnerability

    -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/whilp/git-urls -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/whilp/git-urls is a Git URLs parser

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    -

    Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    -

    PoC

    - 
    
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for github.com/whilp/git-urls.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    MPL-2.0 license

    @@ -3502,7 +625,7 @@

    MPL-2.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.18.0 and others
    • @@ -3516,9 +639,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - code.gitea.io/sdk/gitea@0.15.1 + code.gitea.io/sdk/gitea@0.18.0 - github.com/hashicorp/go-version@1.2.1 + github.com/hashicorp/go-version@1.6.0 @@ -3587,7 +710,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -3609,9 +732,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -3622,9 +745,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -3635,7 +758,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -3648,11 +771,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -3663,11 +786,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -3678,9 +801,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -3693,9 +816,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -3708,11 +831,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -3725,11 +848,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -3828,7 +951,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -3843,9 +966,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -3860,9 +983,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -3877,11 +1000,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -3896,11 +1019,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html index db92e304fbac9..4f9e44f66e9bd 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:17:54 am (UTC+00:00)

    +

    May 26th 2024, 12:15:58 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    29 known vulnerabilities
    -
    71 vulnerable dependency paths
    +
    34 known vulnerabilities
    +
    98 vulnerable dependency paths
    829 dependencies
    @@ -546,6 +546,7 @@

    Remediation

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    References

    @@ -865,6 +870,7 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
  • https://www.openssl.org/news/secadv/20240125.txt
  • https://security.netapp.com/advisory/ntap-20240208-0006/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • @@ -2505,6 +2511,438 @@

    References

    More about this vulnerability

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.19 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    +

    Remediation

    +

    Upgrade Alpine:3.19 busybox to version 1.36.1-r16 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Use After Free

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.19 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

    +

    Remediation

    +

    Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Use After Free

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.19 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    +

    Remediation

    +

    Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Use After Free

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.19 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

    +

    Remediation

    +

    Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-6237

    @@ -2621,9 +3059,38 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    @@ -2773,6 +3240,8 @@

    References

  • https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
  • https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
  • https://www.openssl.org/news/secadv/20240408.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/04/08/5
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0013/
    • @@ -2782,6 +3251,164 @@

    References

    +
    +

    CVE-2024-4603

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.19 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + openssl/libcrypto3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + openssl/libssl3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DSA keys or parameters may be very + slow.

    +

    Impact summary: Applications that use the functions EVP_PKEY_param_check() + or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may + experience long delays. Where the key or parameters that are being checked + have been obtained from an untrusted source this may lead to a Denial of + Service.

    +

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform + various checks on DSA parameters. Some of those computations take a long time + if the modulus (p parameter) is too large.

    +

    Trying to use a very large modulus is slow and OpenSSL will not allow using + public keys with a modulus which is over 10,000 bits in length for signature + verification. However the key and parameter check functions do not limit + the modulus size when performing the checks.

    +

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() + and supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

    +

    These functions are not called by OpenSSL itself on untrusted DSA keys so + only applications that directly call these functions may be vulnerable.

    +

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications + when using the -check option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.8.15/haproxy_2.6.14-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.14-alpine.html similarity index 72% rename from docs/snyk/v2.8.15/haproxy_2.6.14-alpine.html rename to docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.14-alpine.html index b2d6e8af0a8eb..7ada82538ba93 100644 --- a/docs/snyk/v2.8.15/haproxy_2.6.14-alpine.html +++ b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

    Snyk test report

    -

    April 14th 2024, 12:26:48 am (UTC+00:00)

    +

    May 26th 2024, 12:16:05 am (UTC+00:00)

    Scanned the following path:
      -
    • haproxy:2.6.14-alpine (apk)
      • +
    • public.ecr.aws/docker/library/haproxy:2.6.14-alpine/docker/library/haproxy (apk)
    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    8 known vulnerabilities
    +
    68 vulnerable dependency paths
    18 dependencies
    @@ -476,8 +476,8 @@

    Snyk test report

    - - + + @@ -507,7 +507,7 @@

    CVE-2023-5363

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
    • @@ -520,7 +520,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libcrypto3@3.1.2-r0 @@ -529,7 +529,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -540,7 +540,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -551,7 +551,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -562,7 +562,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -575,7 +575,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libssl3@3.1.2-r0 @@ -584,7 +584,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -595,7 +595,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -606,7 +606,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -699,7 +699,7 @@

      Improper Check for Unusual or Exceptional Conditions

      Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
    @@ -712,7 +712,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libcrypto3@3.1.2-r0 @@ -721,7 +721,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -732,7 +732,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -743,7 +743,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -754,7 +754,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -767,7 +767,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libssl3@3.1.2-r0 @@ -776,7 +776,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -787,7 +787,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -798,7 +798,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -851,6 +851,7 @@

      References

    • https://www.openssl.org/news/secadv/20231106.txt
    • http://www.openwall.com/lists/oss-security/2023/11/06/2
    • https://security.netapp.com/advisory/ntap-20231130-0010/
      • +
    • http://www.openwall.com/lists/oss-security/2024/03/11/1
    @@ -882,7 +883,7 @@

    Out-of-bounds Write

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
    • @@ -895,7 +896,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libcrypto3@3.1.2-r0 @@ -904,7 +905,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -915,7 +916,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -926,7 +927,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -937,7 +938,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -950,7 +951,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libssl3@3.1.2-r0 @@ -959,7 +960,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -970,7 +971,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -981,7 +982,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -1036,6 +1037,10 @@

      References

    • https://www.openssl.org/news/secadv/20240109.txt
    • http://www.openwall.com/lists/oss-security/2024/01/09/1
    • https://security.netapp.com/advisory/ntap-20240216-0009/
      • +
    • https://security.netapp.com/advisory/ntap-20240426-0008/
      • +
    • https://security.netapp.com/advisory/ntap-20240426-0013/
      • +
    • http://www.openwall.com/lists/oss-security/2024/03/11/1
      • +
    • https://security.netapp.com/advisory/ntap-20240503-0011/
    @@ -1067,7 +1072,7 @@

    CVE-2024-0727

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
    • @@ -1080,7 +1085,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libcrypto3@3.1.2-r0 @@ -1089,7 +1094,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -1100,7 +1105,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -1111,7 +1116,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -1122,7 +1127,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -1135,7 +1140,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libssl3@3.1.2-r0 @@ -1144,7 +1149,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -1155,7 +1160,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -1166,7 +1171,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -1211,6 +1216,7 @@

      References

    • https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
    • https://www.openssl.org/news/secadv/20240125.txt
    • https://security.netapp.com/advisory/ntap-20240208-0006/
      • +
    • http://www.openwall.com/lists/oss-security/2024/03/11/1
    @@ -1219,6 +1225,114 @@

    References

    More about this vulnerability

    + +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + busybox/busybox@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r2 + + busybox/busybox@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + busybox/busybox-binsh@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    +

    Remediation

    +

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-6237

    @@ -1242,7 +1356,7 @@

    CVE-2023-6237

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
    • @@ -1255,7 +1369,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libcrypto3@3.1.2-r0 @@ -1264,7 +1378,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -1275,7 +1389,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -1286,7 +1400,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -1297,7 +1411,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -1310,7 +1424,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libssl3@3.1.2-r0 @@ -1319,7 +1433,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -1330,7 +1444,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -1341,7 +1455,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -1357,9 +1471,38 @@

      Detailed paths

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

      +

      Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

      +

      When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

      +

      An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

      +

      The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

      Remediation

      Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

      +

      References

      +
      @@ -1390,7 +1533,7 @@

      CVE-2024-2511

    • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
    @@ -1403,7 +1546,7 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libcrypto3@3.1.2-r0 @@ -1412,7 +1555,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -1423,7 +1566,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -1434,7 +1577,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -1445,7 +1588,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -1458,7 +1601,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine openssl/libssl3@3.1.2-r0 @@ -1467,7 +1610,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine .haproxy-rundeps@20230809.001942 @@ -1478,7 +1621,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine apk-tools/apk-tools@2.14.0-r2 @@ -1489,7 +1632,7 @@

      Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine busybox/ssl_client@1.36.1-r2 @@ -1531,6 +1674,8 @@

      References

    • https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
    • https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
    • https://www.openssl.org/news/secadv/20240408.txt
      • +
    • http://www.openwall.com/lists/oss-security/2024/04/08/5
      • +
    • https://security.netapp.com/advisory/ntap-20240503-0013/
    @@ -1540,6 +1685,186 @@

    References

    +
    +

    CVE-2024-4603

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|public.ecr.aws/docker/library/haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DSA keys or parameters may be very + slow.

    +

    Impact summary: Applications that use the functions EVP_PKEY_param_check() + or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may + experience long delays. Where the key or parameters that are being checked + have been obtained from an untrusted source this may lead to a Denial of + Service.

    +

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform + various checks on DSA parameters. Some of those computations take a long time + if the modulus (p parameter) is too large.

    +

    Trying to use a very large modulus is slow and OpenSSL will not allow using + public keys with a modulus which is over 10,000 bits in length for signature + verification. However the key and parameter check functions do not limit + the modulus size when performing the checks.

    +

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() + and supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

    +

    These functions are not called by OpenSSL itself on untrusted DSA keys so + only applications that directly call these functions may be vulnerable.

    +

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications + when using the -check option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html new file mode 100644 index 0000000000000..43905d3a524dd --- /dev/null +++ b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html @@ -0,0 +1,484 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    May 26th 2024, 12:16:11 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • public.ecr.aws/docker/library/redis:7.0.15-alpine/docker/library/redis (apk)
      • +
    • public.ecr.aws/docker/library/redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • +
    +
    + +
    +
    0 known vulnerabilities
    +
    0 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    + +
    + No known vulnerabilities detected. +
    +
    + + + diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 671187c9b997a..836b9fc9fd08e 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:18:17 am (UTC+00:00)

    +

    May 26th 2024, 12:16:30 am (UTC+00:00)

    Scanned the following paths: @@ -470,9 +470,9 @@

    Snyk test report

    -
    30 known vulnerabilities
    -
    174 vulnerable dependency paths
    -
    2277 dependencies
    +
    20 known vulnerabilities
    +
    79 vulnerable dependency paths
    +
    2287 dependencies
    @@ -492,7 +492,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:latest/helm/v3 /usr/local/bin/helm
  • Package Manager: golang @@ -505,7 +505,7 @@

    Allocation of Resources Without Limits or Throttling

    Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.17.0
    • @@ -516,15 +516,6 @@

    Allocation of Resources Without Limits or Throttling

    Detailed paths
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - golang.org/x/net/http2@v0.19.0 - - - -
    • Introduced through: helm.sh/helm/v3@* @@ -547,6 +538,7 @@

      Remediation

      Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

      References

        +
      • Github Commit
      • GitHub Commit
      • GitHub Issue
      • Go Advisory
        • @@ -574,7 +566,7 @@

        CVE-2020-22916

        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
      • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
      • Vulnerable module: @@ -584,7 +576,7 @@

        CVE-2020-22916

      • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@latest and xz-utils/liblzma5@5.6.1+really5.4.5-1
      @@ -599,83 +591,52 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - xz-utils/liblzma5@5.2.5-2ubuntu1 + xz-utils/liblzma5@5.6.1+really5.4.5-1
      • -
    - - - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 xz-utils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - - -
    -

    CVE-2023-51767

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.6 - -
      • -
    - -
    - +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.7.14build2 + + apt/libapt-pkg6.0t64@2.7.14build2 + + xz-utils/liblzma5@5.6.1+really5.4.5-1 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + dash@0.5.12-6ubuntu5 + + dpkg@1.22.6ubuntu6 + + xz-utils/liblzma5@5.6.1+really5.4.5-1 + + -
    • @@ -726,7 +687,7 @@

    Information Exposure

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
  • Vulnerable module: @@ -736,7 +697,7 @@

    Information Exposure

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@latest and libgcrypt20@1.10.3-2build1
    • @@ -751,42 +712,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - libgcrypt20@1.9.4-3ubuntu3 - - - - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - libgcrypt20@1.9.4-3ubuntu3 + libgcrypt20@1.10.3-2build1 @@ -795,11 +721,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.4.12 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 + gnupg2/dirmngr@2.4.4-2ubuntu17 - libgcrypt20@1.9.4-3ubuntu3 + libgcrypt20@1.10.3-2build1 @@ -808,11 +732,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg@2.2.27-3ubuntu2.1 + gnupg2/gpg@2.4.4-2ubuntu17 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 + libgcrypt20@1.10.3-2build1 @@ -821,11 +743,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 + gnupg2/gpg-agent@2.4.4-2ubuntu17 - libgcrypt20@1.9.4-3ubuntu3 + libgcrypt20@1.10.3-2build1 @@ -834,11 +754,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + apt@2.7.14build2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + apt/libapt-pkg6.0t64@2.7.14build2 - libgcrypt20@1.9.4-3ubuntu3 + libgcrypt20@1.10.3-2build1 @@ -847,11 +767,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + apt@2.7.14build2 - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + gnupg2/gpgv@2.4.4-2ubuntu17 - libgcrypt20@1.9.4-3ubuntu3 + libgcrypt20@1.10.3-2build1 @@ -860,11 +780,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + gnupg2/gpg@2.4.4-2ubuntu17 - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + gnupg2/gpgconf@2.4.4-2ubuntu17 - libgcrypt20@1.9.4-3ubuntu3 + libgcrypt20@1.10.3-2build1 @@ -873,26 +793,17 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + apt@2.7.14build2 - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + adduser@3.137ubuntu1 - apt@2.4.12 + shadow/passwd@1:4.13+dfsg1-4ubuntu3 - apt/libapt-pkg6.0@2.4.12 + pam/libpam-modules@1.5.3-5ubuntu5 - systemd/libsystemd0@249.11-0ubuntu3.12 + systemd/libsystemd0@255.4-1ubuntu8 - libgcrypt20@1.9.4-3ubuntu3 + libgcrypt20@1.10.3-2build1 @@ -905,26 +816,27 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libgcrypt20.

    +

    There is no fixed version for Ubuntu:24.04 libgcrypt20.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    CVE-2024-26461

    +

    CVE-2024-26462

    @@ -938,7 +850,7 @@

    CVE-2024-26461

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
  • Vulnerable module: @@ -948,8 +860,8 @@

    CVE-2024-26461

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7 and others
    • @@ -963,7 +875,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + git@1:2.43.0-1ubuntu7 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + + krb5/libk5crypto3@1.20.1-6ubuntu2 @@ -972,19 +890,15 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + git@1:2.43.0-1ubuntu7 - pam/libpam-modules@1.4.0-11ubuntu2.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - libnsl/libnsl2@1.3.0-2build2 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + krb5/libkrb5-3@1.20.1-6ubuntu2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + krb5/libk5crypto3@1.20.1-6ubuntu2 @@ -993,21 +907,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + git@1:2.43.0-1ubuntu7 - pam/libpam-modules@1.4.0-11ubuntu2.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - libnsl/libnsl2@1.3.0-2build2 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + krb5/libkrb5support0@1.20.1-6ubuntu2 @@ -1016,7 +922,15 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + git@1:2.43.0-1ubuntu7 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + + krb5/libkrb5-3@1.20.1-6ubuntu2 + + krb5/libkrb5support0@1.20.1-6ubuntu2 @@ -1025,19 +939,17 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + git@1:2.43.0-1ubuntu7 - pam/libpam-modules@1.4.0-11ubuntu2.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - libnsl/libnsl2@1.3.0-2build2 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + krb5/libkrb5-3@1.20.1-6ubuntu2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + krb5/libk5crypto3@1.20.1-6ubuntu2 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + krb5/libkrb5support0@1.20.1-6ubuntu2 @@ -1046,18 +958,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + git@1:2.43.0-1ubuntu7 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + krb5/libkrb5-3@1.20.1-6ubuntu2 @@ -1066,11 +973,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.10 + openssh/openssh-client@1:9.6p1-3ubuntu13 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 @@ -1079,13 +984,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + git@1:2.43.0-1ubuntu7 - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 @@ -1094,17 +997,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 + git@1:2.43.0-1ubuntu7 - libnsl/libnsl2@1.3.0-2build2 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + libssh/libssh-4@0.10.6-2build2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 @@ -1113,7 +1012,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5support0@1.19.2-2ubuntu0.3 + krb5/krb5-locales@1.20.1-6ubuntu2 @@ -1126,25 +1025,26 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

    + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    There is no fixed version for Ubuntu:24.04 krb5.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    CVE-2024-26462

    +

    LGPL-3.0 license

    @@ -1155,20 +1055,20 @@

    CVE-2024-26462

    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - krb5/libk5crypto3 + gopkg.in/retry.v1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
    @@ -1181,1025 +1081,69 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@latest + github.com/argoproj/argo-cd/v2@* - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + gopkg.in/retry.v1@v1.0.3
      • +
    + +
    + +
    + +

    LGPL-3.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + github.com/argoproj/argo-cd/v2@* - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26458

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/retry.v1@v1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnutls28/libgnutls30 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gnutls28.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncaught Exception

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnutls28/libgnutls30 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gnutls28.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/r3labs/diff@v1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-version@v1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-retryablehttp@v0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/helm/v3 /usr/local/bin/helm -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-multierror -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - github.com/hashicorp/go-multierror@v1.1.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    @@ -2239,72 +1183,12 @@

    MPL-2.0 license

  • Module: - github.com/gosimple/slug -
    • - -
  • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 - -
    • - - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/gosimple/slug@v1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-7008

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - systemd/libsystemd0 + github.com/hashicorp/go-version
    • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@249.11-0ubuntu3.12 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0
    @@ -2317,110 +1201,9 @@

    Detailed paths

    -
    -

    Arbitrary Code Injection

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - shadow/passwd + github.com/hashicorp/go-retryablehttp
    • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and shadow/passwd@1:4.8.1-2ubuntu2.2 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4
    @@ -2493,40 +1261,9 @@

    Detailed paths

    -
    -

    Uncontrolled Recursion

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:latest/helm/v3 /usr/local/bin/helm
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - pcre3/libpcre3 + github.com/hashicorp/go-multierror
    • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
    @@ -2597,20 +1321,9 @@

    Detailed paths

    -
    -

    Release of Invalid Pointer or Reference

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - patch + github.com/hashicorp/go-cleanhttp
    • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build2 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
    @@ -2685,9 +1381,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@latest + github.com/argoproj/argo-cd/v2@* - patch@2.7.6-7build2 + github.com/hashicorp/go-cleanhttp@v0.5.2 @@ -2698,51 +1394,41 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 patch.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Double Free

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - patch + github.com/gosimple/slug
    • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build2 + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1
    @@ -2755,45 +1441,30 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@latest + github.com/argoproj/argo-cd/v2@* - patch@2.7.6-7build2 + github.com/gosimple/slug@v1.13.1 -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 patch.

    -

    References

    - + + + +
    + +
    + +

    MPL-2.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    CVE-2023-50495

    +

    CVE-2023-7008

    @@ -2807,17 +1478,17 @@

    CVE-2023-50495

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
  • Vulnerable module: - ncurses/libtinfo6 + systemd/libsystemd0
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@255.4-1ubuntu8
    • @@ -2832,7 +1503,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@255.4-1ubuntu8 @@ -2841,9 +1512,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - bash@5.1-6ubuntu1.1 + apt@2.7.14build2 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@255.4-1ubuntu8 @@ -2852,9 +1523,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/libncursesw6@6.3-2ubuntu0.1 + procps/libproc2-0@2:4.0.4-4ubuntu3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@255.4-1ubuntu8 @@ -2863,9 +1534,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - less@590-1ubuntu0.22.04.2 + procps@2:4.0.4-4ubuntu3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@255.4-1ubuntu8 @@ -2874,9 +1545,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - libedit/libedit2@3.1-20210910-1build1 + util-linux@2.39.3-9ubuntu6 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@255.4-1ubuntu8 @@ -2885,9 +1556,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/libncurses6@6.3-2ubuntu0.1 + util-linux/bsdutils@1:2.39.3-9ubuntu6 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@255.4-1ubuntu8 @@ -2896,20 +1567,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + apt@2.7.14build2 - procps@2:3.3.17-6ubuntu2.1 + apt/libapt-pkg6.0t64@2.7.14build2 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@255.4-1ubuntu8 @@ -2918,24 +1580,15 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - util-linux@2.37.2-4ubuntu3.4 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + apt@2.7.14build2 - gnupg2/gpg@2.2.27-3ubuntu2.1 + adduser@3.137ubuntu1 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + shadow/passwd@1:4.13+dfsg1-4ubuntu3 - readline/libreadline8@8.1.2-1 + pam/libpam-modules@1.5.3-5ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@255.4-1ubuntu8 @@ -2944,33 +1597,17 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + apt@2.7.14build2 - pinentry/pinentry-curses@1.1.1-1build2 + adduser@3.137ubuntu1 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + shadow/passwd@1:4.13+dfsg1-4ubuntu3 - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + pam/libpam-modules@1.5.3-5ubuntu5 - procps@2:3.3.17-6ubuntu2.1 + pam/libpam-modules-bin@1.5.3-5ubuntu5 - ncurses/libncursesw6@6.3-2ubuntu0.1 + systemd/libsystemd0@255.4-1ubuntu8 @@ -2979,13 +1616,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 + systemd/libudev1@255.4-1ubuntu8 @@ -2994,7 +1625,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/libncurses6@6.3-2ubuntu0.1 + libfido2/libfido2-1@1.14.0-1build3 + + systemd/libudev1@255.4-1ubuntu8 @@ -3003,9 +1636,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - procps@2:3.3.17-6ubuntu2.1 + util-linux@2.39.3-9ubuntu6 - ncurses/libncurses6@6.3-2ubuntu0.1 + systemd/libudev1@255.4-1ubuntu8 @@ -3014,16 +1647,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + apt@2.7.14build2 + + apt/libapt-pkg6.0t64@2.7.14build2 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + systemd/libudev1@255.4-1ubuntu8 @@ -3035,29 +1663,33 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

    +

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    +

    There is no fixed version for Ubuntu:24.04 systemd.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    CVE-2023-45918

    +

    Release of Invalid Pointer or Reference

    @@ -3071,17 +1703,17 @@

    CVE-2023-45918

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
  • Vulnerable module: - ncurses/libtinfo6 + patch
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build3
    • @@ -3096,198 +1728,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - less@590-1ubuntu0.22.04.2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - util-linux@2.37.2-4ubuntu3.4 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ncurses/ncurses-bin@6.3-2ubuntu0.1 + patch@2.7.6-7build3 @@ -3299,27 +1740,26 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

    +

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    +

    There is no fixed version for Ubuntu:24.04 patch.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    Resource Exhaustion

    +

    Double Free

    @@ -3333,17 +1773,17 @@

    Resource Exhaustion

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
  • Vulnerable module: - libzstd/libzstd1 + patch
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build3
    • @@ -3358,7 +1798,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - libzstd/libzstd1@1.4.8+dfsg-3build1 + patch@2.7.6-7build3 @@ -3370,33 +1810,31 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

    +

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 libzstd.

    +

    There is no fixed version for Ubuntu:24.04 patch.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Integer Overflow or Wraparound

    +

    CVE-2024-26458

    @@ -3410,7 +1848,7 @@

    Integer Overflow or Wraparound

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
  • Vulnerable module: @@ -3420,8 +1858,8 @@

    Integer Overflow or Wraparound

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7 and others
    • @@ -3435,28 +1873,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 + git@1:2.43.0-1ubuntu7 - shadow/passwd@1:4.8.1-2ubuntu2.2 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + krb5/libk5crypto3@1.20.1-6ubuntu2 @@ -3465,21 +1888,15 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + git@1:2.43.0-1ubuntu7 - pam/libpam-modules@1.4.0-11ubuntu2.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - libnsl/libnsl2@1.3.0-2build2 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + krb5/libkrb5-3@1.20.1-6ubuntu2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + krb5/libk5crypto3@1.20.1-6ubuntu2 @@ -3488,7 +1905,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + git@1:2.43.0-1ubuntu7 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + + krb5/libkrb5support0@1.20.1-6ubuntu2 @@ -3497,19 +1920,15 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + git@1:2.43.0-1ubuntu7 - pam/libpam-modules@1.4.0-11ubuntu2.4 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - libnsl/libnsl2@1.3.0-2build2 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + krb5/libkrb5-3@1.20.1-6ubuntu2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + krb5/libkrb5support0@1.20.1-6ubuntu2 @@ -3518,7 +1937,17 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + git@1:2.43.0-1ubuntu7 + + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + + krb5/libkrb5-3@1.20.1-6ubuntu2 + + krb5/libk5crypto3@1.20.1-6ubuntu2 + + krb5/libkrb5support0@1.20.1-6ubuntu2 @@ -3527,9 +1956,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + git@1:2.43.0-1ubuntu7 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + + krb5/libkrb5-3@1.20.1-6ubuntu2 @@ -3538,11 +1971,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.10 + openssh/openssh-client@1:9.6p1-3ubuntu13 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 @@ -3551,13 +1982,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + git@1:2.43.0-1ubuntu7 - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 @@ -3566,17 +1995,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - adduser@3.118ubuntu5 + git@1:2.43.0-1ubuntu7 - shadow/passwd@1:4.8.1-2ubuntu2.2 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + libssh/libssh-4@0.10.6-2build2 - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 @@ -3585,7 +2010,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5support0@1.19.2-2ubuntu0.3 + krb5/krb5-locales@1.20.1-6ubuntu2 @@ -3598,29 +2023,26 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

    + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    There is no fixed version for Ubuntu:24.04 krb5.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    Out-of-bounds Write

    +

    CVE-2024-26461

    @@ -3634,18 +2056,18 @@

    Out-of-bounds Write

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
  • Vulnerable module: - gnupg2/gpgv + krb5/libk5crypto3
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7 and others
    • @@ -3659,29 +2081,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.12 + git@1:2.43.0-1ubuntu7 - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - gnupg2/gpgv@2.2.27-3ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2 @@ -3690,20 +2096,15 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/dirmngr@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - gnupg2/gpg@2.2.27-3ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2 @@ -3712,11 +2113,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + + krb5/libkrb5support0@1.20.1-6ubuntu2 @@ -3725,31 +2128,15 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2 - gnupg2/dirmngr@2.2.27-3ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2 @@ -3758,31 +2145,17 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7 - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + krb5/libkrb5-3@1.20.1-6ubuntu2 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + krb5/libk5crypto3@1.20.1-6ubuntu2 - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 + krb5/libkrb5support0@1.20.1-6ubuntu2 @@ -3791,27 +2164,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + git@1:2.43.0-1ubuntu7 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - gnupg2/gpg@2.2.27-3ubuntu2.1 + krb5/libkrb5-3@1.20.1-6ubuntu2 @@ -3820,9 +2179,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + openssh/openssh-client@1:9.6p1-3ubuntu13 - gnupg2/gpg@2.2.27-3ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 @@ -3831,11 +2190,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7 - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - gnupg2/gpg@2.2.27-3ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 @@ -3844,20 +2203,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + git@1:2.43.0-1ubuntu7 - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest + libssh/libssh-4@0.10.6-2build2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 @@ -3866,35 +2218,78 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + krb5/krb5-locales@1.20.1-6ubuntu2
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - + -
    • +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:24.04 krb5.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Out-of-bounds Write

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:24.04 +
      • +
    • + Vulnerable module: + + gnupg2/gpgv +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and gnupg2/gpgv@2.4.4-2ubuntu17 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + gnupg2/gpgv@2.4.4-2ubuntu17 @@ -3903,7 +2298,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + apt@2.7.14build2 + + gnupg2/gpgv@2.4.4-2ubuntu17 @@ -3912,9 +2309,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + gnupg2/dirmngr@2.4.4-2ubuntu17 - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 + gnupg2/gpgconf@2.4.4-2ubuntu17 @@ -3923,7 +2320,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + gnupg2/gpg-agent@2.4.4-2ubuntu17 + + gnupg2/gpgconf@2.4.4-2ubuntu17 @@ -3932,9 +2331,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + gnupg2/gpg@2.4.4-2ubuntu17 - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + gnupg2/gpgconf@2.4.4-2ubuntu17 @@ -3943,7 +2342,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpgsm@2.2.27-3ubuntu2.1 + gnupg2/dirmngr@2.4.4-2ubuntu17 @@ -3952,9 +2351,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 + gnupg2/gpg@2.4.4-2ubuntu17 @@ -3963,7 +2360,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gnupg@2.2.27-3ubuntu2.1 + gnupg2/gpg-agent@2.4.4-2ubuntu17 @@ -3976,10 +2373,10 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 gnupg2.

      +

      There is no fixed version for Ubuntu:24.04 gnupg2.

      References

    @@ -4013,7 +2410,7 @@

    Allocation of Resources Without Limits or Throttling

    › Dockerfile
  • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
  • Vulnerable module: @@ -4023,7 +2420,7 @@

    Allocation of Resources Without Limits or Throttling

    Introduced through: - docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.35-0ubuntu3.6 + docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.39-0ubuntu8.1
    • @@ -4038,7 +2435,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - glibc/libc-bin@2.35-0ubuntu3.6 + glibc/libc-bin@2.39-0ubuntu8.1 @@ -4047,7 +2444,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - glibc/libc6@2.35-0ubuntu3.6 + glibc/libc6@2.39-0ubuntu8.1 @@ -4060,10 +2457,10 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 glibc.

    +

    There is no fixed version for Ubuntu:24.04 glibc.

    References

    @@ -4094,7 +2491,7 @@

    Improper Input Validation

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
  • Vulnerable module: @@ -4105,7 +2502,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7 and others
    • @@ -4119,9 +2516,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.10 + git@1:2.43.0-1ubuntu7 - git/git-man@1:2.34.1-1ubuntu1.10 + git/git-man@1:2.43.0-1ubuntu7 @@ -4130,7 +2527,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.34.1-1ubuntu1.10 + git@1:2.43.0-1ubuntu7 @@ -4139,9 +2536,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git-lfs@3.0.2-1ubuntu0.2 + git-lfs@3.4.1-1 - git@1:2.34.1-1ubuntu1.10 + git@1:2.43.0-1ubuntu7 @@ -4154,10 +2551,10 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 git.

    +

    There is no fixed version for Ubuntu:24.04 git.

    References

    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gcc-12/libstdc++6 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.12 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gcc-12.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -4302,7 +2584,7 @@

    Improper Input Validation

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:22.04 + Package Manager: ubuntu:24.04
  • Vulnerable module: @@ -4312,7 +2594,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@latest and coreutils@9.4-3ubuntu6
    • @@ -4327,7 +2609,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - coreutils@8.32-4.1ubuntu1.2 + coreutils@9.4-3ubuntu6 @@ -4340,10 +2622,10 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    + See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 coreutils.

    +

    There is no fixed version for Ubuntu:24.04 coreutils.

    References

    diff --git a/docs/snyk/master/redis_7.0.14-alpine.html b/docs/snyk/master/redis_7.0.14-alpine.html deleted file mode 100644 index d427ce3d4ba69..0000000000000 --- a/docs/snyk/master/redis_7.0.14-alpine.html +++ /dev/null @@ -1,1165 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 14th 2024, 12:18:23 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.14-alpine (apk)
      • -
    • redis:7.0.14-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    4 known vulnerabilities
    -
    36 vulnerable dependency paths
    -
    19 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

    -

    Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

    -

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    -

    The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

    -

    The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-0727

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

    -

    Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

    -

    A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

    -

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

    -

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/master/redis_7.0.15-alpine.html b/docs/snyk/master/redis_7.0.15-alpine.html new file mode 100644 index 0000000000000..45e9a02784a5a --- /dev/null +++ b/docs/snyk/master/redis_7.0.15-alpine.html @@ -0,0 +1,484 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    May 26th 2024, 12:16:35 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • redis:7.0.15-alpine (apk)
      • +
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • +
    +
    + +
    +
    0 known vulnerabilities
    +
    0 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    + +
    + No known vulnerabilities detected. +
    +
    + + + diff --git a/docs/snyk/v2.8.15/argocd-iac-install.html b/docs/snyk/v2.10.11/argocd-iac-install.html similarity index 86% rename from docs/snyk/v2.8.15/argocd-iac-install.html rename to docs/snyk/v2.10.11/argocd-iac-install.html index e3b3964efc5d3..e1e9d11316247 100644 --- a/docs/snyk/v2.8.15/argocd-iac-install.html +++ b/docs/snyk/v2.10.11/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:28:17 am (UTC+00:00)

    +

    May 26th 2024, 12:22:28 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    38 total issues
    +
    44 total issues
    @@ -482,6 +482,52 @@

    Snyk test report

    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Project docker-image|public.ecr.aws/docker/library/haproxy
    Path public.ecr.aws/docker/library/haproxy:2.6.14-alpine/docker/library/haproxy
    Package Manager apk
    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 17] + + rules[5] + + resources + +
      • + +
    • + Line number: 20895 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +

    Role or ClusterRole with dangerous permissions

    @@ -507,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 18460 + Line number: 20580
    • @@ -553,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 18537 + Line number: 20665
    • @@ -599,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 18565 + Line number: 20693
    • @@ -645,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 18595 + Line number: 20723
    • @@ -691,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 18613 + Line number: 20741
    • @@ -737,7 +783,53 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 18629 + Line number: 20759 +
    • + + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 15] + + rules[0] + + resources + +
      • + +
    • + Line number: 20781
    @@ -774,7 +866,59 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 45] + [DocId: 48] + + spec + + template + + spec + + initContainers[secret-init] + + imagePullPolicy + +
    • + +
  • + Line number: 21827 +
    • + + +
    + +

    Impact

    +

    The container may run with outdated or unauthorized image

    + +

    Remediation

    +

    Set `imagePullPolicy` attribute to `Always`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container could be running with outdated image

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-42 +
      • + +
    • Introduced through: + [DocId: 49] spec @@ -789,7 +933,7 @@

      Container could be running with outdated image

    • - Line number: 19755 + Line number: 22108
    @@ -826,7 +970,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 41] + [DocId: 45] input @@ -847,7 +991,7 @@

    Container has no CPU limit

  • - Line number: 19112 + Line number: 21388
    • @@ -884,7 +1028,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -905,7 +1049,7 @@

    Container has no CPU limit

  • - Line number: 19345 + Line number: 21639
    • @@ -942,7 +1086,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -963,7 +1107,7 @@

    Container has no CPU limit

  • - Line number: 19311 + Line number: 21605
    • @@ -1000,7 +1144,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 43] + [DocId: 47] input @@ -1021,7 +1165,7 @@

    Container has no CPU limit

  • - Line number: 19405 + Line number: 21699
    • @@ -1058,7 +1202,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 48] input @@ -1079,7 +1223,7 @@

    Container has no CPU limit

  • - Line number: 19498 + Line number: 21798
    • @@ -1116,7 +1260,65 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 45] + [DocId: 48] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + cpu + +
    • + +
  • + Line number: 21822 +
    • + + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 49] input @@ -1137,7 +1339,7 @@

      Container has no CPU limit

    • - Line number: 19755 + Line number: 22108
    @@ -1174,7 +1376,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 45] + [DocId: 49] input @@ -1195,7 +1397,7 @@

    Container has no CPU limit

  • - Line number: 19555 + Line number: 21879
    • @@ -1232,7 +1434,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 46] + [DocId: 50] input @@ -1253,7 +1455,7 @@

    Container has no CPU limit

  • - Line number: 19840 + Line number: 22193
    • @@ -1290,7 +1492,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 51] input @@ -1311,7 +1513,7 @@

    Container has no CPU limit

  • - Line number: 20162 + Line number: 22544
    • @@ -1348,7 +1550,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 42] + [DocId: 46] spec @@ -1363,7 +1565,7 @@

    Container is running with multiple open ports

  • - Line number: 19325 + Line number: 21619
    • @@ -1400,7 +1602,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 41] + [DocId: 45] spec @@ -1415,7 +1617,7 @@

    Container is running without liveness probe

  • - Line number: 19112 + Line number: 21388
    • @@ -1452,7 +1654,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 42] + [DocId: 46] spec @@ -1467,7 +1669,7 @@

    Container is running without liveness probe

  • - Line number: 19311 + Line number: 21605
    • @@ -1504,7 +1706,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 44] + [DocId: 48] spec @@ -1519,7 +1721,7 @@

    Container is running without liveness probe

  • - Line number: 19498 + Line number: 21798
    • @@ -1556,7 +1758,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 41] + [DocId: 45] input @@ -1577,7 +1779,7 @@

    Container is running without memory limit

  • - Line number: 19112 + Line number: 21388
    • @@ -1614,7 +1816,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -1635,7 +1837,7 @@

    Container is running without memory limit

  • - Line number: 19311 + Line number: 21605
    • @@ -1672,7 +1874,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -1693,7 +1895,7 @@

    Container is running without memory limit

  • - Line number: 19345 + Line number: 21639
    • @@ -1730,7 +1932,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 43] + [DocId: 47] input @@ -1751,7 +1953,7 @@

    Container is running without memory limit

  • - Line number: 19405 + Line number: 21699
    • @@ -1788,7 +1990,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 48] input @@ -1809,7 +2011,7 @@

    Container is running without memory limit

  • - Line number: 19498 + Line number: 21798
    • @@ -1846,7 +2048,65 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 45] + [DocId: 48] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + memory + +
    • + +
  • + Line number: 21822 +
    • + + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 49] input @@ -1867,7 +2127,7 @@

      Container is running without memory limit

    • - Line number: 19755 + Line number: 22108
    @@ -1904,7 +2164,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 45] + [DocId: 49] input @@ -1925,7 +2185,7 @@

    Container is running without memory limit

  • - Line number: 19555 + Line number: 21879
    • @@ -1962,7 +2222,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 46] + [DocId: 50] input @@ -1983,7 +2243,7 @@

    Container is running without memory limit

  • - Line number: 19840 + Line number: 22193
    • @@ -2020,7 +2280,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 51] input @@ -2041,7 +2301,7 @@

    Container is running without memory limit

  • - Line number: 20162 + Line number: 22544
    • @@ -2078,7 +2338,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 41] + [DocId: 45] input @@ -2097,7 +2357,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 19235 + Line number: 21529
    • @@ -2134,7 +2394,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -2153,7 +2413,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 19353 + Line number: 21647
    • @@ -2190,7 +2450,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -2209,7 +2469,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 19328 + Line number: 21622
    • @@ -2246,7 +2506,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 43] + [DocId: 47] input @@ -2265,7 +2525,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 19432 + Line number: 21732
    • @@ -2302,7 +2562,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 48] input @@ -2321,7 +2581,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 19508 + Line number: 21815
    • @@ -2358,7 +2618,63 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 45] + [DocId: 48] + + input + + spec + + template + + spec + + initContainers[secret-init] + + securityContext + + runAsUser + +
    • + +
  • + Line number: 21829 +
    • + + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 49] input @@ -2377,7 +2693,7 @@

      Container's or Pod's UID could clash with hos

    • - Line number: 19762 + Line number: 22115
    @@ -2414,7 +2730,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 45] + [DocId: 49] input @@ -2433,7 +2749,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 19728 + Line number: 22081
    • @@ -2470,7 +2786,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 46] + [DocId: 50] input @@ -2489,7 +2805,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 20072 + Line number: 22454
    • @@ -2526,7 +2842,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 51] input @@ -2545,7 +2861,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 20310 + Line number: 22745
    • diff --git a/docs/snyk/v2.10.6/argocd-iac-install.html b/docs/snyk/v2.10.11/argocd-iac-namespace-install.html similarity index 88% rename from docs/snyk/v2.10.6/argocd-iac-install.html rename to docs/snyk/v2.10.11/argocd-iac-namespace-install.html index e66a88208999d..25012a4cb5c64 100644 --- a/docs/snyk/v2.10.6/argocd-iac-install.html +++ b/docs/snyk/v2.10.11/argocd-iac-namespace-install.html @@ -456,17 +456,17 @@

    Snyk test report

    -

    April 14th 2024, 12:24:04 am (UTC+00:00)

    +

    May 26th 2024, 12:22:37 am (UTC+00:00)

    Scanned the following path:
      -
    • /argo-cd/manifests/install.yaml (Kubernetes)
      • +
    • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
    -
    39 total issues
    +
    43 total issues

    @@ -475,19 +475,19 @@

    Snyk test report

    - - + +
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project manifests/namespace-install.yaml
    Path /argo-cd/manifests/namespace-install.yaml
    Project Type Kubernetes
    -
    +

    Role or ClusterRole with dangerous permissions

    -
    - high severity +
    + medium severity
    @@ -498,16 +498,16 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 16] + [DocId: 7] - rules[5] + rules[0] resources
  • - Line number: 20871 + Line number: 77
    • @@ -544,16 +544,16 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 10] + [DocId: 8] - rules[0] + rules[4] resources
  • - Line number: 20580 + Line number: 162
    • @@ -590,16 +590,16 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 11] + [DocId: 9] - rules[4] + rules[0] resources
  • - Line number: 20665 + Line number: 190
    • @@ -636,16 +636,16 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 12] + [DocId: 10] - rules[0] + rules[1] resources
  • - Line number: 20693 + Line number: 220
    • @@ -682,16 +682,16 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 13] + [DocId: 10] - rules[1] + rules[3] resources
  • - Line number: 20723 + Line number: 238
    • @@ -728,16 +728,16 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 13] + [DocId: 11] - rules[3] + rules[0] resources
  • - Line number: 20741 + Line number: 256
    • @@ -774,7 +774,7 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 14] + [DocId: 12] rules[0] @@ -783,7 +783,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20757 + Line number: 278
    • @@ -820,7 +820,59 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 47] + [DocId: 39] + + spec + + template + + spec + + initContainers[secret-init] + + imagePullPolicy + +
    • + +
  • + Line number: 1112 +
    • + + +
    + +

    Impact

    +

    The container may run with outdated or unauthorized image

    + +

    Remediation

    +

    Set `imagePullPolicy` attribute to `Always`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container could be running with outdated image

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-42 +
      • + +
    • Introduced through: + [DocId: 40] spec @@ -835,7 +887,7 @@

      Container could be running with outdated image

    • - Line number: 22039 + Line number: 1393
    @@ -872,7 +924,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 43] + [DocId: 36] input @@ -893,7 +945,7 @@

    Container has no CPU limit

  • - Line number: 21348 + Line number: 673
    • @@ -930,7 +982,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 37] input @@ -951,7 +1003,7 @@

    Container has no CPU limit

  • - Line number: 21599 + Line number: 924
    • @@ -988,7 +1040,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 37] input @@ -1009,7 +1061,7 @@

    Container has no CPU limit

  • - Line number: 21565 + Line number: 890
    • @@ -1046,7 +1098,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 45] + [DocId: 38] input @@ -1067,7 +1119,7 @@

    Container has no CPU limit

  • - Line number: 21659 + Line number: 984
    • @@ -1104,7 +1156,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 46] + [DocId: 39] input @@ -1125,7 +1177,7 @@

    Container has no CPU limit

  • - Line number: 21758 + Line number: 1083
    • @@ -1162,7 +1214,65 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + cpu + +
    • + +
  • + Line number: 1107 +
    • + + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 40] input @@ -1183,7 +1293,7 @@

      Container has no CPU limit

    • - Line number: 22039 + Line number: 1393
    @@ -1220,7 +1330,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 40] input @@ -1241,7 +1351,7 @@

    Container has no CPU limit

  • - Line number: 21815 + Line number: 1164
    • @@ -1278,7 +1388,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 48] + [DocId: 41] input @@ -1299,7 +1409,7 @@

    Container has no CPU limit

  • - Line number: 22124 + Line number: 1478
    • @@ -1336,7 +1446,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 49] + [DocId: 42] input @@ -1357,7 +1467,7 @@

    Container has no CPU limit

  • - Line number: 22470 + Line number: 1829
    • @@ -1394,7 +1504,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 44] + [DocId: 37] spec @@ -1409,7 +1519,7 @@

    Container is running with multiple open ports

  • - Line number: 21579 + Line number: 904
    • @@ -1446,7 +1556,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 43] + [DocId: 36] spec @@ -1461,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 21348 + Line number: 673
    • @@ -1498,7 +1608,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 44] + [DocId: 37] spec @@ -1513,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 21565 + Line number: 890
    • @@ -1550,7 +1660,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 46] + [DocId: 39] spec @@ -1565,7 +1675,7 @@

    Container is running without liveness probe

  • - Line number: 21758 + Line number: 1083
    • @@ -1602,7 +1712,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 43] + [DocId: 36] input @@ -1623,7 +1733,7 @@

    Container is running without memory limit

  • - Line number: 21348 + Line number: 673
    • @@ -1660,7 +1770,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 37] input @@ -1681,7 +1791,7 @@

    Container is running without memory limit

  • - Line number: 21565 + Line number: 890
    • @@ -1718,7 +1828,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 37] input @@ -1739,7 +1849,7 @@

    Container is running without memory limit

  • - Line number: 21599 + Line number: 924
    • @@ -1776,7 +1886,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 45] + [DocId: 38] input @@ -1797,7 +1907,7 @@

    Container is running without memory limit

  • - Line number: 21659 + Line number: 984
    • @@ -1834,7 +1944,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 46] + [DocId: 39] input @@ -1855,7 +1965,65 @@

    Container is running without memory limit

  • - Line number: 21758 + Line number: 1083 +
    • + + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + memory + +
      • + +
    • + Line number: 1107
    @@ -1892,7 +2060,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 40] input @@ -1913,7 +2081,7 @@

    Container is running without memory limit

  • - Line number: 22039 + Line number: 1393
    • @@ -1950,7 +2118,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 40] input @@ -1971,7 +2139,7 @@

    Container is running without memory limit

  • - Line number: 21815 + Line number: 1164
    • @@ -2008,7 +2176,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 48] + [DocId: 41] input @@ -2029,7 +2197,7 @@

    Container is running without memory limit

  • - Line number: 22124 + Line number: 1478
    • @@ -2066,7 +2234,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 49] + [DocId: 42] input @@ -2087,7 +2255,7 @@

    Container is running without memory limit

  • - Line number: 22470 + Line number: 1829
    • @@ -2124,7 +2292,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 43] + [DocId: 36] input @@ -2143,7 +2311,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21489 + Line number: 814
    • @@ -2180,7 +2348,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 37] input @@ -2199,7 +2367,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21607 + Line number: 932
    • @@ -2236,7 +2404,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 37] input @@ -2255,7 +2423,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21582 + Line number: 907
    • @@ -2292,7 +2460,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 45] + [DocId: 38] input @@ -2311,7 +2479,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21692 + Line number: 1017
    • @@ -2348,7 +2516,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 46] + [DocId: 39] input @@ -2367,7 +2535,63 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21768 + Line number: 1100 +
    • + + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + securityContext + + runAsUser + +
      • + +
    • + Line number: 1114
    @@ -2404,7 +2628,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 40] input @@ -2423,7 +2647,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22046 + Line number: 1400
    • @@ -2460,7 +2684,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 40] input @@ -2479,7 +2703,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22012 + Line number: 1366
    • @@ -2516,7 +2740,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 48] + [DocId: 41] input @@ -2535,7 +2759,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22380 + Line number: 1739
    • @@ -2572,7 +2796,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 49] + [DocId: 42] input @@ -2591,7 +2815,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22660 + Line number: 2030
    • diff --git a/docs/snyk/v2.9.11/argocd-test.html b/docs/snyk/v2.10.11/argocd-test.html similarity index 59% rename from docs/snyk/v2.9.11/argocd-test.html rename to docs/snyk/v2.10.11/argocd-test.html index 5bf9514eb455b..c871aa7de7992 100644 --- a/docs/snyk/v2.9.11/argocd-test.html +++ b/docs/snyk/v2.10.11/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:24:31 am (UTC+00:00)

    +

    May 26th 2024, 12:20:34 am (UTC+00:00)

    Scanned the following paths: @@ -467,9 +467,9 @@

    Snyk test report

    -
    14 known vulnerabilities
    -
    260 vulnerable dependency paths
    -
    1917 dependencies
    +
    9 known vulnerabilities
    +
    170 vulnerable dependency paths
    +
    2042 dependencies

    @@ -478,7 +478,7 @@

    Snyk test report

    -

    Denial of Service (DoS)

    +

    Allocation of Resources Without Limits or Throttling

    @@ -497,13 +497,13 @@

    Denial of Service (DoS)

  • Vulnerable module: - google.golang.org/grpc + golang.org/x/net/http2
  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 and google.golang.org/grpc@1.56.2 + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others
    • @@ -517,7 +517,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.56.2 + k8s.io/apimachinery/pkg/util/net@0.26.11 + + golang.org/x/net/http2@0.19.0 @@ -526,9 +528,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + github.com/soheilhy/cmux@0.1.5 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -537,9 +539,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.56.2 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -550,7 +552,7 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -559,20 +561,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc@1.56.2 - - - - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + k8s.io/apimachinery/pkg/watch@0.26.11 - google.golang.org/grpc/reflection@1.56.2 + k8s.io/apimachinery/pkg/util/net@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -581,20 +574,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + k8s.io/client-go/transport@0.26.11 - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + k8s.io/apimachinery/pkg/util/net@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -603,20 +587,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + google.golang.org/grpc@1.59.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + google.golang.org/grpc/internal/transport@1.59.0 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -625,20 +600,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + k8s.io/client-go/discovery@0.26.11 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -647,11 +613,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + k8s.io/client-go/transport/spdy@0.26.11 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -660,11 +626,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig@1.16.0 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -673,11 +639,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + k8s.io/client-go/testing@0.26.11 - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -686,11 +652,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + k8s.io/client-go/dynamic@0.26.11 - google.golang.org/grpc/health/grpc_health_v1@1.56.2 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -699,11 +665,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.56.2 + k8s.io/client-go/tools/cache@0.26.11 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -712,11 +678,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.56.2 + k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - google.golang.org/grpc/health/grpc_health_v1@1.56.2 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -725,13 +691,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -740,13 +704,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -755,15 +717,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + k8s.io/client-go/tools/record@0.26.11 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -772,15 +730,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + k8s.io/apimachinery/pkg/watch@0.26.11 - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 + k8s.io/apimachinery/pkg/util/net@0.26.11 - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 + golang.org/x/net/http2@0.19.0 @@ -789,97 +745,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + k8s.io/client-go/rest@0.26.11 - google.golang.org/grpc@1.56.2 - - - -
    • - - -
    - -
    - -

    Overview

    -

    google.golang.org/grpc is a Go implementation of gRPC

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    -

    Remediation

    -

    Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.24.17 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + k8s.io/client-go/transport@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -890,18 +760,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/soheilhy/cmux@0.1.5 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + google.golang.org/grpc@1.59.0 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -912,20 +775,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc@1.59.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -936,22 +790,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - k8s.io/client-go/discovery@0.24.17 + google.golang.org/grpc@1.59.0 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -962,22 +805,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 + google.golang.org/grpc@1.59.0 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -988,9 +820,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/testing@0.24.17 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -1001,9 +835,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/dynamic@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -1014,9 +850,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/cache@0.24.17 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.46.1 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -1027,9 +865,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -1040,9 +880,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1053,9 +895,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 + k8s.io/client-go/tools/clientcmd@0.26.11 + + k8s.io/client-go/tools/auth@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1066,9 +910,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/record@0.24.17 + github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/tools/cache@0.26.11 + + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1079,11 +925,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/client-go/discovery/fake@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/testing@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1094,11 +940,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/kubernetes/fake@0.26.11 - k8s.io/client-go/transport@0.24.17 + k8s.io/client-go/testing@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1109,11 +955,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - google.golang.org/grpc@1.56.2 + k8s.io/client-go/dynamic@0.26.11 - google.golang.org/grpc/internal/transport@1.56.2 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1124,11 +970,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.56.2 + k8s.io/client-go/informers/apps/v1@0.26.11 - google.golang.org/grpc@1.56.2 + k8s.io/client-go/tools/cache@0.26.11 - google.golang.org/grpc/internal/transport@1.56.2 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1139,11 +985,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + k8s.io/client-go/informers@0.26.11 - google.golang.org/grpc@1.56.2 + k8s.io/client-go/tools/cache@0.26.11 - google.golang.org/grpc/internal/transport@1.56.2 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1154,11 +1000,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + k8s.io/client-go/listers/core/v1@0.26.11 - google.golang.org/grpc@1.56.2 + k8s.io/client-go/tools/cache@0.26.11 - google.golang.org/grpc/internal/transport@1.56.2 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1169,11 +1015,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + k8s.io/client-go/tools/remotecommand@0.26.11 - google.golang.org/grpc@1.56.2 + k8s.io/client-go/transport/spdy@0.26.11 - google.golang.org/grpc/internal/transport@1.56.2 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1184,11 +1030,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - google.golang.org/grpc@1.56.2 + google.golang.org/api/chat/v1@0.132.0 - google.golang.org/grpc/internal/transport@1.56.2 + google.golang.org/api/transport/http@0.132.0 golang.org/x/net/http2@0.19.0 @@ -1199,11 +1045,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - google.golang.org/grpc@1.56.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - google.golang.org/grpc/internal/transport@1.56.2 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1214,11 +1062,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - google.golang.org/grpc@1.56.2 + k8s.io/apimachinery/pkg/watch@0.26.11 - google.golang.org/grpc/internal/transport@1.56.2 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1229,11 +1079,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/api/rbac/v1@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1244,11 +1096,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/clientcmd@0.24.17 + k8s.io/api/core/v1@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/tools/auth@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1259,11 +1113,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf + k8s.io/apimachinery/pkg/api/errors@0.26.11 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1274,11 +1130,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery/fake@0.24.17 + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/testing@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1289,11 +1147,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/fake@0.24.17 + k8s.io/apimachinery/pkg/api/equality@0.26.11 - k8s.io/client-go/testing@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1304,11 +1164,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + k8s.io/client-go/transport/spdy@0.26.11 + + k8s.io/client-go/rest@0.26.11 - k8s.io/client-go/dynamic@0.24.17 + k8s.io/client-go/transport@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1319,11 +1181,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers/apps/v1@0.24.17 + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 + + k8s.io/client-go/rest@0.26.11 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/client-go/transport@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1334,11 +1198,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers@0.24.17 + k8s.io/client-go/testing@0.26.11 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/client-go/rest@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1349,11 +1215,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/listers/core/v1@0.24.17 + k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 + + k8s.io/client-go/rest@0.26.11 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/client-go/transport@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1364,11 +1232,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/remotecommand@0.24.17 + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - k8s.io/client-go/transport/spdy@0.24.17 + k8s.io/client-go/rest@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/transport@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1379,13 +1249,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/client-go/rest@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/transport@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1396,13 +1266,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.59.0 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc@1.59.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -1413,13 +1283,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/api/rbac/v1@0.24.17 + google.golang.org/grpc/reflection@1.59.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc@1.59.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -1430,13 +1300,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc/health@1.59.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.59.0 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc@1.59.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -1447,13 +1317,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/api/errors@0.24.17 + github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1464,13 +1334,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f + github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1481,13 +1351,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/api/equality@0.24.17 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1498,13 +1368,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/transport/spdy@0.24.17 + github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/listers/core/v1@0.26.11 - k8s.io/client-go/transport@0.24.17 + k8s.io/client-go/tools/cache@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1515,13 +1385,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 + github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/tools/clientcmd@0.26.11 - k8s.io/client-go/transport@0.24.17 + k8s.io/client-go/tools/auth@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1532,13 +1402,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/testing@0.24.17 + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - k8s.io/client-go/rest@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - k8s.io/client-go/transport@0.24.17 + k8s.io/client-go/dynamic@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1549,13 +1419,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 + k8s.io/client-go/informers/core/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/listers/core/v1@0.26.11 - k8s.io/client-go/transport@0.24.17 + k8s.io/client-go/tools/cache@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1566,13 +1436,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - k8s.io/client-go/rest@0.24.17 + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - k8s.io/client-go/transport@0.24.17 + k8s.io/client-go/tools/cache@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1583,13 +1453,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 + k8s.io/kubectl/pkg/util/term@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/tools/remotecommand@0.26.11 - k8s.io/client-go/transport@0.24.17 + k8s.io/client-go/transport/spdy@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1600,13 +1470,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - google.golang.org/grpc/health/grpc_health_v1@1.56.2 + k8s.io/client-go/tools/leaderelection@0.26.11 - google.golang.org/grpc@1.56.2 + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - google.golang.org/grpc/internal/transport@1.56.2 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1617,13 +1487,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.56.2 + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - google.golang.org/grpc@1.56.2 + google.golang.org/api/chat/v1@0.132.0 - google.golang.org/grpc/internal/transport@1.56.2 + google.golang.org/api/transport/http@0.132.0 golang.org/x/net/http2@0.19.0 @@ -1634,13 +1504,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.56.2 + github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - google.golang.org/grpc/health/grpc_health_v1@1.56.2 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - google.golang.org/grpc@1.56.2 + google.golang.org/api/chat/v1@0.132.0 - google.golang.org/grpc/internal/transport@1.56.2 + google.golang.org/api/transport/http@0.132.0 golang.org/x/net/http2@0.19.0 @@ -1651,13 +1521,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f + github.com/Azure/kubelogin/pkg/token@0.0.20 + + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1668,13 +1540,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f + k8s.io/client-go/dynamic@0.26.11 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1685,13 +1559,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1702,13 +1578,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 - k8s.io/client-go/listers/core/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1719,13 +1597,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf + github.com/argoproj/gitops-engine/pkg/utils/testing@#fbecbb86e412 + + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/client-go/tools/clientcmd@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/tools/auth@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1736,13 +1616,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/client-go/dynamic@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1753,13 +1635,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers/core/v1@0.24.17 + sigs.k8s.io/controller-runtime@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - k8s.io/client-go/listers/core/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1770,13 +1654,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + k8s.io/client-go/listers/core/v1@0.26.11 - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 + k8s.io/api/core/v1@0.26.11 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1787,13 +1673,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/term@0.24.17 + k8s.io/kubectl/pkg/util/resource@0.26.11 + + k8s.io/api/core/v1@0.26.11 - k8s.io/client-go/tools/remotecommand@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/transport/spdy@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1804,15 +1692,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/Azure/kubelogin/pkg/token@0.0.20 + github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1823,15 +1711,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/util/managedfields@0.24.17 + k8s.io/client-go/util/retry@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/apimachinery/pkg/api/errors@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1842,15 +1730,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f + k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1861,15 +1749,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/dynamic@0.24.17 + k8s.io/client-go/tools/cache@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/client-go/tools/pager@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1880,15 +1768,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f + k8s.io/client-go/tools/portforward@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/api/core/v1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1899,15 +1787,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/apimachinery/pkg/api/equality@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1918,15 +1806,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/testing@#b0fffe419a0f + k8s.io/apimachinery/pkg/api/validation@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1937,15 +1825,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 + k8s.io/client-go/discovery/fake@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/client-go/testing@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/client-go/rest@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/transport@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1956,15 +1844,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime@0.11.0 + k8s.io/client-go/kubernetes/fake@0.26.11 - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 + k8s.io/client-go/testing@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/client-go/rest@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/transport@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1975,15 +1863,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/listers/core/v1@0.24.17 + k8s.io/client-go/tools/remotecommand@0.26.11 - k8s.io/api/core/v1@0.24.17 + k8s.io/client-go/transport/spdy@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/client-go/rest@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/transport@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -1994,15 +1882,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/resource@0.24.17 + github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 - k8s.io/api/core/v1@0.24.17 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2013,15 +1901,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2032,15 +1920,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/util/retry@0.24.17 + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - k8s.io/apimachinery/pkg/api/errors@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/client-go/restmapper@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2051,15 +1939,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/cache@0.24.17 + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - k8s.io/client-go/tools/pager@0.24.17 + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/dynamic@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2070,15 +1958,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/portforward@0.24.17 + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - k8s.io/api/core/v1@0.24.17 + sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/client-go/tools/clientcmd@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/tools/auth@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2089,15 +1977,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.17 + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - k8s.io/apimachinery/pkg/api/equality@0.24.17 + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/dynamic@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2108,15 +1996,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/api/validation@0.24.17 + github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.17 + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/api/chat/v1@0.132.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/api/transport/http@0.132.0 golang.org/x/net/http2@0.19.0 @@ -2127,15 +2015,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery/fake@0.24.17 + github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - k8s.io/client-go/testing@0.24.17 + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - k8s.io/client-go/rest@0.24.17 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - k8s.io/client-go/transport@0.24.17 + google.golang.org/api/chat/v1@0.132.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/api/transport/http@0.132.0 golang.org/x/net/http2@0.19.0 @@ -2146,15 +2034,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/fake@0.24.17 + github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 + + k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - k8s.io/client-go/testing@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/transport@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2165,15 +2055,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/remotecommand@0.24.17 + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - k8s.io/client-go/transport/spdy@0.24.17 + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/client-go/transport@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2184,15 +2076,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f + k8s.io/client-go/informers/core/v1@0.26.11 + + k8s.io/client-go/listers/core/v1@0.26.11 - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + k8s.io/api/core/v1@0.26.11 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2203,15 +2097,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f + k8s.io/client-go/kubernetes/scheme@0.26.11 - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + k8s.io/api/storage/v1beta1@0.26.11 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/api/core/v1@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2222,15 +2118,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + k8s.io/client-go/tools/record@0.26.11 + + k8s.io/client-go/tools/reference@0.26.11 - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + k8s.io/api/core/v1@0.26.11 - k8s.io/client-go/restmapper@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2241,15 +2139,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - k8s.io/client-go/dynamic@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2260,15 +2160,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 + + k8s.io/client-go/tools/cache@0.26.11 - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 + k8s.io/client-go/tools/pager@0.26.11 - k8s.io/client-go/tools/clientcmd@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/tools/auth@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2279,17 +2181,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/diff@#b0fffe419a0f + k8s.io/client-go/informers/apps/v1@0.26.11 - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 + k8s.io/client-go/tools/cache@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/client-go/tools/pager@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2300,17 +2202,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f + k8s.io/client-go/informers@0.26.11 - github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f + k8s.io/client-go/tools/cache@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/client-go/tools/pager@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2321,17 +2223,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 + k8s.io/client-go/dynamic@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2342,17 +2244,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/scheme@0.24.17 + k8s.io/kubectl/pkg/util/term@0.26.11 - k8s.io/api/storage/v1beta1@0.24.17 + k8s.io/client-go/tools/remotecommand@0.26.11 - k8s.io/api/core/v1@0.24.17 + k8s.io/client-go/transport/spdy@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/client-go/rest@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/transport@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2363,17 +2265,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers/core/v1@0.24.17 + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - k8s.io/client-go/listers/core/v1@0.24.17 + k8s.io/client-go/tools/leaderelection@0.26.11 - k8s.io/api/core/v1@0.24.17 + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/client-go/rest@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/transport@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2384,17 +2286,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/record@0.24.17 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - k8s.io/client-go/tools/reference@0.24.17 + google.golang.org/api/chat/v1@0.132.0 - k8s.io/api/core/v1@0.24.17 + google.golang.org/api/transport/http@0.132.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/api/option@0.132.0 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc@1.59.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -2405,17 +2307,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - k8s.io/client-go/tools/cache@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - k8s.io/client-go/tools/pager@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc@1.59.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -2426,17 +2328,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers/apps/v1@0.24.17 + github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/client-go/listers/core/v1@0.26.11 - k8s.io/client-go/tools/pager@0.24.17 + k8s.io/api/core/v1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2447,17 +2349,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers@0.24.17 + k8s.io/client-go/kubernetes@0.26.11 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - k8s.io/client-go/tools/pager@0.24.17 + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2468,17 +2370,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf + k8s.io/client-go/tools/clientcmd@0.26.11 - k8s.io/client-go/listers/core/v1@0.24.17 + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - k8s.io/api/core/v1@0.24.17 + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2489,17 +2393,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/kubernetes/scheme@0.26.11 - k8s.io/client-go/dynamic@0.24.17 + k8s.io/api/storage/v1beta1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/api/core/v1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2510,17 +2416,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/term@0.24.17 + sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - k8s.io/client-go/tools/remotecommand@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - k8s.io/client-go/transport/spdy@0.24.17 + k8s.io/client-go/dynamic@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/client-go/transport@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2531,17 +2439,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + k8s.io/client-go/tools/cache@0.26.11 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + k8s.io/client-go/tools/pager@0.26.11 + + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - google.golang.org/grpc@1.56.2 + k8s.io/apimachinery/pkg/watch@0.26.11 - google.golang.org/grpc/internal/transport@1.56.2 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2552,17 +2462,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + google.golang.org/api/chat/v1@0.132.0 - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 + google.golang.org/api/transport/http@0.132.0 - k8s.io/client-go/tools/cache@0.24.17 + google.golang.org/api/option@0.132.0 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -2573,17 +2485,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes@0.24.17 + github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 + + k8s.io/kubectl/pkg/cmd/util@0.26.11 - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 + k8s.io/kubectl/pkg/validation@0.26.11 - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.17 + k8s.io/cli-runtime/pkg/resource@0.26.11 - k8s.io/client-go/applyconfigurations/meta/v1@0.24.17 + k8s.io/client-go/restmapper@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2594,17 +2508,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 + github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/discovery@0.26.11 + + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2615,19 +2531,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/clientcmd@0.24.17 + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 - k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2638,19 +2554,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery@0.24.17 + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - k8s.io/client-go/kubernetes/scheme@0.24.17 + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - k8s.io/api/storage/v1beta1@0.24.17 + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - k8s.io/api/core/v1@0.24.17 + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/dynamic@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2661,19 +2577,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - k8s.io/client-go/dynamic@0.24.17 + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/client-go/tools/leaderelection@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2684,19 +2600,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - k8s.io/client-go/tools/cache@0.24.17 + google.golang.org/api/chat/v1@0.132.0 - k8s.io/client-go/tools/pager@0.24.17 + google.golang.org/api/transport/http@0.132.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/api/option@0.132.0 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc@1.59.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -2707,19 +2623,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f + sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2730,19 +2648,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f + sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f + k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2753,19 +2673,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime@0.11.0 + github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 + + k8s.io/client-go/tools/clientcmd@0.26.11 - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 + k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2776,19 +2698,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + k8s.io/client-go/discovery@0.26.11 - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + k8s.io/client-go/kubernetes/scheme@0.26.11 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + k8s.io/api/storage/v1beta1@0.26.11 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + k8s.io/api/core/v1@0.26.11 - k8s.io/client-go/dynamic@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 + + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2799,21 +2723,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 + k8s.io/client-go/kubernetes@0.26.11 - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 + k8s.io/client-go/kubernetes/scheme@0.26.11 - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 + k8s.io/api/storage/v1beta1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/api/core/v1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2824,21 +2748,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#fbecbb86e412 - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 + k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 + k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 + k8s.io/api/storage/v1alpha1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/api/core/v1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2849,21 +2773,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - k8s.io/client-go/tools/clientcmd@0.24.17 + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 + k8s.io/client-go/dynamic@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2874,21 +2798,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - k8s.io/client-go/discovery@0.24.17 + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - k8s.io/client-go/kubernetes/scheme@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - k8s.io/api/storage/v1beta1@0.24.17 + k8s.io/client-go/dynamic@0.26.11 - k8s.io/api/core/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2899,21 +2823,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes@0.24.17 + github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - k8s.io/client-go/kubernetes/scheme@0.24.17 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - k8s.io/api/storage/v1beta1@0.24.17 + google.golang.org/api/chat/v1@0.132.0 - k8s.io/api/core/v1@0.24.17 + google.golang.org/api/transport/http@0.132.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/api/option@0.132.0 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc@1.59.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -2924,21 +2848,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#b0fffe419a0f + github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 - k8s.io/kubernetes/pkg/apis/storage/install@1.24.17 + github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.24.17 + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - k8s.io/api/storage/v1alpha1@0.24.17 + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - k8s.io/api/core/v1@0.24.17 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2949,21 +2873,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - k8s.io/client-go/dynamic@0.24.17 + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/client-go/dynamic@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2974,21 +2898,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f + sigs.k8s.io/controller-runtime@0.14.7 - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f + sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f + sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/client-go/tools/leaderelection@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - k8s.io/client-go/rest@0.24.17 + k8s.io/client-go/rest@0.26.11 golang.org/x/net/http2@0.19.0 @@ -2999,21 +2923,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 + github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + google.golang.org/api/chat/v1@0.132.0 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + google.golang.org/api/transport/http@0.132.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + google.golang.org/api/option@0.132.0 - k8s.io/client-go/dynamic@0.24.17 + google.golang.org/grpc@1.59.0 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/transport@1.59.0 golang.org/x/net/http2@0.19.0 @@ -3024,23 +2948,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f + github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/client-go/kubernetes/scheme@0.24.17 + k8s.io/client-go/kubernetes/scheme@0.26.11 - k8s.io/api/storage/v1beta1@0.24.17 + k8s.io/api/storage/v1beta1@0.26.11 - k8s.io/api/core/v1@0.24.17 + k8s.io/api/core/v1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -3051,23 +2975,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f + github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/client-go/kubernetes/scheme@0.24.17 + k8s.io/client-go/kubernetes/scheme@0.26.11 - k8s.io/api/storage/v1beta1@0.24.17 + k8s.io/api/storage/v1beta1@0.26.11 - k8s.io/api/core/v1@0.24.17 + k8s.io/api/core/v1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -3078,23 +3002,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + k8s.io/kubectl/pkg/util/openapi@0.26.11 - k8s.io/client-go/discovery@0.24.17 + k8s.io/client-go/discovery@0.26.11 - k8s.io/client-go/kubernetes/scheme@0.24.17 + k8s.io/client-go/kubernetes/scheme@0.26.11 - k8s.io/api/storage/v1beta1@0.24.17 + k8s.io/api/storage/v1beta1@0.26.11 - k8s.io/api/core/v1@0.24.17 + k8s.io/api/core/v1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -3105,23 +3029,25 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + k8s.io/client-go/restmapper@0.26.11 - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + k8s.io/client-go/discovery@0.26.11 - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 + k8s.io/client-go/kubernetes/scheme@0.26.11 - k8s.io/client-go/tools/cache@0.24.17 + k8s.io/api/storage/v1beta1@0.26.11 - k8s.io/client-go/tools/pager@0.24.17 + k8s.io/api/core/v1@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -3132,25 +3058,25 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - k8s.io/client-go/restmapper@0.24.17 + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - k8s.io/client-go/discovery@0.24.17 + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - k8s.io/client-go/kubernetes/scheme@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - k8s.io/api/storage/v1beta1@0.24.17 + k8s.io/client-go/dynamic@0.26.11 - k8s.io/api/core/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -3161,56 +3087,27 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - k8s.io/client-go/dynamic@0.24.17 + sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + k8s.io/client-go/dynamic@0.26.11 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - k8s.io/apimachinery/pkg/watch@0.24.17 + k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/watch@0.26.11 - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 + k8s.io/apimachinery/pkg/util/net@0.26.11 golang.org/x/net/http2@0.19.0 @@ -3230,6 +3127,7 @@

      Remediation

      Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

      References

      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
        • -
      - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others + +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - google.golang.org/grpc/internal/pretty@1.56.2 - - github.com/golang/protobuf/jsonpb@1.4.2 + github.com/Azure/kubelogin/pkg/token@0.0.20 - google.golang.org/protobuf/encoding/protojson@1.31.0 + gopkg.in/retry.v1@1.0.3 @@ -4852,28 +3193,17 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      -

      Note:

      -

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

      -

      Remediation

      -

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

      -

      References

      - +

      LGPL-3.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Authentication Bypass by Capture-replay

    +

    Regular Expression Denial of Service (ReDoS)

    @@ -4892,12 +3222,12 @@

    Authentication Bypass by Capture-replay

  • Vulnerable module: - golang.org/x/crypto/ssh + github.com/whilp/git-urls
  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2
    • @@ -4912,115 +3242,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - golang.org/x/crypto/ssh@0.16.0 - - - - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -5029,15 +3251,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -5046,15 +3262,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -5063,15 +3275,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - github.com/xanzy/ssh-agent@0.3.3 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -5080,17 +3288,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - github.com/skeema/knownhosts@1.2.1 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -5099,17 +3303,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - github.com/xanzy/ssh-agent@0.3.3 + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -5121,46 +3321,99 @@

    Detailed paths

    Overview

    -

    golang.org/x/crypto/ssh is a SSH client and server

    -

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    -

    Note:

    +

    github.com/whilp/git-urls is a Git URLs parser

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    +

    Note: + This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    +

    PoC

    + 
    
+        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
+        malicious_url := "6en6ar@-:0////" + payload + "\"
+        begin := time.Now()
+        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
+        _, err := giturls.ParseScp(malicious_url)
+        if err != nil {
+        fmt.Errorf("[ - ] Error ->" + err.Error())
+        }
+        //fmt.Println("[ + ] Url --> " + u.Host)
+        elapse := time.Since(begin)
+        fmt.Printf("Function took %s", elapse)
+
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

      -

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      -
      2. -

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      -
      3. +
    3. CCC
      4. +
    4. CC+C
      5. +
    5. C+CC
      6. +
    6. C+C+C.
    -

    Impact:

    -

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    -

    Workaround

    -

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    Remediation

    -

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    +

    There is no fixed version for github.com/whilp/git-urls.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • @@ -5330,6 +3583,17 @@

    Detailed paths

    + +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + +
  • Introduced through: @@ -5346,7 +3610,33 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 + + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 + + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5359,9 +3649,39 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 + + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 + + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 + + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5374,9 +3694,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5389,11 +3709,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5406,11 +3726,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5509,7 +3829,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5524,9 +3844,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5541,9 +3861,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5558,11 +3878,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5577,11 +3897,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5666,86 +3986,6 @@

    Detailed paths

    More about this vulnerability

    • -
    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-jose/go-jose/v3@3.0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/coreos/go-oidc/v3/oidc@3.6.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Template Injection

    diff --git a/docs/snyk/v2.8.15/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.10.11/ghcr.io_dexidp_dex_v2.37.0.html similarity index 92% rename from docs/snyk/v2.8.15/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.10.11/ghcr.io_dexidp_dex_v2.37.0.html index 2123841b3fc4c..d7efab9b56d31 100644 --- a/docs/snyk/v2.8.15/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.10.11/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:26:45 am (UTC+00:00)

    +

    May 26th 2024, 12:20:43 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    44 known vulnerabilities
    -
    130 vulnerable dependency paths
    +
    46 known vulnerabilities
    +
    142 vulnerable dependency paths
    786 dependencies
    @@ -1084,6 +1084,7 @@

    Remediation

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    References

    @@ -2043,6 +2046,10 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -2196,6 +2203,7 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
  • https://www.openssl.org/news/secadv/20240125.txt
  • https://security.netapp.com/advisory/ntap-20240208-0006/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • @@ -2732,9 +2740,12 @@

    References

  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • +
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • +
  • Jenkins Advisory
  • Security Release
    • +
  • Nuclei Templates
    • @@ -4285,6 +4296,114 @@

    References

    More about this vulnerability

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/busybox@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + busybox/busybox@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/busybox-binsh@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    +

    Remediation

    +

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-6237

    @@ -4401,9 +4520,38 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    @@ -4553,6 +4701,8 @@

    References

  • https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
  • https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
  • https://www.openssl.org/news/secadv/20240408.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/04/08/5
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0013/
    • @@ -4562,6 +4712,164 @@

    References

    +
    +

    CVE-2024-4603

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DSA keys or parameters may be very + slow.

    +

    Impact summary: Applications that use the functions EVP_PKEY_param_check() + or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may + experience long delays. Where the key or parameters that are being checked + have been obtained from an untrusted source this may lead to a Denial of + Service.

    +

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform + various checks on DSA parameters. Some of those computations take a long time + if the modulus (p parameter) is too large.

    +

    Trying to use a very large modulus is slow and OpenSSL will not allow using + public keys with a modulus which is over 10,000 bits in length for signature + verification. However the key and parameter check functions do not limit + the modulus size when performing the checks.

    +

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() + and supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

    +

    These functions are not called by OpenSSL itself on untrusted DSA keys so + only applications that directly call these functions may be vulnerable.

    +

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications + when using the -check option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/master/haproxy_2.6.14-alpine.html b/docs/snyk/v2.10.11/haproxy_2.6.14-alpine.html similarity index 79% rename from docs/snyk/master/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.10.11/haproxy_2.6.14-alpine.html index 5207780bc6e2f..c44884db9d736 100644 --- a/docs/snyk/master/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.10.11/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:17:59 am (UTC+00:00)

    +

    May 26th 2024, 12:20:47 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    8 known vulnerabilities
    +
    68 vulnerable dependency paths
    18 dependencies
    @@ -851,6 +851,7 @@

    References

  • https://www.openssl.org/news/secadv/20231106.txt
  • http://www.openwall.com/lists/oss-security/2023/11/06/2
  • https://security.netapp.com/advisory/ntap-20231130-0010/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • @@ -1036,6 +1037,10 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -1211,6 +1216,7 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
  • https://www.openssl.org/news/secadv/20240125.txt
  • https://security.netapp.com/advisory/ntap-20240208-0006/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • @@ -1219,6 +1225,114 @@

    References

    More about this vulnerability

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/busybox@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r2 + + busybox/busybox@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/busybox-binsh@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    +

    Remediation

    +

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-6237

    @@ -1357,9 +1471,38 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    @@ -1531,6 +1674,8 @@

    References

  • https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
  • https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
  • https://www.openssl.org/news/secadv/20240408.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/04/08/5
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0013/
    • @@ -1540,6 +1685,186 @@

    References

    +
    +

    CVE-2024-4603

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DSA keys or parameters may be very + slow.

    +

    Impact summary: Applications that use the functions EVP_PKEY_param_check() + or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may + experience long delays. Where the key or parameters that are being checked + have been obtained from an untrusted source this may lead to a Denial of + Service.

    +

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform + various checks on DSA parameters. Some of those computations take a long time + if the modulus (p parameter) is too large.

    +

    Trying to use a very large modulus is slow and OpenSSL will not allow using + public keys with a modulus which is over 10,000 bits in length for signature + verification. However the key and parameter check functions do not limit + the modulus size when performing the checks.

    +

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() + and supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

    +

    These functions are not called by OpenSSL itself on untrusted DSA keys so + only applications that directly call these functions may be vulnerable.

    +

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications + when using the -check option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.9.11/quay.io_argoproj_argocd_v2.9.11.html b/docs/snyk/v2.10.11/quay.io_argoproj_argocd_v2.10.11.html similarity index 79% rename from docs/snyk/v2.9.11/quay.io_argoproj_argocd_v2.9.11.html rename to docs/snyk/v2.10.11/quay.io_argoproj_argocd_v2.10.11.html index 55332ef8f4b1e..3e89be0bbf5cc 100644 --- a/docs/snyk/v2.9.11/quay.io_argoproj_argocd_v2.9.11.html +++ b/docs/snyk/v2.10.11/quay.io_argoproj_argocd_v2.10.11.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    April 14th 2024, 12:24:57 am (UTC+00:00)

    +

    May 26th 2024, 12:21:06 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.9.11/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.11//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.11/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.11/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.10.11/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.10.11/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.10.11//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.10.11/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.10.11/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    36 known vulnerabilities
    -
    180 vulnerable dependency paths
    -
    2189 dependencies
    +
    27 known vulnerabilities
    +
    161 vulnerable dependency paths
    +
    2278 dependencies
    @@ -480,88 +480,6 @@

    Snyk test report

    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/grpc -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/grpc@v1.56.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    google.golang.org/grpc is a Go implementation of gRPC

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    -

    Remediation

    -

    Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Allocation of Resources Without Limits or Throttling

    @@ -574,7 +492,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -629,6 +547,7 @@

    Remediation

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    References

      +
    • Github Commit
    • GitHub Commit
    • GitHub Issue
    • Go Advisory
      • @@ -653,7 +572,7 @@

      CVE-2020-22916

      • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -666,7 +585,7 @@

        CVE-2020-22916

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.10.11 and xz-utils/liblzma5@5.2.5-2ubuntu1
      @@ -679,7 +598,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -716,82 +635,6 @@

        References

        More about this vulnerability

    • -
    -
    -

    CVE-2023-51767

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.11 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Information Exposure

    @@ -805,7 +648,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -818,7 +661,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.10.11 and libgcrypt20@1.9.4-3ubuntu3
    @@ -831,7 +674,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 libgcrypt20@1.9.4-3ubuntu3 @@ -840,7 +683,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -851,7 +694,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -862,7 +705,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 apt@2.4.12 @@ -875,7 +718,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 apt@2.4.12 @@ -888,7 +731,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -901,7 +744,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -914,7 +757,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -927,7 +770,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -940,7 +783,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -953,7 +796,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -966,7 +809,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 apt@2.4.12 @@ -996,6 +839,7 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • +
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -1006,7 +850,7 @@

    References

    -

    CVE-2024-26461

    +

    CVE-2024-26462

    @@ -1017,7 +861,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1030,7 +874,7 @@

      CVE-2024-26461

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.10.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1043,7 +887,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1052,7 +896,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 adduser@3.118ubuntu5 @@ -1073,7 +917,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 adduser@3.118ubuntu5 @@ -1096,7 +940,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1105,7 +949,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 adduser@3.118ubuntu5 @@ -1126,7 +970,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1135,9 +979,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1146,7 +990,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 git@1:2.34.1-1ubuntu1.10 @@ -1159,7 +1003,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 git@1:2.34.1-1ubuntu1.10 @@ -1174,7 +1018,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 adduser@3.118ubuntu5 @@ -1193,7 +1037,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1209,24 +1053,25 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

      +

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

      Remediation

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-26462

    +

    LGPL-3.0 license

    @@ -1237,20 +1082,20 @@

    CVE-2024-26462

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - krb5/libk5crypto3 + gopkg.in/retry.v1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
    @@ -1263,648 +1108,69 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + github.com/argoproj/argo-cd/v2@* - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + gopkg.in/retry.v1@v1.0.3
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - +
    + +

    LGPL-3.0 license

    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - +
    -
    • +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + github.com/argoproj/argo-cd/v2@* - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26458

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/retry.v1@v1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 + github.com/r3labs/diff@v1.1.0 @@ -1915,28 +1181,17 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      -

      Note:

      -

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

      -

      Remediation

      -

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Authentication Bypass by Capture-replay

    +

    MPL-2.0 license

    @@ -1947,20 +1202,20 @@

    Authentication Bypass by Capture-replay

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Vulnerable module: + Module: - golang.org/x/crypto/ssh + github.com/hashicorp/go-version
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1
    @@ -1975,7 +1230,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - golang.org/x/crypto/ssh@v0.16.0 + github.com/hashicorp/go-version@v1.2.1 @@ -1986,52 +1241,17 @@

    Detailed paths

    -

    Overview

    -

    golang.org/x/crypto/ssh is a SSH client and server

    -

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    -

    Note:

    -
      -

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      -
      2. -

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      -
      3. -
    -

    Impact:

    -

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    -

    Workaround

    -

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    -

    Remediation

    -

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    -

    References

    - +

    MPL-2.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Information Exposure

    +

    MPL-2.0 license

    @@ -2042,20 +1262,20 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - gnutls28/libgnutls30 + github.com/hashicorp/go-retryablehttp
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4
    @@ -2068,74 +1288,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + github.com/argoproj/argo-cd/v2@* - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + github.com/hashicorp/go-retryablehttp@v0.7.4 @@ -2146,31 +1301,17 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 gnutls28.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Uncaught Exception

    +

    MPL-2.0 license

    @@ -2181,20 +1322,20 @@

    Uncaught Exception

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/helm/v3 /usr/local/bin/helm
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - gnutls28/libgnutls30 + github.com/hashicorp/go-multierror
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
    @@ -2207,74 +1348,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + helm.sh/helm/v3@* - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + github.com/hashicorp/go-multierror@v1.1.1 @@ -2285,24 +1361,12 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 gnutls28.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -2318,7 +1382,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -2326,12 +1390,12 @@

      MPL-2.0 license

    • Module: - github.com/r3labs/diff + github.com/hashicorp/go-cleanhttp
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
    @@ -2346,7 +1410,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/r3labs/diff@v1.1.0 + github.com/hashicorp/go-cleanhttp@v0.5.2 @@ -2362,7 +1426,7 @@

    Detailed paths

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -2378,7 +1442,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -2386,12 +1450,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/go-version + github.com/gosimple/slug
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1
    @@ -2406,7 +1470,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-version@v1.2.1 + github.com/gosimple/slug@v1.13.1 @@ -2422,36 +1486,36 @@

    Detailed paths

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    MPL-2.0 license

    +
    +

    CVE-2023-7008

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-retryablehttp + systemd/libsystemd0
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 + docker-image|quay.io/argoproj/argocd@v2.10.11 and systemd/libsystemd0@249.11-0ubuntu3.12
    @@ -2459,14 +1523,115 @@

    MPL-2.0 license

    -

    Detailed paths

    +

    Detailed paths

    + +
    -
    -

    MPL-2.0 license

    +
    +

    Arbitrary Code Injection

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-multierror + shadow/passwd
    • Introduced through: - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 + docker-image|quay.io/argoproj/argocd@v2.10.11 and shadow/passwd@1:4.8.1-2ubuntu2.2
    @@ -2524,9 +1706,40 @@

    Detailed paths

    -
    -

    MPL-2.0 license

    +
    +

    Uncontrolled Recursion

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-cleanhttp + pcre3/libpcre3
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + docker-image|quay.io/argoproj/argocd@v2.10.11 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -2584,9 +1810,20 @@

    Detailed paths

    -
    -

    MPL-2.0 license

    +
    +

    Release of Invalid Pointer or Reference

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/gosimple/slug + patch
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + docker-image|quay.io/argoproj/argocd@v2.10.11 and patch@2.7.6-7build2
    @@ -2644,9 +1898,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.10.11 - github.com/gosimple/slug@v1.13.1 + patch@2.7.6-7build2 @@ -2657,41 +1911,51 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 patch.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    +
    +

    Double Free

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - github.com/go-jose/go-jose/v3 + patch
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1 + docker-image|quay.io/argoproj/argocd@v2.10.11 and patch@2.7.6-7build2
    @@ -2704,9 +1968,9 @@

    Detailed paths

    -

    CVE-2023-7008

    +

    CVE-2023-50495

    @@ -2747,7 +2017,7 @@

    CVE-2023-7008

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2755,12 +2025,12 @@

      CVE-2023-7008

    • Vulnerable module: - systemd/libsystemd0 + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.10.11 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -2770,113 +2040,203 @@

    CVE-2023-7008

    Detailed paths

    -
      +
        +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + bash@5.1-6ubuntu1.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + less@590-1ubuntu0.22.04.3 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + libedit/libedit2@3.1-20210910-1build1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libncurses6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - apt@2.4.12 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - procps/libprocps8@2:3.3.17-6ubuntu2.1 + procps@2:3.3.17-6ubuntu2.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - util-linux@2.37.2-4ubuntu3.3 + util-linux@2.37.2-4ubuntu3.4 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - util-linux/bsdutils@1:2.37.2-4ubuntu3.3 + gnupg2/gpg@2.2.27-3ubuntu2.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + readline/libreadline8@8.1.2-1 + + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - apt@2.4.12 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - apt/libapt-pkg6.0@2.4.12 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - systemd/libudev1@249.11-0ubuntu3.12 + ncurses/libncursesw6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - libfido2/libfido2-1@1.10.0-1 + procps@2:3.3.17-6ubuntu2.1 - systemd/libudev1@249.11-0ubuntu3.12 + ncurses/libncursesw6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 - util-linux@2.37.2-4ubuntu3.3 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - systemd/libudev1@249.11-0ubuntu3.12 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - apt@2.4.12 + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 - apt/libapt-pkg6.0@2.4.12 + procps@2:3.3.17-6ubuntu2.1 - systemd/libudev1@249.11-0ubuntu3.12 + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + ncurses/ncurses-base@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -2888,31 +2248,29 @@

        Detailed paths

        NVD Description

        -

        Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. +

        Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

        -

        A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

        +

        NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

        Remediation

        -

        There is no fixed version for Ubuntu:22.04 systemd.

        +

        There is no fixed version for Ubuntu:22.04 ncurses.

        References

        -

        More about this vulnerability

        +

        More about this vulnerability

    -

    Arbitrary Code Injection

    +

    CVE-2023-45918

    @@ -2923,7 +2281,7 @@

    Arbitrary Code Injection

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2931,12 +2289,12 @@

      Arbitrary Code Injection

    • Vulnerable module: - shadow/passwd + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.10.11 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -2949,201 +2307,200 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - adduser@3.118ubuntu5 + bash@5.1-6ubuntu1.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + ncurses/libncursesw6@6.3-2ubuntu0.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - shadow/login@1:4.8.1-2ubuntu2.2 + less@590-1ubuntu0.22.04.3 + + ncurses/libtinfo6@6.3-2ubuntu0.1
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + libedit/libedit2@3.1-20210910-1build1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + ncurses/libncurses6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + ncurses/ncurses-bin@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + - pcre3/libpcre3 -
      • + +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
    • Introduced through: +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + util-linux@2.37.2-4ubuntu3.4 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + - docker-image|quay.io/argoproj/argocd@v2.9.11 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + readline/libreadline8@8.1.2-1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
      • -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + -
      +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + ncurses/libncurses6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - grep@3.7-1build1 + procps@2:3.3.17-6ubuntu2.1 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + ncurses/libncurses6@6.3-2ubuntu0.1
      • -
    - -
    • - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 pcre3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.11 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.11 + + ncurses/ncurses-base@6.3-2ubuntu0.1 + + -
    • -

    Double Free

    +

    Resource Exhaustion

    @@ -3185,7 +2543,7 @@

    Double Free

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3193,12 +2551,12 @@

      Double Free

    • Vulnerable module: - patch + libzstd/libzstd1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.10.11 and libzstd/libzstd1@1.4.8+dfsg-3build1
    @@ -3211,9 +2569,9 @@

    Detailed paths

    -

    CVE-2023-50495

    +

    Integer Overflow or Wraparound

    @@ -3260,7 +2620,7 @@

    CVE-2023-50495

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3268,12 +2628,12 @@

      CVE-2023-50495

    • Vulnerable module: - ncurses/libtinfo6 + krb5/libk5crypto3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.10.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3286,200 +2646,159 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - bash@5.1-6ubuntu1.1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncursesw6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + libnsl/libnsl2@1.3.0-2build2 - less@590-1ubuntu0.22.04.2 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - libedit/libedit2@3.1-20210910-1build1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncurses6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + libnsl/libnsl2@1.3.0-2build2 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - procps@2:3.3.17-6ubuntu2.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - util-linux@2.37.2-4ubuntu3.3 + docker-image|quay.io/argoproj/argocd@v2.10.11 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + adduser@3.118ubuntu5 - readline/libreadline8@8.1.2-1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + pam/libpam-modules@1.4.0-11ubuntu2.4 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + libnsl/libnsl2@1.3.0-2build2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - pinentry/pinentry-curses@1.1.1-1build2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - procps@2:3.3.17-6ubuntu2.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.10.11 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + git@1:2.34.1-1ubuntu1.10 - pinentry/pinentry-curses@1.1.1-1build2 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + git@1:2.34.1-1ubuntu1.10 - procps@2:3.3.17-6ubuntu2.1 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncurses6@6.3-2ubuntu0.1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 - ncurses/ncurses-base@6.3-2ubuntu0.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -3491,29 +2810,30 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

      +

      An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 ncurses.

      +

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-45918

    +

    CVE-2024-26461

    @@ -3524,7 +2844,7 @@

    CVE-2023-45918

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3532,12 +2852,12 @@

      CVE-2023-45918

    • Vulnerable module: - ncurses/libtinfo6 + krb5/libk5crypto3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.10.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3550,271 +2870,159 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - bash@5.1-6ubuntu1.1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncursesw6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + libnsl/libnsl2@1.3.0-2build2 - less@590-1ubuntu0.22.04.2 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - libedit/libedit2@3.1-20210910-1build1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncurses6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + libnsl/libnsl2@1.3.0-2build2 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - procps@2:3.3.17-6ubuntu2.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - util-linux@2.37.2-4ubuntu3.3 + docker-image|quay.io/argoproj/argocd@v2.10.11 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - gnupg2/gpg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.10.11 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + adduser@3.118ubuntu5 - readline/libreadline8@8.1.2-1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + pam/libpam-modules@1.4.0-11ubuntu2.4 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + libnsl/libnsl2@1.3.0-2build2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - pinentry/pinentry-curses@1.1.1-1build2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - procps@2:3.3.17-6ubuntu2.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.10.11 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + git@1:2.34.1-1ubuntu1.10 - pinentry/pinentry-curses@1.1.1-1build2 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + git@1:2.34.1-1ubuntu1.10 - procps@2:3.3.17-6ubuntu2.1 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - ncurses/ncurses-base@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Resource Exhaustion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libzstd/libzstd1 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.11 and libzstd/libzstd1@1.4.8+dfsg-3build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    -

    Integer Overflow or Wraparound

    +

    CVE-2024-26458

    @@ -3863,7 +3065,7 @@

    Integer Overflow or Wraparound

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3876,7 +3078,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.10.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3889,7 +3091,7 @@

    Detailed paths

    @@ -4087,7 +3286,7 @@

    Out-of-bounds Write

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -4100,7 +3299,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.10.11 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -4113,7 +3312,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4122,7 +3321,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 apt@2.4.12 @@ -4133,7 +3332,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4144,7 +3343,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4155,7 +3354,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4166,7 +3365,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4179,7 +3378,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4192,7 +3391,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4201,7 +3400,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4212,7 +3411,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4225,7 +3424,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -4234,7 +3433,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4245,7 +3444,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4254,7 +3453,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4265,7 +3464,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4274,7 +3473,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4285,7 +3484,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4298,7 +3497,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4311,7 +3510,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4320,7 +3519,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4331,7 +3530,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4344,7 +3543,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4357,7 +3556,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4366,7 +3565,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4377,7 +3576,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4386,7 +3585,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4397,7 +3596,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4406,7 +3605,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4417,7 +3616,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4466,7 +3665,7 @@

      Allocation of Resources Without Limits or Throttling

    • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -4479,7 +3678,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and glibc/libc-bin@2.35-0ubuntu3.6 + docker-image|quay.io/argoproj/argocd@v2.10.11 and glibc/libc-bin@2.35-0ubuntu3.7
    @@ -4492,18 +3691,18 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - glibc/libc-bin@2.35-0ubuntu3.6 + glibc/libc-bin@2.35-0ubuntu3.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 - glibc/libc6@2.35-0ubuntu3.6 + glibc/libc6@2.35-0ubuntu3.7 @@ -4547,7 +3746,7 @@

      Improper Input Validation

      • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -4561,7 +3760,7 @@

        Improper Input Validation

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.10.11, git@1:2.34.1-1ubuntu1.10 and others
      @@ -4573,7 +3772,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 git@1:2.34.1-1ubuntu1.10 @@ -4584,7 +3783,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 git@1:2.34.1-1ubuntu1.10 @@ -4593,7 +3792,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 git-lfs@3.0.2-1ubuntu0.2 @@ -4640,7 +3839,7 @@

        Uncontrolled Recursion

        • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -4653,7 +3852,7 @@

          Uncontrolled Recursion

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.10.11 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
        @@ -4666,7 +3865,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4675,7 +3874,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 apt@2.4.12 @@ -4686,7 +3885,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 apt@2.4.12 @@ -4699,7 +3898,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4708,7 +3907,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4755,7 +3954,7 @@

          Improper Input Validation

          • - Manifest file: quay.io/argoproj/argocd:v2.9.11/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.11/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -4768,7 +3967,7 @@

            Improper Input Validation

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.10.11 and coreutils@8.32-4.1ubuntu1.2
          @@ -4781,7 +3980,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.11 + docker-image|quay.io/argoproj/argocd@v2.10.11 coreutils@8.32-4.1ubuntu1.2 diff --git a/docs/snyk/v2.10.11/redis_7.0.15-alpine.html b/docs/snyk/v2.10.11/redis_7.0.15-alpine.html new file mode 100644 index 0000000000000..36a21565bec47 --- /dev/null +++ b/docs/snyk/v2.10.11/redis_7.0.15-alpine.html @@ -0,0 +1,484 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
            +
            +
            +
            + + + Snyk - Open Source Security + + + + + + + +
            +

            Snyk test report

            + +

            May 26th 2024, 12:21:10 am (UTC+00:00)

            +
            +
            + Scanned the following paths: +
              +
            • redis:7.0.15-alpine (apk)
              • +
            • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
              • +
            +
            + +
            +
            0 known vulnerabilities
            +
            0 vulnerable dependency paths
            +
            18 dependencies
            +
            +
            +
            +
            + +
            + No known vulnerabilities detected. +
            +
            + + + diff --git a/docs/snyk/v2.10.6/argocd-test.html b/docs/snyk/v2.10.6/argocd-test.html deleted file mode 100644 index a8146e34e0eb9..0000000000000 --- a/docs/snyk/v2.10.6/argocd-test.html +++ /dev/null @@ -1,7062 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
            -
            -
            -
            - - - Snyk - Open Source Security - - - - - - - -
            -

            Snyk test report

            - -

            April 14th 2024, 12:22:09 am (UTC+00:00)

            -
            -
            - Scanned the following paths: -
              -
            • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
              • -
            • /argo-cd/ui/yarn.lock (yarn)
              • -
            -
            - -
            -
            14 known vulnerabilities
            -
            306 vulnerable dependency paths
            -
            2040 dependencies
            -
            -
            -
            -
            - -
            -
            -
            -

            Allocation of Resources Without Limits or Throttling

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - golang.org/x/net/http2 -
              • - -
            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.26.11 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#792124280fcc - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/tools/reference@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#792124280fcc - - k8s.io/kubectl/pkg/cmd/util@0.26.11 - - k8s.io/kubectl/pkg/validation@0.26.11 - - k8s.io/cli-runtime/pkg/resource@0.26.11 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#792124280fcc - - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - - k8s.io/api/storage/v1alpha1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/sync/common@#792124280fcc - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#792124280fcc - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

            -

            Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

            -

            Remediation

            -

            Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            LGPL-3.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - gopkg.in/retry.v1 -
              • - -
            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
              • -
            - -
            - -
            - -

            LGPL-3.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Infinite loop

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
              • - -
            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

            -

            Note:

            -

            This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

            -

            Remediation

            -

            Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Stack-based Buffer Overflow

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
              • - -
            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

            -

            Remediation

            -

            Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Infinite loop

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
              • - -
            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

            -

            Note:

            -

            This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

            -

            Remediation

            -

            Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Authentication Bypass by Capture-replay

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - golang.org/x/crypto/ssh -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            golang.org/x/crypto/ssh is a SSH client and server

            -

            Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

            -

            Note:

            -
              -

            1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

              -
              2. -

            2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

              -
              3. -
            -

            Impact:

            -

            While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

            -

            Workaround

            -

            Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

            -

            Remediation

            -

            Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Regular Expression Denial of Service (ReDoS)

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - github.com/whilp/git-urls -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/whilp/git-urls@1.0.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            github.com/whilp/git-urls is a Git URLs parser

            -

            Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

            -

            Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

            -

            PoC

            - 
            
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
            -

            Details

            -

            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

            -

            The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

            -

            Let’s take the following regular expression as an example:

            - 
            regex = /A(B|C+)+D/
-
            -

            This regular expression accomplishes the following:

            -
              -
            • A The string must start with the letter 'A'
              • -
            • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
              • -
            • D Finally, we ensure this section of the string ends with a 'D'
              • -
            -

            The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

            -

            It most cases, it doesn't take very long for a regex engine to find a match:

            - 
            $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
            -

            The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

            -

            Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

            -

            Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

            -
              -
            1. CCC
              2. -
            2. CC+C
              3. -
            3. C+CC
              4. -
            4. C+C+C.
              5. -
            -

            The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

            -

            From there, the number of steps the engine must use to validate a string just continues to grow.

            - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            StringNumber of C'sNumber of steps
            ACCCX338
            ACCCCX471
            ACCCCCX5136
            ACCCCCCCCCCCCCCX1465,553
            -

            By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

            -

            Remediation

            -

            There is no fixed version for github.com/whilp/git-urls.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/r3labs/diff -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/r3labs/diff@1.1.0 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-version -
              • - -
            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - code.gitea.io/sdk/gitea@0.15.1 - - github.com/hashicorp/go-version@1.2.1 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-retryablehttp -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-cleanhttp -
              • - -
            • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/gosimple/slug -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/gosimple/slug@1.13.1 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Handling of Highly Compressed Data (Data Amplification)

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-jose/go-jose/v3@3.0.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
              • -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/coreos/go-oidc/v3/oidc@3.6.0 - - github.com/go-jose/go-jose/v3@3.0.1 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

            -

            Remediation

            -

            Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Template Injection

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: /argo-cd ui/yarn.lock -
              • -
            • - Package Manager: npm -
              • -
            • - Vulnerable module: - - dompurify -
              • - -
            • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

            -

            Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

            -

            PoC

            - 
            <![CDATA[ ><img src onerror=alert(1)> ]]>
-
            -

            Remediation

            -

            Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -
            -
            - - - diff --git a/docs/snyk/v2.10.6/redis_7.0.14-alpine.html b/docs/snyk/v2.10.6/redis_7.0.14-alpine.html deleted file mode 100644 index a82415cd2f559..0000000000000 --- a/docs/snyk/v2.10.6/redis_7.0.14-alpine.html +++ /dev/null @@ -1,1165 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
            -
            -
            -
            - - - Snyk - Open Source Security - - - - - - - -
            -

            Snyk test report

            - -

            April 14th 2024, 12:22:45 am (UTC+00:00)

            -
            -
            - Scanned the following paths: -
              -
            • redis:7.0.14-alpine (apk)
              • -
            • redis:7.0.14-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
              • -
            -
            - -
            -
            4 known vulnerabilities
            -
            36 vulnerable dependency paths
            -
            19 dependencies
            -
            -
            -
            -
            - -
            -
            -
            -

            Out-of-bounds Write

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.19 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

            -

            Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

            -

            Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

            -

            The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

            -

            The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

            -

            The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

            -

            Remediation

            -

            Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-0727

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.19 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

            -

            Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

            -

            Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

            -

            A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

            -

            OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

            -

            We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-6237

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.19 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            This vulnerability has not been analyzed by NVD yet.

            -

            Remediation

            -

            Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-2511

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.19 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

            -

            Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

            -

            Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

            -

            This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

            -

            This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -
            -
            - - - diff --git a/docs/snyk/v2.11.0-rc1/redis_7.0.14-alpine.html b/docs/snyk/v2.11.0-rc1/redis_7.0.14-alpine.html deleted file mode 100644 index e4ddbad778e3a..0000000000000 --- a/docs/snyk/v2.11.0-rc1/redis_7.0.14-alpine.html +++ /dev/null @@ -1,1165 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
            -
            -
            -
            - - - Snyk - Open Source Security - - - - - - - -
            -

            Snyk test report

            - -

            April 14th 2024, 12:20:31 am (UTC+00:00)

            -
            -
            - Scanned the following paths: -
              -
            • redis:7.0.14-alpine (apk)
              • -
            • redis:7.0.14-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
              • -
            -
            - -
            -
            4 known vulnerabilities
            -
            36 vulnerable dependency paths
            -
            19 dependencies
            -
            -
            -
            -
            - -
            -
            -
            -

            Out-of-bounds Write

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.19 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

            -

            Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

            -

            Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

            -

            The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

            -

            The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

            -

            The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

            -

            Remediation

            -

            Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-0727

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.19 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

            -

            Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

            -

            Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

            -

            A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

            -

            OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

            -

            We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-6237

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.19 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            This vulnerability has not been analyzed by NVD yet.

            -

            Remediation

            -

            Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-2511

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.19 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

            -

            Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

            -

            Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

            -

            This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

            -

            This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -
            -
            - - - diff --git a/docs/snyk/v2.9.11/argocd-iac-install.html b/docs/snyk/v2.11.2/argocd-iac-install.html similarity index 86% rename from docs/snyk/v2.9.11/argocd-iac-install.html rename to docs/snyk/v2.11.2/argocd-iac-install.html index 479842a386f7d..e9aa73593e7d4 100644 --- a/docs/snyk/v2.9.11/argocd-iac-install.html +++ b/docs/snyk/v2.11.2/argocd-iac-install.html @@ -456,7 +456,7 @@

            Snyk test report

            -

            April 14th 2024, 12:26:16 am (UTC+00:00)

            +

            May 26th 2024, 12:20:14 am (UTC+00:00)

            Scanned the following path: @@ -466,7 +466,7 @@

            Snyk test report

            -
            38 total issues
            +
            44 total issues
    @@ -482,6 +482,52 @@

    Snyk test report

    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 17] + + rules[5] + + resources + +
      • + +
    • + Line number: 21059 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +

    Role or ClusterRole with dangerous permissions

    @@ -507,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20316 + Line number: 20744
    • @@ -553,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20401 + Line number: 20829
    • @@ -599,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20429 + Line number: 20857
    • @@ -645,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20459 + Line number: 20887
    • @@ -691,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20477 + Line number: 20905
    • @@ -737,7 +783,53 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20493 + Line number: 20923 +
    • + + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 15] + + rules[0] + + resources + +
      • + +
    • + Line number: 20945
    @@ -774,7 +866,59 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 45] + [DocId: 48] + + spec + + template + + spec + + initContainers[secret-init] + + imagePullPolicy + +
    • + +
  • + Line number: 21991 +
    • + + +
    + +

    Impact

    +

    The container may run with outdated or unauthorized image

    + +

    Remediation

    +

    Set `imagePullPolicy` attribute to `Always`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container could be running with outdated image

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-42 +
      • + +
    • Introduced through: + [DocId: 49] spec @@ -789,7 +933,7 @@

      Container could be running with outdated image

    • - Line number: 21633 + Line number: 22278
    @@ -826,7 +970,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 41] + [DocId: 45] input @@ -847,7 +991,7 @@

    Container has no CPU limit

  • - Line number: 20978 + Line number: 21552
    • @@ -884,7 +1028,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -905,7 +1049,7 @@

    Container has no CPU limit

  • - Line number: 21223 + Line number: 21803
    • @@ -942,7 +1086,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -963,7 +1107,7 @@

    Container has no CPU limit

  • - Line number: 21189 + Line number: 21769
    • @@ -1000,7 +1144,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 43] + [DocId: 47] input @@ -1021,7 +1165,7 @@

    Container has no CPU limit

  • - Line number: 21283 + Line number: 21863
    • @@ -1058,7 +1202,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 48] input @@ -1079,7 +1223,7 @@

    Container has no CPU limit

  • - Line number: 21376 + Line number: 21962
    • @@ -1116,7 +1260,65 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 45] + [DocId: 48] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + cpu + +
    • + +
  • + Line number: 21986 +
    • + + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 49] input @@ -1137,7 +1339,7 @@

      Container has no CPU limit

    • - Line number: 21633 + Line number: 22278
    @@ -1174,7 +1376,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 45] + [DocId: 49] input @@ -1195,7 +1397,7 @@

    Container has no CPU limit

  • - Line number: 21433 + Line number: 22043
    • @@ -1232,7 +1434,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 46] + [DocId: 50] input @@ -1253,7 +1455,7 @@

    Container has no CPU limit

  • - Line number: 21718 + Line number: 22363
    • @@ -1290,7 +1492,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 51] input @@ -1311,7 +1513,7 @@

    Container has no CPU limit

  • - Line number: 22040 + Line number: 22714
    • @@ -1348,7 +1550,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 42] + [DocId: 46] spec @@ -1363,7 +1565,7 @@

    Container is running with multiple open ports

  • - Line number: 21203 + Line number: 21783
    • @@ -1400,7 +1602,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 41] + [DocId: 45] spec @@ -1415,7 +1617,7 @@

    Container is running without liveness probe

  • - Line number: 20978 + Line number: 21552
    • @@ -1452,7 +1654,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 42] + [DocId: 46] spec @@ -1467,7 +1669,7 @@

    Container is running without liveness probe

  • - Line number: 21189 + Line number: 21769
    • @@ -1504,7 +1706,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 44] + [DocId: 48] spec @@ -1519,7 +1721,7 @@

    Container is running without liveness probe

  • - Line number: 21376 + Line number: 21962
    • @@ -1556,7 +1758,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 41] + [DocId: 45] input @@ -1577,7 +1779,7 @@

    Container is running without memory limit

  • - Line number: 20978 + Line number: 21552
    • @@ -1614,7 +1816,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -1635,7 +1837,7 @@

    Container is running without memory limit

  • - Line number: 21189 + Line number: 21769
    • @@ -1672,7 +1874,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -1693,7 +1895,7 @@

    Container is running without memory limit

  • - Line number: 21223 + Line number: 21803
    • @@ -1730,7 +1932,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 43] + [DocId: 47] input @@ -1751,7 +1953,7 @@

    Container is running without memory limit

  • - Line number: 21283 + Line number: 21863
    • @@ -1788,7 +1990,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 48] input @@ -1809,7 +2011,7 @@

    Container is running without memory limit

  • - Line number: 21376 + Line number: 21962
    • @@ -1846,7 +2048,65 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 45] + [DocId: 48] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + memory + +
    • + +
  • + Line number: 21986 +
    • + + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 49] input @@ -1867,7 +2127,7 @@

      Container is running without memory limit

    • - Line number: 21633 + Line number: 22278
    @@ -1904,7 +2164,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 45] + [DocId: 49] input @@ -1925,7 +2185,7 @@

    Container is running without memory limit

  • - Line number: 21433 + Line number: 22043
    • @@ -1962,7 +2222,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 46] + [DocId: 50] input @@ -1983,7 +2243,7 @@

    Container is running without memory limit

  • - Line number: 21718 + Line number: 22363
    • @@ -2020,7 +2280,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 51] input @@ -2041,7 +2301,7 @@

    Container is running without memory limit

  • - Line number: 22040 + Line number: 22714
    • @@ -2078,7 +2338,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 41] + [DocId: 45] input @@ -2097,7 +2357,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21113 + Line number: 21693
    • @@ -2134,7 +2394,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -2153,7 +2413,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21231 + Line number: 21811
    • @@ -2190,7 +2450,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 42] + [DocId: 46] input @@ -2209,7 +2469,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21206 + Line number: 21786
    • @@ -2246,7 +2506,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 43] + [DocId: 47] input @@ -2265,7 +2525,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21310 + Line number: 21896
    • @@ -2302,7 +2562,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 48] input @@ -2321,7 +2581,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21386 + Line number: 21979
    • @@ -2358,7 +2618,63 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 45] + [DocId: 48] + + input + + spec + + template + + spec + + initContainers[secret-init] + + securityContext + + runAsUser + +
    • + +
  • + Line number: 21993 +
    • + + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 49] input @@ -2377,7 +2693,7 @@

      Container's or Pod's UID could clash with hos

    • - Line number: 21640 + Line number: 22285
    @@ -2414,7 +2730,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 45] + [DocId: 49] input @@ -2433,7 +2749,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21606 + Line number: 22251
    • @@ -2470,7 +2786,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 46] + [DocId: 50] input @@ -2489,7 +2805,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21950 + Line number: 22624
    • @@ -2526,7 +2842,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 51] input @@ -2545,7 +2861,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22188 + Line number: 22915
    • diff --git a/docs/snyk/v2.10.6/argocd-iac-namespace-install.html b/docs/snyk/v2.11.2/argocd-iac-namespace-install.html similarity index 88% rename from docs/snyk/v2.10.6/argocd-iac-namespace-install.html rename to docs/snyk/v2.11.2/argocd-iac-namespace-install.html index 35da53c946593..7c7bc8e617fe1 100644 --- a/docs/snyk/v2.10.6/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.11.2/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:24:14 am (UTC+00:00)

    +

    May 26th 2024, 12:20:24 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    38 total issues
    +
    43 total issues

    @@ -737,7 +737,53 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 254 + Line number: 256 +
    • + + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 12] + + rules[0] + + resources + +
      • + +
    • + Line number: 278
    @@ -774,7 +820,59 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 38] + [DocId: 39] + + spec + + template + + spec + + initContainers[secret-init] + + imagePullPolicy + +
    • + +
  • + Line number: 1112 +
    • + + +
    + +

    Impact

    +

    The container may run with outdated or unauthorized image

    + +

    Remediation

    +

    Set `imagePullPolicy` attribute to `Always`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container could be running with outdated image

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-42 +
      • + +
    • Introduced through: + [DocId: 40] spec @@ -789,7 +887,7 @@

      Container could be running with outdated image

    • - Line number: 1324 + Line number: 1399
    @@ -826,7 +924,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 34] + [DocId: 36] input @@ -847,7 +945,7 @@

    Container has no CPU limit

  • - Line number: 633 + Line number: 673
    • @@ -884,7 +982,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -905,7 +1003,7 @@

    Container has no CPU limit

  • - Line number: 884 + Line number: 924
    • @@ -942,7 +1040,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -963,7 +1061,7 @@

    Container has no CPU limit

  • - Line number: 850 + Line number: 890
    • @@ -1000,7 +1098,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 38] input @@ -1021,7 +1119,7 @@

    Container has no CPU limit

  • - Line number: 944 + Line number: 984
    • @@ -1058,7 +1156,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 39] input @@ -1079,7 +1177,7 @@

    Container has no CPU limit

  • - Line number: 1043 + Line number: 1083
    • @@ -1116,7 +1214,65 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + cpu + +
    • + +
  • + Line number: 1107 +
    • + + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 40] input @@ -1137,7 +1293,7 @@

      Container has no CPU limit

    • - Line number: 1324 + Line number: 1399
    @@ -1174,7 +1330,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 40] input @@ -1195,7 +1351,7 @@

    Container has no CPU limit

  • - Line number: 1100 + Line number: 1164
    • @@ -1232,7 +1388,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 41] input @@ -1253,7 +1409,7 @@

    Container has no CPU limit

  • - Line number: 1409 + Line number: 1484
    • @@ -1290,7 +1446,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 42] input @@ -1311,7 +1467,7 @@

    Container has no CPU limit

  • - Line number: 1755 + Line number: 1835
    • @@ -1348,7 +1504,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 35] + [DocId: 37] spec @@ -1363,7 +1519,7 @@

    Container is running with multiple open ports

  • - Line number: 864 + Line number: 904
    • @@ -1400,7 +1556,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 34] + [DocId: 36] spec @@ -1415,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 633 + Line number: 673
    • @@ -1452,7 +1608,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 35] + [DocId: 37] spec @@ -1467,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 850 + Line number: 890
    • @@ -1504,7 +1660,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 37] + [DocId: 39] spec @@ -1519,7 +1675,7 @@

    Container is running without liveness probe

  • - Line number: 1043 + Line number: 1083
    • @@ -1556,7 +1712,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 34] + [DocId: 36] input @@ -1577,7 +1733,7 @@

    Container is running without memory limit

  • - Line number: 633 + Line number: 673
    • @@ -1614,7 +1770,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -1635,7 +1791,7 @@

    Container is running without memory limit

  • - Line number: 850 + Line number: 890
    • @@ -1672,7 +1828,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -1693,7 +1849,7 @@

    Container is running without memory limit

  • - Line number: 884 + Line number: 924
    • @@ -1730,7 +1886,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 38] input @@ -1751,7 +1907,7 @@

    Container is running without memory limit

  • - Line number: 944 + Line number: 984
    • @@ -1788,7 +1944,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 39] input @@ -1809,7 +1965,7 @@

    Container is running without memory limit

  • - Line number: 1043 + Line number: 1083
    • @@ -1846,7 +2002,65 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + memory + +
    • + +
  • + Line number: 1107 +
    • + + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 40] input @@ -1867,7 +2081,7 @@

      Container is running without memory limit

    • - Line number: 1324 + Line number: 1399
    @@ -1904,7 +2118,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 40] input @@ -1925,7 +2139,7 @@

    Container is running without memory limit

  • - Line number: 1100 + Line number: 1164
    • @@ -1962,7 +2176,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 41] input @@ -1983,7 +2197,7 @@

    Container is running without memory limit

  • - Line number: 1409 + Line number: 1484
    • @@ -2020,7 +2234,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 42] input @@ -2041,7 +2255,7 @@

    Container is running without memory limit

  • - Line number: 1755 + Line number: 1835
    • @@ -2078,7 +2292,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 34] + [DocId: 36] input @@ -2097,7 +2311,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 774 + Line number: 814
    • @@ -2134,7 +2348,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -2153,7 +2367,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 892 + Line number: 932
    • @@ -2190,7 +2404,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -2209,7 +2423,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 867 + Line number: 907
    • @@ -2246,7 +2460,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 36] + [DocId: 38] input @@ -2265,7 +2479,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 977 + Line number: 1017
    • @@ -2302,7 +2516,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 39] input @@ -2321,7 +2535,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1053 + Line number: 1100
    • @@ -2358,7 +2572,63 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + securityContext + + runAsUser + +
    • + +
  • + Line number: 1114 +
    • + + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 40] input @@ -2377,7 +2647,7 @@

      Container's or Pod's UID could clash with hos

    • - Line number: 1331 + Line number: 1406
    @@ -2414,7 +2684,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 40] input @@ -2433,7 +2703,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1297 + Line number: 1372
    • @@ -2470,7 +2740,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 39] + [DocId: 41] input @@ -2489,7 +2759,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1665 + Line number: 1745
    • @@ -2526,7 +2796,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 42] input @@ -2545,7 +2815,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1945 + Line number: 2036
    • diff --git a/docs/snyk/v2.11.0-rc1/argocd-test.html b/docs/snyk/v2.11.2/argocd-test.html similarity index 52% rename from docs/snyk/v2.11.0-rc1/argocd-test.html rename to docs/snyk/v2.11.2/argocd-test.html index 278d98038f930..db586c815ba6f 100644 --- a/docs/snyk/v2.11.0-rc1/argocd-test.html +++ b/docs/snyk/v2.11.2/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:19:59 am (UTC+00:00)

    +

    May 26th 2024, 12:18:19 am (UTC+00:00)

    Scanned the following paths: @@ -467,9 +467,9 @@

    Snyk test report

    -
    12 known vulnerabilities
    -
    290 vulnerable dependency paths
    -
    2037 dependencies
    +
    8 known vulnerabilities
    +
    164 vulnerable dependency paths
    +
    2041 dependencies

    @@ -850,7 +850,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.46.1 google.golang.org/grpc@1.59.0 @@ -910,7 +910,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 k8s.io/client-go/tools/cache@0.26.11 @@ -1030,7 +1030,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 google.golang.org/api/chat/v1@0.132.0 @@ -1130,7 +1130,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 @@ -1317,7 +1317,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/cache@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 k8s.io/kubectl/pkg/util/openapi@0.26.11 @@ -1334,7 +1334,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 k8s.io/kubectl/pkg/util/openapi@0.26.11 @@ -1351,7 +1351,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 k8s.io/kubectl/pkg/util/openapi@0.26.11 @@ -1368,7 +1368,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 k8s.io/client-go/listers/core/v1@0.26.11 @@ -1385,7 +1385,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 k8s.io/client-go/tools/clientcmd@0.26.11 @@ -1487,9 +1487,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 google.golang.org/api/chat/v1@0.132.0 @@ -1504,9 +1504,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 google.golang.org/api/chat/v1@0.132.0 @@ -1559,7 +1559,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/ignore@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 @@ -1578,7 +1578,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 @@ -1597,7 +1597,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/testing@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/utils/testing@#fbecbb86e412 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 @@ -1692,7 +1692,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/health@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 @@ -1882,9 +1882,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/health@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 k8s.io/kubectl/pkg/util/openapi@0.26.11 @@ -1901,9 +1901,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 k8s.io/kubectl/pkg/util/openapi@0.26.11 @@ -1996,11 +1996,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 google.golang.org/api/chat/v1@0.132.0 @@ -2015,11 +2015,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 google.golang.org/api/chat/v1@0.132.0 @@ -2034,7 +2034,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/diff@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 @@ -2139,11 +2139,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 @@ -2160,7 +2160,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 k8s.io/client-go/tools/cache@0.26.11 @@ -2286,7 +2286,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 google.golang.org/api/chat/v1@0.132.0 @@ -2328,7 +2328,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 k8s.io/client-go/listers/core/v1@0.26.11 @@ -2462,9 +2462,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 google.golang.org/api/chat/v1@0.132.0 @@ -2485,7 +2485,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/diff@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 k8s.io/kubectl/pkg/cmd/util@0.26.11 @@ -2508,13 +2508,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 k8s.io/kubectl/pkg/util/openapi@0.26.11 @@ -2531,13 +2531,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 k8s.io/kubectl/pkg/util/openapi@0.26.11 @@ -2600,9 +2600,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 google.golang.org/api/chat/v1@0.132.0 @@ -2673,7 +2673,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 k8s.io/client-go/tools/clientcmd@0.26.11 @@ -2748,7 +2748,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#fbecbb86e412 k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 @@ -2823,11 +2823,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 google.golang.org/api/chat/v1@0.132.0 @@ -2848,15 +2848,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/ignore@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/sync/hook@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/sync/common@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 k8s.io/kubectl/pkg/util/openapi@0.26.11 @@ -2923,11 +2923,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 google.golang.org/api/chat/v1@0.132.0 @@ -2948,7 +2948,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/cache@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 k8s.io/kubectl/pkg/util/openapi@0.26.11 @@ -2975,7 +2975,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 k8s.io/kubectl/pkg/util/openapi@0.26.11 @@ -3002,7 +3002,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube@#5fd9f449e757 + github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 k8s.io/kubectl/pkg/util/openapi@0.26.11 @@ -3127,6 +3127,7 @@

    Remediation

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    References

    -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 - - google.golang.org/protobuf/types/known/structpb@1.31.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2/apierror@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/internal/gensupport@0.132.0 - - github.com/googleapis/gax-go/v2@2.12.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - google.golang.org/grpc/internal/pretty@1.59.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/whilp/git-urls -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/whilp/git-urls is a Git URLs parser

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    -

    Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    -

    PoC

    - 
    
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for github.com/whilp/git-urls.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    MPL-2.0 license

    @@ -6208,7 +3373,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -6230,9 +3395,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -6243,9 +3408,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -6256,7 +3421,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -6269,11 +3434,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -6284,11 +3449,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -6299,9 +3464,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -6314,9 +3479,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -6329,11 +3494,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -6346,11 +3511,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -6449,7 +3614,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -6464,9 +3629,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -6481,9 +3646,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -6498,11 +3663,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -6517,11 +3682,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 diff --git a/docs/snyk/v2.11.0-rc1/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/v2.11.2/ghcr.io_dexidp_dex_v2.38.0.html similarity index 77% rename from docs/snyk/v2.11.0-rc1/ghcr.io_dexidp_dex_v2.38.0.html rename to docs/snyk/v2.11.2/ghcr.io_dexidp_dex_v2.38.0.html index 48c1c4223be7f..16ae63ba60417 100644 --- a/docs/snyk/v2.11.0-rc1/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/v2.11.2/ghcr.io_dexidp_dex_v2.38.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:20:05 am (UTC+00:00)

    +

    May 26th 2024, 12:18:25 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    29 known vulnerabilities
    -
    71 vulnerable dependency paths
    +
    34 known vulnerabilities
    +
    98 vulnerable dependency paths
    829 dependencies
    @@ -546,6 +546,7 @@

    Remediation

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    References

    @@ -865,6 +870,7 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
  • https://www.openssl.org/news/secadv/20240125.txt
  • https://security.netapp.com/advisory/ntap-20240208-0006/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • @@ -2505,6 +2511,438 @@

    References

    More about this vulnerability

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.19 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    +

    Remediation

    +

    Upgrade Alpine:3.19 busybox to version 1.36.1-r16 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Use After Free

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.19 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

    +

    Remediation

    +

    Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Use After Free

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.19 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    +

    Remediation

    +

    Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Use After Free

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.19 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

    +

    Remediation

    +

    Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-6237

    @@ -2621,9 +3059,38 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    @@ -2773,6 +3240,8 @@

    References

  • https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
  • https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
  • https://www.openssl.org/news/secadv/20240408.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/04/08/5
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0013/
    • @@ -2782,6 +3251,164 @@

    References

    +
    +

    CVE-2024-4603

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.19 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + openssl/libcrypto3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + openssl/libssl3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.38.0 + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DSA keys or parameters may be very + slow.

    +

    Impact summary: Applications that use the functions EVP_PKEY_param_check() + or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may + experience long delays. Where the key or parameters that are being checked + have been obtained from an untrusted source this may lead to a Denial of + Service.

    +

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform + various checks on DSA parameters. Some of those computations take a long time + if the modulus (p parameter) is too large.

    +

    Trying to use a very large modulus is slow and OpenSSL will not allow using + public keys with a modulus which is over 10,000 bits in length for signature + verification. However the key and parameter check functions do not limit + the modulus size when performing the checks.

    +

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() + and supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

    +

    These functions are not called by OpenSSL itself on untrusted DSA keys so + only applications that directly call these functions may be vulnerable.

    +

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications + when using the -check option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.11.0-rc1/haproxy_2.6.14-alpine.html b/docs/snyk/v2.11.2/haproxy_2.6.14-alpine.html similarity index 79% rename from docs/snyk/v2.11.0-rc1/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.11.2/haproxy_2.6.14-alpine.html index bcdb241407f75..c8004911a599e 100644 --- a/docs/snyk/v2.11.0-rc1/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.11.2/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:20:08 am (UTC+00:00)

    +

    May 26th 2024, 12:18:30 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    8 known vulnerabilities
    +
    68 vulnerable dependency paths
    18 dependencies
    @@ -851,6 +851,7 @@

    References

  • https://www.openssl.org/news/secadv/20231106.txt
  • http://www.openwall.com/lists/oss-security/2023/11/06/2
  • https://security.netapp.com/advisory/ntap-20231130-0010/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • @@ -1036,6 +1037,10 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -1211,6 +1216,7 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
  • https://www.openssl.org/news/secadv/20240125.txt
  • https://security.netapp.com/advisory/ntap-20240208-0006/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • @@ -1219,6 +1225,114 @@

    References

    More about this vulnerability

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/busybox@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r2 + + busybox/busybox@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/busybox-binsh@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    +

    Remediation

    +

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-6237

    @@ -1357,9 +1471,38 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    @@ -1531,6 +1674,8 @@

    References

  • https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
  • https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
  • https://www.openssl.org/news/secadv/20240408.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/04/08/5
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0013/
    • @@ -1540,6 +1685,186 @@

    References

    +
    +

    CVE-2024-4603

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DSA keys or parameters may be very + slow.

    +

    Impact summary: Applications that use the functions EVP_PKEY_param_check() + or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may + experience long delays. Where the key or parameters that are being checked + have been obtained from an untrusted source this may lead to a Denial of + Service.

    +

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform + various checks on DSA parameters. Some of those computations take a long time + if the modulus (p parameter) is too large.

    +

    Trying to use a very large modulus is slow and OpenSSL will not allow using + public keys with a modulus which is over 10,000 bits in length for signature + verification. However the key and parameter check functions do not limit + the modulus size when performing the checks.

    +

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() + and supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

    +

    These functions are not called by OpenSSL itself on untrusted DSA keys so + only applications that directly call these functions may be vulnerable.

    +

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications + when using the -check option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.10.6/quay.io_argoproj_argocd_v2.10.6.html b/docs/snyk/v2.11.2/quay.io_argoproj_argocd_v2.11.2.html similarity index 81% rename from docs/snyk/v2.10.6/quay.io_argoproj_argocd_v2.10.6.html rename to docs/snyk/v2.11.2/quay.io_argoproj_argocd_v2.11.2.html index 3f893f7eccd31..35a6842410700 100644 --- a/docs/snyk/v2.10.6/quay.io_argoproj_argocd_v2.10.6.html +++ b/docs/snyk/v2.11.2/quay.io_argoproj_argocd_v2.11.2.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    April 14th 2024, 12:22:41 am (UTC+00:00)

    +

    May 26th 2024, 12:18:49 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.10.6/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.6//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.6/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.6/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.11.2/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.11.2/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.11.2//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.11.2/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.11.2/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    35 known vulnerabilities
    -
    179 vulnerable dependency paths
    -
    2275 dependencies
    +
    27 known vulnerabilities
    +
    161 vulnerable dependency paths
    +
    2280 dependencies
    @@ -492,7 +492,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -547,6 +547,7 @@

    Remediation

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    References

      +
    • Github Commit
    • GitHub Commit
    • GitHub Issue
    • Go Advisory
      • @@ -571,7 +572,7 @@

      CVE-2020-22916

      • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -584,7 +585,7 @@

        CVE-2020-22916

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.11.2 and xz-utils/liblzma5@5.2.5-2ubuntu1
      @@ -597,7 +598,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -634,82 +635,6 @@

        References

        More about this vulnerability

    • -
    -
    -

    CVE-2023-51767

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - openssh/openssh-client -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.6 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssh.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Information Exposure

    @@ -723,7 +648,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -736,7 +661,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.11.2 and libgcrypt20@1.9.4-3ubuntu3
    @@ -749,7 +674,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 libgcrypt20@1.9.4-3ubuntu3 @@ -758,7 +683,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -769,7 +694,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -780,7 +705,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 apt@2.4.12 @@ -793,7 +718,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 apt@2.4.12 @@ -806,7 +731,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -819,7 +744,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -832,7 +757,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -845,7 +770,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -858,7 +783,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -871,7 +796,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -884,7 +809,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 apt@2.4.12 @@ -914,6 +839,7 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • +
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -924,7 +850,7 @@

    References

    -

    CVE-2024-26461

    +

    CVE-2024-26462

    @@ -935,7 +861,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -948,7 +874,7 @@

      CVE-2024-26461

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.11.2 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -961,7 +887,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -970,7 +896,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 adduser@3.118ubuntu5 @@ -991,7 +917,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 adduser@3.118ubuntu5 @@ -1014,7 +940,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1023,7 +949,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 adduser@3.118ubuntu5 @@ -1044,7 +970,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1053,9 +979,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1064,7 +990,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 git@1:2.34.1-1ubuntu1.10 @@ -1077,7 +1003,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 git@1:2.34.1-1ubuntu1.10 @@ -1092,7 +1018,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 adduser@3.118ubuntu5 @@ -1111,7 +1037,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1127,24 +1053,25 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

      +

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

      Remediation

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-26462

    +

    LGPL-3.0 license

    @@ -1155,20 +1082,20 @@

    CVE-2024-26462

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - krb5/libk5crypto3 + gopkg.in/retry.v1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
    @@ -1181,159 +1108,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + github.com/argoproj/argo-cd/v2@* - krb5/libkrb5support0@1.19.2-2ubuntu0.3 + gopkg.in/retry.v1@v1.0.3 @@ -1344,27 +1121,17 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      -

      References

      - +

      LGPL-3.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-26458

    +

    MPL-2.0 license

    @@ -1375,20 +1142,20 @@

    CVE-2024-26458

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - krb5/libk5crypto3 + github.com/r3labs/diff
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
    @@ -1401,159 +1168,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + github.com/argoproj/argo-cd/v2@* - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 + github.com/r3labs/diff@v1.1.0 @@ -1564,27 +1181,17 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    LGPL-3.0 license

    +

    MPL-2.0 license

    @@ -1595,7 +1202,7 @@

    LGPL-3.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1603,12 +1210,12 @@

      LGPL-3.0 license

    • Module: - gopkg.in/retry.v1 + github.com/hashicorp/go-version
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1
    @@ -1623,7 +1230,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - gopkg.in/retry.v1@v1.0.3 + github.com/hashicorp/go-version@v1.2.1 @@ -1634,17 +1241,17 @@

    Detailed paths

    -

    LGPL-3.0 license

    +

    MPL-2.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Infinite loop

    +

    MPL-2.0 license

    @@ -1655,20 +1262,20 @@

    Infinite loop

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Vulnerable module: + Module: - google.golang.org/protobuf/internal/encoding/json + github.com/hashicorp/go-retryablehttp
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4
    @@ -1683,7 +1290,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - google.golang.org/protobuf/internal/encoding/json@v1.31.0 + github.com/hashicorp/go-retryablehttp@v0.7.4 @@ -1694,28 +1301,17 @@

    Detailed paths

    -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - +

    MPL-2.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Stack-based Buffer Overflow

    +

    MPL-2.0 license

    @@ -1726,20 +1322,20 @@

    Stack-based Buffer Overflow

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.2/helm/v3 /usr/local/bin/helm
    • Package Manager: golang
    • - Vulnerable module: + Module: - google.golang.org/protobuf/encoding/protojson + github.com/hashicorp/go-multierror
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
    @@ -1752,9 +1348,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - google.golang.org/protobuf/encoding/protojson@v1.31.0 + github.com/hashicorp/go-multierror@v1.1.1 @@ -1765,25 +1361,17 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

      -

      Remediation

      -

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Infinite loop

    +

    MPL-2.0 license

    @@ -1794,20 +1382,20 @@

    Infinite loop

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Vulnerable module: + Module: - google.golang.org/protobuf/encoding/protojson + github.com/hashicorp/go-cleanhttp
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
    @@ -1822,7 +1410,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - google.golang.org/protobuf/encoding/protojson@v1.31.0 + github.com/hashicorp/go-cleanhttp@v0.5.2 @@ -1833,28 +1421,17 @@

    Detailed paths

    -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - +

    MPL-2.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Authentication Bypass by Capture-replay

    +

    MPL-2.0 license

    @@ -1865,20 +1442,20 @@

    Authentication Bypass by Capture-replay

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Vulnerable module: + Module: - golang.org/x/crypto/ssh + github.com/gosimple/slug
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0 + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1
    @@ -1893,7 +1470,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - golang.org/x/crypto/ssh@v0.16.0 + github.com/gosimple/slug@v1.13.1 @@ -1904,63 +1481,28 @@

    Detailed paths

    -

    Overview

    -

    golang.org/x/crypto/ssh is a SSH client and server

    -

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    -

    Note:

    -
      -

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      -
      2. -

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      -
      3. -
    -

    Impact:

    -

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    -

    Workaround

    -

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    -

    Remediation

    -

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    -

    References

    - +

    MPL-2.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    Information Exposure

    +
    +

    CVE-2023-7008

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1968,12 +1510,12 @@

      Information Exposure

    • Vulnerable module: - gnutls28/libgnutls30 + systemd/libsystemd0
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + docker-image|quay.io/argoproj/argocd@v2.11.2 and systemd/libsystemd0@249.11-0ubuntu3.12
    @@ -1986,74 +1528,110 @@

    Detailed paths

    -
    -

    Uncaught Exception

    +
    +

    Arbitrary Code Injection

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2107,12 +1688,12 @@

      Uncaught Exception

    • Vulnerable module: - gnutls28/libgnutls30 + shadow/passwd
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + docker-image|quay.io/argoproj/argocd@v2.11.2 and shadow/passwd@1:4.8.1-2ubuntu2.2
    @@ -2125,74 +1706,40 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.11.2 - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + shadow/passwd@1:4.8.1-2ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - git@1:2.34.1-1ubuntu1.10 + docker-image|quay.io/argoproj/argocd@v2.11.2 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + adduser@3.118ubuntu5 - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + shadow/passwd@1:4.8.1-2ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + docker-image|quay.io/argoproj/argocd@v2.11.2 - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + shadow/passwd@1:4.8.1-2ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + docker-image|quay.io/argoproj/argocd@v2.11.2 - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + shadow/login@1:4.8.1-2ubuntu2.2 @@ -2204,52 +1751,53 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

      +

      In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 gnutls28.

      +

      There is no fixed version for Ubuntu:22.04 shadow.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    MPL-2.0 license

    +
    +

    Uncontrolled Recursion

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/r3labs/diff + pcre3/libpcre3
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + docker-image|quay.io/argoproj/argocd@v2.11.2 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -2262,69 +1810,20 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.11.2 - github.com/r3labs/diff@v1.1.0 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    -
    -

    MPL-2.0 license

    +
    +

    Release of Invalid Pointer or Reference

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-retryablehttp + patch
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 + docker-image|quay.io/argoproj/argocd@v2.11.2 and patch@2.7.6-7build2
    @@ -2382,9 +1898,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.11.2 - github.com/hashicorp/go-retryablehttp@v0.7.4 + patch@2.7.6-7build2 @@ -2395,41 +1911,51 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 patch.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    MPL-2.0 license

    +
    +

    Double Free

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-multierror + patch
    • Introduced through: - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 + docker-image|quay.io/argoproj/argocd@v2.11.2 and patch@2.7.6-7build2
    @@ -2442,9 +1968,9 @@

    Detailed paths

    -
    -

    MPL-2.0 license

    +
    +

    CVE-2023-50495

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-cleanhttp + ncurses/libtinfo6
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + docker-image|quay.io/argoproj/argocd@v2.11.2 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -2502,299 +2043,200 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.11.2 - github.com/hashicorp/go-cleanhttp@v0.5.2 + ncurses/libtinfo6@6.3-2ubuntu0.1
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.11.2 - github.com/gosimple/slug@v1.13.1 + bash@5.1-6ubuntu1.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.11.2 - github.com/go-jose/go-jose/v3@v3.0.1 + ncurses/libncursesw6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-7008

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - systemd/libsystemd0 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.6 and systemd/libsystemd0@249.11-0ubuntu3.12 - -
      • -
    - -
    - +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + less@590-1ubuntu0.22.04.3 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + libedit/libedit2@3.1-20210910-1build1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
      +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libncurses6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - apt@2.4.12 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - procps/libprocps8@2:3.3.17-6ubuntu2.1 + procps@2:3.3.17-6ubuntu2.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - util-linux@2.37.2-4ubuntu3.3 + util-linux@2.37.2-4ubuntu3.4 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - util-linux/bsdutils@1:2.37.2-4ubuntu3.3 + gnupg2/gpg@2.2.27-3ubuntu2.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + readline/libreadline8@8.1.2-1 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - apt@2.4.12 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - apt/libapt-pkg6.0@2.4.12 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - systemd/libudev1@249.11-0ubuntu3.12 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - libfido2/libfido2-1@1.10.0-1 + procps@2:3.3.17-6ubuntu2.1 - systemd/libudev1@249.11-0ubuntu3.12 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - util-linux@2.37.2-4ubuntu3.3 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - systemd/libudev1@249.11-0ubuntu3.12 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - apt@2.4.12 + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 - apt/libapt-pkg6.0@2.4.12 + procps@2:3.3.17-6ubuntu2.1 - systemd/libudev1@249.11-0ubuntu3.12 + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + ncurses/ncurses-base@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -2806,31 +2248,29 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

      +

      NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 systemd.

      +

      There is no fixed version for Ubuntu:22.04 ncurses.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • -

    Arbitrary Code Injection

    +

    CVE-2023-45918

    @@ -2841,7 +2281,7 @@

    Arbitrary Code Injection

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2849,12 +2289,12 @@

      Arbitrary Code Injection

    • Vulnerable module: - shadow/passwd + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.11.2 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -2867,201 +2307,200 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - adduser@3.118ubuntu5 + bash@5.1-6ubuntu1.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + ncurses/libncursesw6@6.3-2ubuntu0.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - shadow/login@1:4.8.1-2ubuntu2.2 + less@590-1ubuntu0.22.04.3 + + ncurses/libtinfo6@6.3-2ubuntu0.1
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + libedit/libedit2@3.1-20210910-1build1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + ncurses/libncurses6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + ncurses/ncurses-bin@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + - pcre3/libpcre3 -
      • + +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
    • Introduced through: +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + util-linux@2.37.2-4ubuntu3.4 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + - docker-image|quay.io/argoproj/argocd@v2.10.6 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + readline/libreadline8@8.1.2-1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
      • -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + -
      +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + ncurses/libncurses6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - grep@3.7-1build1 + procps@2:3.3.17-6ubuntu2.1 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + ncurses/libncurses6@6.3-2ubuntu0.1
      • -
    - -
    • - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 pcre3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.6 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.2 + + ncurses/ncurses-base@6.3-2ubuntu0.1 + + -
    • -

    Double Free

    +

    Resource Exhaustion

    @@ -3103,7 +2543,7 @@

    Double Free

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3111,12 +2551,12 @@

      Double Free

    • Vulnerable module: - patch + libzstd/libzstd1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.11.2 and libzstd/libzstd1@1.4.8+dfsg-3build1
    @@ -3129,9 +2569,9 @@

    Detailed paths

    -

    CVE-2023-50495

    +

    Integer Overflow or Wraparound

    @@ -3178,7 +2620,7 @@

    CVE-2023-50495

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3186,12 +2628,12 @@

      CVE-2023-50495

    • Vulnerable module: - ncurses/libtinfo6 + krb5/libk5crypto3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.11.2 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3204,200 +2646,159 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - bash@5.1-6ubuntu1.1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncursesw6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + libnsl/libnsl2@1.3.0-2build2 - less@590-1ubuntu0.22.04.2 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - libedit/libedit2@3.1-20210910-1build1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncurses6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + libnsl/libnsl2@1.3.0-2build2 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - procps@2:3.3.17-6ubuntu2.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - util-linux@2.37.2-4ubuntu3.3 + docker-image|quay.io/argoproj/argocd@v2.11.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + adduser@3.118ubuntu5 - readline/libreadline8@8.1.2-1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + pam/libpam-modules@1.4.0-11ubuntu2.4 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + libnsl/libnsl2@1.3.0-2build2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - pinentry/pinentry-curses@1.1.1-1build2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - procps@2:3.3.17-6ubuntu2.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.11.2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + git@1:2.34.1-1ubuntu1.10 - pinentry/pinentry-curses@1.1.1-1build2 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + git@1:2.34.1-1ubuntu1.10 - procps@2:3.3.17-6ubuntu2.1 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncurses6@6.3-2ubuntu0.1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 - ncurses/ncurses-base@6.3-2ubuntu0.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -3409,29 +2810,30 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

      +

      An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 ncurses.

      +

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-45918

    +

    CVE-2024-26461

    @@ -3442,7 +2844,7 @@

    CVE-2023-45918

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3450,12 +2852,12 @@

      CVE-2023-45918

    • Vulnerable module: - ncurses/libtinfo6 + krb5/libk5crypto3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.11.2 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3468,271 +2870,159 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - bash@5.1-6ubuntu1.1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncursesw6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + libnsl/libnsl2@1.3.0-2build2 - less@590-1ubuntu0.22.04.2 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - libedit/libedit2@3.1-20210910-1build1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncurses6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + libnsl/libnsl2@1.3.0-2build2 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - procps@2:3.3.17-6ubuntu2.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - util-linux@2.37.2-4ubuntu3.3 + docker-image|quay.io/argoproj/argocd@v2.11.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - gnupg2/gpg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.11.2 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + adduser@3.118ubuntu5 - readline/libreadline8@8.1.2-1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + pam/libpam-modules@1.4.0-11ubuntu2.4 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + libnsl/libnsl2@1.3.0-2build2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - pinentry/pinentry-curses@1.1.1-1build2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - procps@2:3.3.17-6ubuntu2.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.11.2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + git@1:2.34.1-1ubuntu1.10 - pinentry/pinentry-curses@1.1.1-1build2 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + git@1:2.34.1-1ubuntu1.10 - procps@2:3.3.17-6ubuntu2.1 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - ncurses/ncurses-base@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Resource Exhaustion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libzstd/libzstd1 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.6 and libzstd/libzstd1@1.4.8+dfsg-3build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    -

    Integer Overflow or Wraparound

    +

    CVE-2024-26458

    @@ -3781,7 +3065,7 @@

    Integer Overflow or Wraparound

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3794,7 +3078,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.11.2 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3807,7 +3091,7 @@

    Detailed paths

    @@ -4005,7 +3286,7 @@

    Out-of-bounds Write

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -4018,7 +3299,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.11.2 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -4031,7 +3312,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4040,7 +3321,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 apt@2.4.12 @@ -4051,7 +3332,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4062,7 +3343,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4073,7 +3354,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4084,7 +3365,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4097,7 +3378,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4110,7 +3391,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4119,7 +3400,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4130,7 +3411,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4143,7 +3424,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -4152,7 +3433,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4163,7 +3444,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4172,7 +3453,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4183,7 +3464,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4192,7 +3473,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4203,7 +3484,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4216,7 +3497,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4229,7 +3510,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4238,7 +3519,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4249,7 +3530,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4262,7 +3543,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4275,7 +3556,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4284,7 +3565,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4295,7 +3576,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4304,7 +3585,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4315,7 +3596,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4324,7 +3605,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4335,7 +3616,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4384,7 +3665,7 @@

      Allocation of Resources Without Limits or Throttling

    • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -4397,7 +3678,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and glibc/libc-bin@2.35-0ubuntu3.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 and glibc/libc-bin@2.35-0ubuntu3.7
    @@ -4410,18 +3691,18 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - glibc/libc-bin@2.35-0ubuntu3.6 + glibc/libc-bin@2.35-0ubuntu3.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 - glibc/libc6@2.35-0ubuntu3.6 + glibc/libc6@2.35-0ubuntu3.7 @@ -4465,7 +3746,7 @@

      Improper Input Validation

      • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -4479,7 +3760,7 @@

        Improper Input Validation

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.11.2, git@1:2.34.1-1ubuntu1.10 and others
      @@ -4491,7 +3772,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 git@1:2.34.1-1ubuntu1.10 @@ -4502,7 +3783,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 git@1:2.34.1-1ubuntu1.10 @@ -4511,7 +3792,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 git-lfs@3.0.2-1ubuntu0.2 @@ -4558,7 +3839,7 @@

        Uncontrolled Recursion

        • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -4571,7 +3852,7 @@

          Uncontrolled Recursion

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.11.2 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
        @@ -4584,7 +3865,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4593,7 +3874,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 apt@2.4.12 @@ -4604,7 +3885,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 apt@2.4.12 @@ -4617,7 +3898,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4626,7 +3907,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4673,7 +3954,7 @@

          Improper Input Validation

          • - Manifest file: quay.io/argoproj/argocd:v2.10.6/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.11.2/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -4686,7 +3967,7 @@

            Improper Input Validation

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.11.2 and coreutils@8.32-4.1ubuntu1.2
          @@ -4699,7 +3980,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.6 + docker-image|quay.io/argoproj/argocd@v2.11.2 coreutils@8.32-4.1ubuntu1.2 diff --git a/docs/snyk/v2.11.2/redis_7.0.14-alpine.html b/docs/snyk/v2.11.2/redis_7.0.14-alpine.html new file mode 100644 index 0000000000000..3a21ad48629a4 --- /dev/null +++ b/docs/snyk/v2.11.2/redis_7.0.14-alpine.html @@ -0,0 +1,1813 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
            +
            +
            +
            + + + Snyk - Open Source Security + + + + + + + +
            +

            Snyk test report

            + +

            May 26th 2024, 12:18:55 am (UTC+00:00)

            +
            +
            + Scanned the following paths: +
              +
            • redis:7.0.14-alpine (apk)
              • +
            • redis:7.0.14-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
              • +
            +
            + +
            +
            9 known vulnerabilities
            +
            65 vulnerable dependency paths
            +
            19 dependencies
            +
            +
            +
            +
            + +
            +
            +
            +

            Out-of-bounds Write

            +
            + +
            + medium severity +
            + +
            + +
              +
            • + Package Manager: alpine:3.19 +
              • +
            • + Vulnerable module: + + openssl/libcrypto3 +
              • + +
            • Introduced through: + + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + +
              • +
            + +
            + + +

            Detailed paths

            + +
              +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            + +
            + +
            + +

            NVD Description

            +

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

            +

            Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

            +

            Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

            +

            The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

            +

            The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

            +

            The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

            +

            Remediation

            +

            Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

            +

            References

            + + +
            + +
            +

            More about this vulnerability

            +
            + +
            +
            +

            CVE-2024-0727

            +
            + +
            + medium severity +
            + +
            + +
              +
            • + Package Manager: alpine:3.19 +
              • +
            • + Vulnerable module: + + openssl/libcrypto3 +
              • + +
            • Introduced through: + + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + +
              • +
            + +
            + + +

            Detailed paths

            + +
              +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            + +
            + +
            + +

            NVD Description

            +

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

            +

            Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

            +

            Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

            +

            A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

            +

            OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

            +

            We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

            +

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

            +

            Remediation

            +

            Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

            +

            References

            + + +
            + +
            +

            More about this vulnerability

            +
            + +
            +
            +

            Out-of-bounds Write

            +
            + +
            + medium severity +
            + +
            + +
              +
            • + Package Manager: alpine:3.19 +
              • +
            • + Vulnerable module: + + busybox/busybox +
              • + +
            • Introduced through: + + docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 + +
              • +
            + +
            + + +

            Detailed paths

            + +
              +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/busybox@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/busybox-binsh@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + + +
              • +
            + +
            + +
            + +

            NVD Description

            +

            Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

            +

            A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

            +

            Remediation

            +

            Upgrade Alpine:3.19 busybox to version 1.36.1-r16 or higher.

            +

            References

            + + +
            + +
            +

            More about this vulnerability

            +
            + +
            +
            +

            Use After Free

            +
            + +
            + medium severity +
            + +
            + +
              +
            • + Package Manager: alpine:3.19 +
              • +
            • + Vulnerable module: + + busybox/busybox +
              • + +
            • Introduced through: + + docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 + +
              • +
            + +
            + + +

            Detailed paths

            + +
              +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/busybox@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/busybox-binsh@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + + +
              • +
            + +
            + +
            + +

            NVD Description

            +

            Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

            +

            A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

            +

            Remediation

            +

            Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

            +

            References

            + + +
            + +
            +

            More about this vulnerability

            +
            + +
            +
            +

            Use After Free

            +
            + +
            + medium severity +
            + +
            + +
              +
            • + Package Manager: alpine:3.19 +
              • +
            • + Vulnerable module: + + busybox/busybox +
              • + +
            • Introduced through: + + docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 + +
              • +
            + +
            + + +

            Detailed paths

            + +
              +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/busybox@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/busybox-binsh@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + + +
              • +
            + +
            + +
            + +

            NVD Description

            +

            Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

            +

            A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

            +

            Remediation

            +

            Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

            +

            References

            + + +
            + +
            +

            More about this vulnerability

            +
            + +
            +
            +

            Use After Free

            +
            + +
            + medium severity +
            + +
            + +
              +
            • + Package Manager: alpine:3.19 +
              • +
            • + Vulnerable module: + + busybox/busybox +
              • + +
            • Introduced through: + + docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 + +
              • +
            + +
            + + +

            Detailed paths

            + +
              +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/busybox@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + busybox/busybox@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/busybox-binsh@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r2 + + busybox/busybox-binsh@1.36.1-r15 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + + +
              • +
            + +
            + +
            + +

            NVD Description

            +

            Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

            +

            A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

            +

            Remediation

            +

            Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

            +

            References

            + + +
            + +
            +

            More about this vulnerability

            +
            + +
            +
            +

            CVE-2023-6237

            +
            + +
            + low severity +
            + +
            + +
              +
            • + Package Manager: alpine:3.19 +
              • +
            • + Vulnerable module: + + openssl/libcrypto3 +
              • + +
            • Introduced through: + + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + +
              • +
            + +
            + + +

            Detailed paths

            + +
              +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            + +
            + +
            + +

            NVD Description

            +

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

            +

            Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

            +

            Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

            +

            When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

            +

            An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

            +

            The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

            +

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            +

            The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

            +

            Remediation

            +

            Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

            +

            References

            + + +
            + +
            +

            More about this vulnerability

            +
            + +
            +
            +

            CVE-2024-2511

            +
            + +
            + low severity +
            + +
            + +
              +
            • + Package Manager: alpine:3.19 +
              • +
            • + Vulnerable module: + + openssl/libcrypto3 +
              • + +
            • Introduced through: + + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + +
              • +
            + +
            + + +

            Detailed paths

            + +
              +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            + +
            + +
            + +

            NVD Description

            +

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

            +

            Issue summary: Some non-default TLS server configurations can cause unbounded + memory growth when processing TLSv1.3 sessions

            +

            Impact summary: An attacker may exploit certain server configurations to trigger + unbounded memory growth that would lead to a Denial of Service

            +

            This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is + being used (but not if early_data support is also configured and the default + anti-replay protection is in use). In this case, under certain conditions, the + session cache can get into an incorrect state and it will fail to flush properly + as it fills. The session cache will continue to grow in an unbounded manner. A + malicious client could deliberately create the scenario for this failure to + force a Denial of Service. It may also happen by accident in normal operation.

            +

            This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS + clients.

            +

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL + 1.0.2 is also not affected by this issue.

            +

            Remediation

            +

            Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

            +

            References

            + + +
            + +
            +

            More about this vulnerability

            +
            + +
            +
            +

            CVE-2024-4603

            +
            + +
            + low severity +
            + +
            + +
              +
            • + Package Manager: alpine:3.19 +
              • +
            • + Vulnerable module: + + openssl/libcrypto3 +
              • + +
            • Introduced through: + + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + +
              • +
            + +
            + + +

            Detailed paths

            + +
              +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + openssl/libcrypto3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + .redis-rundeps@20231208.201137 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            • + Introduced through: + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 + + + +
              • +
            + +
            + +
            + +

            NVD Description

            +

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

            +

            Issue summary: Checking excessively long DSA keys or parameters may be very + slow.

            +

            Impact summary: Applications that use the functions EVP_PKEY_param_check() + or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may + experience long delays. Where the key or parameters that are being checked + have been obtained from an untrusted source this may lead to a Denial of + Service.

            +

            The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform + various checks on DSA parameters. Some of those computations take a long time + if the modulus (p parameter) is too large.

            +

            Trying to use a very large modulus is slow and OpenSSL will not allow using + public keys with a modulus which is over 10,000 bits in length for signature + verification. However the key and parameter check functions do not limit + the modulus size when performing the checks.

            +

            An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() + and supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

            +

            These functions are not called by OpenSSL itself on untrusted DSA keys so + only applications that directly call these functions may be vulnerable.

            +

            Also vulnerable are the OpenSSL pkey and pkeyparam command line applications + when using the -check option.

            +

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            +

            The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

            +

            Remediation

            +

            Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

            +

            References

            + + +
            + +
            +

            More about this vulnerability

            +
            + +
            +
            +
            +
            + + + diff --git a/docs/snyk/v2.8.15/argocd-iac-namespace-install.html b/docs/snyk/v2.8.15/argocd-iac-namespace-install.html deleted file mode 100644 index eb2cc5db68f5c..0000000000000 --- a/docs/snyk/v2.8.15/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2575 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
            -
            -
            -
            - - - Snyk - Open Source Security - - - - - - - -
            -

            Snyk test report

            - -

            April 14th 2024, 12:28:26 am (UTC+00:00)

            -
            -
            - Scanned the following path: -
              -
            • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
              • -
            -
            - -
            -
            38 total issues
            -
            -
            -
            -
            - -
            - - - - - - -
            Project manifests/namespace-install.yaml
            Path /argo-cd/manifests/namespace-install.yaml
            Project Type Kubernetes
            -
            -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 7] - - rules[0] - - resources - -
              • - -
            • - Line number: 77 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 8] - - rules[4] - - resources - -
              • - -
            • - Line number: 154 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 9] - - rules[0] - - resources - -
              • - -
            • - Line number: 182 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 10] - - rules[1] - - resources - -
              • - -
            • - Line number: 212 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 10] - - rules[3] - - resources - -
              • - -
            • - Line number: 230 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 11] - - rules[0] - - resources - -
              • - -
            • - Line number: 246 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container could be running with outdated image

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-42 -
              • - -
            • Introduced through: - [DocId: 38] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
              • - -
            • - Line number: 1267 -
              • -
            - -
            - -

            Impact

            -

            The container may run with outdated or unauthorized image

            - -

            Remediation

            -

            Set `imagePullPolicy` attribute to `Always`

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 624 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 857 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 823 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 917 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 1010 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 1267 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 1067 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 1352 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 1674 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running with multiple open ports

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-36 -
              • - -
            • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[dex] - - ports - -
              • - -
            • - Line number: 837 -
              • -
            - -
            - -

            Impact

            -

            Increases the attack surface of the application and the container.

            - -

            Remediation

            -

            Reduce `ports` count to 2

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without liveness probe

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-41 -
              • - -
            • Introduced through: - [DocId: 34] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
              • - -
            • - Line number: 624 -
              • -
            - -
            - -

            Impact

            -

            Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

            - -

            Remediation

            -

            Add `livenessProbe` attribute

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without liveness probe

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-41 -
              • - -
            • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
              • - -
            • - Line number: 823 -
              • -
            - -
            - -

            Impact

            -

            Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

            - -

            Remediation

            -

            Add `livenessProbe` attribute

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without liveness probe

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-41 -
              • - -
            • Introduced through: - [DocId: 37] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
              • - -
            • - Line number: 1010 -
              • -
            - -
            - -

            Impact

            -

            Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

            - -

            Remediation

            -

            Add `livenessProbe` attribute

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
              • - -
            • - Line number: 624 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
              • - -
            • - Line number: 823 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
              • - -
            • - Line number: 857 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
              • - -
            • - Line number: 917 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
              • - -
            • - Line number: 1010 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
              • - -
            • - Line number: 1267 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
              • - -
            • - Line number: 1067 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
              • - -
            • - Line number: 1352 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
              • - -
            • - Line number: 1674 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 747 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 865 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 840 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 944 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 1020 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 1274 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 1240 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 1584 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 1822 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -
            - -
            - - - diff --git a/docs/snyk/v2.8.15/quay.io_argoproj_argocd_v2.8.15.html b/docs/snyk/v2.8.15/quay.io_argoproj_argocd_v2.8.15.html deleted file mode 100644 index b4599d5082c78..0000000000000 --- a/docs/snyk/v2.8.15/quay.io_argoproj_argocd_v2.8.15.html +++ /dev/null @@ -1,5067 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
            -
            -
            -
            - - - Snyk - Open Source Security - - - - - - - -
            -

            Snyk test report

            - -

            April 14th 2024, 12:27:05 am (UTC+00:00)

            -
            -
            - Scanned the following paths: -
              -
            • quay.io/argoproj/argocd:v2.8.15/argoproj/argocd/Dockerfile (deb)
              • -
            • quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
              • -
            • quay.io/argoproj/argocd:v2.8.15/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
              • -
            • quay.io/argoproj/argocd:v2.8.15/helm/v3//usr/local/bin/helm (gomodules)
              • -
            • quay.io/argoproj/argocd:v2.8.15/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
              • -
            -
            - -
            -
            39 known vulnerabilities
            -
            183 vulnerable dependency paths
            -
            2120 dependencies
            -
            -
            -
            -
            - -
            -
            -
            -

            Allocation of Resources Without Limits or Throttling

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - golang.org/x/net/http2 -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - golang.org/x/net/http2@v0.19.0 - - - -
              • -
            • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.8.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

            -

            Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

            -

            Remediation

            -

            Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Denial of Service (DoS)

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/helm/v3 /usr/local/bin/helm -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - golang.org/x/net/http2 -
              • - -
            • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.8.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

            -

            Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

            -

            Remediation

            -

            Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Denial of Service (DoS)

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

            -

            Details

            -

            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

            -

            Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

            -

            One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

            -

            When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

            -

            Two common types of DoS vulnerabilities:

            -
              -

            • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

              -
              • -

            • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

              -
              • -
            -

            Remediation

            -

            Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Directory Traversal

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/helm/v3 /usr/local/bin/helm -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - github.com/cyphar/filepath-securejoin -
              • - -
            • Introduced through: - - helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - helm.sh/helm/v3@* - - github.com/cyphar/filepath-securejoin@v0.2.3 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

            -

            Note: - This vulnerability is only exploitable on Windows OS.

            -

            Details

            -

            A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

            -

            Directory Traversal vulnerabilities can be generally divided into two types:

            -
              -
            • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
              • -
            -

            st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

            -

            If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

            - 
            curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
-
            -

            Note %2e is the URL encoded version of . (dot).

            -
              -
            • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
              • -
            -

            One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

            -

            The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

            - 
            2018-04-15 22:04:29 .....           19           19  good.txt
-        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
-
            -

            Remediation

            -

            Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2020-22916

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - xz-utils/liblzma5 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and xz-utils/liblzma5@5.2.5-2ubuntu1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - xz-utils/liblzma5@5.2.5-2ubuntu1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 xz-utils.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-51767

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - openssh/openssh-client -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 openssh.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Information Exposure

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - libgcrypt20 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and libgcrypt20@1.9.4-3ubuntu3 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - apt@2.4.12 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - libgcrypt20@1.9.4-3ubuntu3 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 libgcrypt20.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-26461

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - krb5/libk5crypto3 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 krb5.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-26462

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - krb5/libk5crypto3 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 krb5.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-26458

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - krb5/libk5crypto3 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 krb5.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            LGPL-3.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - gopkg.in/retry.v1 -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/retry.v1@v1.0.3 - - - -
              • -
            - -
            - -
            - -

            LGPL-3.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Infinite loop

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

            -

            Note:

            -

            This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

            -

            Remediation

            -

            Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Stack-based Buffer Overflow

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

            -

            Remediation

            -

            Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Infinite loop

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

            -

            Note:

            -

            This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

            -

            Remediation

            -

            Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Allocation of Resources Without Limits or Throttling

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/helm/v3 /usr/local/bin/helm -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - golang.org/x/net/http2 -
              • - -
            • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.8.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

            -

            Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

            -

            Note:

            -

            This issue is related to CVE-2023-44487

            -

            Remediation

            -

            Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Authentication Bypass by Capture-replay

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - golang.org/x/crypto/ssh -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - golang.org/x/crypto/ssh@v0.16.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            golang.org/x/crypto/ssh is a SSH client and server

            -

            Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

            -

            Note:

            -
              -

            1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

              -
              2. -

            2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

              -
              3. -
            -

            Impact:

            -

            While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

            -

            Workaround

            -

            Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

            -

            Remediation

            -

            Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Information Exposure

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - gnutls28/libgnutls30 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 gnutls28.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Uncaught Exception

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - gnutls28/libgnutls30 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 gnutls28.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/r3labs/diff -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/r3labs/diff@v1.1.0 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-version -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-version@v1.2.1 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-retryablehttp -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-retryablehttp@v0.7.4 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/helm/v3 /usr/local/bin/helm -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-multierror -
              • - -
            • Introduced through: - - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - helm.sh/helm/v3@* - - github.com/hashicorp/go-multierror@v1.1.1 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-cleanhttp -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/gosimple/slug -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/gosimple/slug@v1.13.1 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Handling of Highly Compressed Data (Data Amplification)

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argo-cd/v2 /usr/local/bin/argocd -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
              • - -
            • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

            -

            Remediation

            -

            Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-7008

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - systemd/libsystemd0 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and systemd/libsystemd0@249.11-0ubuntu3.12 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - apt@2.4.12 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - procps/libprocps8@2:3.3.17-6ubuntu2.1 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - util-linux@2.37.2-4ubuntu3.3 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - util-linux/bsdutils@1:2.37.2-4ubuntu3.3 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - libfido2/libfido2-1@1.10.0-1 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - util-linux@2.37.2-4ubuntu3.3 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - systemd/libudev1@249.11-0ubuntu3.12 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 systemd.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Arbitrary Code Injection

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - shadow/passwd -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and shadow/passwd@1:4.8.1-2ubuntu2.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - shadow/login@1:4.8.1-2ubuntu2.2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 shadow.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Uncontrolled Recursion

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - pcre3/libpcre3 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - grep@3.7-1build1 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 pcre3.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Release of Invalid Pointer or Reference

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - patch -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and patch@2.7.6-7build2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - patch@2.7.6-7build2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 patch.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Double Free

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - patch -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and patch@2.7.6-7build2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - patch@2.7.6-7build2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 patch.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-50495

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - ncurses/libtinfo6 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - less@590-1ubuntu0.22.04.2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - util-linux@2.37.2-4ubuntu3.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 ncurses.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-45918

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - ncurses/libtinfo6 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and ncurses/libtinfo6@6.3-2ubuntu0.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - less@590-1ubuntu0.22.04.2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - util-linux@2.37.2-4ubuntu3.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 ncurses.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Resource Exhaustion

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - libzstd/libzstd1 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and libzstd/libzstd1@1.4.8+dfsg-3build1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - libzstd/libzstd1@1.4.8+dfsg-3build1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 libzstd.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Integer Overflow or Wraparound

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - krb5/libk5crypto3 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 krb5.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Out-of-bounds Write

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - gnupg2/gpgv -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and gnupg2/gpgv@2.2.27-3ubuntu2.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - apt@2.4.12 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 gnupg2.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Allocation of Resources Without Limits or Throttling

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - glibc/libc-bin -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and glibc/libc-bin@2.35-0ubuntu3.6 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - glibc/libc-bin@2.35-0ubuntu3.6 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - glibc/libc6@2.35-0ubuntu3.6 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 glibc.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Input Validation

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - git/git-man -
              • - -
            • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.8.15, git@1:2.34.1-1ubuntu1.10 and others -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - git/git-man@1:2.34.1-1ubuntu1.10 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git@1:2.34.1-1ubuntu1.10 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - git-lfs@3.0.2-1ubuntu0.2 - - git@1:2.34.1-1ubuntu1.10 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 git.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Uncontrolled Recursion

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - gcc-12/libstdc++6 -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - apt@2.4.12 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - apt@2.4.12 - - apt/libapt-pkg6.0@2.4.12 - - gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 - - - -
              • -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 gcc-12.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Input Validation

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Manifest file: quay.io/argoproj/argocd:v2.8.15/argoproj/argocd Dockerfile -
              • -
            • - Package Manager: ubuntu:22.04 -
              • -
            • - Vulnerable module: - - coreutils -
              • - -
            • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.15 and coreutils@8.32-4.1ubuntu1.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.15 - - coreutils@8.32-4.1ubuntu1.2 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

            -

            chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

            -

            Remediation

            -

            There is no fixed version for Ubuntu:22.04 coreutils.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -
            -
            - - - diff --git a/docs/snyk/v2.8.15/redis_7.0.11-alpine.html b/docs/snyk/v2.8.15/redis_7.0.11-alpine.html deleted file mode 100644 index 1a342c5b6a42e..0000000000000 --- a/docs/snyk/v2.8.15/redis_7.0.11-alpine.html +++ /dev/null @@ -1,2204 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
            -
            -
            -
            - - - Snyk - Open Source Security - - - - - - - -
            -

            Snyk test report

            - -

            April 14th 2024, 12:27:09 am (UTC+00:00)

            -
            -
            - Scanned the following path: -
              -
            • redis:7.0.11-alpine (apk)
              • -
            -
            - -
            -
            10 known vulnerabilities
            -
            86 vulnerable dependency paths
            -
            18 dependencies
            -
            -
            -
            -
            -
            - - - - - - - -
            Project docker-image|redis
            Path redis:7.0.11-alpine
            Package Manager apk
            -
            -
            -
            -
            -

            Out-of-bounds Write

            -
            - -
            - critical severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - busybox/busybox -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and busybox/busybox@1.36.1-r0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/busybox@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/busybox-binsh@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

            -

            Remediation

            -

            Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-5363

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

            -

            Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

            -

            When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

            -

            For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

            -

            Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

            -

            Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            -

            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

            -

            OpenSSL 3.1 and 3.0 are vulnerable to this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Authentication

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

            -

            Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

            -

            The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

            -

            As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Inefficient Regular Expression Complexity

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Checking excessively long DH keys or parameters may be very slow.

            -

            Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

            -

            The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

            -

            However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

            -

            An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

            -

            The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

            -

            Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Excessive Iteration

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Checking excessively long DH keys or parameters may be very slow.

            -

            Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

            -

            The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

            -

            An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

            -

            The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

            -

            Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            -

            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Check for Unusual or Exceptional Conditions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

            -

            Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

            -

            While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

            -

            Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

            -

            An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

            -

            DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

            -

            Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            -

            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Out-of-bounds Write

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

            -

            Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

            -

            The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

            -

            The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

            -

            The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-0727

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

            -

            Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

            -

            A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

            -

            OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

            -

            We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-6237

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            This vulnerability has not been analyzed by NVD yet.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-2511

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

            -

            Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

            -

            This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

            -

            This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -
            -
            - - - diff --git a/docs/snyk/v2.9.11/argocd-iac-namespace-install.html b/docs/snyk/v2.9.11/argocd-iac-namespace-install.html deleted file mode 100644 index 21cbecccdb659..0000000000000 --- a/docs/snyk/v2.9.11/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2575 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
            -
            -
            -
            - - - Snyk - Open Source Security - - - - - - - -
            -

            Snyk test report

            - -

            April 14th 2024, 12:26:24 am (UTC+00:00)

            -
            -
            - Scanned the following path: -
              -
            • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
              • -
            -
            - -
            -
            38 total issues
            -
            -
            -
            -
            - -
            - - - - - - -
            Project manifests/namespace-install.yaml
            Path /argo-cd/manifests/namespace-install.yaml
            Project Type Kubernetes
            -
            -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 7] - - rules[0] - - resources - -
              • - -
            • - Line number: 77 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 8] - - rules[4] - - resources - -
              • - -
            • - Line number: 162 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 9] - - rules[0] - - resources - -
              • - -
            • - Line number: 190 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 10] - - rules[1] - - resources - -
              • - -
            • - Line number: 220 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 10] - - rules[3] - - resources - -
              • - -
            • - Line number: 238 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Role or ClusterRole with dangerous permissions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-47 -
              • - -
            • Introduced through: - [DocId: 11] - - rules[0] - - resources - -
              • - -
            • - Line number: 254 -
              • -
            - -
            - -

            Impact

            -

            Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

            - -

            Remediation

            -

            Consider removing these permissions

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container could be running with outdated image

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-42 -
              • - -
            • Introduced through: - [DocId: 38] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
              • - -
            • - Line number: 1288 -
              • -
            - -
            - -

            Impact

            -

            The container may run with outdated or unauthorized image

            - -

            Remediation

            -

            Set `imagePullPolicy` attribute to `Always`

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 633 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 878 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 844 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 938 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 1031 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 1288 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 1088 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 1373 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container has no CPU limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-5 -
              • - -
            • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
              • - -
            • - Line number: 1695 -
              • -
            - -
            - -

            Impact

            -

            CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

            - -

            Remediation

            -

            Add `resources.limits.cpu` field with required CPU limit value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running with multiple open ports

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-36 -
              • - -
            • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[dex] - - ports - -
              • - -
            • - Line number: 858 -
              • -
            - -
            - -

            Impact

            -

            Increases the attack surface of the application and the container.

            - -

            Remediation

            -

            Reduce `ports` count to 2

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without liveness probe

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-41 -
              • - -
            • Introduced through: - [DocId: 34] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
              • - -
            • - Line number: 633 -
              • -
            - -
            - -

            Impact

            -

            Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

            - -

            Remediation

            -

            Add `livenessProbe` attribute

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without liveness probe

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-41 -
              • - -
            • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
              • - -
            • - Line number: 844 -
              • -
            - -
            - -

            Impact

            -

            Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

            - -

            Remediation

            -

            Add `livenessProbe` attribute

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without liveness probe

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-41 -
              • - -
            • Introduced through: - [DocId: 37] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
              • - -
            • - Line number: 1031 -
              • -
            - -
            - -

            Impact

            -

            Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

            - -

            Remediation

            -

            Add `livenessProbe` attribute

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
              • - -
            • - Line number: 633 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
              • - -
            • - Line number: 844 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
              • - -
            • - Line number: 878 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
              • - -
            • - Line number: 938 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
              • - -
            • - Line number: 1031 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
              • - -
            • - Line number: 1288 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
              • - -
            • - Line number: 1088 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
              • - -
            • - Line number: 1373 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container is running without memory limit

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-4 -
              • - -
            • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
              • - -
            • - Line number: 1695 -
              • -
            - -
            - -

            Impact

            -

            Containers without memory limits are more likely to be terminated when the node runs out of memory

            - -

            Remediation

            -

            Set `resources.limits.memory` value

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 768 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 886 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 861 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 965 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 1041 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 1295 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 1261 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 1605 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -

            Container's or Pod's UID could clash with host's UID

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Public ID: SNYK-CC-K8S-11 -
              • - -
            • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
              • - -
            • - Line number: 1843 -
              • -
            - -
            - -

            Impact

            -

            UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

            - -

            Remediation

            -

            Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

            - - -
            -
            - -
            -

            More about this issue

            -
            - -
            -
            -
            - -
            - - - diff --git a/docs/snyk/v2.9.11/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.9.11/ghcr.io_dexidp_dex_v2.37.0.html deleted file mode 100644 index b26bcd5c9d241..0000000000000 --- a/docs/snyk/v2.9.11/ghcr.io_dexidp_dex_v2.37.0.html +++ /dev/null @@ -1,4570 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
            -
            -
            -
            - - - Snyk - Open Source Security - - - - - - - -
            -

            Snyk test report

            - -

            April 14th 2024, 12:24:37 am (UTC+00:00)

            -
            -
            - Scanned the following paths: -
              -
            • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
              • -
            • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
              • -
            • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
              • -
            • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/dex (gomodules)
              • -
            -
            - -
            -
            44 known vulnerabilities
            -
            130 vulnerable dependency paths
            -
            786 dependencies
            -
            -
            -
            -
            - -
            -
            -
            -

            Path Traversal

            -
            - -
            - critical severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - github.com/go-git/go-git/v5 -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5@v5.4.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/go-git/go-git/v5@v5.4.2 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Path Traversal via malicious server replies. An attacker can create and amend files across the filesystem and potentially achieve remote code execution by sending crafted responses to the client.

            -

            Notes:

            -
              -

            1. This is only exploitable if the client is using ChrootOS, which is the default for certain functions such as PlainClone.

              -
              2. -

            2. Applications using BoundOS or in-memory filesystems are not affected by this issue.

              -
              3. -

            3. Users running versions of go-git from v4 and above are recommended to upgrade to v5.11 in order to mitigate this vulnerability.

              -
              4. -
            -

            Workaround

            -

            This vulnerability can be mitigated by limiting the client's use to trustworthy Git servers.

            -

            Remediation

            -

            Upgrade github.com/go-git/go-git/v5 to version 5.11.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Out-of-bounds Write

            -
            - -
            - critical severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - busybox/busybox -
              • - -
            • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

            -

            Remediation

            -

            Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-5363

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

            -

            Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

            -

            When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

            -

            For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

            -

            Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

            -

            Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            -

            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

            -

            OpenSSL 3.1 and 3.0 are vulnerable to this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Denial of Service (DoS)

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - google.golang.org/grpc -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/grpc@v1.46.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/grpc@v1.46.2 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/grpc@v1.56.1 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            google.golang.org/grpc is a Go implementation of gRPC

            -

            Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

            -

            Remediation

            -

            Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Denial of Service (DoS)

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - golang.org/x/net/http2 -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

            -

            Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

            -

            Remediation

            -

            Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Allocation of Resources Without Limits or Throttling

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - golang.org/x/net/http2 -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

            -

            Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

            -

            Remediation

            -

            Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Heap-based Buffer Overflow

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - github.com/mattn/go-sqlite3 -
              • - -
            • Introduced through: - - github.com/dexidp/dex@* and github.com/mattn/go-sqlite3@v1.14.17 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/mattn/go-sqlite3@v1.14.17 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the sessionReadRecord function in the ext/session/sqlite3session.c file. An attacker can cause a program crash or execute arbitrary code by manipulating the input to trigger a heap-based buffer overflow.

            -

            Remediation

            -

            Upgrade github.com/mattn/go-sqlite3 to version 1.14.18 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Denial of Service (DoS)

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
              • - -
            • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

            -

            Details

            -

            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

            -

            Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

            -

            One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

            -

            When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

            -

            Two common types of DoS vulnerabilities:

            -
              -

            • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

              -
              • -

            • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

              -
              • -
            -

            Remediation

            -

            Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Authentication

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

            -

            Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

            -

            The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

            -

            As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Inefficient Regular Expression Complexity

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Checking excessively long DH keys or parameters may be very slow.

            -

            Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

            -

            The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

            -

            However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

            -

            An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

            -

            The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

            -

            Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Excessive Iteration

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Checking excessively long DH keys or parameters may be very slow.

            -

            Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

            -

            The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

            -

            An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

            -

            The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

            -

            Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            -

            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Check for Unusual or Exceptional Conditions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

            -

            Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

            -

            While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

            -

            Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

            -

            An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

            -

            DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

            -

            Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            -

            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Out-of-bounds Write

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

            -

            Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

            -

            The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

            -

            The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

            -

            The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-0727

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

            -

            Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

            -

            A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

            -

            OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

            -

            We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Infinite loop

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.28.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/internal/encoding/json@v1.28.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

            -

            Note:

            -

            This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

            -

            Remediation

            -

            Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Stack-based Buffer Overflow

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

            -

            Remediation

            -

            Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Infinite loop

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/encoding/protojson@v1.28.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

            -

            Note:

            -

            This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

            -

            Remediation

            -

            Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Allocation of Resources Without Limits or Throttling

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - golang.org/x/net/http2 -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

            -

            Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

            -

            Note:

            -

            This issue is related to CVE-2023-44487

            -

            Remediation

            -

            Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Cross-site Scripting (XSS)

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - golang.org/x/net/html -
              • - -
            • Introduced through: - - github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/html@v0.11.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

            -

            Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

            -

            Details

            -

            A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

            -

            This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

            -

            Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

            -

            Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

            -

            The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

            -

            Types of attacks

            -

            There are a few methods by which XSS can be manipulated:

            - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
            TypeOriginDescription
            StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
            ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
            DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
            MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
            -

            Affected environments

            -

            The following environments are susceptible to an XSS attack:

            -
              -
            • Web servers
              • -
            • Application servers
              • -
            • Web application environments
              • -
            -

            How to prevent

            -

            This section describes the top best practices designed to specifically protect your code:

            -
              -
            • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
              • -
            • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
              • -
            • Give users the option to disable client-side scripts.
              • -
            • Redirect invalid requests.
              • -
            • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
              • -
            • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
              • -
            • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
              • -
            -

            Remediation

            -

            Upgrade golang.org/x/net/html to version 0.13.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Authentication Bypass by Capture-replay

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - golang.org/x/crypto/ssh -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            golang.org/x/crypto/ssh is a SSH client and server

            -

            Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

            -

            Note:

            -
              -

            1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

              -
              2. -

            2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

              -
              3. -
            -

            Impact:

            -

            While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

            -

            Workaround

            -

            Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

            -

            Remediation

            -

            Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/vault/sdk/helper/certutil -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/consts@v0.5.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/logical@v0.5.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/physical@v0.5.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/physical/inmem@v0.5.0 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/vault/api -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/api@v1.6.0 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/serf/coordinate -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/serf/coordinate@v0.9.7 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/hcl/v2 -
              • - -
            • Introduced through: - - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2@v2.13.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 - - - -
              • -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/json@v2.13.0 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/hcl -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl@v1.0.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl/hcl/parser@v1.0.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl/hcl/strconv@v1.0.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl/hcl/token@v1.0.0 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl/json/parser@v1.0.0 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/golang-lru/simplelru -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/golang-lru/simplelru@v0.5.4 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-version -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-version@v1.5.0 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-sockaddr -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-sockaddr@v1.0.2 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-sockaddr/template@v1.0.2 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-secure-stdlib/strutil -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-secure-stdlib/parseutil -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-secure-stdlib/mlock -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-rootcerts -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-rootcerts@v1.0.2 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-retryablehttp -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-plugin -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-plugin@v1.4.4 - - - -
              • -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-immutable-radix -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-immutable-radix@v1.3.1 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/go-cleanhttp -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/errwrap -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/errwrap@v1.1.0 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/hashicorp/consul/api -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/consul/api@v1.13.0 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/gosimple/slug -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/gosimple/slug@v1.12.0 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            MPL-2.0 license

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
              • -
            • - Package Manager: golang -
              • -
            • - Module: - - github.com/go-sql-driver/mysql -
              • - -
            • Introduced through: - - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-sql-driver/mysql@v1.7.1 - - - -
              • -
            - -
            - -
            - -

            MPL-2.0 license

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Handling of Highly Compressed Data (Data Amplification)

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
              • - -
            • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

            -

            Remediation

            -

            Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Uncontrolled Resource Consumption ('Resource Exhaustion')

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
              • -
            • - Package Manager: golang -
              • -
            • - Vulnerable module: - - github.com/go-git/go-git/v5/plumbing -
              • - -
            • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5/plumbing@v5.4.2 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/go-git/go-git/v5/plumbing@v5.4.2 - - - -
              • -
            - -
            - -
            - -

            Overview

            -

            github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

            -

            Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

            -

            Note - This is only exploitable if the client is not using the in-memory filesystem supported by the library.

            -

            Workaround

            -

            In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trust-worthy Git servers.

            -

            Details

            -

            Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

            -

            Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

            -

            One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

            -

            When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

            -

            Two common types of DoS vulnerabilities:

            -
              -

            • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

              -
              • -

            • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

              -
              • -
            -

            Remediation

            -

            Upgrade github.com/go-git/go-git/v5/plumbing to version 5.11.0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-6237

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            This vulnerability has not been analyzed by NVD yet.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-2511

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

            -

            Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

            -

            This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

            -

            This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -
            -
            - - - diff --git a/docs/snyk/v2.9.11/haproxy_2.6.14-alpine.html b/docs/snyk/v2.9.11/haproxy_2.6.14-alpine.html deleted file mode 100644 index 2f546ab432589..0000000000000 --- a/docs/snyk/v2.9.11/haproxy_2.6.14-alpine.html +++ /dev/null @@ -1,1548 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
            -
            -
            -
            - - - Snyk - Open Source Security - - - - - - - -
            -

            Snyk test report

            - -

            April 14th 2024, 12:24:40 am (UTC+00:00)

            -
            -
            - Scanned the following path: -
              -
            • haproxy:2.6.14-alpine (apk)
              • -
            -
            - -
            -
            6 known vulnerabilities
            -
            54 vulnerable dependency paths
            -
            18 dependencies
            -
            -
            -
            -
            -
            - - - - - - - -
            Project docker-image|haproxy
            Path haproxy:2.6.14-alpine
            Package Manager apk
            -
            -
            -
            -
            -

            CVE-2023-5363

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

            -

            Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

            -

            When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

            -

            For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

            -

            Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

            -

            Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            -

            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

            -

            OpenSSL 3.1 and 3.0 are vulnerable to this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Check for Unusual or Exceptional Conditions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

            -

            Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

            -

            While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

            -

            Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

            -

            An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

            -

            DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

            -

            Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            -

            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Out-of-bounds Write

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

            -

            Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

            -

            The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

            -

            The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

            -

            The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-0727

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

            -

            Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

            -

            A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

            -

            OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

            -

            We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-6237

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            This vulnerability has not been analyzed by NVD yet.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-2511

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

            -

            Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

            -

            This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

            -

            This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -
            -
            - - - diff --git a/docs/snyk/v2.9.11/redis_7.0.11-alpine.html b/docs/snyk/v2.9.11/redis_7.0.11-alpine.html deleted file mode 100644 index 84839c3bc4cf2..0000000000000 --- a/docs/snyk/v2.9.11/redis_7.0.11-alpine.html +++ /dev/null @@ -1,2204 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
            -
            -
            -
            - - - Snyk - Open Source Security - - - - - - - -
            -

            Snyk test report

            - -

            April 14th 2024, 12:25:02 am (UTC+00:00)

            -
            -
            - Scanned the following path: -
              -
            • redis:7.0.11-alpine (apk)
              • -
            -
            - -
            -
            10 known vulnerabilities
            -
            86 vulnerable dependency paths
            -
            18 dependencies
            -
            -
            -
            -
            -
            - - - - - - - -
            Project docker-image|redis
            Path redis:7.0.11-alpine
            Package Manager apk
            -
            -
            -
            -
            -

            Out-of-bounds Write

            -
            - -
            - critical severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - busybox/busybox -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and busybox/busybox@1.36.1-r0 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/busybox@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/busybox-binsh@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

            -

            Remediation

            -

            Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-5363

            -
            - -
            - high severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

            -

            Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

            -

            When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

            -

            For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

            -

            Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

            -

            Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            -

            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

            -

            OpenSSL 3.1 and 3.0 are vulnerable to this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Authentication

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

            -

            Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

            -

            The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

            -

            As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Inefficient Regular Expression Complexity

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Checking excessively long DH keys or parameters may be very slow.

            -

            Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

            -

            The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

            -

            However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

            -

            An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

            -

            The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

            -

            Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Excessive Iteration

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Checking excessively long DH keys or parameters may be very slow.

            -

            Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

            -

            The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

            -

            An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

            -

            The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

            -

            Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            -

            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Improper Check for Unusual or Exceptional Conditions

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

            -

            Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

            -

            While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

            -

            Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

            -

            An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

            -

            DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

            -

            Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

            -

            The OpenSSL SSL/TLS implementation is not affected by this issue.

            -

            The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            Out-of-bounds Write

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

            -

            Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

            -

            The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

            -

            The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

            -

            The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-0727

            -
            - -
            - medium severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

            -

            Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

            -

            A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

            -

            OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

            -

            We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2023-6237

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            This vulnerability has not been analyzed by NVD yet.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

            - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -

            CVE-2024-2511

            -
            - -
            - low severity -
            - -
            - -
              -
            • - Package Manager: alpine:3.18 -
              • -
            • - Vulnerable module: - - openssl/libcrypto3 -
              • - -
            • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
              • -
            - -
            - - -

            Detailed paths

            - -
              -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
              • -
            - -
            - -
            - -

            NVD Description

            -

            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

            -

            Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

            -

            Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

            -

            This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

            -

            This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

            -

            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

            -

            Remediation

            -

            Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

            -

            References

            - - -
            - -
            -

            More about this vulnerability

            -
            - -
            -
            -
            -
            - - - diff --git a/docs/snyk/v2.11.0-rc1/argocd-iac-install.html b/docs/snyk/v2.9.16/argocd-iac-install.html similarity index 89% rename from docs/snyk/v2.11.0-rc1/argocd-iac-install.html rename to docs/snyk/v2.9.16/argocd-iac-install.html index 64c9f129dd016..0b546c7f0f290 100644 --- a/docs/snyk/v2.11.0-rc1/argocd-iac-install.html +++ b/docs/snyk/v2.9.16/argocd-iac-install.html @@ -456,7 +456,7 @@

            Snyk test report

            -

            April 14th 2024, 12:21:49 am (UTC+00:00)

            +

            May 26th 2024, 12:24:54 am (UTC+00:00)

            Scanned the following path: @@ -466,7 +466,7 @@

            Snyk test report

            -
            39 total issues
            +
            43 total issues
    @@ -482,12 +482,12 @@

    Snyk test report

    -
    +

    Role or ClusterRole with dangerous permissions

    -
    - high severity +
    + medium severity
    @@ -498,16 +498,16 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 16] + [DocId: 10] - rules[5] + rules[0] resources
  • - Line number: 21035 + Line number: 20310
    • @@ -544,16 +544,16 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 10] + [DocId: 11] - rules[0] + rules[4] resources
  • - Line number: 20744 + Line number: 20395
    • @@ -590,16 +590,16 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 11] + [DocId: 12] - rules[4] + rules[0] resources
  • - Line number: 20829 + Line number: 20423
    • @@ -636,16 +636,16 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 12] + [DocId: 13] - rules[0] + rules[1] resources
  • - Line number: 20857 + Line number: 20453
    • @@ -684,14 +684,14 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: [DocId: 13] - rules[1] + rules[3] resources
  • - Line number: 20887 + Line number: 20471
    • @@ -728,16 +728,16 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 13] + [DocId: 14] - rules[3] + rules[0] resources
  • - Line number: 20905 + Line number: 20489
    • @@ -774,7 +774,7 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 14] + [DocId: 15] rules[0] @@ -783,7 +783,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20921 + Line number: 20511
    • @@ -803,6 +803,58 @@

    Remediation

    More about this issue

    +
    +
    +

    Container could be running with outdated image

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-42 +
      • + +
    • Introduced through: + [DocId: 46] + + spec + + template + + spec + + initContainers[secret-init] + + imagePullPolicy + +
      • + +
    • + Line number: 21439 +
      • +
    + +
    + +

    Impact

    +

    The container may run with outdated or unauthorized image

    + +

    Remediation

    +

    Set `imagePullPolicy` attribute to `Always`

    + + +
    +
    + +
    +

    More about this issue

    +
    +

    Container could be running with outdated image

    @@ -835,7 +887,7 @@

    Container could be running with outdated image

  • - Line number: 22209 + Line number: 21696
    • @@ -893,7 +945,7 @@

    Container has no CPU limit

  • - Line number: 21512 + Line number: 21012
    • @@ -951,7 +1003,7 @@

    Container has no CPU limit

  • - Line number: 21763 + Line number: 21257
    • @@ -1009,7 +1061,7 @@

    Container has no CPU limit

  • - Line number: 21729 + Line number: 21223
    • @@ -1067,7 +1119,7 @@

    Container has no CPU limit

  • - Line number: 21823 + Line number: 21317
    • @@ -1125,7 +1177,65 @@

    Container has no CPU limit

  • - Line number: 21922 + Line number: 21410 +
    • + + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 46] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 21434
    @@ -1183,7 +1293,7 @@

    Container has no CPU limit

  • - Line number: 22209 + Line number: 21696
    • @@ -1241,7 +1351,7 @@

    Container has no CPU limit

  • - Line number: 21979 + Line number: 21491
    • @@ -1299,7 +1409,7 @@

    Container has no CPU limit

  • - Line number: 22294 + Line number: 21781
    • @@ -1357,7 +1467,7 @@

    Container has no CPU limit

  • - Line number: 22640 + Line number: 22108
    • @@ -1409,7 +1519,7 @@

    Container is running with multiple open ports

  • - Line number: 21743 + Line number: 21237
    • @@ -1461,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 21512 + Line number: 21012
    • @@ -1513,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 21729 + Line number: 21223
    • @@ -1565,7 +1675,7 @@

    Container is running without liveness probe

  • - Line number: 21922 + Line number: 21410
    • @@ -1623,7 +1733,7 @@

    Container is running without memory limit

  • - Line number: 21512 + Line number: 21012
    • @@ -1681,7 +1791,7 @@

    Container is running without memory limit

  • - Line number: 21729 + Line number: 21223
    • @@ -1739,7 +1849,7 @@

    Container is running without memory limit

  • - Line number: 21763 + Line number: 21257
    • @@ -1797,7 +1907,7 @@

    Container is running without memory limit

  • - Line number: 21823 + Line number: 21317
    • @@ -1855,7 +1965,65 @@

    Container is running without memory limit

  • - Line number: 21922 + Line number: 21410 +
    • + + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 46] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + memory + +
      • + +
    • + Line number: 21434
    @@ -1913,7 +2081,7 @@

    Container is running without memory limit

  • - Line number: 22209 + Line number: 21696
    • @@ -1971,7 +2139,7 @@

    Container is running without memory limit

  • - Line number: 21979 + Line number: 21491
    • @@ -2029,7 +2197,7 @@

    Container is running without memory limit

  • - Line number: 22294 + Line number: 21781
    • @@ -2087,7 +2255,7 @@

    Container is running without memory limit

  • - Line number: 22640 + Line number: 22108
    • @@ -2143,7 +2311,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21653 + Line number: 21147
    • @@ -2199,7 +2367,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21771 + Line number: 21265
    • @@ -2255,7 +2423,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21746 + Line number: 21240
    • @@ -2311,7 +2479,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21856 + Line number: 21344
    • @@ -2367,7 +2535,63 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21932 + Line number: 21427 +
    • + + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 46] + + input + + spec + + template + + spec + + initContainers[secret-init] + + securityContext + + runAsUser + +
      • + +
    • + Line number: 21441
    @@ -2423,7 +2647,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22216 + Line number: 21703
    • @@ -2479,7 +2703,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22182 + Line number: 21669
    • @@ -2535,7 +2759,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22550 + Line number: 22018
    • @@ -2591,7 +2815,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22830 + Line number: 22267
    • diff --git a/docs/snyk/v2.11.0-rc1/argocd-iac-namespace-install.html b/docs/snyk/v2.9.16/argocd-iac-namespace-install.html similarity index 88% rename from docs/snyk/v2.11.0-rc1/argocd-iac-namespace-install.html rename to docs/snyk/v2.9.16/argocd-iac-namespace-install.html index c7401535ad1b6..b671bdf60d6c3 100644 --- a/docs/snyk/v2.11.0-rc1/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.9.16/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:21:57 am (UTC+00:00)

    +

    May 26th 2024, 12:25:04 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    38 total issues
    +
    43 total issues

    @@ -737,7 +737,53 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 254 + Line number: 256 +
    • + + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 12] + + rules[0] + + resources + +
      • + +
    • + Line number: 278
    @@ -774,7 +820,59 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 38] + [DocId: 39] + + spec + + template + + spec + + initContainers[secret-init] + + imagePullPolicy + +
    • + +
  • + Line number: 1100 +
    • + + +
    + +

    Impact

    +

    The container may run with outdated or unauthorized image

    + +

    Remediation

    +

    Set `imagePullPolicy` attribute to `Always`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container could be running with outdated image

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-42 +
      • + +
    • Introduced through: + [DocId: 40] spec @@ -789,7 +887,7 @@

      Container could be running with outdated image

    • - Line number: 1330 + Line number: 1357
    @@ -826,7 +924,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 34] + [DocId: 36] input @@ -847,7 +945,7 @@

    Container has no CPU limit

  • - Line number: 633 + Line number: 673
    • @@ -884,7 +982,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -905,7 +1003,7 @@

    Container has no CPU limit

  • - Line number: 884 + Line number: 918
    • @@ -942,7 +1040,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -963,7 +1061,7 @@

    Container has no CPU limit

  • - Line number: 850 + Line number: 884
    • @@ -1000,7 +1098,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 38] input @@ -1021,7 +1119,7 @@

    Container has no CPU limit

  • - Line number: 944 + Line number: 978
    • @@ -1058,7 +1156,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 39] input @@ -1079,7 +1177,7 @@

    Container has no CPU limit

  • - Line number: 1043 + Line number: 1071
    • @@ -1116,7 +1214,65 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + cpu + +
    • + +
  • + Line number: 1095 +
    • + + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 40] input @@ -1137,7 +1293,7 @@

      Container has no CPU limit

    • - Line number: 1330 + Line number: 1357
    @@ -1174,7 +1330,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 40] input @@ -1195,7 +1351,7 @@

    Container has no CPU limit

  • - Line number: 1100 + Line number: 1152
    • @@ -1232,7 +1388,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 41] input @@ -1253,7 +1409,7 @@

    Container has no CPU limit

  • - Line number: 1415 + Line number: 1442
    • @@ -1290,7 +1446,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 42] input @@ -1311,7 +1467,7 @@

    Container has no CPU limit

  • - Line number: 1761 + Line number: 1769
    • @@ -1348,7 +1504,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 35] + [DocId: 37] spec @@ -1363,7 +1519,7 @@

    Container is running with multiple open ports

  • - Line number: 864 + Line number: 898
    • @@ -1400,7 +1556,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 34] + [DocId: 36] spec @@ -1415,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 633 + Line number: 673
    • @@ -1452,7 +1608,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 35] + [DocId: 37] spec @@ -1467,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 850 + Line number: 884
    • @@ -1504,7 +1660,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 37] + [DocId: 39] spec @@ -1519,7 +1675,7 @@

    Container is running without liveness probe

  • - Line number: 1043 + Line number: 1071
    • @@ -1556,7 +1712,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 34] + [DocId: 36] input @@ -1577,7 +1733,7 @@

    Container is running without memory limit

  • - Line number: 633 + Line number: 673
    • @@ -1614,7 +1770,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -1635,7 +1791,7 @@

    Container is running without memory limit

  • - Line number: 850 + Line number: 884
    • @@ -1672,7 +1828,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -1693,7 +1849,7 @@

    Container is running without memory limit

  • - Line number: 884 + Line number: 918
    • @@ -1730,7 +1886,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 38] input @@ -1751,7 +1907,7 @@

    Container is running without memory limit

  • - Line number: 944 + Line number: 978
    • @@ -1788,7 +1944,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 39] input @@ -1809,7 +1965,7 @@

    Container is running without memory limit

  • - Line number: 1043 + Line number: 1071
    • @@ -1846,7 +2002,65 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + resources + + limits + + memory + +
    • + +
  • + Line number: 1095 +
    • + + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 40] input @@ -1867,7 +2081,7 @@

      Container is running without memory limit

    • - Line number: 1330 + Line number: 1357
    @@ -1904,7 +2118,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 40] input @@ -1925,7 +2139,7 @@

    Container is running without memory limit

  • - Line number: 1100 + Line number: 1152
    • @@ -1962,7 +2176,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 41] input @@ -1983,7 +2197,7 @@

    Container is running without memory limit

  • - Line number: 1415 + Line number: 1442
    • @@ -2020,7 +2234,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 42] input @@ -2041,7 +2255,7 @@

    Container is running without memory limit

  • - Line number: 1761 + Line number: 1769
    • @@ -2078,7 +2292,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 34] + [DocId: 36] input @@ -2097,7 +2311,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 774 + Line number: 808
    • @@ -2134,7 +2348,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -2153,7 +2367,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 892 + Line number: 926
    • @@ -2190,7 +2404,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 35] + [DocId: 37] input @@ -2209,7 +2423,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 867 + Line number: 901
    • @@ -2246,7 +2460,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 36] + [DocId: 38] input @@ -2265,7 +2479,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 977 + Line number: 1005
    • @@ -2302,7 +2516,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 39] input @@ -2321,7 +2535,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1053 + Line number: 1088
    • @@ -2358,7 +2572,63 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 39] + + input + + spec + + template + + spec + + initContainers[secret-init] + + securityContext + + runAsUser + +
    • + +
  • + Line number: 1102 +
    • + + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 40] input @@ -2377,7 +2647,7 @@

      Container's or Pod's UID could clash with hos

    • - Line number: 1337 + Line number: 1364
    @@ -2414,7 +2684,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 40] input @@ -2433,7 +2703,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1303 + Line number: 1330
    • @@ -2470,7 +2740,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 39] + [DocId: 41] input @@ -2489,7 +2759,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1671 + Line number: 1679
    • @@ -2526,7 +2796,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 42] input @@ -2545,7 +2815,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1951 + Line number: 1928
    • diff --git a/docs/snyk/v2.8.15/argocd-test.html b/docs/snyk/v2.9.16/argocd-test.html similarity index 66% rename from docs/snyk/v2.8.15/argocd-test.html rename to docs/snyk/v2.9.16/argocd-test.html index 842457e102410..a1e0515fe2965 100644 --- a/docs/snyk/v2.8.15/argocd-test.html +++ b/docs/snyk/v2.9.16/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:26:39 am (UTC+00:00)

    +

    May 26th 2024, 12:22:59 am (UTC+00:00)

    Scanned the following paths: @@ -467,9 +467,9 @@

    Snyk test report

    -
    14 known vulnerabilities
    -
    231 vulnerable dependency paths
    -
    1856 dependencies
    +
    10 known vulnerabilities
    +
    175 vulnerable dependency paths
    +
    1919 dependencies

    @@ -478,7 +478,7 @@

    Snyk test report

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    @@ -497,13 +497,13 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + google.golang.org/grpc
  • Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 and google.golang.org/grpc@1.56.2 - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.24.2 and others
    • @@ -517,9 +517,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -528,9 +526,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/soheilhy/cmux@0.1.5 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -539,9 +537,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/rest@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -552,7 +550,7 @@

    Detailed paths

    github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -561,11 +559,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/watch@0.24.2 + google.golang.org/grpc/health@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -574,11 +570,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + google.golang.org/grpc/reflection@1.56.2 - google.golang.org/grpc/internal/transport@1.58.3 - - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -587,11 +581,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -600,11 +592,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -613,11 +603,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -626,11 +614,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.2 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -639,11 +625,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -652,11 +636,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -665,11 +647,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - k8s.io/client-go/rest@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -678,11 +660,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/client-go/rest@0.24.2 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/internal/otlpconfig@1.16.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -691,11 +673,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/client-go/rest@0.24.2 + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -704,11 +686,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/record@0.24.2 + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - k8s.io/client-go/rest@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -717,13 +699,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 + google.golang.org/grpc/reflection@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -732,13 +712,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/rest@0.24.2 - - k8s.io/client-go/transport@0.24.2 + google.golang.org/grpc/health@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -747,13 +725,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - google.golang.org/grpc/internal/transport@1.58.3 + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -762,13 +740,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - google.golang.org/grpc@1.58.3 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - google.golang.org/grpc/internal/transport@1.58.3 + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -777,13 +755,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - google.golang.org/grpc@1.58.3 + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - google.golang.org/grpc/internal/transport@1.58.3 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -792,13 +772,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - google.golang.org/grpc@1.58.3 + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 @@ -807,26 +789,108 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - google.golang.org/grpc@1.58.3 + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - google.golang.org/grpc/internal/transport@1.58.3 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc@1.56.2 + + +
    + +
    + +

    Overview

    +

    google.golang.org/grpc is a Go implementation of gRPC

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    +

    Remediation

    +

    Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Allocation of Resources Without Limits or Throttling

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.24.17 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/grpc@1.58.3 + golang.org/x/net/http2@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/internal/transport@1.58.3 + github.com/soheilhy/cmux@0.1.5 golang.org/x/net/http2@0.19.0 @@ -837,11 +901,18 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + k8s.io/client-go/rest@0.24.17 - google.golang.org/grpc@1.58.3 + golang.org/x/net/http2@0.19.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/internal/transport@1.58.3 + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 golang.org/x/net/http2@0.19.0 @@ -852,11 +923,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -867,11 +936,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/openapi@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -882,11 +949,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 + k8s.io/client-go/discovery@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -897,11 +962,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers@0.24.2 + k8s.io/client-go/transport/spdy@0.24.17 - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -912,11 +975,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/auth@0.24.2 + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -927,11 +988,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 - - k8s.io/client-go/tools/cache@0.24.2 + k8s.io/client-go/testing@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -942,11 +1001,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery/fake@0.24.2 + k8s.io/client-go/dynamic@0.24.17 - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -957,11 +1014,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/fake@0.24.2 - - k8s.io/client-go/testing@0.24.2 + k8s.io/client-go/tools/cache@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -972,11 +1027,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 + k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -987,11 +1040,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/remotecommand@0.24.2 + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1002,13 +1053,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1019,13 +1066,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/client-go/tools/record@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1036,13 +1079,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/api/rbac/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1053,13 +1094,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/api/core/v1@0.24.2 + k8s.io/client-go/rest@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/client-go/transport@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1070,13 +1109,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/api/errors@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - k8s.io/apimachinery/pkg/watch@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -1087,13 +1124,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -1104,13 +1139,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/api/equality@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - k8s.io/apimachinery/pkg/watch@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -1121,13 +1154,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/transport/spdy@0.24.2 - - k8s.io/client-go/rest@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - k8s.io/client-go/transport@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -1138,13 +1169,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.2 + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - k8s.io/client-go/transport@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -1155,13 +1184,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/testing@0.24.2 - - k8s.io/client-go/rest@0.24.2 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/client-go/transport@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -1172,13 +1199,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.2 - - k8s.io/client-go/rest@0.24.2 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - k8s.io/client-go/transport@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -1189,13 +1214,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.2 - - k8s.io/client-go/rest@0.24.2 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - k8s.io/client-go/transport@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -1206,13 +1229,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.2 - - k8s.io/client-go/rest@0.24.2 + k8s.io/kubectl/pkg/util/openapi@0.24.17 - k8s.io/client-go/transport@0.24.2 + k8s.io/client-go/discovery@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1223,13 +1244,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + k8s.io/client-go/tools/clientcmd@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/tools/auth@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1240,13 +1259,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + k8s.io/client-go/tools/cache@0.24.17 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1257,13 +1274,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 - - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + k8s.io/client-go/discovery/fake@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/testing@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1274,13 +1289,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/cache@#425d65e07695 + k8s.io/client-go/kubernetes/fake@0.24.17 - k8s.io/kubectl/pkg/util/openapi@0.24.2 + k8s.io/client-go/testing@0.24.17 - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1291,13 +1304,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - k8s.io/client-go/discovery@0.24.2 + k8s.io/client-go/dynamic@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1308,13 +1319,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 + k8s.io/client-go/informers/apps/v1@0.24.17 - k8s.io/client-go/discovery@0.24.2 + k8s.io/client-go/tools/cache@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1325,13 +1334,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + k8s.io/client-go/informers@0.24.17 - k8s.io/client-go/listers/core/v1@0.24.2 + k8s.io/client-go/tools/cache@0.24.17 - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1342,13 +1349,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers/core/v1@0.24.2 - - k8s.io/client-go/listers/core/v1@0.24.2 + k8s.io/client-go/listers/core/v1@0.24.17 - k8s.io/client-go/tools/cache@0.24.2 + k8s.io/client-go/tools/cache@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1359,13 +1364,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + k8s.io/client-go/tools/remotecommand@0.24.17 - k8s.io/client-go/tools/clientcmd@0.24.2 + k8s.io/client-go/transport/spdy@0.24.17 - k8s.io/client-go/tools/auth@0.24.2 - - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1376,13 +1379,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/client-go/dynamic@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1393,13 +1396,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/term@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - k8s.io/client-go/tools/remotecommand@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/client-go/transport/spdy@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1410,15 +1413,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.2 + k8s.io/api/rbac/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1429,15 +1430,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/resource@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/api/core/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1448,15 +1447,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/dynamic@0.24.2 + k8s.io/apimachinery/pkg/api/errors@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1467,15 +1464,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/ignore@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1486,15 +1481,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#425d65e07695 + k8s.io/apimachinery/pkg/api/equality@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1505,15 +1498,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/testing@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/client-go/transport/spdy@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/client-go/rest@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/client-go/transport@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1524,15 +1515,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/util/managedfields@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/client-go/rest@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/client-go/transport@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1543,15 +1532,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2 + k8s.io/client-go/testing@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/client-go/rest@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/client-go/transport@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1562,15 +1549,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 + k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/client-go/rest@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/client-go/transport@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1581,15 +1566,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 + k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/client-go/rest@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/client-go/transport@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1600,15 +1583,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/resource@0.24.2 - - k8s.io/api/core/v1@0.24.2 + k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/client-go/rest@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/client-go/transport@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1619,15 +1600,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/health@#425d65e07695 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -1638,15 +1617,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/util/retry@0.24.2 + google.golang.org/grpc/reflection@1.56.2 - k8s.io/apimachinery/pkg/api/errors@0.24.2 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -1657,15 +1634,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/portforward@0.24.2 - - k8s.io/api/core/v1@0.24.2 + google.golang.org/grpc/health@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.2 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.2 + google.golang.org/grpc/internal/transport@1.56.2 golang.org/x/net/http2@0.19.0 @@ -1676,15 +1651,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.2 + github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f - k8s.io/apimachinery/pkg/api/equality@0.24.2 + k8s.io/kubectl/pkg/util/openapi@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/client-go/discovery@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1695,15 +1668,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/api/validation@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/kubectl/pkg/util/openapi@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/client-go/discovery@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1714,15 +1685,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery/fake@0.24.2 + github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - k8s.io/client-go/testing@0.24.2 + k8s.io/kubectl/pkg/util/openapi@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/discovery@0.24.17 - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1733,15 +1702,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/fake@0.24.2 - - k8s.io/client-go/testing@0.24.2 + github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/listers/core/v1@0.24.17 - k8s.io/client-go/transport@0.24.2 + k8s.io/client-go/tools/cache@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1752,15 +1719,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/remotecommand@0.24.2 + github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - k8s.io/client-go/transport/spdy@0.24.2 + k8s.io/client-go/tools/clientcmd@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/tools/auth@0.24.17 - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1771,15 +1736,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/health@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - k8s.io/kubectl/pkg/util/openapi@0.24.2 + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - k8s.io/client-go/discovery@0.24.2 + k8s.io/client-go/dynamic@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1790,15 +1753,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 + k8s.io/client-go/informers/core/v1@0.24.17 - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 + k8s.io/client-go/listers/core/v1@0.24.17 - k8s.io/kubectl/pkg/util/openapi@0.24.2 + k8s.io/client-go/tools/cache@0.24.17 - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1809,15 +1770,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - k8s.io/client-go/restmapper@0.24.2 + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - k8s.io/client-go/discovery@0.24.2 + k8s.io/client-go/tools/cache@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1828,15 +1787,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + k8s.io/kubectl/pkg/util/term@0.24.17 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + k8s.io/client-go/tools/remotecommand@0.24.17 - k8s.io/client-go/dynamic@0.24.2 + k8s.io/client-go/transport/spdy@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/client-go/rest@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1847,15 +1804,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + github.com/Azure/kubelogin/pkg/token@0.0.20 - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 + k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 - k8s.io/client-go/tools/clientcmd@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/client-go/tools/auth@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1866,17 +1823,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/diff@#425d65e07695 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.2 + k8s.io/apimachinery/pkg/util/managedfields@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1887,17 +1842,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/hook@#425d65e07695 + github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f - github.com/argoproj/gitops-engine/pkg/sync/resource@#425d65e07695 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1908,17 +1861,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + k8s.io/client-go/dynamic@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1929,17 +1880,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/listers/core/v1@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f - k8s.io/client-go/tools/cache@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - k8s.io/client-go/tools/pager@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1950,17 +1899,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f - k8s.io/client-go/tools/pager@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1971,17 +1918,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + github.com/argoproj/gitops-engine/pkg/utils/testing@#b0fffe419a0f - k8s.io/client-go/tools/cache@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - k8s.io/client-go/tools/pager@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -1992,17 +1937,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 + k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 - k8s.io/api/core/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -2013,17 +1956,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/record@0.24.2 - - k8s.io/client-go/tools/reference@0.24.2 + sigs.k8s.io/controller-runtime@0.11.0 - k8s.io/api/core/v1@0.24.2 + sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -2034,17 +1975,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#425d65e07695 - - k8s.io/apimachinery/pkg/util/managedfields@0.24.2 + k8s.io/client-go/listers/core/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/api/core/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -2055,17 +1994,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 + k8s.io/kubectl/pkg/util/resource@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/api/core/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -2076,17 +2013,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/term@0.24.2 + github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f - k8s.io/client-go/tools/remotecommand@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - k8s.io/client-go/transport/spdy@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/client-go/rest@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/client-go/transport@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -2097,17 +2032,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + k8s.io/client-go/util/retry@0.24.17 - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + k8s.io/apimachinery/pkg/api/errors@0.24.17 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -2118,316 +2051,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.24.2 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.2 - - k8s.io/client-go/applyconfigurations/meta/v1@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.24.2 - - k8s.io/client-go/listers/core/v1@0.24.2 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.2 + k8s.io/client-go/tools/cache@0.24.17 - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + k8s.io/client-go/tools/pager@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -2438,21 +2070,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 - - k8s.io/client-go/tools/clientcmd@0.24.2 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.2 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.2 + k8s.io/client-go/tools/portforward@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 + k8s.io/api/core/v1@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/apimachinery/pkg/watch@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -2463,21 +2089,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/openapi@0.24.2 + k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.17 - k8s.io/client-go/discovery@0.24.2 + k8s.io/apimachinery/pkg/api/equality@0.24.17 - k8s.io/client-go/kubernetes/scheme@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/api/storage/v1beta1@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -2488,21 +2108,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes@0.24.2 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.2 + k8s.io/apimachinery/pkg/api/validation@0.24.17 - k8s.io/client-go/kubernetes/scheme@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.17 - k8s.io/api/storage/v1beta1@0.24.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - k8s.io/api/core/v1@0.24.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 golang.org/x/net/http2@0.19.0 @@ -2513,969 +2127,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/sync/common@#425d65e07695 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/client-go/rest@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#425d65e07695 - - k8s.io/kubectl/pkg/util/openapi@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.2 - - k8s.io/client-go/tools/pager@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.24.2 - - k8s.io/client-go/discovery@0.24.2 - - k8s.io/client-go/kubernetes/scheme@0.24.2 - - k8s.io/api/storage/v1beta1@0.24.2 - - k8s.io/api/core/v1@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.2 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.2 - - k8s.io/apimachinery/pkg/watch@0.24.2 - - k8s.io/apimachinery/pkg/util/net@0.24.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/coreos/go-oidc/v3/oidc@3.6.0 - - github.com/go-jose/go-jose/v3@3.0.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.58.3 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.58.3 - - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - google.golang.org/protobuf/internal/encoding/json@1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/grpc/http@#d56162821bd1 - - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.58.3 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 - - google.golang.org/grpc/internal/pretty@1.58.3 - - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + k8s.io/client-go/discovery/fake@0.24.17 + + k8s.io/client-go/testing@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/rest@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/transport@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3484,15 +2146,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + k8s.io/client-go/kubernetes/fake@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/testing@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/rest@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/client-go/transport@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -3501,15 +2165,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + k8s.io/client-go/tools/remotecommand@0.24.17 + + k8s.io/client-go/transport/spdy@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/rest@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/transport@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3518,15 +2184,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f - google.golang.org/grpc@1.58.3 + github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/kubectl/pkg/util/openapi@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/client-go/discovery@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/client-go/rest@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -3535,15 +2203,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - google.golang.org/grpc/internal/transport@1.58.3 + github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/kubectl/pkg/util/openapi@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/client-go/discovery@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/client-go/rest@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -3552,17 +2222,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/restmapper@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/discovery@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/client-go/rest@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3571,17 +2241,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - google.golang.org/grpc@1.58.3 + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/dynamic@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/client-go/rest@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3590,17 +2260,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/tools/clientcmd@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/tools/auth@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/client-go/rest@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3609,17 +2279,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + github.com/argoproj/gitops-engine/pkg/diff@#b0fffe419a0f - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -3628,17 +2300,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - google.golang.org/grpc@1.58.3 + github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -3647,17 +2321,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3666,17 +2342,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + k8s.io/client-go/kubernetes/scheme@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/api/storage/v1beta1@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/api/core/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -3685,17 +2363,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + k8s.io/client-go/informers/core/v1@0.24.17 + + k8s.io/client-go/listers/core/v1@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/api/core/v1@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3704,17 +2384,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + k8s.io/client-go/tools/record@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/tools/reference@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/api/core/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -3723,17 +2405,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf + + k8s.io/client-go/tools/cache@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/tools/pager@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3742,17 +2426,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + k8s.io/client-go/informers/apps/v1@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/tools/cache@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/tools/pager@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -3761,19 +2447,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + k8s.io/client-go/informers@0.24.17 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + k8s.io/client-go/tools/cache@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/tools/pager@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3782,19 +2468,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + k8s.io/client-go/listers/core/v1@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/api/core/v1@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3803,19 +2489,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + k8s.io/client-go/dynamic@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3824,21 +2510,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + k8s.io/kubectl/pkg/util/term@0.24.17 - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + k8s.io/client-go/tools/remotecommand@0.24.17 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + k8s.io/client-go/transport/spdy@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/rest@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/transport@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3855,102 +2539,32 @@

      Detailed paths

      github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 + google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/pretty@1.58.3 + google.golang.org/grpc/internal/transport@1.56.2 - github.com/golang/protobuf/jsonpb@1.4.2 - - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - github.com/golang/protobuf/jsonpb@1.4.2 + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - github.com/argoproj/pkg/grpc/http@#d56162821bd1 + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + k8s.io/client-go/tools/cache@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/client-go/rest@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3959,28 +2573,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 - - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/kubernetes@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.17 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + k8s.io/client-go/applyconfigurations/meta/v1@0.24.17 - go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + k8s.io/client-go/discovery@0.24.17 - github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + k8s.io/client-go/rest@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -3989,15 +2594,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 - google.golang.org/grpc@1.58.3 + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/tools/cache@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/client-go/rest@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -4006,15 +2615,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + k8s.io/client-go/tools/clientcmd@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + + k8s.io/apimachinery/pkg/watch@0.24.17 + + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4023,15 +2638,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + k8s.io/client-go/discovery@0.24.17 + + k8s.io/client-go/kubernetes/scheme@0.24.17 + + k8s.io/api/storage/v1beta1@0.24.17 + + k8s.io/api/core/v1@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -4040,15 +2661,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + k8s.io/client-go/dynamic@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4057,15 +2684,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/tools/cache@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/tools/pager@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/watch@0.24.17 + + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4074,15 +2707,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - google.golang.org/grpc@1.58.3 + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - google.golang.org/grpc/internal/transport@1.58.3 + github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - google.golang.org/grpc/internal/pretty@1.58.3 + github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/kubectl/pkg/util/openapi@0.24.17 + + k8s.io/client-go/discovery@0.24.17 + + k8s.io/client-go/rest@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4091,15 +2730,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f + + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f + + github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f + + github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - google.golang.org/grpc@1.58.3 + k8s.io/kubectl/pkg/util/openapi@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/discovery@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/client-go/rest@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -4108,15 +2753,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + sigs.k8s.io/controller-runtime@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 - google.golang.org/grpc@1.58.3 + sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/tools/cache@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/client-go/rest@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -4125,15 +2776,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc@1.58.3 + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - google.golang.org/grpc/internal/transport@1.58.3 + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/client-go/dynamic@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/client-go/rest@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -4142,17 +2799,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/watch@0.24.17 + + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4161,17 +2824,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 + + k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -4180,17 +2849,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf + + k8s.io/client-go/tools/clientcmd@0.24.17 + + k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 + + k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -4199,17 +2874,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + k8s.io/kubectl/pkg/util/openapi@0.24.17 + + k8s.io/client-go/discovery@0.24.17 + + k8s.io/client-go/kubernetes/scheme@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/api/storage/v1beta1@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/api/core/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4218,17 +2899,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + k8s.io/client-go/kubernetes@0.24.17 + + k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 + + k8s.io/client-go/kubernetes/scheme@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/api/storage/v1beta1@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/api/core/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4237,17 +2924,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#b0fffe419a0f + + k8s.io/kubernetes/pkg/apis/storage/install@1.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/api/storage/v1alpha1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/api/core/v1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/watch@0.24.17 + + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4256,17 +2949,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + k8s.io/client-go/dynamic@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -4275,17 +2974,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f - google.golang.org/grpc@1.58.3 + github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - google.golang.org/grpc/internal/transport@1.58.3 + github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - google.golang.org/grpc/internal/pretty@1.58.3 + github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - github.com/golang/protobuf/jsonpb@1.4.2 + github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/kubectl/pkg/util/openapi@0.24.17 + + k8s.io/client-go/discovery@0.24.17 + + k8s.io/client-go/rest@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4294,17 +2999,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - google.golang.org/grpc@1.58.3 + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - google.golang.org/grpc/internal/transport@1.58.3 + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/client-go/dynamic@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/client-go/rest@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -4313,17 +3024,25 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f + + k8s.io/kubectl/pkg/util/openapi@0.24.17 + + k8s.io/client-go/discovery@0.24.17 + + k8s.io/client-go/kubernetes/scheme@0.24.17 + + k8s.io/api/storage/v1beta1@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/api/core/v1@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -4332,17 +3051,25 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f + + k8s.io/kubectl/pkg/util/openapi@0.24.17 + + k8s.io/client-go/discovery@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/kubernetes/scheme@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/api/storage/v1beta1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/api/core/v1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/watch@0.24.17 + + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4351,19 +3078,25 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + k8s.io/kubectl/pkg/util/openapi@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/discovery@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/client-go/kubernetes/scheme@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/api/storage/v1beta1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/api/core/v1@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + + k8s.io/apimachinery/pkg/watch@0.24.17 + + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4372,19 +3105,25 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/reflection@1.58.3 + sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + k8s.io/client-go/tools/cache@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/tools/pager@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/util/net@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + golang.org/x/net/http2@0.19.0 @@ -4393,19 +3132,27 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - google.golang.org/grpc/health@1.58.3 + sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + + k8s.io/client-go/restmapper@0.24.17 - google.golang.org/grpc/health/grpc_health_v1@1.58.3 + k8s.io/client-go/discovery@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/client-go/kubernetes/scheme@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/api/storage/v1beta1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/api/core/v1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/watch@0.24.17 + + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4414,21 +3161,27 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + k8s.io/client-go/dynamic@0.24.17 - google.golang.org/grpc@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4437,23 +3190,29 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - google.golang.org/grpc@1.58.3 + sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + + sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + + k8s.io/client-go/dynamic@0.24.17 - google.golang.org/grpc/internal/transport@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - google.golang.org/grpc/internal/pretty@1.58.3 + k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - github.com/golang/protobuf/jsonpb@1.4.2 + k8s.io/apimachinery/pkg/watch@0.24.17 - google.golang.org/protobuf/encoding/protojson@1.31.0 + k8s.io/apimachinery/pkg/util/net@0.24.17 + + golang.org/x/net/http2@0.19.0 @@ -4465,27 +3224,27 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      -

      Note:

      -

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

      Remediation

      -

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Authentication Bypass by Capture-replay

    +

    LGPL-3.0 license

    @@ -4502,15 +3261,15 @@

    Authentication Bypass by Capture-replay

    Package Manager: golang
  • - Vulnerable module: + Module: - golang.org/x/crypto/ssh + gopkg.in/retry.v1
  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others
    • @@ -4524,115 +3283,69 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - golang.org/x/crypto/ssh@0.16.0 - - - - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 + github.com/Azure/kubelogin/pkg/token@0.0.20 - golang.org/x/crypto/ssh@0.16.0 + gopkg.in/retry.v1@1.0.3
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - + -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh@0.16.0 - - +
    • - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 - - +
    + +

    LGPL-3.0 license

    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - +
    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh@0.16.0 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 - - golang.org/x/crypto/ssh/agent@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 - - +
    • +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    - +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/whilp/git-urls +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -4641,15 +3354,9 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -4658,15 +3365,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/go-git/go-git/v5@5.11.0 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -4675,15 +3378,11 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - - github.com/xanzy/ssh-agent@0.3.3 + github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - golang.org/x/crypto/ssh/agent@0.16.0 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -4692,17 +3391,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/go-git/go-git/v5@5.11.0 + github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - github.com/skeema/knownhosts@1.2.1 - - golang.org/x/crypto/ssh/knownhosts@0.16.0 - - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -4711,17 +3406,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/go-git/go-git/v5@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - - github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - github.com/xanzy/ssh-agent@0.3.3 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - golang.org/x/crypto/ssh/agent@0.16.0 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - golang.org/x/crypto/ssh@0.16.0 + github.com/whilp/git-urls@1.0.2 @@ -4733,46 +3424,99 @@

      Detailed paths

      Overview

      -

      golang.org/x/crypto/ssh is a SSH client and server

      -

      Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

      -

      Note:

      +

      github.com/whilp/git-urls is a Git URLs parser

      +

      Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

      +

      Note: + This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

      +

      PoC

      + 
      
+        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
+        malicious_url := "6en6ar@-:0////" + payload + "\"
+        begin := time.Now()
+        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
+        _, err := giturls.ParseScp(malicious_url)
+        if err != nil {
+        fmt.Errorf("[ - ] Error ->" + err.Error())
+        }
+        //fmt.Println("[ + ] Url --> " + u.Host)
+        elapse := time.Since(begin)
+        fmt.Printf("Function took %s", elapse)
+
      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

      +

      The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

      +

      Let’s take the following regular expression as an example:

      + 
      regex = /A(B|C+)+D/
+
      +

      This regular expression accomplishes the following:

      +
        +
      • A The string must start with the letter 'A'
        • +
      • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
        • +
      • D Finally, we ensure this section of the string ends with a 'D'
        • +
      +

      The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

      +

      It most cases, it doesn't take very long for a regex engine to find a match:

      + 
      $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
      +

      The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

      +

      Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

      +

      Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

        -

      1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

        -
        2. -

      2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

        -
        3. +
      3. CCC
        4. +
      4. CC+C
        5. +
      5. C+CC
        6. +
      6. C+C+C.
      -

      Impact:

      -

      While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

      -

      Workaround

      -

      Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

      +

      The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

      +

      From there, the number of steps the engine must use to validate a string just continues to grow.

      + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      StringNumber of C'sNumber of steps
      ACCCX338
      ACCCCX471
      ACCCCCX5136
      ACCCCCCCCCCCCCCX1465,553
      +

      By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

      Remediation

      -

      Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

      +

      There is no fixed version for github.com/whilp/git-urls.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -4947,7 +3691,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.86.0 + github.com/xanzy/go-gitlab@0.91.1 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -4958,7 +3702,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -4971,9 +3715,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -4986,9 +3730,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5001,11 +3745,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5018,11 +3762,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5097,7 +3841,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.86.0 + github.com/xanzy/go-gitlab@0.91.1 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -5108,7 +3852,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/xanzy/go-gitlab@0.86.0 + github.com/xanzy/go-gitlab@0.91.1 github.com/hashicorp/go-retryablehttp@0.7.4 @@ -5121,7 +3865,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5136,9 +3880,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5153,9 +3897,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5170,11 +3914,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5189,11 +3933,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 @@ -5278,77 +4022,6 @@

    Detailed paths

    More about this vulnerability

    -
    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/coreos/go-oidc/v3/oidc@3.6.0 - - github.com/go-jose/go-jose/v3@3.0.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Template Injection

    diff --git a/docs/snyk/v2.10.6/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.9.16/ghcr.io_dexidp_dex_v2.37.0.html similarity index 92% rename from docs/snyk/v2.10.6/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.9.16/ghcr.io_dexidp_dex_v2.37.0.html index 101ae0b6a9dfe..ca5ef437303df 100644 --- a/docs/snyk/v2.10.6/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.9.16/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:22:16 am (UTC+00:00)

    +

    May 26th 2024, 12:23:06 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    44 known vulnerabilities
    -
    130 vulnerable dependency paths
    +
    46 known vulnerabilities
    +
    142 vulnerable dependency paths
    786 dependencies
    @@ -1084,6 +1084,7 @@

    Remediation

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    References

    @@ -2043,6 +2046,10 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -2196,6 +2203,7 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
  • https://www.openssl.org/news/secadv/20240125.txt
  • https://security.netapp.com/advisory/ntap-20240208-0006/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • @@ -2732,9 +2740,12 @@

    References

  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • +
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • +
  • Jenkins Advisory
  • Security Release
    • +
  • Nuclei Templates
    • @@ -4285,6 +4296,114 @@

    References

    More about this vulnerability

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/busybox@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + busybox/busybox@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/busybox-binsh@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    +

    Remediation

    +

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-6237

    @@ -4401,9 +4520,38 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    @@ -4553,6 +4701,8 @@

    References

  • https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
  • https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
  • https://www.openssl.org/news/secadv/20240408.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/04/08/5
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0013/
    • @@ -4562,6 +4712,164 @@

    References

    +
    +

    CVE-2024-4603

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DSA keys or parameters may be very + slow.

    +

    Impact summary: Applications that use the functions EVP_PKEY_param_check() + or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may + experience long delays. Where the key or parameters that are being checked + have been obtained from an untrusted source this may lead to a Denial of + Service.

    +

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform + various checks on DSA parameters. Some of those computations take a long time + if the modulus (p parameter) is too large.

    +

    Trying to use a very large modulus is slow and OpenSSL will not allow using + public keys with a modulus which is over 10,000 bits in length for signature + verification. However the key and parameter check functions do not limit + the modulus size when performing the checks.

    +

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() + and supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

    +

    These functions are not called by OpenSSL itself on untrusted DSA keys so + only applications that directly call these functions may be vulnerable.

    +

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications + when using the -check option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.10.6/haproxy_2.6.14-alpine.html b/docs/snyk/v2.9.16/haproxy_2.6.14-alpine.html similarity index 79% rename from docs/snyk/v2.10.6/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.9.16/haproxy_2.6.14-alpine.html index 5dea7803fab7b..e92c7d4b77a33 100644 --- a/docs/snyk/v2.10.6/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.9.16/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 14th 2024, 12:22:21 am (UTC+00:00)

    +

    May 26th 2024, 12:23:10 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    6 known vulnerabilities
    -
    54 vulnerable dependency paths
    +
    8 known vulnerabilities
    +
    68 vulnerable dependency paths
    18 dependencies
    @@ -851,6 +851,7 @@

    References

  • https://www.openssl.org/news/secadv/20231106.txt
  • http://www.openwall.com/lists/oss-security/2023/11/06/2
  • https://security.netapp.com/advisory/ntap-20231130-0010/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • @@ -1036,6 +1037,10 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -1211,6 +1216,7 @@

    References

  • https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
  • https://www.openssl.org/news/secadv/20240125.txt
  • https://security.netapp.com/advisory/ntap-20240208-0006/
    • +
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • @@ -1219,6 +1225,114 @@

    References

    More about this vulnerability

    +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + busybox/busybox +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/busybox@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r2 + + busybox/busybox@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/busybox-binsh@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + alpine-baselayout/alpine-baselayout@3.4.3-r1 + + busybox/busybox-binsh@1.36.1-r2 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    +

    Remediation

    +

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2023-6237

    @@ -1357,9 +1471,38 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    @@ -1531,6 +1674,8 @@

    References

  • https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
  • https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
  • https://www.openssl.org/news/secadv/20240408.txt
    • +
  • http://www.openwall.com/lists/oss-security/2024/04/08/5
    • +
  • https://security.netapp.com/advisory/ntap-20240503-0013/
    • @@ -1540,6 +1685,186 @@

    References

    +
    +

    CVE-2024-4603

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long DSA keys or parameters may be very + slow.

    +

    Impact summary: Applications that use the functions EVP_PKEY_param_check() + or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may + experience long delays. Where the key or parameters that are being checked + have been obtained from an untrusted source this may lead to a Denial of + Service.

    +

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform + various checks on DSA parameters. Some of those computations take a long time + if the modulus (p parameter) is too large.

    +

    Trying to use a very large modulus is slow and OpenSSL will not allow using + public keys with a modulus which is over 10,000 bits in length for signature + verification. However the key and parameter check functions do not limit + the modulus size when performing the checks.

    +

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() + and supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

    +

    These functions are not called by OpenSSL itself on untrusted DSA keys so + only applications that directly call these functions may be vulnerable.

    +

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications + when using the -check option.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    diff --git a/docs/snyk/v2.11.0-rc1/quay.io_argoproj_argocd_v2.11.0-rc1.html b/docs/snyk/v2.9.16/quay.io_argoproj_argocd_v2.9.16.html similarity index 84% rename from docs/snyk/v2.11.0-rc1/quay.io_argoproj_argocd_v2.11.0-rc1.html rename to docs/snyk/v2.9.16/quay.io_argoproj_argocd_v2.9.16.html index 922d3c815fe4b..e45a7cc8e2c99 100644 --- a/docs/snyk/v2.11.0-rc1/quay.io_argoproj_argocd_v2.11.0-rc1.html +++ b/docs/snyk/v2.9.16/quay.io_argoproj_argocd_v2.9.16.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    April 14th 2024, 12:20:27 am (UTC+00:00)

    +

    May 26th 2024, 12:23:31 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc1//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc1/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.0-rc1/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.16/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.9.16/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.16//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.16/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.16/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    33 known vulnerabilities
    -
    177 vulnerable dependency paths
    -
    2276 dependencies
    +
    28 known vulnerabilities
    +
    162 vulnerable dependency paths
    +
    2190 dependencies
    @@ -481,7 +481,7 @@

    Snyk test report

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    @@ -492,7 +492,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -500,12 +500,12 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + google.golang.org/grpc
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2
    • @@ -520,16 +520,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.19.0 - - - - -
  • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.17.0 + google.golang.org/grpc@v1.56.2 @@ -541,50 +532,62 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    +

    google.golang.org/grpc is a Go implementation of gRPC

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    +

    Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -
    -

    CVE-2020-22916

    +
    +

    Allocation of Resources Without Limits or Throttling

    -
    - medium severity +
    + high severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - xz-utils/liblzma5 + golang.org/x/net/http2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and xz-utils/liblzma5@5.2.5-2ubuntu1 + github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0
    @@ -597,9 +600,18 @@

    Detailed paths

    -

    CVE-2023-51767

    +

    CVE-2020-22916

    @@ -647,7 +654,7 @@

    CVE-2023-51767

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -655,12 +662,12 @@

      CVE-2023-51767

    • Vulnerable module: - openssh/openssh-client + xz-utils/liblzma5
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 + docker-image|quay.io/argoproj/argocd@v2.9.16 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -673,9 +680,9 @@

    Detailed paths

    @@ -723,7 +730,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -736,7 +743,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.9.16 and libgcrypt20@1.9.4-3ubuntu3
    @@ -749,7 +756,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 libgcrypt20@1.9.4-3ubuntu3 @@ -758,7 +765,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -769,7 +776,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -780,7 +787,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 apt@2.4.12 @@ -793,7 +800,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 apt@2.4.12 @@ -806,7 +813,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -819,7 +826,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -832,7 +839,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -845,7 +852,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -858,7 +865,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -871,7 +878,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -884,7 +891,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 apt@2.4.12 @@ -914,6 +921,7 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • +
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -924,7 +932,7 @@

    References

    -

    CVE-2024-26461

    +

    CVE-2024-26462

    @@ -935,7 +943,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -948,7 +956,7 @@

      CVE-2024-26461

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.16 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -961,7 +969,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -970,7 +978,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 adduser@3.118ubuntu5 @@ -991,7 +999,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 adduser@3.118ubuntu5 @@ -1014,7 +1022,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1023,7 +1031,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 adduser@3.118ubuntu5 @@ -1044,7 +1052,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1053,9 +1061,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1064,7 +1072,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 git@1:2.34.1-1ubuntu1.10 @@ -1077,7 +1085,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 git@1:2.34.1-1ubuntu1.10 @@ -1092,7 +1100,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 adduser@3.118ubuntu5 @@ -1111,7 +1119,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1127,24 +1135,25 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

      +

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

      Remediation

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-26462

    +

    LGPL-3.0 license

    @@ -1155,20 +1164,20 @@

    CVE-2024-26462

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - krb5/libk5crypto3 + gopkg.in/retry.v1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
    @@ -1181,159 +1190,129 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + github.com/argoproj/argo-cd/v2@* - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + gopkg.in/retry.v1@v1.0.3
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - +
    - +
    + +
    + +

    LGPL-3.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + github.com/argoproj/argo-cd/v2@* - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + github.com/r3labs/diff@v1.1.0
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-version +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + github.com/argoproj/argo-cd/v2@* - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 + github.com/hashicorp/go-version@v1.2.1 @@ -1344,307 +1323,17 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
    -
    -

    CVE-2024-26458

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - krb5/libk5crypto3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - openssh/openssh-client@1:8.9p1-3ubuntu0.6 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - krb5/libkrb5support0@1.19.2-2ubuntu0.3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/retry.v1@v1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    +

    MPL-2.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Infinite loop

    +

    MPL-2.0 license

    @@ -1655,20 +1344,20 @@

    Infinite loop

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Vulnerable module: + Module: - google.golang.org/protobuf/internal/encoding/json + github.com/hashicorp/go-retryablehttp
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4
    @@ -1683,7 +1372,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - google.golang.org/protobuf/internal/encoding/json@v1.31.0 + github.com/hashicorp/go-retryablehttp@v0.7.4 @@ -1694,28 +1383,17 @@

    Detailed paths

    -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - +

    MPL-2.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Stack-based Buffer Overflow

    +

    MPL-2.0 license

    @@ -1726,20 +1404,20 @@

    Stack-based Buffer Overflow

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.16/helm/v3 /usr/local/bin/helm
    • Package Manager: golang
    • - Vulnerable module: + Module: - google.golang.org/protobuf/encoding/protojson + github.com/hashicorp/go-multierror
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
    @@ -1752,9 +1430,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - google.golang.org/protobuf/encoding/protojson@v1.31.0 + github.com/hashicorp/go-multierror@v1.1.1 @@ -1765,25 +1443,17 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

      -

      Remediation

      -

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Infinite loop

    +

    MPL-2.0 license

    @@ -1794,20 +1464,20 @@

    Infinite loop

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Vulnerable module: + Module: - google.golang.org/protobuf/encoding/protojson + github.com/hashicorp/go-cleanhttp
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
    @@ -1822,7 +1492,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - google.golang.org/protobuf/encoding/protojson@v1.31.0 + github.com/hashicorp/go-cleanhttp@v0.5.2 @@ -1833,28 +1503,17 @@

    Detailed paths

    -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - +

    MPL-2.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Information Exposure

    +

    MPL-2.0 license

    @@ -1865,20 +1524,20 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - gnutls28/libgnutls30 + github.com/gosimple/slug
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1
    @@ -1891,74 +1550,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + github.com/argoproj/argo-cd/v2@* - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + github.com/gosimple/slug@v1.13.1 @@ -1969,42 +1563,28 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 gnutls28.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Uncaught Exception

    +
    +

    CVE-2023-7008

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2012,12 +1592,12 @@

      Uncaught Exception

    • Vulnerable module: - gnutls28/libgnutls30 + systemd/libsystemd0
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + docker-image|quay.io/argoproj/argocd@v2.9.16 and systemd/libsystemd0@249.11-0ubuntu3.12
    @@ -2030,206 +1610,110 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 apt@2.4.12 - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - gnupg2/dirmngr@2.2.27-3ubuntu2.1 + procps/libprocps8@2:3.3.17-6ubuntu2.1 - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + util-linux@2.37.2-4ubuntu3.4 - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + util-linux/bsdutils@1:2.37.2-4ubuntu3.4 - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - git@1:2.34.1-1ubuntu1.10 + docker-image|quay.io/argoproj/argocd@v2.9.16 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + apt@2.4.12 - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + apt/libapt-pkg6.0@2.4.12 - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + systemd/libsystemd0@249.11-0ubuntu3.12
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 gnutls28.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.9.16 - github.com/r3labs/diff@v1.1.0 + systemd/libudev1@249.11-0ubuntu3.12
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
      • -
    - -
    - +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + libfido2/libfido2-1@1.10.0-1 + + systemd/libudev1@249.11-0ubuntu3.12 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + util-linux@2.37.2-4ubuntu3.4 + + systemd/libudev1@249.11-0ubuntu3.12 + + -
    • -
    -

    MPL-2.0 license

    +
    +

    Arbitrary Code Injection

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-retryablehttp + shadow/passwd
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 + docker-image|quay.io/argoproj/argocd@v2.9.16 and shadow/passwd@1:4.8.1-2ubuntu2.2
    @@ -2287,9 +1788,40 @@

    Detailed paths

    -
    -

    MPL-2.0 license

    +
    +

    Uncontrolled Recursion

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-multierror + pcre3/libpcre3
    • Introduced through: - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 + docker-image|quay.io/argoproj/argocd@v2.9.16 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -2347,9 +1892,20 @@

    Detailed paths

    -
    -

    MPL-2.0 license

    +
    +

    Release of Invalid Pointer or Reference

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-cleanhttp + patch
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + docker-image|quay.io/argoproj/argocd@v2.9.16 and patch@2.7.6-7build2
    @@ -2407,9 +1980,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.9.16 - github.com/hashicorp/go-cleanhttp@v0.5.2 + patch@2.7.6-7build2 @@ -2420,41 +1993,51 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 patch.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    MPL-2.0 license

    +
    +

    Double Free

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/gosimple/slug + patch
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + docker-image|quay.io/argoproj/argocd@v2.9.16 and patch@2.7.6-7build2
    @@ -2467,9 +2050,9 @@

    Detailed paths

    -

    CVE-2023-7008

    +

    CVE-2023-50495

    @@ -2501,7 +2099,7 @@

    CVE-2023-7008

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2509,12 +2107,12 @@

      CVE-2023-7008

    • Vulnerable module: - systemd/libsystemd0 + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.9.16 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -2524,113 +2122,203 @@

    CVE-2023-7008

    Detailed paths

    -
      +
        +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + bash@5.1-6ubuntu1.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + less@590-1ubuntu0.22.04.3 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + libedit/libedit2@3.1-20210910-1build1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libncurses6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - apt@2.4.12 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - procps/libprocps8@2:3.3.17-6ubuntu2.1 + procps@2:3.3.17-6ubuntu2.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - util-linux@2.37.2-4ubuntu3.3 + util-linux@2.37.2-4ubuntu3.4 - systemd/libsystemd0@249.11-0ubuntu3.12 + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - util-linux/bsdutils@1:2.37.2-4ubuntu3.3 + gnupg2/gpg@2.2.27-3ubuntu2.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + readline/libreadline8@8.1.2-1 + + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - apt@2.4.12 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - apt/libapt-pkg6.0@2.4.12 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - systemd/libsystemd0@249.11-0ubuntu3.12 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - systemd/libudev1@249.11-0ubuntu3.12 + ncurses/libncursesw6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - libfido2/libfido2-1@1.10.0-1 + procps@2:3.3.17-6ubuntu2.1 - systemd/libudev1@249.11-0ubuntu3.12 + ncurses/libncursesw6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 - util-linux@2.37.2-4ubuntu3.3 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - systemd/libudev1@249.11-0ubuntu3.12 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2ubuntu0.1
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - apt@2.4.12 + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 - apt/libapt-pkg6.0@2.4.12 + procps@2:3.3.17-6ubuntu2.1 - systemd/libudev1@249.11-0ubuntu3.12 + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + ncurses/ncurses-base@6.3-2ubuntu0.1 + + + +
        • +
      • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -2642,31 +2330,29 @@

        Detailed paths

        NVD Description

        -

        Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. +

        Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

        -

        A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

        +

        NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

        Remediation

        -

        There is no fixed version for Ubuntu:22.04 systemd.

        +

        There is no fixed version for Ubuntu:22.04 ncurses.

        References

        -

        More about this vulnerability

        +

        More about this vulnerability

    -

    Arbitrary Code Injection

    +

    CVE-2023-45918

    @@ -2677,7 +2363,7 @@

    Arbitrary Code Injection

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2685,12 +2371,12 @@

      Arbitrary Code Injection

    • Vulnerable module: - shadow/passwd + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.9.16 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -2703,201 +2389,200 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - adduser@3.118ubuntu5 + bash@5.1-6ubuntu1.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + ncurses/libncursesw6@6.3-2ubuntu0.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - shadow/login@1:4.8.1-2ubuntu2.2 + less@590-1ubuntu0.22.04.3 + + ncurses/libtinfo6@6.3-2ubuntu0.1
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncontrolled Recursion

    -
    - -
    - low severity -
    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + libedit/libedit2@3.1-20210910-1build1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + ncurses/libncurses6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + ncurses/ncurses-bin@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + - pcre3/libpcre3 -
      • + +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
    • Introduced through: +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + util-linux@2.37.2-4ubuntu3.4 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + readline/libreadline8@8.1.2-1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
      • -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + -
    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + -
      +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + ncurses/libncurses6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - grep@3.7-1build1 + procps@2:3.3.17-6ubuntu2.1 - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + ncurses/libncurses6@6.3-2ubuntu0.1
      • -
    - -
    • - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 pcre3.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and patch@2.7.6-7build2 - -
      • -
    - -
    - - -

    Detailed paths

    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.16 + + ncurses/ncurses-base@6.3-2ubuntu0.1 + + -
    • -

    Double Free

    +

    Resource Exhaustion

    @@ -2939,7 +2625,7 @@

    Double Free

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2947,12 +2633,12 @@

      Double Free

    • Vulnerable module: - patch + libzstd/libzstd1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.9.16 and libzstd/libzstd1@1.4.8+dfsg-3build1
    @@ -2965,9 +2651,9 @@

    Detailed paths

    -

    CVE-2023-50495

    +

    Integer Overflow or Wraparound

    @@ -3014,7 +2702,7 @@

    CVE-2023-50495

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3022,12 +2710,12 @@

      CVE-2023-50495

    • Vulnerable module: - ncurses/libtinfo6 + krb5/libk5crypto3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.9.16 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3040,200 +2728,159 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - bash@5.1-6ubuntu1.1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncursesw6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + libnsl/libnsl2@1.3.0-2build2 - less@590-1ubuntu0.22.04.2 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - libedit/libedit2@3.1-20210910-1build1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncurses6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + libnsl/libnsl2@1.3.0-2build2 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - procps@2:3.3.17-6ubuntu2.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - util-linux@2.37.2-4ubuntu3.3 + docker-image|quay.io/argoproj/argocd@v2.9.16 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + adduser@3.118ubuntu5 - readline/libreadline8@8.1.2-1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + libnsl/libnsl2@1.3.0-2build2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - pinentry/pinentry-curses@1.1.1-1build2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - procps@2:3.3.17-6ubuntu2.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + git@1:2.34.1-1ubuntu1.10 - pinentry/pinentry-curses@1.1.1-1build2 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + git@1:2.34.1-1ubuntu1.10 - procps@2:3.3.17-6ubuntu2.1 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncurses6@6.3-2ubuntu0.1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 - ncurses/ncurses-base@6.3-2ubuntu0.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -3245,29 +2892,30 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

      +

      An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 ncurses.

      +

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-45918

    +

    CVE-2024-26461

    @@ -3278,7 +2926,7 @@

    CVE-2023-45918

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3286,12 +2934,12 @@

      CVE-2023-45918

    • Vulnerable module: - ncurses/libtinfo6 + krb5/libk5crypto3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.9.16 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3304,271 +2952,159 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - bash@5.1-6ubuntu1.1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncursesw6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + libnsl/libnsl2@1.3.0-2build2 - less@590-1ubuntu0.22.04.2 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - libedit/libedit2@3.1-20210910-1build1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libncurses6@6.3-2ubuntu0.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + libnsl/libnsl2@1.3.0-2build2 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - procps@2:3.3.17-6ubuntu2.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - util-linux@2.37.2-4ubuntu3.3 + docker-image|quay.io/argoproj/argocd@v2.9.16 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + adduser@3.118ubuntu5 - readline/libreadline8@8.1.2-1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + libnsl/libnsl2@1.3.0-2build2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - pinentry/pinentry-curses@1.1.1-1build2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - procps@2:3.3.17-6ubuntu2.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + git@1:2.34.1-1ubuntu1.10 - pinentry/pinentry-curses@1.1.1-1build2 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncursesw6@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + git@1:2.34.1-1ubuntu1.10 - procps@2:3.3.17-6ubuntu2.1 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - ncurses/ncurses-base@6.3-2ubuntu0.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 ncurses.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Resource Exhaustion

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - libzstd/libzstd1 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and libzstd/libzstd1@1.4.8+dfsg-3build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    -

    Integer Overflow or Wraparound

    +

    CVE-2024-26458

    @@ -3617,7 +3147,7 @@

    Integer Overflow or Wraparound

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3630,7 +3160,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.16 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3643,7 +3173,7 @@

    Detailed paths

    @@ -3841,7 +3368,7 @@

    Out-of-bounds Write

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3854,7 +3381,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.9.16 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -3867,7 +3394,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -3876,7 +3403,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 apt@2.4.12 @@ -3887,7 +3414,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3898,7 +3425,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3909,7 +3436,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3920,7 +3447,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3933,7 +3460,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3946,7 +3473,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -3955,7 +3482,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3966,7 +3493,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3979,7 +3506,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -3988,7 +3515,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3999,7 +3526,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4008,7 +3535,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4019,7 +3546,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4028,7 +3555,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4039,7 +3566,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4052,7 +3579,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4065,7 +3592,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4074,7 +3601,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4085,7 +3612,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4098,7 +3625,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4111,7 +3638,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4120,7 +3647,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4131,7 +3658,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4140,7 +3667,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4151,7 +3678,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4160,7 +3687,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4171,7 +3698,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4220,7 +3747,7 @@

      Allocation of Resources Without Limits or Throttling

    • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -4233,7 +3760,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and glibc/libc-bin@2.35-0ubuntu3.6 + docker-image|quay.io/argoproj/argocd@v2.9.16 and glibc/libc-bin@2.35-0ubuntu3.7
    @@ -4246,18 +3773,18 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - glibc/libc-bin@2.35-0ubuntu3.6 + glibc/libc-bin@2.35-0ubuntu3.7
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 - glibc/libc6@2.35-0ubuntu3.6 + glibc/libc6@2.35-0ubuntu3.7 @@ -4301,7 +3828,7 @@

      Improper Input Validation

      • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -4315,7 +3842,7 @@

        Improper Input Validation

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.9.16, git@1:2.34.1-1ubuntu1.10 and others
      @@ -4327,7 +3854,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 git@1:2.34.1-1ubuntu1.10 @@ -4338,7 +3865,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 git@1:2.34.1-1ubuntu1.10 @@ -4347,7 +3874,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 git-lfs@3.0.2-1ubuntu0.2 @@ -4394,7 +3921,7 @@

        Uncontrolled Recursion

        • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -4407,7 +3934,7 @@

          Uncontrolled Recursion

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.9.16 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
        @@ -4420,7 +3947,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4429,7 +3956,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 apt@2.4.12 @@ -4440,7 +3967,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 apt@2.4.12 @@ -4453,7 +3980,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4462,7 +3989,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4509,7 +4036,7 @@

          Improper Input Validation

          • - Manifest file: quay.io/argoproj/argocd:v2.11.0-rc1/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.16/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -4522,7 +4049,7 @@

            Improper Input Validation

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.9.16 and coreutils@8.32-4.1ubuntu1.2
          @@ -4535,7 +4062,7 @@

          Detailed paths

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.0-rc1 + docker-image|quay.io/argoproj/argocd@v2.9.16 coreutils@8.32-4.1ubuntu1.2 diff --git a/docs/snyk/v2.9.16/redis_7.0.15-alpine.html b/docs/snyk/v2.9.16/redis_7.0.15-alpine.html new file mode 100644 index 0000000000000..cbeaee86c57d8 --- /dev/null +++ b/docs/snyk/v2.9.16/redis_7.0.15-alpine.html @@ -0,0 +1,484 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
            +
            +
            +
            + + + Snyk - Open Source Security + + + + + + + +
            +

            Snyk test report

            + +

            May 26th 2024, 12:23:38 am (UTC+00:00)

            +
            +
            + Scanned the following paths: +
              +
            • redis:7.0.15-alpine (apk)
              • +
            • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
              • +
            +
            + +
            +
            0 known vulnerabilities
            +
            0 vulnerable dependency paths
            +
            18 dependencies
            +
            +
            +
            +
            + +
            + No known vulnerabilities detected. +
            +
            + + + diff --git a/docs/user-guide/commands/argocd_admin.md b/docs/user-guide/commands/argocd_admin.md index 7966e5a3cb9b1..0aa338f1570e2 100644 --- a/docs/user-guide/commands/argocd_admin.md +++ b/docs/user-guide/commands/argocd_admin.md @@ -11,84 +11,9 @@ argocd admin [flags] ### Examples ``` -# List all clusters -$ argocd admin cluster list - -# Add a new cluster -$ argocd admin cluster add my-cluster --name my-cluster --in-cluster-context - -# Remove a cluster -argocd admin cluster remove my-cluster - -# List all projects -$ argocd admin project list - -# Create a new project -$argocd admin project create my-project --src-namespace my-source-namespace --dest-namespace my-dest-namespace - -# Update a project -$ argocd admin project update my-project --src-namespace my-updated-source-namespace --dest-namespace my-updated-dest-namespace - -# Delete a project -$ argocd admin project delete my-project - -# List all settings -$ argocd admin settings list - -# Get the current settings -$ argocd admin settings get - -# Update settings -$ argocd admin settings update --repository.resync --value 15 - -# List all applications -$ argocd admin app list - -# Get application details -$ argocd admin app get my-app - -# Sync an application -$ argocd admin app sync my-app - -# Pause an application -$ argocd admin app pause my-app - -# Resume an application -$ argocd admin app resume my-app - -# List all repositories -$ argocd admin repo list - -# Add a repository -$ argocd admin repo add https://github.com/argoproj/my-repo.git - -# Remove a repository -$ argocd admin repo remove https://github.com/argoproj/my-repo.git - -# Import an application from a YAML file -$ argocd admin app import -f my-app.yaml - -# Export an application to a YAML file -$ argocd admin app export my-app -o my-exported-app.yaml - # Access the Argo CD web UI $ argocd admin dashboard -# List notifications -$ argocd admin notification list - -# Get notification details -$ argocd admin notification get my-notification - -# Create a new notification -$ argocd admin notification create my-notification -f notification-config.yaml - -# Update a notification -$ argocd admin notification update my-notification -f updated-notification-config.yaml - -# Delete a notification -$ argocd admin notification delete my-notification - # Reset the initial admin password $ argocd admin initial-password reset @@ -139,6 +64,7 @@ $ argocd admin initial-password reset * [argocd admin initial-password](argocd_admin_initial-password.md) - Prints initial password to log in to Argo CD for the first time * [argocd admin notifications](argocd_admin_notifications.md) - Set of CLI commands that helps manage notifications settings * [argocd admin proj](argocd_admin_proj.md) - Manage projects configuration +* [argocd admin redis-initial-password](argocd_admin_redis-initial-password.md) - Ensure the Redis password exists, creating a new one if necessary. * [argocd admin repo](argocd_admin_repo.md) - Manage repositories configuration * [argocd admin settings](argocd_admin_settings.md) - Provides set of commands for settings validation and troubleshooting diff --git a/docs/user-guide/commands/argocd_admin_app_get-reconcile-results.md b/docs/user-guide/commands/argocd_admin_app_get-reconcile-results.md index 29fa5d54d9388..4e696bd994903 100644 --- a/docs/user-guide/commands/argocd_admin_app_get-reconcile-results.md +++ b/docs/user-guide/commands/argocd_admin_app_get-reconcile-results.md @@ -11,32 +11,33 @@ argocd admin app get-reconcile-results PATH [flags] ### Options ``` - --as string Username to impersonate for the operation - --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. - --as-uid string UID to impersonate for the operation - --certificate-authority string Path to a cert file for the certificate authority - --client-certificate string Path to a client certificate file for TLS - --client-key string Path to a client key file for TLS - --cluster string The name of the kubeconfig cluster to use - --context string The name of the kubeconfig context to use - --disable-compression If true, opt-out of response compression for all requests to the server - -h, --help help for get-reconcile-results - --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure - --kubeconfig string Path to a kube config. Only required if out-of-cluster - --l string Label selector - -n, --namespace string If present, the namespace scope for this CLI request - --o string Output format (yaml|json) (default "yaml") - --password string Password for basic authentication to the API server - --proxy-url string If provided, this URL will be used to connect via proxy - --refresh If set to true then recalculates apps reconciliation - --repo-server string Repo server address. - --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") - --server string The address and port of the Kubernetes API server - --server-side-diff If set to "true" will use server-side diff while comparing resources. Default ("false") - --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. - --token string Bearer token for authentication to the API server - --user string The name of the kubeconfig user to use - --username string Username for basic authentication to the API server + --as string Username to impersonate for the operation + --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. + --as-uid string UID to impersonate for the operation + --certificate-authority string Path to a cert file for the certificate authority + --client-certificate string Path to a client certificate file for TLS + --client-key string Path to a client key file for TLS + --cluster string The name of the kubeconfig cluster to use + --context string The name of the kubeconfig context to use + --disable-compression If true, opt-out of response compression for all requests to the server + -h, --help help for get-reconcile-results + --ignore-normalizer-jq-execution-timeout duration Set ignore normalizer JQ execution timeout (default 1s) + --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + --kubeconfig string Path to a kube config. Only required if out-of-cluster + --l string Label selector + -n, --namespace string If present, the namespace scope for this CLI request + --o string Output format (yaml|json) (default "yaml") + --password string Password for basic authentication to the API server + --proxy-url string If provided, this URL will be used to connect via proxy + --refresh If set to true then recalculates apps reconciliation + --repo-server string Repo server address. + --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") + --server string The address and port of the Kubernetes API server + --server-side-diff If set to "true" will use server-side diff while comparing resources. Default ("false") + --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. + --token string Bearer token for authentication to the API server + --user string The name of the kubeconfig user to use + --username string Username for basic authentication to the API server ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_admin_redis-initial-password.md b/docs/user-guide/commands/argocd_admin_redis-initial-password.md new file mode 100644 index 0000000000000..85e56195758dd --- /dev/null +++ b/docs/user-guide/commands/argocd_admin_redis-initial-password.md @@ -0,0 +1,67 @@ +# `argocd admin redis-initial-password` Command Reference + +## argocd admin redis-initial-password + +Ensure the Redis password exists, creating a new one if necessary. + +``` +argocd admin redis-initial-password [flags] +``` + +### Options + +``` + --as string Username to impersonate for the operation + --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. + --as-uid string UID to impersonate for the operation + --certificate-authority string Path to a cert file for the certificate authority + --client-certificate string Path to a client certificate file for TLS + --client-key string Path to a client key file for TLS + --cluster string The name of the kubeconfig cluster to use + --context string The name of the kubeconfig context to use + --disable-compression If true, opt-out of response compression for all requests to the server + -h, --help help for redis-initial-password + --insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + --kubeconfig string Path to a kube config. Only required if out-of-cluster + -n, --namespace string If present, the namespace scope for this CLI request + --password string Password for basic authentication to the API server + --proxy-url string If provided, this URL will be used to connect via proxy + --request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0") + --server string The address and port of the Kubernetes API server + --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. + --token string Bearer token for authentication to the API server + --user string The name of the kubeconfig user to use + --username string Username for basic authentication to the API server +``` + +### Options inherited from parent commands + +``` + --auth-token string Authentication token + --client-crt string Client certificate file + --client-crt-key string Client certificate key file + --config string Path to Argo CD config (default "/home/user/.config/argocd/config") + --controller-name string Name of the Argo CD Application controller; set this or the ARGOCD_APPLICATION_CONTROLLER_NAME environment variable when the controller's name label differs from the default, for example when installing via the Helm chart (default "argocd-application-controller") + --core If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server + --grpc-web Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. + --grpc-web-root-path string Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root. + -H, --header strings Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers) + --http-retry-max int Maximum number of retries to establish http connection to Argo CD server + --insecure Skip server certificate and domain verification + --kube-context string Directs the command to the given kube-context + --logformat string Set the logging format. One of: text|json (default "text") + --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") + --plaintext Disable TLS + --port-forward Connect to a random argocd-server port using port forwarding + --port-forward-namespace string Namespace name which should be used for port forwarding + --redis-haproxy-name string Name of the Redis HA Proxy; set this or the ARGOCD_REDIS_HAPROXY_NAME environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis-ha-haproxy") + --redis-name string Name of the Redis deployment; set this or the ARGOCD_REDIS_NAME environment variable when the Redis's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis") + --repo-server-name string Name of the Argo CD Repo server; set this or the ARGOCD_REPO_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-repo-server") + --server-crt string Server certificate file + --server-name string Name of the Argo CD API server; set this or the ARGOCD_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-server") +``` + +### SEE ALSO + +* [argocd admin](argocd_admin.md) - Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access + diff --git a/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md b/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md index b051c7c63694b..4be305e40a33c 100644 --- a/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md +++ b/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md @@ -26,8 +26,8 @@ argocd admin settings rbac validate --policy-file policy.csv # i.e. 'policy.csv' and (optionally) 'policy.default' argocd admin settings rbac validate --policy-file argocd-rbac-cm.yaml -# If --policy-file is not given, and instead --namespace is giventhe ConfigMap 'argocd-rbac-cm' -# from K8s is used. +# If --policy-file is not given, and instead --namespace is giventhe ConfigMap 'argocd-rbac-cm' +# from K8s is used. argocd admin settings rbac validate --namespace argocd # Either --policy-file or --namespace must be given. diff --git a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-resource-updates.md b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-resource-updates.md index 69f09208cf42f..0eeefab2713ea 100644 --- a/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-resource-updates.md +++ b/docs/user-guide/commands/argocd_admin_settings_resource-overrides_ignore-resource-updates.md @@ -22,7 +22,8 @@ argocd admin settings resource-overrides ignore-resource-updates ./deploy.yaml - ### Options ``` - -h, --help help for ignore-resource-updates + -h, --help help for ignore-resource-updates + --ignore-normalizer-jq-execution-timeout duration Set ignore normalizer JQ execution timeout (default 1s) ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_app_delete-resource.md b/docs/user-guide/commands/argocd_app_delete-resource.md index 4a305eb4b4489..e397c0c019fa8 100644 --- a/docs/user-guide/commands/argocd_app_delete-resource.md +++ b/docs/user-guide/commands/argocd_app_delete-resource.md @@ -12,12 +12,12 @@ argocd app delete-resource APPNAME [flags] ``` --all Indicates whether to patch multiple matching of resources - --force Indicates whether to orphan the dependents of the deleted resource + --force Indicates whether to force delete the resource --group string Group -h, --help help for delete-resource --kind string Kind --namespace string Namespace - --orphan Indicates whether to force delete the resource + --orphan Indicates whether to orphan the dependents of the deleted resource --project string The name of the application's project - specifying this allows the command to report "not found" instead of "permission denied" if the app does not exist --resource-name string Name of resource ``` diff --git a/docs/user-guide/commands/argocd_app_diff.md b/docs/user-guide/commands/argocd_app_diff.md index 06acfadafed7c..f8c5a15589340 100644 --- a/docs/user-guide/commands/argocd_app_diff.md +++ b/docs/user-guide/commands/argocd_app_diff.md @@ -18,18 +18,19 @@ argocd app diff APPNAME [flags] ### Options ``` - -N, --app-namespace string Only render the difference in namespace - --exit-code Return non-zero exit code when there is a diff (default true) - --hard-refresh Refresh application data as well as target manifests cache - -h, --help help for diff - --local string Compare live app to a local manifests - --local-include stringArray Used with --server-side-generate, specify patterns of filenames to send. Matching is based on filename and not path. (default [*.yaml,*.yml,*.json]) - --local-repo-root string Path to the repository root. Used together with --local allows setting the repository root (default "/") - --refresh Refresh application data when retrieving - --revision string Compare live app to a particular revision - --revisions stringArray Show manifests at specific revisions for source position in source-positions - --server-side-generate Used with --local, this will send your manifests to the server for diffing - --source-positions int64Slice List of source positions. Default is empty array. Counting start at 1. (default []) + -N, --app-namespace string Only render the difference in namespace + --exit-code Return non-zero exit code when there is a diff (default true) + --hard-refresh Refresh application data as well as target manifests cache + -h, --help help for diff + --ignore-normalizer-jq-execution-timeout duration Set ignore normalizer JQ execution timeout (default 1s) + --local string Compare live app to a local manifests + --local-include stringArray Used with --server-side-generate, specify patterns of filenames to send. Matching is based on filename and not path. (default [*.yaml,*.yml,*.json]) + --local-repo-root string Path to the repository root. Used together with --local allows setting the repository root (default "/") + --refresh Refresh application data when retrieving + --revision string Compare live app to a particular revision + --revisions stringArray Show manifests at specific revisions for source position in source-positions + --server-side-generate Used with --local, this will send your manifests to the server for diffing + --source-positions int64Slice List of source positions. Default is empty array. Counting start at 1. (default []) ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_app_sync.md b/docs/user-guide/commands/argocd_app_sync.md index a0a8f8459eeaa..1dc6f48bd16ba 100644 --- a/docs/user-guide/commands/argocd_app_sync.md +++ b/docs/user-guide/commands/argocd_app_sync.md @@ -24,6 +24,9 @@ argocd app sync [APPNAME... | -l selector | --project project-name] [flags] argocd app sync -l '!app.kubernetes.io/instance' argocd app sync -l 'app.kubernetes.io/instance notin (my-app,other-app)' + # Sync a multi-source application for specific revision of specific sources + argocd app manifests my-app --revisions 0.0.1 --source-positions 1 --revisions 0.0.2 --source-positions 2 + # Sync a specific resource # Resource should be formatted as GROUP:KIND:NAME. If no GROUP is specified then :KIND:NAME argocd app sync my-app --resource :Service:my-service @@ -38,32 +41,35 @@ argocd app sync [APPNAME... | -l selector | --project project-name] [flags] ### Options ``` - -N, --app-namespace string Only sync an application in namespace - --apply-out-of-sync-only Sync only out-of-sync resources - --assumeYes Assume yes as answer for all user queries or prompts - --async Do not wait for application to sync before continuing - --dry-run Preview apply without affecting cluster - --force Use a force apply - -h, --help help for sync - --info stringArray A list of key-value pairs during sync process. These infos will be persisted in app. - --label stringArray Sync only specific resources with a label. This option may be specified repeatedly. - --local string Path to a local directory. When this flag is present no git queries will be made - --local-repo-root string Path to the repository root. Used together with --local allows setting the repository root (default "/") - -o, --output string Output format. One of: json|yaml|wide|tree|tree=detailed (default "wide") - --preview-changes Preview difference against the target and live state before syncing app and wait for user confirmation - --project stringArray Sync apps that belong to the specified projects. This option may be specified repeatedly. - --prune Allow deleting unexpected resources - --replace Use a kubectl create/replace instead apply - --resource stringArray Sync only specific resources as GROUP:KIND:NAME or !GROUP:KIND:NAME. Fields may be blank and '*' can be used. This option may be specified repeatedly - --retry-backoff-duration duration Retry backoff base duration. Input needs to be a duration (e.g. 2m, 1h) (default 5s) - --retry-backoff-factor int Factor multiplies the base duration after each failed retry (default 2) - --retry-backoff-max-duration duration Max retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s) - --retry-limit int Max number of allowed sync retries - --revision string Sync to a specific revision. Preserves parameter overrides - -l, --selector string Sync apps that match this label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints. - --server-side Use server-side apply while syncing the application - --strategy string Sync strategy (one of: apply|hook) - --timeout uint Time out after this many seconds + -N, --app-namespace string Only sync an application in namespace + --apply-out-of-sync-only Sync only out-of-sync resources + --assumeYes Assume yes as answer for all user queries or prompts + --async Do not wait for application to sync before continuing + --dry-run Preview apply without affecting cluster + --force Use a force apply + -h, --help help for sync + --ignore-normalizer-jq-execution-timeout duration Set ignore normalizer JQ execution timeout (default 1s) + --info stringArray A list of key-value pairs during sync process. These infos will be persisted in app. + --label stringArray Sync only specific resources with a label. This option may be specified repeatedly. + --local string Path to a local directory. When this flag is present no git queries will be made + --local-repo-root string Path to the repository root. Used together with --local allows setting the repository root (default "/") + -o, --output string Output format. One of: json|yaml|wide|tree|tree=detailed (default "wide") + --preview-changes Preview difference against the target and live state before syncing app and wait for user confirmation + --project stringArray Sync apps that belong to the specified projects. This option may be specified repeatedly. + --prune Allow deleting unexpected resources + --replace Use a kubectl create/replace instead apply + --resource stringArray Sync only specific resources as GROUP:KIND:NAME or !GROUP:KIND:NAME. Fields may be blank and '*' can be used. This option may be specified repeatedly + --retry-backoff-duration duration Retry backoff base duration. Input needs to be a duration (e.g. 2m, 1h) (default 5s) + --retry-backoff-factor int Factor multiplies the base duration after each failed retry (default 2) + --retry-backoff-max-duration duration Max retry backoff duration. Input needs to be a duration (e.g. 2m, 1h) (default 3m0s) + --retry-limit int Max number of allowed sync retries + --revision string Sync to a specific revision. Preserves parameter overrides + --revisions stringArray Show manifests at specific revisions for source position in source-positions + -l, --selector string Sync apps that match this label. Supports '=', '==', '!=', in, notin, exists & not exists. Matching apps must satisfy all of the specified label constraints. + --server-side Use server-side apply while syncing the application + --source-positions int64Slice List of source positions. Default is empty array. Counting start at 1. (default []) + --strategy string Sync strategy (one of: apply|hook) + --timeout uint Time out after this many seconds ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_cluster_list.md b/docs/user-guide/commands/argocd_cluster_list.md index 9779a4fb8af0b..3e03f1581648f 100644 --- a/docs/user-guide/commands/argocd_cluster_list.md +++ b/docs/user-guide/commands/argocd_cluster_list.md @@ -15,7 +15,7 @@ argocd cluster list [flags] # List Clusters in Default "Wide" Format argocd cluster list -# List Cluster via specifing the server +# List Cluster via specifying the server argocd cluster list --server # List Clusters in JSON Format diff --git a/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md b/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md index e3b84ac38cc0e..3f01015395f1b 100644 --- a/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md +++ b/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md @@ -19,7 +19,7 @@ argocd proj windows disable-manual-sync PROJECT ID [flags] #Disable manual sync for a sync window for the Project argocd proj windows disable-manual-sync PROJECT ID -#Disbaling manual sync for a windows set on the default project with Id 0 +#Disabling manual sync for a windows set on the default project with Id 0 argocd proj windows disable-manual-sync default 0 ``` diff --git a/docs/user-guide/diff-strategies.md b/docs/user-guide/diff-strategies.md index 2890fe64cbb0e..ffd09660696ac 100644 --- a/docs/user-guide/diff-strategies.md +++ b/docs/user-guide/diff-strategies.md @@ -114,7 +114,7 @@ metadata: ... ``` -Note: This annoation is only effective when Server-Side Diff is +Note: This annotation is only effective when Server-Side Diff is enabled. To enable both options for a given application add the following annotation in the Argo CD Application resource: diff --git a/docs/user-guide/diffing.md b/docs/user-guide/diffing.md index 61f799e514d6a..95fe7f0ace3ac 100644 --- a/docs/user-guide/diffing.md +++ b/docs/user-guide/diffing.md @@ -68,7 +68,7 @@ spec: The above configuration will ignore differences from all fields owned by `kube-controller-manager` for all resources belonging to this application. -If you have a slash `/` in your pointer path, you can use the `~1` character. For example: +If you have a slash `/` in your pointer path, you need to replace it with the `~1` character. For example: ```yaml spec: @@ -185,3 +185,16 @@ The list of supported Kubernetes types is available in [diffing_known_types.txt] * `core/Quantity` * `meta/v1/duration` + + +### JQ Path expression timeout + +By default, the evaluation of a JQPathExpression is limited to one second. If you encounter a "JQ patch execution timed out" error message due to a complex JQPathExpression that requires more time to evaluate, you can extend the timeout period by configuring the `ignore.normalizer.jq.timeout` setting within the `argocd-cmd-params-cm` ConfigMap. + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cmd-params-cm +data: + ignore.normalizer.jq.timeout: "5s" diff --git a/docs/user-guide/helm.md b/docs/user-guide/helm.md index c3b6aa0c6e8fa..3b5a5de0dc262 100644 --- a/docs/user-guide/helm.md +++ b/docs/user-guide/helm.md @@ -72,6 +72,22 @@ source: - values-production.yaml ``` +If Helm is passed a non-existing value file during template expansion, it will error out. Missing +values files can be ignored (meaning, not passed to Helm) using the `--ignore-missing-value-files`. This can be +particularly helpful to implement a [default/override +pattern](https://github.com/argoproj/argo-cd/issues/7767#issue-1060611415) with [Application +Sets](./application-set.md). + +In the declarative syntax: +```yaml +source: + helm: + valueFiles: + - values-common.yaml + - values-optional-override.yaml + ignoreMissingValueFiles: true +``` + ## Values Argo CD supports the equivalent of a values file directly in the Application manifest using the `source.helm.valuesObject` key. @@ -201,6 +217,28 @@ the result will be param1=value5 The list of parameters seen in the ui is not what is used for resources, rather it is the values/valuesObject merged with parameters (see [this issue](https://github.com/argoproj/argo-cd/issues/9213) incase it has been resolved) As a workaround using parameters instead of values/valuesObject will provide a better overview of what will be used for resources +## Helm --set-file support + +The `--set-file` argument to helm can be used with the following syntax on +the cli: + +```bash +argocd app set helm-guestbook --helm-set-file some.key=path/to/file.ext +``` + +or using the fileParameters for yaml: + +```yaml +source: + helm: + fileParameters: + - name: some.key + value: path/to/file.ext +``` + +!!! warning "Reference in multiple sources not supported" + Please note that using a multiple sources application will not let you load the file by reference. See [argoproj/argo-cd#13220](https://github.com/argoproj/argo-cd/issues/13220) + ## Helm Release Name By default, the Helm release name is equal to the Application name to which it belongs. Sometimes, especially on a centralised Argo CD, diff --git a/docs/user-guide/kustomize.md b/docs/user-guide/kustomize.md index 1aa876fb74224..28dfaebd28f25 100644 --- a/docs/user-guide/kustomize.md +++ b/docs/user-guide/kustomize.md @@ -1,5 +1,26 @@ # Kustomize +## Declarative + +You can define a Kustomize application manifest in the declarative GitOps way. Here is an example: + +```yaml +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kustomize-example +spec: + project: default + source: + path: examples/helloWorld + repoURL: 'https://github.com/kubernetes-sigs/kustomize' + targetRevision: HEAD + destination: + namespace: default + server: 'https://kubernetes.default.svc' + +If the `kustomization.yaml` file exists at the location pointed to by `repoURL` and `path`, Argo CD will render the manifests using Kustomize. + The following configuration options are available for Kustomize: * `namePrefix` is a prefix appended to resources for Kustomize apps @@ -212,7 +233,7 @@ argocd app set --kustomize-version v3.5.4 ## Build Environment -Kustomize apps have access to the [standard build environment](build-environment.md) which can be used in combination with a [config managment plugin](../operator-manual/config-management-plugins.md) to alter the rendered manifests. +Kustomize apps have access to the [standard build environment](build-environment.md) which can be used in combination with a [config management plugin](../operator-manual/config-management-plugins.md) to alter the rendered manifests. You can use these build environment variables in your Argo CD Application manifests. You can enable this by setting `.spec.source.kustomize.commonAnnotationsEnvsubst` to `true` in your Application manifest. diff --git a/docs/user-guide/status-badge.md b/docs/user-guide/status-badge.md index 3363227997309..a933a751d2550 100644 --- a/docs/user-guide/status-badge.md +++ b/docs/user-guide/status-badge.md @@ -14,7 +14,45 @@ The URLs for status image are available on application details page: for the status image URL in markdown, html, etc are available . 4. Copy the text and paste it into your README or website. -The application name may optionally be displayed in the status badge by adding the `?showAppName=true` query parameter. +## Additional query parameters options +### showAppName +Display the application name in the status badge. -For example, `${argoCdBaseUrl}/api/badge?name=${appName}&showAppName=true`. -To remove the application name from the badge, remove the query parameter from the URL or set it to `false`. \ No newline at end of file +Available values: `true/false` + +Default value: `false` + +Example: `&showAppName=true` + +### revision +Display revision targeted by the application. + +It will also extend the badge width to 192px. + +Available values: `true/false` + +Default value: `false` + +Example: `&revision=true` +### keepFullRevision +By default, displayed revision is truncated to 7 characters. + +This parameter allows to display it fully if it exceeds that length. + +It will also extend the badge width to 400px. + +Available values: `true/false` + +Default value: `false` + +Example: `&keepFullRevision=true` +### width +Change width of the badge. + +Completely replace current calculated width. + +Available values: `integer` + +Default value: `nil` + +Example: `&width=500` \ No newline at end of file diff --git a/docs/user-guide/sync-kubectl.md b/docs/user-guide/sync-kubectl.md index 100ec2cdf70b1..53700afed4f67 100644 --- a/docs/user-guide/sync-kubectl.md +++ b/docs/user-guide/sync-kubectl.md @@ -38,7 +38,7 @@ operation: username: sync: syncStrategy: - hook: {} + hook: {} ``` ```bash diff --git a/docs/user-guide/sync-options.md b/docs/user-guide/sync-options.md index a563821967d04..99f5eba6b85de 100644 --- a/docs/user-guide/sync-options.md +++ b/docs/user-guide/sync-options.md @@ -165,6 +165,21 @@ metadata: argocd.argoproj.io/sync-options: Replace=true ``` +## Force Sync + +For certain resources you might want to delete and recreate. e.g. job resources that should run every time when syncing. + +!!! warning + During the sync process, the resources will be synchronized using the 'kubectl delete/create' command. + This sync option has a destructive action, which could cause an outage for your application. + +In such cases you might use `Force=true` sync option in target resources annotation: +```yaml +metadata: + annotations: + argocd.argoproj.io/sync-options: Force=true,Replace=true +``` + ## Server-Side Apply This option enables Kubernetes diff --git a/go.mod b/go.mod index 45978fcce9ecd..c6e1bb004bf7c 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.21 toolchain go1.21.0 require ( - code.gitea.io/sdk/gitea v0.15.1 + code.gitea.io/sdk/gitea v0.18.0 github.com/Azure/kubelogin v0.0.20 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible github.com/Masterminds/semver/v3 v3.2.1 @@ -13,8 +13,8 @@ require ( github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d github.com/alicebob/miniredis/v2 v2.30.4 github.com/antonmedv/expr v1.15.2 - github.com/argoproj/gitops-engine v0.7.1-0.20240124052710-5fd9f449e757 - github.com/argoproj/notifications-engine v0.4.1-0.20240206192038-2daee6022f41 + github.com/argoproj/gitops-engine v0.7.1-0.20240514190100-8a3ce6d85caa + github.com/argoproj/notifications-engine v0.4.1-0.20240403133627-f48567108f01 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 github.com/aws/aws-sdk-go v1.50.8 github.com/bmatcuk/doublestar/v4 v4.6.0 @@ -22,16 +22,17 @@ require ( github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 github.com/casbin/casbin/v2 v2.77.2 github.com/cespare/xxhash/v2 v2.2.0 + github.com/chainguard-dev/git-urls v1.0.2 github.com/coreos/go-oidc/v3 v3.6.0 github.com/cyphar/filepath-securejoin v0.2.4 github.com/dustin/go-humanize v1.0.1 github.com/evanphx/json-patch v5.9.0+incompatible github.com/felixge/httpsnoop v1.0.3 - github.com/fsnotify/fsnotify v1.6.0 + github.com/fsnotify/fsnotify v1.7.0 github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e github.com/go-git/go-git/v5 v5.11.0 github.com/go-jose/go-jose/v3 v3.0.3 - github.com/go-logr/logr v1.3.0 + github.com/go-logr/logr v1.4.1 github.com/go-openapi/loads v0.21.2 github.com/go-openapi/runtime v0.26.0 github.com/go-playground/webhooks/v6 v6.3.0 @@ -64,7 +65,7 @@ require ( github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 github.com/olekukonko/tablewriter v0.0.5 github.com/patrickmn/go-cache v2.1.0+incompatible - github.com/prometheus/client_golang v1.16.0 + github.com/prometheus/client_golang v1.18.0 github.com/r3labs/diff v1.1.0 github.com/redis/go-redis/v9 v9.0.5 github.com/robfig/cron/v3 v3.0.1 @@ -75,38 +76,39 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.4 github.com/valyala/fasttemplate v1.2.2 - github.com/whilp/git-urls v1.0.0 github.com/xanzy/go-gitlab v0.91.1 github.com/yuin/gopher-lua v1.1.0 - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 go.opentelemetry.io/otel v1.21.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 go.opentelemetry.io/otel/sdk v1.21.0 - golang.org/x/crypto v0.19.0 + golang.org/x/crypto v0.23.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 - golang.org/x/oauth2 v0.11.0 - golang.org/x/sync v0.3.0 - golang.org/x/term v0.17.0 + golang.org/x/net v0.25.0 + golang.org/x/oauth2 v0.12.0 + golang.org/x/sync v0.5.0 + golang.org/x/term v0.20.0 + golang.org/x/time v0.5.0 google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d google.golang.org/grpc v1.59.0 google.golang.org/protobuf v1.33.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.26.11 - k8s.io/apiextensions-apiserver v0.26.10 - k8s.io/apimachinery v0.26.11 - k8s.io/apiserver v0.26.11 - k8s.io/client-go v0.26.11 - k8s.io/code-generator v0.26.11 - k8s.io/klog/v2 v2.100.1 - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f - k8s.io/kubectl v0.26.4 - k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 + k8s.io/api v0.29.2 + k8s.io/apiextensions-apiserver v0.29.2 + k8s.io/apimachinery v0.29.2 + k8s.io/apiserver v0.29.2 + k8s.io/client-go v0.29.2 + k8s.io/code-generator v0.29.2 + k8s.io/klog/v2 v2.110.1 + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 + k8s.io/kubectl v0.29.2 + k8s.io/utils v0.0.0-20230726121419-3b25d923346b layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 oras.land/oras-go/v2 v2.3.0 - sigs.k8s.io/controller-runtime v0.14.7 + sigs.k8s.io/controller-runtime v0.17.2 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 - sigs.k8s.io/yaml v1.3.0 + sigs.k8s.io/yaml v1.4.0 ) require ( @@ -129,16 +131,27 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect github.com/aws/smithy-go v1.19.0 // indirect + github.com/davidmz/go-pageant v1.0.2 // indirect + github.com/distribution/reference v0.5.0 // indirect + github.com/go-fed/httpsig v1.1.0 // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect - github.com/google/s2a-go v0.1.4 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/s2a-go v0.1.7 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect github.com/googleapis/gax-go/v2 v2.12.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect + github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect + github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect github.com/tidwall/gjson v1.14.4 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.0 // indirect go.opencensus.io v0.24.0 // indirect + go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect + golang.org/x/mod v0.14.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect + golang.org/x/tools v0.16.1 // indirect google.golang.org/api v0.132.0 // indirect google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect @@ -152,8 +165,8 @@ require ( cloud.google.com/go/compute/metadata v0.2.3 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.27 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect + github.com/Azure/go-autorest/autorest v0.11.29 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect @@ -174,13 +187,12 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/emicklei/go-restful/v3 v3.9.0 // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect - github.com/evanphx/json-patch/v5 v5.6.0 // indirect + github.com/evanphx/json-patch/v5 v5.8.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/camelcase v1.0.0 // indirect - github.com/fvbommel/sortorder v1.0.1 // indirect + github.com/fvbommel/sortorder v1.1.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect @@ -189,7 +201,7 @@ require ( github.com/go-openapi/analysis v0.21.4 // indirect github.com/go-openapi/errors v0.20.3 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.1 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/spec v0.20.8 // indirect github.com/go-openapi/strfmt v0.21.7 // indirect github.com/go-openapi/swag v0.22.3 // indirect @@ -198,7 +210,6 @@ require ( github.com/golang/glog v1.1.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/gnostic v0.6.9 // indirect github.com/google/go-github/v41 v41.0.0 // indirect github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect @@ -208,7 +219,7 @@ require ( github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-version v1.2.1 // indirect + github.com/hashicorp/go-version v1.6.0 // indirect github.com/huandu/xstrings v1.3.3 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect @@ -223,13 +234,12 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/malexdev/utfutil v0.0.0-20180510171754-00c8d4a8e7a8 // indirect github.com/mattn/go-runewidth v0.0.14 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect - github.com/mitchellh/go-wordwrap v1.0.0 // indirect + github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.0 // indirect github.com/moby/spdystream v0.2.0 // indirect - github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae // indirect + github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect @@ -242,99 +252,92 @@ require ( github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/client_model v0.3.0 - github.com/prometheus/common v0.42.0 // indirect - github.com/prometheus/procfs v0.10.1 // indirect + github.com/prometheus/client_model v0.5.0 + github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/rs/cors v1.9.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect - github.com/skeema/knownhosts v1.2.1 // indirect + github.com/skeema/knownhosts v1.2.2 // indirect github.com/slack-go/slack v0.12.2 // indirect - github.com/spf13/cast v1.5.1 // indirect + github.com/spf13/cast v1.6.0 // indirect github.com/stretchr/objx v0.5.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/vmihailenco/go-tinylfu v0.2.2 // indirect github.com/vmihailenco/msgpack/v5 v5.3.4 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect - github.com/xlab/treeprint v1.1.0 // indirect + github.com/xlab/treeprint v1.2.0 // indirect go.mongodb.org/mongo-driver v1.11.3 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect go.opentelemetry.io/otel/metric v1.21.0 // indirect go.opentelemetry.io/otel/trace v1.21.0 // indirect go.opentelemetry.io/proto/otlp v1.0.0 // indirect - go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect - golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.19.0 - golang.org/x/sys v0.17.0 // indirect - golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.3.0 - golang.org/x/tools v0.13.0 // indirect gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect - gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect gomodules.xyz/notify v0.1.1 // indirect google.golang.org/appengine v1.6.7 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - k8s.io/cli-runtime v0.26.11 // indirect - k8s.io/component-base v0.26.11 // indirect - k8s.io/component-helpers v0.26.11 // indirect - k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect - k8s.io/kube-aggregator v0.26.4 // indirect - k8s.io/kubernetes v1.26.11 // indirect + k8s.io/cli-runtime v0.29.2 // indirect + k8s.io/component-base v0.29.2 // indirect + k8s.io/component-helpers v0.29.2 // indirect + k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect + k8s.io/kube-aggregator v0.29.2 // indirect + k8s.io/kubernetes v1.29.2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.12.1 // indirect - sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect + sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect ) replace ( // https://github.com/golang/go/issues/33546#issuecomment-519656923 github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127 + github.com/go-telegram-bot-api/telegram-bot-api/v5 => github.com/OvyFlash/telegram-bot-api/v5 v5.0.0-20240108230938-63e5c59035bf + github.com/golang/protobuf => github.com/golang/protobuf v1.5.4 github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0 - // Avoid CVE-2023-46402 - github.com/whilp/git-urls => github.com/chainguard-dev/git-urls v1.0.2 - // Avoid CVE-2022-3064 gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.4.0 // Avoid CVE-2022-28948 gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1 - k8s.io/api => k8s.io/api v0.26.11 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.11 - k8s.io/apimachinery => k8s.io/apimachinery v0.26.11 - k8s.io/apiserver => k8s.io/apiserver v0.26.11 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.11 - k8s.io/client-go => k8s.io/client-go v0.26.11 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.11 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.11 - k8s.io/code-generator => k8s.io/code-generator v0.26.11 - k8s.io/component-base => k8s.io/component-base v0.26.11 - k8s.io/component-helpers => k8s.io/component-helpers v0.26.11 - k8s.io/controller-manager => k8s.io/controller-manager v0.26.11 - k8s.io/cri-api => k8s.io/cri-api v0.26.11 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.11 - k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.26.11 - k8s.io/kms => k8s.io/kms v0.26.11 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.11 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.11 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.11 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.11 - k8s.io/kubectl => k8s.io/kubectl v0.26.11 - k8s.io/kubelet => k8s.io/kubelet v0.26.11 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.11 - k8s.io/metrics => k8s.io/metrics v0.26.11 - k8s.io/mount-utils => k8s.io/mount-utils v0.26.11 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.11 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.11 - k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.11 - k8s.io/sample-controller => k8s.io/sample-controller v0.26.11 + k8s.io/api => k8s.io/api v0.29.2 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.29.2 + k8s.io/apimachinery => k8s.io/apimachinery v0.29.2 + k8s.io/apiserver => k8s.io/apiserver v0.29.2 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.29.2 + k8s.io/client-go => k8s.io/client-go v0.29.2 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.29.2 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.29.2 + k8s.io/code-generator => k8s.io/code-generator v0.29.2 + k8s.io/component-base => k8s.io/component-base v0.29.2 + k8s.io/component-helpers => k8s.io/component-helpers v0.29.2 + k8s.io/controller-manager => k8s.io/controller-manager v0.29.2 + k8s.io/cri-api => k8s.io/cri-api v0.29.2 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.29.2 + k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.29.2 + k8s.io/endpointslice => k8s.io/endpointslice v0.29.2 + k8s.io/kms => k8s.io/kms v0.29.2 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.29.2 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.29.2 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.29.2 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.29.2 + k8s.io/kubectl => k8s.io/kubectl v0.29.2 + k8s.io/kubelet => k8s.io/kubelet v0.29.2 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.29.2 + k8s.io/metrics => k8s.io/metrics v0.29.2 + k8s.io/mount-utils => k8s.io/mount-utils v0.29.2 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.29.2 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.29.2 + k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.29.2 + k8s.io/sample-controller => k8s.io/sample-controller v0.29.2 ) diff --git a/go.sum b/go.sum index c2a6a79caf2dc..c9209abedde49 100644 --- a/go.sum +++ b/go.sum @@ -597,9 +597,8 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= -code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= -code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M= -code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA= +code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI= +code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= @@ -615,11 +614,11 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOEl github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= -github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= -github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= -github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= +github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= +github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= +github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= +github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8= +github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= @@ -654,6 +653,8 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/OvyFlash/telegram-bot-api/v5 v5.0.0-20240108230938-63e5c59035bf h1:a7VKhbjKYPO8twGy/1AxMpM2Fp0qT7bf25fmCVMVu4s= +github.com/OvyFlash/telegram-bot-api/v5 v5.0.0-20240108230938-63e5c59035bf/go.mod h1:A2S0CWkNylc2phvKXWBBdD3K0iGnDBGbzRpISP2zBl8= github.com/PagerDuty/go-pagerduty v1.7.0 h1:S1NcMKECxT5hJwV4VT+QzeSsSiv4oWl1s2821dUqG/8= github.com/PagerDuty/go-pagerduty v1.7.0/go.mod h1:PuFyJKRz1liIAH4h5KVXVD18Obpp1ZXRdxHvmGXooro= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= @@ -694,10 +695,10 @@ github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= -github.com/argoproj/gitops-engine v0.7.1-0.20240124052710-5fd9f449e757 h1:5fKAhTQcTBom0vin56cz/UTPx2GMuvdb+lJRAUOPbHA= -github.com/argoproj/gitops-engine v0.7.1-0.20240124052710-5fd9f449e757/go.mod h1:gWE8uROi7hIkWGNAVM+8FWkMfo0vZ03SLx/aFw/DBzg= -github.com/argoproj/notifications-engine v0.4.1-0.20240206192038-2daee6022f41 h1:PQE8LbcbRHdtnQzeEWwVU2QHXACKOA30yS3No5HSoTQ= -github.com/argoproj/notifications-engine v0.4.1-0.20240206192038-2daee6022f41/go.mod h1:TsyusmXQWIL0ST7YMRG/ered7WlWDmbmnPpXnS2LJmM= +github.com/argoproj/gitops-engine v0.7.1-0.20240514190100-8a3ce6d85caa h1:RcIYoAbkaGA7yzpY1YItaTLgKYABDfkITyQ4jUl3Y6c= +github.com/argoproj/gitops-engine v0.7.1-0.20240514190100-8a3ce6d85caa/go.mod h1:Vet2xN0akQpggQJZGmThA8Lozpn26RLagZFmLXw/oSI= +github.com/argoproj/notifications-engine v0.4.1-0.20240403133627-f48567108f01 h1:/V8+HM0VPPTrdjTwUrkIj5a+SjaU//tJwfIXJ1QAOvg= +github.com/argoproj/notifications-engine v0.4.1-0.20240403133627-f48567108f01/go.mod h1:N0A4sEws2soZjEpY4hgZpQS8mRIEw6otzwfkgc3g9uQ= github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 h1:qsHwwOJ21K2Ao0xPju1sNuqphyMnMYkyB3ZLoLtxWpo= github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1/go.mod h1:CZHlkyAD1/+FbEn6cB2DQTj48IoLGvEYsWEvtzP3238= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -765,7 +766,6 @@ github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao= github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w= github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= -github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= @@ -825,23 +825,25 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHH github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= +github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0= +github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE= github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ= github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f h1:U5y3Y5UE0w7amNe7Z5G/twsBW0KEalRQXZzf8ufSh9I= github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= +github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= +github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= @@ -851,12 +853,11 @@ github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5m github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= -github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= @@ -877,12 +878,11 @@ github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0+ github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= -github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= -github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= +github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= +github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64= @@ -894,20 +894,19 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.2.2/go.mod h1:Qh/WofXFeiAFII1aEBu529AtJo6Zg2VHscnEsbBnJ20= -github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= -github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/fvbommel/sortorder v1.0.1 h1:dSnXLt4mJYH25uDDGa3biZNQsozaUWDSWeKJ0qqFfzE= -github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw= +github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e h1:C3DkNr9pxqXqCrmRHO7s3XgZS3zpi9GEA01GuWZODfo= github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e/go.mod h1:LB3osS9X2JMYmTzcCArHHLrndBAfcVLQAvUddfs+ONs= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= @@ -920,6 +919,8 @@ github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= +github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI= +github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM= github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= @@ -954,12 +955,14 @@ github.com/go-logr/logr v1.0.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= -github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY= github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc= github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo= @@ -972,11 +975,11 @@ github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= -github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= @@ -992,7 +995,6 @@ github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqb github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k= github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= @@ -1015,8 +1017,8 @@ github.com/go-redis/cache/v9 v9.0.0/go.mod h1:cMwi1N8ASBOufbIvk7cdXe2PbPjK/WMRL9 github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 h1:wG8n/XJQ07TmjbITcGiUaOtXxdrINDz1b0J1w0SzqDc= -github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1/go.mod h1:A2S0CWkNylc2phvKXWBBdD3K0iGnDBGbzRpISP2zBl8= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= @@ -1064,7 +1066,6 @@ github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= @@ -1102,9 +1103,8 @@ github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= -github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= -github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.2.1-0.20190312032427-6f77996f0c42/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -1158,12 +1158,14 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= -github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= +github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= +github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -1253,8 +1255,8 @@ github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdv github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= -github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= +github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -1289,7 +1291,6 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jeremywohl/flatten v1.0.1 h1:LrsxmB3hfwJuE+ptGOijix1PIfOoKLJ3Uee/mzbgtrs= github.com/jeremywohl/flatten v1.0.1/go.mod h1:4AmD/VxjWcI5SRB0n6szE2A6s2fsNHDLO0nAlMHgfLQ= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= @@ -1397,8 +1398,8 @@ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4 github.com/mattn/go-zglob v0.0.4 h1:LQi2iOm0/fGgu80AioIJ/1j9w9Oh+9DZ39J4VAGzHQM= github.com/mattn/go-zglob v0.0.4/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHSH/GzLMJeu5zhYVZSx5RQxGKm1h96s= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -1412,8 +1413,8 @@ github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMK github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= -github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= +github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= @@ -1426,8 +1427,8 @@ github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/I github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae h1:O4SWKdcHVCvYqyDV+9CJA1fcDN2L11Bule0iFy3YlAI= -github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= +github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= +github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1447,6 +1448,7 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/grpc-proxy v0.0.0-20181017164139-0f1106ef9c76/go.mod h1:x5OoJHDHqxHS801UIuhqGl6QdSAEJvtausosHSdazIo= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= @@ -1483,8 +1485,17 @@ github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7 github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/ginkgo/v2 v2.5.0/go.mod h1:Luc4sArBICYCS8THh8v3i3i5CuSZO+RaQRaJoeNwomw= -github.com/onsi/ginkgo/v2 v2.7.0 h1:/XxtEV3I3Eif/HobnVx9YmJgk8ENdRsuUmM+fLCFNow= github.com/onsi/ginkgo/v2 v2.7.0/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= +github.com/onsi/ginkgo/v2 v2.8.1/go.mod h1:N1/NbDngAFcSLdyZ+/aYTYGSlq9qMCS/cNKGJjy+csc= +github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxmrTcxyk= +github.com/onsi/ginkgo/v2 v2.9.1/go.mod h1:FEcmzVcCHl+4o9bQZVab+4dC9+j+91t2FHSzmGAPfuo= +github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= +github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= +github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= +github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= +github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= +github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= +github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= @@ -1495,12 +1506,20 @@ github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9 github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= -github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= github.com/onsi/gomega v1.24.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM= github.com/onsi/gomega v1.25.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= -github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= +github.com/onsi/gomega v1.26.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= +github.com/onsi/gomega v1.27.1/go.mod h1:aHX5xOykVYzWOV4WqQy0sy8BQptgukenXpCXfadcIAw= +github.com/onsi/gomega v1.27.3/go.mod h1:5vG284IBtfDAmDyrK+eGyZmUgUlmi+Wngqo557cZ6Gw= +github.com/onsi/gomega v1.27.4/go.mod h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ= +github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= +github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4= +github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= +github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= @@ -1552,31 +1571,32 @@ github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= +github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= +github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= -github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= +github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= +github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.3.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= -github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/r3labs/diff v1.1.0 h1:V53xhrbTHrWFWq3gI4b94AjgEJOerO1+1l0xyHOBi8M= github.com/r3labs/diff v1.1.0/go.mod h1:7WjXasNzi0vJetRcB/RqNl5dlIsmXcTTLmF5IoH6Xig= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= @@ -1597,6 +1617,7 @@ github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= @@ -1626,8 +1647,8 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= -github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= +github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= +github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c h1:fyKiXKO1/I/B6Y2U8T7WdQGWzwehOuGIrljPtt7YTTI= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= github.com/slack-go/slack v0.12.2 h1:x3OppyMyGIbbiyFhsBmpf9pwkUzMhthJMRNmNlA4LaQ= @@ -1647,8 +1668,8 @@ github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY52 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= -github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= +github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= +github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= @@ -1657,7 +1678,6 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= @@ -1675,6 +1695,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM= @@ -1710,12 +1731,9 @@ github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+ github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= -github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= +github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= +github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1746,8 +1764,8 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 h1:ZOLJc06r4CB42laIXg/7udr0pbZyuAihN10A/XuiQRY= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0/go.mod h1:5z+/ZWJQKXa9YT34fQNx5K8Hd1EoIhvtUygUQPqEOgQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 h1:SpGay3w+nEwMpfVnbqOLH5gY52/foP8RE8UzTZ1pdSE= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE= go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw= @@ -1765,26 +1783,26 @@ go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= -go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd h1:Uo/x0Ir5vQJ+683GXB9Ug+4fcjsbp7z7Ul8UaZbhsRM= -go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0= +go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= +go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= -go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= -go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= +go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= +go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -1799,23 +1817,28 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= +golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1878,8 +1901,10 @@ golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= +golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1900,7 +1925,6 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -1958,11 +1982,13 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1993,8 +2019,10 @@ golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= +golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= +golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= +golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2013,8 +2041,9 @@ golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2121,7 +2150,6 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2131,13 +2159,17 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= @@ -2147,11 +2179,14 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= +golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2169,18 +2204,21 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -2201,7 +2239,6 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -2228,7 +2265,6 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -2262,8 +2298,12 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= -golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= +golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2274,8 +2314,8 @@ golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNq golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 h1:juzzlx91nWAOsHuOVfXZPMXHtJEKouZvY9bBbwlOeYs= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45/go.mod h1:41y72mzHT7+jFNgyBpJRrZWuZJcLmLrTpq6iGgOFJMQ= -gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= -gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= gomodules.xyz/notify v0.1.1 h1:1tTuoyswmPvzqPCTEDQK8SZ3ukCxLsonAAwst2+y1a0= gomodules.xyz/notify v0.1.1/go.mod h1:QgQyU4xEA/plJcDeT66J2Go2V7U4c0pD9wjo7HfFil4= gomodules.xyz/version v0.1.0/go.mod h1:Y8xuV02mL/45psyPKG3NCVOwvAOy6T5Kx0l3rCjKSjU= @@ -2393,7 +2433,6 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -2427,7 +2466,6 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= @@ -2607,9 +2645,6 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= -gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -2619,48 +2654,45 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= -k8s.io/api v0.26.11 h1:hLhTZRdYc3vBBOY4wbEyTLWgMyieOAk2Ws9NG57QqO4= -k8s.io/api v0.26.11/go.mod h1:bSr/A0TKRt5W2OMDdexkM/ER1NxOxiQqNNFXW2nMZrM= -k8s.io/apiextensions-apiserver v0.26.11 h1:6/T0Jm9c+Aw1AYUflPOz2sAsty304/DDSkciTr8+HuE= -k8s.io/apiextensions-apiserver v0.26.11/go.mod h1:xMqWxAB+AvSTdmFRVWlpavY9bJl/3g6yWiPn/fwZbT0= -k8s.io/apimachinery v0.26.11 h1:w//840HHdwSRKqD15j9YX9HLlU6RPlfrvW0xEhLk2+0= -k8s.io/apimachinery v0.26.11/go.mod h1:2/HZp0l6coXtS26du1Bk36fCuAEr/lVs9Q9NbpBtd1Y= -k8s.io/apiserver v0.26.11 h1:JcrlATLu5xQVLV7/rfRFFl9ivvNLmZH0dM3DFFdFp+w= -k8s.io/apiserver v0.26.11/go.mod h1:htEG/Q3sI3+6Is3Z26QzBjaCGICsz/kFj+IhIP4oJuE= -k8s.io/cli-runtime v0.26.11 h1:HO3Sgf06XkT8/8wWnhskfz4+LMKrChRz+A13vDJSQrE= -k8s.io/cli-runtime v0.26.11/go.mod h1:D98GjQtDmqn7WDuKBgWivd6R8qEs3yzT19EmCM5pqBs= -k8s.io/client-go v0.26.11 h1:RjfZr5+vQjjTRmk4oCqHyC0cgrZXPjw+X+ge35sk4GI= -k8s.io/client-go v0.26.11/go.mod h1:+emNszw9va/uRJIM5ALTBtFnlZMTjwBrNjRfEh0iuw8= -k8s.io/code-generator v0.26.11 h1:S0PJxapUhG6LWYezYB/FVE5Gf4BxGY0fCwnLrwfQ/70= -k8s.io/code-generator v0.26.11/go.mod h1:Hjxj7hpvSxcNnYIWzCSuEdwN0/9aHlezQRKJXr0Kv8U= -k8s.io/component-base v0.26.11 h1:1/JmB6fexefGByfFyIK6aHksZZVtaDskttzXOzmZ6zA= -k8s.io/component-base v0.26.11/go.mod h1:jYNisnoM6iWFRUg51pxaQabzL5fBYTr5CMpsLjUYGp0= -k8s.io/component-helpers v0.26.11 h1:XD2/2lik/5n1WFepDvgHzIGL0tix/EU3GaxGJHdsgkA= -k8s.io/component-helpers v0.26.11/go.mod h1:lw3bchkI0NHMPmb+CE73GznPW0Mvqd/Y9UVMEqBkysE= -k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= -k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= +k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= +k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= +k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= +k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= +k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ= +k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ= +k8s.io/cli-runtime v0.29.2 h1:smfsOcT4QujeghsNjECKN3lwyX9AwcFU0nvJ7sFN3ro= +k8s.io/cli-runtime v0.29.2/go.mod h1:KLisYYfoqeNfO+MkTWvpqIyb1wpJmmFJhioA0xd4MW8= +k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= +k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= +k8s.io/code-generator v0.29.2 h1:c9/iw2KnNpw2IRV+wwuG/Wns2TjPSgjWzbbjTevyiHI= +k8s.io/code-generator v0.29.2/go.mod h1:FwFi3C9jCrmbPjekhaCYcYG1n07CYiW1+PAPCockaos= +k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= +k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/component-helpers v0.29.2 h1:1kTIanIdqUVG2nW3e2ENVEaYbZKphqPgEdCmJvk71aw= +k8s.io/component-helpers v0.29.2/go.mod h1:gFc/p60rYtpD8UCcNfPCmbokHT2uy0yDpmr/KKUMNAw= +k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= +k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.5.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-aggregator v0.26.11 h1:P46aQPWOE+8bTbK2cqxUFP1XwH4ShZEHnlk1T5QFT8U= -k8s.io/kube-aggregator v0.26.11/go.mod h1:XNGLFzn4Ex7qFVqpCnvLUr354EM4QhMFuFSoB6JHmL4= -k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/kubectl v0.26.11 h1:cVPzYA4HKefU3tPiVK7hZpJ+5Lm04XoyvCCY5ODznpQ= -k8s.io/kubectl v0.26.11/go.mod h1:xjEX/AHtEQrGj2AGqVopyHr/JU1hLy1k7Yn48JuK9LQ= -k8s.io/kubernetes v1.26.11 h1:g3r1IAUqsaHnOG2jdpoagJ5W9UCXkR2ljQ/7BmCzPNg= -k8s.io/kubernetes v1.26.11/go.mod h1:z1URAaBJ+XnOTr3Q/l4umxRUxn/OyD2fbkUgS0Bl7u4= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/kube-aggregator v0.29.2 h1:z9qJn5wlGmGaX6EfM7OEhr6fq6SBjDKR6tPRZ/qgxeY= +k8s.io/kube-aggregator v0.29.2/go.mod h1:QEuwzmMJJsg0eg1Gv+u4cWcYeJG2+8vN8/nTXBzopUo= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/kubectl v0.29.2 h1:uaDYaBhumvkwz0S2XHt36fK0v5IdNgL7HyUniwb2IUo= +k8s.io/kubectl v0.29.2/go.mod h1:BhizuYBGcKaHWyq+G7txGw2fXg576QbPrrnQdQDZgqI= +k8s.io/kubernetes v1.29.2 h1:8hh1cntqdulanjQt7wSSSsJfBgOyx6fUdFWslvGL5m0= +k8s.io/kubernetes v1.29.2/go.mod h1:xZPKU0yO0CBbLTnbd+XGyRmmtmaVuJykDb8gNCkeeUE= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk= -k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 h1:RZkKxMR3jbQxdCEcglq3j7wY3PRJIopAwBlx1RE71X0= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427/go.mod h1:ivKkcY8Zxw5ba0jldhZCYYQfGdb2K6u9tbYK1AwMIBc= lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= @@ -2706,20 +2738,20 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.14.7 h1:Vrnm2vk9ZFlRkXATHz0W0wXcqNl7kPat8q2JyxVy0Q8= -sigs.k8s.io/controller-runtime v0.14.7/go.mod h1:ErTs3SJCOujNUnTz4AS+uh8hp6DHMo1gj6fFndJT1X8= -sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= +sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= -sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s= -sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk= -sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4= +sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= +sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY= +sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U= +sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/hack/gen-catalog/main.go b/hack/gen-catalog/main.go index 486327e33ee6e..2b4cdfb9f4e1f 100644 --- a/hack/gen-catalog/main.go +++ b/hack/gen-catalog/main.go @@ -118,6 +118,13 @@ func newDocsCommand() *cobra.Command { func generateBuiltInTriggersDocs(out io.Writer, triggers map[string][]triggers.Condition, templates map[string]services.Notification) { _, _ = fmt.Fprintln(out, "# Triggers and Templates Catalog") + + _, _ = fmt.Fprintln(out, "## Getting Started") + _, _ = fmt.Fprintln(out, "* Install Triggers and Templates from the catalog") + _, _ = fmt.Fprintln(out, " ```bash") + _, _ = fmt.Fprintln(out, " kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/notifications_catalog/install.yaml") + _, _ = fmt.Fprintln(out, " ```") + _, _ = fmt.Fprintln(out, "## Triggers") w := tablewriter.NewWriter(out) diff --git a/hack/gen-crd-spec/main.go b/hack/gen-crd-spec/main.go index e7dcd658ef26a..283752f8e881c 100644 --- a/hack/gen-crd-spec/main.go +++ b/hack/gen-crd-spec/main.go @@ -2,6 +2,7 @@ package main import ( "encoding/json" + "errors" "fmt" "os" "os/exec" @@ -27,7 +28,6 @@ func getCustomResourceDefinitions() map[string]*extensionsobj.CustomResourceDefi crdYamlBytes, err := exec.Command( "controller-gen", "paths=./pkg/apis/application/...", - "crd:trivialVersions=true", "crd:crdVersions=v1", "output:crd:stdout", ).Output() @@ -117,6 +117,10 @@ func removeDescription(v interface{}) { func checkErr(err error) { if err != nil { + var execError *exec.ExitError + if errors.As(err, &execError) { + fmt.Println(string(execError.Stderr)) + } panic(err) } } diff --git a/hack/gen-docs/main.go b/hack/gen-docs/main.go index b076224a0aaee..f102f4c1d7e89 100644 --- a/hack/gen-docs/main.go +++ b/hack/gen-docs/main.go @@ -1,6 +1,7 @@ package main import ( + "bytes" "fmt" "log" "os" @@ -64,6 +65,11 @@ func updateMkDocsNav(parent string, child string, subchild string, files []strin if err != nil { return err } + + // The marshaller drops custom tags, so re-add this one. Turns out this is much less invasive than trying to handle + // it at the YAML parser level. + newmkdocs = bytes.Replace(newmkdocs, []byte("site_url: READTHEDOCS_CANONICAL_URL"), []byte("site_url: !ENV READTHEDOCS_CANONICAL_URL"), 1) + return os.WriteFile("mkdocs.yml", newmkdocs, 0644) } diff --git a/hack/installers/checksums/helm-v3.14.4-darwin-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-darwin-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..a17a4f14d364d --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-darwin-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +73434aeac36ad068ce2e5582b8851a286dc628eae16494a26e2ad0b24a7199f9 helm-v3.14.4-darwin-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-darwin-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-darwin-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..0eaa6ab9a823b --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-darwin-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +61e9c5455f06b2ad0a1280975bf65892e707adc19d766b0cf4e9006e3b7b4b6c helm-v3.14.4-darwin-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-amd64.tar.gz.sha256 new file mode 100644 index 0000000000000..de8a7a596ea6a --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-amd64.tar.gz.sha256 @@ -0,0 +1 @@ +a5844ef2c38ef6ddf3b5a8f7d91e7e0e8ebc39a38bb3fc8013d629c1ef29c259 helm-v3.14.4-linux-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-arm64.tar.gz.sha256 new file mode 100644 index 0000000000000..f10ab40830331 --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-arm64.tar.gz.sha256 @@ -0,0 +1 @@ +113ccc53b7c57c2aba0cd0aa560b5500841b18b5210d78641acfddc53dac8ab2 helm-v3.14.4-linux-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-ppc64le.tar.gz.sha256 new file mode 100644 index 0000000000000..7a84560c18fe4 --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-ppc64le.tar.gz.sha256 @@ -0,0 +1 @@ +d0d625b43f6650ad376428520b2238baa2400bfedb43b2e0f24ad7247f0f59b5 helm-v3.14.4-linux-ppc64le.tar.gz diff --git a/hack/installers/checksums/helm-v3.14.4-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/helm-v3.14.4-linux-s390x.tar.gz.sha256 new file mode 100644 index 0000000000000..869e43aecfebf --- /dev/null +++ b/hack/installers/checksums/helm-v3.14.4-linux-s390x.tar.gz.sha256 @@ -0,0 +1 @@ +a5750d0cb1ba34ce84ab3be6382a14617130661d15dd2aa1b36630b293437936 helm-v3.14.4-linux-s390x.tar.gz diff --git a/hack/installers/install-codegen-go-tools.sh b/hack/installers/install-codegen-go-tools.sh index 6c9775ff46274..373d6977d127a 100755 --- a/hack/installers/install-codegen-go-tools.sh +++ b/hack/installers/install-codegen-go-tools.sh @@ -45,7 +45,7 @@ go_mod_install k8s.io/code-generator/cmd/lister-gen go_mod_install k8s.io/kube-openapi/cmd/openapi-gen # controller-gen is run by ./hack/gen-crd-spec to generate the CRDs -go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.4.1 +go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 # swagger cli is used to generate swagger docs go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 diff --git a/hack/installers/install-lint-tools.sh b/hack/installers/install-lint-tools.sh index b4f68e464b15b..54e7b725478c8 100755 --- a/hack/installers/install-lint-tools.sh +++ b/hack/installers/install-lint-tools.sh @@ -1,4 +1,4 @@ #!/bin/bash set -eux -o pipefail -GO111MODULE=on go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.0 +GO111MODULE=on go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.58.2 diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh index e87dc54590afd..a49285c88000d 100644 --- a/hack/tool-versions.sh +++ b/hack/tool-versions.sh @@ -11,7 +11,7 @@ # Use ./hack/installers/checksums/add-helm-checksums.sh and # add-kustomize-checksums.sh to help download checksums. ############################################################################### -helm3_version=3.14.3 +helm3_version=3.14.4 kubectl_version=1.17.8 kubectx_version=0.6.3 kustomize5_version=5.2.1 diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index 9f6d15524d04d..cdd932807d784 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -27,10 +27,10 @@ PATH="${PROJECT_ROOT}/dist:${PATH}" GOPATH=$(go env GOPATH) GOPATH_PROJECT_ROOT="${GOPATH}/src/github.com/argoproj/argo-cd" -TARGET_SCRIPT=/tmp/generate-groups.sh +TARGET_SCRIPT=/tmp/kube_codegen.sh -# codegen utilities are installed outside of generate-groups.sh so remove the `go install` step in the script. -sed -e '/go install/d' ${PROJECT_ROOT}/vendor/k8s.io/code-generator/generate-groups.sh >${TARGET_SCRIPT} +# codegen utilities are installed outside of kube_codegen.sh so remove the `go install` step in the script. +sed -e '/go install/d' ${PROJECT_ROOT}/vendor/k8s.io/code-generator/kube_codegen.sh >${TARGET_SCRIPT} # generate-groups.sh assumes codegen utilities are installed to GOBIN, but we just ensure the CLIs # are in the path and invoke them without assumption of their location diff --git a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml index 68dd75de2f47f..815e4123d05e3 100644 --- a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml +++ b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml @@ -20,6 +20,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: diff --git a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml index d974edffdd618..2219f5f9b4731 100644 --- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml +++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml @@ -21,6 +21,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -197,6 +202,12 @@ spec: name: argocd-cmd-params-cm key: controller.diff.server.side optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: controller.ignore.normalizer.jq.timeout + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-application-controller diff --git a/manifests/base/redis/argocd-redis-deployment.yaml b/manifests/base/redis/argocd-redis-deployment.yaml index bcbe729ac6d00..c591db0d0aa4a 100644 --- a/manifests/base/redis/argocd-redis-deployment.yaml +++ b/manifests/base/redis/argocd-redis-deployment.yaml @@ -15,6 +15,23 @@ spec: labels: app.kubernetes.io/name: argocd-redis spec: + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -30,6 +47,13 @@ spec: - "" - "--appendonly" - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis ports: - containerPort: 6379 securityContext: diff --git a/manifests/base/redis/argocd-redis-network-policy.yaml b/manifests/base/redis/argocd-redis-network-policy.yaml index 837b3e0424502..1454874742240 100644 --- a/manifests/base/redis/argocd-redis-network-policy.yaml +++ b/manifests/base/redis/argocd-redis-network-policy.yaml @@ -8,7 +8,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress ingress: - from: - podSelector: @@ -23,9 +22,3 @@ spec: ports: - protocol: TCP port: 6379 - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP diff --git a/manifests/base/redis/argocd-redis-role.yaml b/manifests/base/redis/argocd-redis-role.yaml new file mode 100644 index 0000000000000..a7a33f48a4c11 --- /dev/null +++ b/manifests/base/redis/argocd-redis-role.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create \ No newline at end of file diff --git a/manifests/base/redis/argocd-redis-rolebinding.yaml b/manifests/base/redis/argocd-redis-rolebinding.yaml new file mode 100644 index 0000000000000..f396914dffdca --- /dev/null +++ b/manifests/base/redis/argocd-redis-rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: + - kind: ServiceAccount + name: argocd-redis \ No newline at end of file diff --git a/manifests/base/redis/kustomization.yaml b/manifests/base/redis/kustomization.yaml index 4a0b64c4da6a8..f13b17e134234 100644 --- a/manifests/base/redis/kustomization.yaml +++ b/manifests/base/redis/kustomization.yaml @@ -6,3 +6,5 @@ resources: - argocd-redis-sa.yaml - argocd-redis-service.yaml - argocd-redis-network-policy.yaml +- argocd-redis-role.yaml +- argocd-redis-rolebinding.yaml diff --git a/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 051e66027ec11..0e86acd3e3b5e 100644 --- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -24,6 +24,11 @@ spec: args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -204,6 +209,12 @@ spec: key: reposerver.grpc.max.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml index 0ebeb70e08531..1107323b2e3b9 100644 --- a/manifests/base/server/argocd-server-deployment.yaml +++ b/manifests/base/server/argocd-server-deployment.yaml @@ -23,6 +23,11 @@ spec: args: - /usr/local/bin/argocd-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 0090caccf982e..ace900d2d65c9 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -29,20 +29,29 @@ spec: name: Revision priority: 10 type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -140,22 +149,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version (Helm) - which to sync the application to If omitted, will use the revision - specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or chart - version (Helm) which to sync each source in sources field for - the application to If omitted, will use the revision specified - in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -476,18 +484,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be - commit, tag, or branch. If omitted, will equal to HEAD. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -815,11 +823,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -838,10 +845,10 @@ spec: the sync. properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -849,10 +856,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -873,9 +880,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -904,10 +911,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted managers. - Fields mutated by those managers will take precedence over - the desired state defined in the SCM and won't be displayed - in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -934,18 +940,17 @@ spec: type: object type: array project: - description: Project is a reference to the project this application - belongs to. The empty string means that application belongs to the - 'default' project. + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. type: string revisionHistoryLimit: - description: RevisionHistoryLimit limits the number of items kept - in the application's revision history, which is used for informational - purposes as well as for rollbacks to previous versions. This should - only be changed in exceptional circumstances. Setting to zero will - store no history. This will reduce storage used. Increasing will - increase the space used to store the history, so we do not recommend - increasing it. Default is 10. + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. format: int64 type: integer source: @@ -1264,10 +1269,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1596,10 +1601,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of - Helm, this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2092,11 +2097,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2438,11 +2442,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2454,9 +2457,9 @@ spec: type: object type: array observedAt: - description: 'ObservedAt indicates when the application state was - updated without querying latest git state Deprecated: controller - no longer updates ObservedAt field' + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field format: date-time type: string operationState: @@ -2569,22 +2572,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version - (Helm) which to sync the application to If omitted, - will use the revision specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or - chart version (Helm) which to sync each source in sources - field for the application to If omitted, will use the - revision specified in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2927,19 +2929,18 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3290,11 +3291,10 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision - of the source to sync the application to. In case - of Git, this can be commit, tag, or branch. If - omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3315,11 +3315,10 @@ spec: to perform the sync. properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -3327,11 +3326,10 @@ spec: to perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -3375,9 +3373,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: HookPhase contains the state of any operation - associated with this resource OR hook This can also - contain values for non-hook resources. + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3762,11 +3760,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4117,11 +4114,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4148,8 +4144,9 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: 'ResourceStatus holds the current sync and health status - of a resource TODO: describe members of this type' + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type properties: group: type: string @@ -4232,10 +4229,9 @@ spec: if Server is not set. type: string namespace: - description: Namespace specifies the target namespace - for the application's resources. The namespace will - only be set for namespace-scoped resources that have - not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4264,10 +4260,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted - managers. Fields mutated by those managers will take - precedence over the desired state defined in the SCM - and won't be displayed in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -4613,11 +4608,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4968,11 +4962,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -5069,6 +5062,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5665,6 +5659,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -7427,6 +7422,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8023,6 +8019,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -11888,6 +11885,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array template: @@ -12484,6 +12482,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13080,6 +13079,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -16945,6 +16945,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19645,6 +19646,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20331,6 +20333,37 @@ spec: - type type: object type: array + resources: + items: + properties: + group: + type: string + health: + properties: + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array type: object required: - metadata @@ -20363,22 +20396,28 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'AppProject provides a logical grouping of applications, providing - controls for: * where the apps may deploy to (cluster whitelist) * what - may be deployed (repository whitelist, resource whitelist/blacklist) * who - can access these applications (roles, OIDC group claims bindings) * and - what they can do (RBAC policies) * automation access to these roles (JWT - tokens)' + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -20389,9 +20428,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20406,9 +20445,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20435,9 +20474,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20450,9 +20489,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20467,9 +20506,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20816,6 +20855,30 @@ rules: - watch --- apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: @@ -20868,6 +20931,22 @@ subjects: name: argocd-applicationset-controller --- apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -21279,6 +21358,13 @@ spec: - "" - --appendonly - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis image: redis:7.0.15-alpine imagePullPolicy: Always name: redis @@ -21290,6 +21376,23 @@ spec: drop: - ALL readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -21334,6 +21437,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -21514,6 +21622,12 @@ spec: key: reposerver.grpc.max.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME @@ -21657,6 +21771,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -21833,6 +21952,12 @@ spec: key: controller.diff.server.side name: argocd-cmd-params-cm optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.ignore.normalizer.jq.timeout + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-application-controller @@ -21915,12 +22040,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -21940,7 +22059,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index aaf1347f64dfb..55abcb2032ca8 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -28,20 +28,29 @@ spec: name: Revision priority: 10 type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -139,22 +148,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version (Helm) - which to sync the application to If omitted, will use the revision - specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or chart - version (Helm) which to sync each source in sources field for - the application to If omitted, will use the revision specified - in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -475,18 +483,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be - commit, tag, or branch. If omitted, will equal to HEAD. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -814,11 +822,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -837,10 +844,10 @@ spec: the sync. properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -848,10 +855,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -872,9 +879,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -903,10 +910,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted managers. - Fields mutated by those managers will take precedence over - the desired state defined in the SCM and won't be displayed - in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -933,18 +939,17 @@ spec: type: object type: array project: - description: Project is a reference to the project this application - belongs to. The empty string means that application belongs to the - 'default' project. + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. type: string revisionHistoryLimit: - description: RevisionHistoryLimit limits the number of items kept - in the application's revision history, which is used for informational - purposes as well as for rollbacks to previous versions. This should - only be changed in exceptional circumstances. Setting to zero will - store no history. This will reduce storage used. Increasing will - increase the space used to store the history, so we do not recommend - increasing it. Default is 10. + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. format: int64 type: integer source: @@ -1263,10 +1268,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1595,10 +1600,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of - Helm, this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2091,11 +2096,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2437,11 +2441,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2453,9 +2456,9 @@ spec: type: object type: array observedAt: - description: 'ObservedAt indicates when the application state was - updated without querying latest git state Deprecated: controller - no longer updates ObservedAt field' + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field format: date-time type: string operationState: @@ -2568,22 +2571,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version - (Helm) which to sync the application to If omitted, - will use the revision specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or - chart version (Helm) which to sync each source in sources - field for the application to If omitted, will use the - revision specified in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2926,19 +2928,18 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3289,11 +3290,10 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision - of the source to sync the application to. In case - of Git, this can be commit, tag, or branch. If - omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3314,11 +3314,10 @@ spec: to perform the sync. properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -3326,11 +3325,10 @@ spec: to perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -3374,9 +3372,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: HookPhase contains the state of any operation - associated with this resource OR hook This can also - contain values for non-hook resources. + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3761,11 +3759,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4116,11 +4113,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4147,8 +4143,9 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: 'ResourceStatus holds the current sync and health status - of a resource TODO: describe members of this type' + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type properties: group: type: string @@ -4231,10 +4228,9 @@ spec: if Server is not set. type: string namespace: - description: Namespace specifies the target namespace - for the application's resources. The namespace will - only be set for namespace-scoped resources that have - not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4263,10 +4259,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted - managers. Fields mutated by those managers will take - precedence over the desired state defined in the SCM - and won't be displayed in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -4612,11 +4607,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4967,11 +4961,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index 2668052f431a0..b0ea7bb05d9c0 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -61,6 +61,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -657,6 +658,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -2419,6 +2421,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -3015,6 +3018,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -6880,6 +6884,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array template: @@ -7476,6 +7481,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8072,6 +8078,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -11937,6 +11944,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -14637,6 +14645,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -15323,6 +15332,37 @@ spec: - type type: object type: array + resources: + items: + properties: + group: + type: string + health: + properties: + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array type: object required: - metadata diff --git a/manifests/crds/appproject-crd.yaml b/manifests/crds/appproject-crd.yaml index 989b3004892f6..2ebe3c2f4e325 100644 --- a/manifests/crds/appproject-crd.yaml +++ b/manifests/crds/appproject-crd.yaml @@ -20,22 +20,28 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'AppProject provides a logical grouping of applications, providing - controls for: * where the apps may deploy to (cluster whitelist) * what - may be deployed (repository whitelist, resource whitelist/blacklist) * who - can access these applications (roles, OIDC group claims bindings) * and - what they can do (RBAC policies) * automation access to these roles (JWT - tokens)' + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -46,9 +52,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -63,9 +69,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -92,9 +98,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -107,9 +113,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -124,9 +130,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string diff --git a/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml b/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml index 7732c0debdae4..89c9302e9430a 100644 --- a/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml +++ b/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml @@ -8,7 +8,6 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy policyTypes: - Ingress - - Egress ingress: - from: - podSelector: @@ -25,18 +24,4 @@ spec: protocol: TCP - port: 26379 protocol: TCP - egress: - - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis-ha - ports: - - port: 6379 - protocol: TCP - - port: 26379 - protocol: TCP - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP + diff --git a/manifests/ha/base/redis-ha/chart/requirements.lock b/manifests/ha/base/redis-ha/chart/requirements.lock index 9e5e9273942da..25a568b2620d4 100644 --- a/manifests/ha/base/redis-ha/chart/requirements.lock +++ b/manifests/ha/base/redis-ha/chart/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: redis-ha repository: https://dandydeveloper.github.io/charts - version: 4.22.3 -digest: sha256:ae773caf65b172bdd2216072c03ba76ef3c0383dbd1e2478934a67b9455f6a2e -generated: "2022-11-02T16:57:25.047025473-07:00" + version: 4.26.6 +digest: sha256:c363f48ea8339c4bdb7c8a2cca62aa487b69d0a52a6fe6267fbbbbc07e468abd +generated: "2024-04-10T11:02:32.957812-07:00" diff --git a/manifests/ha/base/redis-ha/chart/requirements.yaml b/manifests/ha/base/redis-ha/chart/requirements.yaml index bdcde75a60727..618eecda6ddcc 100644 --- a/manifests/ha/base/redis-ha/chart/requirements.yaml +++ b/manifests/ha/base/redis-ha/chart/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: redis-ha - version: 4.22.3 + version: 4.26.6 repository: https://dandydeveloper.github.io/charts diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml index e78ed94856d91..3aeabcbf53f64 100644 --- a/manifests/ha/base/redis-ha/chart/upstream.yaml +++ b/manifests/ha/base/redis-ha/chart/upstream.yaml @@ -9,8 +9,10 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha +secrets: +- name: argocd-redis --- # Source: redis-ha/charts/redis-ha/templates/redis-haproxy-serviceaccount.yaml apiVersion: v1 @@ -21,7 +23,7 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha --- # Source: redis-ha/charts/redis-ha/templates/redis-ha-configmap.yaml @@ -33,7 +35,7 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha data: redis.conf: | @@ -50,6 +52,8 @@ data: rdbcompression yes repl-diskless-sync yes save "" + requirepass replace-default-auth + masterauth replace-default-auth sentinel.conf: | dir "/data" @@ -59,6 +63,7 @@ data: sentinel failover-timeout argocd 180000 maxclients 10000 sentinel parallel-syncs argocd 5 + sentinel auth-pass argocd replace-default-auth init.sh: | echo "$(date) Start..." @@ -82,7 +87,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -191,9 +196,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -226,7 +231,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -345,7 +350,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -454,9 +459,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -489,7 +494,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -554,9 +559,9 @@ data: redis_role() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') else - ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') fi set -e } @@ -564,9 +569,9 @@ data: identify_redis_master() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') else - REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') fi set -e } @@ -576,9 +581,9 @@ data: sh /readonly-config/init.sh if [ "$REDIS_PORT" -eq 0 ]; then - echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key else - echo "shutdown" | redis-cli -p "${REDIS_PORT}" + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" fi set -e } @@ -591,6 +596,7 @@ data: identify_announce_ip done + trap "exit 0" TERM while true; do sleep 60 @@ -674,6 +680,8 @@ data: mode tcp option tcp-check tcp-check connect + tcp-check send "AUTH ${AUTH}"\r\n + tcp-check expect string +OK tcp-check send PING\r\n tcp-check expect string +PONG tcp-check send info\ replication\r\n @@ -730,6 +738,7 @@ data: get_redis_role() { is_master=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ info | grep -c 'role:master' || true @@ -766,12 +775,13 @@ metadata: labels: heritage: Helm release: argocd - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 app: argocd-redis-ha data: redis_liveness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -784,6 +794,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -816,7 +827,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 rules: - apiGroups: - "" @@ -835,7 +846,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 component: argocd-redis-ha-haproxy rules: - apiGroups: @@ -855,7 +866,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 subjects: - kind: ServiceAccount name: argocd-redis-ha @@ -874,7 +885,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 component: argocd-redis-ha-haproxy subjects: - kind: ServiceAccount @@ -894,9 +905,8 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: publishNotReadyAddresses: true type: ClusterIP @@ -924,9 +934,8 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: publishNotReadyAddresses: true type: ClusterIP @@ -954,9 +963,8 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" spec: publishNotReadyAddresses: true type: ClusterIP @@ -984,7 +992,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: spec: type: ClusterIP @@ -1012,7 +1020,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 component: argocd-redis-ha-haproxy annotations: spec: @@ -1040,7 +1048,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 spec: strategy: type: RollingUpdate @@ -1056,12 +1064,11 @@ spec: labels: app: redis-ha-haproxy release: argocd - revision: "1" annotations: prometheus.io/port: "9101" prometheus.io/scrape: "true" prometheus.io/path: "/metrics" - checksum/config: 492a6adabb741e0cee39be9aa5155c41a4456629f862d0006a2d892dbecfbcae + checksum/config: e34e8124c38bcfd2f16e75620bbde30158686692b13bc449eecc44c51b207d54 spec: # Needed when using unmodified rbac-setup.yml @@ -1081,11 +1088,10 @@ spec: matchLabels: app: redis-ha-haproxy release: argocd - revision: "1" topologyKey: kubernetes.io/hostname initContainers: - name: config-init - image: haproxy:2.6.14-alpine + image: public.ecr.aws/docker/library/haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent resources: {} @@ -1109,7 +1115,7 @@ spec: mountPath: /data containers: - name: haproxy - image: haproxy:2.6.14-alpine + image: public.ecr.aws/docker/library/haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false @@ -1119,6 +1125,12 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault + env: + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth livenessProbe: httpGet: path: /healthz @@ -1167,7 +1179,7 @@ metadata: app: redis-ha heritage: "Helm" release: "argocd" - chart: redis-ha-4.22.3 + chart: redis-ha-4.26.6 annotations: {} spec: @@ -1183,7 +1195,7 @@ spec: template: metadata: annotations: - checksum/init-config: 69130412bda04eacad3530cb7bcf26cf121401e725e15d0959dd71a7380afe75 + checksum/init-config: 9d3c019a5ea1fd98ab5cde397d8eecd351da884f15e6ba346c607cb2446c2198 labels: release: argocd app: redis-ha @@ -1207,7 +1219,7 @@ spec: automountServiceAccountToken: false initContainers: - name: config-init - image: redis:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent resources: {} @@ -1231,6 +1243,11 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth volumeMounts: - name: config mountPath: /readonly-config @@ -1241,12 +1258,12 @@ spec: containers: - name: redis - image: redis:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent command: - - redis-server + - redis-server args: - - /data/conf/redis.conf + - /data/conf/redis.conf securityContext: allowPrivilegeEscalation: false capabilities: @@ -1256,6 +1273,12 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault + env: + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth livenessProbe: initialDelaySeconds: 30 periodSeconds: 15 @@ -1298,7 +1321,7 @@ spec: - /bin/sh - /readonly-config/trigger-failover-if-master.sh - name: sentinel - image: redis:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent command: - redis-sentinel @@ -1313,6 +1336,12 @@ spec: runAsUser: 1000 seccompProfile: type: RuntimeDefault + env: + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth livenessProbe: initialDelaySeconds: 30 periodSeconds: 15 @@ -1349,7 +1378,7 @@ spec: {} - name: split-brain-fix - image: redis:7.0.15-alpine + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent command: - sh @@ -1371,6 +1400,11 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca + - name: AUTH + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth resources: {} volumeMounts: diff --git a/manifests/ha/base/redis-ha/chart/values.yaml b/manifests/ha/base/redis-ha/chart/values.yaml index c15def91ece21..9ba9fa918d34c 100644 --- a/manifests/ha/base/redis-ha/chart/values.yaml +++ b/manifests/ha/base/redis-ha/chart/values.yaml @@ -1,4 +1,7 @@ redis-ha: + auth: true + authKey: auth + existingSecret: argocd-redis persistentVolume: enabled: false redis: diff --git a/manifests/ha/base/redis-ha/kustomization.yaml b/manifests/ha/base/redis-ha/kustomization.yaml index bf0c6c3dff255..0da9beb9930e8 100644 --- a/manifests/ha/base/redis-ha/kustomization.yaml +++ b/manifests/ha/base/redis-ha/kustomization.yaml @@ -20,7 +20,7 @@ patches: kind: ConfigMap name: argocd-redis-ha-configmap namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: version: v1 group: "" @@ -34,28 +34,28 @@ patches: kind: ServiceAccount name: argocd-redis-ha-haproxy namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 kind: Role name: argocd-redis-ha namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 kind: Role name: argocd-redis-ha-haproxy namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 kind: RoleBinding name: argocd-redis-ha namespace: argocd - path: overlays/remove-namespace.yaml + path: overlays/remove-namespace.yaml - target: group: rbac.authorization.k8s.io version: v1 @@ -294,3 +294,15 @@ patches: kind: StatefulSet name: argocd-redis-ha-server path: overlays/statefulset-containers-securityContext.yaml +- target: + group: rbac.authorization.k8s.io + version: v1 + kind: Role + name: argocd-redis-ha-haproxy + path: overlays/haproxy-role.yaml +- target: + group: apps + version: v1 + kind: Deployment + name: argocd-redis-ha-haproxy + path: overlays/deployment-initContainers.yaml \ No newline at end of file diff --git a/manifests/ha/base/redis-ha/overlays/deployment-initContainers.yaml b/manifests/ha/base/redis-ha/overlays/deployment-initContainers.yaml new file mode 100644 index 0000000000000..8e6ea2754a9fa --- /dev/null +++ b/manifests/ha/base/redis-ha/overlays/deployment-initContainers.yaml @@ -0,0 +1,16 @@ +- op: add + path: /spec/template/spec/initContainers/0 + value: + name: secret-init + command: [ 'argocd', 'admin', 'redis-initial-password' ] + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault \ No newline at end of file diff --git a/manifests/ha/base/redis-ha/overlays/haproxy-role.yaml b/manifests/ha/base/redis-ha/overlays/haproxy-role.yaml new file mode 100644 index 0000000000000..b74a48006a977 --- /dev/null +++ b/manifests/ha/base/redis-ha/overlays/haproxy-role.yaml @@ -0,0 +1,20 @@ +- op: add + path: /rules/0 + value: + apiGroups: + - "" + resources: + - secrets + resourceNames: + - argocd-redis + verbs: + - get +- op: add + path: /rules/0 + value: + apiGroups: + - "" + resources: + - secrets + verbs: + - create \ No newline at end of file diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 9cfd20046c323..dee5a101d83ff 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -29,20 +29,29 @@ spec: name: Revision priority: 10 type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -140,22 +149,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version (Helm) - which to sync the application to If omitted, will use the revision - specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or chart - version (Helm) which to sync each source in sources field for - the application to If omitted, will use the revision specified - in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -476,18 +484,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be - commit, tag, or branch. If omitted, will equal to HEAD. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -815,11 +823,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -838,10 +845,10 @@ spec: the sync. properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -849,10 +856,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -873,9 +880,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -904,10 +911,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted managers. - Fields mutated by those managers will take precedence over - the desired state defined in the SCM and won't be displayed - in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -934,18 +940,17 @@ spec: type: object type: array project: - description: Project is a reference to the project this application - belongs to. The empty string means that application belongs to the - 'default' project. + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. type: string revisionHistoryLimit: - description: RevisionHistoryLimit limits the number of items kept - in the application's revision history, which is used for informational - purposes as well as for rollbacks to previous versions. This should - only be changed in exceptional circumstances. Setting to zero will - store no history. This will reduce storage used. Increasing will - increase the space used to store the history, so we do not recommend - increasing it. Default is 10. + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. format: int64 type: integer source: @@ -1264,10 +1269,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1596,10 +1601,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of - Helm, this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2092,11 +2097,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2438,11 +2442,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2454,9 +2457,9 @@ spec: type: object type: array observedAt: - description: 'ObservedAt indicates when the application state was - updated without querying latest git state Deprecated: controller - no longer updates ObservedAt field' + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field format: date-time type: string operationState: @@ -2569,22 +2572,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version - (Helm) which to sync the application to If omitted, - will use the revision specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or - chart version (Helm) which to sync each source in sources - field for the application to If omitted, will use the - revision specified in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2927,19 +2929,18 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3290,11 +3291,10 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision - of the source to sync the application to. In case - of Git, this can be commit, tag, or branch. If - omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3315,11 +3315,10 @@ spec: to perform the sync. properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -3327,11 +3326,10 @@ spec: to perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -3375,9 +3373,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: HookPhase contains the state of any operation - associated with this resource OR hook This can also - contain values for non-hook resources. + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3762,11 +3760,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4117,11 +4114,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4148,8 +4144,9 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: 'ResourceStatus holds the current sync and health status - of a resource TODO: describe members of this type' + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type properties: group: type: string @@ -4232,10 +4229,9 @@ spec: if Server is not set. type: string namespace: - description: Namespace specifies the target namespace - for the application's resources. The namespace will - only be set for namespace-scoped resources that have - not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4264,10 +4260,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted - managers. Fields mutated by those managers will take - precedence over the desired state defined in the SCM - and won't be displayed in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -4613,11 +4608,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4968,11 +4962,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -5069,6 +5062,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5665,6 +5659,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -7427,6 +7422,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8023,6 +8019,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -11888,6 +11885,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array template: @@ -12484,6 +12482,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13080,6 +13079,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -16945,6 +16945,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19645,6 +19646,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20331,6 +20333,37 @@ spec: - type type: object type: array + resources: + items: + properties: + group: + type: string + health: + properties: + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array type: object required: - metadata @@ -20363,22 +20396,28 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'AppProject provides a logical grouping of applications, providing - controls for: * where the apps may deploy to (cluster whitelist) * what - may be deployed (repository whitelist, resource whitelist/blacklist) * who - can access these applications (roles, OIDC group claims bindings) * and - what they can do (RBAC policies) * automation access to these roles (JWT - tokens)' + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -20389,9 +20428,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20406,9 +20445,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20435,9 +20474,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20450,9 +20489,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20467,9 +20506,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20710,6 +20749,8 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha +secrets: +- name: argocd-redis --- apiVersion: v1 kind: ServiceAccount @@ -20940,6 +20981,20 @@ metadata: app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get - apiGroups: - "" resources: @@ -21384,7 +21439,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -21493,9 +21548,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -21528,7 +21583,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -21593,9 +21648,9 @@ data: redis_role() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') else - ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') fi set -e } @@ -21603,9 +21658,9 @@ data: identify_redis_master() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') else - REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') fi set -e } @@ -21615,9 +21670,9 @@ data: sh /readonly-config/init.sh if [ "$REDIS_PORT" -eq 0 ]; then - echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key else - echo "shutdown" | redis-cli -p "${REDIS_PORT}" + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" fi set -e } @@ -21630,6 +21685,7 @@ data: identify_announce_ip done + trap "exit 0" TERM while true; do sleep 60 @@ -21672,9 +21728,10 @@ data: decide redis backend to use\n#master\nfrontend ft_redis_master\n bind :6379 \n \ use_backend bk_redis_master\n# Check all redis servers to see if they think they are master\nbackend bk_redis_master\n mode tcp\n option tcp-check\n tcp-check - connect\n tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check - send info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check - send QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) + connect\n tcp-check send \"AUTH ${AUTH}\"\\r\\n\n tcp-check expect string +OK\n + \ tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check send + info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check send + QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) } { nbsrv(check_if_redis_is_master_0) ge 2 }\n server R0 argocd-redis-ha-announce-0:6379 check inter 3s fall 1 rise 1\n use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) ge 2 }\n server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise @@ -21737,7 +21794,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -21846,9 +21903,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -21881,7 +21938,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -21989,6 +22046,8 @@ data: rdbcompression yes repl-diskless-sync yes save "" + requirepass replace-default-auth + masterauth replace-default-auth sentinel.conf: | dir "/data" port 26379 @@ -21997,10 +22056,12 @@ data: sentinel failover-timeout argocd 180000 maxclients 10000 sentinel parallel-syncs argocd 5 + sentinel auth-pass argocd replace-default-auth trigger-failover-if-master.sh: | get_redis_role() { is_master=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ info | grep -c 'role:master' || true @@ -22040,6 +22101,7 @@ data: redis_liveness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -22052,6 +22114,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -22240,8 +22303,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -22266,8 +22327,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -22292,8 +22351,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -22810,7 +22867,7 @@ spec: template: metadata: annotations: - checksum/config: 492a6adabb741e0cee39be9aa5155c41a4456629f862d0006a2d892dbecfbcae + checksum/config: e34e8124c38bcfd2f16e75620bbde30158686692b13bc449eecc44c51b207d54 prometheus.io/path: /metrics prometheus.io/port: "9101" prometheus.io/scrape: "true" @@ -22826,7 +22883,13 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy topologyKey: kubernetes.io/hostname containers: - - image: haproxy:2.6.14-alpine + - env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -22861,11 +22924,27 @@ spec: - mountPath: /run/haproxy name: shared-socket initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - /readonly/haproxy_init.sh command: - sh - image: haproxy:2.6.14-alpine + image: public.ecr.aws/docker/library/haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -22933,6 +23012,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -23113,6 +23197,12 @@ spec: key: reposerver.grpc.max.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME @@ -23256,6 +23346,11 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -23602,6 +23697,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -23778,6 +23878,12 @@ spec: key: controller.diff.server.side name: argocd-cmd-params-cm optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.ignore.normalizer.jq.timeout + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-application-controller @@ -23838,7 +23944,7 @@ spec: template: metadata: annotations: - checksum/init-config: 69130412bda04eacad3530cb7bcf26cf121401e725e15d0959dd71a7380afe75 + checksum/init-config: 9d3c019a5ea1fd98ab5cde397d8eecd351da884f15e6ba346c607cb2446c2198 labels: app.kubernetes.io/name: argocd-redis-ha spec: @@ -23855,7 +23961,13 @@ spec: - /data/conf/redis.conf command: - redis-server - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -23909,7 +24021,13 @@ spec: - /data/conf/sentinel.conf command: - redis-sentinel - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -23962,7 +24080,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -23992,7 +24115,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -24115,21 +24243,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-ha-proxy-network-policy spec: - egress: - - ports: - - port: 6379 - protocol: TCP - - port: 26379 - protocol: TCP - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis-ha - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -24151,7 +24264,6 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index f1fe3b2ab1a75..157ebd9bad946 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -43,6 +43,8 @@ metadata: app.kubernetes.io/name: argocd-redis-ha app.kubernetes.io/part-of: argocd name: argocd-redis-ha +secrets: +- name: argocd-redis --- apiVersion: v1 kind: ServiceAccount @@ -273,6 +275,20 @@ metadata: app.kubernetes.io/part-of: argocd name: argocd-redis-ha-haproxy rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get - apiGroups: - "" resources: @@ -505,7 +521,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -614,9 +630,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -649,7 +665,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -714,9 +730,9 @@ data: redis_role() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - ROLE=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//') else - ROLE=$(redis-cli -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') + ROLE=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//') fi set -e } @@ -724,9 +740,9 @@ data: identify_redis_master() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - REDIS_MASTER=$(redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//') else - REDIS_MASTER=$(redis-cli -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') + REDIS_MASTER=$(redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//') fi set -e } @@ -736,9 +752,9 @@ data: sh /readonly-config/init.sh if [ "$REDIS_PORT" -eq 0 ]; then - echo "shutdown" | redis-cli -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key else - echo "shutdown" | redis-cli -p "${REDIS_PORT}" + echo "shutdown" | redis-cli -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" fi set -e } @@ -751,6 +767,7 @@ data: identify_announce_ip done + trap "exit 0" TERM while true; do sleep 60 @@ -793,9 +810,10 @@ data: decide redis backend to use\n#master\nfrontend ft_redis_master\n bind :6379 \n \ use_backend bk_redis_master\n# Check all redis servers to see if they think they are master\nbackend bk_redis_master\n mode tcp\n option tcp-check\n tcp-check - connect\n tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check - send info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check - send QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) + connect\n tcp-check send \"AUTH ${AUTH}\"\\r\\n\n tcp-check expect string +OK\n + \ tcp-check send PING\\r\\n\n tcp-check expect string +PONG\n tcp-check send + info\\ replication\\r\\n\n tcp-check expect string role:master\n tcp-check send + QUIT\\r\\n\n tcp-check expect string +OK\n use-server R0 if { srv_is_up(R0) } { nbsrv(check_if_redis_is_master_0) ge 2 }\n server R0 argocd-redis-ha-announce-0:6379 check inter 3s fall 1 rise 1\n use-server R1 if { srv_is_up(R1) } { nbsrv(check_if_redis_is_master_1) ge 2 }\n server R1 argocd-redis-ha-announce-1:6379 check inter 3s fall 1 rise @@ -858,7 +876,7 @@ data: sentinel_get_master() { set +e if [ "$SENTINEL_PORT" -eq 0 ]; then - redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ + redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))' else redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}" sentinel get-master-addr-by-name "${MASTER_GROUP}" |\ @@ -967,9 +985,9 @@ data: redis_ping() { set +e if [ "$REDIS_PORT" -eq 0 ]; then - redis-cli -h "${MASTER}" -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping else - redis-cli -h "${MASTER}" -p "${REDIS_PORT}" ping + redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping fi set -e } @@ -1002,7 +1020,7 @@ data: if [ "$SENTINEL_PORT" -eq 0 ]; then echo " on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})" - if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then + if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}" --tls --cacert /tls-certs/ca.crt --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then echo " $(date) Failover returned with 'NOGOODSLAVE'" echo "Setting defaults for this pod.." setup_defaults @@ -1110,6 +1128,8 @@ data: rdbcompression yes repl-diskless-sync yes save "" + requirepass replace-default-auth + masterauth replace-default-auth sentinel.conf: | dir "/data" port 26379 @@ -1118,10 +1138,12 @@ data: sentinel failover-timeout argocd 180000 maxclients 10000 sentinel parallel-syncs argocd 5 + sentinel auth-pass argocd replace-default-auth trigger-failover-if-master.sh: | get_redis_role() { is_master=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ info | grep -c 'role:master' || true @@ -1161,6 +1183,7 @@ data: redis_liveness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -1173,6 +1196,7 @@ data: redis_readiness.sh: | response=$( redis-cli \ + -a "${AUTH}" --no-auth-warning \ -h localhost \ -p 6379 \ ping @@ -1361,8 +1385,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -1387,8 +1409,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -1413,8 +1433,6 @@ spec: apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: app.kubernetes.io/component: redis app.kubernetes.io/name: argocd-redis-ha @@ -1931,7 +1949,7 @@ spec: template: metadata: annotations: - checksum/config: 492a6adabb741e0cee39be9aa5155c41a4456629f862d0006a2d892dbecfbcae + checksum/config: e34e8124c38bcfd2f16e75620bbde30158686692b13bc449eecc44c51b207d54 prometheus.io/path: /metrics prometheus.io/port: "9101" prometheus.io/scrape: "true" @@ -1947,7 +1965,13 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy topologyKey: kubernetes.io/hostname containers: - - image: haproxy:2.6.14-alpine + - env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -1982,11 +2006,27 @@ spec: - mountPath: /run/haproxy name: shared-socket initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault - args: - /readonly/haproxy_init.sh command: - sh - image: haproxy:2.6.14-alpine + image: public.ecr.aws/docker/library/haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -2054,6 +2094,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -2234,6 +2279,12 @@ spec: key: reposerver.grpc.max.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME @@ -2377,6 +2428,11 @@ spec: env: - name: ARGOCD_API_SERVER_REPLICAS value: "2" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -2723,6 +2779,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -2899,6 +2960,12 @@ spec: key: controller.diff.server.side name: argocd-cmd-params-cm optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.ignore.normalizer.jq.timeout + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-application-controller @@ -2959,7 +3026,7 @@ spec: template: metadata: annotations: - checksum/init-config: 69130412bda04eacad3530cb7bcf26cf121401e725e15d0959dd71a7380afe75 + checksum/init-config: 9d3c019a5ea1fd98ab5cde397d8eecd351da884f15e6ba346c607cb2446c2198 labels: app.kubernetes.io/name: argocd-redis-ha spec: @@ -2976,7 +3043,13 @@ spec: - /data/conf/redis.conf command: - redis-server - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -3030,7 +3103,13 @@ spec: - /data/conf/sentinel.conf command: - redis-sentinel - image: redis:7.0.15-alpine + env: + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -3083,7 +3162,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -3113,7 +3197,12 @@ spec: value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4 - name: SENTINEL_ID_2 value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca - image: redis:7.0.15-alpine + - name: AUTH + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + image: public.ecr.aws/docker/library/redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -3236,21 +3325,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-ha-proxy-network-policy spec: - egress: - - ports: - - port: 6379 - protocol: TCP - - port: 26379 - protocol: TCP - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: argocd-redis-ha - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -3272,7 +3346,6 @@ spec: app.kubernetes.io/name: argocd-redis-ha-haproxy policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/install.yaml b/manifests/install.yaml index 3f591d8b41fff..7a30db2b5bf4c 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -29,20 +29,29 @@ spec: name: Revision priority: 10 type: string + - jsonPath: .spec.project + name: Project + priority: 10 + type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -140,22 +149,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version (Helm) - which to sync the application to If omitted, will use the revision - specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or chart - version (Helm) which to sync each source in sources field for - the application to If omitted, will use the revision specified - in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -476,18 +484,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be - commit, tag, or branch. If omitted, will equal to HEAD. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set in the - application. This is typically set in a Rollback operation and - is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -815,11 +823,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -838,10 +845,10 @@ spec: the sync. properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -849,10 +856,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to supply - the --force flag to `kubectl apply`. The --force flag - deletes and re-create the resource, when PATCH encounters - conflict and has retried for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -873,9 +880,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -904,10 +911,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted managers. - Fields mutated by those managers will take precedence over - the desired state defined in the SCM and won't be displayed - in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -934,18 +940,17 @@ spec: type: object type: array project: - description: Project is a reference to the project this application - belongs to. The empty string means that application belongs to the - 'default' project. + description: |- + Project is a reference to the project this application belongs to. + The empty string means that application belongs to the 'default' project. type: string revisionHistoryLimit: - description: RevisionHistoryLimit limits the number of items kept - in the application's revision history, which is used for informational - purposes as well as for rollbacks to previous versions. This should - only be changed in exceptional circumstances. Setting to zero will - store no history. This will reduce storage used. Increasing will - increase the space used to store the history, so we do not recommend - increasing it. Default is 10. + description: |- + RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. + This should only be changed in exceptional circumstances. + Setting to zero will store no history. This will reduce storage used. + Increasing will increase the space used to store the history, so we do not recommend increasing it. + Default is 10. format: int64 type: integer source: @@ -1264,10 +1269,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1596,10 +1601,10 @@ spec: that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the source - to sync the application to. In case of Git, this can be commit, - tag, or branch. If omitted, will equal to HEAD. In case of - Helm, this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2092,11 +2097,10 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2438,11 +2442,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2454,9 +2457,9 @@ spec: type: object type: array observedAt: - description: 'ObservedAt indicates when the application state was - updated without querying latest git state Deprecated: controller - no longer updates ObservedAt field' + description: |- + ObservedAt indicates when the application state was updated without querying latest git state + Deprecated: controller no longer updates ObservedAt field format: date-time type: string operationState: @@ -2569,22 +2572,21 @@ spec: type: object type: array revision: - description: Revision is the revision (Git) or chart version - (Helm) which to sync the application to If omitted, - will use the revision specified in app spec. + description: |- + Revision is the revision (Git) or chart version (Helm) which to sync the application to + If omitted, will use the revision specified in app spec. type: string revisions: - description: Revisions is the list of revision (Git) or - chart version (Helm) which to sync each source in sources - field for the application to If omitted, will use the - revision specified in app spec. + description: |- + Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to + If omitted, will use the revision specified in app spec. items: type: string type: array source: - description: Source overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Source overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2927,19 +2929,18 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: Sources overrides the source definition set - in the application. This is typically set in a Rollback - operation and is nil during a Sync operation + description: |- + Sources overrides the source definition set in the application. + This is typically set in a Rollback operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3290,11 +3291,10 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision - of the source to sync the application to. In case - of Git, this can be commit, tag, or branch. If - omitted, will equal to HEAD. In case of Helm, - this is a semver tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3315,11 +3315,10 @@ spec: to perform the sync. properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object hook: @@ -3327,11 +3326,10 @@ spec: to perform the sync. This is the default strategy properties: force: - description: Force indicates whether or not to - supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, - when PATCH encounters conflict and has retried - for 5 times. + description: |- + Force indicates whether or not to supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, when PATCH encounters conflict and has + retried for 5 times. type: boolean type: object type: object @@ -3375,9 +3373,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: HookPhase contains the state of any operation - associated with this resource OR hook This can also - contain values for non-hook resources. + description: |- + HookPhase contains the state of any operation associated with this resource OR hook + This can also contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3762,11 +3760,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4117,11 +4114,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4148,8 +4144,9 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: 'ResourceStatus holds the current sync and health status - of a resource TODO: describe members of this type' + description: |- + ResourceStatus holds the current sync and health status of a resource + TODO: describe members of this type properties: group: type: string @@ -4232,10 +4229,9 @@ spec: if Server is not set. type: string namespace: - description: Namespace specifies the target namespace - for the application's resources. The namespace will - only be set for namespace-scoped resources that have - not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4264,10 +4260,9 @@ spec: kind: type: string managedFieldsManagers: - description: ManagedFieldsManagers is a list of trusted - managers. Fields mutated by those managers will take - precedence over the desired state defined in the SCM - and won't be displayed in diffs + description: |- + ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the + desired state defined in the SCM and won't be displayed in diffs items: type: string type: array @@ -4613,11 +4608,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of the - source to sync the application to. In case of Git, this - can be commit, tag, or branch. If omitted, will equal - to HEAD. In case of Helm, this is a semver tag for the - Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -4968,11 +4962,10 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: TargetRevision defines the revision of - the source to sync the application to. In case of - Git, this can be commit, tag, or branch. If omitted, - will equal to HEAD. In case of Helm, this is a semver - tag for the Chart's version. + description: |- + TargetRevision defines the revision of the source to sync the application to. + In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -5069,6 +5062,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5665,6 +5659,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -7427,6 +7422,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8023,6 +8019,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -11888,6 +11885,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array template: @@ -12484,6 +12482,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13080,6 +13079,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic template: properties: metadata: @@ -16945,6 +16945,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19645,6 +19646,7 @@ spec: type: string type: object type: object + x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20331,6 +20333,37 @@ spec: - type type: object type: array + resources: + items: + properties: + group: + type: string + health: + properties: + message: + type: string + status: + type: string + type: object + hook: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + requiresPruning: + type: boolean + status: + type: string + syncWave: + format: int64 + type: integer + version: + type: string + type: object + type: array type: object required: - metadata @@ -20363,22 +20396,28 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: 'AppProject provides a logical grouping of applications, providing - controls for: * where the apps may deploy to (cluster whitelist) * what - may be deployed (repository whitelist, resource whitelist/blacklist) * who - can access these applications (roles, OIDC group claims bindings) * and - what they can do (RBAC policies) * automation access to these roles (JWT - tokens)' + description: |- + AppProject provides a logical grouping of applications, providing controls for: + * where the apps may deploy to (cluster whitelist) + * what may be deployed (repository whitelist, resource whitelist/blacklist) + * who can access these applications (roles, OIDC group claims bindings) + * and what they can do (RBAC policies) + * automation access to these roles (JWT tokens) properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -20389,9 +20428,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20406,9 +20445,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20435,9 +20474,9 @@ spec: not set. type: string namespace: - description: Namespace specifies the target namespace for the - application's resources. The namespace will only be set for - namespace-scoped resources that have not set a value for .metadata.namespace + description: |- + Namespace specifies the target namespace for the application's resources. + The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20450,9 +20489,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20467,9 +20506,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: GroupKind specifies a Group and a Kind, but does not - force a version. This is useful for identifying concepts during - lookup stages without having partially valid types + description: |- + GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying + concepts during lookup stages without having partially valid types properties: group: type: string @@ -20908,6 +20947,30 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: labels: app.kubernetes.io/component: server @@ -21177,6 +21240,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: labels: app.kubernetes.io/component: server @@ -21924,6 +22003,13 @@ spec: - "" - --appendonly - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis image: redis:7.0.15-alpine imagePullPolicy: Always name: redis @@ -21935,6 +22021,23 @@ spec: drop: - ALL readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -21979,6 +22082,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -22159,6 +22267,12 @@ spec: key: reposerver.grpc.max.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME @@ -22300,6 +22414,11 @@ spec: - args: - /usr/local/bin/argocd-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -22646,6 +22765,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -22822,6 +22946,12 @@ spec: key: controller.diff.server.side name: argocd-cmd-params-cm optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.ignore.normalizer.jq.timeout + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-application-controller @@ -22951,12 +23081,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -22976,7 +23100,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 6655fb5e4c4cc..a1b2b31f0265d 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -241,6 +241,30 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +rules: +- apiGroups: + - "" + resourceNames: + - argocd-redis + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: labels: app.kubernetes.io/component: server @@ -349,6 +373,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: redis + app.kubernetes.io/name: argocd-redis + app.kubernetes.io/part-of: argocd + name: argocd-redis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argocd-redis +subjects: +- kind: ServiceAccount + name: argocd-redis +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: labels: app.kubernetes.io/component: server @@ -1045,6 +1085,13 @@ spec: - "" - --appendonly - "no" + - --requirepass $(REDIS_PASSWORD) + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis image: redis:7.0.15-alpine imagePullPolicy: Always name: redis @@ -1056,6 +1103,23 @@ spec: drop: - ALL readOnlyRootFilesystem: true + initContainers: + - command: + - argocd + - admin + - redis-initial-password + image: quay.io/argoproj/argocd:latest + imagePullPolicy: IfNotPresent + name: secret-init + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true runAsUser: 999 @@ -1100,6 +1164,11 @@ spec: - args: - /usr/local/bin/argocd-repo-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_RECONCILIATION_TIMEOUT valueFrom: configMapKeyRef: @@ -1280,6 +1349,12 @@ spec: key: reposerver.grpc.max.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES + valueFrom: + configMapKeyRef: + key: reposerver.include.hidden.directories + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME @@ -1421,6 +1496,11 @@ spec: - args: - /usr/local/bin/argocd-server env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_SERVER_INSECURE valueFrom: configMapKeyRef: @@ -1767,6 +1847,11 @@ spec: - args: - /usr/local/bin/argocd-application-controller env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis - name: ARGOCD_CONTROLLER_REPLICAS value: "1" - name: ARGOCD_RECONCILIATION_TIMEOUT @@ -1943,6 +2028,12 @@ spec: key: controller.diff.server.side name: argocd-cmd-params-cm optional: true + - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT + valueFrom: + configMapKeyRef: + key: controller.ignore.normalizer.jq.timeout + name: argocd-cmd-params-cm + optional: true image: quay.io/argoproj/argocd:latest imagePullPolicy: Always name: argocd-application-controller @@ -2072,12 +2163,6 @@ kind: NetworkPolicy metadata: name: argocd-redis-network-policy spec: - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP ingress: - from: - podSelector: @@ -2097,7 +2182,6 @@ spec: app.kubernetes.io/name: argocd-redis policyTypes: - Ingress - - Egress --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy diff --git a/mkdocs.yml b/mkdocs.yml index a7e8f86e216cc..c9eb3061d4e2e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -222,6 +222,7 @@ nav: - Blog ⧉: https://blog.argoproj.io/ repo_url: https://github.com/argoproj/argo-cd site_name: Argo CD - Declarative GitOps CD for Kubernetes +site_url: !ENV READTHEDOCS_CANONICAL_URL strict: true theme: custom_dir: overrides diff --git a/pkg/apiclient/apiclient.go b/pkg/apiclient/apiclient.go index 9b22530c45e74..63c846ba3af43 100644 --- a/pkg/apiclient/apiclient.go +++ b/pkg/apiclient/apiclient.go @@ -56,6 +56,12 @@ import ( tls_util "github.com/argoproj/argo-cd/v2/util/tls" ) +// These mocks are not currently used, but they are part of the public API of this package. +//go:generate -command mockery go run github.com/vektra/mockery/v2@v2.40.2 +//go:generate mockery --dir=./session --name=SessionServiceServer --output=./session/mocks +//go:generate mockery --dir=./session --name=SessionServiceClient --output=./session/mocks +//go:generate mockery --dir=./cluster --name=ClusterServiceServer --output=./cluster/mocks + const ( MetaDataTokenKey = "token" // EnvArgoCDServer is the environment variable to look for an Argo CD server address diff --git a/pkg/apiclient/application/application.pb.go b/pkg/apiclient/application/application.pb.go index 716df701ae6ec..2f87272d3ed3e 100644 --- a/pkg/apiclient/application/application.pb.go +++ b/pkg/apiclient/application/application.pb.go @@ -973,6 +973,8 @@ type ApplicationSyncRequest struct { SyncOptions *SyncOptions `protobuf:"bytes,11,opt,name=syncOptions" json:"syncOptions,omitempty"` AppNamespace *string `protobuf:"bytes,12,opt,name=appNamespace" json:"appNamespace,omitempty"` Project *string `protobuf:"bytes,13,opt,name=project" json:"project,omitempty"` + SourcePositions []int64 `protobuf:"varint,14,rep,name=sourcePositions" json:"sourcePositions,omitempty"` + Revisions []string `protobuf:"bytes,15,rep,name=revisions" json:"revisions,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -1095,6 +1097,20 @@ func (m *ApplicationSyncRequest) GetProject() string { return "" } +func (m *ApplicationSyncRequest) GetSourcePositions() []int64 { + if m != nil { + return m.SourcePositions + } + return nil +} + +func (m *ApplicationSyncRequest) GetRevisions() []string { + if m != nil { + return m.Revisions + } + return nil +} + // ApplicationUpdateSpecRequest is a request to update application spec type ApplicationUpdateSpecRequest struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` @@ -2808,176 +2824,177 @@ func init() { } var fileDescriptor_df6e82b174b5eaec = []byte{ - // 2704 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x5a, 0xcd, 0x8f, 0x1b, 0x49, - 0x15, 0xa7, 0xec, 0xb1, 0xc7, 0xf3, 0x3c, 0x93, 0x8f, 0xda, 0x64, 0xe8, 0x75, 0x66, 0x83, 0xd3, - 0xf9, 0x9a, 0x4c, 0x32, 0x76, 0x62, 0x02, 0xca, 0xce, 0xee, 0x0a, 0x92, 0xc9, 0x27, 0x4c, 0xb2, + // 2711 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x5a, 0x4d, 0x8c, 0x1b, 0x49, + 0x15, 0xa6, 0xec, 0xb1, 0xc7, 0xf3, 0x3c, 0x93, 0x9f, 0xda, 0x64, 0xe8, 0x75, 0x66, 0x83, 0xd3, + 0xf9, 0x9b, 0x4c, 0x32, 0x76, 0x62, 0x02, 0xca, 0xce, 0xee, 0x0a, 0x92, 0xc9, 0x2f, 0x4c, 0xb2, 0xa1, 0x27, 0x21, 0x68, 0x39, 0x40, 0x6d, 0xbb, 0xc6, 0xd3, 0x4c, 0xbb, 0xbb, 0xd3, 0xdd, 0x76, 0x34, 0x0a, 0xb9, 0x2c, 0xca, 0x05, 0xad, 0x40, 0xc0, 0x1e, 0x10, 0x42, 0x80, 0x16, 0xad, 0x84, - 0x10, 0x88, 0x0b, 0x5a, 0x21, 0x21, 0x24, 0xb8, 0x20, 0x38, 0x20, 0xad, 0xe0, 0xc8, 0x05, 0x45, - 0x88, 0x23, 0x5c, 0xf6, 0x0f, 0x40, 0x55, 0x5d, 0xd5, 0x5d, 0xed, 0x8f, 0xb6, 0x07, 0x1b, 0x6d, - 0x6e, 0xfd, 0xca, 0xdd, 0xef, 0xfd, 0xde, 0xab, 0x5f, 0xbd, 0x57, 0xf5, 0xca, 0x70, 0x22, 0xa0, - 0x7e, 0x97, 0xfa, 0x75, 0xe2, 0x79, 0xb6, 0x65, 0x92, 0xd0, 0x72, 0x1d, 0xf5, 0xb9, 0xe6, 0xf9, - 0x6e, 0xe8, 0xe2, 0xb2, 0x32, 0x54, 0x59, 0x6a, 0xb9, 0x6e, 0xcb, 0xa6, 0x75, 0xe2, 0x59, 0x75, - 0xe2, 0x38, 0x6e, 0xc8, 0x87, 0x83, 0xe8, 0xd5, 0x8a, 0xbe, 0x73, 0x29, 0xa8, 0x59, 0x2e, 0xff, - 0xd5, 0x74, 0x7d, 0x5a, 0xef, 0x5e, 0xa8, 0xb7, 0xa8, 0x43, 0x7d, 0x12, 0xd2, 0xa6, 0x78, 0xe7, - 0x62, 0xf2, 0x4e, 0x9b, 0x98, 0xdb, 0x96, 0x43, 0xfd, 0xdd, 0xba, 0xb7, 0xd3, 0x62, 0x03, 0x41, - 0xbd, 0x4d, 0x43, 0x32, 0xe8, 0xab, 0x8d, 0x96, 0x15, 0x6e, 0x77, 0xde, 0xac, 0x99, 0x6e, 0xbb, - 0x4e, 0xfc, 0x96, 0xeb, 0xf9, 0xee, 0xd7, 0xf8, 0xc3, 0xaa, 0xd9, 0xac, 0x77, 0x1b, 0x89, 0x02, - 0xd5, 0x97, 0xee, 0x05, 0x62, 0x7b, 0xdb, 0xa4, 0x5f, 0xdb, 0xb5, 0x11, 0xda, 0x7c, 0xea, 0xb9, - 0x22, 0x36, 0xfc, 0xd1, 0x0a, 0x5d, 0x7f, 0x57, 0x79, 0x8c, 0xd4, 0xe8, 0x1f, 0x22, 0x38, 0x70, - 0x39, 0xb1, 0xf7, 0x85, 0x0e, 0xf5, 0x77, 0x31, 0x86, 0x19, 0x87, 0xb4, 0xa9, 0x86, 0xaa, 0x68, - 0x79, 0xce, 0xe0, 0xcf, 0x58, 0x83, 0x59, 0x9f, 0x6e, 0xf9, 0x34, 0xd8, 0xd6, 0x72, 0x7c, 0x58, - 0x8a, 0xb8, 0x02, 0x25, 0x66, 0x9c, 0x9a, 0x61, 0xa0, 0xe5, 0xab, 0xf9, 0xe5, 0x39, 0x23, 0x96, - 0xf1, 0x32, 0xec, 0xf7, 0x69, 0xe0, 0x76, 0x7c, 0x93, 0x7e, 0x91, 0xfa, 0x81, 0xe5, 0x3a, 0xda, - 0x0c, 0xff, 0xba, 0x77, 0x98, 0x69, 0x09, 0xa8, 0x4d, 0xcd, 0xd0, 0xf5, 0xb5, 0x02, 0x7f, 0x25, - 0x96, 0x19, 0x1e, 0x06, 0x5c, 0x2b, 0x46, 0x78, 0xd8, 0x33, 0xd6, 0x61, 0x9e, 0x78, 0xde, 0x1d, - 0xd2, 0xa6, 0x81, 0x47, 0x4c, 0xaa, 0xcd, 0xf2, 0xdf, 0x52, 0x63, 0x0c, 0xb3, 0x40, 0xa2, 0x95, - 0x38, 0x30, 0x29, 0xea, 0xeb, 0x30, 0x77, 0xc7, 0x6d, 0xd2, 0xe1, 0xee, 0xf6, 0xaa, 0xcf, 0xf5, - 0xab, 0xd7, 0x9f, 0x22, 0x38, 0x6c, 0xd0, 0xae, 0xc5, 0xf0, 0xdf, 0xa6, 0x21, 0x69, 0x92, 0x90, - 0xf4, 0x6a, 0xcc, 0xc5, 0x1a, 0x2b, 0x50, 0xf2, 0xc5, 0xcb, 0x5a, 0x8e, 0x8f, 0xc7, 0x72, 0x9f, - 0xb5, 0x7c, 0xb6, 0x33, 0x51, 0x08, 0x63, 0x67, 0xfe, 0x85, 0xe0, 0xa8, 0x32, 0x87, 0x86, 0x88, - 0xec, 0xb5, 0x2e, 0x75, 0xc2, 0x60, 0x38, 0xa0, 0x73, 0x70, 0x50, 0x4e, 0x42, 0xaf, 0x9f, 0xfd, - 0x3f, 0x30, 0x88, 0xea, 0xa0, 0x84, 0xa8, 0x8e, 0xe1, 0x2a, 0x94, 0xa5, 0x7c, 0xff, 0xd6, 0x55, - 0x01, 0x53, 0x1d, 0xea, 0x73, 0xb4, 0x90, 0xed, 0x68, 0x31, 0xed, 0xe8, 0x07, 0x08, 0x34, 0xc5, - 0xd1, 0xdb, 0xc4, 0xb1, 0xb6, 0x68, 0x10, 0x8e, 0x1b, 0x73, 0x34, 0xbd, 0x98, 0x33, 0x62, 0x47, - 0x5e, 0xdd, 0x65, 0xeb, 0x89, 0xe5, 0x0f, 0xad, 0x50, 0xcd, 0x2f, 0xe7, 0x8d, 0xde, 0x61, 0xbc, - 0x04, 0x73, 0xd2, 0x66, 0xa0, 0x15, 0x39, 0x0d, 0x93, 0x01, 0xfd, 0x18, 0xcc, 0x5d, 0xb7, 0x6c, - 0xba, 0xbe, 0xdd, 0x71, 0x76, 0xf0, 0x21, 0x28, 0x98, 0xec, 0x81, 0xfb, 0x30, 0x6f, 0x44, 0x82, - 0xfe, 0x1d, 0x04, 0xc7, 0x86, 0x79, 0xfd, 0xc0, 0x0a, 0xb7, 0xd9, 0xf7, 0xc1, 0x30, 0xf7, 0xcd, - 0x6d, 0x6a, 0xee, 0x04, 0x9d, 0xb6, 0xa4, 0x9c, 0x94, 0x27, 0xa4, 0xdc, 0xcf, 0x11, 0x2c, 0x8f, - 0xc4, 0xf4, 0xc0, 0x27, 0x9e, 0x47, 0x7d, 0x7c, 0x1d, 0x0a, 0x0f, 0xd9, 0x0f, 0x7c, 0x81, 0x95, - 0x1b, 0xb5, 0x9a, 0x9a, 0xa0, 0x47, 0x6a, 0xb9, 0xf9, 0x31, 0x23, 0xfa, 0x1c, 0xd7, 0x64, 0x78, - 0x72, 0x5c, 0xcf, 0x62, 0x4a, 0x4f, 0x1c, 0x45, 0xf6, 0x3e, 0x7f, 0xed, 0x4a, 0x11, 0x66, 0x3c, - 0xe2, 0x87, 0xfa, 0x61, 0x78, 0x21, 0xbd, 0x3c, 0x3c, 0xd7, 0x09, 0xa8, 0xfe, 0xdb, 0x34, 0x9b, - 0xd6, 0x7d, 0x4a, 0x42, 0x6a, 0xd0, 0x87, 0x1d, 0x1a, 0x84, 0x78, 0x07, 0xd4, 0x9a, 0xc1, 0xa3, - 0x5a, 0x6e, 0xdc, 0xaa, 0x25, 0x49, 0xb7, 0x26, 0x93, 0x2e, 0x7f, 0xf8, 0x8a, 0xd9, 0xac, 0x75, - 0x1b, 0x35, 0x6f, 0xa7, 0x55, 0x63, 0x29, 0x3c, 0x85, 0x4c, 0xa6, 0x70, 0xd5, 0x55, 0x43, 0xd5, - 0x8e, 0x17, 0xa1, 0xd8, 0xf1, 0x02, 0xea, 0x87, 0xdc, 0xb3, 0x92, 0x21, 0x24, 0x36, 0x7f, 0x5d, - 0x62, 0x5b, 0x4d, 0x12, 0x46, 0xf3, 0x53, 0x32, 0x62, 0x59, 0xff, 0x5d, 0x1a, 0xfd, 0x7d, 0xaf, - 0xf9, 0x51, 0xa1, 0x57, 0x51, 0xe6, 0xd2, 0x28, 0x55, 0x06, 0xe5, 0xd3, 0x0c, 0xfa, 0x75, 0x1a, - 0xff, 0x55, 0x6a, 0xd3, 0x04, 0xff, 0x20, 0x32, 0x6b, 0x30, 0x6b, 0x92, 0xc0, 0x24, 0x4d, 0x69, - 0x45, 0x8a, 0x2c, 0x91, 0x79, 0xbe, 0xeb, 0x91, 0x16, 0xd7, 0x74, 0xd7, 0xb5, 0x2d, 0x73, 0x57, - 0x98, 0xeb, 0xff, 0xa1, 0x8f, 0xf8, 0x33, 0xd9, 0xc4, 0x2f, 0xa4, 0x61, 0x1f, 0x87, 0xf2, 0xe6, - 0xae, 0x63, 0xbe, 0xee, 0x45, 0x8b, 0xfb, 0x10, 0x14, 0xac, 0x90, 0xb6, 0x03, 0x0d, 0xf1, 0x85, - 0x1d, 0x09, 0xfa, 0xfb, 0x05, 0x58, 0x54, 0x7c, 0x63, 0x1f, 0x64, 0x79, 0x96, 0x95, 0xa5, 0x16, - 0xa1, 0xd8, 0xf4, 0x77, 0x8d, 0x8e, 0x23, 0x08, 0x20, 0x24, 0x66, 0xd8, 0xf3, 0x3b, 0x4e, 0x04, - 0xbf, 0x64, 0x44, 0x02, 0xde, 0x82, 0x52, 0x10, 0xb2, 0x5d, 0x42, 0x6b, 0x97, 0x03, 0x2f, 0x37, - 0x3e, 0x37, 0xd9, 0xa4, 0x33, 0xe8, 0x9b, 0x42, 0xa3, 0x11, 0xeb, 0xc6, 0x0f, 0x59, 0x4e, 0x8b, - 0x12, 0x5d, 0xa0, 0xcd, 0x56, 0xf3, 0xcb, 0xe5, 0xc6, 0xe6, 0xe4, 0x86, 0x5e, 0xf7, 0xd8, 0x0e, - 0x47, 0xa9, 0x60, 0x46, 0x62, 0x85, 0xa5, 0xd1, 0xb6, 0xc8, 0x0f, 0x81, 0xa8, 0xe6, 0xc9, 0x00, - 0xfe, 0x12, 0x14, 0x2c, 0x67, 0xcb, 0x0d, 0xb4, 0x39, 0x0e, 0xe6, 0xca, 0x64, 0x60, 0x6e, 0x39, - 0x5b, 0xae, 0x11, 0x29, 0xc4, 0x0f, 0x61, 0xc1, 0xa7, 0xa1, 0xbf, 0x2b, 0xa3, 0xa0, 0x01, 0x8f, - 0xeb, 0xe7, 0x27, 0xb3, 0x60, 0xa8, 0x2a, 0x8d, 0xb4, 0x05, 0xbc, 0x06, 0xe5, 0x20, 0xe1, 0x98, - 0x56, 0xe6, 0x06, 0xb5, 0x94, 0x22, 0x85, 0x83, 0x86, 0xfa, 0x72, 0x1f, 0xbb, 0xe7, 0xb3, 0xd9, - 0xbd, 0x90, 0x66, 0xf7, 0x7f, 0x10, 0x2c, 0xf5, 0x25, 0x95, 0x4d, 0x8f, 0x66, 0xd2, 0x97, 0xc0, - 0x4c, 0xe0, 0x51, 0x93, 0x57, 0x98, 0x72, 0xe3, 0xf6, 0xd4, 0xb2, 0x0c, 0xb7, 0xcb, 0x55, 0x67, - 0x25, 0xc2, 0x09, 0xd7, 0xf3, 0x8f, 0x11, 0x7c, 0x5c, 0xb1, 0x79, 0x97, 0x84, 0xe6, 0x76, 0x96, - 0xb3, 0x6c, 0xdd, 0xb1, 0x77, 0x44, 0x3d, 0x8d, 0x04, 0x46, 0x4e, 0xfe, 0x70, 0x6f, 0xd7, 0x63, - 0x00, 0xd9, 0x2f, 0xc9, 0xc0, 0x84, 0x9b, 0x9e, 0x5f, 0x20, 0xa8, 0xa8, 0xb9, 0xd7, 0xb5, 0xed, - 0x37, 0x89, 0xb9, 0x93, 0x05, 0x72, 0x1f, 0xe4, 0xac, 0x26, 0x47, 0x98, 0x37, 0x72, 0x56, 0x73, - 0x8f, 0x49, 0xa4, 0x17, 0x6e, 0x31, 0x1b, 0xee, 0x6c, 0x1a, 0xee, 0x87, 0x3d, 0x70, 0xe5, 0x52, - 0xce, 0x80, 0xbb, 0x04, 0x73, 0x4e, 0xcf, 0x06, 0x34, 0x19, 0x18, 0xb0, 0xf1, 0xcc, 0xf5, 0x6d, - 0x3c, 0x35, 0x98, 0xed, 0xc6, 0xc7, 0x0b, 0xf6, 0xb3, 0x14, 0x99, 0x8b, 0x2d, 0xdf, 0xed, 0x78, - 0x22, 0xe8, 0x91, 0xc0, 0x50, 0xec, 0x58, 0x4e, 0x53, 0x2b, 0x46, 0x28, 0xd8, 0xf3, 0xde, 0x0f, - 0x14, 0x29, 0xb7, 0x7f, 0x99, 0x83, 0x4f, 0x0c, 0x70, 0x7b, 0x24, 0x9f, 0x9e, 0x0f, 0xdf, 0x63, - 0x56, 0xcf, 0x0e, 0x65, 0x75, 0x69, 0x14, 0xab, 0xe7, 0xb2, 0xe3, 0x05, 0xe9, 0x78, 0xfd, 0x2c, - 0x07, 0xd5, 0x01, 0xf1, 0x1a, 0xbd, 0x0d, 0x78, 0x6e, 0x02, 0xb6, 0xe5, 0xfa, 0x82, 0x25, 0x25, - 0x23, 0x12, 0xd8, 0x3a, 0x73, 0x7d, 0x6f, 0x9b, 0x38, 0x9c, 0x1d, 0x25, 0x43, 0x48, 0x13, 0x86, - 0xea, 0x9b, 0x39, 0xd0, 0x64, 0x7c, 0x2e, 0x9b, 0x3c, 0x5a, 0x1d, 0xe7, 0xf9, 0x0f, 0xd1, 0x22, - 0x14, 0x09, 0x47, 0x2b, 0x48, 0x25, 0xa4, 0xbe, 0x60, 0x94, 0xb2, 0x83, 0x31, 0x97, 0x0e, 0xc6, - 0x53, 0x04, 0x47, 0xd2, 0xc1, 0x08, 0x36, 0xac, 0x20, 0x94, 0x9b, 0x7a, 0xbc, 0x05, 0xb3, 0x91, - 0x9d, 0x68, 0x4b, 0x56, 0x6e, 0x6c, 0x4c, 0x5a, 0xa8, 0x53, 0x81, 0x97, 0xca, 0xf5, 0x97, 0xe1, - 0xc8, 0xc0, 0x2c, 0x27, 0x60, 0x54, 0xa0, 0x24, 0x37, 0x27, 0x62, 0x6a, 0x62, 0x59, 0x7f, 0x3a, - 0x93, 0x2e, 0x39, 0x6e, 0x73, 0xc3, 0x6d, 0x65, 0x9c, 0xd3, 0xb3, 0xa7, 0x93, 0x85, 0xca, 0x6d, - 0x2a, 0x47, 0x72, 0x29, 0xb2, 0xef, 0x4c, 0xd7, 0x09, 0x89, 0xe5, 0x50, 0x5f, 0x54, 0xc5, 0x64, - 0x80, 0x4d, 0x43, 0x60, 0x39, 0x26, 0xdd, 0xa4, 0xa6, 0xeb, 0x34, 0x03, 0x3e, 0x9f, 0x79, 0x23, - 0x35, 0x86, 0x6f, 0xc2, 0x1c, 0x97, 0xef, 0x59, 0xed, 0xa8, 0x0c, 0x94, 0x1b, 0x2b, 0xb5, 0xa8, - 0xf7, 0x55, 0x53, 0x7b, 0x5f, 0x49, 0x0c, 0xdb, 0x34, 0x24, 0xb5, 0xee, 0x85, 0x1a, 0xfb, 0xc2, - 0x48, 0x3e, 0x66, 0x58, 0x42, 0x62, 0xd9, 0x1b, 0x96, 0xc3, 0x37, 0x8c, 0xcc, 0x54, 0x32, 0xc0, - 0xa8, 0xb2, 0xe5, 0xda, 0xb6, 0xfb, 0x48, 0xae, 0x9b, 0x48, 0x62, 0x5f, 0x75, 0x9c, 0xd0, 0xb2, - 0xb9, 0xfd, 0x88, 0x08, 0xc9, 0x00, 0xff, 0xca, 0xb2, 0x43, 0xea, 0x8b, 0x05, 0x23, 0xa4, 0x98, - 0x8c, 0xe5, 0xa8, 0x9d, 0x23, 0xd7, 0x6b, 0x44, 0xdb, 0x79, 0x95, 0xb6, 0xbd, 0x4b, 0x61, 0x61, - 0x40, 0x4f, 0x83, 0x77, 0xb7, 0x68, 0xd7, 0x72, 0x3b, 0x81, 0xb6, 0x2f, 0xda, 0x7a, 0x48, 0xb9, - 0x8f, 0xca, 0xfb, 0xb3, 0xa9, 0x7c, 0x20, 0x4d, 0xe5, 0xdf, 0x23, 0x28, 0x6d, 0xb8, 0xad, 0x6b, - 0x4e, 0xe8, 0xef, 0xf2, 0xd3, 0x8d, 0xeb, 0x84, 0xd4, 0x91, 0x7c, 0x91, 0x22, 0x9b, 0x84, 0xd0, - 0x6a, 0xd3, 0xcd, 0x90, 0xb4, 0x3d, 0xb1, 0xc7, 0xda, 0xd3, 0x24, 0xc4, 0x1f, 0xb3, 0xc0, 0xd8, - 0x24, 0x08, 0xf9, 0x8a, 0x2f, 0x19, 0xfc, 0x99, 0xb9, 0x10, 0xbf, 0xb0, 0x19, 0xfa, 0x62, 0xb9, - 0xa7, 0xc6, 0x54, 0x8a, 0x15, 0x22, 0x6c, 0x42, 0xd4, 0xdb, 0xf0, 0x62, 0xbc, 0x69, 0xbf, 0x47, - 0xfd, 0xb6, 0xe5, 0x90, 0xec, 0xec, 0x3d, 0x46, 0x5b, 0x2d, 0xe3, 0xcc, 0xe8, 0xa6, 0x16, 0x1d, - 0xdb, 0x03, 0x3f, 0xb0, 0x9c, 0xa6, 0xfb, 0x28, 0x63, 0xf1, 0x4c, 0x66, 0xf0, 0xaf, 0xe9, 0xce, - 0x9a, 0x62, 0x31, 0x5e, 0xe9, 0x37, 0x61, 0x81, 0xe5, 0x84, 0x2e, 0x15, 0x3f, 0x88, 0xb4, 0xa3, - 0x0f, 0x6b, 0x72, 0x24, 0x3a, 0x8c, 0xf4, 0x87, 0x78, 0x03, 0xf6, 0x93, 0x20, 0xb0, 0x5a, 0x0e, - 0x6d, 0x4a, 0x5d, 0xb9, 0xb1, 0x75, 0xf5, 0x7e, 0x1a, 0x1d, 0x97, 0xf9, 0x1b, 0x62, 0xbe, 0xa5, - 0xa8, 0x7f, 0x03, 0xc1, 0xe1, 0x81, 0x4a, 0xe2, 0x95, 0x83, 0x94, 0x34, 0x5e, 0x81, 0x52, 0x60, - 0x6e, 0xd3, 0x66, 0xc7, 0xa6, 0xb2, 0x87, 0x24, 0x65, 0xf6, 0x5b, 0xb3, 0x13, 0xcd, 0xbe, 0x28, - 0x23, 0xb1, 0x8c, 0x8f, 0x02, 0xb4, 0x89, 0xd3, 0x21, 0x36, 0x87, 0x30, 0xc3, 0x21, 0x28, 0x23, - 0xfa, 0x12, 0x54, 0x06, 0x51, 0x47, 0xf4, 0x66, 0xfe, 0x8d, 0x60, 0x9f, 0x4c, 0xaa, 0x62, 0x76, - 0x97, 0x61, 0xbf, 0x12, 0x86, 0x3b, 0xc9, 0x44, 0xf7, 0x0e, 0x8f, 0x48, 0x98, 0x92, 0x25, 0xf9, - 0x74, 0x73, 0xbb, 0x9b, 0x6a, 0x4f, 0x8f, 0x5d, 0xef, 0xd0, 0x94, 0xf6, 0x8f, 0x5f, 0x07, 0xed, - 0x36, 0x71, 0x48, 0x8b, 0x36, 0x63, 0xb7, 0x63, 0x8a, 0x7d, 0x55, 0x6d, 0x32, 0x4c, 0x7c, 0xa4, - 0x8f, 0xb7, 0x5a, 0xd6, 0xd6, 0x96, 0x6c, 0x58, 0xf8, 0x50, 0xda, 0xb0, 0x9c, 0x1d, 0x76, 0xee, - 0x65, 0x1e, 0x87, 0x56, 0x68, 0xcb, 0xe8, 0x46, 0x02, 0x3e, 0x00, 0xf9, 0x8e, 0x6f, 0x0b, 0x06, - 0xb0, 0x47, 0x5c, 0x85, 0x72, 0x93, 0x06, 0xa6, 0x6f, 0x79, 0x62, 0xfe, 0x79, 0xb3, 0x57, 0x19, - 0x62, 0xf3, 0x60, 0x99, 0xae, 0xb3, 0x6e, 0x93, 0x20, 0x90, 0x05, 0x28, 0x1e, 0xd0, 0x5f, 0x85, - 0x05, 0x66, 0x33, 0x71, 0xf3, 0x6c, 0xda, 0xcd, 0xc3, 0x29, 0xf8, 0x12, 0x9e, 0x44, 0x4c, 0xe0, - 0x05, 0x56, 0xf7, 0x2f, 0x7b, 0x9e, 0x50, 0x32, 0xe6, 0x76, 0x28, 0x3f, 0xa8, 0x7e, 0x0e, 0xec, - 0x71, 0x36, 0xfe, 0x7e, 0x1c, 0xb0, 0xba, 0x4e, 0xa8, 0xdf, 0xb5, 0x4c, 0x8a, 0xbf, 0x8b, 0x60, - 0x86, 0x99, 0xc6, 0x2f, 0x0d, 0x5b, 0x96, 0x9c, 0xaf, 0x95, 0xe9, 0x1d, 0x84, 0x99, 0x35, 0x7d, - 0xe9, 0xad, 0xbf, 0xfd, 0xf3, 0x7b, 0xb9, 0x45, 0x7c, 0x88, 0xdf, 0x4c, 0x75, 0x2f, 0xa8, 0xb7, - 0x44, 0x01, 0x7e, 0x1b, 0x01, 0x16, 0xfb, 0x20, 0xa5, 0xf7, 0x8f, 0xcf, 0x0e, 0x83, 0x38, 0xe0, - 0x8e, 0xa0, 0xf2, 0x92, 0x52, 0x55, 0x6a, 0xa6, 0xeb, 0x53, 0x56, 0x43, 0xf8, 0x0b, 0x1c, 0xc0, - 0x0a, 0x07, 0x70, 0x02, 0xeb, 0x83, 0x00, 0xd4, 0x1f, 0xb3, 0x88, 0x3e, 0xa9, 0xd3, 0xc8, 0xee, - 0xbb, 0x08, 0x0a, 0x0f, 0xf8, 0x19, 0x62, 0x44, 0x90, 0x36, 0xa7, 0x16, 0x24, 0x6e, 0x8e, 0xa3, - 0xd5, 0x8f, 0x73, 0xa4, 0x2f, 0xe1, 0x23, 0x12, 0x69, 0x10, 0xfa, 0x94, 0xb4, 0x53, 0x80, 0xcf, - 0x23, 0xfc, 0x1e, 0x82, 0x62, 0xd4, 0xf4, 0xc5, 0x27, 0x87, 0xa1, 0x4c, 0x35, 0x85, 0x2b, 0xd3, - 0xeb, 0xa0, 0xea, 0x67, 0x38, 0xc6, 0xe3, 0xfa, 0xc0, 0xe9, 0x5c, 0x4b, 0xf5, 0x57, 0xdf, 0x41, - 0x90, 0xbf, 0x41, 0x47, 0xf2, 0x6d, 0x8a, 0xe0, 0xfa, 0x02, 0x38, 0x60, 0xaa, 0xf1, 0x4f, 0x11, - 0xbc, 0x78, 0x83, 0x86, 0x83, 0xcb, 0x23, 0x5e, 0x1e, 0x5d, 0xb3, 0x04, 0xed, 0xce, 0x8e, 0xf1, - 0x66, 0x5c, 0x17, 0xea, 0x1c, 0xd9, 0x19, 0x7c, 0x3a, 0x8b, 0x84, 0xc1, 0xae, 0x63, 0x3e, 0x12, - 0x38, 0xfe, 0x8c, 0xe0, 0x40, 0xef, 0x1d, 0x1d, 0x4e, 0x17, 0xd4, 0x81, 0x57, 0x78, 0x95, 0x3b, - 0x93, 0x66, 0xd9, 0xb4, 0x52, 0xfd, 0x32, 0x47, 0xfe, 0x0a, 0x7e, 0x39, 0x0b, 0x79, 0x7c, 0x2f, - 0x54, 0x7f, 0x2c, 0x1f, 0x9f, 0xf0, 0xfb, 0x64, 0x0e, 0xfb, 0x2f, 0x08, 0x0e, 0x49, 0xbd, 0xeb, - 0xdb, 0xc4, 0x0f, 0xaf, 0x52, 0xb6, 0x87, 0x0e, 0xc6, 0xf2, 0x67, 0xc2, 0xaa, 0xa1, 0xda, 0xd3, - 0xaf, 0x71, 0x5f, 0x3e, 0x83, 0x5f, 0xdb, 0xb3, 0x2f, 0x26, 0x53, 0xd3, 0x14, 0xb0, 0xdf, 0x42, - 0x30, 0x7f, 0x83, 0x86, 0xb7, 0xe3, 0x2e, 0xee, 0xc9, 0xb1, 0x6e, 0x86, 0x2a, 0x4b, 0x35, 0xe5, - 0x1a, 0x5b, 0xfe, 0x14, 0x53, 0x64, 0x95, 0x83, 0x3b, 0x8d, 0x4f, 0x66, 0x81, 0x4b, 0x3a, 0xc7, - 0xef, 0x22, 0x38, 0xac, 0x82, 0x48, 0x6e, 0xd4, 0x3e, 0xb5, 0xb7, 0x7b, 0x2a, 0x71, 0xdb, 0x35, - 0x02, 0x5d, 0x83, 0xa3, 0x3b, 0xa7, 0x0f, 0x26, 0x70, 0xbb, 0x0f, 0xc5, 0x1a, 0x5a, 0x59, 0x46, - 0xf8, 0x0f, 0x08, 0x8a, 0x51, 0x33, 0x76, 0x78, 0x8c, 0x52, 0x37, 0x40, 0xd3, 0xcc, 0x06, 0x62, - 0xb6, 0x2b, 0xe7, 0x07, 0x07, 0x54, 0xfd, 0x5e, 0x52, 0xb5, 0xc6, 0xa3, 0x9c, 0x4e, 0x63, 0xef, - 0x23, 0x80, 0xa4, 0xa1, 0x8c, 0xcf, 0x64, 0xfb, 0xa1, 0x34, 0x9d, 0x2b, 0xd3, 0x6d, 0x29, 0xeb, - 0x35, 0xee, 0xcf, 0x72, 0xa5, 0x9a, 0x99, 0x43, 0x3c, 0x6a, 0xae, 0x45, 0xcd, 0xe7, 0x9f, 0x20, - 0x28, 0xf0, 0x3e, 0x1e, 0x3e, 0x31, 0x0c, 0xb3, 0xda, 0xe6, 0x9b, 0x66, 0xe8, 0x4f, 0x71, 0xa8, - 0xd5, 0x46, 0x56, 0x22, 0x5e, 0x43, 0x2b, 0xb8, 0x0b, 0xc5, 0xa8, 0x73, 0x36, 0x9c, 0x1e, 0xa9, - 0xce, 0x5a, 0xa5, 0x9a, 0xb1, 0x31, 0x88, 0x88, 0x2a, 0x6a, 0xc0, 0xca, 0xa8, 0x1a, 0x30, 0xc3, - 0xd2, 0x34, 0x3e, 0x9e, 0x95, 0xc4, 0xff, 0x0f, 0x81, 0x39, 0xcb, 0xd1, 0x9d, 0xd4, 0xab, 0xa3, - 0xea, 0x00, 0x8b, 0xce, 0xf7, 0x11, 0x1c, 0xe8, 0xdd, 0x5c, 0xe3, 0x23, 0x3d, 0x39, 0x53, 0x3d, - 0x6b, 0x54, 0xd2, 0x51, 0x1c, 0xb6, 0x31, 0xd7, 0x3f, 0xcb, 0x51, 0xac, 0xe1, 0x4b, 0x23, 0x57, - 0xc6, 0x1d, 0x99, 0x75, 0x98, 0xa2, 0xd5, 0xe4, 0x56, 0xeb, 0x37, 0x08, 0xe6, 0xa5, 0xde, 0x7b, - 0x3e, 0xa5, 0xd9, 0xb0, 0xa6, 0xb7, 0x10, 0x98, 0x2d, 0xfd, 0x55, 0x0e, 0xff, 0xd3, 0xf8, 0xe2, - 0x98, 0xf0, 0x25, 0xec, 0xd5, 0x90, 0x21, 0xfd, 0x23, 0x82, 0x83, 0x0f, 0x22, 0xde, 0x7f, 0x44, - 0xf8, 0xd7, 0x39, 0xfe, 0xd7, 0xf0, 0x2b, 0x19, 0xfb, 0xbc, 0x51, 0x6e, 0x9c, 0x47, 0xf8, 0x57, - 0x08, 0x4a, 0xf2, 0x56, 0x05, 0x9f, 0x1e, 0xba, 0x30, 0xd2, 0xf7, 0x2e, 0xd3, 0x24, 0xb3, 0xd8, - 0xd4, 0xe8, 0x27, 0x32, 0xcb, 0xa9, 0xb0, 0xcf, 0x08, 0xfd, 0x0e, 0x02, 0x1c, 0x9f, 0x99, 0xe3, - 0x53, 0x34, 0x3e, 0x95, 0x32, 0x35, 0xb4, 0x31, 0x53, 0x39, 0x3d, 0xf2, 0xbd, 0x74, 0x29, 0x5d, - 0xc9, 0x2c, 0xa5, 0x6e, 0x6c, 0xff, 0x5b, 0x08, 0xca, 0x37, 0x68, 0x7c, 0x06, 0xc9, 0x88, 0x65, - 0xfa, 0x52, 0xa8, 0xb2, 0x3c, 0xfa, 0x45, 0x81, 0xe8, 0x1c, 0x47, 0x74, 0x0a, 0x67, 0x87, 0x4a, - 0x02, 0xf8, 0x21, 0x82, 0x85, 0xbb, 0x2a, 0x45, 0xf1, 0xb9, 0x51, 0x96, 0x52, 0x99, 0x7c, 0x7c, - 0x5c, 0x9f, 0xe4, 0xb8, 0x56, 0xf5, 0xb1, 0x70, 0xad, 0x89, 0xfb, 0x95, 0x1f, 0xa1, 0xe8, 0x10, - 0xdb, 0xd3, 0xcf, 0xfe, 0x5f, 0xe3, 0x96, 0xd1, 0x16, 0xd7, 0x2f, 0x72, 0x7c, 0x35, 0x7c, 0x6e, - 0x1c, 0x7c, 0x75, 0xd1, 0xe4, 0xc6, 0x3f, 0x40, 0x70, 0x90, 0xdf, 0x35, 0xa8, 0x8a, 0x7b, 0x4a, - 0xcc, 0xb0, 0x9b, 0x89, 0x31, 0x4a, 0x8c, 0xc8, 0x3f, 0xfa, 0x9e, 0x40, 0xad, 0xc9, 0x7b, 0x84, - 0x6f, 0x23, 0xd8, 0x27, 0x8b, 0x9a, 0x98, 0xdd, 0xd5, 0x51, 0x81, 0xdb, 0x6b, 0x11, 0x14, 0x74, - 0x5b, 0x19, 0x8f, 0x6e, 0xef, 0x21, 0x98, 0x15, 0xdd, 0xfc, 0x8c, 0xad, 0x82, 0xd2, 0xee, 0xaf, - 0xf4, 0xf4, 0x38, 0x44, 0x33, 0x58, 0xff, 0x32, 0x37, 0x7b, 0x1f, 0xd7, 0xb3, 0xcc, 0x7a, 0x6e, - 0x33, 0xa8, 0x3f, 0x16, 0x9d, 0xd8, 0x27, 0x75, 0xdb, 0x6d, 0x05, 0x6f, 0xe8, 0x38, 0xb3, 0x20, - 0xb2, 0x77, 0xce, 0x23, 0x1c, 0xc2, 0x1c, 0x23, 0x07, 0x6f, 0x9c, 0xe0, 0x6a, 0x4f, 0x9b, 0xa5, - 0xaf, 0xa7, 0x52, 0xa9, 0xf4, 0x35, 0x62, 0x92, 0x0a, 0x28, 0x8e, 0xb1, 0xf8, 0x58, 0xa6, 0x59, - 0x6e, 0xe8, 0x6d, 0x04, 0x07, 0x55, 0xb6, 0x47, 0xe6, 0xc7, 0xe6, 0x7a, 0x16, 0x0a, 0xb1, 0xa9, - 0xc6, 0x2b, 0x63, 0x11, 0x89, 0xc3, 0xb9, 0x72, 0xfd, 0x4f, 0xcf, 0x8e, 0xa2, 0x0f, 0x9e, 0x1d, - 0x45, 0xff, 0x78, 0x76, 0x14, 0xbd, 0x71, 0x69, 0xbc, 0xff, 0xe6, 0x9a, 0xb6, 0x45, 0x9d, 0x50, - 0x55, 0xff, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf0, 0x7f, 0x21, 0xe8, 0x81, 0x2c, 0x00, 0x00, + 0x10, 0x88, 0x0b, 0x42, 0x48, 0x08, 0x09, 0x2e, 0x08, 0x0e, 0x48, 0x2b, 0x38, 0x72, 0x41, 0x11, + 0xe2, 0x08, 0x97, 0x3d, 0x23, 0x54, 0xd5, 0x55, 0xdd, 0xd5, 0xfe, 0x69, 0x7b, 0xb0, 0xd1, 0xe6, + 0xd6, 0xaf, 0x5c, 0xf5, 0xde, 0xf7, 0x5e, 0xbd, 0x7a, 0xef, 0xd5, 0x2b, 0xc3, 0x89, 0x80, 0xfa, + 0x5d, 0xea, 0xd7, 0x89, 0xe7, 0xd9, 0x96, 0x49, 0x42, 0xcb, 0x75, 0xd4, 0xef, 0x9a, 0xe7, 0xbb, + 0xa1, 0x8b, 0xcb, 0xca, 0x50, 0x65, 0xa9, 0xe5, 0xba, 0x2d, 0x9b, 0xd6, 0x89, 0x67, 0xd5, 0x89, + 0xe3, 0xb8, 0x21, 0x1f, 0x0e, 0xa2, 0xa9, 0x15, 0x7d, 0xe7, 0x52, 0x50, 0xb3, 0x5c, 0xfe, 0xab, + 0xe9, 0xfa, 0xb4, 0xde, 0xbd, 0x50, 0x6f, 0x51, 0x87, 0xfa, 0x24, 0xa4, 0x4d, 0x31, 0xe7, 0x62, + 0x32, 0xa7, 0x4d, 0xcc, 0x6d, 0xcb, 0xa1, 0xfe, 0x6e, 0xdd, 0xdb, 0x69, 0xb1, 0x81, 0xa0, 0xde, + 0xa6, 0x21, 0x19, 0xb4, 0x6a, 0xa3, 0x65, 0x85, 0xdb, 0x9d, 0x37, 0x6b, 0xa6, 0xdb, 0xae, 0x13, + 0xbf, 0xe5, 0x7a, 0xbe, 0xfb, 0x15, 0xfe, 0xb1, 0x6a, 0x36, 0xeb, 0xdd, 0x46, 0xc2, 0x40, 0xd5, + 0xa5, 0x7b, 0x81, 0xd8, 0xde, 0x36, 0xe9, 0xe7, 0x76, 0x6d, 0x04, 0x37, 0x9f, 0x7a, 0xae, 0xb0, + 0x0d, 0xff, 0xb4, 0x42, 0xd7, 0xdf, 0x55, 0x3e, 0x23, 0x36, 0xfa, 0x07, 0x08, 0x0e, 0x5c, 0x4e, + 0xe4, 0x7d, 0xae, 0x43, 0xfd, 0x5d, 0x8c, 0x61, 0xc6, 0x21, 0x6d, 0xaa, 0xa1, 0x2a, 0x5a, 0x9e, + 0x33, 0xf8, 0x37, 0xd6, 0x60, 0xd6, 0xa7, 0x5b, 0x3e, 0x0d, 0xb6, 0xb5, 0x1c, 0x1f, 0x96, 0x24, + 0xae, 0x40, 0x89, 0x09, 0xa7, 0x66, 0x18, 0x68, 0xf9, 0x6a, 0x7e, 0x79, 0xce, 0x88, 0x69, 0xbc, + 0x0c, 0xfb, 0x7d, 0x1a, 0xb8, 0x1d, 0xdf, 0xa4, 0x9f, 0xa7, 0x7e, 0x60, 0xb9, 0x8e, 0x36, 0xc3, + 0x57, 0xf7, 0x0e, 0x33, 0x2e, 0x01, 0xb5, 0xa9, 0x19, 0xba, 0xbe, 0x56, 0xe0, 0x53, 0x62, 0x9a, + 0xe1, 0x61, 0xc0, 0xb5, 0x62, 0x84, 0x87, 0x7d, 0x63, 0x1d, 0xe6, 0x89, 0xe7, 0xdd, 0x21, 0x6d, + 0x1a, 0x78, 0xc4, 0xa4, 0xda, 0x2c, 0xff, 0x2d, 0x35, 0xc6, 0x30, 0x0b, 0x24, 0x5a, 0x89, 0x03, + 0x93, 0xa4, 0xbe, 0x0e, 0x73, 0x77, 0xdc, 0x26, 0x1d, 0xae, 0x6e, 0x2f, 0xfb, 0x5c, 0x3f, 0x7b, + 0xfd, 0x29, 0x82, 0xc3, 0x06, 0xed, 0x5a, 0x0c, 0xff, 0x6d, 0x1a, 0x92, 0x26, 0x09, 0x49, 0x2f, + 0xc7, 0x5c, 0xcc, 0xb1, 0x02, 0x25, 0x5f, 0x4c, 0xd6, 0x72, 0x7c, 0x3c, 0xa6, 0xfb, 0xa4, 0xe5, + 0xb3, 0x95, 0x89, 0x4c, 0x18, 0x2b, 0xf3, 0x4f, 0x04, 0x47, 0x95, 0x3d, 0x34, 0x84, 0x65, 0xaf, + 0x75, 0xa9, 0x13, 0x06, 0xc3, 0x01, 0x9d, 0x83, 0x83, 0x72, 0x13, 0x7a, 0xf5, 0xec, 0xff, 0x81, + 0x41, 0x54, 0x07, 0x25, 0x44, 0x75, 0x0c, 0x57, 0xa1, 0x2c, 0xe9, 0xfb, 0xb7, 0xae, 0x0a, 0x98, + 0xea, 0x50, 0x9f, 0xa2, 0x85, 0x6c, 0x45, 0x8b, 0x69, 0x45, 0xdf, 0x47, 0xa0, 0x29, 0x8a, 0xde, + 0x26, 0x8e, 0xb5, 0x45, 0x83, 0x70, 0x5c, 0x9b, 0xa3, 0xe9, 0xd9, 0x9c, 0x39, 0x76, 0xa4, 0xd5, + 0x5d, 0x76, 0x9e, 0x58, 0xfc, 0xd0, 0x0a, 0xd5, 0xfc, 0x72, 0xde, 0xe8, 0x1d, 0xc6, 0x4b, 0x30, + 0x27, 0x65, 0x06, 0x5a, 0x91, 0xbb, 0x61, 0x32, 0xa0, 0x1f, 0x83, 0xb9, 0xeb, 0x96, 0x4d, 0xd7, + 0xb7, 0x3b, 0xce, 0x0e, 0x3e, 0x04, 0x05, 0x93, 0x7d, 0x70, 0x1d, 0xe6, 0x8d, 0x88, 0xd0, 0xbf, + 0x85, 0xe0, 0xd8, 0x30, 0xad, 0x1f, 0x58, 0xe1, 0x36, 0x5b, 0x1f, 0x0c, 0x53, 0xdf, 0xdc, 0xa6, + 0xe6, 0x4e, 0xd0, 0x69, 0x4b, 0x97, 0x93, 0xf4, 0x84, 0x2e, 0xf7, 0x53, 0x04, 0xcb, 0x23, 0x31, + 0x3d, 0xf0, 0x89, 0xe7, 0x51, 0x1f, 0x5f, 0x87, 0xc2, 0x43, 0xf6, 0x03, 0x3f, 0x60, 0xe5, 0x46, + 0xad, 0xa6, 0x06, 0xe8, 0x91, 0x5c, 0x6e, 0x7e, 0xc4, 0x88, 0x96, 0xe3, 0x9a, 0x34, 0x4f, 0x8e, + 0xf3, 0x59, 0x4c, 0xf1, 0x89, 0xad, 0xc8, 0xe6, 0xf3, 0x69, 0x57, 0x8a, 0x30, 0xe3, 0x11, 0x3f, + 0xd4, 0x0f, 0xc3, 0x0b, 0xe9, 0xe3, 0xe1, 0xb9, 0x4e, 0x40, 0xf5, 0xdf, 0xa4, 0xbd, 0x69, 0xdd, + 0xa7, 0x24, 0xa4, 0x06, 0x7d, 0xd8, 0xa1, 0x41, 0x88, 0x77, 0x40, 0xcd, 0x19, 0xdc, 0xaa, 0xe5, + 0xc6, 0xad, 0x5a, 0x12, 0x74, 0x6b, 0x32, 0xe8, 0xf2, 0x8f, 0x2f, 0x99, 0xcd, 0x5a, 0xb7, 0x51, + 0xf3, 0x76, 0x5a, 0x35, 0x16, 0xc2, 0x53, 0xc8, 0x64, 0x08, 0x57, 0x55, 0x35, 0x54, 0xee, 0x78, + 0x11, 0x8a, 0x1d, 0x2f, 0xa0, 0x7e, 0xc8, 0x35, 0x2b, 0x19, 0x82, 0x62, 0xfb, 0xd7, 0x25, 0xb6, + 0xd5, 0x24, 0x61, 0xb4, 0x3f, 0x25, 0x23, 0xa6, 0xf5, 0xdf, 0xa6, 0xd1, 0xdf, 0xf7, 0x9a, 0x1f, + 0x16, 0x7a, 0x15, 0x65, 0x2e, 0x8d, 0x52, 0xf5, 0xa0, 0x7c, 0xda, 0x83, 0x7e, 0x99, 0xc6, 0x7f, + 0x95, 0xda, 0x34, 0xc1, 0x3f, 0xc8, 0x99, 0x35, 0x98, 0x35, 0x49, 0x60, 0x92, 0xa6, 0x94, 0x22, + 0x49, 0x16, 0xc8, 0x3c, 0xdf, 0xf5, 0x48, 0x8b, 0x73, 0xba, 0xeb, 0xda, 0x96, 0xb9, 0x2b, 0xc4, + 0xf5, 0xff, 0xd0, 0xe7, 0xf8, 0x33, 0xd9, 0x8e, 0x5f, 0x48, 0xc3, 0x3e, 0x0e, 0xe5, 0xcd, 0x5d, + 0xc7, 0x7c, 0xdd, 0x8b, 0x0e, 0xf7, 0x21, 0x28, 0x58, 0x21, 0x6d, 0x07, 0x1a, 0xe2, 0x07, 0x3b, + 0x22, 0xf4, 0xff, 0x14, 0x60, 0x51, 0xd1, 0x8d, 0x2d, 0xc8, 0xd2, 0x2c, 0x2b, 0x4a, 0x2d, 0x42, + 0xb1, 0xe9, 0xef, 0x1a, 0x1d, 0x47, 0x38, 0x80, 0xa0, 0x98, 0x60, 0xcf, 0xef, 0x38, 0x11, 0xfc, + 0x92, 0x11, 0x11, 0x78, 0x0b, 0x4a, 0x41, 0xc8, 0xaa, 0x84, 0xd6, 0x2e, 0x07, 0x5e, 0x6e, 0x7c, + 0x66, 0xb2, 0x4d, 0x67, 0xd0, 0x37, 0x05, 0x47, 0x23, 0xe6, 0x8d, 0x1f, 0xb2, 0x98, 0x16, 0x05, + 0xba, 0x40, 0x9b, 0xad, 0xe6, 0x97, 0xcb, 0x8d, 0xcd, 0xc9, 0x05, 0xbd, 0xee, 0xb1, 0x0a, 0x47, + 0xc9, 0x60, 0x46, 0x22, 0x85, 0x85, 0xd1, 0xb6, 0x88, 0x0f, 0x81, 0xc8, 0xe6, 0xc9, 0x00, 0xfe, + 0x02, 0x14, 0x2c, 0x67, 0xcb, 0x0d, 0xb4, 0x39, 0x0e, 0xe6, 0xca, 0x64, 0x60, 0x6e, 0x39, 0x5b, + 0xae, 0x11, 0x31, 0xc4, 0x0f, 0x61, 0xc1, 0xa7, 0xa1, 0xbf, 0x2b, 0xad, 0xa0, 0x01, 0xb7, 0xeb, + 0x67, 0x27, 0x93, 0x60, 0xa8, 0x2c, 0x8d, 0xb4, 0x04, 0xbc, 0x06, 0xe5, 0x20, 0xf1, 0x31, 0xad, + 0xcc, 0x05, 0x6a, 0x29, 0x46, 0x8a, 0x0f, 0x1a, 0xea, 0xe4, 0x3e, 0xef, 0x9e, 0xcf, 0xf6, 0xee, + 0x85, 0x91, 0x59, 0x6d, 0xdf, 0x18, 0x59, 0x6d, 0x7f, 0x6f, 0x56, 0xfb, 0x37, 0x82, 0xa5, 0xbe, + 0xe0, 0xb4, 0xe9, 0xd1, 0xcc, 0x63, 0x40, 0x60, 0x26, 0xf0, 0xa8, 0xc9, 0x33, 0x55, 0xb9, 0x71, + 0x7b, 0x6a, 0xd1, 0x8a, 0xcb, 0xe5, 0xac, 0xb3, 0x02, 0xea, 0x84, 0x71, 0xe1, 0x87, 0x08, 0x3e, + 0xaa, 0xc8, 0xbc, 0x4b, 0x42, 0x73, 0x3b, 0x4b, 0x59, 0x76, 0x7e, 0xd9, 0x1c, 0x91, 0x97, 0x23, + 0x82, 0x59, 0x95, 0x7f, 0xdc, 0xdb, 0xf5, 0x18, 0x40, 0xf6, 0x4b, 0x32, 0x30, 0x61, 0xf1, 0xf4, + 0x33, 0x04, 0x15, 0x35, 0x86, 0xbb, 0xb6, 0xfd, 0x26, 0x31, 0x77, 0xb2, 0x40, 0xee, 0x83, 0x9c, + 0xd5, 0xe4, 0x08, 0xf3, 0x46, 0xce, 0x6a, 0xee, 0x31, 0x18, 0xf5, 0xc2, 0x2d, 0x66, 0xc3, 0x9d, + 0x4d, 0xc3, 0xfd, 0xa0, 0x07, 0xae, 0x0c, 0x09, 0x19, 0x70, 0x97, 0x60, 0xce, 0xe9, 0x29, 0x64, + 0x93, 0x81, 0x01, 0x05, 0x6c, 0xae, 0xaf, 0x80, 0xd5, 0x60, 0xb6, 0x1b, 0x5f, 0x53, 0xd8, 0xcf, + 0x92, 0x64, 0x2a, 0xb6, 0x7c, 0xb7, 0xe3, 0x09, 0xa3, 0x47, 0x04, 0x43, 0xb1, 0x63, 0x39, 0x4d, + 0xad, 0x18, 0xa1, 0x60, 0xdf, 0x7b, 0xbf, 0x98, 0xa4, 0xd4, 0xfe, 0x79, 0x0e, 0x3e, 0x36, 0x40, + 0xed, 0x91, 0xfe, 0xf4, 0x7c, 0xe8, 0x1e, 0x7b, 0xf5, 0xec, 0x50, 0xaf, 0x2e, 0x8d, 0xf2, 0xea, + 0xb9, 0x6c, 0x7b, 0x41, 0xda, 0x5e, 0x3f, 0xc9, 0x41, 0x75, 0x80, 0xbd, 0x46, 0x97, 0x13, 0xcf, + 0x8d, 0xc1, 0xb6, 0x5c, 0x5f, 0x78, 0x49, 0xc9, 0x88, 0x08, 0x76, 0xce, 0x5c, 0xdf, 0xdb, 0x26, + 0x0e, 0xf7, 0x8e, 0x92, 0x21, 0xa8, 0x09, 0x4d, 0xf5, 0xf5, 0x1c, 0x68, 0xd2, 0x3e, 0x97, 0x4d, + 0x6e, 0xad, 0x8e, 0xf3, 0xfc, 0x9b, 0x68, 0x11, 0x8a, 0x84, 0xa3, 0x15, 0x4e, 0x25, 0xa8, 0x3e, + 0x63, 0x94, 0xb2, 0x8d, 0x31, 0x97, 0x36, 0xc6, 0x53, 0x04, 0x47, 0xd2, 0xc6, 0x08, 0x36, 0xac, + 0x20, 0x94, 0x97, 0x03, 0xbc, 0x05, 0xb3, 0x91, 0x9c, 0xa8, 0xb4, 0x2b, 0x37, 0x36, 0x26, 0x4d, + 0xf8, 0x29, 0xc3, 0x4b, 0xe6, 0xfa, 0xcb, 0x70, 0x64, 0x60, 0x94, 0x13, 0x30, 0x2a, 0x50, 0x92, + 0x45, 0x8e, 0xd8, 0x9a, 0x98, 0xd6, 0x9f, 0xce, 0xa4, 0x53, 0x8e, 0xdb, 0xdc, 0x70, 0x5b, 0x19, + 0xf7, 0xfd, 0xec, 0xed, 0x64, 0xa6, 0x72, 0x9b, 0xca, 0xd5, 0x5e, 0x92, 0x6c, 0x9d, 0xe9, 0x3a, + 0x21, 0xb1, 0x1c, 0xea, 0x8b, 0xac, 0x98, 0x0c, 0xb0, 0x6d, 0x08, 0x2c, 0xc7, 0xa4, 0x9b, 0xd4, + 0x74, 0x9d, 0x66, 0xc0, 0xf7, 0x33, 0x6f, 0xa4, 0xc6, 0xf0, 0x4d, 0x98, 0xe3, 0xf4, 0x3d, 0xab, + 0x1d, 0xa5, 0x81, 0x72, 0x63, 0xa5, 0x16, 0xf5, 0xd0, 0x6a, 0x6a, 0x0f, 0x2d, 0xb1, 0x61, 0x9b, + 0x86, 0xa4, 0xd6, 0xbd, 0x50, 0x63, 0x2b, 0x8c, 0x64, 0x31, 0xc3, 0x12, 0x12, 0xcb, 0xde, 0xb0, + 0x1c, 0x5e, 0x78, 0x32, 0x51, 0xc9, 0x00, 0x73, 0x95, 0x2d, 0xd7, 0xb6, 0xdd, 0x47, 0xf2, 0xdc, + 0x44, 0x14, 0x5b, 0xd5, 0x71, 0x42, 0xcb, 0xe6, 0xf2, 0x23, 0x47, 0x48, 0x06, 0xf8, 0x2a, 0xcb, + 0x0e, 0xa9, 0x2f, 0x0e, 0x8c, 0xa0, 0x62, 0x67, 0x2c, 0x47, 0x6d, 0x21, 0x79, 0x5e, 0x23, 0xb7, + 0x9d, 0x57, 0xdd, 0xb6, 0xf7, 0x28, 0x2c, 0x0c, 0xe8, 0x8d, 0xf0, 0x2e, 0x19, 0xed, 0x5a, 0x6e, + 0x87, 0xd5, 0x54, 0xbc, 0xf4, 0x90, 0x74, 0x9f, 0x2b, 0xef, 0xcf, 0x76, 0xe5, 0x03, 0x69, 0x57, + 0xfe, 0x1d, 0x82, 0xd2, 0x86, 0xdb, 0xba, 0xe6, 0x84, 0xfe, 0x2e, 0xbf, 0x25, 0xb9, 0x4e, 0x48, + 0x1d, 0xe9, 0x2f, 0x92, 0x64, 0x9b, 0x10, 0x5a, 0x6d, 0xba, 0x19, 0x92, 0xb6, 0x27, 0x6a, 0xac, + 0x3d, 0x6d, 0x42, 0xbc, 0x98, 0x19, 0xc6, 0x26, 0x41, 0xc8, 0x4f, 0x7c, 0xc9, 0xe0, 0xdf, 0x4c, + 0x85, 0x78, 0xc2, 0x66, 0xe8, 0x8b, 0xe3, 0x9e, 0x1a, 0x53, 0x5d, 0xac, 0x10, 0x61, 0x13, 0xa4, + 0xde, 0x86, 0x17, 0xe3, 0xe2, 0xff, 0x1e, 0xf5, 0xdb, 0x96, 0x43, 0xb2, 0xa3, 0xf7, 0x18, 0xed, + 0xb9, 0x8c, 0xbb, 0xa7, 0x9b, 0x3a, 0x74, 0xac, 0x96, 0x7e, 0x60, 0x39, 0x4d, 0xf7, 0x51, 0xc6, + 0xe1, 0x99, 0x4c, 0xe0, 0x5f, 0xd2, 0x1d, 0x3a, 0x45, 0x62, 0x7c, 0xd2, 0x6f, 0xc2, 0x02, 0x8b, + 0x09, 0x5d, 0x2a, 0x7e, 0x10, 0x61, 0x47, 0x1f, 0xd6, 0x2c, 0x49, 0x78, 0x18, 0xe9, 0x85, 0x78, + 0x03, 0xf6, 0x93, 0x20, 0xb0, 0x5a, 0x0e, 0x6d, 0x4a, 0x5e, 0xb9, 0xb1, 0x79, 0xf5, 0x2e, 0x8d, + 0xae, 0xdd, 0x7c, 0x86, 0xd8, 0x6f, 0x49, 0xea, 0x5f, 0x43, 0x70, 0x78, 0x20, 0x93, 0xf8, 0xe4, + 0x20, 0x25, 0x8c, 0x57, 0xa0, 0x14, 0x98, 0xdb, 0xb4, 0xd9, 0xb1, 0xa9, 0xec, 0x45, 0x49, 0x9a, + 0xfd, 0xd6, 0xec, 0x44, 0xbb, 0x2f, 0xd2, 0x48, 0x4c, 0xe3, 0xa3, 0x00, 0x6d, 0xe2, 0x74, 0x88, + 0xcd, 0x21, 0xcc, 0x70, 0x08, 0xca, 0x88, 0xbe, 0x04, 0x95, 0x41, 0xae, 0x23, 0x7a, 0x3c, 0xff, + 0x42, 0xb0, 0x4f, 0x06, 0x55, 0xb1, 0xbb, 0xcb, 0xb0, 0x5f, 0x31, 0xc3, 0x9d, 0x64, 0xa3, 0x7b, + 0x87, 0x47, 0x04, 0x4c, 0xe9, 0x25, 0xf9, 0x74, 0x93, 0xbc, 0x9b, 0x6a, 0x73, 0x8f, 0x9d, 0xef, + 0xd0, 0x94, 0xea, 0xc7, 0xaf, 0x82, 0x76, 0x9b, 0x38, 0xa4, 0x45, 0x9b, 0xb1, 0xda, 0xb1, 0x8b, + 0x7d, 0x59, 0x6d, 0x56, 0x4c, 0xdc, 0x1a, 0x88, 0x4b, 0x2d, 0x6b, 0x6b, 0x4b, 0x36, 0x3e, 0x7c, + 0x28, 0x6d, 0x58, 0xce, 0x0e, 0xbb, 0x3f, 0x33, 0x8d, 0x43, 0x2b, 0xb4, 0xa5, 0x75, 0x23, 0x02, + 0x1f, 0x80, 0x7c, 0xc7, 0xb7, 0x85, 0x07, 0xb0, 0x4f, 0x5c, 0x85, 0x72, 0x93, 0x06, 0xa6, 0x6f, + 0x79, 0x62, 0xff, 0x79, 0xd3, 0x58, 0x19, 0x62, 0xfb, 0x60, 0x99, 0xae, 0xb3, 0x6e, 0x93, 0x20, + 0x90, 0x09, 0x28, 0x1e, 0xd0, 0x5f, 0x85, 0x05, 0x26, 0x33, 0x51, 0xf3, 0x6c, 0x5a, 0xcd, 0xc3, + 0x29, 0xf8, 0x12, 0x9e, 0x44, 0x4c, 0xe0, 0x05, 0x96, 0xf7, 0x2f, 0x7b, 0x9e, 0x60, 0x32, 0x66, + 0x39, 0x94, 0x1f, 0x94, 0x3f, 0x07, 0xf6, 0x4a, 0x1b, 0x7f, 0x3b, 0x0e, 0x58, 0x3d, 0x27, 0xd4, + 0xef, 0x5a, 0x26, 0xc5, 0xdf, 0x46, 0x30, 0xc3, 0x44, 0xe3, 0x97, 0x86, 0x1d, 0x4b, 0xee, 0xaf, + 0x95, 0xe9, 0x5d, 0x84, 0x99, 0x34, 0x7d, 0xe9, 0xad, 0xbf, 0xfe, 0xe3, 0x3b, 0xb9, 0x45, 0x7c, + 0x88, 0xbf, 0x70, 0x75, 0x2f, 0xa8, 0xaf, 0x4d, 0x01, 0x7e, 0x1b, 0x01, 0x16, 0x75, 0x90, 0xf2, + 0x86, 0x80, 0xcf, 0x0e, 0x83, 0x38, 0xe0, 0xad, 0xa1, 0xf2, 0x92, 0x92, 0x55, 0x6a, 0xa6, 0xeb, + 0x53, 0x96, 0x43, 0xf8, 0x04, 0x0e, 0x60, 0x85, 0x03, 0x38, 0x81, 0xf5, 0x41, 0x00, 0xea, 0x8f, + 0x99, 0x45, 0x9f, 0xd4, 0x69, 0x24, 0xf7, 0x5d, 0x04, 0x85, 0x07, 0xfc, 0x0e, 0x31, 0xc2, 0x48, + 0x9b, 0x53, 0x33, 0x12, 0x17, 0xc7, 0xd1, 0xea, 0xc7, 0x39, 0xd2, 0x97, 0xf0, 0x11, 0x89, 0x34, + 0x08, 0x7d, 0x4a, 0xda, 0x29, 0xc0, 0xe7, 0x11, 0x7e, 0x0f, 0x41, 0x31, 0x6a, 0x1e, 0xe3, 0x93, + 0xc3, 0x50, 0xa6, 0x9a, 0xcb, 0x95, 0xe9, 0x75, 0x62, 0xf5, 0x33, 0x1c, 0xe3, 0x71, 0x7d, 0xe0, + 0x76, 0xae, 0xa5, 0xfa, 0xb4, 0xef, 0x20, 0xc8, 0xdf, 0xa0, 0x23, 0xfd, 0x6d, 0x8a, 0xe0, 0xfa, + 0x0c, 0x38, 0x60, 0xab, 0xf1, 0x8f, 0x11, 0xbc, 0x78, 0x83, 0x86, 0x83, 0xd3, 0x23, 0x5e, 0x1e, + 0x9d, 0xb3, 0x84, 0xdb, 0x9d, 0x1d, 0x63, 0x66, 0x9c, 0x17, 0xea, 0x1c, 0xd9, 0x19, 0x7c, 0x3a, + 0xcb, 0x09, 0x83, 0x5d, 0xc7, 0x7c, 0x24, 0x70, 0xfc, 0x09, 0xc1, 0x81, 0xde, 0xb7, 0x3e, 0x9c, + 0x4e, 0xa8, 0x03, 0x9f, 0x02, 0x2b, 0x77, 0x26, 0x8d, 0xb2, 0x69, 0xa6, 0xfa, 0x65, 0x8e, 0xfc, + 0x15, 0xfc, 0x72, 0x16, 0xf2, 0xb8, 0x13, 0x57, 0x7f, 0x2c, 0x3f, 0x9f, 0xf0, 0x77, 0x69, 0x0e, + 0xfb, 0xcf, 0x08, 0x0e, 0x49, 0xbe, 0xeb, 0xdb, 0xc4, 0x0f, 0xaf, 0x52, 0x56, 0x43, 0x07, 0x63, + 0xe9, 0x33, 0x61, 0xd6, 0x50, 0xe5, 0xe9, 0xd7, 0xb8, 0x2e, 0x9f, 0xc2, 0xaf, 0xed, 0x59, 0x17, + 0x93, 0xb1, 0x69, 0x0a, 0xd8, 0x6f, 0x21, 0x98, 0xbf, 0x41, 0xc3, 0xdb, 0x71, 0x37, 0xf8, 0xe4, + 0x58, 0x2f, 0x4c, 0x95, 0xa5, 0x9a, 0xf2, 0x1c, 0x2e, 0x7f, 0x8a, 0x5d, 0x64, 0x95, 0x83, 0x3b, + 0x8d, 0x4f, 0x66, 0x81, 0x4b, 0x3a, 0xd0, 0xef, 0x22, 0x38, 0xac, 0x82, 0x48, 0x5e, 0xe6, 0x3e, + 0xb1, 0xb7, 0xf7, 0x2e, 0xf1, 0x6a, 0x36, 0x02, 0x5d, 0x83, 0xa3, 0x3b, 0xa7, 0x0f, 0x76, 0xe0, + 0x76, 0x1f, 0x8a, 0x35, 0xb4, 0xb2, 0x8c, 0xf0, 0xef, 0x11, 0x14, 0xa3, 0x66, 0xec, 0x70, 0x1b, + 0xa5, 0x5e, 0x92, 0xa6, 0x19, 0x0d, 0xc4, 0x6e, 0x57, 0xce, 0x0f, 0x36, 0xa8, 0xba, 0x5e, 0xba, + 0x6a, 0x8d, 0x5b, 0x39, 0x1d, 0xc6, 0x7e, 0x85, 0x00, 0x92, 0x86, 0x32, 0x3e, 0x93, 0xad, 0x87, + 0xd2, 0x74, 0xae, 0x4c, 0xb7, 0xa5, 0xac, 0xd7, 0xb8, 0x3e, 0xcb, 0x95, 0x6a, 0x66, 0x0c, 0xf1, + 0xa8, 0xb9, 0x16, 0x35, 0x9f, 0x7f, 0x84, 0xa0, 0xc0, 0xfb, 0x78, 0xf8, 0xc4, 0x30, 0xcc, 0x6a, + 0x9b, 0x6f, 0x9a, 0xa6, 0x3f, 0xc5, 0xa1, 0x56, 0x1b, 0x59, 0x81, 0x78, 0x0d, 0xad, 0xe0, 0x2e, + 0x14, 0xa3, 0xce, 0xd9, 0x70, 0xf7, 0x48, 0x75, 0xd6, 0x2a, 0xd5, 0x8c, 0xc2, 0x20, 0x72, 0x54, + 0x91, 0x03, 0x56, 0x46, 0xe5, 0x80, 0x19, 0x16, 0xa6, 0xf1, 0xf1, 0xac, 0x20, 0xfe, 0x7f, 0x30, + 0xcc, 0x59, 0x8e, 0xee, 0xa4, 0x5e, 0x1d, 0x95, 0x07, 0x98, 0x75, 0xbe, 0x8b, 0xe0, 0x40, 0x6f, + 0x71, 0x8d, 0x8f, 0xf4, 0xc4, 0x4c, 0xf5, 0xae, 0x51, 0x49, 0x5b, 0x71, 0x58, 0x61, 0xae, 0x7f, + 0x9a, 0xa3, 0x58, 0xc3, 0x97, 0x46, 0x9e, 0x8c, 0x3b, 0x32, 0xea, 0x30, 0x46, 0xab, 0xc9, 0xeb, + 0xd8, 0xaf, 0x11, 0xcc, 0x4b, 0xbe, 0xf7, 0x7c, 0x4a, 0xb3, 0x61, 0x4d, 0xef, 0x20, 0x30, 0x59, + 0xfa, 0xab, 0x1c, 0xfe, 0x27, 0xf1, 0xc5, 0x31, 0xe1, 0x4b, 0xd8, 0xab, 0x21, 0x43, 0xfa, 0x07, + 0x04, 0x07, 0x1f, 0x44, 0x7e, 0xff, 0x21, 0xe1, 0x5f, 0xe7, 0xf8, 0x5f, 0xc3, 0xaf, 0x64, 0xd4, + 0x79, 0xa3, 0xd4, 0x38, 0x8f, 0xf0, 0x2f, 0x10, 0x94, 0xe4, 0xab, 0x0a, 0x3e, 0x3d, 0xf4, 0x60, + 0xa4, 0xdf, 0x5d, 0xa6, 0xe9, 0xcc, 0xa2, 0xa8, 0xd1, 0x4f, 0x64, 0xa6, 0x53, 0x21, 0x9f, 0x39, + 0xf4, 0x3b, 0x08, 0x70, 0x7c, 0x67, 0x8e, 0x6f, 0xd1, 0xf8, 0x54, 0x4a, 0xd4, 0xd0, 0xc6, 0x4c, + 0xe5, 0xf4, 0xc8, 0x79, 0xe9, 0x54, 0xba, 0x92, 0x99, 0x4a, 0xdd, 0x58, 0xfe, 0x37, 0x10, 0x94, + 0x6f, 0xd0, 0xf8, 0x0e, 0x92, 0x61, 0xcb, 0xf4, 0xa3, 0x50, 0x65, 0x79, 0xf4, 0x44, 0x81, 0xe8, + 0x1c, 0x47, 0x74, 0x0a, 0x67, 0x9b, 0x4a, 0x02, 0xf8, 0x3e, 0x82, 0x85, 0xbb, 0xaa, 0x8b, 0xe2, + 0x73, 0xa3, 0x24, 0xa5, 0x22, 0xf9, 0xf8, 0xb8, 0x3e, 0xce, 0x71, 0xad, 0xea, 0x63, 0xe1, 0x5a, + 0x13, 0xef, 0x2b, 0x3f, 0x40, 0xd1, 0x25, 0xb6, 0xa7, 0x9f, 0xfd, 0xbf, 0xda, 0x2d, 0xa3, 0x2d, + 0xae, 0x5f, 0xe4, 0xf8, 0x6a, 0xf8, 0xdc, 0x38, 0xf8, 0xea, 0xa2, 0xc9, 0x8d, 0xbf, 0x87, 0xe0, + 0x20, 0x7f, 0x6b, 0x50, 0x19, 0xf7, 0xa4, 0x98, 0x61, 0x2f, 0x13, 0x63, 0xa4, 0x18, 0x11, 0x7f, + 0xf4, 0x3d, 0x81, 0x5a, 0x93, 0xef, 0x08, 0xdf, 0x44, 0xb0, 0x4f, 0x26, 0x35, 0xb1, 0xbb, 0xab, + 0xa3, 0x0c, 0xb7, 0xd7, 0x24, 0x28, 0xdc, 0x6d, 0x65, 0x3c, 0x77, 0x7b, 0x0f, 0xc1, 0xac, 0xe8, + 0xe6, 0x67, 0x94, 0x0a, 0x4a, 0xbb, 0xbf, 0xd2, 0xd3, 0xe3, 0x10, 0xcd, 0x60, 0xfd, 0x8b, 0x5c, + 0xec, 0x7d, 0x5c, 0xcf, 0x12, 0xeb, 0xb9, 0xcd, 0xa0, 0xfe, 0x58, 0x74, 0x62, 0x9f, 0xd4, 0x6d, + 0xb7, 0x15, 0xbc, 0xa1, 0xe3, 0xcc, 0x84, 0xc8, 0xe6, 0x9c, 0x47, 0x38, 0x84, 0x39, 0xe6, 0x1c, + 0xbc, 0x71, 0x82, 0xab, 0x3d, 0x6d, 0x96, 0xbe, 0x9e, 0x4a, 0xa5, 0xd2, 0xd7, 0x88, 0x49, 0x32, + 0xa0, 0xb8, 0xc6, 0xe2, 0x63, 0x99, 0x62, 0xb9, 0xa0, 0xb7, 0x11, 0x1c, 0x54, 0xbd, 0x3d, 0x12, + 0x3f, 0xb6, 0xaf, 0x67, 0xa1, 0x10, 0x45, 0x35, 0x5e, 0x19, 0xcb, 0x91, 0x38, 0x9c, 0x2b, 0xd7, + 0xff, 0xf8, 0xec, 0x28, 0x7a, 0xff, 0xd9, 0x51, 0xf4, 0xf7, 0x67, 0x47, 0xd1, 0x1b, 0x97, 0xc6, + 0xfb, 0x8f, 0xaf, 0x69, 0x5b, 0xd4, 0x09, 0x55, 0xf6, 0xff, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x57, + 0x9a, 0x85, 0xd1, 0xc9, 0x2c, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -4981,6 +4998,22 @@ func (m *ApplicationSyncRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if len(m.Revisions) > 0 { + for iNdEx := len(m.Revisions) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Revisions[iNdEx]) + copy(dAtA[i:], m.Revisions[iNdEx]) + i = encodeVarintApplication(dAtA, i, uint64(len(m.Revisions[iNdEx]))) + i-- + dAtA[i] = 0x7a + } + } + if len(m.SourcePositions) > 0 { + for iNdEx := len(m.SourcePositions) - 1; iNdEx >= 0; iNdEx-- { + i = encodeVarintApplication(dAtA, i, uint64(m.SourcePositions[iNdEx])) + i-- + dAtA[i] = 0x70 + } + } if m.Project != nil { i -= len(*m.Project) copy(dAtA[i:], *m.Project) @@ -7009,6 +7042,17 @@ func (m *ApplicationSyncRequest) Size() (n int) { l = len(*m.Project) n += 1 + l + sovApplication(uint64(l)) } + if len(m.SourcePositions) > 0 { + for _, e := range m.SourcePositions { + n += 1 + sovApplication(uint64(e)) + } + } + if len(m.Revisions) > 0 { + for _, s := range m.Revisions { + l = len(s) + n += 1 + l + sovApplication(uint64(l)) + } + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -10305,6 +10349,114 @@ func (m *ApplicationSyncRequest) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.Project = &s iNdEx = postIndex + case 14: + if wireType == 0 { + var v int64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.SourcePositions = append(m.SourcePositions, v) + } else if wireType == 2 { + var packedLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + packedLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if packedLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + packedLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + var elementCount int + var count int + for _, integer := range dAtA[iNdEx:postIndex] { + if integer < 128 { + count++ + } + } + elementCount = count + if elementCount != 0 && len(m.SourcePositions) == 0 { + m.SourcePositions = make([]int64, 0, elementCount) + } + for iNdEx < postIndex { + var v int64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.SourcePositions = append(m.SourcePositions, v) + } + } else { + return fmt.Errorf("proto: wrong wireType = %d for field SourcePositions", wireType) + } + case 15: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Revisions", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Revisions = append(m.Revisions, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) diff --git a/pkg/apiclient/applicationset/applicationset.pb.go b/pkg/apiclient/applicationset/applicationset.pb.go index 8f717d1f6920f..68db654fe9c4e 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.go +++ b/pkg/apiclient/applicationset/applicationset.pb.go @@ -322,12 +322,69 @@ func (m *ApplicationSetDeleteRequest) GetAppsetNamespace() string { return "" } +type ApplicationSetTreeQuery struct { + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // The application set namespace. Default empty is argocd control plane namespace + AppsetNamespace string `protobuf:"bytes,2,opt,name=appsetNamespace,proto3" json:"appsetNamespace,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ApplicationSetTreeQuery) Reset() { *m = ApplicationSetTreeQuery{} } +func (m *ApplicationSetTreeQuery) String() string { return proto.CompactTextString(m) } +func (*ApplicationSetTreeQuery) ProtoMessage() {} +func (*ApplicationSetTreeQuery) Descriptor() ([]byte, []int) { + return fileDescriptor_eacb9df0ce5738fa, []int{5} +} +func (m *ApplicationSetTreeQuery) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ApplicationSetTreeQuery) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ApplicationSetTreeQuery.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ApplicationSetTreeQuery) XXX_Merge(src proto.Message) { + xxx_messageInfo_ApplicationSetTreeQuery.Merge(m, src) +} +func (m *ApplicationSetTreeQuery) XXX_Size() int { + return m.Size() +} +func (m *ApplicationSetTreeQuery) XXX_DiscardUnknown() { + xxx_messageInfo_ApplicationSetTreeQuery.DiscardUnknown(m) +} + +var xxx_messageInfo_ApplicationSetTreeQuery proto.InternalMessageInfo + +func (m *ApplicationSetTreeQuery) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +func (m *ApplicationSetTreeQuery) GetAppsetNamespace() string { + if m != nil { + return m.AppsetNamespace + } + return "" +} + func init() { proto.RegisterType((*ApplicationSetGetQuery)(nil), "applicationset.ApplicationSetGetQuery") proto.RegisterType((*ApplicationSetListQuery)(nil), "applicationset.ApplicationSetListQuery") proto.RegisterType((*ApplicationSetResponse)(nil), "applicationset.ApplicationSetResponse") proto.RegisterType((*ApplicationSetCreateRequest)(nil), "applicationset.ApplicationSetCreateRequest") proto.RegisterType((*ApplicationSetDeleteRequest)(nil), "applicationset.ApplicationSetDeleteRequest") + proto.RegisterType((*ApplicationSetTreeQuery)(nil), "applicationset.ApplicationSetTreeQuery") } func init() { @@ -335,40 +392,43 @@ func init() { } var fileDescriptor_eacb9df0ce5738fa = []byte{ - // 526 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x94, 0xdf, 0x8a, 0x13, 0x31, - 0x14, 0xc6, 0xc9, 0x76, 0xad, 0xbb, 0x11, 0x14, 0x02, 0xee, 0xd6, 0x51, 0x6a, 0x99, 0x8b, 0xb5, - 0xae, 0x98, 0xd0, 0x7a, 0xa7, 0x57, 0xfe, 0x81, 0x45, 0x28, 0xa2, 0xb3, 0xe0, 0x85, 0x5e, 0x48, - 0x76, 0x7a, 0x98, 0x1d, 0x77, 0x3a, 0x89, 0x49, 0x3a, 0x20, 0x8b, 0x37, 0x82, 0x4f, 0xe0, 0x13, - 0xa8, 0x37, 0x82, 0xb7, 0x3e, 0x84, 0x97, 0x82, 0x2f, 0x20, 0xc5, 0x07, 0x91, 0xc9, 0xcc, 0xb4, - 0x3b, 0xa1, 0xdb, 0x0a, 0x76, 0xef, 0x72, 0x26, 0x99, 0x73, 0x7e, 0xf9, 0xf2, 0x9d, 0x83, 0x77, - 0x35, 0xa8, 0x0c, 0x14, 0xe3, 0x52, 0x26, 0x71, 0xc8, 0x4d, 0x2c, 0x52, 0x0d, 0xc6, 0x09, 0xa9, - 0x54, 0xc2, 0x08, 0x72, 0xb1, 0xfe, 0xd5, 0xbb, 0x16, 0x09, 0x11, 0x25, 0xc0, 0xb8, 0x8c, 0x19, - 0x4f, 0x53, 0x61, 0x8a, 0x9d, 0xe2, 0xb4, 0x37, 0x88, 0x62, 0x73, 0x38, 0x3e, 0xa0, 0xa1, 0x18, - 0x31, 0xae, 0x22, 0x21, 0x95, 0x78, 0x6d, 0x17, 0xb7, 0xc3, 0x21, 0xcb, 0xfa, 0x4c, 0x1e, 0x45, - 0xf9, 0x9f, 0xfa, 0x64, 0x2d, 0x96, 0xf5, 0x78, 0x22, 0x0f, 0x79, 0x8f, 0x45, 0x90, 0x82, 0xe2, - 0x06, 0x86, 0x45, 0x36, 0xff, 0x39, 0xde, 0xba, 0x3f, 0x3b, 0xb7, 0x0f, 0x66, 0x0f, 0xcc, 0xb3, - 0x31, 0xa8, 0xb7, 0x84, 0xe0, 0xf5, 0x94, 0x8f, 0xa0, 0x85, 0x3a, 0xa8, 0xbb, 0x19, 0xd8, 0x35, - 0xe9, 0xe2, 0x4b, 0x5c, 0x4a, 0x0d, 0xe6, 0x09, 0x1f, 0x81, 0x96, 0x3c, 0x84, 0xd6, 0x9a, 0xdd, - 0x76, 0x3f, 0xfb, 0xc7, 0x78, 0xbb, 0x9e, 0x77, 0x10, 0xeb, 0x32, 0xb1, 0x87, 0x37, 0x72, 0x66, - 0x08, 0x8d, 0x6e, 0xa1, 0x4e, 0xa3, 0xbb, 0x19, 0x4c, 0xe3, 0x7c, 0x4f, 0x43, 0x02, 0xa1, 0x11, - 0xaa, 0xcc, 0x3c, 0x8d, 0xe7, 0x15, 0x6f, 0xcc, 0x2f, 0xfe, 0x15, 0xb9, 0xb7, 0x0a, 0x40, 0xcb, - 0x5c, 0x5c, 0xd2, 0xc2, 0xe7, 0xcb, 0x62, 0xe5, 0xc5, 0xaa, 0x90, 0x18, 0xec, 0xbc, 0x83, 0x05, - 0xb8, 0xd0, 0x1f, 0xd0, 0x99, 0xe0, 0xb4, 0x12, 0xdc, 0x2e, 0x5e, 0x85, 0x43, 0x9a, 0xf5, 0xa9, - 0x3c, 0x8a, 0x68, 0x2e, 0x38, 0x3d, 0xf1, 0x3b, 0xad, 0x04, 0xa7, 0x0e, 0x87, 0x53, 0xc3, 0xff, - 0x86, 0xf0, 0xd5, 0xfa, 0x91, 0x87, 0x0a, 0xb8, 0x81, 0x00, 0xde, 0x8c, 0x41, 0xcf, 0xa3, 0x42, - 0x67, 0x4f, 0x45, 0xb6, 0x70, 0x73, 0x2c, 0x35, 0xa8, 0x42, 0x83, 0x8d, 0xa0, 0x8c, 0xfc, 0x97, - 0x2e, 0xec, 0x23, 0x48, 0x60, 0x06, 0xfb, 0x5f, 0x96, 0xe9, 0x7f, 0x3a, 0x87, 0x2f, 0xd7, 0xb3, - 0xef, 0x83, 0xca, 0xe2, 0x10, 0xc8, 0x17, 0x84, 0x1b, 0x7b, 0x60, 0xc8, 0x0e, 0x75, 0xfa, 0x67, - 0xbe, 0x75, 0xbd, 0x95, 0x8a, 0xe3, 0xef, 0xbc, 0xff, 0xf5, 0xe7, 0xe3, 0x5a, 0x87, 0xb4, 0x6d, - 0x43, 0x66, 0x3d, 0xa7, 0x89, 0x35, 0x3b, 0xce, 0x2f, 0xfa, 0x8e, 0x7c, 0x46, 0x78, 0x3d, 0x77, - 0x39, 0xb9, 0xb1, 0x18, 0x73, 0xda, 0x09, 0xde, 0xd3, 0x55, 0x72, 0xe6, 0x69, 0xfd, 0xeb, 0x96, - 0xf5, 0x0a, 0xd9, 0x3e, 0x85, 0x95, 0x7c, 0x47, 0xb8, 0x59, 0x38, 0x8c, 0xdc, 0x5a, 0x8c, 0x59, - 0xf3, 0xe1, 0x8a, 0x25, 0x65, 0x16, 0xf3, 0xa6, 0x7f, 0x1a, 0xe6, 0x5d, 0xd7, 0x90, 0x1f, 0x10, - 0x6e, 0x16, 0x5e, 0x5b, 0x86, 0x5d, 0x73, 0xa4, 0xb7, 0xc4, 0x31, 0xd5, 0x58, 0xa8, 0xde, 0x78, - 0x77, 0xc9, 0x1b, 0x3f, 0x78, 0xfc, 0x63, 0xd2, 0x46, 0x3f, 0x27, 0x6d, 0xf4, 0x7b, 0xd2, 0x46, - 0x2f, 0xee, 0xfd, 0xdb, 0x28, 0x0e, 0x93, 0x18, 0x52, 0x77, 0xf6, 0x1f, 0x34, 0xed, 0x00, 0xbe, - 0xf3, 0x37, 0x00, 0x00, 0xff, 0xff, 0x96, 0x3f, 0x16, 0xa7, 0x2a, 0x06, 0x00, 0x00, + // 573 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x95, 0x4f, 0x8b, 0x13, 0x3f, + 0x18, 0xc7, 0xc9, 0x76, 0xe9, 0x6f, 0x37, 0x3f, 0x51, 0x08, 0xb8, 0x5b, 0x47, 0xa9, 0x65, 0x0e, + 0x6b, 0x5d, 0xdd, 0x84, 0x56, 0x4f, 0x7a, 0xf2, 0x0f, 0x2c, 0x42, 0x11, 0x9d, 0x15, 0x05, 0x3d, + 0x48, 0x76, 0xfa, 0x30, 0x3b, 0xee, 0x74, 0x12, 0x93, 0x74, 0x40, 0x16, 0x2f, 0x82, 0xaf, 0xc0, + 0x77, 0xa0, 0x17, 0xc1, 0xab, 0x77, 0xaf, 0x1e, 0x05, 0xdf, 0x80, 0x54, 0x5f, 0x88, 0x4c, 0x66, + 0xda, 0xee, 0x84, 0x6e, 0x2b, 0x58, 0x6f, 0x79, 0xf2, 0xe7, 0x79, 0x3e, 0x79, 0x9e, 0xef, 0x93, + 0xe0, 0x6d, 0x0d, 0x2a, 0x03, 0xc5, 0xb8, 0x94, 0x49, 0x1c, 0x72, 0x13, 0x8b, 0x54, 0x83, 0x71, + 0x4c, 0x2a, 0x95, 0x30, 0x82, 0x9c, 0xae, 0xce, 0x7a, 0x17, 0x22, 0x21, 0xa2, 0x04, 0x18, 0x97, + 0x31, 0xe3, 0x69, 0x2a, 0x4c, 0xb1, 0x52, 0xec, 0xf6, 0x7a, 0x51, 0x6c, 0x0e, 0x86, 0xfb, 0x34, + 0x14, 0x03, 0xc6, 0x55, 0x24, 0xa4, 0x12, 0x2f, 0xec, 0x60, 0x27, 0xec, 0xb3, 0xac, 0xcb, 0xe4, + 0x61, 0x94, 0x9f, 0xd4, 0xc7, 0x63, 0xb1, 0xac, 0xc3, 0x13, 0x79, 0xc0, 0x3b, 0x2c, 0x82, 0x14, + 0x14, 0x37, 0xd0, 0x2f, 0xbc, 0xf9, 0x8f, 0xf1, 0xc6, 0xad, 0xe9, 0xbe, 0x3d, 0x30, 0xbb, 0x60, + 0x1e, 0x0e, 0x41, 0xbd, 0x22, 0x04, 0xaf, 0xa6, 0x7c, 0x00, 0x0d, 0xd4, 0x42, 0xed, 0xf5, 0xc0, + 0x8e, 0x49, 0x1b, 0x9f, 0xe1, 0x52, 0x6a, 0x30, 0xf7, 0xf9, 0x00, 0xb4, 0xe4, 0x21, 0x34, 0x56, + 0xec, 0xb2, 0x3b, 0xed, 0x1f, 0xe1, 0xcd, 0xaa, 0xdf, 0x5e, 0xac, 0x4b, 0xc7, 0x1e, 0x5e, 0xcb, + 0x99, 0x21, 0x34, 0xba, 0x81, 0x5a, 0xb5, 0xf6, 0x7a, 0x30, 0xb1, 0xf3, 0x35, 0x0d, 0x09, 0x84, + 0x46, 0xa8, 0xd2, 0xf3, 0xc4, 0x9e, 0x15, 0xbc, 0x36, 0x3b, 0xf8, 0x47, 0xe4, 0xde, 0x2a, 0x00, + 0x2d, 0xf3, 0xe4, 0x92, 0x06, 0xfe, 0xaf, 0x0c, 0x56, 0x5e, 0x6c, 0x6c, 0x12, 0x83, 0x9d, 0x3a, + 0x58, 0x80, 0xff, 0xbb, 0x3d, 0x3a, 0x4d, 0x38, 0x1d, 0x27, 0xdc, 0x0e, 0x9e, 0x87, 0x7d, 0x9a, + 0x75, 0xa9, 0x3c, 0x8c, 0x68, 0x9e, 0x70, 0x7a, 0xec, 0x38, 0x1d, 0x27, 0x9c, 0x3a, 0x1c, 0x4e, + 0x0c, 0xff, 0x13, 0xc2, 0xe7, 0xab, 0x5b, 0xee, 0x28, 0xe0, 0x06, 0x02, 0x78, 0x39, 0x04, 0x3d, + 0x8b, 0x0a, 0xfd, 0x7b, 0x2a, 0xb2, 0x81, 0xeb, 0x43, 0xa9, 0x41, 0x15, 0x39, 0x58, 0x0b, 0x4a, + 0xcb, 0x7f, 0xe6, 0xc2, 0xde, 0x85, 0x04, 0xa6, 0xb0, 0x7f, 0x27, 0x99, 0x27, 0xae, 0x64, 0x1e, + 0x29, 0x80, 0x25, 0x68, 0xb1, 0xfb, 0xb3, 0x8e, 0xcf, 0x56, 0x3d, 0xef, 0x81, 0xca, 0xe2, 0x10, + 0xc8, 0x07, 0x84, 0x6b, 0xbb, 0x60, 0xc8, 0x16, 0x75, 0x1a, 0x73, 0x76, 0x4f, 0x78, 0x4b, 0xcd, + 0xba, 0xbf, 0xf5, 0xe6, 0xfb, 0xaf, 0x77, 0x2b, 0x2d, 0xd2, 0xb4, 0x9d, 0x9e, 0x75, 0x9c, 0xd7, + 0x41, 0xb3, 0xa3, 0xfc, 0xa2, 0xaf, 0xc9, 0x7b, 0x84, 0x57, 0xf3, 0xf6, 0x21, 0x97, 0xe6, 0x63, + 0x4e, 0x5a, 0xcc, 0x7b, 0xb0, 0x4c, 0xce, 0xdc, 0xad, 0x7f, 0xd1, 0xb2, 0x9e, 0x23, 0x9b, 0x27, + 0xb0, 0x92, 0xcf, 0x08, 0xd7, 0x0b, 0xe9, 0x92, 0x2b, 0xf3, 0x31, 0x2b, 0x02, 0x5f, 0x72, 0x4a, + 0x99, 0xc5, 0xbc, 0xec, 0x9f, 0x84, 0x79, 0xc3, 0x55, 0xfa, 0x5b, 0x84, 0xeb, 0x85, 0x88, 0x17, + 0x61, 0x57, 0xa4, 0xee, 0x2d, 0x50, 0xcc, 0xf8, 0xbd, 0x19, 0xd7, 0x78, 0x7b, 0x51, 0x8d, 0xbf, + 0x20, 0x7c, 0x2a, 0x00, 0x2d, 0x86, 0x2a, 0x84, 0x5c, 0xf7, 0x8b, 0x6a, 0x3d, 0xe9, 0x8d, 0xe5, + 0xd6, 0x3a, 0x77, 0xeb, 0x5f, 0xb7, 0xcc, 0x94, 0x5c, 0x9d, 0xcf, 0xcc, 0x54, 0xc9, 0xbb, 0x63, + 0x14, 0xc0, 0xed, 0x7b, 0x5f, 0x47, 0x4d, 0xf4, 0x6d, 0xd4, 0x44, 0x3f, 0x46, 0x4d, 0xf4, 0xf4, + 0xe6, 0x9f, 0xfd, 0x52, 0x61, 0x12, 0x43, 0xea, 0x7e, 0x8b, 0xfb, 0x75, 0xfb, 0x37, 0x5d, 0xfb, + 0x1d, 0x00, 0x00, 0xff, 0xff, 0xfa, 0x8f, 0x0f, 0xad, 0x45, 0x07, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -391,6 +451,8 @@ type ApplicationSetServiceClient interface { Create(ctx context.Context, in *ApplicationSetCreateRequest, opts ...grpc.CallOption) (*v1alpha1.ApplicationSet, error) // Delete deletes an application set Delete(ctx context.Context, in *ApplicationSetDeleteRequest, opts ...grpc.CallOption) (*ApplicationSetResponse, error) + // ResourceTree returns resource tree + ResourceTree(ctx context.Context, in *ApplicationSetTreeQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationSetTree, error) } type applicationSetServiceClient struct { @@ -437,6 +499,15 @@ func (c *applicationSetServiceClient) Delete(ctx context.Context, in *Applicatio return out, nil } +func (c *applicationSetServiceClient) ResourceTree(ctx context.Context, in *ApplicationSetTreeQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationSetTree, error) { + out := new(v1alpha1.ApplicationSetTree) + err := c.cc.Invoke(ctx, "/applicationset.ApplicationSetService/ResourceTree", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // ApplicationSetServiceServer is the server API for ApplicationSetService service. type ApplicationSetServiceServer interface { // Get returns an applicationset by name @@ -447,6 +518,8 @@ type ApplicationSetServiceServer interface { Create(context.Context, *ApplicationSetCreateRequest) (*v1alpha1.ApplicationSet, error) // Delete deletes an application set Delete(context.Context, *ApplicationSetDeleteRequest) (*ApplicationSetResponse, error) + // ResourceTree returns resource tree + ResourceTree(context.Context, *ApplicationSetTreeQuery) (*v1alpha1.ApplicationSetTree, error) } // UnimplementedApplicationSetServiceServer can be embedded to have forward compatible implementations. @@ -465,6 +538,9 @@ func (*UnimplementedApplicationSetServiceServer) Create(ctx context.Context, req func (*UnimplementedApplicationSetServiceServer) Delete(ctx context.Context, req *ApplicationSetDeleteRequest) (*ApplicationSetResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented") } +func (*UnimplementedApplicationSetServiceServer) ResourceTree(ctx context.Context, req *ApplicationSetTreeQuery) (*v1alpha1.ApplicationSetTree, error) { + return nil, status.Errorf(codes.Unimplemented, "method ResourceTree not implemented") +} func RegisterApplicationSetServiceServer(s *grpc.Server, srv ApplicationSetServiceServer) { s.RegisterService(&_ApplicationSetService_serviceDesc, srv) @@ -542,6 +618,24 @@ func _ApplicationSetService_Delete_Handler(srv interface{}, ctx context.Context, return interceptor(ctx, in, info, handler) } +func _ApplicationSetService_ResourceTree_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ApplicationSetTreeQuery) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ApplicationSetServiceServer).ResourceTree(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/applicationset.ApplicationSetService/ResourceTree", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ApplicationSetServiceServer).ResourceTree(ctx, req.(*ApplicationSetTreeQuery)) + } + return interceptor(ctx, in, info, handler) +} + var _ApplicationSetService_serviceDesc = grpc.ServiceDesc{ ServiceName: "applicationset.ApplicationSetService", HandlerType: (*ApplicationSetServiceServer)(nil), @@ -562,6 +656,10 @@ var _ApplicationSetService_serviceDesc = grpc.ServiceDesc{ MethodName: "Delete", Handler: _ApplicationSetService_Delete_Handler, }, + { + MethodName: "ResourceTree", + Handler: _ApplicationSetService_ResourceTree_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "server/applicationset/applicationset.proto", @@ -794,6 +892,47 @@ func (m *ApplicationSetDeleteRequest) MarshalToSizedBuffer(dAtA []byte) (int, er return len(dAtA) - i, nil } +func (m *ApplicationSetTreeQuery) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ApplicationSetTreeQuery) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ApplicationSetTreeQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.AppsetNamespace) > 0 { + i -= len(m.AppsetNamespace) + copy(dAtA[i:], m.AppsetNamespace) + i = encodeVarintApplicationset(dAtA, i, uint64(len(m.AppsetNamespace))) + i-- + dAtA[i] = 0x12 + } + if len(m.Name) > 0 { + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintApplicationset(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func encodeVarintApplicationset(dAtA []byte, offset int, v uint64) int { offset -= sovApplicationset(v) base := offset @@ -910,6 +1049,26 @@ func (m *ApplicationSetDeleteRequest) Size() (n int) { return n } +func (m *ApplicationSetTreeQuery) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + if l > 0 { + n += 1 + l + sovApplicationset(uint64(l)) + } + l = len(m.AppsetNamespace) + if l > 0 { + n += 1 + l + sovApplicationset(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func sovApplicationset(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -1519,6 +1678,121 @@ func (m *ApplicationSetDeleteRequest) Unmarshal(dAtA []byte) error { } return nil } +func (m *ApplicationSetTreeQuery) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplicationset + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApplicationSetTreeQuery: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApplicationSetTreeQuery: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplicationset + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplicationset + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplicationset + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AppsetNamespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApplicationset + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApplicationset + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApplicationset + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AppsetNamespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipApplicationset(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthApplicationset + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func skipApplicationset(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apiclient/applicationset/applicationset.pb.gw.go b/pkg/apiclient/applicationset/applicationset.pb.gw.go index 5e4c73f7add3b..daad3043c52ca 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.gw.go +++ b/pkg/apiclient/applicationset/applicationset.pb.gw.go @@ -265,6 +265,78 @@ func local_request_ApplicationSetService_Delete_0(ctx context.Context, marshaler } +var ( + filter_ApplicationSetService_ResourceTree_0 = &utilities.DoubleArray{Encoding: map[string]int{"name": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} +) + +func request_ApplicationSetService_ResourceTree_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationSetServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ApplicationSetTreeQuery + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["name"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") + } + + protoReq.Name, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_ResourceTree_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.ResourceTree(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_ApplicationSetService_ResourceTree_0(ctx context.Context, marshaler runtime.Marshaler, server ApplicationSetServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ApplicationSetTreeQuery + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["name"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") + } + + protoReq.Name, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_ResourceTree_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.ResourceTree(ctx, &protoReq) + return msg, metadata, err + +} + // RegisterApplicationSetServiceHandlerServer registers the http handlers for service ApplicationSetService to "mux". // UnaryRPC :call ApplicationSetServiceServer directly. // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. @@ -363,6 +435,29 @@ func RegisterApplicationSetServiceHandlerServer(ctx context.Context, mux *runtim }) + mux.Handle("GET", pattern_ApplicationSetService_ResourceTree_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_ApplicationSetService_ResourceTree_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_ApplicationSetService_ResourceTree_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } @@ -484,6 +579,26 @@ func RegisterApplicationSetServiceHandlerClient(ctx context.Context, mux *runtim }) + mux.Handle("GET", pattern_ApplicationSetService_ResourceTree_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_ApplicationSetService_ResourceTree_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_ApplicationSetService_ResourceTree_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } @@ -495,6 +610,8 @@ var ( pattern_ApplicationSetService_Create_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "applicationsets"}, "", runtime.AssumeColonVerbOpt(true))) pattern_ApplicationSetService_Delete_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "applicationsets", "name"}, "", runtime.AssumeColonVerbOpt(true))) + + pattern_ApplicationSetService_ResourceTree_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "applicationsets", "name", "resource-tree"}, "", runtime.AssumeColonVerbOpt(true))) ) var ( @@ -505,4 +622,6 @@ var ( forward_ApplicationSetService_Create_0 = runtime.ForwardResponseMessage forward_ApplicationSetService_Delete_0 = runtime.ForwardResponseMessage + + forward_ApplicationSetService_ResourceTree_0 = runtime.ForwardResponseMessage ) diff --git a/pkg/apiclient/cluster/mocks/ClusterServiceServer.go b/pkg/apiclient/cluster/mocks/ClusterServiceServer.go index f6118b7a43f95..ae63bfae8810b 100644 --- a/pkg/apiclient/cluster/mocks/ClusterServiceServer.go +++ b/pkg/apiclient/cluster/mocks/ClusterServiceServer.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0. DO NOT EDIT. +// Code generated by mockery v2.40.2. DO NOT EDIT. package mocks @@ -21,7 +21,15 @@ type ClusterServiceServer struct { func (_m *ClusterServiceServer) Create(_a0 context.Context, _a1 *cluster.ClusterCreateRequest) (*v1alpha1.Cluster, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for Create") + } + var r0 *v1alpha1.Cluster + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterCreateRequest) (*v1alpha1.Cluster, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterCreateRequest) *v1alpha1.Cluster); ok { r0 = rf(_a0, _a1) } else { @@ -30,7 +38,6 @@ func (_m *ClusterServiceServer) Create(_a0 context.Context, _a1 *cluster.Cluster } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterCreateRequest) error); ok { r1 = rf(_a0, _a1) } else { @@ -44,7 +51,15 @@ func (_m *ClusterServiceServer) Create(_a0 context.Context, _a1 *cluster.Cluster func (_m *ClusterServiceServer) Delete(_a0 context.Context, _a1 *cluster.ClusterQuery) (*cluster.ClusterResponse, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for Delete") + } + var r0 *cluster.ClusterResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) (*cluster.ClusterResponse, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) *cluster.ClusterResponse); ok { r0 = rf(_a0, _a1) } else { @@ -53,7 +68,6 @@ func (_m *ClusterServiceServer) Delete(_a0 context.Context, _a1 *cluster.Cluster } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterQuery) error); ok { r1 = rf(_a0, _a1) } else { @@ -67,7 +81,15 @@ func (_m *ClusterServiceServer) Delete(_a0 context.Context, _a1 *cluster.Cluster func (_m *ClusterServiceServer) Get(_a0 context.Context, _a1 *cluster.ClusterQuery) (*v1alpha1.Cluster, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for Get") + } + var r0 *v1alpha1.Cluster + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) (*v1alpha1.Cluster, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) *v1alpha1.Cluster); ok { r0 = rf(_a0, _a1) } else { @@ -76,7 +98,36 @@ func (_m *ClusterServiceServer) Get(_a0 context.Context, _a1 *cluster.ClusterQue } } + if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterQuery) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// InvalidateCache provides a mock function with given fields: _a0, _a1 +func (_m *ClusterServiceServer) InvalidateCache(_a0 context.Context, _a1 *cluster.ClusterQuery) (*v1alpha1.Cluster, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for InvalidateCache") + } + + var r0 *v1alpha1.Cluster var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) (*v1alpha1.Cluster, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) *v1alpha1.Cluster); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*v1alpha1.Cluster) + } + } + if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterQuery) error); ok { r1 = rf(_a0, _a1) } else { @@ -90,7 +141,15 @@ func (_m *ClusterServiceServer) Get(_a0 context.Context, _a1 *cluster.ClusterQue func (_m *ClusterServiceServer) List(_a0 context.Context, _a1 *cluster.ClusterQuery) (*v1alpha1.ClusterList, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for List") + } + var r0 *v1alpha1.ClusterList + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) (*v1alpha1.ClusterList, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) *v1alpha1.ClusterList); ok { r0 = rf(_a0, _a1) } else { @@ -99,7 +158,36 @@ func (_m *ClusterServiceServer) List(_a0 context.Context, _a1 *cluster.ClusterQu } } + if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterQuery) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// RotateAuth provides a mock function with given fields: _a0, _a1 +func (_m *ClusterServiceServer) RotateAuth(_a0 context.Context, _a1 *cluster.ClusterQuery) (*cluster.ClusterResponse, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for RotateAuth") + } + + var r0 *cluster.ClusterResponse var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) (*cluster.ClusterResponse, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) *cluster.ClusterResponse); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*cluster.ClusterResponse) + } + } + if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterQuery) error); ok { r1 = rf(_a0, _a1) } else { @@ -113,7 +201,15 @@ func (_m *ClusterServiceServer) List(_a0 context.Context, _a1 *cluster.ClusterQu func (_m *ClusterServiceServer) Update(_a0 context.Context, _a1 *cluster.ClusterUpdateRequest) (*v1alpha1.Cluster, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for Update") + } + var r0 *v1alpha1.Cluster + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterUpdateRequest) (*v1alpha1.Cluster, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterUpdateRequest) *v1alpha1.Cluster); ok { r0 = rf(_a0, _a1) } else { @@ -122,7 +218,6 @@ func (_m *ClusterServiceServer) Update(_a0 context.Context, _a1 *cluster.Cluster } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterUpdateRequest) error); ok { r1 = rf(_a0, _a1) } else { @@ -131,3 +226,17 @@ func (_m *ClusterServiceServer) Update(_a0 context.Context, _a1 *cluster.Cluster return r0, r1 } + +// NewClusterServiceServer creates a new instance of ClusterServiceServer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewClusterServiceServer(t interface { + mock.TestingT + Cleanup(func()) +}) *ClusterServiceServer { + mock := &ClusterServiceServer{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/pkg/apiclient/session/mocks/SessionServiceClient.go b/pkg/apiclient/session/mocks/SessionServiceClient.go index 16a3692d86600..91f0e45c25899 100644 --- a/pkg/apiclient/session/mocks/SessionServiceClient.go +++ b/pkg/apiclient/session/mocks/SessionServiceClient.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0. DO NOT EDIT. +// Code generated by mockery v2.40.2. DO NOT EDIT. package mocks @@ -28,7 +28,15 @@ func (_m *SessionServiceClient) Create(ctx context.Context, in *session.SessionC _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for Create") + } + var r0 *session.SessionResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *session.SessionCreateRequest, ...grpc.CallOption) (*session.SessionResponse, error)); ok { + return rf(ctx, in, opts...) + } if rf, ok := ret.Get(0).(func(context.Context, *session.SessionCreateRequest, ...grpc.CallOption) *session.SessionResponse); ok { r0 = rf(ctx, in, opts...) } else { @@ -37,7 +45,6 @@ func (_m *SessionServiceClient) Create(ctx context.Context, in *session.SessionC } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, *session.SessionCreateRequest, ...grpc.CallOption) error); ok { r1 = rf(ctx, in, opts...) } else { @@ -58,7 +65,15 @@ func (_m *SessionServiceClient) Delete(ctx context.Context, in *session.SessionD _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for Delete") + } + var r0 *session.SessionResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *session.SessionDeleteRequest, ...grpc.CallOption) (*session.SessionResponse, error)); ok { + return rf(ctx, in, opts...) + } if rf, ok := ret.Get(0).(func(context.Context, *session.SessionDeleteRequest, ...grpc.CallOption) *session.SessionResponse); ok { r0 = rf(ctx, in, opts...) } else { @@ -67,7 +82,6 @@ func (_m *SessionServiceClient) Delete(ctx context.Context, in *session.SessionD } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, *session.SessionDeleteRequest, ...grpc.CallOption) error); ok { r1 = rf(ctx, in, opts...) } else { @@ -76,3 +90,54 @@ func (_m *SessionServiceClient) Delete(ctx context.Context, in *session.SessionD return r0, r1 } + +// GetUserInfo provides a mock function with given fields: ctx, in, opts +func (_m *SessionServiceClient) GetUserInfo(ctx context.Context, in *session.GetUserInfoRequest, opts ...grpc.CallOption) (*session.GetUserInfoResponse, error) { + _va := make([]interface{}, len(opts)) + for _i := range opts { + _va[_i] = opts[_i] + } + var _ca []interface{} + _ca = append(_ca, ctx, in) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for GetUserInfo") + } + + var r0 *session.GetUserInfoResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *session.GetUserInfoRequest, ...grpc.CallOption) (*session.GetUserInfoResponse, error)); ok { + return rf(ctx, in, opts...) + } + if rf, ok := ret.Get(0).(func(context.Context, *session.GetUserInfoRequest, ...grpc.CallOption) *session.GetUserInfoResponse); ok { + r0 = rf(ctx, in, opts...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*session.GetUserInfoResponse) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *session.GetUserInfoRequest, ...grpc.CallOption) error); ok { + r1 = rf(ctx, in, opts...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewSessionServiceClient creates a new instance of SessionServiceClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewSessionServiceClient(t interface { + mock.TestingT + Cleanup(func()) +}) *SessionServiceClient { + mock := &SessionServiceClient{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/pkg/apiclient/session/mocks/SessionServiceServer.go b/pkg/apiclient/session/mocks/SessionServiceServer.go index f518fbc75a9f8..46d8a6d322ce7 100644 --- a/pkg/apiclient/session/mocks/SessionServiceServer.go +++ b/pkg/apiclient/session/mocks/SessionServiceServer.go @@ -1,13 +1,12 @@ -// Code generated by mockery v1.0.0. DO NOT EDIT. +// Code generated by mockery v2.40.2. DO NOT EDIT. package mocks import ( context "context" - mock "github.com/stretchr/testify/mock" - session "github.com/argoproj/argo-cd/v2/pkg/apiclient/session" + mock "github.com/stretchr/testify/mock" ) // SessionServiceServer is an autogenerated mock type for the SessionServiceServer type @@ -19,7 +18,15 @@ type SessionServiceServer struct { func (_m *SessionServiceServer) Create(_a0 context.Context, _a1 *session.SessionCreateRequest) (*session.SessionResponse, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for Create") + } + var r0 *session.SessionResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *session.SessionCreateRequest) (*session.SessionResponse, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, *session.SessionCreateRequest) *session.SessionResponse); ok { r0 = rf(_a0, _a1) } else { @@ -28,7 +35,6 @@ func (_m *SessionServiceServer) Create(_a0 context.Context, _a1 *session.Session } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, *session.SessionCreateRequest) error); ok { r1 = rf(_a0, _a1) } else { @@ -42,7 +48,15 @@ func (_m *SessionServiceServer) Create(_a0 context.Context, _a1 *session.Session func (_m *SessionServiceServer) Delete(_a0 context.Context, _a1 *session.SessionDeleteRequest) (*session.SessionResponse, error) { ret := _m.Called(_a0, _a1) + if len(ret) == 0 { + panic("no return value specified for Delete") + } + var r0 *session.SessionResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *session.SessionDeleteRequest) (*session.SessionResponse, error)); ok { + return rf(_a0, _a1) + } if rf, ok := ret.Get(0).(func(context.Context, *session.SessionDeleteRequest) *session.SessionResponse); ok { r0 = rf(_a0, _a1) } else { @@ -51,7 +65,6 @@ func (_m *SessionServiceServer) Delete(_a0 context.Context, _a1 *session.Session } } - var r1 error if rf, ok := ret.Get(1).(func(context.Context, *session.SessionDeleteRequest) error); ok { r1 = rf(_a0, _a1) } else { @@ -60,3 +73,47 @@ func (_m *SessionServiceServer) Delete(_a0 context.Context, _a1 *session.Session return r0, r1 } + +// GetUserInfo provides a mock function with given fields: _a0, _a1 +func (_m *SessionServiceServer) GetUserInfo(_a0 context.Context, _a1 *session.GetUserInfoRequest) (*session.GetUserInfoResponse, error) { + ret := _m.Called(_a0, _a1) + + if len(ret) == 0 { + panic("no return value specified for GetUserInfo") + } + + var r0 *session.GetUserInfoResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *session.GetUserInfoRequest) (*session.GetUserInfoResponse, error)); ok { + return rf(_a0, _a1) + } + if rf, ok := ret.Get(0).(func(context.Context, *session.GetUserInfoRequest) *session.GetUserInfoResponse); ok { + r0 = rf(_a0, _a1) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*session.GetUserInfoResponse) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *session.GetUserInfoRequest) error); ok { + r1 = rf(_a0, _a1) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewSessionServiceServer creates a new instance of SessionServiceServer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewSessionServiceServer(t interface { + mock.TestingT + Cleanup(func()) +}) *SessionServiceServer { + mock := &SessionServiceServer{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/pkg/apis/api-rules/violation_exceptions.list b/pkg/apis/api-rules/violation_exceptions.list index 5630d8d4bceb2..847a3efaf8daa 100644 --- a/pkg/apis/api-rules/violation_exceptions.list +++ b/pkg/apis/api-rules/violation_exceptions.list @@ -18,7 +18,9 @@ API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/ap API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetSpec,GoTemplateOptions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,ApplicationStatus API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Conditions +API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Resources API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTemplateMeta,Finalizers +API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTree,Nodes API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,FileParameters API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,Parameters API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,ValueFiles diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index 389f421fed400..1439b4ccaf9ca 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -759,9 +759,11 @@ type ApplicationSetStatus struct { // Important: Run "make" to regenerate code after modifying this file Conditions []ApplicationSetCondition `json:"conditions,omitempty" protobuf:"bytes,1,name=conditions"` ApplicationStatus []ApplicationSetApplicationStatus `json:"applicationStatus,omitempty" protobuf:"bytes,2,name=applicationStatus"` + // Resources is a list of Applications resources managed by this application set. + Resources []ResourceStatus `json:"resources,omitempty" protobuf:"bytes,3,opt,name=resources"` } -// ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning +// ApplicationSetCondition contains details about an applicationset condition, which is usually an error or warning type ApplicationSetCondition struct { // Type is an applicationset condition type Type ApplicationSetConditionType `json:"type" protobuf:"bytes,1,opt,name=type"` @@ -844,6 +846,21 @@ type ApplicationSetList struct { Items []ApplicationSet `json:"items" protobuf:"bytes,2,rep,name=items"` } +// ApplicationSetTree holds nodes which belongs to the application +// Used to build a tree of an ApplicationSet and its children +type ApplicationSetTree struct { + // Nodes contains list of nodes which are directly managed by the applicationset + Nodes []ResourceNode `json:"nodes,omitempty" protobuf:"bytes,1,rep,name=nodes"` +} + +// Normalize sorts applicationset tree nodes. The persistent order allows to +// effectively compare previously cached app tree and allows to unnecessary Redis requests. +func (t *ApplicationSetTree) Normalize() { + sort.Slice(t.Nodes, func(i, j int) bool { + return t.Nodes[i].FullName() < t.Nodes[j].FullName() + }) +} + // func init() { // SchemeBuilder.Register(&ApplicationSet{}, &ApplicationSetList{}) // } diff --git a/pkg/apis/application/v1alpha1/applicationset_types_test.go b/pkg/apis/application/v1alpha1/applicationset_types_test.go index 282cc1ca9a423..7f2fd7900d4fb 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types_test.go +++ b/pkg/apis/application/v1alpha1/applicationset_types_test.go @@ -6,7 +6,7 @@ import ( "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) func testAppSetCond(t ApplicationSetConditionType, msg string, lastTransitionTime *metav1.Time, status ApplicationSetConditionStatus, reason string) ApplicationSetCondition { @@ -173,9 +173,9 @@ func TestSCMProviderGeneratorGitlab_WillIncludeSharedProjects(t *testing.T) { settings := SCMProviderGeneratorGitlab{} assert.True(t, settings.WillIncludeSharedProjects()) - settings.IncludeSharedProjects = pointer.Bool(false) + settings.IncludeSharedProjects = ptr.To(false) assert.False(t, settings.WillIncludeSharedProjects()) - settings.IncludeSharedProjects = pointer.Bool(true) + settings.IncludeSharedProjects = ptr.To(true) assert.True(t, settings.WillIncludeSharedProjects()) } diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index aed1ef619b350..24d8e7c920ed2 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -797,10 +797,38 @@ func (m *ApplicationSetTerminalGenerator) XXX_DiscardUnknown() { var xxx_messageInfo_ApplicationSetTerminalGenerator proto.InternalMessageInfo +func (m *ApplicationSetTree) Reset() { *m = ApplicationSetTree{} } +func (*ApplicationSetTree) ProtoMessage() {} +func (*ApplicationSetTree) Descriptor() ([]byte, []int) { + return fileDescriptor_030104ce3b95bcac, []int{27} +} +func (m *ApplicationSetTree) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ApplicationSetTree) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *ApplicationSetTree) XXX_Merge(src proto.Message) { + xxx_messageInfo_ApplicationSetTree.Merge(m, src) +} +func (m *ApplicationSetTree) XXX_Size() int { + return m.Size() +} +func (m *ApplicationSetTree) XXX_DiscardUnknown() { + xxx_messageInfo_ApplicationSetTree.DiscardUnknown(m) +} + +var xxx_messageInfo_ApplicationSetTree proto.InternalMessageInfo + func (m *ApplicationSource) Reset() { *m = ApplicationSource{} } func (*ApplicationSource) ProtoMessage() {} func (*ApplicationSource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{27} + return fileDescriptor_030104ce3b95bcac, []int{28} } func (m *ApplicationSource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -828,7 +856,7 @@ var xxx_messageInfo_ApplicationSource proto.InternalMessageInfo func (m *ApplicationSourceDirectory) Reset() { *m = ApplicationSourceDirectory{} } func (*ApplicationSourceDirectory) ProtoMessage() {} func (*ApplicationSourceDirectory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{28} + return fileDescriptor_030104ce3b95bcac, []int{29} } func (m *ApplicationSourceDirectory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -856,7 +884,7 @@ var xxx_messageInfo_ApplicationSourceDirectory proto.InternalMessageInfo func (m *ApplicationSourceHelm) Reset() { *m = ApplicationSourceHelm{} } func (*ApplicationSourceHelm) ProtoMessage() {} func (*ApplicationSourceHelm) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{29} + return fileDescriptor_030104ce3b95bcac, []int{30} } func (m *ApplicationSourceHelm) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -884,7 +912,7 @@ var xxx_messageInfo_ApplicationSourceHelm proto.InternalMessageInfo func (m *ApplicationSourceJsonnet) Reset() { *m = ApplicationSourceJsonnet{} } func (*ApplicationSourceJsonnet) ProtoMessage() {} func (*ApplicationSourceJsonnet) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{30} + return fileDescriptor_030104ce3b95bcac, []int{31} } func (m *ApplicationSourceJsonnet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -912,7 +940,7 @@ var xxx_messageInfo_ApplicationSourceJsonnet proto.InternalMessageInfo func (m *ApplicationSourceKustomize) Reset() { *m = ApplicationSourceKustomize{} } func (*ApplicationSourceKustomize) ProtoMessage() {} func (*ApplicationSourceKustomize) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{31} + return fileDescriptor_030104ce3b95bcac, []int{32} } func (m *ApplicationSourceKustomize) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -940,7 +968,7 @@ var xxx_messageInfo_ApplicationSourceKustomize proto.InternalMessageInfo func (m *ApplicationSourcePlugin) Reset() { *m = ApplicationSourcePlugin{} } func (*ApplicationSourcePlugin) ProtoMessage() {} func (*ApplicationSourcePlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{32} + return fileDescriptor_030104ce3b95bcac, []int{33} } func (m *ApplicationSourcePlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -968,7 +996,7 @@ var xxx_messageInfo_ApplicationSourcePlugin proto.InternalMessageInfo func (m *ApplicationSourcePluginParameter) Reset() { *m = ApplicationSourcePluginParameter{} } func (*ApplicationSourcePluginParameter) ProtoMessage() {} func (*ApplicationSourcePluginParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{33} + return fileDescriptor_030104ce3b95bcac, []int{34} } func (m *ApplicationSourcePluginParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -996,7 +1024,7 @@ var xxx_messageInfo_ApplicationSourcePluginParameter proto.InternalMessageInfo func (m *ApplicationSpec) Reset() { *m = ApplicationSpec{} } func (*ApplicationSpec) ProtoMessage() {} func (*ApplicationSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{34} + return fileDescriptor_030104ce3b95bcac, []int{35} } func (m *ApplicationSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1024,7 +1052,7 @@ var xxx_messageInfo_ApplicationSpec proto.InternalMessageInfo func (m *ApplicationStatus) Reset() { *m = ApplicationStatus{} } func (*ApplicationStatus) ProtoMessage() {} func (*ApplicationStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{35} + return fileDescriptor_030104ce3b95bcac, []int{36} } func (m *ApplicationStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1052,7 +1080,7 @@ var xxx_messageInfo_ApplicationStatus proto.InternalMessageInfo func (m *ApplicationSummary) Reset() { *m = ApplicationSummary{} } func (*ApplicationSummary) ProtoMessage() {} func (*ApplicationSummary) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{36} + return fileDescriptor_030104ce3b95bcac, []int{37} } func (m *ApplicationSummary) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1080,7 +1108,7 @@ var xxx_messageInfo_ApplicationSummary proto.InternalMessageInfo func (m *ApplicationTree) Reset() { *m = ApplicationTree{} } func (*ApplicationTree) ProtoMessage() {} func (*ApplicationTree) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{37} + return fileDescriptor_030104ce3b95bcac, []int{38} } func (m *ApplicationTree) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1108,7 +1136,7 @@ var xxx_messageInfo_ApplicationTree proto.InternalMessageInfo func (m *ApplicationWatchEvent) Reset() { *m = ApplicationWatchEvent{} } func (*ApplicationWatchEvent) ProtoMessage() {} func (*ApplicationWatchEvent) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{38} + return fileDescriptor_030104ce3b95bcac, []int{39} } func (m *ApplicationWatchEvent) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1136,7 +1164,7 @@ var xxx_messageInfo_ApplicationWatchEvent proto.InternalMessageInfo func (m *Backoff) Reset() { *m = Backoff{} } func (*Backoff) ProtoMessage() {} func (*Backoff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{39} + return fileDescriptor_030104ce3b95bcac, []int{40} } func (m *Backoff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1164,7 +1192,7 @@ var xxx_messageInfo_Backoff proto.InternalMessageInfo func (m *BasicAuthBitbucketServer) Reset() { *m = BasicAuthBitbucketServer{} } func (*BasicAuthBitbucketServer) ProtoMessage() {} func (*BasicAuthBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{40} + return fileDescriptor_030104ce3b95bcac, []int{41} } func (m *BasicAuthBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1192,7 +1220,7 @@ var xxx_messageInfo_BasicAuthBitbucketServer proto.InternalMessageInfo func (m *BearerTokenBitbucketCloud) Reset() { *m = BearerTokenBitbucketCloud{} } func (*BearerTokenBitbucketCloud) ProtoMessage() {} func (*BearerTokenBitbucketCloud) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{41} + return fileDescriptor_030104ce3b95bcac, []int{42} } func (m *BearerTokenBitbucketCloud) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1220,7 +1248,7 @@ var xxx_messageInfo_BearerTokenBitbucketCloud proto.InternalMessageInfo func (m *ChartDetails) Reset() { *m = ChartDetails{} } func (*ChartDetails) ProtoMessage() {} func (*ChartDetails) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{42} + return fileDescriptor_030104ce3b95bcac, []int{43} } func (m *ChartDetails) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1248,7 +1276,7 @@ var xxx_messageInfo_ChartDetails proto.InternalMessageInfo func (m *Cluster) Reset() { *m = Cluster{} } func (*Cluster) ProtoMessage() {} func (*Cluster) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{43} + return fileDescriptor_030104ce3b95bcac, []int{44} } func (m *Cluster) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1276,7 +1304,7 @@ var xxx_messageInfo_Cluster proto.InternalMessageInfo func (m *ClusterCacheInfo) Reset() { *m = ClusterCacheInfo{} } func (*ClusterCacheInfo) ProtoMessage() {} func (*ClusterCacheInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{44} + return fileDescriptor_030104ce3b95bcac, []int{45} } func (m *ClusterCacheInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1304,7 +1332,7 @@ var xxx_messageInfo_ClusterCacheInfo proto.InternalMessageInfo func (m *ClusterConfig) Reset() { *m = ClusterConfig{} } func (*ClusterConfig) ProtoMessage() {} func (*ClusterConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{45} + return fileDescriptor_030104ce3b95bcac, []int{46} } func (m *ClusterConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1332,7 +1360,7 @@ var xxx_messageInfo_ClusterConfig proto.InternalMessageInfo func (m *ClusterGenerator) Reset() { *m = ClusterGenerator{} } func (*ClusterGenerator) ProtoMessage() {} func (*ClusterGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{46} + return fileDescriptor_030104ce3b95bcac, []int{47} } func (m *ClusterGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1360,7 +1388,7 @@ var xxx_messageInfo_ClusterGenerator proto.InternalMessageInfo func (m *ClusterInfo) Reset() { *m = ClusterInfo{} } func (*ClusterInfo) ProtoMessage() {} func (*ClusterInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{47} + return fileDescriptor_030104ce3b95bcac, []int{48} } func (m *ClusterInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1388,7 +1416,7 @@ var xxx_messageInfo_ClusterInfo proto.InternalMessageInfo func (m *ClusterList) Reset() { *m = ClusterList{} } func (*ClusterList) ProtoMessage() {} func (*ClusterList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{48} + return fileDescriptor_030104ce3b95bcac, []int{49} } func (m *ClusterList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1416,7 +1444,7 @@ var xxx_messageInfo_ClusterList proto.InternalMessageInfo func (m *Command) Reset() { *m = Command{} } func (*Command) ProtoMessage() {} func (*Command) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{49} + return fileDescriptor_030104ce3b95bcac, []int{50} } func (m *Command) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1444,7 +1472,7 @@ var xxx_messageInfo_Command proto.InternalMessageInfo func (m *ComparedTo) Reset() { *m = ComparedTo{} } func (*ComparedTo) ProtoMessage() {} func (*ComparedTo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{50} + return fileDescriptor_030104ce3b95bcac, []int{51} } func (m *ComparedTo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1472,7 +1500,7 @@ var xxx_messageInfo_ComparedTo proto.InternalMessageInfo func (m *ComponentParameter) Reset() { *m = ComponentParameter{} } func (*ComponentParameter) ProtoMessage() {} func (*ComponentParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{51} + return fileDescriptor_030104ce3b95bcac, []int{52} } func (m *ComponentParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1500,7 +1528,7 @@ var xxx_messageInfo_ComponentParameter proto.InternalMessageInfo func (m *ConfigManagementPlugin) Reset() { *m = ConfigManagementPlugin{} } func (*ConfigManagementPlugin) ProtoMessage() {} func (*ConfigManagementPlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{52} + return fileDescriptor_030104ce3b95bcac, []int{53} } func (m *ConfigManagementPlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1528,7 +1556,7 @@ var xxx_messageInfo_ConfigManagementPlugin proto.InternalMessageInfo func (m *ConnectionState) Reset() { *m = ConnectionState{} } func (*ConnectionState) ProtoMessage() {} func (*ConnectionState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{53} + return fileDescriptor_030104ce3b95bcac, []int{54} } func (m *ConnectionState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1556,7 +1584,7 @@ var xxx_messageInfo_ConnectionState proto.InternalMessageInfo func (m *DuckTypeGenerator) Reset() { *m = DuckTypeGenerator{} } func (*DuckTypeGenerator) ProtoMessage() {} func (*DuckTypeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{54} + return fileDescriptor_030104ce3b95bcac, []int{55} } func (m *DuckTypeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1584,7 +1612,7 @@ var xxx_messageInfo_DuckTypeGenerator proto.InternalMessageInfo func (m *EnvEntry) Reset() { *m = EnvEntry{} } func (*EnvEntry) ProtoMessage() {} func (*EnvEntry) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{55} + return fileDescriptor_030104ce3b95bcac, []int{56} } func (m *EnvEntry) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1612,7 +1640,7 @@ var xxx_messageInfo_EnvEntry proto.InternalMessageInfo func (m *ErrApplicationNotAllowedToUseProject) Reset() { *m = ErrApplicationNotAllowedToUseProject{} } func (*ErrApplicationNotAllowedToUseProject) ProtoMessage() {} func (*ErrApplicationNotAllowedToUseProject) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{56} + return fileDescriptor_030104ce3b95bcac, []int{57} } func (m *ErrApplicationNotAllowedToUseProject) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1640,7 +1668,7 @@ var xxx_messageInfo_ErrApplicationNotAllowedToUseProject proto.InternalMessageIn func (m *ExecProviderConfig) Reset() { *m = ExecProviderConfig{} } func (*ExecProviderConfig) ProtoMessage() {} func (*ExecProviderConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{57} + return fileDescriptor_030104ce3b95bcac, []int{58} } func (m *ExecProviderConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1668,7 +1696,7 @@ var xxx_messageInfo_ExecProviderConfig proto.InternalMessageInfo func (m *GitDirectoryGeneratorItem) Reset() { *m = GitDirectoryGeneratorItem{} } func (*GitDirectoryGeneratorItem) ProtoMessage() {} func (*GitDirectoryGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{58} + return fileDescriptor_030104ce3b95bcac, []int{59} } func (m *GitDirectoryGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1696,7 +1724,7 @@ var xxx_messageInfo_GitDirectoryGeneratorItem proto.InternalMessageInfo func (m *GitFileGeneratorItem) Reset() { *m = GitFileGeneratorItem{} } func (*GitFileGeneratorItem) ProtoMessage() {} func (*GitFileGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{59} + return fileDescriptor_030104ce3b95bcac, []int{60} } func (m *GitFileGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1724,7 +1752,7 @@ var xxx_messageInfo_GitFileGeneratorItem proto.InternalMessageInfo func (m *GitGenerator) Reset() { *m = GitGenerator{} } func (*GitGenerator) ProtoMessage() {} func (*GitGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{60} + return fileDescriptor_030104ce3b95bcac, []int{61} } func (m *GitGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1752,7 +1780,7 @@ var xxx_messageInfo_GitGenerator proto.InternalMessageInfo func (m *GnuPGPublicKey) Reset() { *m = GnuPGPublicKey{} } func (*GnuPGPublicKey) ProtoMessage() {} func (*GnuPGPublicKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{61} + return fileDescriptor_030104ce3b95bcac, []int{62} } func (m *GnuPGPublicKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1780,7 +1808,7 @@ var xxx_messageInfo_GnuPGPublicKey proto.InternalMessageInfo func (m *GnuPGPublicKeyList) Reset() { *m = GnuPGPublicKeyList{} } func (*GnuPGPublicKeyList) ProtoMessage() {} func (*GnuPGPublicKeyList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{62} + return fileDescriptor_030104ce3b95bcac, []int{63} } func (m *GnuPGPublicKeyList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1808,7 +1836,7 @@ var xxx_messageInfo_GnuPGPublicKeyList proto.InternalMessageInfo func (m *HealthStatus) Reset() { *m = HealthStatus{} } func (*HealthStatus) ProtoMessage() {} func (*HealthStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{63} + return fileDescriptor_030104ce3b95bcac, []int{64} } func (m *HealthStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1836,7 +1864,7 @@ var xxx_messageInfo_HealthStatus proto.InternalMessageInfo func (m *HelmFileParameter) Reset() { *m = HelmFileParameter{} } func (*HelmFileParameter) ProtoMessage() {} func (*HelmFileParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{64} + return fileDescriptor_030104ce3b95bcac, []int{65} } func (m *HelmFileParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1864,7 +1892,7 @@ var xxx_messageInfo_HelmFileParameter proto.InternalMessageInfo func (m *HelmOptions) Reset() { *m = HelmOptions{} } func (*HelmOptions) ProtoMessage() {} func (*HelmOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{65} + return fileDescriptor_030104ce3b95bcac, []int{66} } func (m *HelmOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1892,7 +1920,7 @@ var xxx_messageInfo_HelmOptions proto.InternalMessageInfo func (m *HelmParameter) Reset() { *m = HelmParameter{} } func (*HelmParameter) ProtoMessage() {} func (*HelmParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{66} + return fileDescriptor_030104ce3b95bcac, []int{67} } func (m *HelmParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1920,7 +1948,7 @@ var xxx_messageInfo_HelmParameter proto.InternalMessageInfo func (m *HostInfo) Reset() { *m = HostInfo{} } func (*HostInfo) ProtoMessage() {} func (*HostInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{67} + return fileDescriptor_030104ce3b95bcac, []int{68} } func (m *HostInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1948,7 +1976,7 @@ var xxx_messageInfo_HostInfo proto.InternalMessageInfo func (m *HostResourceInfo) Reset() { *m = HostResourceInfo{} } func (*HostResourceInfo) ProtoMessage() {} func (*HostResourceInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{68} + return fileDescriptor_030104ce3b95bcac, []int{69} } func (m *HostResourceInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1976,7 +2004,7 @@ var xxx_messageInfo_HostResourceInfo proto.InternalMessageInfo func (m *Info) Reset() { *m = Info{} } func (*Info) ProtoMessage() {} func (*Info) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{69} + return fileDescriptor_030104ce3b95bcac, []int{70} } func (m *Info) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2004,7 +2032,7 @@ var xxx_messageInfo_Info proto.InternalMessageInfo func (m *InfoItem) Reset() { *m = InfoItem{} } func (*InfoItem) ProtoMessage() {} func (*InfoItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{70} + return fileDescriptor_030104ce3b95bcac, []int{71} } func (m *InfoItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2032,7 +2060,7 @@ var xxx_messageInfo_InfoItem proto.InternalMessageInfo func (m *JWTToken) Reset() { *m = JWTToken{} } func (*JWTToken) ProtoMessage() {} func (*JWTToken) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{71} + return fileDescriptor_030104ce3b95bcac, []int{72} } func (m *JWTToken) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2060,7 +2088,7 @@ var xxx_messageInfo_JWTToken proto.InternalMessageInfo func (m *JWTTokens) Reset() { *m = JWTTokens{} } func (*JWTTokens) ProtoMessage() {} func (*JWTTokens) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{72} + return fileDescriptor_030104ce3b95bcac, []int{73} } func (m *JWTTokens) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2088,7 +2116,7 @@ var xxx_messageInfo_JWTTokens proto.InternalMessageInfo func (m *JsonnetVar) Reset() { *m = JsonnetVar{} } func (*JsonnetVar) ProtoMessage() {} func (*JsonnetVar) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{73} + return fileDescriptor_030104ce3b95bcac, []int{74} } func (m *JsonnetVar) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2116,7 +2144,7 @@ var xxx_messageInfo_JsonnetVar proto.InternalMessageInfo func (m *KnownTypeField) Reset() { *m = KnownTypeField{} } func (*KnownTypeField) ProtoMessage() {} func (*KnownTypeField) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{74} + return fileDescriptor_030104ce3b95bcac, []int{75} } func (m *KnownTypeField) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2144,7 +2172,7 @@ var xxx_messageInfo_KnownTypeField proto.InternalMessageInfo func (m *KustomizeGvk) Reset() { *m = KustomizeGvk{} } func (*KustomizeGvk) ProtoMessage() {} func (*KustomizeGvk) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{75} + return fileDescriptor_030104ce3b95bcac, []int{76} } func (m *KustomizeGvk) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2172,7 +2200,7 @@ var xxx_messageInfo_KustomizeGvk proto.InternalMessageInfo func (m *KustomizeOptions) Reset() { *m = KustomizeOptions{} } func (*KustomizeOptions) ProtoMessage() {} func (*KustomizeOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{76} + return fileDescriptor_030104ce3b95bcac, []int{77} } func (m *KustomizeOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2200,7 +2228,7 @@ var xxx_messageInfo_KustomizeOptions proto.InternalMessageInfo func (m *KustomizePatch) Reset() { *m = KustomizePatch{} } func (*KustomizePatch) ProtoMessage() {} func (*KustomizePatch) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{77} + return fileDescriptor_030104ce3b95bcac, []int{78} } func (m *KustomizePatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2228,7 +2256,7 @@ var xxx_messageInfo_KustomizePatch proto.InternalMessageInfo func (m *KustomizeReplica) Reset() { *m = KustomizeReplica{} } func (*KustomizeReplica) ProtoMessage() {} func (*KustomizeReplica) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{78} + return fileDescriptor_030104ce3b95bcac, []int{79} } func (m *KustomizeReplica) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2256,7 +2284,7 @@ var xxx_messageInfo_KustomizeReplica proto.InternalMessageInfo func (m *KustomizeResId) Reset() { *m = KustomizeResId{} } func (*KustomizeResId) ProtoMessage() {} func (*KustomizeResId) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{79} + return fileDescriptor_030104ce3b95bcac, []int{80} } func (m *KustomizeResId) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2284,7 +2312,7 @@ var xxx_messageInfo_KustomizeResId proto.InternalMessageInfo func (m *KustomizeSelector) Reset() { *m = KustomizeSelector{} } func (*KustomizeSelector) ProtoMessage() {} func (*KustomizeSelector) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{80} + return fileDescriptor_030104ce3b95bcac, []int{81} } func (m *KustomizeSelector) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2312,7 +2340,7 @@ var xxx_messageInfo_KustomizeSelector proto.InternalMessageInfo func (m *ListGenerator) Reset() { *m = ListGenerator{} } func (*ListGenerator) ProtoMessage() {} func (*ListGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{81} + return fileDescriptor_030104ce3b95bcac, []int{82} } func (m *ListGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2340,7 +2368,7 @@ var xxx_messageInfo_ListGenerator proto.InternalMessageInfo func (m *ManagedNamespaceMetadata) Reset() { *m = ManagedNamespaceMetadata{} } func (*ManagedNamespaceMetadata) ProtoMessage() {} func (*ManagedNamespaceMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{82} + return fileDescriptor_030104ce3b95bcac, []int{83} } func (m *ManagedNamespaceMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2368,7 +2396,7 @@ var xxx_messageInfo_ManagedNamespaceMetadata proto.InternalMessageInfo func (m *MatrixGenerator) Reset() { *m = MatrixGenerator{} } func (*MatrixGenerator) ProtoMessage() {} func (*MatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{83} + return fileDescriptor_030104ce3b95bcac, []int{84} } func (m *MatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2396,7 +2424,7 @@ var xxx_messageInfo_MatrixGenerator proto.InternalMessageInfo func (m *MergeGenerator) Reset() { *m = MergeGenerator{} } func (*MergeGenerator) ProtoMessage() {} func (*MergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{84} + return fileDescriptor_030104ce3b95bcac, []int{85} } func (m *MergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2424,7 +2452,7 @@ var xxx_messageInfo_MergeGenerator proto.InternalMessageInfo func (m *NestedMatrixGenerator) Reset() { *m = NestedMatrixGenerator{} } func (*NestedMatrixGenerator) ProtoMessage() {} func (*NestedMatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{85} + return fileDescriptor_030104ce3b95bcac, []int{86} } func (m *NestedMatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2452,7 +2480,7 @@ var xxx_messageInfo_NestedMatrixGenerator proto.InternalMessageInfo func (m *NestedMergeGenerator) Reset() { *m = NestedMergeGenerator{} } func (*NestedMergeGenerator) ProtoMessage() {} func (*NestedMergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{86} + return fileDescriptor_030104ce3b95bcac, []int{87} } func (m *NestedMergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2480,7 +2508,7 @@ var xxx_messageInfo_NestedMergeGenerator proto.InternalMessageInfo func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} func (*Operation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{87} + return fileDescriptor_030104ce3b95bcac, []int{88} } func (m *Operation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2508,7 +2536,7 @@ var xxx_messageInfo_Operation proto.InternalMessageInfo func (m *OperationInitiator) Reset() { *m = OperationInitiator{} } func (*OperationInitiator) ProtoMessage() {} func (*OperationInitiator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{88} + return fileDescriptor_030104ce3b95bcac, []int{89} } func (m *OperationInitiator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2536,7 +2564,7 @@ var xxx_messageInfo_OperationInitiator proto.InternalMessageInfo func (m *OperationState) Reset() { *m = OperationState{} } func (*OperationState) ProtoMessage() {} func (*OperationState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{89} + return fileDescriptor_030104ce3b95bcac, []int{90} } func (m *OperationState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2564,7 +2592,7 @@ var xxx_messageInfo_OperationState proto.InternalMessageInfo func (m *OptionalArray) Reset() { *m = OptionalArray{} } func (*OptionalArray) ProtoMessage() {} func (*OptionalArray) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{90} + return fileDescriptor_030104ce3b95bcac, []int{91} } func (m *OptionalArray) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2592,7 +2620,7 @@ var xxx_messageInfo_OptionalArray proto.InternalMessageInfo func (m *OptionalMap) Reset() { *m = OptionalMap{} } func (*OptionalMap) ProtoMessage() {} func (*OptionalMap) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{91} + return fileDescriptor_030104ce3b95bcac, []int{92} } func (m *OptionalMap) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2620,7 +2648,7 @@ var xxx_messageInfo_OptionalMap proto.InternalMessageInfo func (m *OrphanedResourceKey) Reset() { *m = OrphanedResourceKey{} } func (*OrphanedResourceKey) ProtoMessage() {} func (*OrphanedResourceKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{92} + return fileDescriptor_030104ce3b95bcac, []int{93} } func (m *OrphanedResourceKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2648,7 +2676,7 @@ var xxx_messageInfo_OrphanedResourceKey proto.InternalMessageInfo func (m *OrphanedResourcesMonitorSettings) Reset() { *m = OrphanedResourcesMonitorSettings{} } func (*OrphanedResourcesMonitorSettings) ProtoMessage() {} func (*OrphanedResourcesMonitorSettings) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{93} + return fileDescriptor_030104ce3b95bcac, []int{94} } func (m *OrphanedResourcesMonitorSettings) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2676,7 +2704,7 @@ var xxx_messageInfo_OrphanedResourcesMonitorSettings proto.InternalMessageInfo func (m *OverrideIgnoreDiff) Reset() { *m = OverrideIgnoreDiff{} } func (*OverrideIgnoreDiff) ProtoMessage() {} func (*OverrideIgnoreDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{94} + return fileDescriptor_030104ce3b95bcac, []int{95} } func (m *OverrideIgnoreDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2704,7 +2732,7 @@ var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo func (m *PluginConfigMapRef) Reset() { *m = PluginConfigMapRef{} } func (*PluginConfigMapRef) ProtoMessage() {} func (*PluginConfigMapRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{95} + return fileDescriptor_030104ce3b95bcac, []int{96} } func (m *PluginConfigMapRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2732,7 +2760,7 @@ var xxx_messageInfo_PluginConfigMapRef proto.InternalMessageInfo func (m *PluginGenerator) Reset() { *m = PluginGenerator{} } func (*PluginGenerator) ProtoMessage() {} func (*PluginGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{96} + return fileDescriptor_030104ce3b95bcac, []int{97} } func (m *PluginGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2760,7 +2788,7 @@ var xxx_messageInfo_PluginGenerator proto.InternalMessageInfo func (m *PluginInput) Reset() { *m = PluginInput{} } func (*PluginInput) ProtoMessage() {} func (*PluginInput) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{97} + return fileDescriptor_030104ce3b95bcac, []int{98} } func (m *PluginInput) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2788,7 +2816,7 @@ var xxx_messageInfo_PluginInput proto.InternalMessageInfo func (m *ProjectRole) Reset() { *m = ProjectRole{} } func (*ProjectRole) ProtoMessage() {} func (*ProjectRole) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{98} + return fileDescriptor_030104ce3b95bcac, []int{99} } func (m *ProjectRole) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2816,7 +2844,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo func (m *PullRequestGenerator) Reset() { *m = PullRequestGenerator{} } func (*PullRequestGenerator) ProtoMessage() {} func (*PullRequestGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{99} + return fileDescriptor_030104ce3b95bcac, []int{100} } func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2844,7 +2872,7 @@ var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo func (m *PullRequestGeneratorAzureDevOps) Reset() { *m = PullRequestGeneratorAzureDevOps{} } func (*PullRequestGeneratorAzureDevOps) ProtoMessage() {} func (*PullRequestGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{100} + return fileDescriptor_030104ce3b95bcac, []int{101} } func (m *PullRequestGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2872,7 +2900,7 @@ var xxx_messageInfo_PullRequestGeneratorAzureDevOps proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucket) Reset() { *m = PullRequestGeneratorBitbucket{} } func (*PullRequestGeneratorBitbucket) ProtoMessage() {} func (*PullRequestGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{101} + return fileDescriptor_030104ce3b95bcac, []int{102} } func (m *PullRequestGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2900,7 +2928,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucket proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucketServer) Reset() { *m = PullRequestGeneratorBitbucketServer{} } func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {} func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{102} + return fileDescriptor_030104ce3b95bcac, []int{103} } func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2928,7 +2956,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf func (m *PullRequestGeneratorFilter) Reset() { *m = PullRequestGeneratorFilter{} } func (*PullRequestGeneratorFilter) ProtoMessage() {} func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{103} + return fileDescriptor_030104ce3b95bcac, []int{104} } func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2956,7 +2984,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo func (m *PullRequestGeneratorGitLab) Reset() { *m = PullRequestGeneratorGitLab{} } func (*PullRequestGeneratorGitLab) ProtoMessage() {} func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{104} + return fileDescriptor_030104ce3b95bcac, []int{105} } func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2984,7 +3012,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo func (m *PullRequestGeneratorGitea) Reset() { *m = PullRequestGeneratorGitea{} } func (*PullRequestGeneratorGitea) ProtoMessage() {} func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{105} + return fileDescriptor_030104ce3b95bcac, []int{106} } func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3012,7 +3040,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo func (m *PullRequestGeneratorGithub) Reset() { *m = PullRequestGeneratorGithub{} } func (*PullRequestGeneratorGithub) ProtoMessage() {} func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{106} + return fileDescriptor_030104ce3b95bcac, []int{107} } func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3040,7 +3068,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo func (m *RefTarget) Reset() { *m = RefTarget{} } func (*RefTarget) ProtoMessage() {} func (*RefTarget) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{107} + return fileDescriptor_030104ce3b95bcac, []int{108} } func (m *RefTarget) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3068,7 +3096,7 @@ var xxx_messageInfo_RefTarget proto.InternalMessageInfo func (m *RepoCreds) Reset() { *m = RepoCreds{} } func (*RepoCreds) ProtoMessage() {} func (*RepoCreds) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{108} + return fileDescriptor_030104ce3b95bcac, []int{109} } func (m *RepoCreds) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3096,7 +3124,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo func (m *RepoCredsList) Reset() { *m = RepoCredsList{} } func (*RepoCredsList) ProtoMessage() {} func (*RepoCredsList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{109} + return fileDescriptor_030104ce3b95bcac, []int{110} } func (m *RepoCredsList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3124,7 +3152,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} func (*Repository) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{110} + return fileDescriptor_030104ce3b95bcac, []int{111} } func (m *Repository) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3152,7 +3180,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo func (m *RepositoryCertificate) Reset() { *m = RepositoryCertificate{} } func (*RepositoryCertificate) ProtoMessage() {} func (*RepositoryCertificate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{111} + return fileDescriptor_030104ce3b95bcac, []int{112} } func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3180,7 +3208,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo func (m *RepositoryCertificateList) Reset() { *m = RepositoryCertificateList{} } func (*RepositoryCertificateList) ProtoMessage() {} func (*RepositoryCertificateList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{112} + return fileDescriptor_030104ce3b95bcac, []int{113} } func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3208,7 +3236,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} func (*RepositoryList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{113} + return fileDescriptor_030104ce3b95bcac, []int{114} } func (m *RepositoryList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3236,7 +3264,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo func (m *ResourceAction) Reset() { *m = ResourceAction{} } func (*ResourceAction) ProtoMessage() {} func (*ResourceAction) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{114} + return fileDescriptor_030104ce3b95bcac, []int{115} } func (m *ResourceAction) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3264,7 +3292,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo func (m *ResourceActionDefinition) Reset() { *m = ResourceActionDefinition{} } func (*ResourceActionDefinition) ProtoMessage() {} func (*ResourceActionDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{115} + return fileDescriptor_030104ce3b95bcac, []int{116} } func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3292,7 +3320,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo func (m *ResourceActionParam) Reset() { *m = ResourceActionParam{} } func (*ResourceActionParam) ProtoMessage() {} func (*ResourceActionParam) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{116} + return fileDescriptor_030104ce3b95bcac, []int{117} } func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3320,7 +3348,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo func (m *ResourceActions) Reset() { *m = ResourceActions{} } func (*ResourceActions) ProtoMessage() {} func (*ResourceActions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{117} + return fileDescriptor_030104ce3b95bcac, []int{118} } func (m *ResourceActions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3348,7 +3376,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo func (m *ResourceDiff) Reset() { *m = ResourceDiff{} } func (*ResourceDiff) ProtoMessage() {} func (*ResourceDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{118} + return fileDescriptor_030104ce3b95bcac, []int{119} } func (m *ResourceDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3376,7 +3404,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo func (m *ResourceIgnoreDifferences) Reset() { *m = ResourceIgnoreDifferences{} } func (*ResourceIgnoreDifferences) ProtoMessage() {} func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{119} + return fileDescriptor_030104ce3b95bcac, []int{120} } func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3404,7 +3432,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo func (m *ResourceNetworkingInfo) Reset() { *m = ResourceNetworkingInfo{} } func (*ResourceNetworkingInfo) ProtoMessage() {} func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{120} + return fileDescriptor_030104ce3b95bcac, []int{121} } func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3432,7 +3460,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} func (*ResourceNode) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{121} + return fileDescriptor_030104ce3b95bcac, []int{122} } func (m *ResourceNode) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3460,7 +3488,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo func (m *ResourceOverride) Reset() { *m = ResourceOverride{} } func (*ResourceOverride) ProtoMessage() {} func (*ResourceOverride) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{122} + return fileDescriptor_030104ce3b95bcac, []int{123} } func (m *ResourceOverride) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3488,7 +3516,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo func (m *ResourceRef) Reset() { *m = ResourceRef{} } func (*ResourceRef) ProtoMessage() {} func (*ResourceRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{123} + return fileDescriptor_030104ce3b95bcac, []int{124} } func (m *ResourceRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3516,7 +3544,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo func (m *ResourceResult) Reset() { *m = ResourceResult{} } func (*ResourceResult) ProtoMessage() {} func (*ResourceResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{124} + return fileDescriptor_030104ce3b95bcac, []int{125} } func (m *ResourceResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3544,7 +3572,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo func (m *ResourceStatus) Reset() { *m = ResourceStatus{} } func (*ResourceStatus) ProtoMessage() {} func (*ResourceStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{125} + return fileDescriptor_030104ce3b95bcac, []int{126} } func (m *ResourceStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3572,7 +3600,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo func (m *RetryStrategy) Reset() { *m = RetryStrategy{} } func (*RetryStrategy) ProtoMessage() {} func (*RetryStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{126} + return fileDescriptor_030104ce3b95bcac, []int{127} } func (m *RetryStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3600,7 +3628,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo func (m *RevisionHistory) Reset() { *m = RevisionHistory{} } func (*RevisionHistory) ProtoMessage() {} func (*RevisionHistory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{127} + return fileDescriptor_030104ce3b95bcac, []int{128} } func (m *RevisionHistory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3628,7 +3656,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo func (m *RevisionMetadata) Reset() { *m = RevisionMetadata{} } func (*RevisionMetadata) ProtoMessage() {} func (*RevisionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{128} + return fileDescriptor_030104ce3b95bcac, []int{129} } func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3656,7 +3684,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo func (m *SCMProviderGenerator) Reset() { *m = SCMProviderGenerator{} } func (*SCMProviderGenerator) ProtoMessage() {} func (*SCMProviderGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{129} + return fileDescriptor_030104ce3b95bcac, []int{130} } func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3684,7 +3712,7 @@ var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo func (m *SCMProviderGeneratorAWSCodeCommit) Reset() { *m = SCMProviderGeneratorAWSCodeCommit{} } func (*SCMProviderGeneratorAWSCodeCommit) ProtoMessage() {} func (*SCMProviderGeneratorAWSCodeCommit) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{130} + return fileDescriptor_030104ce3b95bcac, []int{131} } func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3712,7 +3740,7 @@ var xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit proto.InternalMessageInfo func (m *SCMProviderGeneratorAzureDevOps) Reset() { *m = SCMProviderGeneratorAzureDevOps{} } func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {} func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{131} + return fileDescriptor_030104ce3b95bcac, []int{132} } func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3740,7 +3768,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucket) Reset() { *m = SCMProviderGeneratorBitbucket{} } func (*SCMProviderGeneratorBitbucket) ProtoMessage() {} func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{132} + return fileDescriptor_030104ce3b95bcac, []int{133} } func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3768,7 +3796,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucketServer) Reset() { *m = SCMProviderGeneratorBitbucketServer{} } func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {} func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{133} + return fileDescriptor_030104ce3b95bcac, []int{134} } func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3796,7 +3824,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf func (m *SCMProviderGeneratorFilter) Reset() { *m = SCMProviderGeneratorFilter{} } func (*SCMProviderGeneratorFilter) ProtoMessage() {} func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{134} + return fileDescriptor_030104ce3b95bcac, []int{135} } func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3824,7 +3852,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo func (m *SCMProviderGeneratorGitea) Reset() { *m = SCMProviderGeneratorGitea{} } func (*SCMProviderGeneratorGitea) ProtoMessage() {} func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{135} + return fileDescriptor_030104ce3b95bcac, []int{136} } func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3852,7 +3880,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo func (m *SCMProviderGeneratorGithub) Reset() { *m = SCMProviderGeneratorGithub{} } func (*SCMProviderGeneratorGithub) ProtoMessage() {} func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{136} + return fileDescriptor_030104ce3b95bcac, []int{137} } func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3880,7 +3908,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo func (m *SCMProviderGeneratorGitlab) Reset() { *m = SCMProviderGeneratorGitlab{} } func (*SCMProviderGeneratorGitlab) ProtoMessage() {} func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{137} + return fileDescriptor_030104ce3b95bcac, []int{138} } func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3908,7 +3936,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo func (m *SecretRef) Reset() { *m = SecretRef{} } func (*SecretRef) ProtoMessage() {} func (*SecretRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{138} + return fileDescriptor_030104ce3b95bcac, []int{139} } func (m *SecretRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3936,7 +3964,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo func (m *SignatureKey) Reset() { *m = SignatureKey{} } func (*SignatureKey) ProtoMessage() {} func (*SignatureKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{139} + return fileDescriptor_030104ce3b95bcac, []int{140} } func (m *SignatureKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3964,7 +3992,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} func (*SyncOperation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{140} + return fileDescriptor_030104ce3b95bcac, []int{141} } func (m *SyncOperation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3992,7 +4020,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo func (m *SyncOperationResource) Reset() { *m = SyncOperationResource{} } func (*SyncOperationResource) ProtoMessage() {} func (*SyncOperationResource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{141} + return fileDescriptor_030104ce3b95bcac, []int{142} } func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4020,7 +4048,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} func (*SyncOperationResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{142} + return fileDescriptor_030104ce3b95bcac, []int{143} } func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4048,7 +4076,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo func (m *SyncPolicy) Reset() { *m = SyncPolicy{} } func (*SyncPolicy) ProtoMessage() {} func (*SyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{143} + return fileDescriptor_030104ce3b95bcac, []int{144} } func (m *SyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4076,7 +4104,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo func (m *SyncPolicyAutomated) Reset() { *m = SyncPolicyAutomated{} } func (*SyncPolicyAutomated) ProtoMessage() {} func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{144} + return fileDescriptor_030104ce3b95bcac, []int{145} } func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4104,7 +4132,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo func (m *SyncStatus) Reset() { *m = SyncStatus{} } func (*SyncStatus) ProtoMessage() {} func (*SyncStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{145} + return fileDescriptor_030104ce3b95bcac, []int{146} } func (m *SyncStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4132,7 +4160,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} func (*SyncStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{146} + return fileDescriptor_030104ce3b95bcac, []int{147} } func (m *SyncStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4160,7 +4188,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} func (*SyncStrategyApply) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{147} + return fileDescriptor_030104ce3b95bcac, []int{148} } func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4188,7 +4216,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} func (*SyncStrategyHook) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{148} + return fileDescriptor_030104ce3b95bcac, []int{149} } func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4216,7 +4244,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo func (m *SyncWindow) Reset() { *m = SyncWindow{} } func (*SyncWindow) ProtoMessage() {} func (*SyncWindow) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{149} + return fileDescriptor_030104ce3b95bcac, []int{150} } func (m *SyncWindow) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4244,7 +4272,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} func (*TLSClientConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{150} + return fileDescriptor_030104ce3b95bcac, []int{151} } func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4272,7 +4300,7 @@ var xxx_messageInfo_TLSClientConfig proto.InternalMessageInfo func (m *TagFilter) Reset() { *m = TagFilter{} } func (*TagFilter) ProtoMessage() {} func (*TagFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{151} + return fileDescriptor_030104ce3b95bcac, []int{152} } func (m *TagFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4328,6 +4356,7 @@ func init() { proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTemplateMeta.AnnotationsEntry") proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTemplateMeta.LabelsEntry") proto.RegisterType((*ApplicationSetTerminalGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTerminalGenerator") + proto.RegisterType((*ApplicationSetTree)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTree") proto.RegisterType((*ApplicationSource)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSource") proto.RegisterType((*ApplicationSourceDirectory)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSourceDirectory") proto.RegisterType((*ApplicationSourceHelm)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSourceHelm") @@ -4477,698 +4506,700 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 11054 bytes of a gzipped FileDescriptorProto + // 11073 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0xc7, 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0xdc, 0x5d, 0xdf, 0x1d, 0x09, 0x9e, 0x48, 0xe2, 0x3c, 0xb4, 0x29, 0x2a, 0x22, 0x01, 0xf3, 0x44, 0xca, 0x8c, 0x68, 0x4b, 0xc6, 0x02, 0x77, 0x38, 0xdc, 0x01, 0x07, 0xb0, 0x81, 0xbb, 0x93, 0x28, 0x53, 0xd4, 0x60, 0xb7, 0xb1, 0x98, 0xc3, 0xec, - 0xcc, 0x70, 0x66, 0x16, 0x07, 0xd0, 0x92, 0x2c, 0x59, 0xb2, 0xad, 0x44, 0x1f, 0x54, 0xa4, 0xa4, + 0xcc, 0x70, 0x66, 0x16, 0x07, 0xd0, 0x92, 0x2c, 0x59, 0x92, 0xad, 0x44, 0x1f, 0x54, 0xa4, 0xa4, 0x4c, 0x27, 0x96, 0x22, 0x5b, 0x4e, 0x2a, 0xae, 0x44, 0x15, 0x27, 0xf9, 0x11, 0x27, 0x4e, 0xca, - 0x65, 0x3b, 0x95, 0x52, 0x4a, 0x49, 0xd9, 0xe5, 0x72, 0x59, 0x4e, 0x62, 0x23, 0xd2, 0xa5, 0x52, - 0x49, 0xa5, 0x2a, 0xae, 0x72, 0xe2, 0x1f, 0xc9, 0x25, 0x3f, 0x52, 0xfd, 0xdd, 0x33, 0x3b, 0x0b, - 0x2c, 0x80, 0xc1, 0xdd, 0x49, 0xe6, 0xbf, 0xdd, 0x7e, 0x6f, 0xde, 0xeb, 0xe9, 0xe9, 0x7e, 0xef, - 0xf5, 0xeb, 0xf7, 0x5e, 0xc3, 0x42, 0xcb, 0x4d, 0x36, 0x3a, 0x6b, 0x93, 0x8d, 0xa0, 0x3d, 0xe5, - 0x44, 0xad, 0x20, 0x8c, 0x82, 0x5b, 0xec, 0xc7, 0x33, 0x8d, 0xe6, 0xd4, 0xd6, 0x85, 0xa9, 0x70, - 0xb3, 0x35, 0xe5, 0x84, 0x6e, 0x3c, 0xe5, 0x84, 0xa1, 0xe7, 0x36, 0x9c, 0xc4, 0x0d, 0xfc, 0xa9, - 0xad, 0x67, 0x1d, 0x2f, 0xdc, 0x70, 0x9e, 0x9d, 0x6a, 0x11, 0x9f, 0x44, 0x4e, 0x42, 0x9a, 0x93, - 0x61, 0x14, 0x24, 0x01, 0xfa, 0x51, 0x4d, 0x6d, 0x52, 0x52, 0x63, 0x3f, 0x5e, 0x6d, 0x34, 0x27, - 0xb7, 0x2e, 0x4c, 0x86, 0x9b, 0xad, 0x49, 0x4a, 0x6d, 0xd2, 0xa0, 0x36, 0x29, 0xa9, 0x9d, 0x7b, - 0xc6, 0xe8, 0x4b, 0x2b, 0x68, 0x05, 0x53, 0x8c, 0xe8, 0x5a, 0x67, 0x9d, 0xfd, 0x63, 0x7f, 0xd8, - 0x2f, 0xce, 0xec, 0x9c, 0xbd, 0xf9, 0x42, 0x3c, 0xe9, 0x06, 0xb4, 0x7b, 0x53, 0x8d, 0x20, 0x22, - 0x53, 0x5b, 0x5d, 0x1d, 0x3a, 0x77, 0x59, 0xe3, 0x90, 0xed, 0x84, 0xf8, 0xb1, 0x1b, 0xf8, 0xf1, - 0x33, 0xb4, 0x0b, 0x24, 0xda, 0x22, 0x91, 0xf9, 0x7a, 0x06, 0x42, 0x1e, 0xa5, 0xe7, 0x34, 0xa5, - 0xb6, 0xd3, 0xd8, 0x70, 0x7d, 0x12, 0xed, 0xe8, 0xc7, 0xdb, 0x24, 0x71, 0xf2, 0x9e, 0x9a, 0xea, - 0xf5, 0x54, 0xd4, 0xf1, 0x13, 0xb7, 0x4d, 0xba, 0x1e, 0x78, 0xcf, 0x7e, 0x0f, 0xc4, 0x8d, 0x0d, - 0xd2, 0x76, 0xba, 0x9e, 0x7b, 0x77, 0xaf, 0xe7, 0x3a, 0x89, 0xeb, 0x4d, 0xb9, 0x7e, 0x12, 0x27, - 0x51, 0xf6, 0x21, 0xfb, 0x17, 0x2d, 0x18, 0x9d, 0xbe, 0xb9, 0x32, 0xdd, 0x49, 0x36, 0x66, 0x02, - 0x7f, 0xdd, 0x6d, 0xa1, 0xe7, 0x61, 0xb8, 0xe1, 0x75, 0xe2, 0x84, 0x44, 0xd7, 0x9c, 0x36, 0x19, - 0xb7, 0xce, 0x5b, 0x4f, 0xd5, 0xea, 0xa7, 0xbf, 0xb9, 0x3b, 0xf1, 0xb6, 0x3b, 0xbb, 0x13, 0xc3, - 0x33, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0x4e, 0x18, 0x8a, 0x02, 0x8f, 0x4c, 0xe3, 0x6b, 0xe3, 0x25, - 0xf6, 0xc8, 0x09, 0xf1, 0xc8, 0x10, 0xe6, 0xcd, 0x58, 0xc2, 0x29, 0x6a, 0x18, 0x05, 0xeb, 0xae, - 0x47, 0xc6, 0xcb, 0x69, 0xd4, 0x65, 0xde, 0x8c, 0x25, 0xdc, 0xfe, 0xc3, 0x12, 0xc0, 0x74, 0x18, - 0x2e, 0x47, 0xc1, 0x2d, 0xd2, 0x48, 0xd0, 0x47, 0xa0, 0x4a, 0x87, 0xb9, 0xe9, 0x24, 0x0e, 0xeb, - 0xd8, 0xf0, 0x85, 0x1f, 0x9e, 0xe4, 0x6f, 0x3d, 0x69, 0xbe, 0xb5, 0x9e, 0x64, 0x14, 0x7b, 0x72, - 0xeb, 0xd9, 0xc9, 0xa5, 0x35, 0xfa, 0xfc, 0x22, 0x49, 0x9c, 0x3a, 0x12, 0xcc, 0x40, 0xb7, 0x61, - 0x45, 0x15, 0xf9, 0x30, 0x10, 0x87, 0xa4, 0xc1, 0xde, 0x61, 0xf8, 0xc2, 0xc2, 0xe4, 0x51, 0x66, - 0xf3, 0xa4, 0xee, 0xf9, 0x4a, 0x48, 0x1a, 0xf5, 0x11, 0xc1, 0x79, 0x80, 0xfe, 0xc3, 0x8c, 0x0f, - 0xda, 0x82, 0xc1, 0x38, 0x71, 0x92, 0x4e, 0xcc, 0x86, 0x62, 0xf8, 0xc2, 0xb5, 0xc2, 0x38, 0x32, - 0xaa, 0xf5, 0x31, 0xc1, 0x73, 0x90, 0xff, 0xc7, 0x82, 0x9b, 0xfd, 0x27, 0x16, 0x8c, 0x69, 0xe4, - 0x05, 0x37, 0x4e, 0xd0, 0x4f, 0x74, 0x0d, 0xee, 0x64, 0x7f, 0x83, 0x4b, 0x9f, 0x66, 0x43, 0x7b, - 0x52, 0x30, 0xab, 0xca, 0x16, 0x63, 0x60, 0xdb, 0x50, 0x71, 0x13, 0xd2, 0x8e, 0xc7, 0x4b, 0xe7, - 0xcb, 0x4f, 0x0d, 0x5f, 0xb8, 0x5c, 0xd4, 0x7b, 0xd6, 0x47, 0x05, 0xd3, 0xca, 0x3c, 0x25, 0x8f, - 0x39, 0x17, 0xfb, 0x57, 0x47, 0xcc, 0xf7, 0xa3, 0x03, 0x8e, 0x9e, 0x85, 0xe1, 0x38, 0xe8, 0x44, - 0x0d, 0x82, 0x49, 0x18, 0xc4, 0xe3, 0xd6, 0xf9, 0x32, 0x9d, 0x7a, 0x74, 0x52, 0xaf, 0xe8, 0x66, - 0x6c, 0xe2, 0xa0, 0x2f, 0x58, 0x30, 0xd2, 0x24, 0x71, 0xe2, 0xfa, 0x8c, 0xbf, 0xec, 0xfc, 0xea, - 0x91, 0x3b, 0x2f, 0x1b, 0x67, 0x35, 0xf1, 0xfa, 0x19, 0xf1, 0x22, 0x23, 0x46, 0x63, 0x8c, 0x53, - 0xfc, 0xe9, 0xe2, 0x6c, 0x92, 0xb8, 0x11, 0xb9, 0x21, 0xfd, 0x2f, 0x96, 0x8f, 0x5a, 0x9c, 0xb3, - 0x1a, 0x84, 0x4d, 0x3c, 0xe4, 0x43, 0x85, 0x2e, 0xbe, 0x78, 0x7c, 0x80, 0xf5, 0x7f, 0xfe, 0x68, - 0xfd, 0x17, 0x83, 0x4a, 0xd7, 0xb5, 0x1e, 0x7d, 0xfa, 0x2f, 0xc6, 0x9c, 0x0d, 0xfa, 0xbc, 0x05, - 0xe3, 0x42, 0x38, 0x60, 0xc2, 0x07, 0xf4, 0xe6, 0x86, 0x9b, 0x10, 0xcf, 0x8d, 0x93, 0xf1, 0x0a, - 0xeb, 0xc3, 0x54, 0x7f, 0x73, 0x6b, 0x2e, 0x0a, 0x3a, 0xe1, 0x55, 0xd7, 0x6f, 0xd6, 0xcf, 0x0b, - 0x4e, 0xe3, 0x33, 0x3d, 0x08, 0xe3, 0x9e, 0x2c, 0xd1, 0x97, 0x2d, 0x38, 0xe7, 0x3b, 0x6d, 0x12, - 0x87, 0x0e, 0xfd, 0xb4, 0x1c, 0x5c, 0xf7, 0x9c, 0xc6, 0x26, 0xeb, 0xd1, 0xe0, 0xe1, 0x7a, 0x64, - 0x8b, 0x1e, 0x9d, 0xbb, 0xd6, 0x93, 0x34, 0xde, 0x83, 0x2d, 0xfa, 0xba, 0x05, 0xa7, 0x82, 0x28, - 0xdc, 0x70, 0x7c, 0xd2, 0x94, 0xd0, 0x78, 0x7c, 0x88, 0x2d, 0xbd, 0x0f, 0x1f, 0xed, 0x13, 0x2d, - 0x65, 0xc9, 0x2e, 0x06, 0xbe, 0x9b, 0x04, 0xd1, 0x0a, 0x49, 0x12, 0xd7, 0x6f, 0xc5, 0xf5, 0xb3, - 0x77, 0x76, 0x27, 0x4e, 0x75, 0x61, 0xe1, 0xee, 0xfe, 0xa0, 0x9f, 0x84, 0xe1, 0x78, 0xc7, 0x6f, - 0xdc, 0x74, 0xfd, 0x66, 0x70, 0x3b, 0x1e, 0xaf, 0x16, 0xb1, 0x7c, 0x57, 0x14, 0x41, 0xb1, 0x00, - 0x35, 0x03, 0x6c, 0x72, 0xcb, 0xff, 0x70, 0x7a, 0x2a, 0xd5, 0x8a, 0xfe, 0x70, 0x7a, 0x32, 0xed, - 0xc1, 0x16, 0xfd, 0x9c, 0x05, 0xa3, 0xb1, 0xdb, 0xf2, 0x9d, 0xa4, 0x13, 0x91, 0xab, 0x64, 0x27, - 0x1e, 0x07, 0xd6, 0x91, 0x2b, 0x47, 0x1c, 0x15, 0x83, 0x64, 0xfd, 0xac, 0xe8, 0xe3, 0xa8, 0xd9, - 0x1a, 0xe3, 0x34, 0xdf, 0xbc, 0x85, 0xa6, 0xa7, 0xf5, 0x70, 0xb1, 0x0b, 0x4d, 0x4f, 0xea, 0x9e, - 0x2c, 0xd1, 0x8f, 0xc3, 0x49, 0xde, 0xa4, 0x46, 0x36, 0x1e, 0x1f, 0x61, 0x82, 0xf6, 0xcc, 0x9d, - 0xdd, 0x89, 0x93, 0x2b, 0x19, 0x18, 0xee, 0xc2, 0x46, 0xaf, 0xc1, 0x44, 0x48, 0xa2, 0xb6, 0x9b, - 0x2c, 0xf9, 0xde, 0x8e, 0x14, 0xdf, 0x8d, 0x20, 0x24, 0x4d, 0xd1, 0x9d, 0x78, 0x7c, 0xf4, 0xbc, - 0xf5, 0x54, 0xb5, 0xfe, 0x0e, 0xd1, 0xcd, 0x89, 0xe5, 0xbd, 0xd1, 0xf1, 0x7e, 0xf4, 0xec, 0x7f, - 0x53, 0x82, 0x93, 0x59, 0xc5, 0x89, 0xfe, 0xae, 0x05, 0x27, 0x6e, 0xdd, 0x4e, 0x56, 0x83, 0x4d, - 0xe2, 0xc7, 0xf5, 0x1d, 0x2a, 0xde, 0x98, 0xca, 0x18, 0xbe, 0xd0, 0x28, 0x56, 0x45, 0x4f, 0x5e, - 0x49, 0x73, 0xb9, 0xe8, 0x27, 0xd1, 0x4e, 0xfd, 0x61, 0xf1, 0x76, 0x27, 0xae, 0xdc, 0x5c, 0x35, - 0xa1, 0x38, 0xdb, 0xa9, 0x73, 0x9f, 0xb5, 0xe0, 0x4c, 0x1e, 0x09, 0x74, 0x12, 0xca, 0x9b, 0x64, - 0x87, 0x1b, 0x70, 0x98, 0xfe, 0x44, 0xaf, 0x40, 0x65, 0xcb, 0xf1, 0x3a, 0x44, 0x58, 0x37, 0x73, - 0x47, 0x7b, 0x11, 0xd5, 0x33, 0xcc, 0xa9, 0xbe, 0xb7, 0xf4, 0x82, 0x65, 0xff, 0x6e, 0x19, 0x86, - 0x0d, 0xfd, 0x76, 0x0f, 0x2c, 0xb6, 0x20, 0x65, 0xb1, 0x2d, 0x16, 0xa6, 0x9a, 0x7b, 0x9a, 0x6c, - 0xb7, 0x33, 0x26, 0xdb, 0x52, 0x71, 0x2c, 0xf7, 0xb4, 0xd9, 0x50, 0x02, 0xb5, 0x20, 0xa4, 0xd6, - 0x3b, 0x55, 0xfd, 0x03, 0x45, 0x7c, 0xc2, 0x25, 0x49, 0xae, 0x3e, 0x7a, 0x67, 0x77, 0xa2, 0xa6, - 0xfe, 0x62, 0xcd, 0xc8, 0xfe, 0xb6, 0x05, 0x67, 0x8c, 0x3e, 0xce, 0x04, 0x7e, 0xd3, 0x65, 0x9f, - 0xf6, 0x3c, 0x0c, 0x24, 0x3b, 0xa1, 0xdc, 0x21, 0xa8, 0x91, 0x5a, 0xdd, 0x09, 0x09, 0x66, 0x10, - 0x6a, 0xe8, 0xb7, 0x49, 0x1c, 0x3b, 0x2d, 0x92, 0xdd, 0x13, 0x2c, 0xf2, 0x66, 0x2c, 0xe1, 0x28, - 0x02, 0xe4, 0x39, 0x71, 0xb2, 0x1a, 0x39, 0x7e, 0xcc, 0xc8, 0xaf, 0xba, 0x6d, 0x22, 0x06, 0xf8, - 0x2f, 0xf5, 0x37, 0x63, 0xe8, 0x13, 0xf5, 0x87, 0xee, 0xec, 0x4e, 0xa0, 0x85, 0x2e, 0x4a, 0x38, - 0x87, 0xba, 0xfd, 0x65, 0x0b, 0x1e, 0xca, 0xb7, 0xc5, 0xd0, 0x93, 0x30, 0xc8, 0xb7, 0x87, 0xe2, - 0xed, 0xf4, 0x27, 0x61, 0xad, 0x58, 0x40, 0xd1, 0x14, 0xd4, 0x94, 0x9e, 0x10, 0xef, 0x78, 0x4a, - 0xa0, 0xd6, 0xb4, 0x72, 0xd1, 0x38, 0x74, 0xd0, 0xe8, 0x1f, 0x61, 0xb9, 0xa9, 0x41, 0x63, 0xfb, - 0x29, 0x06, 0xb1, 0xff, 0x93, 0x05, 0x27, 0x8c, 0x5e, 0xdd, 0x03, 0xd3, 0xdc, 0x4f, 0x9b, 0xe6, - 0xf3, 0x85, 0xcd, 0xe7, 0x1e, 0xb6, 0xf9, 0xe7, 0x2d, 0x38, 0x67, 0x60, 0x2d, 0x3a, 0x49, 0x63, - 0xe3, 0xe2, 0x76, 0x18, 0x91, 0x98, 0x6e, 0xbd, 0xd1, 0x63, 0x86, 0xdc, 0xaa, 0x0f, 0x0b, 0x0a, - 0xe5, 0xab, 0x64, 0x87, 0x0b, 0xb1, 0xa7, 0xa1, 0xca, 0x27, 0x67, 0x10, 0x89, 0x11, 0x57, 0xef, - 0xb6, 0x24, 0xda, 0xb1, 0xc2, 0x40, 0x36, 0x0c, 0x32, 0xe1, 0x44, 0x17, 0x2b, 0x55, 0x43, 0x40, - 0x3f, 0xe2, 0x0d, 0xd6, 0x82, 0x05, 0xc4, 0x8e, 0x53, 0xdd, 0x59, 0x8e, 0x08, 0xfb, 0xb8, 0xcd, - 0x4b, 0x2e, 0xf1, 0x9a, 0x31, 0xdd, 0x36, 0x38, 0xbe, 0x1f, 0x24, 0x62, 0x07, 0x60, 0x6c, 0x1b, - 0xa6, 0x75, 0x33, 0x36, 0x71, 0x28, 0x53, 0xcf, 0x59, 0x23, 0x1e, 0x1f, 0x51, 0xc1, 0x74, 0x81, - 0xb5, 0x60, 0x01, 0xb1, 0xef, 0x94, 0xd8, 0x06, 0x45, 0x2d, 0x7d, 0x72, 0x2f, 0x76, 0xb7, 0x51, - 0x4a, 0x56, 0x2e, 0x17, 0x27, 0xb8, 0x48, 0xef, 0x1d, 0xee, 0xeb, 0x19, 0x71, 0x89, 0x0b, 0xe5, - 0xba, 0xf7, 0x2e, 0xf7, 0xb7, 0x4a, 0x30, 0x91, 0x7e, 0xa0, 0x4b, 0xda, 0xd2, 0x2d, 0x95, 0xc1, - 0x28, 0xeb, 0xef, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x60, 0x95, 0x8e, 0x53, 0x60, 0x99, 0xf2, - 0xb4, 0xbc, 0x8f, 0x3c, 0x7d, 0x52, 0x8d, 0xfa, 0x40, 0x46, 0x80, 0xa5, 0x75, 0xca, 0x79, 0x18, - 0x88, 0x13, 0x12, 0x8e, 0x57, 0xd2, 0xf2, 0x68, 0x25, 0x21, 0x21, 0x66, 0x10, 0xfb, 0xbf, 0x97, - 0xe0, 0xe1, 0xf4, 0x18, 0x6a, 0x15, 0xf0, 0xfe, 0x94, 0x0a, 0x78, 0x97, 0xa9, 0x02, 0xee, 0xee, - 0x4e, 0xbc, 0xbd, 0xc7, 0x63, 0xdf, 0x33, 0x1a, 0x02, 0xcd, 0x65, 0x46, 0x71, 0x2a, 0x3d, 0x8a, - 0x77, 0x77, 0x27, 0x1e, 0xeb, 0xf1, 0x8e, 0x99, 0x61, 0x7e, 0x12, 0x06, 0x23, 0xe2, 0xc4, 0x81, - 0x2f, 0x06, 0x5a, 0x7d, 0x0e, 0xcc, 0x5a, 0xb1, 0x80, 0xda, 0xbf, 0x5f, 0xcb, 0x0e, 0xf6, 0x1c, - 0x77, 0xd8, 0x05, 0x11, 0x72, 0x61, 0x80, 0x99, 0xf5, 0x5c, 0x34, 0x5c, 0x3d, 0xda, 0x32, 0xa2, - 0x6a, 0x40, 0x91, 0xae, 0x57, 0xe9, 0x57, 0xa3, 0x4d, 0x98, 0xb1, 0x40, 0xdb, 0x50, 0x6d, 0x48, - 0x6b, 0xbb, 0x54, 0x84, 0x5f, 0x4a, 0xd8, 0xda, 0x9a, 0xe3, 0x08, 0x95, 0xd7, 0xca, 0x44, 0x57, - 0xdc, 0x10, 0x81, 0x72, 0xcb, 0x4d, 0xc4, 0x67, 0x3d, 0xe2, 0x7e, 0x6a, 0xce, 0x35, 0x5e, 0x71, - 0x88, 0x2a, 0x91, 0x39, 0x37, 0xc1, 0x94, 0x3e, 0xfa, 0x19, 0x0b, 0x86, 0xe3, 0x46, 0x7b, 0x39, - 0x0a, 0xb6, 0xdc, 0x26, 0x89, 0x84, 0x35, 0x75, 0x44, 0xd1, 0xb4, 0x32, 0xb3, 0x28, 0x09, 0x6a, - 0xbe, 0x7c, 0x7f, 0xab, 0x21, 0xd8, 0xe4, 0x4b, 0x77, 0x19, 0x0f, 0x8b, 0x77, 0x9f, 0x25, 0x0d, - 0x97, 0xea, 0x3f, 0xb9, 0xa9, 0x62, 0x33, 0xe5, 0xc8, 0xd6, 0xe5, 0x6c, 0xa7, 0xb1, 0x49, 0xd7, - 0x9b, 0xee, 0xd0, 0xdb, 0xef, 0xec, 0x4e, 0x3c, 0x3c, 0x93, 0xcf, 0x13, 0xf7, 0xea, 0x0c, 0x1b, - 0xb0, 0xb0, 0xe3, 0x79, 0x98, 0xbc, 0xd6, 0x21, 0xcc, 0x65, 0x52, 0xc0, 0x80, 0x2d, 0x6b, 0x82, - 0x99, 0x01, 0x33, 0x20, 0xd8, 0xe4, 0x8b, 0x5e, 0x83, 0xc1, 0xb6, 0x93, 0x44, 0xee, 0xb6, 0xf0, - 0x93, 0x1c, 0xd1, 0xde, 0x5f, 0x64, 0xb4, 0x34, 0x73, 0xa6, 0xa9, 0x79, 0x23, 0x16, 0x8c, 0x50, - 0x1b, 0x2a, 0x6d, 0x12, 0xb5, 0xc8, 0x78, 0xb5, 0x08, 0x9f, 0xf0, 0x22, 0x25, 0xa5, 0x19, 0xd6, - 0xa8, 0x75, 0xc4, 0xda, 0x30, 0xe7, 0x82, 0x5e, 0x81, 0x6a, 0x4c, 0x3c, 0xd2, 0xa0, 0xf6, 0x4d, - 0x8d, 0x71, 0x7c, 0x77, 0x9f, 0xb6, 0x1e, 0x35, 0x2c, 0x56, 0xc4, 0xa3, 0x7c, 0x81, 0xc9, 0x7f, - 0x58, 0x91, 0xa4, 0x03, 0x18, 0x7a, 0x9d, 0x96, 0xeb, 0x8f, 0x43, 0x11, 0x03, 0xb8, 0xcc, 0x68, - 0x65, 0x06, 0x90, 0x37, 0x62, 0xc1, 0xc8, 0xfe, 0x2f, 0x16, 0xa0, 0xb4, 0x50, 0xbb, 0x07, 0x46, - 0xed, 0x6b, 0x69, 0xa3, 0x76, 0xa1, 0x48, 0xab, 0xa3, 0x87, 0x5d, 0xfb, 0x1b, 0x35, 0xc8, 0xa8, - 0x83, 0x6b, 0x24, 0x4e, 0x48, 0xf3, 0x2d, 0x11, 0xfe, 0x96, 0x08, 0x7f, 0x4b, 0x84, 0x2b, 0x11, - 0xbe, 0x96, 0x11, 0xe1, 0xef, 0x33, 0x56, 0xbd, 0x3e, 0x80, 0x7d, 0x55, 0x9d, 0xd0, 0x9a, 0x3d, - 0x30, 0x10, 0xa8, 0x24, 0xb8, 0xb2, 0xb2, 0x74, 0x2d, 0x57, 0x66, 0xbf, 0x9a, 0x96, 0xd9, 0x47, - 0x65, 0xf1, 0x17, 0x41, 0x4a, 0xff, 0x6b, 0x0b, 0xde, 0x91, 0x96, 0x5e, 0x72, 0xe6, 0xcc, 0xb7, - 0xfc, 0x20, 0x22, 0xb3, 0xee, 0xfa, 0x3a, 0x89, 0x88, 0xdf, 0x20, 0xb1, 0xf2, 0x62, 0x58, 0xbd, - 0xbc, 0x18, 0xe8, 0x39, 0x18, 0xb9, 0x15, 0x07, 0xfe, 0x72, 0xe0, 0xfa, 0x42, 0x04, 0xd1, 0x8d, - 0xf0, 0xc9, 0x3b, 0xbb, 0x13, 0x23, 0x74, 0x44, 0x65, 0x3b, 0x4e, 0x61, 0xa1, 0x19, 0x38, 0x75, - 0xeb, 0xb5, 0x65, 0x27, 0x31, 0xdc, 0x01, 0x72, 0xe3, 0xce, 0x0e, 0x2c, 0xae, 0xbc, 0x94, 0x01, - 0xe2, 0x6e, 0x7c, 0xfb, 0x6f, 0x95, 0xe0, 0x91, 0xcc, 0x8b, 0x04, 0x9e, 0x17, 0x74, 0x12, 0xba, - 0xa9, 0x41, 0x5f, 0xb5, 0xe0, 0x64, 0x3b, 0xed, 0x71, 0x88, 0x85, 0x63, 0xf7, 0x03, 0x85, 0xe9, - 0x88, 0x8c, 0x4b, 0xa3, 0x3e, 0x2e, 0x46, 0xe8, 0x64, 0x06, 0x10, 0xe3, 0xae, 0xbe, 0xa0, 0x57, - 0xa0, 0xd6, 0x76, 0xb6, 0xaf, 0x87, 0x4d, 0x27, 0x91, 0xfb, 0xc9, 0xde, 0x6e, 0x80, 0x4e, 0xe2, - 0x7a, 0x93, 0xfc, 0x68, 0x7f, 0x72, 0xde, 0x4f, 0x96, 0xa2, 0x95, 0x24, 0x72, 0xfd, 0x16, 0x77, - 0xe7, 0x2d, 0x4a, 0x32, 0x58, 0x53, 0xb4, 0xbf, 0x62, 0x65, 0x95, 0x94, 0x1a, 0x9d, 0xc8, 0x49, - 0x48, 0x6b, 0x07, 0x7d, 0x14, 0x2a, 0x74, 0xe3, 0x27, 0x47, 0xe5, 0x66, 0x91, 0x9a, 0xd3, 0xf8, - 0x12, 0x5a, 0x89, 0xd2, 0x7f, 0x31, 0xe6, 0x4c, 0xed, 0xaf, 0xd6, 0xb2, 0xc6, 0x02, 0x3b, 0xbc, - 0xbd, 0x00, 0xd0, 0x0a, 0x56, 0x49, 0x3b, 0xf4, 0xe8, 0xb0, 0x58, 0xec, 0x04, 0x40, 0xf9, 0x3a, - 0xe6, 0x14, 0x04, 0x1b, 0x58, 0xe8, 0xaf, 0x58, 0x00, 0x2d, 0x39, 0xe7, 0xa5, 0x21, 0x70, 0xbd, - 0xc8, 0xd7, 0xd1, 0x2b, 0x4a, 0xf7, 0x45, 0x31, 0xc4, 0x06, 0x73, 0xf4, 0xd3, 0x16, 0x54, 0x13, - 0xd9, 0x7d, 0xae, 0x1a, 0x57, 0x8b, 0xec, 0x89, 0x7c, 0x69, 0x6d, 0x13, 0xa9, 0x21, 0x51, 0x7c, - 0xd1, 0xcf, 0x5a, 0x00, 0xf1, 0x8e, 0xdf, 0x58, 0x0e, 0x3c, 0xb7, 0xb1, 0x23, 0x34, 0xe6, 0x8d, - 0x42, 0xfd, 0x31, 0x8a, 0x7a, 0x7d, 0x8c, 0x8e, 0x86, 0xfe, 0x8f, 0x0d, 0xce, 0xe8, 0xe3, 0x50, - 0x8d, 0xc5, 0x74, 0x13, 0x3a, 0x72, 0xb5, 0x58, 0xaf, 0x10, 0xa7, 0x2d, 0xc4, 0xab, 0xf8, 0x87, - 0x15, 0x4f, 0xf4, 0xf3, 0x16, 0x9c, 0x08, 0xd3, 0x7e, 0x3e, 0xa1, 0x0e, 0x8b, 0x93, 0x01, 0x19, - 0x3f, 0x62, 0xfd, 0xf4, 0x9d, 0xdd, 0x89, 0x13, 0x99, 0x46, 0x9c, 0xed, 0x05, 0x95, 0x80, 0x7a, - 0x06, 0x2f, 0x85, 0xdc, 0xe7, 0x38, 0xa4, 0x25, 0xe0, 0x5c, 0x16, 0x88, 0xbb, 0xf1, 0xd1, 0x32, - 0x9c, 0xa1, 0xbd, 0xdb, 0xe1, 0xe6, 0xa7, 0x54, 0x2f, 0x31, 0x53, 0x86, 0xd5, 0xfa, 0xa3, 0x62, - 0x86, 0x30, 0xaf, 0x7e, 0x16, 0x07, 0xe7, 0x3e, 0x89, 0x7e, 0xd7, 0x82, 0x47, 0x5d, 0xa6, 0x06, - 0x4c, 0x87, 0xb9, 0xd6, 0x08, 0xe2, 0x24, 0x96, 0x14, 0x2a, 0x2b, 0x7a, 0xa9, 0x9f, 0xfa, 0x0f, - 0x8a, 0x37, 0x78, 0x74, 0x7e, 0x8f, 0x2e, 0xe1, 0x3d, 0x3b, 0x8c, 0x7e, 0x04, 0x46, 0xe5, 0xba, - 0x58, 0xa6, 0x22, 0x98, 0x29, 0xda, 0x5a, 0xfd, 0xd4, 0x9d, 0xdd, 0x89, 0xd1, 0x55, 0x13, 0x80, - 0xd3, 0x78, 0xf6, 0xb7, 0x4a, 0xa9, 0xf3, 0x10, 0xe5, 0x84, 0x64, 0xe2, 0xa6, 0x21, 0xfd, 0x3f, - 0x52, 0x7a, 0x16, 0x2a, 0x6e, 0x94, 0x77, 0x49, 0x8b, 0x1b, 0xd5, 0x14, 0x63, 0x83, 0x39, 0x35, - 0x4a, 0x4f, 0x39, 0x59, 0x57, 0xa7, 0x90, 0x80, 0xaf, 0x14, 0xd9, 0xa5, 0xee, 0xd3, 0xab, 0x47, - 0x44, 0xd7, 0x4e, 0x75, 0x81, 0x70, 0x77, 0x97, 0xec, 0x6f, 0xa5, 0xcf, 0x60, 0x8c, 0xc5, 0xdb, - 0xc7, 0xf9, 0xd2, 0x17, 0x2c, 0x18, 0x8e, 0x02, 0xcf, 0x73, 0xfd, 0x16, 0x15, 0x34, 0x42, 0x5b, - 0x7e, 0xe8, 0x58, 0x14, 0x96, 0x90, 0x28, 0xcc, 0xb4, 0xc5, 0x9a, 0x27, 0x36, 0x3b, 0x60, 0xff, - 0x89, 0x05, 0xe3, 0xbd, 0x04, 0x22, 0x22, 0xf0, 0x76, 0xb9, 0xda, 0x55, 0x74, 0xc5, 0x92, 0x3f, - 0x4b, 0x3c, 0xa2, 0x1c, 0xcf, 0xd5, 0xfa, 0x13, 0xe2, 0x35, 0xdf, 0xbe, 0xdc, 0x1b, 0x15, 0xef, - 0x45, 0x07, 0xbd, 0x0c, 0x27, 0x8d, 0xf7, 0x8a, 0xd5, 0xc0, 0xd4, 0xea, 0x93, 0xd4, 0x02, 0x99, - 0xce, 0xc0, 0xee, 0xee, 0x4e, 0x3c, 0x94, 0x6d, 0x13, 0x12, 0xbb, 0x8b, 0x8e, 0xfd, 0x2b, 0xa5, - 0xec, 0xd7, 0x52, 0xca, 0xf6, 0x4d, 0xab, 0x6b, 0x3b, 0xff, 0x81, 0xe3, 0x50, 0x70, 0x6c, 0xe3, - 0xaf, 0x02, 0x38, 0x7a, 0xe3, 0xdc, 0xc7, 0x13, 0x62, 0xfb, 0xdf, 0x0e, 0xc0, 0x1e, 0x3d, 0xeb, - 0xc3, 0x7a, 0x3e, 0xf0, 0xb1, 0xe2, 0xe7, 0x2c, 0x75, 0xe4, 0x54, 0x66, 0x8b, 0xbc, 0x79, 0x5c, - 0x63, 0xcf, 0x37, 0x30, 0x31, 0x8f, 0x52, 0x50, 0x6e, 0xec, 0xf4, 0xe1, 0x16, 0xfa, 0x9a, 0x95, - 0x3e, 0x34, 0xe3, 0x61, 0x67, 0xee, 0xb1, 0xf5, 0xc9, 0x38, 0x89, 0xe3, 0x1d, 0xd3, 0xe7, 0x37, - 0xbd, 0xce, 0xe8, 0x26, 0x01, 0xd6, 0x5d, 0xdf, 0xf1, 0xdc, 0xd7, 0xe9, 0xf6, 0xa4, 0xc2, 0x34, - 0x2c, 0x33, 0x59, 0x2e, 0xa9, 0x56, 0x6c, 0x60, 0x9c, 0xfb, 0xcb, 0x30, 0x6c, 0xbc, 0x79, 0x4e, - 0x70, 0xc5, 0x19, 0x33, 0xb8, 0xa2, 0x66, 0xc4, 0x44, 0x9c, 0x7b, 0x1f, 0x9c, 0xcc, 0x76, 0xf0, - 0x20, 0xcf, 0xdb, 0xff, 0x7b, 0x28, 0x7b, 0x8a, 0xb5, 0x4a, 0xa2, 0x36, 0xed, 0xda, 0x5b, 0x9e, - 0xa5, 0xb7, 0x3c, 0x4b, 0x6f, 0x79, 0x96, 0xcc, 0xc3, 0x01, 0xe1, 0x35, 0x19, 0xba, 0x47, 0x5e, - 0x93, 0x94, 0x1f, 0xa8, 0x5a, 0xb8, 0x1f, 0xc8, 0xbe, 0x53, 0x81, 0x94, 0x1d, 0xc5, 0xc7, 0xfb, - 0x9d, 0x30, 0x14, 0x91, 0x30, 0xb8, 0x8e, 0x17, 0x84, 0x0e, 0xd1, 0xb1, 0xf6, 0xbc, 0x19, 0x4b, - 0x38, 0xd5, 0x35, 0xa1, 0x93, 0x6c, 0x08, 0x25, 0xa2, 0x74, 0xcd, 0xb2, 0x93, 0x6c, 0x60, 0x06, - 0x41, 0xef, 0x83, 0xb1, 0xc4, 0x89, 0x5a, 0xd4, 0xde, 0xde, 0x62, 0x9f, 0x55, 0x9c, 0x75, 0x3e, - 0x24, 0x70, 0xc7, 0x56, 0x53, 0x50, 0x9c, 0xc1, 0x46, 0xaf, 0xc1, 0xc0, 0x06, 0xf1, 0xda, 0x62, - 0xc8, 0x57, 0x8a, 0x93, 0xf1, 0xec, 0x5d, 0x2f, 0x13, 0xaf, 0xcd, 0x25, 0x10, 0xfd, 0x85, 0x19, - 0x2b, 0x3a, 0xdf, 0x6a, 0x9b, 0x9d, 0x38, 0x09, 0xda, 0xee, 0xeb, 0xd2, 0xc5, 0xf7, 0x81, 0x82, - 0x19, 0x5f, 0x95, 0xf4, 0xb9, 0x2f, 0x45, 0xfd, 0xc5, 0x9a, 0x33, 0xeb, 0x47, 0xd3, 0x8d, 0xd8, - 0xa7, 0xda, 0x11, 0x9e, 0xba, 0xa2, 0xfb, 0x31, 0x2b, 0xe9, 0xf3, 0x7e, 0xa8, 0xbf, 0x58, 0x73, - 0x46, 0x3b, 0x6a, 0xde, 0x0f, 0xb3, 0x3e, 0x5c, 0x2f, 0xb8, 0x0f, 0x7c, 0xce, 0xe7, 0xce, 0xff, - 0x27, 0xa0, 0xd2, 0xd8, 0x70, 0xa2, 0x64, 0x7c, 0x84, 0x4d, 0x1a, 0xe5, 0xd3, 0x99, 0xa1, 0x8d, - 0x98, 0xc3, 0xd0, 0x63, 0x50, 0x8e, 0xc8, 0x3a, 0x8b, 0xdb, 0x34, 0x22, 0x7a, 0x30, 0x59, 0xc7, - 0xb4, 0xdd, 0xfe, 0xa5, 0x52, 0xda, 0x5c, 0x4a, 0xbf, 0x37, 0x9f, 0xed, 0x8d, 0x4e, 0x14, 0x4b, - 0xbf, 0x8f, 0x31, 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x49, 0x0b, 0x86, 0x6e, 0xc5, 0x81, 0xef, - 0x93, 0x44, 0xa8, 0xa6, 0x1b, 0x05, 0x0f, 0xc5, 0x15, 0x4e, 0x5d, 0xf7, 0x41, 0x34, 0x60, 0xc9, - 0x97, 0x76, 0x97, 0x6c, 0x37, 0xbc, 0x4e, 0xb3, 0x2b, 0x48, 0xe3, 0x22, 0x6f, 0xc6, 0x12, 0x4e, - 0x51, 0x5d, 0x9f, 0xa3, 0x0e, 0xa4, 0x51, 0xe7, 0x7d, 0x81, 0x2a, 0xe0, 0xf6, 0xdf, 0x18, 0x84, - 0xb3, 0xb9, 0x8b, 0x83, 0x1a, 0x32, 0xcc, 0x54, 0xb8, 0xe4, 0x7a, 0x44, 0x86, 0x27, 0x31, 0x43, - 0xe6, 0x86, 0x6a, 0xc5, 0x06, 0x06, 0xfa, 0x29, 0x80, 0xd0, 0x89, 0x9c, 0x36, 0x51, 0x7e, 0xd9, - 0x23, 0xdb, 0x0b, 0xb4, 0x1f, 0xcb, 0x92, 0xa6, 0xde, 0x9b, 0xaa, 0xa6, 0x18, 0x1b, 0x2c, 0xd1, - 0xf3, 0x30, 0x1c, 0x11, 0x8f, 0x38, 0x31, 0x0b, 0xfb, 0xcd, 0xe6, 0x30, 0x60, 0x0d, 0xc2, 0x26, - 0x1e, 0x7a, 0x52, 0x45, 0x72, 0x65, 0x22, 0x5a, 0xd2, 0xd1, 0x5c, 0xe8, 0x0d, 0x0b, 0xc6, 0xd6, - 0x5d, 0x8f, 0x68, 0xee, 0x22, 0xe3, 0x60, 0xe9, 0xe8, 0x2f, 0x79, 0xc9, 0xa4, 0xab, 0x25, 0x64, - 0xaa, 0x39, 0xc6, 0x19, 0xf6, 0xf4, 0x33, 0x6f, 0x91, 0x88, 0x89, 0xd6, 0xc1, 0xf4, 0x67, 0xbe, - 0xc1, 0x9b, 0xb1, 0x84, 0xa3, 0x69, 0x38, 0x11, 0x3a, 0x71, 0x3c, 0x13, 0x91, 0x26, 0xf1, 0x13, - 0xd7, 0xf1, 0x78, 0x3e, 0x40, 0x55, 0xc7, 0x03, 0x2f, 0xa7, 0xc1, 0x38, 0x8b, 0x8f, 0x3e, 0x08, - 0x0f, 0x73, 0xc7, 0xc7, 0xa2, 0x1b, 0xc7, 0xae, 0xdf, 0xd2, 0xd3, 0x40, 0xf8, 0x7f, 0x26, 0x04, - 0xa9, 0x87, 0xe7, 0xf3, 0xd1, 0x70, 0xaf, 0xe7, 0xd1, 0xd3, 0x50, 0x8d, 0x37, 0xdd, 0x70, 0x26, - 0x6a, 0xc6, 0xec, 0xd0, 0xa3, 0xaa, 0xbd, 0x8d, 0x2b, 0xa2, 0x1d, 0x2b, 0x0c, 0xd4, 0x80, 0x11, - 0xfe, 0x49, 0x78, 0x28, 0x9a, 0x90, 0x8f, 0xcf, 0xf4, 0x54, 0x8f, 0x22, 0xbd, 0x6d, 0x12, 0x3b, - 0xb7, 0x2f, 0xca, 0x23, 0x18, 0x7e, 0x62, 0x70, 0xc3, 0x20, 0x83, 0x53, 0x44, 0xed, 0x5f, 0x28, - 0xa5, 0x77, 0xdc, 0xe6, 0x22, 0x45, 0x31, 0x5d, 0x8a, 0xc9, 0x0d, 0x27, 0x92, 0xde, 0x98, 0x23, - 0xa6, 0x2d, 0x08, 0xba, 0x37, 0x9c, 0xc8, 0x5c, 0xd4, 0x8c, 0x01, 0x96, 0x9c, 0xd0, 0x2d, 0x18, - 0x48, 0x3c, 0xa7, 0xa0, 0x3c, 0x27, 0x83, 0xa3, 0x76, 0x80, 0x2c, 0x4c, 0xc7, 0x98, 0xf1, 0x40, - 0x8f, 0x52, 0xab, 0x7f, 0x4d, 0x1e, 0x91, 0x08, 0x43, 0x7d, 0x2d, 0xc6, 0xac, 0xd5, 0xbe, 0x0b, - 0x39, 0x72, 0x55, 0x29, 0x32, 0x74, 0x01, 0x80, 0x6e, 0x20, 0x97, 0x23, 0xb2, 0xee, 0x6e, 0x0b, - 0x43, 0x42, 0xad, 0xdd, 0x6b, 0x0a, 0x82, 0x0d, 0x2c, 0xf9, 0xcc, 0x4a, 0x67, 0x9d, 0x3e, 0x53, - 0xea, 0x7e, 0x86, 0x43, 0xb0, 0x81, 0x85, 0x9e, 0x83, 0x41, 0xb7, 0xed, 0xb4, 0x54, 0x08, 0xe6, - 0xa3, 0x74, 0xd1, 0xce, 0xb3, 0x96, 0xbb, 0xbb, 0x13, 0x63, 0xaa, 0x43, 0xac, 0x09, 0x0b, 0x5c, - 0xf4, 0x2b, 0x16, 0x8c, 0x34, 0x82, 0x76, 0x3b, 0xf0, 0xf9, 0xb6, 0x4b, 0xec, 0x21, 0x6f, 0x1d, - 0x97, 0x9a, 0x9f, 0x9c, 0x31, 0x98, 0xf1, 0x4d, 0xa4, 0x4a, 0xc8, 0x32, 0x41, 0x38, 0xd5, 0x2b, - 0x73, 0x6d, 0x57, 0xf6, 0x59, 0xdb, 0xbf, 0x6e, 0xc1, 0x29, 0xfe, 0xac, 0xb1, 0x1b, 0x14, 0xb9, - 0x47, 0xc1, 0x31, 0xbf, 0x56, 0xd7, 0x06, 0x59, 0x79, 0xe9, 0xba, 0xe0, 0xb8, 0xbb, 0x93, 0x68, - 0x0e, 0x4e, 0xad, 0x07, 0x51, 0x83, 0x98, 0x03, 0x21, 0x04, 0x93, 0x22, 0x74, 0x29, 0x8b, 0x80, - 0xbb, 0x9f, 0x41, 0x37, 0xe0, 0x21, 0xa3, 0xd1, 0x1c, 0x07, 0x2e, 0x9b, 0x1e, 0x17, 0xd4, 0x1e, - 0xba, 0x94, 0x8b, 0x85, 0x7b, 0x3c, 0x9d, 0x76, 0x98, 0xd4, 0xfa, 0x70, 0x98, 0xbc, 0x0a, 0x8f, - 0x34, 0xba, 0x47, 0x66, 0x2b, 0xee, 0xac, 0xc5, 0x5c, 0x52, 0x55, 0xeb, 0x3f, 0x20, 0x08, 0x3c, - 0x32, 0xd3, 0x0b, 0x11, 0xf7, 0xa6, 0x81, 0x3e, 0x0a, 0xd5, 0x88, 0xb0, 0xaf, 0x12, 0x8b, 0x44, - 0x9c, 0x23, 0xee, 0x92, 0xb5, 0x05, 0xca, 0xc9, 0x6a, 0xd9, 0x2b, 0x1a, 0x62, 0xac, 0x38, 0xa2, - 0xdb, 0x30, 0x14, 0x3a, 0x49, 0x63, 0x43, 0xa4, 0xdf, 0x1c, 0x39, 0xfe, 0x45, 0x31, 0x67, 0x3e, - 0x70, 0x23, 0x61, 0x97, 0x33, 0xc1, 0x92, 0x1b, 0xb5, 0x46, 0x1a, 0x41, 0x3b, 0x0c, 0x7c, 0xe2, - 0x27, 0xf1, 0xf8, 0xa8, 0xb6, 0x46, 0x66, 0x54, 0x2b, 0x36, 0x30, 0xd0, 0x32, 0x9c, 0x61, 0x3e, - 0xa3, 0x9b, 0x6e, 0xb2, 0x11, 0x74, 0x12, 0xb9, 0x05, 0x1a, 0x1f, 0x4b, 0x1f, 0x55, 0x2c, 0xe4, - 0xe0, 0xe0, 0xdc, 0x27, 0xcf, 0xbd, 0x1f, 0x4e, 0x75, 0x2d, 0xe5, 0x03, 0xb9, 0x6b, 0x66, 0xe1, - 0xa1, 0xfc, 0x45, 0x73, 0x20, 0xa7, 0xcd, 0x3f, 0xc9, 0x84, 0xcd, 0x1a, 0x86, 0x74, 0x1f, 0x0e, - 0x40, 0x07, 0xca, 0xc4, 0xdf, 0x12, 0x3a, 0xe4, 0xd2, 0xd1, 0xbe, 0xdd, 0x45, 0x7f, 0x8b, 0xaf, - 0x79, 0xe6, 0xe5, 0xb8, 0xe8, 0x6f, 0x61, 0x4a, 0x1b, 0x7d, 0xc9, 0x4a, 0x19, 0x82, 0xdc, 0x6d, - 0xf8, 0xe1, 0x63, 0xd9, 0x39, 0xf4, 0x6d, 0x1b, 0xda, 0xff, 0xae, 0x04, 0xe7, 0xf7, 0x23, 0xd2, - 0xc7, 0xf0, 0x3d, 0x01, 0x83, 0x31, 0x3b, 0x08, 0x17, 0x42, 0x79, 0x98, 0xce, 0x55, 0x7e, 0x34, - 0xfe, 0x2a, 0x16, 0x20, 0xe4, 0x41, 0xb9, 0xed, 0x84, 0xc2, 0x9b, 0x34, 0x7f, 0xd4, 0x44, 0x1a, - 0xfa, 0xdf, 0xf1, 0x16, 0x9d, 0x90, 0xfb, 0x28, 0x8c, 0x06, 0x4c, 0xd9, 0xa0, 0x04, 0x2a, 0x4e, - 0x14, 0x39, 0xf2, 0xd4, 0xf5, 0x6a, 0x31, 0xfc, 0xa6, 0x29, 0x49, 0x7e, 0x68, 0x95, 0x6a, 0xc2, - 0x9c, 0x99, 0xfd, 0xb9, 0xa1, 0x54, 0x32, 0x09, 0x3b, 0x4a, 0x8f, 0x61, 0x50, 0x38, 0x91, 0xac, - 0xa2, 0xf3, 0x97, 0x78, 0x36, 0x20, 0xdb, 0x27, 0x8a, 0x9c, 0x6a, 0xc1, 0x0a, 0x7d, 0xd6, 0x62, - 0x99, 0xcb, 0x32, 0xc1, 0x46, 0xec, 0xce, 0x8e, 0x27, 0x91, 0xda, 0xcc, 0x87, 0x96, 0x8d, 0xd8, - 0xe4, 0x2e, 0x2a, 0x10, 0x30, 0xab, 0xb4, 0xbb, 0x02, 0x01, 0xb3, 0x32, 0x25, 0x1c, 0x6d, 0xe7, - 0x1c, 0x99, 0x17, 0x90, 0xfd, 0xda, 0xc7, 0x21, 0xf9, 0xd7, 0x2c, 0x38, 0xe5, 0x66, 0xcf, 0x3e, - 0xc5, 0x5e, 0xe6, 0x88, 0x41, 0x19, 0xbd, 0x8f, 0x56, 0x95, 0x3a, 0xef, 0x02, 0xe1, 0xee, 0xce, - 0xa0, 0x26, 0x0c, 0xb8, 0xfe, 0x7a, 0x20, 0x8c, 0x98, 0xfa, 0xd1, 0x3a, 0x35, 0xef, 0xaf, 0x07, - 0x7a, 0x35, 0xd3, 0x7f, 0x98, 0x51, 0x47, 0x0b, 0x70, 0x26, 0x12, 0xde, 0xa6, 0xcb, 0x6e, 0x9c, - 0x04, 0xd1, 0xce, 0x82, 0xdb, 0x76, 0x13, 0x66, 0x80, 0x94, 0xeb, 0xe3, 0x54, 0x3f, 0xe0, 0x1c, - 0x38, 0xce, 0x7d, 0x0a, 0xbd, 0x0e, 0x43, 0x32, 0xd5, 0xba, 0x5a, 0xc4, 0xbe, 0xb0, 0x7b, 0xfe, - 0xab, 0xc9, 0xb4, 0x22, 0xb2, 0xaa, 0x25, 0x43, 0xfb, 0x8d, 0x61, 0xe8, 0x3e, 0x16, 0x45, 0x1f, - 0x83, 0x5a, 0xa4, 0xd2, 0xbf, 0xad, 0x22, 0xd4, 0xb5, 0xfc, 0xbe, 0xe2, 0x48, 0x56, 0x99, 0x42, - 0x3a, 0xd1, 0x5b, 0x73, 0xa4, 0x1b, 0x96, 0x58, 0x9f, 0x9e, 0x16, 0x30, 0xb7, 0x05, 0x57, 0x7d, - 0x32, 0xb6, 0xe3, 0x37, 0x30, 0xe3, 0x81, 0x22, 0x18, 0xdc, 0x20, 0x8e, 0x97, 0x6c, 0x14, 0xe3, - 0xc4, 0xbf, 0xcc, 0x68, 0x65, 0x93, 0x80, 0x78, 0x2b, 0x16, 0x9c, 0xd0, 0x36, 0x0c, 0x6d, 0xf0, - 0x09, 0x20, 0xf6, 0x10, 0x8b, 0x47, 0x1d, 0xdc, 0xd4, 0xac, 0xd2, 0x9f, 0x5b, 0x34, 0x60, 0xc9, - 0x8e, 0xc5, 0xdb, 0x18, 0x11, 0x01, 0x7c, 0xe9, 0x16, 0x97, 0xff, 0xd4, 0x7f, 0x38, 0xc0, 0x47, - 0x60, 0x24, 0x22, 0x8d, 0xc0, 0x6f, 0xb8, 0x1e, 0x69, 0x4e, 0x4b, 0x07, 0xfd, 0x41, 0xb2, 0x66, - 0xd8, 0x3e, 0x1c, 0x1b, 0x34, 0x70, 0x8a, 0x22, 0xfa, 0x8c, 0x05, 0x63, 0x2a, 0x67, 0x94, 0x7e, - 0x10, 0x22, 0x1c, 0xc2, 0x0b, 0x05, 0x65, 0xa8, 0x32, 0x9a, 0x75, 0x74, 0x67, 0x77, 0x62, 0x2c, - 0xdd, 0x86, 0x33, 0x7c, 0xd1, 0xcb, 0x00, 0xc1, 0x1a, 0x0f, 0xaa, 0x99, 0x4e, 0x84, 0x77, 0xf8, - 0x20, 0xaf, 0x3a, 0xc6, 0xd3, 0xe7, 0x24, 0x05, 0x6c, 0x50, 0x43, 0x57, 0x01, 0xf8, 0xb2, 0x59, - 0xdd, 0x09, 0xe5, 0x46, 0x43, 0xa6, 0x3d, 0xc1, 0x8a, 0x82, 0xdc, 0xdd, 0x9d, 0xe8, 0xf6, 0xd6, - 0xb1, 0xc0, 0x05, 0xe3, 0x71, 0xf4, 0x93, 0x30, 0x14, 0x77, 0xda, 0x6d, 0x47, 0xf9, 0x8e, 0x0b, - 0x4c, 0xc8, 0xe3, 0x74, 0x0d, 0x51, 0xc4, 0x1b, 0xb0, 0xe4, 0x88, 0x6e, 0x51, 0xa1, 0x1a, 0x0b, - 0x37, 0x22, 0x5b, 0x45, 0xdc, 0x26, 0x18, 0x66, 0xef, 0xf4, 0x1e, 0x69, 0x78, 0xe3, 0x1c, 0x9c, - 0xbb, 0xbb, 0x13, 0x0f, 0xa5, 0xdb, 0x17, 0x02, 0x91, 0x22, 0x97, 0x4b, 0x13, 0x5d, 0x91, 0x95, - 0x57, 0xe8, 0x6b, 0xcb, 0x82, 0x00, 0x4f, 0xe9, 0xca, 0x2b, 0xac, 0xb9, 0xf7, 0x98, 0x99, 0x0f, - 0xa3, 0x45, 0x38, 0xdd, 0x08, 0xfc, 0x24, 0x0a, 0x3c, 0x8f, 0x57, 0x1e, 0xe2, 0x7b, 0x3e, 0xee, - 0x5b, 0x7e, 0xbb, 0xe8, 0xf6, 0xe9, 0x99, 0x6e, 0x14, 0x9c, 0xf7, 0x9c, 0xed, 0xa7, 0xa3, 0x0d, - 0xc5, 0xe0, 0x3c, 0x07, 0x23, 0x64, 0x3b, 0x21, 0x91, 0xef, 0x78, 0xd7, 0xf1, 0x82, 0xf4, 0xaa, - 0xb2, 0x35, 0x70, 0xd1, 0x68, 0xc7, 0x29, 0x2c, 0x64, 0x2b, 0x47, 0x87, 0x91, 0xf6, 0xc9, 0x1d, - 0x1d, 0xd2, 0xad, 0x61, 0xff, 0x9f, 0x52, 0xca, 0x20, 0x5b, 0x8d, 0x08, 0x41, 0x01, 0x54, 0xfc, - 0xa0, 0xa9, 0x64, 0xff, 0x95, 0x62, 0x64, 0xff, 0xb5, 0xa0, 0x69, 0x94, 0x67, 0xa1, 0xff, 0x62, - 0xcc, 0xf9, 0xb0, 0xfa, 0x15, 0xb2, 0xd0, 0x07, 0x03, 0x88, 0x8d, 0x46, 0x91, 0x9c, 0x55, 0xfd, - 0x8a, 0x25, 0x93, 0x11, 0x4e, 0xf3, 0x45, 0x9b, 0x50, 0xd9, 0x08, 0xe2, 0x44, 0x6e, 0x3f, 0x8e, - 0xb8, 0xd3, 0xb9, 0x1c, 0xc4, 0x09, 0xb3, 0x22, 0xd4, 0x6b, 0xd3, 0x96, 0x18, 0x73, 0x1e, 0xf6, - 0x7f, 0xb5, 0x52, 0x3e, 0xf4, 0x9b, 0x2c, 0xf2, 0x76, 0x8b, 0xf8, 0x74, 0x59, 0x9b, 0xa1, 0x46, - 0x3f, 0x92, 0xc9, 0x63, 0x7c, 0x47, 0xaf, 0xc2, 0x5a, 0xb7, 0x29, 0x85, 0x49, 0x46, 0xc2, 0x88, - 0x4a, 0xfa, 0x84, 0x95, 0xce, 0x28, 0x2d, 0x15, 0xb1, 0xc1, 0x30, 0xb3, 0xaa, 0xf7, 0x4d, 0x4e, - 0xb5, 0xbf, 0x64, 0xc1, 0x50, 0xdd, 0x69, 0x6c, 0x06, 0xeb, 0xeb, 0xe8, 0x69, 0xa8, 0x36, 0x3b, - 0x91, 0x99, 0xdc, 0xaa, 0x1c, 0x07, 0xb3, 0xa2, 0x1d, 0x2b, 0x0c, 0x3a, 0x87, 0xd7, 0x9d, 0x86, - 0xcc, 0xad, 0x2e, 0xf3, 0x39, 0x7c, 0x89, 0xb5, 0x60, 0x01, 0x41, 0xcf, 0xc3, 0x70, 0xdb, 0xd9, - 0x96, 0x0f, 0x67, 0x1d, 0xf8, 0x8b, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x5f, 0x59, 0x30, 0x5e, 0x77, - 0x62, 0xb7, 0x31, 0xdd, 0x49, 0x36, 0xea, 0x6e, 0xb2, 0xd6, 0x69, 0x6c, 0x92, 0x84, 0x27, 0xd4, - 0xd3, 0x5e, 0x76, 0x62, 0xba, 0x94, 0xd4, 0xbe, 0x4e, 0xf5, 0xf2, 0xba, 0x68, 0xc7, 0x0a, 0x03, - 0xbd, 0x0e, 0xc3, 0xa1, 0x13, 0xc7, 0xb7, 0x83, 0xa8, 0x89, 0xc9, 0x7a, 0x31, 0xe5, 0x2c, 0x56, - 0x48, 0x23, 0x22, 0x09, 0x26, 0xeb, 0xe2, 0x90, 0x59, 0xd3, 0xc7, 0x26, 0x33, 0xfb, 0x0b, 0x16, - 0x3c, 0x52, 0x27, 0x4e, 0x44, 0x22, 0x56, 0xfd, 0x42, 0xbd, 0xc8, 0x8c, 0x17, 0x74, 0x9a, 0xe8, - 0x35, 0xa8, 0x26, 0xb4, 0x99, 0x76, 0xcb, 0x2a, 0xb6, 0x5b, 0xec, 0x8c, 0x78, 0x55, 0x10, 0xc7, - 0x8a, 0x8d, 0xfd, 0x37, 0x2d, 0x18, 0x61, 0xc7, 0x6d, 0xb3, 0x24, 0x71, 0x5c, 0xaf, 0xab, 0x48, - 0x94, 0xd5, 0x67, 0x91, 0xa8, 0xf3, 0x30, 0xb0, 0x11, 0xb4, 0x49, 0xf6, 0xa8, 0xf8, 0x72, 0x40, - 0xb7, 0xd5, 0x14, 0x82, 0x9e, 0xa5, 0x1f, 0xde, 0xf5, 0x13, 0x87, 0x2e, 0x01, 0xe9, 0xce, 0x3d, - 0xc1, 0x3f, 0xba, 0x6a, 0xc6, 0x26, 0x8e, 0xfd, 0x5b, 0x35, 0x18, 0x12, 0xf1, 0x04, 0x7d, 0x17, - 0x55, 0x90, 0xfb, 0xfb, 0x52, 0xcf, 0xfd, 0x7d, 0x0c, 0x83, 0x0d, 0x56, 0xad, 0x4e, 0x98, 0x91, - 0x57, 0x0b, 0x09, 0x40, 0xe1, 0x05, 0xf0, 0x74, 0xb7, 0xf8, 0x7f, 0x2c, 0x58, 0xa1, 0x2f, 0x5a, - 0x70, 0xa2, 0x11, 0xf8, 0x3e, 0x69, 0x68, 0x1b, 0x67, 0xa0, 0x88, 0x38, 0x83, 0x99, 0x34, 0x51, - 0x7d, 0xd6, 0x93, 0x01, 0xe0, 0x2c, 0x7b, 0xf4, 0x22, 0x8c, 0xf2, 0x31, 0xbb, 0x91, 0xf2, 0x41, - 0xeb, 0xda, 0x41, 0x26, 0x10, 0xa7, 0x71, 0xd1, 0x24, 0xf7, 0xe5, 0x8b, 0x2a, 0x3d, 0x83, 0xda, - 0x55, 0x67, 0xd4, 0xe7, 0x31, 0x30, 0x50, 0x04, 0x28, 0x22, 0xeb, 0x11, 0x89, 0x37, 0x44, 0xbc, - 0x05, 0xb3, 0xaf, 0x86, 0x0e, 0x97, 0x80, 0x8d, 0xbb, 0x28, 0xe1, 0x1c, 0xea, 0x68, 0x53, 0x6c, - 0x30, 0xab, 0x45, 0xc8, 0x50, 0xf1, 0x99, 0x7b, 0xee, 0x33, 0x27, 0xa0, 0x12, 0x6f, 0x38, 0x51, - 0x93, 0xd9, 0x75, 0x65, 0x9e, 0xf4, 0xb3, 0x42, 0x1b, 0x30, 0x6f, 0x47, 0xb3, 0x70, 0x32, 0x53, - 0xf9, 0x28, 0x16, 0xbe, 0x62, 0x95, 0xe0, 0x91, 0xa9, 0x99, 0x14, 0xe3, 0xae, 0x27, 0x4c, 0xe7, - 0xc3, 0xf0, 0x3e, 0xce, 0x87, 0x1d, 0x15, 0xd5, 0xc7, 0xbd, 0xb8, 0x2f, 0x15, 0x32, 0x00, 0x7d, - 0x85, 0xf0, 0x7d, 0x3e, 0x13, 0xc2, 0x37, 0xca, 0x3a, 0x70, 0xa3, 0x98, 0x0e, 0x1c, 0x3c, 0x5e, - 0xef, 0x7e, 0xc6, 0xdf, 0xfd, 0xb9, 0x05, 0xf2, 0xbb, 0xce, 0x38, 0x8d, 0x0d, 0x42, 0xa7, 0x0c, - 0x7a, 0x1f, 0x8c, 0xa9, 0x2d, 0xf4, 0x4c, 0xd0, 0xf1, 0x79, 0xe8, 0x5d, 0x59, 0x1f, 0x0a, 0xe3, - 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x14, 0xd4, 0xe8, 0x38, 0xf1, 0x47, 0xb9, 0xae, 0x55, 0xdb, 0xf4, - 0xe9, 0xe5, 0x79, 0xf1, 0x94, 0xc6, 0x41, 0x01, 0x9c, 0xf2, 0x9c, 0x38, 0x61, 0x3d, 0xa0, 0x3b, - 0xea, 0x43, 0x96, 0x3f, 0x60, 0x59, 0x04, 0x0b, 0x59, 0x42, 0xb8, 0x9b, 0xb6, 0xfd, 0xed, 0x01, - 0x18, 0x4d, 0x49, 0xc6, 0x03, 0x2a, 0xe9, 0xa7, 0xa1, 0x2a, 0xf5, 0x66, 0xb6, 0x50, 0x8b, 0x52, - 0xae, 0x0a, 0x83, 0x2a, 0xad, 0x35, 0xad, 0x55, 0xb3, 0x46, 0x85, 0xa1, 0x70, 0xb1, 0x89, 0xc7, - 0x84, 0x72, 0xe2, 0xc5, 0x33, 0x9e, 0x4b, 0xfc, 0x84, 0x77, 0xb3, 0x18, 0xa1, 0xbc, 0xba, 0xb0, - 0x62, 0x12, 0xd5, 0x42, 0x39, 0x03, 0xc0, 0x59, 0xf6, 0xe8, 0xd3, 0x16, 0x8c, 0x3a, 0xb7, 0x63, - 0x5d, 0x52, 0x55, 0x04, 0xeb, 0x1d, 0x51, 0x49, 0xa5, 0xaa, 0xb4, 0x72, 0x97, 0x6f, 0xaa, 0x09, - 0xa7, 0x99, 0xa2, 0x37, 0x2d, 0x40, 0x64, 0x9b, 0x34, 0x64, 0x38, 0xa1, 0xe8, 0xcb, 0x60, 0x11, - 0x3b, 0xcd, 0x8b, 0x5d, 0x74, 0xb9, 0x54, 0xef, 0x6e, 0xc7, 0x39, 0x7d, 0xb0, 0xff, 0x79, 0x59, - 0x2d, 0x28, 0x1d, 0xc1, 0xea, 0x18, 0x91, 0x74, 0xd6, 0xe1, 0x23, 0xe9, 0x74, 0x44, 0x42, 0x77, - 0x56, 0x65, 0x2a, 0x09, 0xab, 0x74, 0x9f, 0x92, 0xb0, 0x7e, 0xda, 0x4a, 0x95, 0x24, 0x1a, 0xbe, - 0xf0, 0x72, 0xb1, 0xd1, 0xb3, 0x93, 0x3c, 0x5a, 0x22, 0x23, 0xdd, 0xd3, 0x41, 0x32, 0x54, 0x9a, - 0x1a, 0x68, 0x07, 0x92, 0x86, 0xff, 0xa1, 0x0c, 0xc3, 0x86, 0x26, 0xcd, 0x35, 0x8b, 0xac, 0x07, - 0xcc, 0x2c, 0x2a, 0x1d, 0xc0, 0x2c, 0xfa, 0x29, 0xa8, 0x35, 0xa4, 0x94, 0x2f, 0xa6, 0x28, 0x6f, - 0x56, 0x77, 0x68, 0x41, 0xaf, 0x9a, 0xb0, 0xe6, 0x89, 0xe6, 0x52, 0xa9, 0x3b, 0x42, 0x43, 0x0c, - 0x30, 0x0d, 0x91, 0x97, 0x5b, 0x23, 0x34, 0x45, 0xf7, 0x33, 0xac, 0x72, 0x55, 0xe8, 0x8a, 0xf7, - 0x92, 0x31, 0xee, 0xbc, 0x72, 0xd5, 0xf2, 0xbc, 0x6c, 0xc6, 0x26, 0x8e, 0xfd, 0x6d, 0x4b, 0x7d, - 0xdc, 0x7b, 0x50, 0xa3, 0xe1, 0x56, 0xba, 0x46, 0xc3, 0xc5, 0x42, 0x86, 0xb9, 0x47, 0x71, 0x86, - 0x6b, 0x30, 0x34, 0x13, 0xb4, 0xdb, 0x8e, 0xdf, 0x44, 0x3f, 0x04, 0x43, 0x0d, 0xfe, 0x53, 0x38, - 0x76, 0xd8, 0xf1, 0xa0, 0x80, 0x62, 0x09, 0x43, 0x8f, 0xc2, 0x80, 0x13, 0xb5, 0xa4, 0x33, 0x87, - 0x05, 0xd7, 0x4c, 0x47, 0xad, 0x18, 0xb3, 0x56, 0xfb, 0x1f, 0x0f, 0x00, 0x3b, 0xd3, 0x76, 0x22, - 0xd2, 0x5c, 0x0d, 0x58, 0x51, 0xc0, 0x63, 0x3d, 0x54, 0xd3, 0x9b, 0xa5, 0x07, 0xf9, 0x60, 0xcd, - 0x38, 0x5c, 0x29, 0xdf, 0xe3, 0xc3, 0x95, 0x1e, 0xe7, 0x65, 0x03, 0x0f, 0xd0, 0x79, 0x99, 0xfd, - 0x39, 0x0b, 0x90, 0x0a, 0x84, 0xd0, 0x07, 0xda, 0x53, 0x50, 0x53, 0x21, 0x11, 0xc2, 0xb0, 0xd2, - 0x22, 0x42, 0x02, 0xb0, 0xc6, 0xe9, 0x63, 0x87, 0xfc, 0x84, 0x94, 0xdf, 0xe5, 0x74, 0x5c, 0x2e, - 0x93, 0xfa, 0x42, 0x9c, 0xdb, 0xbf, 0x5d, 0x82, 0x87, 0xb8, 0x4a, 0x5e, 0x74, 0x7c, 0xa7, 0x45, - 0xda, 0xb4, 0x57, 0xfd, 0x86, 0x28, 0x34, 0xe8, 0xd6, 0xcc, 0x95, 0x71, 0xb6, 0x47, 0x5d, 0xbb, - 0x7c, 0xcd, 0xf1, 0x55, 0x36, 0xef, 0xbb, 0x09, 0x66, 0xc4, 0x51, 0x0c, 0x55, 0x59, 0xb1, 0x5e, - 0xc8, 0xe2, 0x82, 0x18, 0x29, 0xb1, 0x24, 0xf4, 0x26, 0xc1, 0x8a, 0x11, 0x35, 0x5c, 0xbd, 0xa0, - 0xb1, 0x89, 0x49, 0x18, 0x30, 0xb9, 0x6b, 0x84, 0x39, 0x2e, 0x88, 0x76, 0xac, 0x30, 0xec, 0xdf, - 0xb6, 0x20, 0xab, 0x91, 0x8c, 0xea, 0x6b, 0xd6, 0x9e, 0xd5, 0xd7, 0x0e, 0x50, 0xfe, 0xec, 0x27, - 0x60, 0xd8, 0x49, 0xa8, 0x11, 0xc1, 0xb7, 0xdd, 0xe5, 0xc3, 0x1d, 0x6b, 0x2c, 0x06, 0x4d, 0x77, - 0xdd, 0x65, 0xdb, 0x6d, 0x93, 0x9c, 0xfd, 0x3f, 0x07, 0xe0, 0x54, 0x57, 0x36, 0x08, 0x7a, 0x01, - 0x46, 0x1a, 0x62, 0x7a, 0x84, 0xd2, 0xa1, 0x55, 0x33, 0xc3, 0xe2, 0x34, 0x0c, 0xa7, 0x30, 0xfb, - 0x98, 0xa0, 0xf3, 0x70, 0x3a, 0xa2, 0x1b, 0xfd, 0x0e, 0x99, 0x5e, 0x4f, 0x48, 0xb4, 0x42, 0x1a, - 0x81, 0xdf, 0xe4, 0x35, 0x02, 0xcb, 0xf5, 0x87, 0xef, 0xec, 0x4e, 0x9c, 0xc6, 0xdd, 0x60, 0x9c, - 0xf7, 0x0c, 0x0a, 0x61, 0xd4, 0x33, 0x6d, 0x40, 0xb1, 0x01, 0x38, 0x94, 0xf9, 0xa8, 0x6c, 0x84, - 0x54, 0x33, 0x4e, 0x33, 0x48, 0x1b, 0x92, 0x95, 0xfb, 0x64, 0x48, 0x7e, 0x4a, 0x1b, 0x92, 0xfc, - 0xfc, 0xfd, 0x43, 0x05, 0x67, 0x03, 0x1d, 0xb7, 0x25, 0xf9, 0x12, 0x54, 0x65, 0x6c, 0x52, 0x5f, - 0x31, 0x3d, 0x26, 0x9d, 0x1e, 0x12, 0xed, 0x49, 0xf8, 0xc1, 0x8b, 0x51, 0x64, 0x0c, 0xe6, 0xb5, - 0x20, 0x99, 0xf6, 0xbc, 0xe0, 0x36, 0x55, 0xd2, 0xd7, 0x63, 0x22, 0x3c, 0x2c, 0xf6, 0xdd, 0x12, - 0xe4, 0x6c, 0x56, 0xe8, 0x7a, 0xd4, 0x96, 0x41, 0x6a, 0x3d, 0x1e, 0xcc, 0x3a, 0x40, 0xdb, 0x3c, - 0x7e, 0x8b, 0xeb, 0xc0, 0x0f, 0x16, 0xbd, 0xd9, 0xd2, 0x21, 0x5d, 0x2a, 0x99, 0x42, 0x85, 0x75, - 0x5d, 0x00, 0xd0, 0x06, 0x9d, 0x08, 0x95, 0x57, 0xc7, 0xc3, 0xda, 0xee, 0xc3, 0x06, 0x16, 0xdd, - 0x7b, 0xbb, 0x7e, 0x9c, 0x38, 0x9e, 0x77, 0xd9, 0xf5, 0x13, 0xe1, 0x44, 0x54, 0xca, 0x7e, 0x5e, - 0x83, 0xb0, 0x89, 0x77, 0xee, 0x3d, 0xc6, 0xf7, 0x3b, 0xc8, 0x77, 0xdf, 0x80, 0x47, 0xe6, 0xdc, - 0x44, 0x25, 0x78, 0xa8, 0xf9, 0x46, 0xed, 0x35, 0x95, 0xb0, 0x64, 0xf5, 0x4c, 0x58, 0x32, 0x12, - 0x2c, 0x4a, 0xe9, 0x7c, 0x90, 0x6c, 0x82, 0x85, 0xfd, 0x02, 0x9c, 0x99, 0x73, 0x93, 0x4b, 0xae, - 0x47, 0x0e, 0xc8, 0xc4, 0xfe, 0xcd, 0x41, 0x18, 0x31, 0x53, 0x04, 0x0f, 0x92, 0x73, 0xf5, 0x05, - 0x6a, 0x92, 0x89, 0xb7, 0x73, 0xd5, 0xe1, 0xda, 0xcd, 0x23, 0xe7, 0x2b, 0xe6, 0x8f, 0x98, 0x61, - 0x95, 0x69, 0x9e, 0xd8, 0xec, 0x00, 0xba, 0x0d, 0x95, 0x75, 0x96, 0x00, 0x50, 0x2e, 0x22, 0x02, - 0x21, 0x6f, 0x44, 0xf5, 0x72, 0xe4, 0x29, 0x04, 0x9c, 0x1f, 0xd5, 0xa4, 0x51, 0x3a, 0xab, 0xcc, - 0x08, 0x5a, 0x15, 0xf9, 0x64, 0x0a, 0xa3, 0x97, 0x4a, 0xa8, 0x1c, 0x42, 0x25, 0xa4, 0x04, 0xf4, - 0xe0, 0x7d, 0x12, 0xd0, 0x2c, 0x99, 0x23, 0xd9, 0x60, 0x76, 0x9e, 0x88, 0xb2, 0x1f, 0x62, 0x83, - 0x60, 0x24, 0x73, 0xa4, 0xc0, 0x38, 0x8b, 0x8f, 0x3e, 0xae, 0x44, 0x7c, 0xb5, 0x08, 0xff, 0xab, - 0x39, 0xa3, 0x8f, 0x5b, 0xba, 0x7f, 0xae, 0x04, 0x63, 0x73, 0x7e, 0x67, 0x79, 0x6e, 0xb9, 0xb3, - 0xe6, 0xb9, 0x8d, 0xab, 0x64, 0x87, 0x8a, 0xf0, 0x4d, 0xb2, 0x33, 0x3f, 0x2b, 0x56, 0x90, 0x9a, - 0x33, 0x57, 0x69, 0x23, 0xe6, 0x30, 0x2a, 0x8c, 0xd6, 0x5d, 0xbf, 0x45, 0xa2, 0x30, 0x72, 0x85, - 0x6b, 0xd4, 0x10, 0x46, 0x97, 0x34, 0x08, 0x9b, 0x78, 0x94, 0x76, 0x70, 0xdb, 0x27, 0x51, 0xd6, - 0xe0, 0x5d, 0xa2, 0x8d, 0x98, 0xc3, 0x28, 0x52, 0x12, 0x75, 0xe2, 0x44, 0x4c, 0x46, 0x85, 0xb4, - 0x4a, 0x1b, 0x31, 0x87, 0xd1, 0x95, 0x1e, 0x77, 0xd6, 0x58, 0x80, 0x47, 0x26, 0xa4, 0x7f, 0x85, - 0x37, 0x63, 0x09, 0xa7, 0xa8, 0x9b, 0x64, 0x67, 0x96, 0xee, 0x8e, 0x33, 0x99, 0x3d, 0x57, 0x79, - 0x33, 0x96, 0x70, 0x56, 0x04, 0x31, 0x3d, 0x1c, 0xdf, 0x73, 0x45, 0x10, 0xd3, 0xdd, 0xef, 0xb1, - 0xcf, 0xfe, 0x65, 0x0b, 0x46, 0xcc, 0xb0, 0x2c, 0xd4, 0xca, 0xd8, 0xc2, 0x4b, 0x5d, 0x35, 0x74, - 0x7f, 0x2c, 0xef, 0x02, 0xb2, 0x96, 0x9b, 0x04, 0x61, 0xfc, 0x0c, 0xf1, 0x5b, 0xae, 0x4f, 0xd8, - 0x69, 0x3b, 0x0f, 0xe7, 0x4a, 0xc5, 0x7c, 0xcd, 0x04, 0x4d, 0x72, 0x08, 0x63, 0xda, 0xbe, 0x09, - 0xa7, 0xba, 0xd2, 0xb9, 0xfa, 0x30, 0x41, 0xf6, 0x4d, 0xa6, 0xb5, 0x31, 0x0c, 0x53, 0xc2, 0xb2, - 0x10, 0xcf, 0x0c, 0x9c, 0xe2, 0x0b, 0x89, 0x72, 0x5a, 0x69, 0x6c, 0x90, 0xb6, 0x4a, 0xd1, 0x63, - 0x7e, 0xf8, 0x1b, 0x59, 0x20, 0xee, 0xc6, 0xb7, 0x3f, 0x6f, 0xc1, 0x68, 0x2a, 0xc3, 0xae, 0x20, - 0x63, 0x89, 0xad, 0xb4, 0x80, 0x45, 0x09, 0xb2, 0x50, 0xe9, 0x32, 0x53, 0xa6, 0x7a, 0xa5, 0x69, - 0x10, 0x36, 0xf1, 0xec, 0x2f, 0x95, 0xa0, 0x2a, 0x23, 0x2d, 0xfa, 0xe8, 0xca, 0x67, 0x2d, 0x18, - 0x55, 0x67, 0x1f, 0xcc, 0xa9, 0x56, 0x2a, 0x22, 0x1d, 0x82, 0xf6, 0x40, 0x6d, 0xcb, 0xfd, 0xf5, - 0x40, 0x5b, 0xee, 0xd8, 0x64, 0x86, 0xd3, 0xbc, 0xd1, 0x0d, 0x80, 0x78, 0x27, 0x4e, 0x48, 0xdb, - 0x70, 0xef, 0xd9, 0xc6, 0x8a, 0x9b, 0x6c, 0x04, 0x11, 0xa1, 0xeb, 0xeb, 0x5a, 0xd0, 0x24, 0x2b, - 0x0a, 0x53, 0x9b, 0x50, 0xba, 0x0d, 0x1b, 0x94, 0xec, 0x7f, 0x58, 0x82, 0x93, 0xd9, 0x2e, 0xa1, - 0x0f, 0xc1, 0x88, 0xe4, 0x6e, 0xdc, 0xa5, 0x26, 0xc3, 0x4b, 0x46, 0xb0, 0x01, 0xbb, 0xbb, 0x3b, - 0x31, 0xd1, 0x7d, 0x99, 0xdd, 0xa4, 0x89, 0x82, 0x53, 0xc4, 0xf8, 0x01, 0x94, 0x38, 0x29, 0xad, - 0xef, 0x4c, 0x87, 0xa1, 0x38, 0x45, 0x32, 0x0e, 0xa0, 0x4c, 0x28, 0xce, 0x60, 0xa3, 0x65, 0x38, - 0x63, 0xb4, 0x5c, 0x23, 0x6e, 0x6b, 0x63, 0x2d, 0x88, 0xe4, 0x0e, 0xec, 0x51, 0x1d, 0x00, 0xd6, - 0x8d, 0x83, 0x73, 0x9f, 0xa4, 0xda, 0xbe, 0xe1, 0x84, 0x4e, 0xc3, 0x4d, 0x76, 0x84, 0xbf, 0x52, - 0xc9, 0xa6, 0x19, 0xd1, 0x8e, 0x15, 0x86, 0xbd, 0x08, 0x03, 0x7d, 0xce, 0xa0, 0xbe, 0x2c, 0xff, - 0x97, 0xa0, 0x4a, 0xc9, 0x49, 0xf3, 0xae, 0x08, 0x92, 0x01, 0x54, 0xe5, 0x1d, 0x27, 0xc8, 0x86, - 0xb2, 0xeb, 0xc8, 0x33, 0x3e, 0xf5, 0x5a, 0xf3, 0x71, 0xdc, 0x61, 0x9b, 0x69, 0x0a, 0x44, 0x4f, - 0x40, 0x99, 0x6c, 0x87, 0xd9, 0xc3, 0xbc, 0x8b, 0xdb, 0xa1, 0x1b, 0x91, 0x98, 0x22, 0x91, 0xed, - 0x10, 0x9d, 0x83, 0x92, 0xdb, 0x14, 0x4a, 0x0a, 0x04, 0x4e, 0x69, 0x7e, 0x16, 0x97, 0xdc, 0xa6, - 0xbd, 0x0d, 0x35, 0x75, 0xa9, 0x0a, 0xda, 0x94, 0xb2, 0xdb, 0x2a, 0x22, 0x34, 0x4a, 0xd2, 0xed, - 0x21, 0xb5, 0x3b, 0x00, 0x3a, 0xd5, 0xb0, 0x28, 0xf9, 0x72, 0x1e, 0x06, 0x1a, 0x81, 0x48, 0x83, - 0xae, 0x6a, 0x32, 0x4c, 0x68, 0x33, 0x88, 0x7d, 0x13, 0xc6, 0xae, 0xfa, 0xc1, 0x6d, 0x56, 0x11, - 0x9e, 0x15, 0x40, 0xa3, 0x84, 0xd7, 0xe9, 0x8f, 0xac, 0x89, 0xc0, 0xa0, 0x98, 0xc3, 0x54, 0x65, - 0xa8, 0x52, 0xaf, 0xca, 0x50, 0xf6, 0x27, 0x2c, 0x18, 0x51, 0x39, 0x4b, 0x73, 0x5b, 0x9b, 0x94, - 0x6e, 0x2b, 0x0a, 0x3a, 0x61, 0x96, 0x2e, 0xbb, 0xf6, 0x08, 0x73, 0x98, 0x99, 0xcc, 0x57, 0xda, - 0x27, 0x99, 0xef, 0x3c, 0x0c, 0x6c, 0xba, 0x7e, 0x33, 0x7b, 0x8f, 0xc7, 0x55, 0xd7, 0x6f, 0x62, - 0x06, 0xa1, 0x5d, 0x38, 0xa9, 0xba, 0x20, 0x15, 0xc2, 0x0b, 0x30, 0xb2, 0xd6, 0x71, 0xbd, 0xa6, - 0xac, 0xec, 0x96, 0xf1, 0xa8, 0xd4, 0x0d, 0x18, 0x4e, 0x61, 0xd2, 0x7d, 0xdd, 0x9a, 0xeb, 0x3b, - 0xd1, 0xce, 0xb2, 0xd6, 0x40, 0x4a, 0x28, 0xd5, 0x15, 0x04, 0x1b, 0x58, 0xf6, 0x1b, 0x65, 0x18, - 0x4b, 0x67, 0x6e, 0xf5, 0xb1, 0xbd, 0x7a, 0x02, 0x2a, 0x2c, 0x99, 0x2b, 0xfb, 0x69, 0x79, 0x31, - 0x34, 0x0e, 0x43, 0x31, 0x0c, 0xf2, 0x32, 0x10, 0xc5, 0xdc, 0x81, 0xa3, 0x3a, 0xa9, 0xfc, 0x30, - 0x2c, 0xee, 0x4c, 0x54, 0x9e, 0x10, 0xac, 0xd0, 0xa7, 0x2d, 0x18, 0x0a, 0x42, 0xb3, 0xa2, 0xd0, - 0x07, 0x8b, 0xcc, 0x6a, 0x13, 0x49, 0x35, 0xc2, 0x22, 0x56, 0x9f, 0x5e, 0x7e, 0x0e, 0xc9, 0xfa, - 0xdc, 0x7b, 0x61, 0xc4, 0xc4, 0xdc, 0xcf, 0x28, 0xae, 0x9a, 0x46, 0xf1, 0x67, 0xcd, 0x49, 0x21, - 0xf2, 0xf6, 0xfa, 0x58, 0x6e, 0xd7, 0xa1, 0xd2, 0x50, 0x81, 0x02, 0x87, 0xaa, 0x07, 0xaa, 0xea, - 0x32, 0xb0, 0xc3, 0x22, 0x4e, 0xcd, 0xfe, 0xb6, 0x65, 0xcc, 0x0f, 0x4c, 0xe2, 0xf9, 0x26, 0x8a, - 0xa0, 0xdc, 0xda, 0xda, 0x14, 0xa6, 0xe8, 0x95, 0x82, 0x86, 0x77, 0x6e, 0x6b, 0x53, 0xcf, 0x71, - 0xb3, 0x15, 0x53, 0x66, 0x7d, 0x38, 0x0b, 0x53, 0xe9, 0x9d, 0xe5, 0xfd, 0xd3, 0x3b, 0xed, 0x37, - 0x4b, 0x70, 0xaa, 0x6b, 0x52, 0xa1, 0xd7, 0xa1, 0x12, 0xd1, 0xb7, 0x14, 0xaf, 0xb7, 0x50, 0x58, - 0x42, 0x66, 0x3c, 0xdf, 0xd4, 0x7a, 0x37, 0xdd, 0x8e, 0x39, 0x4b, 0x74, 0x05, 0x90, 0x0e, 0x67, - 0x51, 0x9e, 0x4a, 0xfe, 0xca, 0xe7, 0xc4, 0xa3, 0x68, 0xba, 0x0b, 0x03, 0xe7, 0x3c, 0x85, 0x5e, - 0xcc, 0x3a, 0x3c, 0xcb, 0xe9, 0xf3, 0xcd, 0xbd, 0x7c, 0x97, 0xf6, 0xbf, 0x28, 0xc1, 0x68, 0xaa, - 0xc0, 0x13, 0xf2, 0xa0, 0x4a, 0x3c, 0xe6, 0xfc, 0x97, 0xca, 0xe6, 0xa8, 0xf5, 0x92, 0x95, 0x82, - 0xbc, 0x28, 0xe8, 0x62, 0xc5, 0xe1, 0xc1, 0x38, 0x84, 0x7f, 0x01, 0x46, 0x64, 0x87, 0x3e, 0xe8, - 0xb4, 0x3d, 0x31, 0x80, 0x6a, 0x8e, 0x5e, 0x34, 0x60, 0x38, 0x85, 0x69, 0xff, 0x4e, 0x19, 0xc6, - 0xf9, 0x69, 0x49, 0x53, 0xcd, 0xbc, 0x45, 0xb9, 0xdf, 0xfa, 0xab, 0xba, 0x0c, 0x1b, 0x1f, 0xc8, - 0xb5, 0xa3, 0x5e, 0x4f, 0x90, 0xcf, 0xa8, 0xaf, 0x08, 0xae, 0xaf, 0x66, 0x22, 0xb8, 0xb8, 0xd9, - 0xdd, 0x3a, 0xa6, 0x1e, 0x7d, 0x6f, 0x85, 0x74, 0xfd, 0xbd, 0x12, 0x9c, 0xc8, 0xdc, 0xfd, 0x80, - 0xde, 0x48, 0x97, 0x0b, 0xb6, 0x8a, 0xf0, 0xa9, 0xef, 0x79, 0x1d, 0xc0, 0xc1, 0x8a, 0x06, 0xdf, - 0xa7, 0xa5, 0x62, 0xff, 0x41, 0x09, 0xc6, 0xd2, 0x97, 0x56, 0x3c, 0x80, 0x23, 0xf5, 0x2e, 0xa8, - 0xb1, 0xba, 0xec, 0xec, 0x32, 0x4e, 0xee, 0x92, 0xe7, 0x25, 0xb0, 0x65, 0x23, 0xd6, 0xf0, 0x07, - 0xa2, 0x16, 0xb3, 0xfd, 0xf7, 0x2d, 0x38, 0xcb, 0xdf, 0x32, 0x3b, 0x0f, 0xff, 0x5a, 0xde, 0xe8, - 0xbe, 0x52, 0x6c, 0x07, 0x33, 0xe5, 0x03, 0xf7, 0x1b, 0x5f, 0x76, 0x09, 0xa0, 0xe8, 0x6d, 0x7a, - 0x2a, 0x3c, 0x80, 0x9d, 0x3d, 0xd0, 0x64, 0xb0, 0xff, 0xa0, 0x0c, 0xfa, 0xde, 0x43, 0xe4, 0x8a, - 0x5c, 0xc8, 0x42, 0xca, 0x28, 0xae, 0xec, 0xf8, 0x0d, 0x7d, 0xc3, 0x62, 0x35, 0x93, 0x0a, 0xf9, - 0x73, 0x16, 0x0c, 0xbb, 0xbe, 0x9b, 0xb8, 0x0e, 0xdb, 0x46, 0x17, 0x73, 0x27, 0x9b, 0x62, 0x37, - 0xcf, 0x29, 0x07, 0x91, 0x79, 0x8e, 0xa3, 0x98, 0x61, 0x93, 0x33, 0xfa, 0x88, 0x08, 0xb2, 0x2e, - 0x17, 0x96, 0xc5, 0x5b, 0xcd, 0x44, 0x56, 0x87, 0xd4, 0xf0, 0x4a, 0xa2, 0x82, 0x92, 0xdf, 0x31, - 0x25, 0xa5, 0x2a, 0xf2, 0xea, 0x1b, 0xa8, 0x69, 0x33, 0xe6, 0x8c, 0xec, 0x18, 0x50, 0xf7, 0x58, - 0x1c, 0x30, 0x80, 0x75, 0x0a, 0x6a, 0x4e, 0x27, 0x09, 0xda, 0x74, 0x98, 0xc4, 0x51, 0x93, 0x0e, - 0xd1, 0x95, 0x00, 0xac, 0x71, 0xec, 0x37, 0x2a, 0x90, 0x49, 0x4e, 0x44, 0xdb, 0xe6, 0x9d, 0x9d, - 0x56, 0xb1, 0x77, 0x76, 0xaa, 0xce, 0xe4, 0xdd, 0xdb, 0x89, 0x5a, 0x50, 0x09, 0x37, 0x9c, 0x58, - 0x9a, 0xd5, 0x2f, 0xa9, 0x7d, 0x1c, 0x6d, 0xbc, 0xbb, 0x3b, 0xf1, 0xe3, 0xfd, 0x79, 0x5d, 0xe9, - 0x5c, 0x9d, 0xe2, 0x65, 0x4e, 0x34, 0x6b, 0x46, 0x03, 0x73, 0xfa, 0x07, 0xb9, 0x95, 0xee, 0x93, - 0xa2, 0x00, 0x3d, 0x26, 0x71, 0xc7, 0x4b, 0xc4, 0x6c, 0x78, 0xa9, 0xc0, 0x55, 0xc6, 0x09, 0xeb, - 0xb4, 0x7a, 0xfe, 0x1f, 0x1b, 0x4c, 0xd1, 0x87, 0xa0, 0x16, 0x27, 0x4e, 0x94, 0x1c, 0x32, 0x11, - 0x56, 0x0d, 0xfa, 0x8a, 0x24, 0x82, 0x35, 0x3d, 0xf4, 0x32, 0xab, 0x2a, 0xeb, 0xc6, 0x1b, 0x87, - 0xcc, 0x8d, 0x90, 0x15, 0x68, 0x05, 0x05, 0x6c, 0x50, 0x43, 0x17, 0x00, 0xd8, 0xdc, 0xe6, 0x01, - 0x81, 0x55, 0xe6, 0x65, 0x52, 0xa2, 0x10, 0x2b, 0x08, 0x36, 0xb0, 0xec, 0x1f, 0x86, 0x74, 0x5d, - 0x08, 0x34, 0x21, 0xcb, 0x50, 0x70, 0x2f, 0x34, 0xcb, 0x71, 0x48, 0x55, 0x8c, 0xf8, 0x75, 0x0b, - 0xcc, 0xe2, 0x15, 0xe8, 0x35, 0x5e, 0x25, 0xc3, 0x2a, 0xe2, 0xe4, 0xd0, 0xa0, 0x3b, 0xb9, 0xe8, - 0x84, 0x99, 0x23, 0x6c, 0x59, 0x2a, 0xe3, 0xdc, 0x7b, 0xa0, 0x2a, 0xa1, 0x07, 0x32, 0xea, 0x3e, - 0x0e, 0xa7, 0xb3, 0x37, 0x9a, 0x8b, 0x53, 0xa7, 0xfd, 0x5d, 0x3f, 0xd2, 0x9f, 0x53, 0xea, 0xe5, - 0xcf, 0xe9, 0xe3, 0xe6, 0xd6, 0xdf, 0xb0, 0xe0, 0xfc, 0x7e, 0x17, 0xaf, 0xa3, 0x47, 0x61, 0xe0, - 0xb6, 0x13, 0xc9, 0x72, 0xdf, 0x4c, 0x50, 0xde, 0x74, 0x22, 0x1f, 0xb3, 0x56, 0xb4, 0x03, 0x83, - 0x3c, 0x6a, 0x4c, 0x58, 0xeb, 0x2f, 0x15, 0x7b, 0x0d, 0xfc, 0x55, 0x62, 0x6c, 0x17, 0x78, 0xc4, - 0x1a, 0x16, 0x0c, 0xed, 0xef, 0x58, 0x80, 0x96, 0xb6, 0x48, 0x14, 0xb9, 0x4d, 0x23, 0xce, 0x8d, - 0x5d, 0xe4, 0x62, 0x5c, 0xd8, 0x62, 0xa6, 0xc2, 0x66, 0x2e, 0x72, 0x31, 0xfe, 0xe5, 0x5f, 0xe4, - 0x52, 0x3a, 0xd8, 0x45, 0x2e, 0x68, 0x09, 0xce, 0xb6, 0xf9, 0x76, 0x83, 0x5f, 0x8e, 0xc0, 0xf7, - 0x1e, 0x2a, 0xf1, 0xec, 0x91, 0x3b, 0xbb, 0x13, 0x67, 0x17, 0xf3, 0x10, 0x70, 0xfe, 0x73, 0xf6, - 0x7b, 0x00, 0xf1, 0xf0, 0xb6, 0x99, 0xbc, 0x58, 0xa5, 0x9e, 0xee, 0x17, 0xfb, 0x2b, 0x15, 0x38, - 0x91, 0x29, 0x06, 0x4b, 0xb7, 0x7a, 0xdd, 0xc1, 0x51, 0x47, 0xd6, 0xdf, 0xdd, 0xdd, 0xeb, 0x2b, - 0xdc, 0xca, 0x87, 0x8a, 0xeb, 0x87, 0x9d, 0xa4, 0x98, 0x5c, 0x53, 0xde, 0x89, 0x79, 0x4a, 0xd0, - 0x70, 0x17, 0xd3, 0xbf, 0x98, 0xb3, 0x29, 0x32, 0x78, 0x2b, 0x65, 0x8c, 0x0f, 0xdc, 0x27, 0x77, - 0xc0, 0x27, 0x75, 0x28, 0x55, 0xa5, 0x08, 0xc7, 0x62, 0x66, 0xb2, 0x1c, 0xf7, 0x51, 0xfb, 0xaf, - 0x95, 0x60, 0xd8, 0xf8, 0x68, 0xe8, 0x97, 0xd2, 0xa5, 0x9d, 0xac, 0xe2, 0x5e, 0x89, 0xd1, 0x9f, - 0xd4, 0xc5, 0x9b, 0xf8, 0x2b, 0x3d, 0xd9, 0x5d, 0xd5, 0xe9, 0xee, 0xee, 0xc4, 0xc9, 0x4c, 0xdd, - 0xa6, 0x54, 0xa5, 0xa7, 0x73, 0x1f, 0x83, 0x13, 0x19, 0x32, 0x39, 0xaf, 0xbc, 0x9a, 0xbe, 0xb0, - 0xfe, 0x88, 0x6e, 0x29, 0x73, 0xc8, 0xbe, 0x41, 0x87, 0x4c, 0xa4, 0xdb, 0x05, 0x1e, 0xe9, 0xc3, - 0x07, 0x9b, 0xc9, 0xaa, 0x2d, 0xf5, 0x99, 0x55, 0xfb, 0x14, 0x54, 0xc3, 0xc0, 0x73, 0x1b, 0xae, - 0xaa, 0x7f, 0xc8, 0xf2, 0x78, 0x97, 0x45, 0x1b, 0x56, 0x50, 0x74, 0x1b, 0x6a, 0xea, 0x6e, 0x7f, - 0xe1, 0xdf, 0x2e, 0xea, 0xd0, 0x47, 0x19, 0x2d, 0xfa, 0xce, 0x7e, 0xcd, 0x0b, 0xd9, 0x30, 0xc8, - 0x94, 0xa0, 0x4c, 0x11, 0x60, 0xbe, 0x77, 0xa6, 0x1d, 0x63, 0x2c, 0x20, 0xf6, 0xd7, 0x6b, 0x70, - 0x26, 0xaf, 0x22, 0x37, 0xfa, 0x28, 0x0c, 0xf2, 0x3e, 0x16, 0x73, 0xe9, 0x43, 0x1e, 0x8f, 0x39, - 0x46, 0x50, 0x74, 0x8b, 0xfd, 0xc6, 0x82, 0xa7, 0xe0, 0xee, 0x39, 0x6b, 0x62, 0x86, 0x1c, 0x0f, - 0xf7, 0x05, 0x47, 0x73, 0x5f, 0x70, 0x38, 0x77, 0xcf, 0x59, 0x43, 0xdb, 0x50, 0x69, 0xb9, 0x09, - 0x71, 0x84, 0x13, 0xe1, 0xe6, 0xb1, 0x30, 0x27, 0x0e, 0xb7, 0xd2, 0xd8, 0x4f, 0xcc, 0x19, 0xa2, - 0xaf, 0x59, 0x70, 0x62, 0x2d, 0x9d, 0x42, 0x2f, 0x84, 0xa7, 0x73, 0x0c, 0x55, 0xd7, 0xd3, 0x8c, - 0xf8, 0x4d, 0x46, 0x99, 0x46, 0x9c, 0xed, 0x0e, 0xfa, 0x94, 0x05, 0x43, 0xeb, 0xae, 0x67, 0x14, - 0xe0, 0x3d, 0x86, 0x8f, 0x73, 0x89, 0x31, 0xd0, 0x3b, 0x0e, 0xfe, 0x3f, 0xc6, 0x92, 0x73, 0x2f, - 0x4d, 0x35, 0x78, 0x54, 0x4d, 0x35, 0x74, 0x9f, 0x34, 0xd5, 0x67, 0x2c, 0xa8, 0xa9, 0x91, 0x16, - 0x69, 0xd1, 0x1f, 0x3a, 0xc6, 0x4f, 0xce, 0x3d, 0x27, 0xea, 0x2f, 0xd6, 0xcc, 0xd1, 0x17, 0x2d, - 0x18, 0x76, 0x5e, 0xef, 0x44, 0xa4, 0x49, 0xb6, 0x82, 0x30, 0x16, 0xd7, 0x20, 0xbe, 0x52, 0x7c, - 0x67, 0xa6, 0x29, 0x93, 0x59, 0xb2, 0xb5, 0x14, 0xc6, 0x22, 0x7d, 0x49, 0x37, 0x60, 0xb3, 0x0b, - 0xf6, 0x6e, 0x09, 0x26, 0xf6, 0xa1, 0x80, 0x5e, 0x80, 0x91, 0x20, 0x6a, 0x39, 0xbe, 0xfb, 0xba, - 0x59, 0x13, 0x43, 0x59, 0x59, 0x4b, 0x06, 0x0c, 0xa7, 0x30, 0xcd, 0xc4, 0xed, 0xd2, 0x3e, 0x89, - 0xdb, 0xe7, 0x61, 0x20, 0x22, 0x61, 0x90, 0xdd, 0x2c, 0xb0, 0xd4, 0x01, 0x06, 0x41, 0x8f, 0x41, - 0xd9, 0x09, 0x5d, 0x11, 0x88, 0xa6, 0xf6, 0x40, 0xd3, 0xcb, 0xf3, 0x98, 0xb6, 0xa7, 0xea, 0x48, - 0x54, 0xee, 0x49, 0x1d, 0x09, 0xaa, 0x06, 0xc4, 0xd9, 0xc5, 0xa0, 0x56, 0x03, 0xe9, 0x33, 0x05, - 0xfb, 0xcd, 0x32, 0x3c, 0xb6, 0xe7, 0x7c, 0xd1, 0x71, 0x78, 0xd6, 0x1e, 0x71, 0x78, 0x72, 0x78, - 0x4a, 0xfb, 0x0d, 0x4f, 0xb9, 0xc7, 0xf0, 0x7c, 0x8a, 0x2e, 0x03, 0x59, 0x4b, 0xa4, 0x98, 0x8b, - 0xec, 0x7a, 0x95, 0x26, 0x11, 0x2b, 0x40, 0x42, 0xb1, 0xe6, 0x4b, 0xf7, 0x00, 0xa9, 0xa4, 0xe5, - 0x4a, 0x11, 0x6a, 0xa0, 0x67, 0x6d, 0x11, 0x3e, 0xf7, 0x7b, 0x65, 0x42, 0xdb, 0x3f, 0x5f, 0x82, - 0x27, 0xfa, 0x90, 0xde, 0xe6, 0x2c, 0xb6, 0xfa, 0x9c, 0xc5, 0xdf, 0xdb, 0x9f, 0xc9, 0xfe, 0xeb, - 0x16, 0x9c, 0xeb, 0xad, 0x3c, 0xd0, 0xb3, 0x30, 0xbc, 0x16, 0x39, 0x7e, 0x63, 0x83, 0x5d, 0xce, - 0x29, 0x07, 0x85, 0x8d, 0xb5, 0x6e, 0xc6, 0x26, 0x0e, 0xdd, 0xde, 0xf2, 0x98, 0x04, 0x03, 0x43, - 0x26, 0x99, 0xd2, 0xed, 0xed, 0x6a, 0x16, 0x88, 0xbb, 0xf1, 0xed, 0x3f, 0x2b, 0xe5, 0x77, 0x8b, - 0x1b, 0x19, 0x07, 0xf9, 0x4e, 0xe2, 0x2b, 0x94, 0xfa, 0x90, 0x25, 0xe5, 0x7b, 0x2d, 0x4b, 0x06, - 0x7a, 0xc9, 0x12, 0x34, 0x0b, 0x27, 0x8d, 0xcb, 0x5b, 0x78, 0xe2, 0x30, 0x0f, 0xb8, 0x55, 0xd5, - 0x34, 0x96, 0x33, 0x70, 0xdc, 0xf5, 0x04, 0x7a, 0x1a, 0xaa, 0xae, 0x1f, 0x93, 0x46, 0x27, 0xe2, - 0x81, 0xde, 0x46, 0xb2, 0xd6, 0xbc, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0xe5, 0x12, 0x3c, 0xd2, 0xd3, - 0xce, 0xba, 0x47, 0xb2, 0xcb, 0xfc, 0x1c, 0x03, 0xf7, 0xe6, 0x73, 0x98, 0x83, 0x54, 0xd9, 0x77, - 0x90, 0xfe, 0xb0, 0xf7, 0xc4, 0xa4, 0x36, 0xf7, 0xf7, 0xed, 0x28, 0xbd, 0x08, 0xa3, 0x4e, 0x18, - 0x72, 0x3c, 0x16, 0xaf, 0x99, 0xa9, 0xa6, 0x33, 0x6d, 0x02, 0x71, 0x1a, 0xb7, 0x2f, 0xed, 0xf9, - 0xc7, 0x16, 0xd4, 0x30, 0x59, 0xe7, 0xd2, 0x01, 0xdd, 0x12, 0x43, 0x64, 0x15, 0x51, 0x77, 0x93, - 0x0e, 0x6c, 0xec, 0xb2, 0x7a, 0x94, 0x79, 0x83, 0xdd, 0x7d, 0xc9, 0x4f, 0xe9, 0x40, 0x97, 0xfc, - 0xa8, 0x6b, 0x5e, 0xca, 0xbd, 0xaf, 0x79, 0xb1, 0xbf, 0x31, 0x44, 0x5f, 0x2f, 0x0c, 0x66, 0x22, - 0xd2, 0x8c, 0xe9, 0xf7, 0xed, 0x44, 0x9e, 0x98, 0x24, 0xea, 0xfb, 0x5e, 0xc7, 0x0b, 0x98, 0xb6, - 0xa7, 0x8e, 0x62, 0x4a, 0x07, 0xaa, 0x25, 0x52, 0xde, 0xb7, 0x96, 0xc8, 0x8b, 0x30, 0x1a, 0xc7, - 0x1b, 0xcb, 0x91, 0xbb, 0xe5, 0x24, 0xe4, 0x2a, 0xd9, 0x11, 0x56, 0x96, 0xce, 0xff, 0x5f, 0xb9, - 0xac, 0x81, 0x38, 0x8d, 0x8b, 0xe6, 0xe0, 0x94, 0xae, 0xe8, 0x41, 0xa2, 0x84, 0x45, 0xf7, 0xf3, - 0x99, 0xa0, 0x92, 0x7d, 0x75, 0x0d, 0x10, 0x81, 0x80, 0xbb, 0x9f, 0xa1, 0xf2, 0x2d, 0xd5, 0x48, - 0x3b, 0x32, 0x98, 0x96, 0x6f, 0x29, 0x3a, 0xb4, 0x2f, 0x5d, 0x4f, 0xa0, 0x45, 0x38, 0xcd, 0x27, - 0xc6, 0x74, 0x18, 0x1a, 0x6f, 0x34, 0x94, 0xae, 0x77, 0x38, 0xd7, 0x8d, 0x82, 0xf3, 0x9e, 0x43, - 0xcf, 0xc3, 0xb0, 0x6a, 0x9e, 0x9f, 0x15, 0xa7, 0x08, 0xca, 0x8b, 0xa1, 0xc8, 0xcc, 0x37, 0xb1, - 0x89, 0x87, 0x3e, 0x08, 0x0f, 0xeb, 0xbf, 0x3c, 0x05, 0x8c, 0x1f, 0xad, 0xcd, 0x8a, 0x62, 0x49, - 0xea, 0x52, 0x91, 0xb9, 0x5c, 0xb4, 0x26, 0xee, 0xf5, 0x3c, 0x5a, 0x83, 0x73, 0x0a, 0x74, 0xd1, - 0x4f, 0x58, 0x3e, 0x47, 0x4c, 0xea, 0x4e, 0x4c, 0xae, 0x47, 0x9e, 0xb8, 0x95, 0x55, 0xdd, 0xf7, - 0x38, 0xe7, 0x26, 0x97, 0xf3, 0x30, 0xf1, 0x02, 0xde, 0x83, 0x0a, 0x9a, 0x82, 0x1a, 0xf1, 0x9d, - 0x35, 0x8f, 0x2c, 0xcd, 0xcc, 0xb3, 0xa2, 0x4b, 0xc6, 0x49, 0xde, 0x45, 0x09, 0xc0, 0x1a, 0x47, - 0x45, 0x98, 0x8e, 0xf4, 0xbc, 0x7b, 0x74, 0x19, 0xce, 0xb4, 0x1a, 0x21, 0xb5, 0x3d, 0xdc, 0x06, - 0x99, 0x6e, 0xb0, 0x80, 0x3a, 0xfa, 0x61, 0x78, 0x21, 0x4a, 0x15, 0x3e, 0x3d, 0x37, 0xb3, 0xdc, - 0x85, 0x83, 0x73, 0x9f, 0x64, 0x81, 0x97, 0x51, 0xb0, 0xbd, 0x33, 0x7e, 0x3a, 0x13, 0x78, 0x49, - 0x1b, 0x31, 0x87, 0xa1, 0x2b, 0x80, 0x58, 0x2c, 0xfe, 0xe5, 0x24, 0x09, 0x95, 0xb1, 0x33, 0x7e, - 0x86, 0xbd, 0x92, 0x0a, 0x23, 0xbb, 0xd4, 0x85, 0x81, 0x73, 0x9e, 0xb2, 0xff, 0xa3, 0x05, 0xa3, - 0x6a, 0xbd, 0xde, 0x83, 0x6c, 0x14, 0x2f, 0x9d, 0x8d, 0x32, 0x77, 0x74, 0x89, 0xc7, 0x7a, 0xde, - 0x23, 0xa4, 0xf9, 0x67, 0x86, 0x01, 0xb4, 0x54, 0x54, 0x0a, 0xc9, 0xea, 0xa9, 0x90, 0x1e, 0x58, - 0x89, 0x94, 0x57, 0x61, 0xa5, 0x72, 0x7f, 0x2b, 0xac, 0xac, 0xc0, 0x59, 0x69, 0x2e, 0xf0, 0xb3, - 0xa2, 0xcb, 0x41, 0xac, 0x04, 0x5c, 0xb5, 0xfe, 0x98, 0x20, 0x74, 0x76, 0x3e, 0x0f, 0x09, 0xe7, - 0x3f, 0x9b, 0xb2, 0x52, 0x86, 0xf6, 0xb3, 0x52, 0xf4, 0x9a, 0x5e, 0x58, 0x97, 0xb7, 0x87, 0x64, - 0xd6, 0xf4, 0xc2, 0xa5, 0x15, 0xac, 0x71, 0xf2, 0x05, 0x7b, 0xad, 0x20, 0xc1, 0x0e, 0x07, 0x16, - 0xec, 0x52, 0xc4, 0x0c, 0xf7, 0x14, 0x31, 0xd2, 0x27, 0x3d, 0xd2, 0xd3, 0x27, 0xfd, 0x3e, 0x18, - 0x73, 0xfd, 0x0d, 0x12, 0xb9, 0x09, 0x69, 0xb2, 0xb5, 0xc0, 0xc4, 0x4f, 0x55, 0xab, 0xf5, 0xf9, - 0x14, 0x14, 0x67, 0xb0, 0xd3, 0x72, 0x71, 0xac, 0x0f, 0xb9, 0xd8, 0x43, 0x1b, 0x9d, 0x28, 0x46, - 0x1b, 0x9d, 0x3c, 0xba, 0x36, 0x3a, 0x75, 0xac, 0xda, 0x08, 0x15, 0xa2, 0x8d, 0xfa, 0x12, 0xf4, - 0xc6, 0xf6, 0xef, 0xcc, 0x3e, 0xdb, 0xbf, 0x5e, 0xaa, 0xe8, 0xec, 0xa1, 0x55, 0x51, 0xbe, 0x96, - 0x79, 0xe8, 0x50, 0x5a, 0xe6, 0x33, 0x25, 0x38, 0xab, 0xe5, 0x30, 0x9d, 0xfd, 0xee, 0x3a, 0x95, - 0x44, 0xec, 0x02, 0x2a, 0x7e, 0x6e, 0x63, 0x24, 0x47, 0xe9, 0x3c, 0x2b, 0x05, 0xc1, 0x06, 0x16, - 0xcb, 0x31, 0x22, 0x11, 0x2b, 0xb7, 0x9b, 0x15, 0xd2, 0x33, 0xa2, 0x1d, 0x2b, 0x0c, 0x3a, 0xbf, - 0xe8, 0x6f, 0x91, 0xb7, 0x99, 0x2d, 0x2a, 0x37, 0xa3, 0x41, 0xd8, 0xc4, 0x43, 0x4f, 0x71, 0x26, - 0x4c, 0x40, 0x50, 0x41, 0x3d, 0x22, 0x6e, 0xa4, 0x95, 0x32, 0x41, 0x41, 0x65, 0x77, 0x58, 0x32, - 0x59, 0xa5, 0xbb, 0x3b, 0x2c, 0x04, 0x4a, 0x61, 0xd8, 0xff, 0xcb, 0x82, 0x47, 0x72, 0x87, 0xe2, - 0x1e, 0x28, 0xdf, 0xed, 0xb4, 0xf2, 0x5d, 0x29, 0x6a, 0xbb, 0x61, 0xbc, 0x45, 0x0f, 0x45, 0xfc, - 0xef, 0x2d, 0x18, 0xd3, 0xf8, 0xf7, 0xe0, 0x55, 0xdd, 0xf4, 0xab, 0x16, 0xb7, 0xb3, 0xaa, 0x75, - 0xbd, 0xdb, 0xef, 0x94, 0x40, 0x15, 0x7a, 0x9c, 0x6e, 0xc8, 0x32, 0xba, 0xfb, 0x9c, 0x24, 0xee, - 0xc0, 0x20, 0x3b, 0x08, 0x8d, 0x8b, 0x09, 0xf2, 0x48, 0xf3, 0x67, 0x87, 0xaa, 0xfa, 0x90, 0x99, - 0xfd, 0x8d, 0xb1, 0x60, 0xc8, 0x8a, 0x41, 0xbb, 0x31, 0x95, 0xe6, 0x4d, 0x91, 0x96, 0xa5, 0x8b, - 0x41, 0x8b, 0x76, 0xac, 0x30, 0xa8, 0x7a, 0x70, 0x1b, 0x81, 0x3f, 0xe3, 0x39, 0xb1, 0xbc, 0x75, - 0x51, 0xa9, 0x87, 0x79, 0x09, 0xc0, 0x1a, 0x87, 0x9d, 0x91, 0xba, 0x71, 0xe8, 0x39, 0x3b, 0xc6, - 0xfe, 0xd9, 0xa8, 0x4f, 0xa0, 0x40, 0xd8, 0xc4, 0xb3, 0xdb, 0x30, 0x9e, 0x7e, 0x89, 0x59, 0xb2, - 0xce, 0x02, 0x14, 0xfb, 0x1a, 0xce, 0x29, 0xa8, 0x39, 0xec, 0xa9, 0x85, 0x8e, 0x93, 0xbd, 0x2c, - 0x7d, 0x5a, 0x02, 0xb0, 0xc6, 0xb1, 0x7f, 0xd5, 0x82, 0xd3, 0x39, 0x83, 0x56, 0x60, 0xda, 0x5b, - 0xa2, 0xa5, 0x4d, 0x9e, 0x62, 0x7f, 0x27, 0x0c, 0x35, 0xc9, 0xba, 0x23, 0x43, 0xe0, 0x0c, 0xd9, - 0x3e, 0xcb, 0x9b, 0xb1, 0x84, 0xdb, 0xff, 0xc3, 0x82, 0x13, 0xe9, 0xbe, 0xc6, 0x2c, 0x95, 0x84, - 0x0f, 0x93, 0x1b, 0x37, 0x82, 0x2d, 0x12, 0xed, 0xd0, 0x37, 0xb7, 0x32, 0xa9, 0x24, 0x5d, 0x18, - 0x38, 0xe7, 0x29, 0x56, 0xe6, 0xb5, 0xa9, 0x46, 0x5b, 0xce, 0xc8, 0x1b, 0x45, 0xce, 0x48, 0xfd, - 0x31, 0xcd, 0xe3, 0x72, 0xc5, 0x12, 0x9b, 0xfc, 0xed, 0xef, 0x0c, 0x80, 0xca, 0x8b, 0x65, 0xf1, - 0x47, 0x05, 0x45, 0x6f, 0x1d, 0x34, 0x83, 0x48, 0x4d, 0x86, 0x81, 0xbd, 0x02, 0x02, 0xb8, 0x97, - 0xc4, 0x74, 0x5d, 0xaa, 0x37, 0x5c, 0xd5, 0x20, 0x6c, 0xe2, 0xd1, 0x9e, 0x78, 0xee, 0x16, 0xe1, - 0x0f, 0x0d, 0xa6, 0x7b, 0xb2, 0x20, 0x01, 0x58, 0xe3, 0xd0, 0x9e, 0x34, 0xdd, 0xf5, 0x75, 0xb1, - 0xe5, 0x57, 0x3d, 0xa1, 0xa3, 0x83, 0x19, 0x84, 0x57, 0xee, 0x0e, 0x36, 0x85, 0x15, 0x6c, 0x54, - 0xee, 0x0e, 0x36, 0x31, 0x83, 0x50, 0xbb, 0xcd, 0x0f, 0xa2, 0x36, 0xbb, 0xcc, 0xbe, 0xa9, 0xb8, - 0x08, 0xeb, 0x57, 0xd9, 0x6d, 0xd7, 0xba, 0x51, 0x70, 0xde, 0x73, 0x74, 0x06, 0x86, 0x11, 0x69, - 0xba, 0x8d, 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xdc, 0x85, 0x81, 0x73, 0x9e, 0x42, 0xd3, 0x70, - 0x42, 0xe6, 0x35, 0xcb, 0xaa, 0x35, 0xc3, 0xe9, 0x2a, 0x19, 0x38, 0x0d, 0xc6, 0x59, 0x7c, 0x2a, - 0xd5, 0xda, 0xa2, 0xb0, 0x15, 0x33, 0x96, 0x0d, 0xa9, 0x26, 0x0b, 0x5e, 0x61, 0x85, 0x61, 0x7f, - 0xb2, 0x4c, 0xb5, 0x70, 0x8f, 0x82, 0x6e, 0xf7, 0x2c, 0x5a, 0x30, 0x3d, 0x23, 0x07, 0xfa, 0x98, - 0x91, 0xcf, 0xc1, 0xc8, 0xad, 0x38, 0xf0, 0x55, 0x24, 0x5e, 0xa5, 0x67, 0x24, 0x9e, 0x81, 0x95, - 0x1f, 0x89, 0x37, 0x58, 0x54, 0x24, 0xde, 0xd0, 0x21, 0x23, 0xf1, 0xbe, 0x55, 0x01, 0x75, 0x85, - 0xc8, 0x35, 0x92, 0xdc, 0x0e, 0xa2, 0x4d, 0xd7, 0x6f, 0xb1, 0x7c, 0xf0, 0xaf, 0x59, 0x30, 0xc2, - 0xd7, 0xcb, 0x82, 0x99, 0x49, 0xb5, 0x5e, 0xd0, 0xdd, 0x14, 0x29, 0x66, 0x93, 0xab, 0x06, 0xa3, - 0xcc, 0xa5, 0x9f, 0x26, 0x08, 0xa7, 0x7a, 0x84, 0x3e, 0x06, 0x20, 0xfd, 0xa3, 0xeb, 0x52, 0x64, - 0xce, 0x17, 0xd3, 0x3f, 0x4c, 0xd6, 0xb5, 0x0d, 0xbc, 0xaa, 0x98, 0x60, 0x83, 0x21, 0xfa, 0x8c, - 0xce, 0x32, 0xe3, 0x21, 0xfb, 0x1f, 0x39, 0x96, 0xb1, 0xe9, 0x27, 0xc7, 0x0c, 0xc3, 0x90, 0xeb, - 0xb7, 0xe8, 0x3c, 0x11, 0x11, 0x4b, 0xef, 0xc8, 0xab, 0xa5, 0xb0, 0x10, 0x38, 0xcd, 0xba, 0xe3, - 0x39, 0x7e, 0x83, 0x44, 0xf3, 0x1c, 0xdd, 0xbc, 0xea, 0x9a, 0x35, 0x60, 0x49, 0xa8, 0xeb, 0xf2, - 0x95, 0x4a, 0x3f, 0x97, 0xaf, 0x9c, 0x7b, 0x3f, 0x9c, 0xea, 0xfa, 0x98, 0x07, 0x4a, 0x29, 0x3b, - 0x7c, 0x36, 0x9a, 0xfd, 0x2f, 0x07, 0xb5, 0xd2, 0xba, 0x16, 0x34, 0xf9, 0x15, 0x20, 0x91, 0xfe, - 0xa2, 0xc2, 0xc6, 0x2d, 0x70, 0x8a, 0x18, 0xd7, 0x65, 0xab, 0x46, 0x6c, 0xb2, 0xa4, 0x73, 0x34, - 0x74, 0x22, 0xe2, 0x1f, 0xf7, 0x1c, 0x5d, 0x56, 0x4c, 0xb0, 0xc1, 0x10, 0x6d, 0xa4, 0x72, 0x4a, - 0x2e, 0x1d, 0x3d, 0xa7, 0x84, 0x55, 0x99, 0xca, 0xab, 0xda, 0xff, 0x45, 0x0b, 0xc6, 0xfc, 0xd4, - 0xcc, 0x2d, 0x26, 0x8c, 0x34, 0x7f, 0x55, 0xf0, 0x1b, 0xa8, 0xd2, 0x6d, 0x38, 0xc3, 0x3f, 0x4f, - 0xa5, 0x55, 0x0e, 0xa8, 0xd2, 0xf4, 0x5d, 0x42, 0x83, 0xbd, 0xee, 0x12, 0x42, 0xbe, 0xba, 0x4c, - 0x6d, 0xa8, 0xf0, 0xcb, 0xd4, 0x20, 0xe7, 0x22, 0xb5, 0x9b, 0x50, 0x6b, 0x44, 0xc4, 0x49, 0x0e, - 0x79, 0xaf, 0x16, 0x3b, 0xa0, 0x9f, 0x91, 0x04, 0xb0, 0xa6, 0x65, 0xff, 0xdf, 0x01, 0x38, 0x29, - 0x47, 0x44, 0x86, 0xa0, 0x53, 0xfd, 0xc8, 0xf9, 0x6a, 0xe3, 0x56, 0xe9, 0xc7, 0xcb, 0x12, 0x80, - 0x35, 0x0e, 0xb5, 0xc7, 0x3a, 0x31, 0x59, 0x0a, 0x89, 0xbf, 0xe0, 0xae, 0xc5, 0xe2, 0x9c, 0x53, - 0x2d, 0x94, 0xeb, 0x1a, 0x84, 0x4d, 0x3c, 0x6a, 0x8c, 0x73, 0xbb, 0x38, 0xce, 0xa6, 0xaf, 0x08, - 0x7b, 0x1b, 0x4b, 0x38, 0xfa, 0x85, 0xdc, 0x0a, 0xb3, 0xc5, 0x24, 0x6e, 0x75, 0x45, 0xde, 0x1f, - 0xf0, 0x2a, 0xc6, 0xbf, 0x63, 0xc1, 0x59, 0xde, 0x2a, 0x47, 0xf2, 0x7a, 0xd8, 0x74, 0x12, 0x12, - 0x17, 0x53, 0xf1, 0x3d, 0xa7, 0x7f, 0xda, 0xc9, 0x9b, 0xc7, 0x16, 0xe7, 0xf7, 0x06, 0xbd, 0x61, - 0xc1, 0x89, 0xcd, 0x54, 0xcd, 0x0f, 0xa9, 0x3a, 0x8e, 0x9a, 0x8e, 0x9f, 0x22, 0xaa, 0x97, 0x5a, - 0xba, 0x3d, 0xc6, 0x59, 0xee, 0xf6, 0x9f, 0x59, 0x60, 0x8a, 0xd1, 0x7b, 0x5f, 0x2a, 0xe4, 0xe0, - 0xa6, 0xa0, 0xb4, 0x2e, 0x2b, 0x3d, 0xad, 0xcb, 0xc7, 0xa0, 0xdc, 0x71, 0x9b, 0x62, 0x7f, 0xa1, - 0x4f, 0x5f, 0xe7, 0x67, 0x31, 0x6d, 0xb7, 0xff, 0x59, 0x45, 0xfb, 0x2d, 0x44, 0x5e, 0xd4, 0xf7, - 0xc5, 0x6b, 0xaf, 0xab, 0x62, 0x63, 0xfc, 0xcd, 0xaf, 0x75, 0x15, 0x1b, 0xfb, 0xd1, 0x83, 0xa7, - 0xbd, 0xf1, 0x01, 0xea, 0x55, 0x6b, 0x6c, 0x68, 0x9f, 0x9c, 0xb7, 0x5b, 0x50, 0xa5, 0x5b, 0x30, - 0xe6, 0x80, 0xac, 0xa6, 0x3a, 0x55, 0xbd, 0x2c, 0xda, 0xef, 0xee, 0x4e, 0xbc, 0xf7, 0xe0, 0xdd, - 0x92, 0x4f, 0x63, 0x45, 0x1f, 0xc5, 0x50, 0xa3, 0xbf, 0x59, 0x7a, 0x9e, 0xd8, 0xdc, 0x5d, 0x57, - 0x32, 0x53, 0x02, 0x0a, 0xc9, 0xfd, 0xd3, 0x7c, 0x90, 0x0f, 0x35, 0x76, 0x6b, 0x2d, 0x63, 0xca, - 0xf7, 0x80, 0xcb, 0x2a, 0x49, 0x4e, 0x02, 0xee, 0xee, 0x4e, 0xbc, 0x78, 0x70, 0xa6, 0xea, 0x71, - 0xac, 0x59, 0xd8, 0x5f, 0x1a, 0xd0, 0x73, 0x57, 0xd4, 0x98, 0xfb, 0xbe, 0x98, 0xbb, 0x2f, 0x64, - 0xe6, 0xee, 0xf9, 0xae, 0xb9, 0x3b, 0xa6, 0x6f, 0x57, 0x4d, 0xcd, 0xc6, 0x7b, 0x6d, 0x08, 0xec, - 0xef, 0x6f, 0x60, 0x16, 0xd0, 0x6b, 0x1d, 0x37, 0x22, 0xf1, 0x72, 0xd4, 0xf1, 0x5d, 0xbf, 0xc5, - 0xa6, 0x63, 0xd5, 0xb4, 0x80, 0x52, 0x60, 0x9c, 0xc5, 0xa7, 0x9b, 0x7a, 0xfa, 0xcd, 0x6f, 0x3a, - 0x5b, 0x7c, 0x56, 0x19, 0x65, 0xb7, 0x56, 0x44, 0x3b, 0x56, 0x18, 0xf6, 0x37, 0xd8, 0x59, 0xb6, - 0x91, 0x17, 0x4c, 0xe7, 0x84, 0xc7, 0xae, 0x09, 0xe6, 0x35, 0xbb, 0xd4, 0x9c, 0xe0, 0x77, 0x03, - 0x73, 0x18, 0xba, 0x0d, 0x43, 0x6b, 0xfc, 0x9e, 0xbc, 0x62, 0xea, 0x98, 0x8b, 0x4b, 0xf7, 0xd8, - 0x6d, 0x28, 0xf2, 0x06, 0xbe, 0xbb, 0xfa, 0x27, 0x96, 0xdc, 0xec, 0xdf, 0xaf, 0xc0, 0x89, 0xcc, - 0x45, 0xb2, 0xa9, 0x6a, 0xa9, 0xa5, 0x7d, 0xab, 0xa5, 0x7e, 0x18, 0xa0, 0x49, 0x42, 0x2f, 0xd8, - 0x61, 0xe6, 0xd8, 0xc0, 0x81, 0xcd, 0x31, 0x65, 0xc1, 0xcf, 0x2a, 0x2a, 0xd8, 0xa0, 0x28, 0x0a, - 0x95, 0xf1, 0xe2, 0xab, 0x99, 0x42, 0x65, 0xc6, 0x6d, 0x07, 0x83, 0xf7, 0xf6, 0xb6, 0x03, 0x17, - 0x4e, 0xf0, 0x2e, 0xaa, 0xec, 0xdb, 0x43, 0x24, 0xd9, 0xb2, 0xfc, 0x85, 0xd9, 0x34, 0x19, 0x9c, - 0xa5, 0x7b, 0x3f, 0xef, 0x89, 0x46, 0xef, 0x82, 0x9a, 0xfc, 0xce, 0xf1, 0x78, 0x4d, 0x57, 0x30, - 0x90, 0xd3, 0x80, 0xdd, 0xdf, 0x2c, 0x7e, 0x76, 0x15, 0x12, 0x80, 0xfb, 0x55, 0x48, 0xc0, 0xfe, - 0x42, 0x89, 0xda, 0xf1, 0xbc, 0x5f, 0xaa, 0x26, 0xce, 0x93, 0x30, 0xe8, 0x74, 0x92, 0x8d, 0xa0, - 0xeb, 0xd6, 0xbf, 0x69, 0xd6, 0x8a, 0x05, 0x14, 0x2d, 0xc0, 0x40, 0x53, 0xd7, 0x39, 0x39, 0xc8, - 0xf7, 0xd4, 0x2e, 0x51, 0x27, 0x21, 0x98, 0x51, 0x41, 0x8f, 0xc2, 0x40, 0xe2, 0xb4, 0x64, 0xca, - 0x15, 0x4b, 0xb3, 0x5d, 0x75, 0x5a, 0x31, 0x66, 0xad, 0xa6, 0xfa, 0x1e, 0xd8, 0x47, 0x7d, 0xbf, - 0x08, 0xa3, 0xb1, 0xdb, 0xf2, 0x9d, 0xa4, 0x13, 0x11, 0xe3, 0x98, 0x4f, 0x47, 0x6e, 0x98, 0x40, - 0x9c, 0xc6, 0xb5, 0x7f, 0x73, 0x04, 0xce, 0xac, 0xcc, 0x2c, 0xca, 0xea, 0xdd, 0xc7, 0x96, 0x35, - 0x95, 0xc7, 0xe3, 0xde, 0x65, 0x4d, 0xf5, 0xe0, 0xee, 0x19, 0x59, 0x53, 0x9e, 0x91, 0x35, 0x95, - 0x4e, 0x61, 0x29, 0x17, 0x91, 0xc2, 0x92, 0xd7, 0x83, 0x7e, 0x52, 0x58, 0x8e, 0x2d, 0x8d, 0x6a, - 0xcf, 0x0e, 0x1d, 0x28, 0x8d, 0x4a, 0xe5, 0x98, 0x15, 0x92, 0x5c, 0xd0, 0xe3, 0x53, 0xe5, 0xe6, - 0x98, 0xa9, 0xfc, 0x1e, 0x9e, 0x38, 0x23, 0x44, 0xfd, 0x2b, 0xc5, 0x77, 0xa0, 0x8f, 0xfc, 0x1e, - 0x91, 0xbb, 0x63, 0xe6, 0x94, 0x0d, 0x15, 0x91, 0x53, 0x96, 0xd7, 0x9d, 0x7d, 0x73, 0xca, 0x5e, - 0x84, 0xd1, 0x86, 0x17, 0xf8, 0x64, 0x39, 0x0a, 0x92, 0xa0, 0x11, 0x78, 0xc2, 0xac, 0x57, 0x22, - 0x61, 0xc6, 0x04, 0xe2, 0x34, 0x6e, 0xaf, 0x84, 0xb4, 0xda, 0x51, 0x13, 0xd2, 0xe0, 0x3e, 0x25, - 0xa4, 0xfd, 0xac, 0x4e, 0x9d, 0x1e, 0x66, 0x5f, 0xe4, 0xc3, 0xc5, 0x7f, 0x91, 0x7e, 0xf2, 0xa7, - 0xd1, 0x9b, 0xfc, 0xda, 0x3d, 0x6a, 0x18, 0xcf, 0x04, 0x6d, 0x6a, 0xf8, 0x8d, 0xb0, 0x21, 0x79, - 0xf5, 0x18, 0x26, 0xec, 0xcd, 0x15, 0xcd, 0x46, 0x5d, 0xc5, 0xa7, 0x9b, 0x70, 0xba, 0x23, 0x47, - 0x49, 0xed, 0xfe, 0x4a, 0x09, 0x7e, 0x60, 0xdf, 0x2e, 0xa0, 0xdb, 0x00, 0x89, 0xd3, 0x12, 0x13, - 0x55, 0x1c, 0x98, 0x1c, 0x31, 0xbc, 0x72, 0x55, 0xd2, 0xe3, 0x35, 0x49, 0xd4, 0x5f, 0x76, 0x14, - 0x21, 0x7f, 0xb3, 0xa8, 0xca, 0xc0, 0xeb, 0x2a, 0xdd, 0x88, 0x03, 0x8f, 0x60, 0x06, 0xa1, 0xea, - 0x3f, 0x22, 0x2d, 0x7d, 0x4f, 0xb4, 0xfa, 0x7c, 0x98, 0xb5, 0x62, 0x01, 0x45, 0xcf, 0xc3, 0xb0, - 0xe3, 0x79, 0x3c, 0x3f, 0x86, 0xc4, 0xe2, 0xde, 0x1d, 0x5d, 0x43, 0x4e, 0x83, 0xb0, 0x89, 0x67, - 0xff, 0x69, 0x09, 0x26, 0xf6, 0x91, 0x29, 0x5d, 0x19, 0x7f, 0x95, 0xbe, 0x33, 0xfe, 0x44, 0x8e, - 0xc2, 0x60, 0x8f, 0x1c, 0x85, 0xe7, 0x61, 0x38, 0x21, 0x4e, 0x5b, 0x04, 0x64, 0x09, 0x4f, 0x80, - 0x3e, 0x01, 0xd6, 0x20, 0x6c, 0xe2, 0x51, 0x29, 0x36, 0xe6, 0x34, 0x1a, 0x24, 0x8e, 0x65, 0x12, - 0x82, 0xf0, 0xa6, 0x16, 0x96, 0xe1, 0xc0, 0x9c, 0xd4, 0xd3, 0x29, 0x16, 0x38, 0xc3, 0x32, 0x3b, - 0xe0, 0xb5, 0x3e, 0x07, 0xfc, 0xeb, 0x25, 0x78, 0x6c, 0x4f, 0xed, 0xd6, 0x77, 0x7e, 0x48, 0x27, - 0x26, 0x51, 0x76, 0xe2, 0x5c, 0x8f, 0x49, 0x84, 0x19, 0x84, 0x8f, 0x52, 0x18, 0x1a, 0xf7, 0x70, - 0x17, 0x9d, 0xbc, 0xc4, 0x47, 0x29, 0xc5, 0x02, 0x67, 0x58, 0x1e, 0x76, 0x5a, 0xfe, 0x83, 0x12, - 0x3c, 0xd1, 0x87, 0x0d, 0x50, 0x60, 0x92, 0x57, 0x3a, 0xd5, 0xae, 0x7c, 0x9f, 0x32, 0x22, 0x0f, - 0x39, 0x5c, 0xdf, 0x28, 0xc1, 0xb9, 0xde, 0xaa, 0x18, 0xfd, 0x18, 0x9c, 0x88, 0x54, 0x14, 0x96, - 0x99, 0xa5, 0x77, 0x9a, 0x7b, 0x12, 0x52, 0x20, 0x9c, 0xc5, 0x45, 0x93, 0x00, 0xa1, 0x93, 0x6c, - 0xc4, 0x17, 0xb7, 0xdd, 0x38, 0x11, 0x55, 0x68, 0xc6, 0xf8, 0xd9, 0x95, 0x6c, 0xc5, 0x06, 0x06, - 0x65, 0xc7, 0xfe, 0xcd, 0x06, 0xd7, 0x82, 0x84, 0x3f, 0xc4, 0xb7, 0x11, 0xa7, 0xe5, 0x9d, 0x1d, - 0x06, 0x08, 0x67, 0x71, 0x29, 0x3b, 0x76, 0x3a, 0xca, 0x3b, 0xca, 0xf7, 0x17, 0x8c, 0xdd, 0x82, - 0x6a, 0xc5, 0x06, 0x46, 0x36, 0xff, 0xb0, 0xb2, 0x7f, 0xfe, 0xa1, 0xfd, 0x4f, 0x4b, 0xf0, 0x48, - 0x4f, 0x53, 0xae, 0xbf, 0x05, 0xf8, 0xe0, 0xe5, 0x0c, 0x1e, 0x6e, 0xee, 0x1c, 0x30, 0xb7, 0xed, - 0x8f, 0x7b, 0xcc, 0x34, 0x91, 0xdb, 0x76, 0xf8, 0xe4, 0xf0, 0x07, 0x6f, 0x3c, 0xbb, 0xd2, 0xd9, - 0x06, 0x0e, 0x90, 0xce, 0x96, 0xf9, 0x18, 0x95, 0x3e, 0x17, 0xf2, 0x9f, 0x97, 0x7b, 0x0e, 0x2f, - 0xdd, 0xfa, 0xf5, 0xe5, 0xa7, 0x9d, 0x85, 0x93, 0xae, 0xcf, 0xee, 0x6f, 0x5a, 0xe9, 0xac, 0x89, - 0xc2, 0x24, 0xa5, 0xf4, 0x2d, 0xeb, 0xf3, 0x19, 0x38, 0xee, 0x7a, 0xe2, 0x01, 0x4c, 0x2f, 0x3c, - 0xdc, 0x90, 0x1e, 0x2c, 0xc1, 0x15, 0x2d, 0xc1, 0x59, 0x39, 0x14, 0x1b, 0x4e, 0x44, 0x9a, 0x42, - 0x8d, 0xc4, 0x22, 0xa1, 0xe2, 0x11, 0x9e, 0x94, 0x91, 0x83, 0x80, 0xf3, 0x9f, 0x63, 0x57, 0xe6, - 0x04, 0xa1, 0xdb, 0x10, 0x9b, 0x1c, 0x7d, 0x65, 0x0e, 0x6d, 0xc4, 0x1c, 0x66, 0x7f, 0x18, 0x6a, - 0xea, 0xfd, 0x79, 0x58, 0xb7, 0x9a, 0x74, 0x5d, 0x61, 0xdd, 0x6a, 0xc6, 0x19, 0x58, 0xf4, 0x6b, - 0x51, 0x93, 0x38, 0xb3, 0x7a, 0xae, 0x92, 0x1d, 0x66, 0x1f, 0xdb, 0xef, 0x86, 0x11, 0xe5, 0x67, - 0xe9, 0xf7, 0x22, 0x21, 0xfb, 0x4b, 0x83, 0x30, 0x9a, 0x2a, 0x0e, 0x98, 0x72, 0xb0, 0x5a, 0xfb, - 0x3a, 0x58, 0x59, 0x98, 0x7e, 0xc7, 0x97, 0xb7, 0x8c, 0x19, 0x61, 0xfa, 0x1d, 0x9f, 0x60, 0x0e, - 0xa3, 0xe6, 0x6d, 0x33, 0xda, 0xc1, 0x1d, 0x5f, 0x84, 0xd3, 0x2a, 0xf3, 0x76, 0x96, 0xb5, 0x62, - 0x01, 0x45, 0x9f, 0xb0, 0x60, 0x24, 0x66, 0xde, 0x7b, 0xee, 0x9e, 0x16, 0x93, 0xee, 0xca, 0xd1, - 0x6b, 0x1f, 0xaa, 0x42, 0x98, 0x2c, 0x42, 0xc6, 0x6c, 0xc1, 0x29, 0x8e, 0xe8, 0xd3, 0x16, 0xd4, - 0xd4, 0x65, 0x28, 0xe2, 0xca, 0xc0, 0x95, 0x62, 0x6b, 0x2f, 0x72, 0xbf, 0xa6, 0x3a, 0x08, 0x51, - 0x45, 0xf0, 0xb0, 0x66, 0x8c, 0x62, 0xe5, 0x3b, 0x1e, 0x3a, 0x1e, 0xdf, 0x31, 0xe4, 0xf8, 0x8d, - 0xdf, 0x05, 0xb5, 0xb6, 0xe3, 0xbb, 0xeb, 0x24, 0x4e, 0xb8, 0x3b, 0x57, 0x96, 0x84, 0x95, 0x8d, - 0x58, 0xc3, 0xa9, 0x42, 0x8e, 0xd9, 0x8b, 0x25, 0x86, 0xff, 0x95, 0x29, 0xe4, 0x15, 0xdd, 0x8c, - 0x4d, 0x1c, 0xd3, 0x59, 0x0c, 0xf7, 0xd5, 0x59, 0x3c, 0xbc, 0xb7, 0xb3, 0xd8, 0xfe, 0x47, 0x16, - 0x9c, 0xcd, 0xfd, 0x6a, 0x0f, 0x6e, 0xe0, 0xa3, 0xfd, 0xe5, 0x0a, 0x9c, 0xce, 0xa9, 0xf2, 0x89, - 0x76, 0xcc, 0xf9, 0x6c, 0x15, 0x11, 0x43, 0x90, 0x3e, 0x12, 0x97, 0xc3, 0x98, 0x33, 0x89, 0x0f, - 0x76, 0x54, 0xa3, 0x8f, 0x4b, 0xca, 0xf7, 0xf6, 0xb8, 0xc4, 0x98, 0x96, 0x03, 0xf7, 0x75, 0x5a, - 0x56, 0xf6, 0x39, 0xc3, 0xf8, 0x35, 0x0b, 0xc6, 0xdb, 0x3d, 0x4a, 0xcb, 0x0b, 0xc7, 0xe3, 0x8d, - 0xe3, 0x29, 0x5c, 0x5f, 0x7f, 0xf4, 0xce, 0xee, 0x44, 0xcf, 0x8a, 0xfe, 0xb8, 0x67, 0xaf, 0xec, - 0xef, 0x94, 0x81, 0x95, 0x98, 0x65, 0x95, 0xdc, 0x76, 0xd0, 0xc7, 0xcd, 0x62, 0xc1, 0x56, 0x51, - 0x85, 0x6d, 0x39, 0x71, 0x55, 0x6c, 0x98, 0x8f, 0x60, 0x5e, 0xed, 0xe1, 0xac, 0xd0, 0x2a, 0xf5, - 0x21, 0xb4, 0x3c, 0x59, 0x95, 0xb9, 0x5c, 0x7c, 0x55, 0xe6, 0x5a, 0xb6, 0x22, 0xf3, 0xde, 0x9f, - 0x78, 0xe0, 0x81, 0xfc, 0xc4, 0xbf, 0x68, 0x71, 0xc1, 0x93, 0xf9, 0x0a, 0xda, 0x32, 0xb0, 0xf6, - 0xb0, 0x0c, 0x9e, 0x86, 0x6a, 0x4c, 0xbc, 0xf5, 0xcb, 0xc4, 0xf1, 0x84, 0x05, 0xa1, 0xcf, 0xaf, - 0x45, 0x3b, 0x56, 0x18, 0xec, 0xda, 0x56, 0xcf, 0x0b, 0x6e, 0x5f, 0x6c, 0x87, 0xc9, 0x8e, 0xb0, - 0x25, 0xf4, 0xb5, 0xad, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0x6f, 0x97, 0xf8, 0x0c, 0x14, 0x41, 0x10, - 0x2f, 0x64, 0x2e, 0xda, 0xeb, 0x3f, 0x7e, 0xe0, 0xa3, 0x00, 0x0d, 0x75, 0x95, 0xbd, 0x38, 0x13, - 0xba, 0x7c, 0xe4, 0x7b, 0xb6, 0x05, 0x3d, 0xfd, 0x1a, 0xba, 0x0d, 0x1b, 0xfc, 0x52, 0xb2, 0xb4, - 0xbc, 0xaf, 0x2c, 0x4d, 0x89, 0x95, 0x81, 0x7d, 0xb4, 0xdd, 0x9f, 0x5a, 0x90, 0xb2, 0x88, 0x50, - 0x08, 0x15, 0xda, 0xdd, 0x9d, 0x62, 0x6e, 0xe9, 0x37, 0x49, 0x53, 0xd1, 0x28, 0xa6, 0x3d, 0xfb, - 0x89, 0x39, 0x23, 0xe4, 0x89, 0x58, 0x09, 0x3e, 0xaa, 0xd7, 0x8a, 0x63, 0x78, 0x39, 0x08, 0x36, - 0xf9, 0xc1, 0xa6, 0x8e, 0xbb, 0xb0, 0x5f, 0x80, 0x53, 0x5d, 0x9d, 0x62, 0x77, 0x6a, 0x05, 0x54, - 0xfb, 0x64, 0xa6, 0x2b, 0x4b, 0xe0, 0xc4, 0x1c, 0x66, 0x7f, 0xc3, 0x82, 0x93, 0x59, 0xf2, 0xe8, - 0x4d, 0x0b, 0x4e, 0xc5, 0x59, 0x7a, 0xc7, 0x35, 0x76, 0x2a, 0xde, 0xb1, 0x0b, 0x84, 0xbb, 0x3b, - 0x61, 0xff, 0x3f, 0x31, 0xf9, 0x6f, 0xba, 0x7e, 0x33, 0xb8, 0xad, 0x0c, 0x13, 0xab, 0xa7, 0x61, - 0x42, 0xd7, 0x63, 0x63, 0x83, 0x34, 0x3b, 0x5e, 0x57, 0xe6, 0xe8, 0x8a, 0x68, 0xc7, 0x0a, 0x83, - 0x25, 0xca, 0x75, 0x44, 0xd9, 0xf6, 0xcc, 0xa4, 0x9c, 0x15, 0xed, 0x58, 0x61, 0xa0, 0xe7, 0x60, - 0xc4, 0x78, 0x49, 0x39, 0x2f, 0x99, 0x41, 0x6e, 0xa8, 0xcc, 0x18, 0xa7, 0xb0, 0xd0, 0x24, 0x80, - 0x32, 0x72, 0xa4, 0x8a, 0x64, 0x8e, 0x22, 0x25, 0x89, 0x62, 0x6c, 0x60, 0xb0, 0xb4, 0x54, 0xaf, - 0x13, 0x33, 0x1f, 0xff, 0xa0, 0x2e, 0x25, 0x3a, 0x23, 0xda, 0xb0, 0x82, 0x52, 0x69, 0xd2, 0x76, - 0xfc, 0x8e, 0xe3, 0xd1, 0x11, 0x12, 0x5b, 0x3f, 0xb5, 0x0c, 0x17, 0x15, 0x04, 0x1b, 0x58, 0xf4, - 0x8d, 0x13, 0xb7, 0x4d, 0x5e, 0x0e, 0x7c, 0x19, 0xa7, 0xa6, 0x8f, 0x7d, 0x44, 0x3b, 0x56, 0x18, - 0xf6, 0x7f, 0xb3, 0xe0, 0x84, 0x4e, 0x72, 0xe7, 0xb7, 0x67, 0x9b, 0x3b, 0x55, 0x6b, 0xdf, 0x9d, - 0x6a, 0x3a, 0xfb, 0xb7, 0xd4, 0x57, 0xf6, 0xaf, 0x99, 0x98, 0x5b, 0xde, 0x33, 0x31, 0xf7, 0x87, - 0xf4, 0xcd, 0xac, 0x3c, 0x83, 0x77, 0x38, 0xef, 0x56, 0x56, 0x64, 0xc3, 0x60, 0xc3, 0x51, 0x15, - 0x5e, 0x46, 0xf8, 0xde, 0x61, 0x66, 0x9a, 0x21, 0x09, 0x88, 0xbd, 0x04, 0x35, 0x75, 0xfa, 0x21, - 0x37, 0xaa, 0x56, 0xfe, 0x46, 0xb5, 0xaf, 0x04, 0xc1, 0xfa, 0xda, 0x37, 0xbf, 0xfb, 0xf8, 0xdb, - 0x7e, 0xef, 0xbb, 0x8f, 0xbf, 0xed, 0x8f, 0xbe, 0xfb, 0xf8, 0xdb, 0x3e, 0x71, 0xe7, 0x71, 0xeb, - 0x9b, 0x77, 0x1e, 0xb7, 0x7e, 0xef, 0xce, 0xe3, 0xd6, 0x1f, 0xdd, 0x79, 0xdc, 0xfa, 0xce, 0x9d, - 0xc7, 0xad, 0x2f, 0xfe, 0xe7, 0xc7, 0xdf, 0xf6, 0x72, 0x6e, 0xa0, 0x22, 0xfd, 0xf1, 0x4c, 0xa3, - 0x39, 0xb5, 0x75, 0x81, 0xc5, 0xca, 0xd1, 0xe5, 0x35, 0x65, 0xcc, 0xa9, 0x29, 0xb9, 0xbc, 0xfe, - 0x7f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xb2, 0x18, 0x73, 0x0d, 0xd5, 0xe1, 0x00, 0x00, + 0x65, 0x3b, 0x95, 0x52, 0xe2, 0xa4, 0xec, 0x72, 0xb9, 0x2c, 0x27, 0xb1, 0x11, 0xe9, 0x52, 0xa9, + 0xa4, 0x52, 0x15, 0x57, 0x39, 0xf1, 0x8f, 0xe4, 0x92, 0x1f, 0xa9, 0xfe, 0xee, 0x99, 0x9d, 0x05, + 0x16, 0xc0, 0xe0, 0xee, 0xa4, 0xf0, 0xdf, 0x6e, 0xbf, 0x37, 0xef, 0xf5, 0xf4, 0x74, 0xbf, 0xf7, + 0xfa, 0xf5, 0x7b, 0xaf, 0x61, 0xa1, 0xe5, 0x26, 0x1b, 0x9d, 0xb5, 0xc9, 0x46, 0xd0, 0x9e, 0x72, + 0xa2, 0x56, 0x10, 0x46, 0xc1, 0x2d, 0xf6, 0xe3, 0x99, 0x46, 0x73, 0x6a, 0xeb, 0xc2, 0x54, 0xb8, + 0xd9, 0x9a, 0x72, 0x42, 0x37, 0x9e, 0x72, 0xc2, 0xd0, 0x73, 0x1b, 0x4e, 0xe2, 0x06, 0xfe, 0xd4, + 0xd6, 0xb3, 0x8e, 0x17, 0x6e, 0x38, 0xcf, 0x4e, 0xb5, 0x88, 0x4f, 0x22, 0x27, 0x21, 0xcd, 0xc9, + 0x30, 0x0a, 0x92, 0x00, 0xfd, 0xa8, 0xa6, 0x36, 0x29, 0xa9, 0xb1, 0x1f, 0xaf, 0x36, 0x9a, 0x93, + 0x5b, 0x17, 0x26, 0xc3, 0xcd, 0xd6, 0x24, 0xa5, 0x36, 0x69, 0x50, 0x9b, 0x94, 0xd4, 0xce, 0x3d, + 0x63, 0xf4, 0xa5, 0x15, 0xb4, 0x82, 0x29, 0x46, 0x74, 0xad, 0xb3, 0xce, 0xfe, 0xb1, 0x3f, 0xec, + 0x17, 0x67, 0x76, 0xce, 0xde, 0x7c, 0x21, 0x9e, 0x74, 0x03, 0xda, 0xbd, 0xa9, 0x46, 0x10, 0x91, + 0xa9, 0xad, 0xae, 0x0e, 0x9d, 0xbb, 0xac, 0x71, 0xc8, 0x76, 0x42, 0xfc, 0xd8, 0x0d, 0xfc, 0xf8, + 0x19, 0xda, 0x05, 0x12, 0x6d, 0x91, 0xc8, 0x7c, 0x3d, 0x03, 0x21, 0x8f, 0xd2, 0x73, 0x9a, 0x52, + 0xdb, 0x69, 0x6c, 0xb8, 0x3e, 0x89, 0x76, 0xf4, 0xe3, 0x6d, 0x92, 0x38, 0x79, 0x4f, 0x4d, 0xf5, + 0x7a, 0x2a, 0xea, 0xf8, 0x89, 0xdb, 0x26, 0x5d, 0x0f, 0xbc, 0x67, 0xbf, 0x07, 0xe2, 0xc6, 0x06, + 0x69, 0x3b, 0x5d, 0xcf, 0xbd, 0xbb, 0xd7, 0x73, 0x9d, 0xc4, 0xf5, 0xa6, 0x5c, 0x3f, 0x89, 0x93, + 0x28, 0xfb, 0x90, 0xfd, 0x0b, 0x16, 0x8c, 0x4e, 0xdf, 0x5c, 0x99, 0xee, 0x24, 0x1b, 0x33, 0x81, + 0xbf, 0xee, 0xb6, 0xd0, 0xf3, 0x30, 0xdc, 0xf0, 0x3a, 0x71, 0x42, 0xa2, 0x6b, 0x4e, 0x9b, 0x8c, + 0x5b, 0xe7, 0xad, 0xa7, 0x6a, 0xf5, 0xd3, 0xdf, 0xda, 0x9d, 0x78, 0xdb, 0x9d, 0xdd, 0x89, 0xe1, + 0x19, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x27, 0x0c, 0x45, 0x81, 0x47, 0xa6, 0xf1, 0xb5, 0xf1, 0x12, + 0x7b, 0xe4, 0x84, 0x78, 0x64, 0x08, 0xf3, 0x66, 0x2c, 0xe1, 0x14, 0x35, 0x8c, 0x82, 0x75, 0xd7, + 0x23, 0xe3, 0xe5, 0x34, 0xea, 0x32, 0x6f, 0xc6, 0x12, 0x6e, 0xff, 0x61, 0x09, 0x60, 0x3a, 0x0c, + 0x97, 0xa3, 0xe0, 0x16, 0x69, 0x24, 0xe8, 0x23, 0x50, 0xa5, 0xc3, 0xdc, 0x74, 0x12, 0x87, 0x75, + 0x6c, 0xf8, 0xc2, 0x0f, 0x4f, 0xf2, 0xb7, 0x9e, 0x34, 0xdf, 0x5a, 0x4f, 0x32, 0x8a, 0x3d, 0xb9, + 0xf5, 0xec, 0xe4, 0xd2, 0x1a, 0x7d, 0x7e, 0x91, 0x24, 0x4e, 0x1d, 0x09, 0x66, 0xa0, 0xdb, 0xb0, + 0xa2, 0x8a, 0x7c, 0x18, 0x88, 0x43, 0xd2, 0x60, 0xef, 0x30, 0x7c, 0x61, 0x61, 0xf2, 0x28, 0xb3, + 0x79, 0x52, 0xf7, 0x7c, 0x25, 0x24, 0x8d, 0xfa, 0x88, 0xe0, 0x3c, 0x40, 0xff, 0x61, 0xc6, 0x07, + 0x6d, 0xc1, 0x60, 0x9c, 0x38, 0x49, 0x27, 0x66, 0x43, 0x31, 0x7c, 0xe1, 0x5a, 0x61, 0x1c, 0x19, + 0xd5, 0xfa, 0x98, 0xe0, 0x39, 0xc8, 0xff, 0x63, 0xc1, 0xcd, 0xfe, 0x13, 0x0b, 0xc6, 0x34, 0xf2, + 0x82, 0x1b, 0x27, 0xe8, 0x27, 0xba, 0x06, 0x77, 0xb2, 0xbf, 0xc1, 0xa5, 0x4f, 0xb3, 0xa1, 0x3d, + 0x29, 0x98, 0x55, 0x65, 0x8b, 0x31, 0xb0, 0x6d, 0xa8, 0xb8, 0x09, 0x69, 0xc7, 0xe3, 0xa5, 0xf3, + 0xe5, 0xa7, 0x86, 0x2f, 0x5c, 0x2e, 0xea, 0x3d, 0xeb, 0xa3, 0x82, 0x69, 0x65, 0x9e, 0x92, 0xc7, + 0x9c, 0x8b, 0xfd, 0x2b, 0x23, 0xe6, 0xfb, 0xd1, 0x01, 0x47, 0xcf, 0xc2, 0x70, 0x1c, 0x74, 0xa2, + 0x06, 0xc1, 0x24, 0x0c, 0xe2, 0x71, 0xeb, 0x7c, 0x99, 0x4e, 0x3d, 0x3a, 0xa9, 0x57, 0x74, 0x33, + 0x36, 0x71, 0xd0, 0x17, 0x2d, 0x18, 0x69, 0x92, 0x38, 0x71, 0x7d, 0xc6, 0x5f, 0x76, 0x7e, 0xf5, + 0xc8, 0x9d, 0x97, 0x8d, 0xb3, 0x9a, 0x78, 0xfd, 0x8c, 0x78, 0x91, 0x11, 0xa3, 0x31, 0xc6, 0x29, + 0xfe, 0x74, 0x71, 0x36, 0x49, 0xdc, 0x88, 0xdc, 0x90, 0xfe, 0x17, 0xcb, 0x47, 0x2d, 0xce, 0x59, + 0x0d, 0xc2, 0x26, 0x1e, 0xf2, 0xa1, 0x42, 0x17, 0x5f, 0x3c, 0x3e, 0xc0, 0xfa, 0x3f, 0x7f, 0xb4, + 0xfe, 0x8b, 0x41, 0xa5, 0xeb, 0x5a, 0x8f, 0x3e, 0xfd, 0x17, 0x63, 0xce, 0x06, 0x7d, 0xc1, 0x82, + 0x71, 0x21, 0x1c, 0x30, 0xe1, 0x03, 0x7a, 0x73, 0xc3, 0x4d, 0x88, 0xe7, 0xc6, 0xc9, 0x78, 0x85, + 0xf5, 0x61, 0xaa, 0xbf, 0xb9, 0x35, 0x17, 0x05, 0x9d, 0xf0, 0xaa, 0xeb, 0x37, 0xeb, 0xe7, 0x05, + 0xa7, 0xf1, 0x99, 0x1e, 0x84, 0x71, 0x4f, 0x96, 0xe8, 0x2b, 0x16, 0x9c, 0xf3, 0x9d, 0x36, 0x89, + 0x43, 0x87, 0x7e, 0x5a, 0x0e, 0xae, 0x7b, 0x4e, 0x63, 0x93, 0xf5, 0x68, 0xf0, 0x70, 0x3d, 0xb2, + 0x45, 0x8f, 0xce, 0x5d, 0xeb, 0x49, 0x1a, 0xef, 0xc1, 0x16, 0x7d, 0xc3, 0x82, 0x53, 0x41, 0x14, + 0x6e, 0x38, 0x3e, 0x69, 0x4a, 0x68, 0x3c, 0x3e, 0xc4, 0x96, 0xde, 0x87, 0x8f, 0xf6, 0x89, 0x96, + 0xb2, 0x64, 0x17, 0x03, 0xdf, 0x4d, 0x82, 0x68, 0x85, 0x24, 0x89, 0xeb, 0xb7, 0xe2, 0xfa, 0xd9, + 0x3b, 0xbb, 0x13, 0xa7, 0xba, 0xb0, 0x70, 0x77, 0x7f, 0xd0, 0x4f, 0xc2, 0x70, 0xbc, 0xe3, 0x37, + 0x6e, 0xba, 0x7e, 0x33, 0xb8, 0x1d, 0x8f, 0x57, 0x8b, 0x58, 0xbe, 0x2b, 0x8a, 0xa0, 0x58, 0x80, + 0x9a, 0x01, 0x36, 0xb9, 0xe5, 0x7f, 0x38, 0x3d, 0x95, 0x6a, 0x45, 0x7f, 0x38, 0x3d, 0x99, 0xf6, + 0x60, 0x8b, 0x7e, 0xd6, 0x82, 0xd1, 0xd8, 0x6d, 0xf9, 0x4e, 0xd2, 0x89, 0xc8, 0x55, 0xb2, 0x13, + 0x8f, 0x03, 0xeb, 0xc8, 0x95, 0x23, 0x8e, 0x8a, 0x41, 0xb2, 0x7e, 0x56, 0xf4, 0x71, 0xd4, 0x6c, + 0x8d, 0x71, 0x9a, 0x6f, 0xde, 0x42, 0xd3, 0xd3, 0x7a, 0xb8, 0xd8, 0x85, 0xa6, 0x27, 0x75, 0x4f, + 0x96, 0xe8, 0xc7, 0xe1, 0x24, 0x6f, 0x52, 0x23, 0x1b, 0x8f, 0x8f, 0x30, 0x41, 0x7b, 0xe6, 0xce, + 0xee, 0xc4, 0xc9, 0x95, 0x0c, 0x0c, 0x77, 0x61, 0xa3, 0xd7, 0x60, 0x22, 0x24, 0x51, 0xdb, 0x4d, + 0x96, 0x7c, 0x6f, 0x47, 0x8a, 0xef, 0x46, 0x10, 0x92, 0xa6, 0xe8, 0x4e, 0x3c, 0x3e, 0x7a, 0xde, + 0x7a, 0xaa, 0x5a, 0x7f, 0x87, 0xe8, 0xe6, 0xc4, 0xf2, 0xde, 0xe8, 0x78, 0x3f, 0x7a, 0xf6, 0xbf, + 0x2a, 0xc1, 0xc9, 0xac, 0xe2, 0x44, 0x7f, 0xdb, 0x82, 0x13, 0xb7, 0x6e, 0x27, 0xab, 0xc1, 0x26, + 0xf1, 0xe3, 0xfa, 0x0e, 0x15, 0x6f, 0x4c, 0x65, 0x0c, 0x5f, 0x68, 0x14, 0xab, 0xa2, 0x27, 0xaf, + 0xa4, 0xb9, 0x5c, 0xf4, 0x93, 0x68, 0xa7, 0xfe, 0xb0, 0x78, 0xbb, 0x13, 0x57, 0x6e, 0xae, 0x9a, + 0x50, 0x9c, 0xed, 0xd4, 0xb9, 0xcf, 0x59, 0x70, 0x26, 0x8f, 0x04, 0x3a, 0x09, 0xe5, 0x4d, 0xb2, + 0xc3, 0x0d, 0x38, 0x4c, 0x7f, 0xa2, 0x57, 0xa0, 0xb2, 0xe5, 0x78, 0x1d, 0x22, 0xac, 0x9b, 0xb9, + 0xa3, 0xbd, 0x88, 0xea, 0x19, 0xe6, 0x54, 0xdf, 0x5b, 0x7a, 0xc1, 0xb2, 0x7f, 0xb7, 0x0c, 0xc3, + 0x86, 0x7e, 0xbb, 0x07, 0x16, 0x5b, 0x90, 0xb2, 0xd8, 0x16, 0x0b, 0x53, 0xcd, 0x3d, 0x4d, 0xb6, + 0xdb, 0x19, 0x93, 0x6d, 0xa9, 0x38, 0x96, 0x7b, 0xda, 0x6c, 0x28, 0x81, 0x5a, 0x10, 0x52, 0xeb, + 0x9d, 0xaa, 0xfe, 0x81, 0x22, 0x3e, 0xe1, 0x92, 0x24, 0x57, 0x1f, 0xbd, 0xb3, 0x3b, 0x51, 0x53, + 0x7f, 0xb1, 0x66, 0x64, 0x7f, 0xdb, 0x82, 0x33, 0x46, 0x1f, 0x67, 0x02, 0xbf, 0xe9, 0xb2, 0x4f, + 0x7b, 0x1e, 0x06, 0x92, 0x9d, 0x50, 0xee, 0x10, 0xd4, 0x48, 0xad, 0xee, 0x84, 0x04, 0x33, 0x08, + 0x35, 0xf4, 0xdb, 0x24, 0x8e, 0x9d, 0x16, 0xc9, 0xee, 0x09, 0x16, 0x79, 0x33, 0x96, 0x70, 0x14, + 0x01, 0xf2, 0x9c, 0x38, 0x59, 0x8d, 0x1c, 0x3f, 0x66, 0xe4, 0x57, 0xdd, 0x36, 0x11, 0x03, 0xfc, + 0x17, 0xfa, 0x9b, 0x31, 0xf4, 0x89, 0xfa, 0x43, 0x77, 0x76, 0x27, 0xd0, 0x42, 0x17, 0x25, 0x9c, + 0x43, 0xdd, 0xfe, 0x8a, 0x05, 0x0f, 0xe5, 0xdb, 0x62, 0xe8, 0x49, 0x18, 0xe4, 0xdb, 0x43, 0xf1, + 0x76, 0xfa, 0x93, 0xb0, 0x56, 0x2c, 0xa0, 0x68, 0x0a, 0x6a, 0x4a, 0x4f, 0x88, 0x77, 0x3c, 0x25, + 0x50, 0x6b, 0x5a, 0xb9, 0x68, 0x1c, 0x3a, 0x68, 0xf4, 0x8f, 0xb0, 0xdc, 0xd4, 0xa0, 0xb1, 0xfd, + 0x14, 0x83, 0xd8, 0xff, 0xd1, 0x82, 0x13, 0x46, 0xaf, 0xee, 0x81, 0x69, 0xee, 0xa7, 0x4d, 0xf3, + 0xf9, 0xc2, 0xe6, 0x73, 0x0f, 0xdb, 0xfc, 0x0b, 0x16, 0x9c, 0x33, 0xb0, 0x16, 0x9d, 0xa4, 0xb1, + 0x71, 0x71, 0x3b, 0x8c, 0x48, 0x4c, 0xb7, 0xde, 0xe8, 0x31, 0x43, 0x6e, 0xd5, 0x87, 0x05, 0x85, + 0xf2, 0x55, 0xb2, 0xc3, 0x85, 0xd8, 0xd3, 0x50, 0xe5, 0x93, 0x33, 0x88, 0xc4, 0x88, 0xab, 0x77, + 0x5b, 0x12, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0x70, 0xa2, 0x8b, 0x95, 0xaa, 0x21, 0xa0, + 0x1f, 0xf1, 0x06, 0x6b, 0xc1, 0x02, 0x62, 0xc7, 0xa9, 0xee, 0x2c, 0x47, 0x84, 0x7d, 0xdc, 0xe6, + 0x25, 0x97, 0x78, 0xcd, 0x98, 0x6e, 0x1b, 0x1c, 0xdf, 0x0f, 0x12, 0xb1, 0x03, 0x30, 0xb6, 0x0d, + 0xd3, 0xba, 0x19, 0x9b, 0x38, 0x94, 0xa9, 0xe7, 0xac, 0x11, 0x8f, 0x8f, 0xa8, 0x60, 0xba, 0xc0, + 0x5a, 0xb0, 0x80, 0xd8, 0x77, 0x4a, 0x6c, 0x83, 0xa2, 0x96, 0x3e, 0xb9, 0x17, 0xbb, 0xdb, 0x28, + 0x25, 0x2b, 0x97, 0x8b, 0x13, 0x5c, 0xa4, 0xf7, 0x0e, 0xf7, 0xf5, 0x8c, 0xb8, 0xc4, 0x85, 0x72, + 0xdd, 0x7b, 0x97, 0xfb, 0x9b, 0x25, 0x98, 0x48, 0x3f, 0xd0, 0x25, 0x6d, 0xe9, 0x96, 0xca, 0x60, + 0x94, 0xf5, 0x77, 0x18, 0xf8, 0xd8, 0xc4, 0xeb, 0x21, 0xb0, 0x4a, 0xc7, 0x29, 0xb0, 0x4c, 0x79, + 0x5a, 0xde, 0x47, 0x9e, 0x3e, 0xa9, 0x46, 0x7d, 0x20, 0x23, 0xc0, 0xd2, 0x3a, 0xe5, 0x3c, 0x0c, + 0xc4, 0x09, 0x09, 0xc7, 0x2b, 0x69, 0x79, 0xb4, 0x92, 0x90, 0x10, 0x33, 0x88, 0xfd, 0xdf, 0x4a, + 0xf0, 0x70, 0x7a, 0x0c, 0xb5, 0x0a, 0x78, 0x7f, 0x4a, 0x05, 0xbc, 0xcb, 0x54, 0x01, 0x77, 0x77, + 0x27, 0xde, 0xde, 0xe3, 0xb1, 0xef, 0x19, 0x0d, 0x81, 0xe6, 0x32, 0xa3, 0x38, 0x95, 0x1e, 0xc5, + 0xbb, 0xbb, 0x13, 0x8f, 0xf5, 0x78, 0xc7, 0xcc, 0x30, 0x3f, 0x09, 0x83, 0x11, 0x71, 0xe2, 0xc0, + 0x17, 0x03, 0xad, 0x3e, 0x07, 0x66, 0xad, 0x58, 0x40, 0xed, 0xdf, 0xaf, 0x65, 0x07, 0x7b, 0x8e, + 0x3b, 0xec, 0x82, 0x08, 0xb9, 0x30, 0xc0, 0xcc, 0x7a, 0x2e, 0x1a, 0xae, 0x1e, 0x6d, 0x19, 0x51, + 0x35, 0xa0, 0x48, 0xd7, 0xab, 0xf4, 0xab, 0xd1, 0x26, 0xcc, 0x58, 0xa0, 0x6d, 0xa8, 0x36, 0xa4, + 0xb5, 0x5d, 0x2a, 0xc2, 0x2f, 0x25, 0x6c, 0x6d, 0xcd, 0x71, 0x84, 0xca, 0x6b, 0x65, 0xa2, 0x2b, + 0x6e, 0x88, 0x40, 0xb9, 0xe5, 0x26, 0xe2, 0xb3, 0x1e, 0x71, 0x3f, 0x35, 0xe7, 0x1a, 0xaf, 0x38, + 0x44, 0x95, 0xc8, 0x9c, 0x9b, 0x60, 0x4a, 0x1f, 0x7d, 0xc6, 0x82, 0xe1, 0xb8, 0xd1, 0x5e, 0x8e, + 0x82, 0x2d, 0xb7, 0x49, 0x22, 0x61, 0x4d, 0x1d, 0x51, 0x34, 0xad, 0xcc, 0x2c, 0x4a, 0x82, 0x9a, + 0x2f, 0xdf, 0xdf, 0x6a, 0x08, 0x36, 0xf9, 0xd2, 0x5d, 0xc6, 0xc3, 0xe2, 0xdd, 0x67, 0x49, 0xc3, + 0xa5, 0xfa, 0x4f, 0x6e, 0xaa, 0xd8, 0x4c, 0x39, 0xb2, 0x75, 0x39, 0xdb, 0x69, 0x6c, 0xd2, 0xf5, + 0xa6, 0x3b, 0xf4, 0xf6, 0x3b, 0xbb, 0x13, 0x0f, 0xcf, 0xe4, 0xf3, 0xc4, 0xbd, 0x3a, 0xc3, 0x06, + 0x2c, 0xec, 0x78, 0x1e, 0x26, 0xaf, 0x75, 0x08, 0x73, 0x99, 0x14, 0x30, 0x60, 0xcb, 0x9a, 0x60, + 0x66, 0xc0, 0x0c, 0x08, 0x36, 0xf9, 0xa2, 0xd7, 0x60, 0xb0, 0xed, 0x24, 0x91, 0xbb, 0x2d, 0xfc, + 0x24, 0x47, 0xb4, 0xf7, 0x17, 0x19, 0x2d, 0xcd, 0x9c, 0x69, 0x6a, 0xde, 0x88, 0x05, 0x23, 0xd4, + 0x86, 0x4a, 0x9b, 0x44, 0x2d, 0x32, 0x5e, 0x2d, 0xc2, 0x27, 0xbc, 0x48, 0x49, 0x69, 0x86, 0x35, + 0x6a, 0x1d, 0xb1, 0x36, 0xcc, 0xb9, 0xa0, 0x57, 0xa0, 0x1a, 0x13, 0x8f, 0x34, 0xa8, 0x7d, 0x53, + 0x63, 0x1c, 0xdf, 0xdd, 0xa7, 0xad, 0x47, 0x0d, 0x8b, 0x15, 0xf1, 0x28, 0x5f, 0x60, 0xf2, 0x1f, + 0x56, 0x24, 0xe9, 0x00, 0x86, 0x5e, 0xa7, 0xe5, 0xfa, 0xe3, 0x50, 0xc4, 0x00, 0x2e, 0x33, 0x5a, + 0x99, 0x01, 0xe4, 0x8d, 0x58, 0x30, 0xb2, 0xff, 0xb3, 0x05, 0x28, 0x2d, 0xd4, 0xee, 0x81, 0x51, + 0xfb, 0x5a, 0xda, 0xa8, 0x5d, 0x28, 0xd2, 0xea, 0xe8, 0x61, 0xd7, 0xfe, 0x7a, 0x0d, 0x32, 0xea, + 0xe0, 0x1a, 0x89, 0x13, 0xd2, 0x7c, 0x4b, 0x84, 0xbf, 0x25, 0xc2, 0xdf, 0x12, 0xe1, 0x4a, 0x84, + 0xaf, 0x65, 0x44, 0xf8, 0xfb, 0x8c, 0x55, 0xaf, 0x0f, 0x60, 0x5f, 0x55, 0x27, 0xb4, 0x66, 0x0f, + 0x0c, 0x04, 0x2a, 0x09, 0xae, 0xac, 0x2c, 0x5d, 0xcb, 0x95, 0xd9, 0xaf, 0xa6, 0x65, 0xf6, 0x51, + 0x59, 0xfc, 0xff, 0x20, 0xa5, 0xff, 0xa5, 0x05, 0xef, 0x48, 0x4b, 0x2f, 0x39, 0x73, 0xe6, 0x5b, + 0x7e, 0x10, 0x91, 0x59, 0x77, 0x7d, 0x9d, 0x44, 0xc4, 0x6f, 0x90, 0x58, 0x79, 0x31, 0xac, 0x5e, + 0x5e, 0x0c, 0xf4, 0x1c, 0x8c, 0xdc, 0x8a, 0x03, 0x7f, 0x39, 0x70, 0x7d, 0x21, 0x82, 0xe8, 0x46, + 0xf8, 0xe4, 0x9d, 0xdd, 0x89, 0x11, 0x3a, 0xa2, 0xb2, 0x1d, 0xa7, 0xb0, 0xd0, 0x0c, 0x9c, 0xba, + 0xf5, 0xda, 0xb2, 0x93, 0x18, 0xee, 0x00, 0xb9, 0x71, 0x67, 0x07, 0x16, 0x57, 0x5e, 0xca, 0x00, + 0x71, 0x37, 0xbe, 0xfd, 0x37, 0x4a, 0xf0, 0x48, 0xe6, 0x45, 0x02, 0xcf, 0x0b, 0x3a, 0x09, 0xdd, + 0xd4, 0xa0, 0xaf, 0x59, 0x70, 0xb2, 0x9d, 0xf6, 0x38, 0xc4, 0xc2, 0xb1, 0xfb, 0x81, 0xc2, 0x74, + 0x44, 0xc6, 0xa5, 0x51, 0x1f, 0x17, 0x23, 0x74, 0x32, 0x03, 0x88, 0x71, 0x57, 0x5f, 0xd0, 0x2b, + 0x50, 0x6b, 0x3b, 0xdb, 0xd7, 0xc3, 0xa6, 0x93, 0xc8, 0xfd, 0x64, 0x6f, 0x37, 0x40, 0x27, 0x71, + 0xbd, 0x49, 0x7e, 0xb4, 0x3f, 0x39, 0xef, 0x27, 0x4b, 0xd1, 0x4a, 0x12, 0xb9, 0x7e, 0x8b, 0xbb, + 0xf3, 0x16, 0x25, 0x19, 0xac, 0x29, 0xda, 0x5f, 0xb5, 0xb2, 0x4a, 0x4a, 0x8d, 0x4e, 0xe4, 0x24, + 0xa4, 0xb5, 0x83, 0x3e, 0x0a, 0x15, 0xba, 0xf1, 0x93, 0xa3, 0x72, 0xb3, 0x48, 0xcd, 0x69, 0x7c, + 0x09, 0xad, 0x44, 0xe9, 0xbf, 0x18, 0x73, 0xa6, 0xf6, 0xd7, 0x6a, 0x59, 0x63, 0x81, 0x1d, 0xde, + 0x5e, 0x00, 0x68, 0x05, 0xab, 0xa4, 0x1d, 0x7a, 0x74, 0x58, 0x2c, 0x76, 0x02, 0xa0, 0x7c, 0x1d, + 0x73, 0x0a, 0x82, 0x0d, 0x2c, 0xf4, 0x97, 0x2c, 0x80, 0x96, 0x9c, 0xf3, 0xd2, 0x10, 0xb8, 0x5e, + 0xe4, 0xeb, 0xe8, 0x15, 0xa5, 0xfb, 0xa2, 0x18, 0x62, 0x83, 0x39, 0xfa, 0x69, 0x0b, 0xaa, 0x89, + 0xec, 0x3e, 0x57, 0x8d, 0xab, 0x45, 0xf6, 0x44, 0xbe, 0xb4, 0xb6, 0x89, 0xd4, 0x90, 0x28, 0xbe, + 0xe8, 0x67, 0x2c, 0x80, 0x78, 0xc7, 0x6f, 0x2c, 0x07, 0x9e, 0xdb, 0xd8, 0x11, 0x1a, 0xf3, 0x46, + 0xa1, 0xfe, 0x18, 0x45, 0xbd, 0x3e, 0x46, 0x47, 0x43, 0xff, 0xc7, 0x06, 0x67, 0xf4, 0x71, 0xa8, + 0xc6, 0x62, 0xba, 0x09, 0x1d, 0xb9, 0x5a, 0xac, 0x57, 0x88, 0xd3, 0x16, 0xe2, 0x55, 0xfc, 0xc3, + 0x8a, 0x27, 0xfa, 0x39, 0x0b, 0x4e, 0x84, 0x69, 0x3f, 0x9f, 0x50, 0x87, 0xc5, 0xc9, 0x80, 0x8c, + 0x1f, 0xb1, 0x7e, 0xfa, 0xce, 0xee, 0xc4, 0x89, 0x4c, 0x23, 0xce, 0xf6, 0x82, 0x4a, 0x40, 0x3d, + 0x83, 0x97, 0x42, 0xee, 0x73, 0x1c, 0xd2, 0x12, 0x70, 0x2e, 0x0b, 0xc4, 0xdd, 0xf8, 0x68, 0x19, + 0xce, 0xd0, 0xde, 0xed, 0x70, 0xf3, 0x53, 0xaa, 0x97, 0x98, 0x29, 0xc3, 0x6a, 0xfd, 0x51, 0x31, + 0x43, 0x98, 0x57, 0x3f, 0x8b, 0x83, 0x73, 0x9f, 0x44, 0xbf, 0x6b, 0xc1, 0xa3, 0x2e, 0x53, 0x03, + 0xa6, 0xc3, 0x5c, 0x6b, 0x04, 0x71, 0x12, 0x4b, 0x0a, 0x95, 0x15, 0xbd, 0xd4, 0x4f, 0xfd, 0x07, + 0xc5, 0x1b, 0x3c, 0x3a, 0xbf, 0x47, 0x97, 0xf0, 0x9e, 0x1d, 0x46, 0x3f, 0x02, 0xa3, 0x72, 0x5d, + 0x2c, 0x53, 0x11, 0xcc, 0x14, 0x6d, 0xad, 0x7e, 0xea, 0xce, 0xee, 0xc4, 0xe8, 0xaa, 0x09, 0xc0, + 0x69, 0x3c, 0xfb, 0x5f, 0x97, 0x53, 0xe7, 0x21, 0xca, 0x09, 0xc9, 0xc4, 0x4d, 0x43, 0xfa, 0x7f, + 0xa4, 0xf4, 0x2c, 0x54, 0xdc, 0x28, 0xef, 0x92, 0x16, 0x37, 0xaa, 0x29, 0xc6, 0x06, 0x73, 0x6a, + 0x94, 0x9e, 0x72, 0xb2, 0xae, 0x4e, 0x21, 0x01, 0x5f, 0x29, 0xb2, 0x4b, 0xdd, 0xa7, 0x57, 0x8f, + 0x88, 0xae, 0x9d, 0xea, 0x02, 0xe1, 0xee, 0x2e, 0xa1, 0x8f, 0x41, 0x2d, 0x52, 0xa1, 0x0f, 0xe5, + 0x22, 0xb6, 0x6a, 0x72, 0xda, 0x88, 0xee, 0xa8, 0xe3, 0x18, 0x1d, 0xe4, 0xa0, 0x39, 0xda, 0xbf, + 0x93, 0x3e, 0x02, 0x32, 0x64, 0x47, 0x1f, 0xc7, 0x5b, 0x5f, 0xb4, 0x60, 0x38, 0x0a, 0x3c, 0xcf, + 0xf5, 0x5b, 0x54, 0xce, 0x09, 0x65, 0xfd, 0xa1, 0x63, 0xd1, 0x97, 0x42, 0xa0, 0x31, 0xcb, 0x1a, + 0x6b, 0x9e, 0xd8, 0xec, 0x80, 0xfd, 0x27, 0x16, 0x8c, 0xf7, 0x92, 0xc7, 0x88, 0xc0, 0xdb, 0xa5, + 0xb0, 0x51, 0x43, 0xb1, 0xe4, 0xcf, 0x12, 0x8f, 0x28, 0xbf, 0x77, 0xb5, 0xfe, 0x84, 0x78, 0xcd, + 0xb7, 0x2f, 0xf7, 0x46, 0xc5, 0x7b, 0xd1, 0x41, 0x2f, 0xc3, 0x49, 0xe3, 0xbd, 0x62, 0x35, 0x30, + 0xb5, 0xfa, 0x24, 0x35, 0x80, 0xa6, 0x33, 0xb0, 0xbb, 0xbb, 0x13, 0x0f, 0x65, 0xdb, 0x84, 0xc2, + 0xe8, 0xa2, 0x63, 0xff, 0x72, 0x29, 0xfb, 0xb5, 0x94, 0xae, 0x7f, 0xd3, 0xea, 0xf2, 0x26, 0x7c, + 0xe0, 0x38, 0xf4, 0x2b, 0xf3, 0x3b, 0xa8, 0xf8, 0x91, 0xde, 0x38, 0xf7, 0xf1, 0x80, 0xda, 0xfe, + 0x37, 0x03, 0xb0, 0x47, 0xcf, 0xfa, 0x30, 0xde, 0x0f, 0x7c, 0xaa, 0xf9, 0x79, 0x4b, 0x9d, 0x78, + 0xf1, 0x35, 0xdc, 0x3c, 0xae, 0xb1, 0xe7, 0xfb, 0xa7, 0x98, 0x07, 0x49, 0x28, 0x2f, 0x7a, 0xfa, + 0x6c, 0x0d, 0x7d, 0xdd, 0x4a, 0x9f, 0xd9, 0xf1, 0xa8, 0x37, 0xf7, 0xd8, 0xfa, 0x64, 0x1c, 0x04, + 0xf2, 0x8e, 0xe9, 0xe3, 0xa3, 0x5e, 0x47, 0x84, 0x93, 0x00, 0xeb, 0xae, 0xef, 0x78, 0xee, 0xeb, + 0x74, 0x77, 0x54, 0x61, 0x0a, 0x9e, 0x59, 0x4c, 0x97, 0x54, 0x2b, 0x36, 0x30, 0xce, 0xfd, 0x45, + 0x18, 0x36, 0xde, 0x3c, 0x27, 0xb6, 0xe3, 0x8c, 0x19, 0xdb, 0x51, 0x33, 0x42, 0x32, 0xce, 0xbd, + 0x0f, 0x4e, 0x66, 0x3b, 0x78, 0x90, 0xe7, 0xed, 0xff, 0x35, 0x94, 0x3d, 0x44, 0x5b, 0x25, 0x51, + 0x9b, 0x76, 0xed, 0x2d, 0xc7, 0xd6, 0x5b, 0x8e, 0xad, 0xb7, 0x1c, 0x5b, 0xe6, 0xd9, 0x84, 0x70, + 0xda, 0x0c, 0xdd, 0x23, 0xa7, 0x4d, 0xca, 0x0d, 0x55, 0x2d, 0xdc, 0x0d, 0x65, 0x7f, 0xa6, 0xcb, + 0x73, 0xbf, 0x1a, 0x11, 0x82, 0x02, 0xa8, 0xf8, 0x41, 0x93, 0x48, 0x1b, 0xf7, 0x4a, 0x31, 0x06, + 0xdb, 0xb5, 0xa0, 0x69, 0xc4, 0x13, 0xd3, 0x7f, 0x31, 0xe6, 0x7c, 0xec, 0x3b, 0x15, 0x48, 0x99, + 0x93, 0xfc, 0xbb, 0xbf, 0x13, 0x86, 0x22, 0x12, 0x06, 0xd7, 0xf1, 0x82, 0xd0, 0x65, 0x3a, 0xe5, + 0x80, 0x37, 0x63, 0x09, 0xa7, 0x3a, 0x2f, 0x74, 0x92, 0x0d, 0xa1, 0xcc, 0x94, 0xce, 0x5b, 0x76, + 0x92, 0x0d, 0xcc, 0x20, 0xe8, 0x7d, 0x30, 0x96, 0x38, 0x51, 0x8b, 0x6e, 0x3b, 0xb6, 0xd8, 0xf4, + 0x12, 0x47, 0xbe, 0x0f, 0x09, 0xdc, 0xb1, 0xd5, 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x6b, 0x30, 0xb0, + 0x41, 0xbc, 0xb6, 0xf8, 0xf4, 0x2b, 0xc5, 0xe9, 0x1a, 0xf6, 0xae, 0x97, 0x89, 0xd7, 0xe6, 0x92, + 0x90, 0xfe, 0xc2, 0x8c, 0x15, 0x9d, 0xf7, 0xb5, 0xcd, 0x4e, 0x9c, 0x04, 0x6d, 0xf7, 0x75, 0xe9, + 0xe9, 0xfc, 0x40, 0xc1, 0x8c, 0xaf, 0x4a, 0xfa, 0xdc, 0xa5, 0xa4, 0xfe, 0x62, 0xcd, 0x99, 0xf5, + 0xa3, 0xe9, 0x46, 0x6c, 0xca, 0xec, 0x08, 0x87, 0x65, 0xd1, 0xfd, 0x98, 0x95, 0xf4, 0x79, 0x3f, + 0xd4, 0x5f, 0xac, 0x39, 0xa3, 0x1d, 0xb5, 0xfe, 0x86, 0x59, 0x1f, 0xae, 0x17, 0xdc, 0x07, 0xbe, + 0xf6, 0x72, 0xd7, 0xe1, 0x13, 0x50, 0x69, 0x6c, 0x38, 0x51, 0x32, 0x3e, 0xc2, 0x26, 0x8d, 0x9a, + 0xc5, 0x33, 0xb4, 0x11, 0x73, 0x18, 0x7a, 0x0c, 0xca, 0x11, 0x59, 0x67, 0xe1, 0xab, 0x46, 0x60, + 0x13, 0x26, 0xeb, 0x98, 0xb6, 0xdb, 0xbf, 0x58, 0x4a, 0x9b, 0x6d, 0xe9, 0xf7, 0xe6, 0xb3, 0xbd, + 0xd1, 0x89, 0x62, 0xe9, 0xfe, 0x32, 0x66, 0x3b, 0x6b, 0xc6, 0x12, 0x8e, 0x3e, 0x69, 0xc1, 0xd0, + 0xad, 0x38, 0xf0, 0x7d, 0x92, 0x08, 0x15, 0x79, 0xa3, 0xe0, 0xa1, 0xb8, 0xc2, 0xa9, 0xeb, 0x3e, + 0x88, 0x06, 0x2c, 0xf9, 0xd2, 0xee, 0x92, 0xed, 0x86, 0xd7, 0x69, 0x76, 0xc5, 0xaa, 0x5c, 0xe4, + 0xcd, 0x58, 0xc2, 0x29, 0xaa, 0xeb, 0x73, 0xd4, 0x81, 0x34, 0xea, 0xbc, 0x2f, 0x50, 0x05, 0xdc, + 0xfe, 0x6b, 0x83, 0x70, 0x36, 0x77, 0x71, 0x50, 0x83, 0x8a, 0x99, 0x2c, 0x97, 0x5c, 0x8f, 0xc8, + 0x28, 0x2d, 0x66, 0x50, 0xdd, 0x50, 0xad, 0xd8, 0xc0, 0x40, 0x3f, 0x05, 0x10, 0x3a, 0x91, 0xd3, + 0x26, 0xca, 0x3d, 0x7d, 0x64, 0xbb, 0x85, 0xf6, 0x63, 0x59, 0xd2, 0xd4, 0x5b, 0x74, 0xd5, 0x14, + 0x63, 0x83, 0x25, 0x7a, 0x1e, 0x86, 0x23, 0xe2, 0x11, 0x27, 0x66, 0xd1, 0xcf, 0xd9, 0x54, 0x0e, + 0xac, 0x41, 0xd8, 0xc4, 0x43, 0x4f, 0xaa, 0x80, 0xb6, 0x4c, 0x60, 0x4f, 0x3a, 0xa8, 0x0d, 0xbd, + 0x61, 0xc1, 0xd8, 0xba, 0xeb, 0x11, 0xcd, 0x5d, 0x24, 0x5e, 0x2c, 0x1d, 0xfd, 0x25, 0x2f, 0x99, + 0x74, 0xb5, 0x84, 0x4c, 0x35, 0xc7, 0x38, 0xc3, 0x9e, 0x7e, 0xe6, 0x2d, 0x12, 0x31, 0xd1, 0x3a, + 0x98, 0xfe, 0xcc, 0x37, 0x78, 0x33, 0x96, 0x70, 0x34, 0x0d, 0x27, 0x42, 0x27, 0x8e, 0x67, 0x22, + 0xd2, 0x24, 0x7e, 0xe2, 0x3a, 0x1e, 0x4f, 0x8b, 0xa8, 0xea, 0xb0, 0xe8, 0xe5, 0x34, 0x18, 0x67, + 0xf1, 0xd1, 0x07, 0xe1, 0x61, 0xee, 0xff, 0x59, 0x74, 0xe3, 0xd8, 0xf5, 0x5b, 0x7a, 0x1a, 0x08, + 0x37, 0xd8, 0x84, 0x20, 0xf5, 0xf0, 0x7c, 0x3e, 0x1a, 0xee, 0xf5, 0x3c, 0x7a, 0x1a, 0xaa, 0xf1, + 0xa6, 0x1b, 0xce, 0x44, 0xcd, 0x98, 0x9d, 0xfd, 0x54, 0xb5, 0xd3, 0x75, 0x45, 0xb4, 0x63, 0x85, + 0x81, 0x1a, 0x30, 0xc2, 0x3f, 0x09, 0x8f, 0xc8, 0x13, 0xf2, 0xf1, 0x99, 0x9e, 0x6a, 0x5a, 0x64, + 0xf9, 0x4d, 0x62, 0xe7, 0xf6, 0x45, 0x79, 0x12, 0xc5, 0x0f, 0x4e, 0x6e, 0x18, 0x64, 0x70, 0x8a, + 0xa8, 0xfd, 0xf3, 0xa5, 0xf4, 0xce, 0xdf, 0x5c, 0xa4, 0x28, 0xa6, 0x4b, 0x31, 0xb9, 0xe1, 0x44, + 0x52, 0x61, 0x1f, 0x31, 0x7b, 0x43, 0xd0, 0xbd, 0xe1, 0x44, 0xe6, 0xa2, 0x66, 0x0c, 0xb0, 0xe4, + 0x84, 0x6e, 0xc1, 0x40, 0xe2, 0x39, 0x05, 0xa5, 0x7b, 0x19, 0x1c, 0xb5, 0x23, 0x66, 0x61, 0x3a, + 0xc6, 0x8c, 0x07, 0x7a, 0x94, 0xee, 0x3e, 0xd6, 0xe4, 0x49, 0x91, 0xd8, 0x30, 0xac, 0xc5, 0x98, + 0xb5, 0xda, 0x77, 0x21, 0x47, 0xae, 0x2a, 0x45, 0x86, 0x2e, 0x00, 0xd0, 0x8d, 0xec, 0x72, 0x44, + 0xd6, 0xdd, 0x6d, 0x61, 0x48, 0xa8, 0xb5, 0x7b, 0x4d, 0x41, 0xb0, 0x81, 0x25, 0x9f, 0x59, 0xe9, + 0xac, 0xd3, 0x67, 0x4a, 0xdd, 0xcf, 0x70, 0x08, 0x36, 0xb0, 0xd0, 0x73, 0x30, 0xe8, 0xb6, 0x9d, + 0x96, 0x8a, 0x44, 0x7d, 0x94, 0x2e, 0xda, 0x79, 0xd6, 0x72, 0x77, 0x77, 0x62, 0x4c, 0x75, 0x88, + 0x35, 0x61, 0x81, 0x8b, 0x7e, 0xd9, 0x82, 0x91, 0x46, 0xd0, 0x6e, 0x07, 0x3e, 0xdf, 0xfe, 0x89, + 0xbd, 0xec, 0xad, 0xe3, 0x52, 0xf3, 0x93, 0x33, 0x06, 0x33, 0xbe, 0x99, 0x55, 0x79, 0x69, 0x26, + 0x08, 0xa7, 0x7a, 0x65, 0xae, 0xed, 0xca, 0x3e, 0x6b, 0xfb, 0xd7, 0x2c, 0x38, 0xc5, 0x9f, 0x35, + 0x76, 0xa5, 0x22, 0x05, 0x2b, 0x38, 0xe6, 0xd7, 0xea, 0xda, 0xa8, 0x2b, 0x67, 0x65, 0x17, 0x1c, + 0x77, 0x77, 0x12, 0xcd, 0xc1, 0xa9, 0xf5, 0x20, 0x6a, 0x10, 0x73, 0x20, 0x84, 0x60, 0x52, 0x84, + 0x2e, 0x65, 0x11, 0x70, 0xf7, 0x33, 0xe8, 0x06, 0x3c, 0x64, 0x34, 0x9a, 0xe3, 0xc0, 0x65, 0xd3, + 0xe3, 0x82, 0xda, 0x43, 0x97, 0x72, 0xb1, 0x70, 0x8f, 0xa7, 0xd3, 0x8e, 0x9b, 0x5a, 0x1f, 0x8e, + 0x9b, 0x57, 0xe1, 0x91, 0x46, 0xf7, 0xc8, 0x6c, 0xc5, 0x9d, 0xb5, 0x98, 0x4b, 0xaa, 0x6a, 0xfd, + 0x07, 0x04, 0x81, 0x47, 0x66, 0x7a, 0x21, 0xe2, 0xde, 0x34, 0xd0, 0x47, 0xa1, 0x1a, 0x11, 0xf6, + 0x55, 0x62, 0x91, 0x8f, 0x74, 0xc4, 0xdd, 0xba, 0xb6, 0x40, 0x39, 0x59, 0x2d, 0x7b, 0x45, 0x43, + 0x8c, 0x15, 0x47, 0x74, 0x1b, 0x86, 0x42, 0x27, 0x69, 0x6c, 0x88, 0x2c, 0xa4, 0x23, 0xfb, 0x96, + 0x15, 0x73, 0x76, 0x14, 0x60, 0xe4, 0x2d, 0x73, 0x26, 0x58, 0x72, 0xa3, 0xd6, 0x48, 0x23, 0x68, + 0x87, 0x81, 0x4f, 0xfc, 0x24, 0x1e, 0x1f, 0xd5, 0xd6, 0xc8, 0x8c, 0x6a, 0xc5, 0x06, 0x06, 0x5a, + 0x86, 0x33, 0xcc, 0x77, 0x75, 0xd3, 0x4d, 0x36, 0x82, 0x4e, 0x22, 0xb7, 0x62, 0xe3, 0x63, 0xe9, + 0x13, 0x9b, 0x85, 0x1c, 0x1c, 0x9c, 0xfb, 0xe4, 0xb9, 0xf7, 0xc3, 0xa9, 0xae, 0xa5, 0x7c, 0x20, + 0xb7, 0xd1, 0x2c, 0x3c, 0x94, 0xbf, 0x68, 0x0e, 0xe4, 0x3c, 0xfa, 0x47, 0x99, 0xe8, 0x61, 0xc3, + 0x90, 0xee, 0xc3, 0x11, 0xe9, 0x40, 0x99, 0xf8, 0x5b, 0x42, 0x87, 0x5c, 0x3a, 0xda, 0xb7, 0xbb, + 0xe8, 0x6f, 0xf1, 0x35, 0xcf, 0xbc, 0x2d, 0x17, 0xfd, 0x2d, 0x4c, 0x69, 0xa3, 0x2f, 0x5b, 0x29, + 0x43, 0x90, 0xbb, 0x2f, 0x3f, 0x7c, 0x2c, 0x3b, 0x87, 0xbe, 0x6d, 0x43, 0xfb, 0xdf, 0x96, 0xe0, + 0xfc, 0x7e, 0x44, 0xfa, 0x18, 0xbe, 0x27, 0x60, 0x30, 0x66, 0xf1, 0x00, 0x42, 0x28, 0x0f, 0xd3, + 0xb9, 0xca, 0x23, 0x04, 0x5e, 0xc5, 0x02, 0x84, 0x3c, 0x28, 0xb7, 0x9d, 0x50, 0x78, 0xb5, 0xe6, + 0x8f, 0x9a, 0x4f, 0x44, 0xff, 0x3b, 0xde, 0xa2, 0x13, 0x72, 0x5f, 0x89, 0xd1, 0x80, 0x29, 0x1b, + 0x94, 0x40, 0xc5, 0x89, 0x22, 0x47, 0x1e, 0x3e, 0x5f, 0x2d, 0x86, 0xdf, 0x34, 0x25, 0xc9, 0xcf, + 0xee, 0x52, 0x4d, 0x98, 0x33, 0xb3, 0x3f, 0x3f, 0x94, 0xca, 0xa9, 0x61, 0x11, 0x05, 0x31, 0x0c, + 0x0a, 0x67, 0x96, 0x55, 0x74, 0x1a, 0x17, 0x4f, 0x8a, 0x64, 0xfb, 0x44, 0x91, 0x5a, 0x2e, 0x58, + 0xa1, 0xcf, 0x59, 0x2c, 0x81, 0x5b, 0xe6, 0x19, 0x89, 0xdd, 0xd9, 0xf1, 0xe4, 0x93, 0x9b, 0x69, + 0xe1, 0xb2, 0x11, 0x9b, 0xdc, 0x45, 0x21, 0x06, 0x66, 0x95, 0x76, 0x17, 0x62, 0x60, 0x56, 0xa6, + 0x84, 0xa3, 0xed, 0x9c, 0xc8, 0x81, 0x02, 0x92, 0x80, 0xfb, 0x88, 0x15, 0xf8, 0xba, 0x05, 0xa7, + 0xdc, 0xec, 0x11, 0xb0, 0xd8, 0xcb, 0xdc, 0x2c, 0xc6, 0xf3, 0xd4, 0x7d, 0xc2, 0xac, 0xd4, 0x79, + 0x17, 0x08, 0x77, 0x77, 0x06, 0x35, 0x61, 0xc0, 0xf5, 0xd7, 0x03, 0x61, 0xc4, 0xd4, 0x8f, 0xd6, + 0xa9, 0x79, 0x7f, 0x3d, 0xd0, 0xab, 0x99, 0xfe, 0xc3, 0x8c, 0x3a, 0x5a, 0x80, 0x33, 0x91, 0xf0, + 0x36, 0x5d, 0x76, 0xe3, 0x24, 0x88, 0x76, 0x16, 0xdc, 0xb6, 0x9b, 0x30, 0x03, 0xa4, 0x5c, 0x1f, + 0xa7, 0xfa, 0x01, 0xe7, 0xc0, 0x71, 0xee, 0x53, 0xe8, 0x75, 0x18, 0x92, 0xc7, 0xae, 0xd5, 0x22, + 0xf6, 0x85, 0xdd, 0xf3, 0x5f, 0x4d, 0xa6, 0x15, 0x71, 0xee, 0x2a, 0x19, 0xda, 0x6f, 0x0c, 0x43, + 0xf7, 0xe9, 0x70, 0xfa, 0x28, 0xd8, 0xba, 0xd7, 0x47, 0xc1, 0x74, 0xc3, 0x12, 0xeb, 0x53, 0xdc, + 0x02, 0xe6, 0xb6, 0xe0, 0xaa, 0x4f, 0xe8, 0x76, 0xfc, 0x06, 0x66, 0x3c, 0x50, 0x04, 0x83, 0x1b, + 0xc4, 0xf1, 0x92, 0x8d, 0x62, 0x0e, 0x13, 0x2e, 0x33, 0x5a, 0xd9, 0x5c, 0x28, 0xde, 0x8a, 0x05, + 0x27, 0xb4, 0x0d, 0x43, 0x1b, 0x7c, 0x02, 0x88, 0x3d, 0xc4, 0xe2, 0x51, 0x07, 0x37, 0x35, 0xab, + 0xf4, 0xe7, 0x16, 0x0d, 0x58, 0xb2, 0x63, 0x61, 0x47, 0x46, 0x60, 0x04, 0x5f, 0xba, 0xc5, 0xa5, + 0x81, 0xf5, 0x1f, 0x15, 0xf1, 0x11, 0x18, 0x89, 0x48, 0x23, 0xf0, 0x1b, 0xae, 0x47, 0x9a, 0xd3, + 0xf2, 0xa0, 0xe0, 0x20, 0xc9, 0x43, 0x6c, 0x1f, 0x8e, 0x0d, 0x1a, 0x38, 0x45, 0x11, 0x7d, 0xd6, + 0x82, 0x31, 0x95, 0x3a, 0x4b, 0x3f, 0x08, 0x11, 0x0e, 0xe1, 0x85, 0x82, 0x12, 0x75, 0x19, 0xcd, + 0x3a, 0xba, 0xb3, 0x3b, 0x31, 0x96, 0x6e, 0xc3, 0x19, 0xbe, 0xe8, 0x65, 0x80, 0x60, 0x8d, 0xc7, + 0x16, 0x4d, 0x27, 0xc2, 0x3b, 0x7c, 0x90, 0x57, 0x1d, 0xe3, 0x59, 0x84, 0x92, 0x02, 0x36, 0xa8, + 0xa1, 0xab, 0x00, 0x7c, 0xd9, 0xac, 0xee, 0x84, 0x72, 0xa3, 0x21, 0xb3, 0xbf, 0x60, 0x45, 0x41, + 0xee, 0xee, 0x4e, 0x74, 0x7b, 0xeb, 0x58, 0x00, 0x85, 0xf1, 0x38, 0xfa, 0x49, 0x18, 0x8a, 0x3b, + 0xed, 0xb6, 0xa3, 0x7c, 0xc7, 0x05, 0xe6, 0x25, 0x72, 0xba, 0x86, 0x28, 0xe2, 0x0d, 0x58, 0x72, + 0x44, 0xb7, 0xa8, 0x50, 0x8d, 0x85, 0x1b, 0x91, 0xad, 0x22, 0x6e, 0x13, 0x0c, 0xb3, 0x77, 0x7a, + 0x8f, 0x34, 0xbc, 0x71, 0x0e, 0xce, 0xdd, 0xdd, 0x89, 0x87, 0xd2, 0xed, 0x0b, 0x81, 0xc8, 0x14, + 0xcc, 0xa5, 0x89, 0xae, 0xc8, 0x02, 0x34, 0xf4, 0xb5, 0x65, 0x5d, 0x84, 0xa7, 0x74, 0x01, 0x1a, + 0xd6, 0xdc, 0x7b, 0xcc, 0xcc, 0x87, 0xd1, 0x22, 0x9c, 0x6e, 0x04, 0x7e, 0x12, 0x05, 0x9e, 0xc7, + 0x0b, 0x30, 0xf1, 0x3d, 0x1f, 0xf7, 0x2d, 0xbf, 0x5d, 0x74, 0xfb, 0xf4, 0x4c, 0x37, 0x0a, 0xce, + 0x7b, 0xce, 0xf6, 0xd3, 0xe7, 0x3c, 0x62, 0x70, 0x9e, 0x83, 0x11, 0xb2, 0x9d, 0x90, 0xc8, 0x77, + 0xbc, 0xeb, 0x78, 0x41, 0x7a, 0x55, 0xd9, 0x1a, 0xb8, 0x68, 0xb4, 0xe3, 0x14, 0x16, 0xb2, 0x95, + 0xa3, 0xc3, 0xc8, 0x7e, 0xe5, 0x8e, 0x0e, 0xe9, 0xd6, 0xb0, 0xff, 0x77, 0x29, 0x65, 0x90, 0xdd, + 0x97, 0x53, 0x25, 0x56, 0xc6, 0x43, 0xd6, 0x3b, 0x61, 0x00, 0xb1, 0xd1, 0x28, 0x92, 0xb3, 0x2a, + 0xe3, 0xb1, 0x64, 0x32, 0xc2, 0x69, 0xbe, 0x68, 0x13, 0x2a, 0x1b, 0x41, 0x9c, 0xc8, 0xed, 0xc7, + 0x11, 0x77, 0x3a, 0x97, 0x83, 0x38, 0x61, 0x56, 0x84, 0x7a, 0x6d, 0xda, 0x12, 0x63, 0xce, 0xc3, + 0xfe, 0x2f, 0x56, 0xca, 0x87, 0x7e, 0x93, 0x05, 0x20, 0x6f, 0x11, 0x9f, 0x2e, 0x6b, 0x33, 0xe4, + 0xe9, 0x47, 0x32, 0xe9, 0x9c, 0xef, 0xe8, 0x55, 0x5f, 0xec, 0x36, 0xa5, 0x30, 0xc9, 0x48, 0x18, + 0xd1, 0x51, 0x9f, 0xb0, 0xd2, 0x89, 0xb5, 0xa5, 0x22, 0x36, 0x18, 0x66, 0x72, 0xf9, 0xbe, 0x39, + 0xba, 0xf6, 0x97, 0x2d, 0x18, 0xaa, 0x3b, 0x8d, 0xcd, 0x60, 0x7d, 0x1d, 0x3d, 0x0d, 0xd5, 0x66, + 0x27, 0x32, 0x73, 0x7c, 0x95, 0xe3, 0x60, 0x56, 0xb4, 0x63, 0x85, 0x41, 0xe7, 0xf0, 0xba, 0xd3, + 0x90, 0x29, 0xe6, 0x65, 0x3e, 0x87, 0x2f, 0xb1, 0x16, 0x2c, 0x20, 0xe8, 0x79, 0x18, 0x6e, 0x3b, + 0xdb, 0xf2, 0xe1, 0xac, 0x03, 0x7f, 0x51, 0x83, 0xb0, 0x89, 0x67, 0xff, 0x0b, 0x0b, 0xc6, 0xeb, + 0x4e, 0xec, 0x36, 0xa6, 0x3b, 0xc9, 0x46, 0xdd, 0x4d, 0xd6, 0x3a, 0x8d, 0x4d, 0x92, 0xf0, 0xba, + 0x02, 0xb4, 0x97, 0x9d, 0x98, 0x2e, 0x25, 0xb5, 0xaf, 0x53, 0xbd, 0xbc, 0x2e, 0xda, 0xb1, 0xc2, + 0x40, 0xaf, 0xc3, 0x70, 0xe8, 0xc4, 0xf1, 0xed, 0x20, 0x6a, 0x62, 0xb2, 0x5e, 0x4c, 0x55, 0x8f, + 0x15, 0xd2, 0x88, 0x48, 0x82, 0xc9, 0xba, 0x38, 0xec, 0xd6, 0xf4, 0xb1, 0xc9, 0xcc, 0xfe, 0xa2, + 0x05, 0x8f, 0xd4, 0x89, 0x13, 0x91, 0x88, 0x15, 0x01, 0x51, 0x2f, 0x32, 0xe3, 0x05, 0x9d, 0x26, + 0x7a, 0x0d, 0xaa, 0x09, 0x6d, 0xa6, 0xdd, 0xb2, 0x8a, 0xed, 0x16, 0x3b, 0xab, 0x5e, 0x15, 0xc4, + 0xb1, 0x62, 0x63, 0xff, 0x75, 0x0b, 0x46, 0xd8, 0x71, 0xdb, 0x2c, 0x49, 0x1c, 0xd7, 0xeb, 0xaa, + 0x95, 0x65, 0xf5, 0x59, 0x2b, 0xeb, 0x3c, 0x0c, 0x6c, 0x04, 0x6d, 0x92, 0x3d, 0x2a, 0xbe, 0x1c, + 0xd0, 0x6d, 0x35, 0x85, 0xa0, 0x67, 0xe9, 0x87, 0x77, 0xfd, 0xc4, 0xa1, 0x4b, 0x40, 0xba, 0x73, + 0x4f, 0xf0, 0x8f, 0xae, 0x9a, 0xb1, 0x89, 0x63, 0xff, 0x66, 0x0d, 0x86, 0x44, 0x5c, 0x43, 0xdf, + 0xb5, 0x25, 0xe4, 0xfe, 0xbe, 0xd4, 0x73, 0x7f, 0x1f, 0xc3, 0x60, 0x83, 0x15, 0xed, 0x13, 0x66, + 0xe4, 0xd5, 0x42, 0x02, 0x61, 0x78, 0x1d, 0x40, 0xdd, 0x2d, 0xfe, 0x1f, 0x0b, 0x56, 0xe8, 0x4b, + 0x16, 0x9c, 0x68, 0x04, 0xbe, 0x4f, 0x1a, 0xda, 0xc6, 0x19, 0x28, 0x22, 0xde, 0x61, 0x26, 0x4d, + 0x54, 0x9f, 0xf5, 0x64, 0x00, 0x38, 0xcb, 0x1e, 0xbd, 0x08, 0xa3, 0x7c, 0xcc, 0x6e, 0xa4, 0x7c, + 0xd0, 0xba, 0x84, 0x92, 0x09, 0xc4, 0x69, 0x5c, 0x34, 0xc9, 0x7d, 0xf9, 0xa2, 0x58, 0xd1, 0xa0, + 0x76, 0xd5, 0x19, 0x65, 0x8a, 0x0c, 0x0c, 0x14, 0x01, 0x8a, 0xc8, 0x7a, 0x44, 0xe2, 0x0d, 0x11, + 0xf7, 0xc1, 0xec, 0xab, 0xa1, 0xc3, 0xe5, 0xa1, 0xe3, 0x2e, 0x4a, 0x38, 0x87, 0x3a, 0xda, 0x14, + 0x1b, 0xcc, 0x6a, 0x11, 0x32, 0x54, 0x7c, 0xe6, 0x9e, 0xfb, 0xcc, 0x09, 0xa8, 0xc4, 0x1b, 0x4e, + 0xd4, 0x64, 0x76, 0x5d, 0x99, 0xe7, 0x3e, 0xad, 0xd0, 0x06, 0xcc, 0xdb, 0xd1, 0x2c, 0x9c, 0xcc, + 0x14, 0x80, 0x8a, 0x85, 0xaf, 0x58, 0xe5, 0xb9, 0x64, 0x4a, 0x47, 0xc5, 0xb8, 0xeb, 0x09, 0xd3, + 0xf9, 0x30, 0xbc, 0x8f, 0xf3, 0x61, 0x47, 0x45, 0x17, 0x72, 0x2f, 0xee, 0x4b, 0x85, 0x0c, 0x40, + 0x5f, 0xa1, 0x84, 0x5f, 0xc8, 0x84, 0x12, 0x8e, 0xb2, 0x0e, 0xdc, 0x28, 0xa6, 0x03, 0x07, 0x8f, + 0x1b, 0xbc, 0x9f, 0x71, 0x80, 0x7f, 0x6e, 0x81, 0xfc, 0xae, 0x33, 0x4e, 0x63, 0x83, 0xd0, 0x29, + 0x83, 0xde, 0x07, 0x63, 0x6a, 0x0b, 0x3d, 0x13, 0x74, 0x7c, 0x1e, 0x02, 0x58, 0xd6, 0x87, 0xc2, + 0x38, 0x05, 0xc5, 0x19, 0x6c, 0x34, 0x05, 0x35, 0x3a, 0x4e, 0xfc, 0x51, 0xae, 0x6b, 0xd5, 0x36, + 0x7d, 0x7a, 0x79, 0x5e, 0x3c, 0xa5, 0x71, 0x50, 0x00, 0xa7, 0x3c, 0x27, 0x4e, 0x58, 0x0f, 0xe8, + 0x8e, 0xfa, 0x90, 0x55, 0x20, 0x58, 0x32, 0xc5, 0x42, 0x96, 0x10, 0xee, 0xa6, 0x6d, 0x7f, 0x7b, + 0x00, 0x46, 0x53, 0x92, 0xf1, 0x80, 0x4a, 0xfa, 0x69, 0xa8, 0x4a, 0xbd, 0x99, 0xad, 0x57, 0xa3, + 0x94, 0xab, 0xc2, 0xa0, 0x4a, 0x6b, 0x4d, 0x6b, 0xd5, 0xac, 0x51, 0x61, 0x28, 0x5c, 0x6c, 0xe2, + 0x31, 0xa1, 0x9c, 0x78, 0xf1, 0x8c, 0xe7, 0x12, 0x3f, 0xe1, 0xdd, 0x2c, 0x46, 0x28, 0xaf, 0x2e, + 0xac, 0x98, 0x44, 0xb5, 0x50, 0xce, 0x00, 0x70, 0x96, 0x3d, 0xfa, 0xb4, 0x05, 0xa3, 0xce, 0xed, + 0x58, 0x57, 0x96, 0x15, 0x41, 0x83, 0x47, 0x54, 0x52, 0xa9, 0x62, 0xb5, 0xdc, 0xe5, 0x9b, 0x6a, + 0xc2, 0x69, 0xa6, 0xe8, 0x4d, 0x0b, 0x10, 0xd9, 0x26, 0x0d, 0x19, 0xd6, 0x28, 0xfa, 0x32, 0x58, + 0xc4, 0x4e, 0xf3, 0x62, 0x17, 0x5d, 0x2e, 0xd5, 0xbb, 0xdb, 0x71, 0x4e, 0x1f, 0xec, 0x7f, 0x5a, + 0x56, 0x0b, 0x4a, 0x47, 0xd2, 0x3a, 0x46, 0x44, 0x9f, 0x75, 0xf8, 0x88, 0x3e, 0x1d, 0x91, 0xd0, + 0x9d, 0x5c, 0x9a, 0xca, 0x45, 0x2b, 0xdd, 0xa7, 0x5c, 0xb4, 0x9f, 0xb6, 0x52, 0x95, 0x99, 0x86, + 0x2f, 0xbc, 0x5c, 0x6c, 0x14, 0xef, 0x24, 0x8f, 0x96, 0xc8, 0x48, 0xf7, 0x74, 0x90, 0x0c, 0x95, + 0xa6, 0x06, 0xda, 0x81, 0xa4, 0xe1, 0xbf, 0x2f, 0xc3, 0xb0, 0xa1, 0x49, 0x73, 0xcd, 0x22, 0xeb, + 0x01, 0x33, 0x8b, 0x4a, 0x07, 0x30, 0x8b, 0x7e, 0x0a, 0x6a, 0x0d, 0x29, 0xe5, 0x8b, 0xa9, 0x4d, + 0x9c, 0xd5, 0x1d, 0x5a, 0xd0, 0xab, 0x26, 0xac, 0x79, 0xa2, 0xb9, 0x54, 0x06, 0x93, 0xd0, 0x10, + 0x03, 0x4c, 0x43, 0xe4, 0xa5, 0x18, 0x09, 0x4d, 0xd1, 0xfd, 0x0c, 0x2b, 0xe0, 0x15, 0xba, 0xe2, + 0xbd, 0x64, 0xac, 0x3d, 0x2f, 0xe0, 0xb5, 0x3c, 0x2f, 0x9b, 0xb1, 0x89, 0x63, 0x7f, 0xdb, 0x52, + 0x1f, 0xf7, 0x1e, 0x94, 0xaa, 0xb8, 0x95, 0x2e, 0x55, 0x71, 0xb1, 0x90, 0x61, 0xee, 0x51, 0xa3, + 0xe2, 0x1a, 0x0c, 0xcd, 0x04, 0xed, 0xb6, 0xe3, 0x37, 0xd1, 0x0f, 0xc1, 0x50, 0x83, 0xff, 0x14, + 0x8e, 0x1d, 0x76, 0x3c, 0x28, 0xa0, 0x58, 0xc2, 0xd0, 0xa3, 0x30, 0xe0, 0x44, 0x2d, 0xe9, 0xcc, + 0x61, 0xc1, 0x35, 0xd3, 0x51, 0x2b, 0xc6, 0xac, 0xd5, 0xfe, 0x87, 0x03, 0xc0, 0xce, 0xb4, 0x9d, + 0x88, 0x34, 0x57, 0x03, 0x56, 0x1b, 0xf1, 0x58, 0x0f, 0xd5, 0xf4, 0x66, 0xe9, 0x41, 0x3e, 0x58, + 0x33, 0x0e, 0x57, 0xca, 0xf7, 0xf8, 0x70, 0xa5, 0xc7, 0x79, 0xd9, 0xc0, 0x03, 0x74, 0x5e, 0x66, + 0x7f, 0xde, 0x02, 0xa4, 0x02, 0x21, 0xf4, 0x81, 0xf6, 0x14, 0xd4, 0x54, 0x48, 0x84, 0x30, 0xac, + 0xb4, 0x88, 0x90, 0x00, 0xac, 0x71, 0xfa, 0xd8, 0x21, 0x3f, 0x21, 0xe5, 0x77, 0x39, 0x1d, 0x97, + 0xcb, 0xa4, 0xbe, 0x10, 0xe7, 0xf6, 0x6f, 0x95, 0xe0, 0x21, 0xae, 0x92, 0x17, 0x1d, 0xdf, 0x69, + 0x91, 0x36, 0xed, 0x55, 0xbf, 0x21, 0x0a, 0x0d, 0xba, 0x35, 0x73, 0x65, 0x9c, 0xed, 0x51, 0xd7, + 0x2e, 0x5f, 0x73, 0x7c, 0x95, 0xcd, 0xfb, 0x6e, 0x82, 0x19, 0x71, 0x14, 0x43, 0x55, 0x16, 0xee, + 0x17, 0xb2, 0xb8, 0x20, 0x46, 0x4a, 0x2c, 0x09, 0xbd, 0x49, 0xb0, 0x62, 0x44, 0x0d, 0x57, 0x2f, + 0x68, 0x6c, 0x62, 0x12, 0x06, 0x4c, 0xee, 0x1a, 0x61, 0x8e, 0x0b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, + 0xb7, 0x2c, 0xc8, 0x6a, 0x24, 0xa3, 0x08, 0x9d, 0xb5, 0x67, 0x11, 0xba, 0x03, 0x54, 0x81, 0xfb, + 0x09, 0x18, 0x76, 0x12, 0x6a, 0x44, 0xf0, 0x6d, 0x77, 0xf9, 0x70, 0xc7, 0x1a, 0x8b, 0x41, 0xd3, + 0x5d, 0x77, 0xd9, 0x76, 0xdb, 0x24, 0x67, 0xff, 0x8f, 0x01, 0x38, 0xd5, 0x95, 0x95, 0x82, 0x5e, + 0x80, 0x91, 0x86, 0x98, 0x1e, 0xa1, 0x74, 0x68, 0xd5, 0xcc, 0xb0, 0x38, 0x0d, 0xc3, 0x29, 0xcc, + 0x3e, 0x26, 0xe8, 0x3c, 0x9c, 0x8e, 0xe8, 0x46, 0xbf, 0x43, 0xa6, 0xd7, 0x13, 0x12, 0xad, 0x90, + 0x46, 0xe0, 0x37, 0x79, 0xa9, 0xc4, 0x72, 0xfd, 0xe1, 0x3b, 0xbb, 0x13, 0xa7, 0x71, 0x37, 0x18, + 0xe7, 0x3d, 0x83, 0x42, 0x18, 0xf5, 0x4c, 0x1b, 0x50, 0x6c, 0x00, 0x0e, 0x65, 0x3e, 0x2a, 0x1b, + 0x21, 0xd5, 0x8c, 0xd3, 0x0c, 0xd2, 0x86, 0x64, 0xe5, 0x3e, 0x19, 0x92, 0x9f, 0xd2, 0x86, 0x24, + 0x3f, 0x7f, 0xff, 0x50, 0xc1, 0x59, 0x49, 0xc7, 0x6d, 0x49, 0xbe, 0x04, 0x55, 0x19, 0x9b, 0xd4, + 0x57, 0x4c, 0x8f, 0x49, 0xa7, 0x87, 0x44, 0x7b, 0x12, 0x7e, 0xf0, 0x62, 0x14, 0x19, 0x83, 0x79, + 0x2d, 0x48, 0xa6, 0x3d, 0x2f, 0xb8, 0x4d, 0x95, 0xf4, 0xf5, 0x98, 0x08, 0x0f, 0x8b, 0x7d, 0xb7, + 0x04, 0x39, 0x9b, 0x15, 0xba, 0x1e, 0xb5, 0x65, 0x90, 0x5a, 0x8f, 0x07, 0xb3, 0x0e, 0xd0, 0x36, + 0x8f, 0xdf, 0xe2, 0x3a, 0xf0, 0x83, 0x45, 0x6f, 0xb6, 0x74, 0x48, 0x97, 0x4a, 0xa6, 0x50, 0x61, + 0x5d, 0x17, 0x00, 0xb4, 0x41, 0x27, 0x42, 0xe5, 0xd5, 0xf1, 0xb0, 0xb6, 0xfb, 0xb0, 0x81, 0x45, + 0xf7, 0xde, 0xae, 0x1f, 0x27, 0x8e, 0xe7, 0x5d, 0x76, 0xfd, 0x44, 0x38, 0x11, 0x95, 0xb2, 0x9f, + 0xd7, 0x20, 0x6c, 0xe2, 0x9d, 0x7b, 0x8f, 0xf1, 0xfd, 0x0e, 0xf2, 0xdd, 0x37, 0xe0, 0x91, 0x39, + 0x37, 0x51, 0x09, 0x1e, 0x6a, 0xbe, 0x51, 0x7b, 0x4d, 0x25, 0x2c, 0x59, 0x3d, 0x13, 0x96, 0x8c, + 0x04, 0x8b, 0x52, 0x3a, 0x1f, 0x24, 0x9b, 0x60, 0x61, 0xbf, 0x00, 0x67, 0xe6, 0xdc, 0xe4, 0x92, + 0xeb, 0x91, 0x03, 0x32, 0xb1, 0x7f, 0x63, 0x10, 0x46, 0xcc, 0x54, 0xc5, 0x83, 0xe4, 0x5c, 0x7d, + 0x91, 0x9a, 0x64, 0xe2, 0xed, 0x5c, 0x75, 0xb8, 0x76, 0xf3, 0xc8, 0x79, 0x93, 0xf9, 0x23, 0x66, + 0x58, 0x65, 0x9a, 0x27, 0x36, 0x3b, 0x80, 0x6e, 0x43, 0x65, 0x9d, 0x25, 0x00, 0x94, 0x8b, 0x88, + 0x40, 0xc8, 0x1b, 0x51, 0xbd, 0x1c, 0x79, 0x0a, 0x01, 0xe7, 0x47, 0x35, 0x69, 0x94, 0xce, 0x2a, + 0x33, 0x82, 0x56, 0x45, 0x3e, 0x99, 0xc2, 0xe8, 0xa5, 0x12, 0x2a, 0x87, 0x50, 0x09, 0x29, 0x01, + 0x3d, 0x78, 0x9f, 0x04, 0x34, 0x4b, 0xe6, 0x48, 0x36, 0x98, 0x9d, 0x27, 0xa2, 0xec, 0x87, 0xd8, + 0x20, 0x18, 0xc9, 0x1c, 0x29, 0x30, 0xce, 0xe2, 0xa3, 0x8f, 0x2b, 0x11, 0x5f, 0x2d, 0xc2, 0xff, + 0x6a, 0xce, 0xe8, 0xe3, 0x96, 0xee, 0x9f, 0x2f, 0xc1, 0xd8, 0x9c, 0xdf, 0x59, 0x9e, 0x5b, 0xee, + 0xac, 0x79, 0x6e, 0xe3, 0x2a, 0xd9, 0xa1, 0x22, 0x7c, 0x93, 0xec, 0xcc, 0xcf, 0x8a, 0x15, 0xa4, + 0xe6, 0xcc, 0x55, 0xda, 0x88, 0x39, 0x8c, 0x0a, 0xa3, 0x75, 0xd7, 0x6f, 0x91, 0x28, 0x8c, 0x5c, + 0xe1, 0x1a, 0x35, 0x84, 0xd1, 0x25, 0x0d, 0xc2, 0x26, 0x1e, 0xa5, 0x1d, 0xdc, 0xf6, 0x49, 0x94, + 0x35, 0x78, 0x97, 0x68, 0x23, 0xe6, 0x30, 0x8a, 0x94, 0x44, 0x9d, 0x38, 0x11, 0x93, 0x51, 0x21, + 0xad, 0xd2, 0x46, 0xcc, 0x61, 0x74, 0xa5, 0xc7, 0x9d, 0x35, 0x16, 0xe0, 0x91, 0x09, 0xe9, 0x5f, + 0xe1, 0xcd, 0x58, 0xc2, 0x29, 0xea, 0x26, 0xd9, 0x99, 0xa5, 0xbb, 0xe3, 0x4c, 0x66, 0xcf, 0x55, + 0xde, 0x8c, 0x25, 0x9c, 0xd5, 0x82, 0x4c, 0x0f, 0xc7, 0xf7, 0x5c, 0x2d, 0xc8, 0x74, 0xf7, 0x7b, + 0xec, 0xb3, 0x7f, 0xc9, 0x82, 0x11, 0x33, 0x2c, 0x0b, 0xb5, 0x32, 0xb6, 0xf0, 0x52, 0x57, 0x29, + 0xe1, 0x1f, 0xcb, 0xbb, 0x87, 0xad, 0xe5, 0x26, 0x41, 0x18, 0x3f, 0x43, 0xfc, 0x96, 0xeb, 0x13, + 0x76, 0xda, 0xce, 0xc3, 0xb9, 0x52, 0x31, 0x5f, 0x33, 0x41, 0x93, 0x1c, 0xc2, 0x98, 0xb6, 0x6f, + 0xc2, 0xa9, 0xae, 0x74, 0xae, 0x3e, 0x4c, 0x90, 0x7d, 0x93, 0x69, 0x6d, 0x0c, 0xc3, 0x94, 0xb0, + 0xac, 0x47, 0x34, 0x03, 0xa7, 0xf8, 0x42, 0xa2, 0x9c, 0x56, 0x1a, 0x1b, 0xa4, 0xad, 0x52, 0xf4, + 0x98, 0x1f, 0xfe, 0x46, 0x16, 0x88, 0xbb, 0xf1, 0xed, 0x2f, 0x58, 0x30, 0x9a, 0xca, 0xb0, 0x2b, + 0xc8, 0x58, 0x62, 0x2b, 0x2d, 0x60, 0x51, 0x82, 0x2c, 0x54, 0xba, 0xcc, 0x94, 0xa9, 0x5e, 0x69, + 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xcb, 0x25, 0xa8, 0xca, 0x48, 0x8b, 0x3e, 0xba, 0xf2, 0x39, 0x0b, + 0x46, 0xd5, 0xd9, 0x07, 0x73, 0xaa, 0x95, 0x8a, 0x48, 0x87, 0xa0, 0x3d, 0x50, 0xdb, 0x72, 0x7f, + 0x3d, 0xd0, 0x96, 0x3b, 0x36, 0x99, 0xe1, 0x34, 0x6f, 0x74, 0x03, 0x20, 0xde, 0x89, 0x13, 0xd2, + 0x36, 0xdc, 0x7b, 0xb6, 0xb1, 0xe2, 0x26, 0x1b, 0x41, 0x44, 0xe8, 0xfa, 0xba, 0x16, 0x34, 0xc9, + 0x8a, 0xc2, 0xd4, 0x26, 0x94, 0x6e, 0xc3, 0x06, 0x25, 0xfb, 0xef, 0x97, 0xe0, 0x64, 0xb6, 0x4b, + 0xe8, 0x43, 0x30, 0x22, 0xb9, 0x1b, 0x57, 0xca, 0xc9, 0xf0, 0x92, 0x11, 0x6c, 0xc0, 0xee, 0xee, + 0x4e, 0x4c, 0x74, 0xdf, 0xe9, 0x37, 0x69, 0xa2, 0xe0, 0x14, 0x31, 0x7e, 0x00, 0x25, 0x4e, 0x4a, + 0xeb, 0x3b, 0xd3, 0x61, 0x28, 0x4e, 0x91, 0x8c, 0x03, 0x28, 0x13, 0x8a, 0x33, 0xd8, 0x68, 0x19, + 0xce, 0x18, 0x2d, 0xd7, 0x88, 0xdb, 0xda, 0x58, 0x0b, 0x22, 0xb9, 0x03, 0x7b, 0x54, 0x07, 0x80, + 0x75, 0xe3, 0xe0, 0xdc, 0x27, 0xa9, 0xb6, 0x6f, 0x38, 0xa1, 0xd3, 0x70, 0x93, 0x1d, 0xe1, 0xaf, + 0x54, 0xb2, 0x69, 0x46, 0xb4, 0x63, 0x85, 0x61, 0x2f, 0xc2, 0x40, 0x9f, 0x33, 0xa8, 0x2f, 0xcb, + 0xff, 0x25, 0xa8, 0x52, 0x72, 0xd2, 0xbc, 0x2b, 0x82, 0x64, 0x00, 0x55, 0x79, 0xd5, 0x0b, 0xb2, + 0xa1, 0xec, 0x3a, 0xf2, 0x8c, 0x4f, 0xbd, 0xd6, 0x7c, 0x1c, 0x77, 0xd8, 0x66, 0x9a, 0x02, 0xd1, + 0x13, 0x50, 0x26, 0xdb, 0x61, 0xf6, 0x30, 0xef, 0xe2, 0x76, 0xe8, 0x46, 0x24, 0xa6, 0x48, 0x64, + 0x3b, 0x44, 0xe7, 0xa0, 0xe4, 0x36, 0x85, 0x92, 0x02, 0x81, 0x53, 0x9a, 0x9f, 0xc5, 0x25, 0xb7, + 0x69, 0x6f, 0x43, 0x4d, 0xdd, 0x2d, 0x83, 0x36, 0xa5, 0xec, 0xb6, 0x8a, 0x08, 0x8d, 0x92, 0x74, + 0x7b, 0x48, 0xed, 0x0e, 0x80, 0x4e, 0x35, 0x2c, 0x4a, 0xbe, 0x9c, 0x87, 0x81, 0x46, 0x20, 0xd2, + 0xa0, 0xab, 0x9a, 0x0c, 0x13, 0xda, 0x0c, 0x62, 0xdf, 0x84, 0xb1, 0xab, 0x7e, 0x70, 0x9b, 0x15, + 0xc6, 0x67, 0x75, 0xe0, 0x28, 0xe1, 0x75, 0xfa, 0x23, 0x6b, 0x22, 0x30, 0x28, 0xe6, 0x30, 0x55, + 0xa1, 0xaa, 0xd4, 0xab, 0x42, 0x95, 0xfd, 0x09, 0x0b, 0x46, 0x54, 0xce, 0xd2, 0xdc, 0xd6, 0x26, + 0xa5, 0xdb, 0x8a, 0x82, 0x4e, 0x98, 0xa5, 0xcb, 0x6e, 0x7f, 0xc2, 0x1c, 0x66, 0x26, 0xf3, 0x95, + 0xf6, 0x49, 0xe6, 0x3b, 0x0f, 0x03, 0x9b, 0xae, 0xdf, 0xcc, 0x5e, 0x67, 0x72, 0xd5, 0xf5, 0x9b, + 0x98, 0x41, 0x68, 0x17, 0x4e, 0xaa, 0x2e, 0x48, 0x85, 0xf0, 0x02, 0x8c, 0xac, 0x75, 0x5c, 0xaf, + 0x29, 0x0b, 0xdc, 0x65, 0x3c, 0x2a, 0x75, 0x03, 0x86, 0x53, 0x98, 0x74, 0x5f, 0xb7, 0xe6, 0xfa, + 0x4e, 0xb4, 0xb3, 0xac, 0x35, 0x90, 0x12, 0x4a, 0x75, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0x46, 0x19, + 0xc6, 0xd2, 0x99, 0x5b, 0x7d, 0x6c, 0xaf, 0x9e, 0x80, 0x0a, 0x4b, 0xe6, 0xca, 0x7e, 0x5a, 0x5e, + 0x13, 0x8e, 0xc3, 0x50, 0x0c, 0x83, 0xbc, 0x0c, 0x44, 0x31, 0x57, 0x01, 0xa9, 0x4e, 0x2a, 0x3f, + 0x0c, 0x8b, 0x3b, 0x13, 0x95, 0x27, 0x04, 0x2b, 0xf4, 0x69, 0x0b, 0x86, 0x82, 0xd0, 0xac, 0x6c, + 0xf4, 0xc1, 0x22, 0xb3, 0xda, 0x44, 0x52, 0x8d, 0xb0, 0x88, 0xd5, 0xa7, 0x97, 0x9f, 0x43, 0xb2, + 0x3e, 0xf7, 0x5e, 0x18, 0x31, 0x31, 0xf7, 0x33, 0x8a, 0xab, 0xa6, 0x51, 0xfc, 0x39, 0x73, 0x52, + 0x88, 0xbc, 0xbd, 0x3e, 0x96, 0xdb, 0x75, 0xa8, 0x34, 0x54, 0xa0, 0xc0, 0xa1, 0xca, 0xa2, 0xaa, + 0xba, 0x0c, 0xec, 0xb0, 0x88, 0x53, 0xb3, 0xbf, 0x6d, 0x19, 0xf3, 0x03, 0x93, 0x78, 0xbe, 0x89, + 0x22, 0x28, 0xb7, 0xb6, 0x36, 0x85, 0x29, 0x7a, 0xa5, 0xa0, 0xe1, 0x9d, 0xdb, 0xda, 0xd4, 0x73, + 0xdc, 0x6c, 0xc5, 0x94, 0x59, 0x1f, 0xce, 0xc2, 0x54, 0x7a, 0x67, 0x79, 0xff, 0xf4, 0x4e, 0xfb, + 0xcd, 0x12, 0x9c, 0xea, 0x9a, 0x54, 0xe8, 0x75, 0xa8, 0x44, 0xf4, 0x2d, 0xc5, 0xeb, 0x2d, 0x14, + 0x96, 0x90, 0x19, 0xcf, 0x37, 0xb5, 0xde, 0x4d, 0xb7, 0x63, 0xce, 0x12, 0x5d, 0x01, 0xa4, 0xc3, + 0x59, 0x94, 0xa7, 0x92, 0xbf, 0xf2, 0x39, 0xf1, 0x28, 0x9a, 0xee, 0xc2, 0xc0, 0x39, 0x4f, 0xa1, + 0x17, 0xb3, 0x0e, 0xcf, 0x72, 0xfa, 0x7c, 0x73, 0x2f, 0xdf, 0xa5, 0xfd, 0xcf, 0x4a, 0x30, 0x9a, + 0x2a, 0x34, 0x85, 0x3c, 0xa8, 0x12, 0x8f, 0x39, 0xff, 0xa5, 0xb2, 0x39, 0x6a, 0xd9, 0x68, 0xa5, + 0x20, 0x2f, 0x0a, 0xba, 0x58, 0x71, 0x78, 0x30, 0x0e, 0xe1, 0x5f, 0x80, 0x11, 0xd9, 0xa1, 0x0f, + 0x3a, 0x6d, 0x4f, 0x0c, 0xa0, 0x9a, 0xa3, 0x17, 0x0d, 0x18, 0x4e, 0x61, 0xda, 0xbf, 0x5d, 0x86, + 0x71, 0x7e, 0x5a, 0xd2, 0x54, 0x33, 0x6f, 0x51, 0xee, 0xb7, 0xfe, 0xb2, 0x2e, 0x07, 0xc7, 0x07, + 0x72, 0xed, 0xa8, 0xb7, 0x34, 0xe4, 0x33, 0xea, 0x2b, 0x82, 0xeb, 0x6b, 0x99, 0x08, 0x2e, 0x6e, + 0x76, 0xb7, 0x8e, 0xa9, 0x47, 0xdf, 0x5b, 0x21, 0x5d, 0x7f, 0xa7, 0x04, 0x27, 0x32, 0x57, 0x60, + 0xa0, 0x37, 0xd2, 0x55, 0x93, 0xad, 0x22, 0x7c, 0xea, 0x7b, 0xde, 0x8a, 0x70, 0xb0, 0xda, 0xc9, + 0xf7, 0x69, 0xa9, 0xd8, 0x7f, 0x50, 0x82, 0xb1, 0xf4, 0xdd, 0x1d, 0x0f, 0xe0, 0x48, 0xbd, 0x0b, + 0x6a, 0xac, 0x3c, 0x3d, 0xbb, 0x93, 0x94, 0xbb, 0xe4, 0x79, 0x25, 0x70, 0xd9, 0x88, 0x35, 0xfc, + 0x81, 0x28, 0x49, 0x6d, 0xff, 0x5d, 0x0b, 0xce, 0xf2, 0xb7, 0xcc, 0xce, 0xc3, 0xbf, 0x92, 0x37, + 0xba, 0xaf, 0x14, 0xdb, 0xc1, 0x4c, 0x19, 0xc3, 0xfd, 0xc6, 0x97, 0xdd, 0x85, 0x28, 0x7a, 0x9b, + 0x9e, 0x0a, 0x0f, 0x60, 0x67, 0x0f, 0x34, 0x19, 0xec, 0x3f, 0x28, 0x83, 0xbe, 0xfe, 0x11, 0xb9, + 0x22, 0x17, 0xb2, 0x90, 0x72, 0x8e, 0x2b, 0x3b, 0x7e, 0x43, 0x5f, 0x34, 0x59, 0xcd, 0xa4, 0x42, + 0xfe, 0xac, 0x05, 0xc3, 0xae, 0xef, 0x26, 0xae, 0xc3, 0xb6, 0xd1, 0xc5, 0x5c, 0x4d, 0xa7, 0xd8, + 0xcd, 0x73, 0xca, 0x41, 0x64, 0x9e, 0xe3, 0x28, 0x66, 0xd8, 0xe4, 0x8c, 0x3e, 0x22, 0x82, 0xac, + 0xcb, 0x85, 0x65, 0xf1, 0x56, 0x33, 0x91, 0xd5, 0x21, 0x35, 0xbc, 0x92, 0xa8, 0xa0, 0xe4, 0x77, + 0x4c, 0x49, 0xa9, 0xca, 0xc0, 0xfa, 0x22, 0x6e, 0xda, 0x8c, 0x39, 0x23, 0x3b, 0x06, 0xd4, 0x3d, + 0x16, 0x07, 0x0c, 0x60, 0x9d, 0x82, 0x9a, 0xd3, 0x49, 0x82, 0x36, 0x1d, 0x26, 0x71, 0xd4, 0xa4, + 0x43, 0x74, 0x25, 0x00, 0x6b, 0x1c, 0xfb, 0x8d, 0x0a, 0x64, 0x92, 0x13, 0xd1, 0xb6, 0x79, 0x75, + 0xa9, 0x55, 0xec, 0xd5, 0xa5, 0xaa, 0x33, 0x79, 0xd7, 0x97, 0xa2, 0x16, 0x54, 0xc2, 0x0d, 0x27, + 0x96, 0x66, 0xf5, 0x4b, 0x6a, 0x1f, 0x47, 0x1b, 0xef, 0xee, 0x4e, 0xfc, 0x78, 0x7f, 0x5e, 0x57, + 0x3a, 0x57, 0xa7, 0x78, 0x99, 0x13, 0xcd, 0x9a, 0xd1, 0xc0, 0x9c, 0xfe, 0x41, 0x2e, 0xe7, 0xfb, + 0xa4, 0xa8, 0xc3, 0x8f, 0x49, 0xdc, 0xf1, 0x12, 0x31, 0x1b, 0x5e, 0x2a, 0x70, 0x95, 0x71, 0xc2, + 0x3a, 0xad, 0x9e, 0xff, 0xc7, 0x06, 0x53, 0xf4, 0x21, 0xa8, 0xc5, 0x89, 0x13, 0x25, 0x87, 0x4c, + 0x84, 0x55, 0x83, 0xbe, 0x22, 0x89, 0x60, 0x4d, 0x0f, 0xbd, 0xcc, 0xaa, 0xdb, 0xba, 0xf1, 0xc6, + 0x21, 0x73, 0x23, 0x64, 0x25, 0x5c, 0x41, 0x01, 0x1b, 0xd4, 0xd0, 0x05, 0x00, 0x36, 0xb7, 0x79, + 0x40, 0x60, 0x95, 0x79, 0x99, 0x94, 0x28, 0xc4, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0x87, 0x21, 0x5d, + 0x17, 0x02, 0x4d, 0xc8, 0x32, 0x14, 0xdc, 0x0b, 0xcd, 0x72, 0x1c, 0x52, 0x15, 0x23, 0x7e, 0xcd, + 0x02, 0xb3, 0x78, 0x05, 0x7a, 0x8d, 0x57, 0xc9, 0xb0, 0x8a, 0x38, 0x39, 0x34, 0xe8, 0x4e, 0x2e, + 0x3a, 0x61, 0xe6, 0x08, 0x5b, 0x96, 0xca, 0x38, 0xf7, 0x1e, 0xa8, 0x4a, 0xe8, 0x81, 0x8c, 0xba, + 0x8f, 0xc3, 0xe9, 0xec, 0xc5, 0xee, 0xe2, 0xd4, 0x69, 0x7f, 0xd7, 0x8f, 0xf4, 0xe7, 0x94, 0x7a, + 0xf9, 0x73, 0xfa, 0xb8, 0xc0, 0xf6, 0xd7, 0x2d, 0x38, 0xbf, 0xdf, 0xfd, 0xf3, 0xe8, 0x51, 0x18, + 0xb8, 0xed, 0x44, 0xb2, 0xec, 0x38, 0x13, 0x94, 0x37, 0x9d, 0xc8, 0xc7, 0xac, 0x15, 0xed, 0xc0, + 0x20, 0x8f, 0x1a, 0x13, 0xd6, 0xfa, 0x4b, 0xc5, 0xde, 0x86, 0x7f, 0x95, 0x18, 0xdb, 0x05, 0x1e, + 0xb1, 0x86, 0x05, 0x43, 0xfb, 0x3b, 0x16, 0xa0, 0xa5, 0x2d, 0x12, 0x45, 0x6e, 0xd3, 0x88, 0x73, + 0x63, 0xf7, 0xd9, 0x18, 0xf7, 0xd6, 0x98, 0xa9, 0xb0, 0x99, 0xfb, 0x6c, 0x8c, 0x7f, 0xf9, 0xf7, + 0xd9, 0x94, 0x0e, 0x76, 0x9f, 0x0d, 0x5a, 0x82, 0xb3, 0x6d, 0xbe, 0xdd, 0xe0, 0x77, 0x44, 0xf0, + 0xbd, 0x87, 0x4a, 0x3c, 0x7b, 0xe4, 0xce, 0xee, 0xc4, 0xd9, 0xc5, 0x3c, 0x04, 0x9c, 0xff, 0x9c, + 0xfd, 0x1e, 0x40, 0x3c, 0xbc, 0x6d, 0x26, 0x2f, 0x56, 0xa9, 0xa7, 0xfb, 0xc5, 0xfe, 0x6a, 0x05, + 0x4e, 0x64, 0x8a, 0xd2, 0xd2, 0xad, 0x5e, 0x77, 0x70, 0xd4, 0x91, 0xf5, 0x77, 0x77, 0xf7, 0xfa, + 0x0a, 0xb7, 0xf2, 0xa1, 0xe2, 0xfa, 0x61, 0x27, 0x29, 0x26, 0xd7, 0x94, 0x77, 0x62, 0x9e, 0x12, + 0x34, 0xdc, 0xc5, 0xf4, 0x2f, 0xe6, 0x6c, 0x8a, 0x0c, 0xde, 0x4a, 0x19, 0xe3, 0x03, 0xf7, 0xc9, + 0x1d, 0xf0, 0x49, 0x1d, 0x4a, 0x55, 0x29, 0xc2, 0xb1, 0x98, 0x99, 0x2c, 0xc7, 0x7d, 0xd4, 0xfe, + 0xab, 0x25, 0x18, 0x36, 0x3e, 0x1a, 0xfa, 0xc5, 0x74, 0x69, 0x27, 0xab, 0xb8, 0x57, 0x62, 0xf4, + 0x27, 0x75, 0xf1, 0x26, 0xfe, 0x4a, 0x4f, 0x76, 0x57, 0x75, 0xba, 0xbb, 0x3b, 0x71, 0x32, 0x53, + 0xb7, 0x29, 0x55, 0xe9, 0xe9, 0xdc, 0xc7, 0xe0, 0x44, 0x86, 0x4c, 0xce, 0x2b, 0xaf, 0xa6, 0xef, + 0xed, 0x3f, 0xa2, 0x5b, 0xca, 0x1c, 0xb2, 0x6f, 0xd2, 0x21, 0x13, 0xe9, 0x76, 0x81, 0x47, 0xfa, + 0xf0, 0xc1, 0x66, 0xb2, 0x6a, 0x4b, 0x7d, 0x66, 0xd5, 0x3e, 0x05, 0xd5, 0x30, 0xf0, 0xdc, 0x86, + 0xab, 0xea, 0x1f, 0xb2, 0x3c, 0xde, 0x65, 0xd1, 0x86, 0x15, 0x14, 0xdd, 0x86, 0xda, 0xad, 0xdb, + 0x09, 0x3f, 0xfd, 0x11, 0xfe, 0xed, 0xa2, 0x0e, 0x7d, 0x94, 0xd1, 0xa2, 0x8e, 0x97, 0xb0, 0xe6, + 0x85, 0x6c, 0x18, 0x64, 0x4a, 0x50, 0xa6, 0x08, 0x30, 0xdf, 0x3b, 0xd3, 0x8e, 0x31, 0x16, 0x10, + 0xfb, 0x1b, 0x35, 0x38, 0x93, 0x57, 0x19, 0x1c, 0x7d, 0x14, 0x06, 0x79, 0x1f, 0x8b, 0xb9, 0x7c, + 0x22, 0x8f, 0xc7, 0x1c, 0x23, 0x28, 0xba, 0xc5, 0x7e, 0x63, 0xc1, 0x53, 0x70, 0xf7, 0x9c, 0x35, + 0x31, 0x43, 0x8e, 0x87, 0xfb, 0x82, 0xa3, 0xb9, 0x2f, 0x38, 0x9c, 0xbb, 0xe7, 0xac, 0xa1, 0x6d, + 0xa8, 0xb4, 0xdc, 0x84, 0x38, 0xc2, 0x89, 0x70, 0xf3, 0x58, 0x98, 0x13, 0x87, 0x5b, 0x69, 0xec, + 0x27, 0xe6, 0x0c, 0xd1, 0xd7, 0x2d, 0x38, 0xb1, 0x96, 0x4e, 0xa1, 0x17, 0xc2, 0xd3, 0x39, 0x86, + 0xea, 0xef, 0x69, 0x46, 0xfc, 0x42, 0xa7, 0x4c, 0x23, 0xce, 0x76, 0x07, 0x7d, 0xca, 0x82, 0xa1, + 0x75, 0xd7, 0x33, 0x0a, 0xf0, 0x1e, 0xc3, 0xc7, 0xb9, 0xc4, 0x18, 0xe8, 0x1d, 0x07, 0xff, 0x1f, + 0x63, 0xc9, 0xb9, 0x97, 0xa6, 0x1a, 0x3c, 0xaa, 0xa6, 0x1a, 0xba, 0x4f, 0x9a, 0xea, 0xb3, 0x16, + 0xd4, 0xd4, 0x48, 0x8b, 0xb4, 0xe8, 0x0f, 0x1d, 0xe3, 0x27, 0xe7, 0x9e, 0x13, 0xf5, 0x17, 0x6b, + 0xe6, 0xe8, 0x4b, 0x16, 0x0c, 0x3b, 0xaf, 0x77, 0x22, 0xd2, 0x24, 0x5b, 0x41, 0x18, 0x8b, 0xdb, + 0x20, 0x5f, 0x29, 0xbe, 0x33, 0xd3, 0x94, 0xc9, 0x2c, 0xd9, 0x5a, 0x0a, 0x63, 0x91, 0xbe, 0xa4, + 0x1b, 0xb0, 0xd9, 0x05, 0x7b, 0xb7, 0x04, 0x13, 0xfb, 0x50, 0x40, 0x2f, 0xc0, 0x48, 0x10, 0xb5, + 0x1c, 0xdf, 0x7d, 0xdd, 0xac, 0x89, 0xa1, 0xac, 0xac, 0x25, 0x03, 0x86, 0x53, 0x98, 0x66, 0xe2, + 0x76, 0x69, 0x9f, 0xc4, 0xed, 0xf3, 0x30, 0x10, 0x91, 0x30, 0xc8, 0x6e, 0x16, 0x58, 0xea, 0x00, + 0x83, 0xa0, 0xc7, 0xa0, 0xec, 0x84, 0xae, 0x08, 0x44, 0x53, 0x7b, 0xa0, 0xe9, 0xe5, 0x79, 0x4c, + 0xdb, 0x53, 0x75, 0x24, 0x2a, 0xf7, 0xa4, 0x8e, 0x04, 0x55, 0x03, 0xe2, 0xec, 0x62, 0x50, 0xab, + 0x81, 0xf4, 0x99, 0x82, 0xfd, 0x66, 0x19, 0x1e, 0xdb, 0x73, 0xbe, 0xe8, 0x38, 0x3c, 0x6b, 0x8f, + 0x38, 0x3c, 0x39, 0x3c, 0xa5, 0xfd, 0x86, 0xa7, 0xdc, 0x63, 0x78, 0x3e, 0x45, 0x97, 0x81, 0xac, + 0x25, 0x52, 0xcc, 0x7d, 0x7e, 0xbd, 0x4a, 0x93, 0x88, 0x15, 0x20, 0xa1, 0x58, 0xf3, 0xa5, 0x7b, + 0x80, 0x54, 0xd2, 0x72, 0xa5, 0x08, 0x35, 0xd0, 0xb3, 0xb6, 0x08, 0x9f, 0xfb, 0xbd, 0x32, 0xa1, + 0xed, 0x9f, 0x2b, 0xc1, 0x13, 0x7d, 0x48, 0x6f, 0x73, 0x16, 0x5b, 0x7d, 0xce, 0xe2, 0xef, 0xed, + 0xcf, 0x64, 0xff, 0x55, 0x0b, 0xce, 0xf5, 0x56, 0x1e, 0xe8, 0x59, 0x18, 0x5e, 0x8b, 0x1c, 0xbf, + 0xb1, 0xc1, 0xee, 0x28, 0x95, 0x83, 0xc2, 0xc6, 0x5a, 0x37, 0x63, 0x13, 0x87, 0x6e, 0x6f, 0x79, + 0x4c, 0x82, 0x81, 0x21, 0x93, 0x4c, 0xe9, 0xf6, 0x76, 0x35, 0x0b, 0xc4, 0xdd, 0xf8, 0xf6, 0x9f, + 0x95, 0xf2, 0xbb, 0xc5, 0x8d, 0x8c, 0x83, 0x7c, 0x27, 0xf1, 0x15, 0x4a, 0x7d, 0xc8, 0x92, 0xf2, + 0xbd, 0x96, 0x25, 0x03, 0xbd, 0x64, 0x09, 0x9a, 0x85, 0x93, 0xc6, 0x25, 0x32, 0x3c, 0x71, 0x98, + 0x07, 0xdc, 0xaa, 0x6a, 0x1a, 0xcb, 0x19, 0x38, 0xee, 0x7a, 0x02, 0x3d, 0x0d, 0x55, 0xd7, 0x8f, + 0x49, 0xa3, 0x13, 0xf1, 0x40, 0x6f, 0x23, 0x59, 0x6b, 0x5e, 0xb4, 0x63, 0x85, 0x61, 0xff, 0x52, + 0x09, 0x1e, 0xe9, 0x69, 0x67, 0xdd, 0x23, 0xd9, 0x65, 0x7e, 0x8e, 0x81, 0x7b, 0xf3, 0x39, 0xcc, + 0x41, 0xaa, 0xec, 0x3b, 0x48, 0x7f, 0xd8, 0x7b, 0x62, 0x52, 0x9b, 0xfb, 0xfb, 0x76, 0x94, 0x5e, + 0x84, 0x51, 0x27, 0x0c, 0x39, 0x1e, 0x8b, 0xd7, 0xcc, 0x54, 0xd3, 0x99, 0x36, 0x81, 0x38, 0x8d, + 0xdb, 0x97, 0xf6, 0xfc, 0x63, 0x0b, 0x6a, 0x98, 0xac, 0x73, 0xe9, 0x80, 0x6e, 0x89, 0x21, 0xb2, + 0x8a, 0xa8, 0xbb, 0x49, 0x07, 0x36, 0x76, 0x59, 0x3d, 0xca, 0xbc, 0xc1, 0xee, 0xbe, 0xe4, 0xa7, + 0x74, 0xa0, 0x4b, 0x7e, 0xd4, 0x35, 0x2f, 0xe5, 0xde, 0xd7, 0xbc, 0xd8, 0xdf, 0x1c, 0xa2, 0xaf, + 0x17, 0x06, 0x33, 0x11, 0x69, 0xc6, 0xf4, 0xfb, 0x76, 0x22, 0x4f, 0x4c, 0x12, 0xf5, 0x7d, 0xaf, + 0xe3, 0x05, 0x4c, 0xdb, 0x53, 0x47, 0x31, 0xa5, 0x03, 0xd5, 0x12, 0x29, 0xef, 0x5b, 0x4b, 0xe4, + 0x45, 0x18, 0x8d, 0xe3, 0x8d, 0xe5, 0xc8, 0xdd, 0x72, 0x12, 0x72, 0x95, 0xec, 0x08, 0x2b, 0x4b, + 0xe7, 0xff, 0xaf, 0x5c, 0xd6, 0x40, 0x9c, 0xc6, 0x45, 0x73, 0x70, 0x4a, 0x57, 0xf4, 0x20, 0x51, + 0xc2, 0xa2, 0xfb, 0xf9, 0x4c, 0x50, 0xc9, 0xbe, 0xba, 0x06, 0x88, 0x40, 0xc0, 0xdd, 0xcf, 0x50, + 0xf9, 0x96, 0x6a, 0xa4, 0x1d, 0x19, 0x4c, 0xcb, 0xb7, 0x14, 0x1d, 0xda, 0x97, 0xae, 0x27, 0xd0, + 0x22, 0x9c, 0xe6, 0x13, 0x63, 0x3a, 0x0c, 0x8d, 0x37, 0x1a, 0x4a, 0xd7, 0x3b, 0x9c, 0xeb, 0x46, + 0xc1, 0x79, 0xcf, 0xa1, 0xe7, 0x61, 0x58, 0x35, 0xcf, 0xcf, 0x8a, 0x53, 0x04, 0xe5, 0xc5, 0x50, + 0x64, 0xe6, 0x9b, 0xd8, 0xc4, 0x43, 0x1f, 0x84, 0x87, 0xf5, 0x5f, 0x9e, 0x02, 0xc6, 0x8f, 0xd6, + 0x66, 0x45, 0xb1, 0x24, 0x75, 0xa9, 0xc8, 0x5c, 0x2e, 0x5a, 0x13, 0xf7, 0x7a, 0x1e, 0xad, 0xc1, + 0x39, 0x05, 0xba, 0xe8, 0x27, 0x2c, 0x9f, 0x23, 0x26, 0x75, 0x27, 0x26, 0xd7, 0x23, 0x4f, 0x5c, + 0x4e, 0xab, 0xee, 0x9d, 0x9c, 0x73, 0x93, 0xcb, 0x79, 0x98, 0x78, 0x01, 0xef, 0x41, 0x05, 0x4d, + 0x41, 0x8d, 0xf8, 0xce, 0x9a, 0x47, 0x96, 0x66, 0xe6, 0x59, 0xd1, 0x25, 0xe3, 0x24, 0xef, 0xa2, + 0x04, 0x60, 0x8d, 0xa3, 0x22, 0x4c, 0x47, 0x7a, 0xde, 0x81, 0xba, 0x0c, 0x67, 0x5a, 0x8d, 0x90, + 0xda, 0x1e, 0x6e, 0x83, 0x4c, 0x37, 0x58, 0x40, 0x1d, 0xfd, 0x30, 0xbc, 0x10, 0xa5, 0x0a, 0x9f, + 0x9e, 0x9b, 0x59, 0xee, 0xc2, 0xc1, 0xb9, 0x4f, 0xb2, 0xc0, 0xcb, 0x28, 0xd8, 0xde, 0x19, 0x3f, + 0x9d, 0x09, 0xbc, 0xa4, 0x8d, 0x98, 0xc3, 0xd0, 0x15, 0x40, 0x2c, 0x16, 0xff, 0x72, 0x92, 0x84, + 0xca, 0xd8, 0x19, 0x3f, 0xc3, 0x5e, 0x49, 0x85, 0x91, 0x5d, 0xea, 0xc2, 0xc0, 0x39, 0x4f, 0xd9, + 0xff, 0xc1, 0x82, 0x51, 0xb5, 0x5e, 0xef, 0x41, 0x36, 0x8a, 0x97, 0xce, 0x46, 0x99, 0x3b, 0xba, + 0xc4, 0x63, 0x3d, 0xef, 0x11, 0xd2, 0xfc, 0x99, 0x61, 0x00, 0x2d, 0x15, 0x95, 0x42, 0xb2, 0x7a, + 0x2a, 0xa4, 0x07, 0x56, 0x22, 0xe5, 0x55, 0x58, 0xa9, 0xdc, 0xdf, 0x0a, 0x2b, 0x2b, 0x70, 0x56, + 0x9a, 0x0b, 0xfc, 0xac, 0xe8, 0x72, 0x10, 0x2b, 0x01, 0x57, 0xad, 0x3f, 0x26, 0x08, 0x9d, 0x9d, + 0xcf, 0x43, 0xc2, 0xf9, 0xcf, 0xa6, 0xac, 0x94, 0xa1, 0xfd, 0xac, 0x14, 0xbd, 0xa6, 0x17, 0xd6, + 0xe5, 0xed, 0x21, 0x99, 0x35, 0xbd, 0x70, 0x69, 0x05, 0x6b, 0x9c, 0x7c, 0xc1, 0x5e, 0x2b, 0x48, + 0xb0, 0xc3, 0x81, 0x05, 0xbb, 0x14, 0x31, 0xc3, 0x3d, 0x45, 0x8c, 0xf4, 0x49, 0x8f, 0xf4, 0xf4, + 0x49, 0xbf, 0x0f, 0xc6, 0x5c, 0x7f, 0x83, 0x44, 0x6e, 0x42, 0x9a, 0x6c, 0x2d, 0x30, 0xf1, 0x53, + 0xd5, 0x6a, 0x7d, 0x3e, 0x05, 0xc5, 0x19, 0xec, 0xb4, 0x5c, 0x1c, 0xeb, 0x43, 0x2e, 0xf6, 0xd0, + 0x46, 0x27, 0x8a, 0xd1, 0x46, 0x27, 0x8f, 0xae, 0x8d, 0x4e, 0x1d, 0xab, 0x36, 0x42, 0x85, 0x68, + 0xa3, 0xbe, 0x04, 0xbd, 0xb1, 0xfd, 0x3b, 0xb3, 0xcf, 0xf6, 0xaf, 0x97, 0x2a, 0x3a, 0x7b, 0x68, + 0x55, 0x94, 0xaf, 0x65, 0x1e, 0x3a, 0x94, 0x96, 0xf9, 0x6c, 0x09, 0xce, 0x6a, 0x39, 0x4c, 0x67, + 0xbf, 0xbb, 0x4e, 0x25, 0x11, 0xbb, 0x80, 0x8a, 0x9f, 0xdb, 0x18, 0xc9, 0x51, 0x3a, 0xcf, 0x4a, + 0x41, 0xb0, 0x81, 0xc5, 0x72, 0x8c, 0x48, 0xc4, 0xca, 0xed, 0x66, 0x85, 0xf4, 0x8c, 0x68, 0xc7, + 0x0a, 0x83, 0xce, 0x2f, 0xfa, 0x5b, 0xe4, 0x6d, 0x66, 0x8b, 0xca, 0xcd, 0x68, 0x10, 0x36, 0xf1, + 0xd0, 0x53, 0x9c, 0x09, 0x13, 0x10, 0x54, 0x50, 0x8f, 0x88, 0x9b, 0x71, 0xa5, 0x4c, 0x50, 0x50, + 0xd9, 0x1d, 0x96, 0x4c, 0x56, 0xe9, 0xee, 0x0e, 0x0b, 0x81, 0x52, 0x18, 0xf6, 0xff, 0xb4, 0xe0, + 0x91, 0xdc, 0xa1, 0xb8, 0x07, 0xca, 0x77, 0x3b, 0xad, 0x7c, 0x57, 0x8a, 0xda, 0x6e, 0x18, 0x6f, + 0xd1, 0x43, 0x11, 0xff, 0x3b, 0x0b, 0xc6, 0x34, 0xfe, 0x3d, 0x78, 0x55, 0x37, 0xfd, 0xaa, 0xc5, + 0xed, 0xac, 0x6a, 0x5d, 0xef, 0xf6, 0xdb, 0x25, 0x50, 0x85, 0x1e, 0xa7, 0x1b, 0xb2, 0x8c, 0xee, + 0x3e, 0x27, 0x89, 0x3b, 0x30, 0xc8, 0x0e, 0x42, 0xe3, 0x62, 0x82, 0x3c, 0xd2, 0xfc, 0xd9, 0xa1, + 0xaa, 0x3e, 0x64, 0x66, 0x7f, 0x63, 0x2c, 0x18, 0xb2, 0x62, 0xd0, 0x6e, 0x4c, 0xa5, 0x79, 0x53, + 0xa4, 0x65, 0xe9, 0x62, 0xd0, 0xa2, 0x1d, 0x2b, 0x0c, 0xaa, 0x1e, 0xdc, 0x46, 0xe0, 0xcf, 0x78, + 0x4e, 0x2c, 0x6f, 0x5d, 0x54, 0xea, 0x61, 0x5e, 0x02, 0xb0, 0xc6, 0x61, 0x67, 0xa4, 0x6e, 0x1c, + 0x7a, 0xce, 0x8e, 0xb1, 0x7f, 0x36, 0xea, 0x13, 0x28, 0x10, 0x36, 0xf1, 0xec, 0x36, 0x8c, 0xa7, + 0x5f, 0x62, 0x96, 0xac, 0xb3, 0x00, 0xc5, 0xbe, 0x86, 0x73, 0x0a, 0x6a, 0x0e, 0x7b, 0x6a, 0xa1, + 0xe3, 0x64, 0x2f, 0x6d, 0x9f, 0x96, 0x00, 0xac, 0x71, 0xec, 0x5f, 0xb1, 0xe0, 0x74, 0xce, 0xa0, + 0x15, 0x98, 0xf6, 0x96, 0x68, 0x69, 0x93, 0xa7, 0xd8, 0xdf, 0x09, 0x43, 0x4d, 0xb2, 0xee, 0xc8, + 0x10, 0x38, 0x43, 0xb6, 0xcf, 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0x7f, 0xb7, 0xe0, 0x44, 0xba, 0xaf, + 0x31, 0x4b, 0x25, 0xe1, 0xc3, 0xe4, 0xc6, 0x8d, 0x60, 0x8b, 0x44, 0x3b, 0xf4, 0xcd, 0xad, 0x4c, + 0x2a, 0x49, 0x17, 0x06, 0xce, 0x79, 0x8a, 0x95, 0x79, 0x6d, 0xaa, 0xd1, 0x96, 0x33, 0xf2, 0x46, + 0x91, 0x33, 0x52, 0x7f, 0x4c, 0xf3, 0xb8, 0x5c, 0xb1, 0xc4, 0x26, 0x7f, 0xfb, 0x3b, 0x03, 0xa0, + 0xf2, 0x62, 0x59, 0xfc, 0x51, 0x41, 0xd1, 0x5b, 0x07, 0xcd, 0x20, 0x52, 0x93, 0x61, 0x60, 0xaf, + 0x80, 0x00, 0xee, 0x25, 0x31, 0x5d, 0x97, 0xea, 0x0d, 0x57, 0x35, 0x08, 0x9b, 0x78, 0xb4, 0x27, + 0x9e, 0xbb, 0x45, 0xf8, 0x43, 0x83, 0xe9, 0x9e, 0x2c, 0x48, 0x00, 0xd6, 0x38, 0xb4, 0x27, 0x4d, + 0x77, 0x7d, 0x5d, 0x6c, 0xf9, 0x55, 0x4f, 0xe8, 0xe8, 0x60, 0x06, 0xe1, 0x95, 0xbb, 0x83, 0x4d, + 0x61, 0x05, 0x1b, 0x95, 0xbb, 0x83, 0x4d, 0xcc, 0x20, 0xd4, 0x6e, 0xf3, 0x83, 0xa8, 0xcd, 0x2e, + 0xd5, 0x6f, 0x2a, 0x2e, 0xc2, 0xfa, 0x55, 0x76, 0xdb, 0xb5, 0x6e, 0x14, 0x9c, 0xf7, 0x1c, 0x9d, + 0x81, 0x61, 0x44, 0x9a, 0x6e, 0x23, 0x31, 0xa9, 0x41, 0x7a, 0x06, 0x2e, 0x77, 0x61, 0xe0, 0x9c, + 0xa7, 0xd0, 0x34, 0x9c, 0x90, 0x79, 0xcd, 0xb2, 0x6a, 0xcd, 0x70, 0xba, 0x4a, 0x06, 0x4e, 0x83, + 0x71, 0x16, 0x9f, 0x4a, 0xb5, 0xb6, 0x28, 0x6c, 0xc5, 0x8c, 0x65, 0x43, 0xaa, 0xc9, 0x82, 0x57, + 0x58, 0x61, 0xd8, 0x9f, 0x2c, 0x53, 0x2d, 0xdc, 0xa3, 0xa0, 0xdb, 0x3d, 0x8b, 0x16, 0x4c, 0xcf, + 0xc8, 0x81, 0x3e, 0x66, 0xe4, 0x73, 0x30, 0x72, 0x2b, 0x0e, 0x7c, 0x15, 0x89, 0x57, 0xe9, 0x19, + 0x89, 0x67, 0x60, 0xe5, 0x47, 0xe2, 0x0d, 0x16, 0x15, 0x89, 0x37, 0x74, 0xc8, 0x48, 0xbc, 0xdf, + 0xa9, 0x80, 0xba, 0x42, 0xe4, 0x1a, 0x49, 0x6e, 0x07, 0xd1, 0xa6, 0xeb, 0xb7, 0x58, 0x3e, 0xf8, + 0xd7, 0x2d, 0x18, 0xe1, 0xeb, 0x65, 0xc1, 0xcc, 0xa4, 0x5a, 0x2f, 0xe8, 0x6e, 0x8a, 0x14, 0xb3, + 0xc9, 0x55, 0x83, 0x51, 0xe6, 0xd2, 0x4f, 0x13, 0x84, 0x53, 0x3d, 0x42, 0x1f, 0x03, 0x90, 0xfe, + 0xd1, 0x75, 0x29, 0x32, 0xe7, 0x8b, 0xe9, 0x1f, 0x26, 0xeb, 0xda, 0x06, 0x5e, 0x55, 0x4c, 0xb0, + 0xc1, 0x10, 0x7d, 0x56, 0x67, 0x99, 0xf1, 0x90, 0xfd, 0x8f, 0x1c, 0xcb, 0xd8, 0xf4, 0x93, 0x63, + 0x86, 0x61, 0xc8, 0xf5, 0x5b, 0x74, 0x9e, 0x88, 0x88, 0xa5, 0x77, 0xe4, 0xd5, 0x52, 0x58, 0x08, + 0x9c, 0x66, 0xdd, 0xf1, 0x1c, 0xbf, 0x41, 0xa2, 0x79, 0x8e, 0x6e, 0x5e, 0x75, 0xcd, 0x1a, 0xb0, + 0x24, 0xd4, 0x75, 0xf9, 0x4a, 0xa5, 0x9f, 0xcb, 0x57, 0xce, 0xbd, 0x1f, 0x4e, 0x75, 0x7d, 0xcc, + 0x03, 0xa5, 0x94, 0x1d, 0x3e, 0x1b, 0xcd, 0xfe, 0xe7, 0x83, 0x5a, 0x69, 0x5d, 0x0b, 0x9a, 0xfc, + 0x0a, 0x90, 0x48, 0x7f, 0x51, 0x61, 0xe3, 0x16, 0x38, 0x45, 0x8c, 0xeb, 0xb2, 0x55, 0x23, 0x36, + 0x59, 0xd2, 0x39, 0x1a, 0x3a, 0x11, 0xf1, 0x8f, 0x7b, 0x8e, 0x2e, 0x2b, 0x26, 0xd8, 0x60, 0x88, + 0x36, 0x52, 0x39, 0x25, 0x97, 0x8e, 0x9e, 0x53, 0xc2, 0xaa, 0x4c, 0xe5, 0x55, 0xed, 0xff, 0x92, + 0x05, 0x63, 0x7e, 0x6a, 0xe6, 0x16, 0x13, 0x46, 0x9a, 0xbf, 0x2a, 0xf8, 0x0d, 0x54, 0xe9, 0x36, + 0x9c, 0xe1, 0x9f, 0xa7, 0xd2, 0x2a, 0x07, 0x54, 0x69, 0xfa, 0x2e, 0xa1, 0xc1, 0x5e, 0x77, 0x09, + 0x21, 0x5f, 0x5d, 0xa6, 0x36, 0x54, 0xf8, 0x65, 0x6a, 0x90, 0x73, 0x91, 0xda, 0x4d, 0xa8, 0x35, + 0x22, 0xe2, 0x24, 0x87, 0xbc, 0x57, 0x8b, 0x1d, 0xd0, 0xcf, 0x48, 0x02, 0x58, 0xd3, 0xb2, 0xff, + 0xcf, 0x00, 0x9c, 0x94, 0x23, 0x22, 0x43, 0xd0, 0xa9, 0x7e, 0xe4, 0x7c, 0xb5, 0x71, 0xab, 0xf4, + 0xe3, 0x65, 0x09, 0xc0, 0x1a, 0x87, 0xda, 0x63, 0x9d, 0x98, 0x2c, 0x85, 0xc4, 0x5f, 0x70, 0xd7, + 0x62, 0x71, 0xce, 0xa9, 0x16, 0xca, 0x75, 0x0d, 0xc2, 0x26, 0x1e, 0x35, 0xc6, 0xb9, 0x5d, 0x1c, + 0x67, 0xd3, 0x57, 0x84, 0xbd, 0x8d, 0x25, 0x1c, 0xfd, 0x7c, 0x6e, 0x85, 0xd9, 0x62, 0x12, 0xb7, + 0xba, 0x22, 0xef, 0x0f, 0x78, 0x15, 0xe3, 0xdf, 0xb2, 0xe0, 0x2c, 0x6f, 0x95, 0x23, 0x79, 0x3d, + 0x6c, 0x3a, 0x09, 0x89, 0x8b, 0xa9, 0xf8, 0x9e, 0xd3, 0x3f, 0xed, 0xe4, 0xcd, 0x63, 0x8b, 0xf3, + 0x7b, 0x83, 0xde, 0xb0, 0xe0, 0xc4, 0x66, 0xaa, 0xe6, 0x87, 0x54, 0x1d, 0x47, 0x4d, 0xc7, 0x4f, + 0x11, 0xd5, 0x4b, 0x2d, 0xdd, 0x1e, 0xe3, 0x2c, 0x77, 0xfb, 0xcf, 0x2c, 0x30, 0xc5, 0xe8, 0xbd, + 0x2f, 0x15, 0x72, 0x70, 0x53, 0x50, 0x5a, 0x97, 0x95, 0x9e, 0xd6, 0xe5, 0x63, 0x50, 0xee, 0xb8, + 0x4d, 0xb1, 0xbf, 0xd0, 0xa7, 0xaf, 0xf3, 0xb3, 0x98, 0xb6, 0xdb, 0xff, 0xa4, 0xa2, 0xfd, 0x16, + 0x22, 0x2f, 0xea, 0xfb, 0xe2, 0xb5, 0xd7, 0x55, 0xb1, 0x31, 0xfe, 0xe6, 0xd7, 0xba, 0x8a, 0x8d, + 0xfd, 0xe8, 0xc1, 0xd3, 0xde, 0xf8, 0x00, 0xf5, 0xaa, 0x35, 0x36, 0xb4, 0x4f, 0xce, 0xdb, 0x2d, + 0xa8, 0xd2, 0x2d, 0x18, 0x73, 0x40, 0x56, 0x53, 0x9d, 0xaa, 0x5e, 0x16, 0xed, 0x77, 0x77, 0x27, + 0xde, 0x7b, 0xf0, 0x6e, 0xc9, 0xa7, 0xb1, 0xa2, 0x8f, 0x62, 0xa8, 0xd1, 0xdf, 0x2c, 0x3d, 0x4f, + 0x6c, 0xee, 0xae, 0x2b, 0x99, 0x29, 0x01, 0x85, 0xe4, 0xfe, 0x69, 0x3e, 0xc8, 0x87, 0x1a, 0xbb, + 0xb5, 0x96, 0x31, 0xe5, 0x7b, 0xc0, 0x65, 0x95, 0x24, 0x27, 0x01, 0x77, 0x77, 0x27, 0x5e, 0x3c, + 0x38, 0x53, 0xf5, 0x38, 0xd6, 0x2c, 0xec, 0x2f, 0x0f, 0xe8, 0xb9, 0x2b, 0x6a, 0xcc, 0x7d, 0x5f, + 0xcc, 0xdd, 0x17, 0x32, 0x73, 0xf7, 0x7c, 0xd7, 0xdc, 0x1d, 0xd3, 0xb7, 0xab, 0xa6, 0x66, 0xe3, + 0xbd, 0x36, 0x04, 0xf6, 0xf7, 0x37, 0x30, 0x0b, 0xe8, 0xb5, 0x8e, 0x1b, 0x91, 0x78, 0x39, 0xea, + 0xf8, 0xae, 0xdf, 0x62, 0xd3, 0xb1, 0x6a, 0x5a, 0x40, 0x29, 0x30, 0xce, 0xe2, 0xd3, 0x4d, 0x3d, + 0xfd, 0xe6, 0x37, 0x9d, 0x2d, 0x3e, 0xab, 0x8c, 0xb2, 0x5b, 0x2b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, + 0x9b, 0xec, 0x2c, 0xdb, 0xc8, 0x0b, 0xa6, 0x73, 0xc2, 0x63, 0xd7, 0x04, 0xf3, 0x9a, 0x5d, 0x6a, + 0x4e, 0xf0, 0xbb, 0x81, 0x39, 0x0c, 0xdd, 0x86, 0xa1, 0x35, 0x7e, 0x4f, 0x5e, 0x31, 0x75, 0xcc, + 0xc5, 0xa5, 0x7b, 0xec, 0x36, 0x14, 0x79, 0x03, 0xdf, 0x5d, 0xfd, 0x13, 0x4b, 0x6e, 0xf6, 0xef, + 0x57, 0xe0, 0x44, 0xe6, 0x22, 0xd9, 0x54, 0xb5, 0xd4, 0xd2, 0xbe, 0xd5, 0x52, 0x3f, 0x0c, 0xd0, + 0x24, 0xa1, 0x17, 0xec, 0x30, 0x73, 0x6c, 0xe0, 0xc0, 0xe6, 0x98, 0xb2, 0xe0, 0x67, 0x15, 0x15, + 0x6c, 0x50, 0x14, 0x85, 0xca, 0x78, 0xf1, 0xd5, 0x4c, 0xa1, 0x32, 0xe3, 0xb6, 0x83, 0xc1, 0x7b, + 0x7b, 0xdb, 0x81, 0x0b, 0x27, 0x78, 0x17, 0x55, 0xf6, 0xed, 0x21, 0x92, 0x6c, 0x59, 0xfe, 0xc2, + 0x6c, 0x9a, 0x0c, 0xce, 0xd2, 0xbd, 0x9f, 0xf7, 0x44, 0xa3, 0x77, 0x41, 0x4d, 0x7e, 0xe7, 0x78, + 0xbc, 0xa6, 0x2b, 0x18, 0xc8, 0x69, 0xc0, 0xee, 0x6f, 0x16, 0x3f, 0xbb, 0x0a, 0x09, 0xc0, 0xfd, + 0x2a, 0x24, 0x60, 0x7f, 0xb1, 0x44, 0xed, 0x78, 0xde, 0x2f, 0x55, 0x13, 0xe7, 0x49, 0x18, 0x74, + 0x3a, 0xc9, 0x46, 0xd0, 0x75, 0xeb, 0xdf, 0x34, 0x6b, 0xc5, 0x02, 0x8a, 0x16, 0x60, 0xa0, 0xa9, + 0xeb, 0x9c, 0x1c, 0xe4, 0x7b, 0x6a, 0x97, 0xa8, 0x93, 0x10, 0xcc, 0xa8, 0xa0, 0x47, 0x61, 0x20, + 0x71, 0x5a, 0x32, 0xe5, 0x8a, 0xa5, 0xd9, 0xae, 0x3a, 0xad, 0x18, 0xb3, 0x56, 0x53, 0x7d, 0x0f, + 0xec, 0xa3, 0xbe, 0x5f, 0x84, 0xd1, 0xd8, 0x6d, 0xf9, 0x4e, 0xd2, 0x89, 0x88, 0x71, 0xcc, 0xa7, + 0x23, 0x37, 0x4c, 0x20, 0x4e, 0xe3, 0xda, 0xbf, 0x31, 0x02, 0x67, 0x56, 0x66, 0x16, 0x65, 0xf5, + 0xee, 0x63, 0xcb, 0x9a, 0xca, 0xe3, 0x71, 0xef, 0xb2, 0xa6, 0x7a, 0x70, 0xf7, 0x8c, 0xac, 0x29, + 0xcf, 0xc8, 0x9a, 0x4a, 0xa7, 0xb0, 0x94, 0x8b, 0x48, 0x61, 0xc9, 0xeb, 0x41, 0x3f, 0x29, 0x2c, + 0xc7, 0x96, 0x46, 0xb5, 0x67, 0x87, 0x0e, 0x94, 0x46, 0xa5, 0x72, 0xcc, 0x0a, 0x49, 0x2e, 0xe8, + 0xf1, 0xa9, 0x72, 0x73, 0xcc, 0x54, 0x7e, 0x0f, 0x4f, 0x9c, 0x11, 0xa2, 0xfe, 0x95, 0xe2, 0x3b, + 0xd0, 0x47, 0x7e, 0x8f, 0xc8, 0xdd, 0x31, 0x73, 0xca, 0x86, 0x8a, 0xc8, 0x29, 0xcb, 0xeb, 0xce, + 0xbe, 0x39, 0x65, 0x2f, 0xc2, 0x68, 0xc3, 0x0b, 0x7c, 0xb2, 0x1c, 0x05, 0x49, 0xd0, 0x08, 0x3c, + 0x61, 0xd6, 0x2b, 0x91, 0x30, 0x63, 0x02, 0x71, 0x1a, 0xb7, 0x57, 0x42, 0x5a, 0xed, 0xa8, 0x09, + 0x69, 0x70, 0x9f, 0x12, 0xd2, 0x7e, 0x46, 0xa7, 0x4e, 0x0f, 0xb3, 0x2f, 0xf2, 0xe1, 0xe2, 0xbf, + 0x48, 0x3f, 0xf9, 0xd3, 0xe8, 0x4d, 0x7e, 0xed, 0x1e, 0x35, 0x8c, 0x67, 0x82, 0x36, 0x35, 0xfc, + 0x46, 0xd8, 0x90, 0xbc, 0x7a, 0x0c, 0x13, 0xf6, 0xe6, 0x8a, 0x66, 0xa3, 0xae, 0xe2, 0xd3, 0x4d, + 0x38, 0xdd, 0x91, 0xa3, 0xa4, 0x76, 0x7f, 0xb5, 0x04, 0x3f, 0xb0, 0x6f, 0x17, 0xd0, 0x6d, 0x80, + 0xc4, 0x69, 0x89, 0x89, 0x2a, 0x0e, 0x4c, 0x8e, 0x18, 0x5e, 0xb9, 0x2a, 0xe9, 0xf1, 0x9a, 0x24, + 0xea, 0x2f, 0x3b, 0x8a, 0x90, 0xbf, 0x59, 0x54, 0x65, 0xe0, 0x75, 0x95, 0x6e, 0xc4, 0x81, 0x47, + 0x30, 0x83, 0x50, 0xf5, 0x1f, 0x91, 0x96, 0xbe, 0x27, 0x5a, 0x7d, 0x3e, 0xcc, 0x5a, 0xb1, 0x80, + 0xa2, 0xe7, 0x61, 0xd8, 0xf1, 0x3c, 0x9e, 0x1f, 0x43, 0x62, 0x71, 0xef, 0x8e, 0xae, 0x21, 0xa7, + 0x41, 0xd8, 0xc4, 0xb3, 0xff, 0xb4, 0x04, 0x13, 0xfb, 0xc8, 0x94, 0xae, 0x8c, 0xbf, 0x4a, 0xdf, + 0x19, 0x7f, 0x22, 0x47, 0x61, 0xb0, 0x47, 0x8e, 0xc2, 0xf3, 0x30, 0x9c, 0x10, 0xa7, 0x2d, 0x02, + 0xb2, 0x84, 0x27, 0x40, 0x9f, 0x00, 0x6b, 0x10, 0x36, 0xf1, 0xa8, 0x14, 0x1b, 0x73, 0x1a, 0x0d, + 0x12, 0xc7, 0x32, 0x09, 0x41, 0x78, 0x53, 0x0b, 0xcb, 0x70, 0x60, 0x4e, 0xea, 0xe9, 0x14, 0x0b, + 0x9c, 0x61, 0x99, 0x1d, 0xf0, 0x5a, 0x9f, 0x03, 0xfe, 0x8d, 0x12, 0x3c, 0xb6, 0xa7, 0x76, 0xeb, + 0x3b, 0x3f, 0xa4, 0x13, 0x93, 0x28, 0x3b, 0x71, 0xae, 0xc7, 0x24, 0xc2, 0x0c, 0xc2, 0x47, 0x29, + 0x0c, 0x8d, 0x7b, 0xb8, 0x8b, 0x4e, 0x5e, 0xe2, 0xa3, 0x94, 0x62, 0x81, 0x33, 0x2c, 0x0f, 0x3b, + 0x2d, 0xff, 0x5e, 0x09, 0x9e, 0xe8, 0xc3, 0x06, 0x28, 0x30, 0xc9, 0x2b, 0x9d, 0x6a, 0x57, 0xbe, + 0x4f, 0x19, 0x91, 0x87, 0x1c, 0xae, 0x6f, 0x96, 0xe0, 0x5c, 0x6f, 0x55, 0x8c, 0x7e, 0x0c, 0x4e, + 0x44, 0x2a, 0x0a, 0xcb, 0xcc, 0xd2, 0x3b, 0xcd, 0x3d, 0x09, 0x29, 0x10, 0xce, 0xe2, 0xa2, 0x49, + 0x80, 0xd0, 0x49, 0x36, 0xe2, 0x8b, 0xdb, 0x6e, 0x9c, 0x88, 0x2a, 0x34, 0x63, 0xfc, 0xec, 0x4a, + 0xb6, 0x62, 0x03, 0x83, 0xb2, 0x63, 0xff, 0x66, 0x83, 0x6b, 0x41, 0xc2, 0x1f, 0xe2, 0xdb, 0x88, + 0xd3, 0xf2, 0xce, 0x0e, 0x03, 0x84, 0xb3, 0xb8, 0x94, 0x1d, 0x3b, 0x1d, 0xe5, 0x1d, 0xe5, 0xfb, + 0x0b, 0xc6, 0x6e, 0x41, 0xb5, 0x62, 0x03, 0x23, 0x9b, 0x7f, 0x58, 0xd9, 0x3f, 0xff, 0xd0, 0xfe, + 0xc7, 0x25, 0x78, 0xa4, 0xa7, 0x29, 0xd7, 0xdf, 0x02, 0x7c, 0xf0, 0x72, 0x06, 0x0f, 0x37, 0x77, + 0x0e, 0x98, 0xdb, 0xf6, 0xc7, 0x3d, 0x66, 0x9a, 0xc8, 0x6d, 0x3b, 0x7c, 0x72, 0xf8, 0x83, 0x37, + 0x9e, 0x5d, 0xe9, 0x6c, 0x03, 0x07, 0x48, 0x67, 0xcb, 0x7c, 0x8c, 0x4a, 0x9f, 0x0b, 0xf9, 0xcf, + 0xcb, 0x3d, 0x87, 0x97, 0x6e, 0xfd, 0xfa, 0xf2, 0xd3, 0xce, 0xc2, 0x49, 0xd7, 0x67, 0xf7, 0x37, + 0xad, 0x74, 0xd6, 0x44, 0x61, 0x92, 0x52, 0xfa, 0x96, 0xf5, 0xf9, 0x0c, 0x1c, 0x77, 0x3d, 0xf1, + 0x00, 0xa6, 0x17, 0x1e, 0x6e, 0x48, 0x0f, 0x96, 0xe0, 0x8a, 0x96, 0xe0, 0xac, 0x1c, 0x8a, 0x0d, + 0x27, 0x22, 0x4d, 0xa1, 0x46, 0x62, 0x91, 0x50, 0xf1, 0x08, 0x4f, 0xca, 0xc8, 0x41, 0xc0, 0xf9, + 0xcf, 0xb1, 0x2b, 0x73, 0x82, 0xd0, 0x6d, 0x88, 0x4d, 0x8e, 0xbe, 0x32, 0x87, 0x36, 0x62, 0x0e, + 0xb3, 0x3f, 0x0c, 0x35, 0xf5, 0xfe, 0x3c, 0xac, 0x5b, 0x4d, 0xba, 0xae, 0xb0, 0x6e, 0x35, 0xe3, + 0x0c, 0x2c, 0xfa, 0xb5, 0xa8, 0x49, 0x9c, 0x59, 0x3d, 0x57, 0xc9, 0x0e, 0xb3, 0x8f, 0xed, 0x77, + 0xc3, 0x88, 0xf2, 0xb3, 0xf4, 0x7b, 0x91, 0x90, 0xfd, 0xe5, 0x41, 0x18, 0x4d, 0x15, 0x07, 0x4c, + 0x39, 0x58, 0xad, 0x7d, 0x1d, 0xac, 0x2c, 0x4c, 0xbf, 0xe3, 0xcb, 0x5b, 0xc6, 0x8c, 0x30, 0xfd, + 0x8e, 0x4f, 0x30, 0x87, 0x51, 0xf3, 0xb6, 0x19, 0xed, 0xe0, 0x8e, 0x2f, 0xc2, 0x69, 0x95, 0x79, + 0x3b, 0xcb, 0x5a, 0xb1, 0x80, 0xa2, 0x4f, 0x58, 0x30, 0x12, 0x33, 0xef, 0x3d, 0x77, 0x4f, 0x8b, + 0x49, 0x77, 0xe5, 0xe8, 0xb5, 0x0f, 0x55, 0x21, 0x4c, 0x16, 0x21, 0x63, 0xb6, 0xe0, 0x14, 0x47, + 0xf4, 0x69, 0x0b, 0x6a, 0xea, 0x32, 0x14, 0x71, 0x65, 0xe0, 0x4a, 0xb1, 0xb5, 0x17, 0xb9, 0x5f, + 0x53, 0x1d, 0x84, 0xa8, 0x22, 0x78, 0x58, 0x33, 0x46, 0xb1, 0xf2, 0x1d, 0x0f, 0x1d, 0x8f, 0xef, + 0x18, 0x72, 0xfc, 0xc6, 0xef, 0x82, 0x5a, 0xdb, 0xf1, 0xdd, 0x75, 0x12, 0x27, 0xdc, 0x9d, 0x2b, + 0x4b, 0xc2, 0xca, 0x46, 0xac, 0xe1, 0x54, 0x21, 0xc7, 0xec, 0xc5, 0x12, 0xc3, 0xff, 0xca, 0x14, + 0xf2, 0x8a, 0x6e, 0xc6, 0x26, 0x8e, 0xe9, 0x2c, 0x86, 0xfb, 0xea, 0x2c, 0x1e, 0xde, 0xdb, 0x59, + 0x6c, 0xff, 0x03, 0x0b, 0xce, 0xe6, 0x7e, 0xb5, 0x07, 0x37, 0xf0, 0xd1, 0xfe, 0x4a, 0x05, 0x4e, + 0xe7, 0x54, 0xf9, 0x44, 0x3b, 0xe6, 0x7c, 0xb6, 0x8a, 0x88, 0x21, 0x48, 0x1f, 0x89, 0xcb, 0x61, + 0xcc, 0x99, 0xc4, 0x07, 0x3b, 0xaa, 0xd1, 0xc7, 0x25, 0xe5, 0x7b, 0x7b, 0x5c, 0x62, 0x4c, 0xcb, + 0x81, 0xfb, 0x3a, 0x2d, 0x2b, 0xfb, 0x9c, 0x61, 0xfc, 0xaa, 0x05, 0xe3, 0xed, 0x1e, 0xa5, 0xe5, + 0x85, 0xe3, 0xf1, 0xc6, 0xf1, 0x14, 0xae, 0xaf, 0x3f, 0x7a, 0x67, 0x77, 0xa2, 0x67, 0x45, 0x7f, + 0xdc, 0xb3, 0x57, 0xf6, 0x77, 0xca, 0xc0, 0x4a, 0xcc, 0xb2, 0x4a, 0x6e, 0x3b, 0xe8, 0xe3, 0x66, + 0xb1, 0x60, 0xab, 0xa8, 0xc2, 0xb6, 0x9c, 0xb8, 0x2a, 0x36, 0xcc, 0x47, 0x30, 0xaf, 0xf6, 0x70, + 0x56, 0x68, 0x95, 0xfa, 0x10, 0x5a, 0x9e, 0xac, 0xca, 0x5c, 0x2e, 0xbe, 0x2a, 0x73, 0x2d, 0x5b, + 0x91, 0x79, 0xef, 0x4f, 0x3c, 0xf0, 0x40, 0x7e, 0xe2, 0x5f, 0xb0, 0xb8, 0xe0, 0xc9, 0x7c, 0x05, + 0x6d, 0x19, 0x58, 0x7b, 0x58, 0x06, 0x4f, 0x43, 0x35, 0x26, 0xde, 0xfa, 0x65, 0xe2, 0x78, 0xc2, + 0x82, 0xd0, 0xe7, 0xd7, 0xa2, 0x1d, 0x2b, 0x0c, 0x76, 0x6d, 0xab, 0xe7, 0x05, 0xb7, 0x2f, 0xb6, + 0xc3, 0x64, 0x47, 0xd8, 0x12, 0xfa, 0xda, 0x56, 0x05, 0xc1, 0x06, 0x96, 0xfd, 0x37, 0x4b, 0x7c, + 0x06, 0x8a, 0x20, 0x88, 0x17, 0x32, 0x17, 0xed, 0xf5, 0x1f, 0x3f, 0xf0, 0x51, 0x80, 0x86, 0xba, + 0xca, 0x5e, 0x9c, 0x09, 0x5d, 0x3e, 0xf2, 0x3d, 0xdb, 0x82, 0x9e, 0x7e, 0x0d, 0xdd, 0x86, 0x0d, + 0x7e, 0x29, 0x59, 0x5a, 0xde, 0x57, 0x96, 0xa6, 0xc4, 0xca, 0xc0, 0x3e, 0xda, 0xee, 0x4f, 0x2d, + 0x48, 0x59, 0x44, 0x28, 0x84, 0x0a, 0xed, 0xee, 0x4e, 0x31, 0xb7, 0xf4, 0x9b, 0xa4, 0xa9, 0x68, + 0x14, 0xd3, 0x9e, 0xfd, 0xc4, 0x9c, 0x11, 0xf2, 0x44, 0xac, 0x04, 0x1f, 0xd5, 0x6b, 0xc5, 0x31, + 0xbc, 0x1c, 0x04, 0x9b, 0xfc, 0x60, 0x53, 0xc7, 0x5d, 0xd8, 0x2f, 0xc0, 0xa9, 0xae, 0x4e, 0xb1, + 0x3b, 0xb5, 0x02, 0xaa, 0x7d, 0x32, 0xd3, 0x95, 0x25, 0x70, 0x62, 0x0e, 0xb3, 0xbf, 0x69, 0xc1, + 0xc9, 0x2c, 0x79, 0xf4, 0xa6, 0x05, 0xa7, 0xe2, 0x2c, 0xbd, 0xe3, 0x1a, 0x3b, 0x15, 0xef, 0xd8, + 0x05, 0xc2, 0xdd, 0x9d, 0xb0, 0xff, 0xaf, 0x98, 0xfc, 0x37, 0x5d, 0xbf, 0x19, 0xdc, 0x56, 0x86, + 0x89, 0xd5, 0xd3, 0x30, 0xa1, 0xeb, 0xb1, 0xb1, 0x41, 0x9a, 0x1d, 0xaf, 0x2b, 0x73, 0x74, 0x45, + 0xb4, 0x63, 0x85, 0xc1, 0x12, 0xe5, 0x3a, 0xa2, 0x6c, 0x7b, 0x66, 0x52, 0xce, 0x8a, 0x76, 0xac, + 0x30, 0xd0, 0x73, 0x30, 0x62, 0xbc, 0xa4, 0x9c, 0x97, 0xcc, 0x20, 0x37, 0x54, 0x66, 0x8c, 0x53, + 0x58, 0x68, 0x12, 0x40, 0x19, 0x39, 0x52, 0x45, 0x32, 0x47, 0x91, 0x92, 0x44, 0x31, 0x36, 0x30, + 0x58, 0x5a, 0xaa, 0xd7, 0x89, 0x99, 0x8f, 0x7f, 0x50, 0x97, 0x12, 0x9d, 0x11, 0x6d, 0x58, 0x41, + 0xa9, 0x34, 0x69, 0x3b, 0x7e, 0xc7, 0xf1, 0xe8, 0x08, 0x89, 0xad, 0x9f, 0x5a, 0x86, 0x8b, 0x0a, + 0x82, 0x0d, 0x2c, 0xfa, 0xc6, 0x89, 0xdb, 0x26, 0x2f, 0x07, 0xbe, 0x8c, 0x53, 0xd3, 0xc7, 0x3e, + 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0xbf, 0x5a, 0x70, 0x42, 0x27, 0xb9, 0xf3, 0xdb, 0xb3, 0xcd, 0x9d, + 0xaa, 0xb5, 0xef, 0x4e, 0x35, 0x9d, 0xfd, 0x5b, 0xea, 0x2b, 0xfb, 0xd7, 0x4c, 0xcc, 0x2d, 0xef, + 0x99, 0x98, 0xfb, 0x43, 0xfa, 0x66, 0x56, 0x9e, 0xc1, 0x3b, 0x9c, 0x77, 0x2b, 0x2b, 0xb2, 0x61, + 0xb0, 0xe1, 0xa8, 0x0a, 0x2f, 0x23, 0x7c, 0xef, 0x30, 0x33, 0xcd, 0x90, 0x04, 0xc4, 0x5e, 0x82, + 0x9a, 0x3a, 0xfd, 0x90, 0x1b, 0x55, 0x2b, 0x7f, 0xa3, 0xda, 0x57, 0x82, 0x60, 0x7d, 0xed, 0x5b, + 0xdf, 0x7d, 0xfc, 0x6d, 0xbf, 0xf7, 0xdd, 0xc7, 0xdf, 0xf6, 0x47, 0xdf, 0x7d, 0xfc, 0x6d, 0x9f, + 0xb8, 0xf3, 0xb8, 0xf5, 0xad, 0x3b, 0x8f, 0x5b, 0xbf, 0x77, 0xe7, 0x71, 0xeb, 0x8f, 0xee, 0x3c, + 0x6e, 0x7d, 0xe7, 0xce, 0xe3, 0xd6, 0x97, 0xfe, 0xd3, 0xe3, 0x6f, 0x7b, 0x39, 0x37, 0x50, 0x91, + 0xfe, 0x78, 0xa6, 0xd1, 0x9c, 0xda, 0xba, 0xc0, 0x62, 0xe5, 0xe8, 0xf2, 0x9a, 0x32, 0xe6, 0xd4, + 0x94, 0x5c, 0x5e, 0xff, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x13, 0x8b, 0x32, 0x8c, 0xdc, 0xe2, 0x00, + 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -6594,6 +6625,20 @@ func (m *ApplicationSetStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.Resources) > 0 { + for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Resources[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + } if len(m.ApplicationStatus) > 0 { for iNdEx := len(m.ApplicationStatus) - 1; iNdEx >= 0; iNdEx-- { { @@ -6955,6 +7000,43 @@ func (m *ApplicationSetTerminalGenerator) MarshalToSizedBuffer(dAtA []byte) (int return len(dAtA) - i, nil } +func (m *ApplicationSetTree) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ApplicationSetTree) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ApplicationSetTree) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Nodes) > 0 { + for iNdEx := len(m.Nodes) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Nodes[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + func (m *ApplicationSource) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -14959,6 +15041,12 @@ func (m *ApplicationSetStatus) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } + if len(m.Resources) > 0 { + for _, e := range m.Resources { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -15080,6 +15168,21 @@ func (m *ApplicationSetTerminalGenerator) Size() (n int) { return n } +func (m *ApplicationSetTree) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Nodes) > 0 { + for _, e := range m.Nodes { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + func (m *ApplicationSource) Size() (n int) { if m == nil { return 0 @@ -18258,9 +18361,15 @@ func (this *ApplicationSetStatus) String() string { repeatedStringForApplicationStatus += strings.Replace(strings.Replace(f.String(), "ApplicationSetApplicationStatus", "ApplicationSetApplicationStatus", 1), `&`, ``, 1) + "," } repeatedStringForApplicationStatus += "}" + repeatedStringForResources := "[]ResourceStatus{" + for _, f := range this.Resources { + repeatedStringForResources += strings.Replace(strings.Replace(f.String(), "ResourceStatus", "ResourceStatus", 1), `&`, ``, 1) + "," + } + repeatedStringForResources += "}" s := strings.Join([]string{`&ApplicationSetStatus{`, `Conditions:` + repeatedStringForConditions + `,`, `ApplicationStatus:` + repeatedStringForApplicationStatus + `,`, + `Resources:` + repeatedStringForResources + `,`, `}`, }, "") return s @@ -18349,6 +18458,21 @@ func (this *ApplicationSetTerminalGenerator) String() string { }, "") return s } +func (this *ApplicationSetTree) String() string { + if this == nil { + return "nil" + } + repeatedStringForNodes := "[]ResourceNode{" + for _, f := range this.Nodes { + repeatedStringForNodes += strings.Replace(strings.Replace(f.String(), "ResourceNode", "ResourceNode", 1), `&`, ``, 1) + "," + } + repeatedStringForNodes += "}" + s := strings.Join([]string{`&ApplicationSetTree{`, + `Nodes:` + repeatedStringForNodes + `,`, + `}`, + }, "") + return s +} func (this *ApplicationSource) String() string { if this == nil { return "nil" @@ -24703,6 +24827,40 @@ func (m *ApplicationSetStatus) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Resources = append(m.Resources, ResourceStatus{}) + if err := m.Resources[len(m.Resources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -25799,6 +25957,90 @@ func (m *ApplicationSetTerminalGenerator) Unmarshal(dAtA []byte) error { } return nil } +func (m *ApplicationSetTree) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApplicationSetTree: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApplicationSetTree: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Nodes", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Nodes = append(m.Nodes, ResourceNode{}) + if err := m.Nodes[len(m.Nodes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *ApplicationSource) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 88ba0d7efe9a9..f70ccd1792d2b 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -109,6 +109,7 @@ message AppProjectStatus { // +kubebuilder:printcolumn:name="Sync Status",type=string,JSONPath=`.status.sync.status` // +kubebuilder:printcolumn:name="Health Status",type=string,JSONPath=`.status.health.status` // +kubebuilder:printcolumn:name="Revision",type=string,JSONPath=`.status.sync.revision`,priority=10 +// +kubebuilder:printcolumn:name="Project",type=string,JSONPath=`.spec.project`,priority=10 message Application { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -198,7 +199,7 @@ message ApplicationSetApplicationStatus { optional string step = 5; } -// ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning +// ApplicationSetCondition contains details about an applicationset condition, which is usually an error or warning message ApplicationSetCondition { // Type is an applicationset condition type optional string type = 1; @@ -330,6 +331,9 @@ message ApplicationSetStatus { repeated ApplicationSetCondition conditions = 1; repeated ApplicationSetApplicationStatus applicationStatus = 2; + + // Resources is a list of Applications resources managed by this application set. + repeated ResourceStatus resources = 3; } // ApplicationSetStrategy configures how generated Applications are updated in sequence. @@ -395,6 +399,13 @@ message ApplicationSetTerminalGenerator { optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 8; } +// ApplicationSetTree holds nodes which belongs to the application +// Used to build a tree of an ApplicationSet and its children +message ApplicationSetTree { + // Nodes contains list of nodes which are directly managed by the applicationset + repeated ResourceNode nodes = 1; +} + // ApplicationSource contains all required information about the source of an application message ApplicationSource { // RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -2227,6 +2238,7 @@ message SyncStatus { optional string status = 1; // ComparedTo contains information about what has been compared + // +patchStrategy=replace optional ComparedTo comparedTo = 2; // Revision contains information about the revision the comparison has been performed to diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index ecbcdabe75364..a6f4af7d24114 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -41,6 +41,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate": schema_pkg_apis_application_v1alpha1_ApplicationSetTemplate(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplateMeta": schema_pkg_apis_application_v1alpha1_ApplicationSetTemplateMeta(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTerminalGenerator": schema_pkg_apis_application_v1alpha1_ApplicationSetTerminalGenerator(ref), + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTree": schema_pkg_apis_application_v1alpha1_ApplicationSetTree(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource": schema_pkg_apis_application_v1alpha1_ApplicationSource(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSourceDirectory": schema_pkg_apis_application_v1alpha1_ApplicationSourceDirectory(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSourceHelm": schema_pkg_apis_application_v1alpha1_ApplicationSourceHelm(ref), @@ -866,7 +867,7 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetCondition(ref common.Ref return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning", + Description: "ApplicationSetCondition contains details about an applicationset condition, which is usually an error or warning", Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { @@ -1338,11 +1339,25 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetStatus(ref common.Refere }, }, }, + "resources": { + SchemaProps: spec.SchemaProps{ + Description: "Resources is a list of Applications resources managed by this application set.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus"), + }, + }, + }, + }, + }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetApplicationStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetCondition"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetApplicationStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetCondition", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus"}, } } @@ -1552,6 +1567,35 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetTerminalGenerator(ref co } } +func schema_pkg_apis_application_v1alpha1_ApplicationSetTree(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ApplicationSetTree holds nodes which belongs to the application Used to build a tree of an ApplicationSet and its children", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "nodes": { + SchemaProps: spec.SchemaProps{ + Description: "Nodes contains list of nodes which are directly managed by the applicationset", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceNode"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceNode"}, + } +} + func schema_pkg_apis_application_v1alpha1_ApplicationSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -4037,7 +4081,6 @@ func schema_pkg_apis_application_v1alpha1_KustomizeReplica(ref common.ReferenceC "count": { SchemaProps: spec.SchemaProps{ Description: "Number of replicas", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, @@ -4159,8 +4202,7 @@ func schema_pkg_apis_application_v1alpha1_ListGenerator(ref common.ReferenceCall Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), + Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), }, }, }, @@ -4498,7 +4540,6 @@ func schema_pkg_apis_application_v1alpha1_OperationState(ref common.ReferenceCal "startedAt": { SchemaProps: spec.SchemaProps{ Description: "StartedAt contains time of operation start", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -4797,8 +4838,7 @@ func schema_pkg_apis_application_v1alpha1_PluginInput(ref common.ReferenceCallba Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), + Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), }, }, }, @@ -6657,7 +6697,6 @@ func schema_pkg_apis_application_v1alpha1_RevisionHistory(ref common.ReferenceCa "deployedAt": { SchemaProps: spec.SchemaProps{ Description: "DeployedAt holds the time the sync operation completed", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -6744,7 +6783,6 @@ func schema_pkg_apis_application_v1alpha1_RevisionMetadata(ref common.ReferenceC "date": { SchemaProps: spec.SchemaProps{ Description: "Date specifies when the revision was authored", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -7705,6 +7743,11 @@ func schema_pkg_apis_application_v1alpha1_SyncStatus(ref common.ReferenceCallbac }, }, "comparedTo": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-patch-strategy": "replace", + }, + }, SchemaProps: spec.SchemaProps{ Description: "ComparedTo contains information about what has been compared", Default: map[string]interface{}{}, diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index e00994a512940..1388232a4a108 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -51,6 +51,7 @@ import ( // +kubebuilder:printcolumn:name="Sync Status",type=string,JSONPath=`.status.sync.status` // +kubebuilder:printcolumn:name="Health Status",type=string,JSONPath=`.status.health.status` // +kubebuilder:printcolumn:name="Revision",type=string,JSONPath=`.status.sync.revision`,priority=10 +// +kubebuilder:printcolumn:name="Project",type=string,JSONPath=`.spec.project`,priority=10 type Application struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` @@ -230,11 +231,16 @@ func (a *ApplicationSpec) HasMultipleSources() bool { return a.Sources != nil && len(a.Sources) > 0 } -func (a *ApplicationSpec) GetSourcePtr(index int) *ApplicationSource { +func (a *ApplicationSpec) GetSourcePtrByPosition(sourcePosition int) *ApplicationSource { + // if Application has multiple sources, return the first source in sources + return a.GetSourcePtrByIndex(sourcePosition - 1) +} + +func (a *ApplicationSpec) GetSourcePtrByIndex(sourceIndex int) *ApplicationSource { // if Application has multiple sources, return the first source in sources if a.HasMultipleSources() { - if index > 0 { - return &a.Sources[index-1] + if sourceIndex > 0 { + return &a.Sources[sourceIndex] } return &a.Sources[0] } @@ -1504,7 +1510,8 @@ type SyncStatus struct { // Status is the sync state of the comparison Status SyncStatusCode `json:"status" protobuf:"bytes,1,opt,name=status,casttype=SyncStatusCode"` // ComparedTo contains information about what has been compared - ComparedTo ComparedTo `json:"comparedTo,omitempty" protobuf:"bytes,2,opt,name=comparedTo"` + // +patchStrategy=replace + ComparedTo ComparedTo `json:"comparedTo,omitempty" protobuf:"bytes,2,opt,name=comparedTo" patchStrategy:"replace"` // Revision contains information about the revision the comparison has been performed to Revision string `json:"revision,omitempty" protobuf:"bytes,3,opt,name=revision"` // Revisions contains information about the revisions of multiple sources the comparison has been performed to diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index fb78e4d93cbc4..516a722584873 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -11,8 +11,11 @@ import ( "testing" "time" + "github.com/argoproj/gitops-engine/pkg/diff" "github.com/stretchr/testify/require" - "k8s.io/utils/pointer" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/utils/ptr" argocdcommon "github.com/argoproj/argo-cd/v2/common" @@ -2966,7 +2969,7 @@ func TestRetryStrategy_NextRetryAtCustomBackoff(t *testing.T) { retry := RetryStrategy{ Backoff: &Backoff{ Duration: "2s", - Factor: pointer.Int64(3), + Factor: ptr.To(int64(3)), MaxDuration: "1m", }, } @@ -3075,10 +3078,10 @@ func TestOrphanedResourcesMonitorSettings_IsWarn(t *testing.T) { settings := OrphanedResourcesMonitorSettings{} assert.False(t, settings.IsWarn()) - settings.Warn = pointer.Bool(false) + settings.Warn = ptr.To(false) assert.False(t, settings.IsWarn()) - settings.Warn = pointer.Bool(true) + settings.Warn = ptr.To(true) assert.True(t, settings.IsWarn()) } @@ -3436,7 +3439,7 @@ func TestApplicationSourcePluginParameters_Environ_string(t *testing.T) { params := ApplicationSourcePluginParameters{ { Name: "version", - String_: pointer.String("1.2.3"), + String_: ptr.To("1.2.3"), }, } environ, err := params.Environ() @@ -3493,7 +3496,7 @@ func TestApplicationSourcePluginParameters_Environ_all(t *testing.T) { params := ApplicationSourcePluginParameters{ { Name: "some-name", - String_: pointer.String("1.2.3"), + String_: ptr.To("1.2.3"), OptionalArray: &OptionalArray{ Array: []string{"redis", "minio"}, }, @@ -3683,3 +3686,82 @@ func TestOptionalMapEquality(t *testing.T) { }) } } + +func TestApplicationSpec_GetSourcePtrByIndex(t *testing.T) { + testCases := []struct { + name string + application ApplicationSpec + sourceIndex int + expected *ApplicationSource + }{ + { + name: "HasMultipleSources_ReturnsFirstSource", + application: ApplicationSpec{ + Sources: []ApplicationSource{ + {RepoURL: "https://github.com/argoproj/test1.git"}, + {RepoURL: "https://github.com/argoproj/test2.git"}, + }, + }, + sourceIndex: 0, + expected: &ApplicationSource{RepoURL: "https://github.com/argoproj/test1.git"}, + }, + { + name: "HasMultipleSources_ReturnsSourceAtIndex", + application: ApplicationSpec{ + Sources: []ApplicationSource{ + {RepoURL: "https://github.com/argoproj/test1.git"}, + {RepoURL: "https://github.com/argoproj/test2.git"}, + }, + }, + sourceIndex: 1, + expected: &ApplicationSource{RepoURL: "https://github.com/argoproj/test2.git"}, + }, + { + name: "HasSingleSource_ReturnsSource", + application: ApplicationSpec{ + Source: &ApplicationSource{RepoURL: "https://github.com/argoproj/test.git"}, + }, + sourceIndex: 0, + expected: &ApplicationSource{RepoURL: "https://github.com/argoproj/test.git"}, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + actual := tc.application.GetSourcePtrByIndex(tc.sourceIndex) + assert.Equal(t, tc.expected, actual) + }) + } +} + +func TestHelmValuesObjectHasReplaceStrategy(t *testing.T) { + app := Application{ + Status: ApplicationStatus{Sync: SyncStatus{ComparedTo: ComparedTo{ + Source: ApplicationSource{ + Helm: &ApplicationSourceHelm{ + ValuesObject: &runtime.RawExtension{ + Object: &unstructured.Unstructured{Object: map[string]interface{}{"key": []string{"value"}}}, + }, + }, + }, + }}}, + } + + appModified := Application{ + Status: ApplicationStatus{Sync: SyncStatus{ComparedTo: ComparedTo{ + Source: ApplicationSource{ + Helm: &ApplicationSourceHelm{ + ValuesObject: &runtime.RawExtension{ + Object: &unstructured.Unstructured{Object: map[string]interface{}{"key": []string{"value-modified1"}}}, + }, + }, + }, + }}}, + } + + patch, _, err := diff.CreateTwoWayMergePatch( + app, + appModified, Application{}) + require.NoError(t, err) + assert.Equal(t, `{"status":{"sync":{"comparedTo":{"destination":{},"source":{"helm":{"valuesObject":{"key":["value-modified1"]}},"repoURL":""}}}}}`, string(patch)) +} diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index d61af65785b95..9ecec3f0b8793 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -768,6 +768,13 @@ func (in *ApplicationSetStatus) DeepCopyInto(out *ApplicationSetStatus) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ResourceStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -954,6 +961,29 @@ func (in ApplicationSetTerminalGenerators) DeepCopy() ApplicationSetTerminalGene return *out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ApplicationSetTree) DeepCopyInto(out *ApplicationSetTree) { + *out = *in + if in.Nodes != nil { + in, out := &in.Nodes, &out.Nodes + *out = make([]ResourceNode, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationSetTree. +func (in *ApplicationSetTree) DeepCopy() *ApplicationSetTree { + if in == nil { + return nil + } + out := new(ApplicationSetTree) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ApplicationSource) DeepCopyInto(out *ApplicationSource) { *out = *in diff --git a/reposerver/apiclient/clientset.go b/reposerver/apiclient/clientset.go index 41f8cef73eaa7..0168230eda593 100644 --- a/reposerver/apiclient/clientset.go +++ b/reposerver/apiclient/clientset.go @@ -20,7 +20,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/io" ) -//go:generate go run github.com/vektra/mockery/v2@v2.15.0 --name=RepoServerServiceClient +//go:generate go run github.com/vektra/mockery/v2@v2.40.2 --name=RepoServerServiceClient var ( // MaxGRPCMessageSize contains max grpc message size diff --git a/reposerver/apiclient/mocks/RepoServerServiceClient.go b/reposerver/apiclient/mocks/RepoServerServiceClient.go index 1939dcfe140d7..2dd9abb7f638e 100644 --- a/reposerver/apiclient/mocks/RepoServerServiceClient.go +++ b/reposerver/apiclient/mocks/RepoServerServiceClient.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.32.4. DO NOT EDIT. +// Code generated by mockery v2.40.2. DO NOT EDIT. package mocks @@ -32,6 +32,10 @@ func (_m *RepoServerServiceClient) GenerateManifest(ctx context.Context, in *api _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for GenerateManifest") + } + var r0 *apiclient.ManifestResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.ManifestRequest, ...grpc.CallOption) (*apiclient.ManifestResponse, error)); ok { @@ -65,6 +69,10 @@ func (_m *RepoServerServiceClient) GenerateManifestWithFiles(ctx context.Context _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for GenerateManifestWithFiles") + } + var r0 apiclient.RepoServerService_GenerateManifestWithFilesClient var r1 error if rf, ok := ret.Get(0).(func(context.Context, ...grpc.CallOption) (apiclient.RepoServerService_GenerateManifestWithFilesClient, error)); ok { @@ -98,6 +106,10 @@ func (_m *RepoServerServiceClient) GetAppDetails(ctx context.Context, in *apicli _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for GetAppDetails") + } + var r0 *apiclient.RepoAppDetailsResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.RepoServerAppDetailsQuery, ...grpc.CallOption) (*apiclient.RepoAppDetailsResponse, error)); ok { @@ -131,6 +143,10 @@ func (_m *RepoServerServiceClient) GetGitDirectories(ctx context.Context, in *ap _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for GetGitDirectories") + } + var r0 *apiclient.GitDirectoriesResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.GitDirectoriesRequest, ...grpc.CallOption) (*apiclient.GitDirectoriesResponse, error)); ok { @@ -164,6 +180,10 @@ func (_m *RepoServerServiceClient) GetGitFiles(ctx context.Context, in *apiclien _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for GetGitFiles") + } + var r0 *apiclient.GitFilesResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.GitFilesRequest, ...grpc.CallOption) (*apiclient.GitFilesResponse, error)); ok { @@ -197,6 +217,10 @@ func (_m *RepoServerServiceClient) GetHelmCharts(ctx context.Context, in *apicli _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for GetHelmCharts") + } + var r0 *apiclient.HelmChartsResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.HelmChartsRequest, ...grpc.CallOption) (*apiclient.HelmChartsResponse, error)); ok { @@ -230,6 +254,10 @@ func (_m *RepoServerServiceClient) GetRevisionChartDetails(ctx context.Context, _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for GetRevisionChartDetails") + } + var r0 *v1alpha1.ChartDetails var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.RepoServerRevisionChartDetailsRequest, ...grpc.CallOption) (*v1alpha1.ChartDetails, error)); ok { @@ -263,6 +291,10 @@ func (_m *RepoServerServiceClient) GetRevisionMetadata(ctx context.Context, in * _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for GetRevisionMetadata") + } + var r0 *v1alpha1.RevisionMetadata var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.RepoServerRevisionMetadataRequest, ...grpc.CallOption) (*v1alpha1.RevisionMetadata, error)); ok { @@ -296,6 +328,10 @@ func (_m *RepoServerServiceClient) ListApps(ctx context.Context, in *apiclient.L _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for ListApps") + } + var r0 *apiclient.AppList var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.ListAppsRequest, ...grpc.CallOption) (*apiclient.AppList, error)); ok { @@ -329,6 +365,10 @@ func (_m *RepoServerServiceClient) ListPlugins(ctx context.Context, in *emptypb. _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for ListPlugins") + } + var r0 *apiclient.PluginList var r1 error if rf, ok := ret.Get(0).(func(context.Context, *emptypb.Empty, ...grpc.CallOption) (*apiclient.PluginList, error)); ok { @@ -362,6 +402,10 @@ func (_m *RepoServerServiceClient) ListRefs(ctx context.Context, in *apiclient.L _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for ListRefs") + } + var r0 *apiclient.Refs var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.ListRefsRequest, ...grpc.CallOption) (*apiclient.Refs, error)); ok { @@ -395,6 +439,10 @@ func (_m *RepoServerServiceClient) ResolveRevision(ctx context.Context, in *apic _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for ResolveRevision") + } + var r0 *apiclient.ResolveRevisionResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.ResolveRevisionRequest, ...grpc.CallOption) (*apiclient.ResolveRevisionResponse, error)); ok { @@ -428,6 +476,10 @@ func (_m *RepoServerServiceClient) TestRepository(ctx context.Context, in *apicl _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for TestRepository") + } + var r0 *apiclient.TestRepositoryResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.TestRepositoryRequest, ...grpc.CallOption) (*apiclient.TestRepositoryResponse, error)); ok { @@ -461,6 +513,10 @@ func (_m *RepoServerServiceClient) UpdateRevisionForPaths(ctx context.Context, i _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for UpdateRevisionForPaths") + } + var r0 *apiclient.UpdateRevisionForPathsResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.UpdateRevisionForPathsRequest, ...grpc.CallOption) (*apiclient.UpdateRevisionForPathsResponse, error)); ok { diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 393c6699abf3c..707e1e95d9220 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -557,6 +557,7 @@ type ResolveRevisionRequest struct { Repo *v1alpha1.Repository `protobuf:"bytes,1,opt,name=repo,proto3" json:"repo,omitempty"` App *v1alpha1.Application `protobuf:"bytes,2,opt,name=app,proto3" json:"app,omitempty"` AmbiguousRevision string `protobuf:"bytes,3,opt,name=ambiguousRevision,proto3" json:"ambiguousRevision,omitempty"` + SourceIndex int64 `protobuf:"varint,4,opt,name=sourceIndex,proto3" json:"sourceIndex,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -616,6 +617,13 @@ func (m *ResolveRevisionRequest) GetAmbiguousRevision() string { return "" } +func (m *ResolveRevisionRequest) GetSourceIndex() int64 { + if m != nil { + return m.SourceIndex + } + return 0 +} + // ResolveRevisionResponse type ResolveRevisionResponse struct { // returns the resolved revision @@ -2390,149 +2398,150 @@ func init() { } var fileDescriptor_dd8723cfcc820480 = []byte{ - // 2265 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x1a, 0x5d, 0x6f, 0x1b, 0xc7, - 0x51, 0x47, 0x52, 0x14, 0x39, 0x94, 0x25, 0x6a, 0x63, 0xcb, 0x67, 0xc6, 0x16, 0x94, 0x6b, 0x6d, - 0x38, 0x76, 0x42, 0xc2, 0x32, 0x12, 0xb7, 0x4e, 0x9a, 0x42, 0x71, 0x6c, 0xc9, 0xb1, 0x65, 0xab, - 0x67, 0xa7, 0x85, 0x5b, 0xb7, 0xc5, 0xf2, 0xb8, 0x24, 0x2f, 0x3c, 0xde, 0xad, 0xef, 0xf6, 0x14, - 0xd0, 0x40, 0x1f, 0x8a, 0x16, 0xfd, 0x09, 0x7d, 0xe8, 0xaf, 0x28, 0x50, 0x14, 0x7d, 0xec, 0x43, - 0xd1, 0x8f, 0xc7, 0xa2, 0x7f, 0xa0, 0x85, 0x5f, 0x0a, 0xf4, 0x57, 0x14, 0xfb, 0x71, 0x9f, 0x3c, - 0xd2, 0x4a, 0x69, 0x2b, 0x6d, 0x5f, 0xa4, 0xdb, 0xd9, 0xd9, 0x99, 0xd9, 0xd9, 0xf9, 0xdc, 0x25, - 0x5c, 0xf2, 0x09, 0xf5, 0x02, 0xe2, 0x1f, 0x11, 0xbf, 0x23, 0x3e, 0x6d, 0xe6, 0xf9, 0x93, 0xd4, - 0x67, 0x9b, 0xfa, 0x1e, 0xf3, 0x10, 0x24, 0x90, 0xd6, 0xfd, 0x81, 0xcd, 0x86, 0x61, 0xb7, 0x6d, - 0x79, 0xe3, 0x0e, 0xf6, 0x07, 0x1e, 0xf5, 0xbd, 0xcf, 0xc5, 0xc7, 0xbb, 0x56, 0xaf, 0x73, 0xb4, - 0xd3, 0xa1, 0xa3, 0x41, 0x07, 0x53, 0x3b, 0xe8, 0x60, 0x4a, 0x1d, 0xdb, 0xc2, 0xcc, 0xf6, 0xdc, - 0xce, 0xd1, 0x35, 0xec, 0xd0, 0x21, 0xbe, 0xd6, 0x19, 0x10, 0x97, 0xf8, 0x98, 0x91, 0x9e, 0xa4, - 0xdc, 0x7a, 0x73, 0xe0, 0x79, 0x03, 0x87, 0x74, 0xc4, 0xa8, 0x1b, 0xf6, 0x3b, 0x64, 0x4c, 0x99, - 0x62, 0x6b, 0xfc, 0x6b, 0x15, 0xd6, 0x0f, 0xb0, 0x6b, 0xf7, 0x49, 0xc0, 0x4c, 0xf2, 0x2c, 0x24, - 0x01, 0x43, 0x4f, 0xa1, 0xc2, 0x85, 0xd1, 0xb5, 0x6d, 0xed, 0x72, 0x63, 0x67, 0xbf, 0x9d, 0x48, - 0xd3, 0x8e, 0xa4, 0x11, 0x1f, 0x3f, 0xb6, 0x7a, 0xed, 0xa3, 0x9d, 0x36, 0x1d, 0x0d, 0xda, 0x5c, - 0x9a, 0x76, 0x4a, 0x9a, 0x76, 0x24, 0x4d, 0xdb, 0x8c, 0xb7, 0x65, 0x0a, 0xaa, 0xa8, 0x05, 0x35, - 0x9f, 0x1c, 0xd9, 0x81, 0xed, 0xb9, 0x7a, 0x69, 0x5b, 0xbb, 0x5c, 0x37, 0xe3, 0x31, 0xd2, 0x61, - 0xc5, 0xf5, 0x6e, 0x61, 0x6b, 0x48, 0xf4, 0xf2, 0xb6, 0x76, 0xb9, 0x66, 0x46, 0x43, 0xb4, 0x0d, - 0x0d, 0x4c, 0xe9, 0x7d, 0xdc, 0x25, 0xce, 0x3d, 0x32, 0xd1, 0x2b, 0x62, 0x61, 0x1a, 0xc4, 0xd7, - 0x62, 0x4a, 0x1f, 0xe0, 0x31, 0xd1, 0x97, 0xc5, 0x6c, 0x34, 0x44, 0xe7, 0xa1, 0xee, 0xe2, 0x31, - 0x09, 0x28, 0xb6, 0x88, 0x5e, 0x13, 0x73, 0x09, 0x00, 0xfd, 0x04, 0x36, 0x52, 0x82, 0x3f, 0xf2, - 0x42, 0xdf, 0x22, 0x3a, 0x88, 0xad, 0x3f, 0x5c, 0x6c, 0xeb, 0xbb, 0x79, 0xb2, 0xe6, 0x34, 0x27, - 0xf4, 0x23, 0x58, 0x16, 0x27, 0xaf, 0x37, 0xb6, 0xcb, 0xaf, 0x54, 0xdb, 0x92, 0x2c, 0x72, 0x61, - 0x85, 0x3a, 0xe1, 0xc0, 0x76, 0x03, 0x7d, 0x55, 0x70, 0x78, 0xbc, 0x18, 0x87, 0x5b, 0x9e, 0xdb, - 0xb7, 0x07, 0x07, 0xd8, 0xc5, 0x03, 0x32, 0x26, 0x2e, 0x3b, 0x14, 0xc4, 0xcd, 0x88, 0x09, 0x7a, - 0x0e, 0xcd, 0x51, 0x18, 0x30, 0x6f, 0x6c, 0x3f, 0x27, 0x0f, 0x29, 0x5f, 0x1b, 0xe8, 0xa7, 0x84, - 0x36, 0x1f, 0x2c, 0xc6, 0xf8, 0x5e, 0x8e, 0xaa, 0x39, 0xc5, 0x87, 0x1b, 0xc9, 0x28, 0xec, 0x92, - 0xef, 0x12, 0x5f, 0x58, 0xd7, 0x9a, 0x34, 0x92, 0x14, 0x48, 0x9a, 0x91, 0xad, 0x46, 0x81, 0xbe, - 0xbe, 0x5d, 0x96, 0x66, 0x14, 0x83, 0xd0, 0x65, 0x58, 0x3f, 0x22, 0xbe, 0xdd, 0x9f, 0x3c, 0xb2, - 0x07, 0x2e, 0x66, 0xa1, 0x4f, 0xf4, 0xa6, 0x30, 0xc5, 0x3c, 0x18, 0x8d, 0xe1, 0xd4, 0x90, 0x38, - 0x63, 0xae, 0xf2, 0x5b, 0x3e, 0xe9, 0x05, 0xfa, 0x86, 0xd0, 0xef, 0xde, 0xe2, 0x27, 0x28, 0xc8, - 0x99, 0x59, 0xea, 0x5c, 0x30, 0xd7, 0x33, 0x95, 0xa7, 0x48, 0x1f, 0x41, 0x52, 0xb0, 0x1c, 0x18, - 0x5d, 0x82, 0x35, 0xe6, 0x63, 0x6b, 0x64, 0xbb, 0x83, 0x03, 0xc2, 0x86, 0x5e, 0x4f, 0x7f, 0x43, - 0x68, 0x22, 0x07, 0x45, 0x16, 0x20, 0xe2, 0xe2, 0xae, 0x43, 0x7a, 0xd2, 0x16, 0x1f, 0x4f, 0x28, - 0x09, 0xf4, 0xd3, 0x62, 0x17, 0xd7, 0xdb, 0xa9, 0x08, 0x95, 0x0b, 0x10, 0xed, 0xdb, 0x53, 0xab, - 0x6e, 0xbb, 0xcc, 0x9f, 0x98, 0x05, 0xe4, 0xd0, 0x08, 0x1a, 0x7c, 0x1f, 0x91, 0x29, 0x9c, 0x11, - 0xa6, 0x70, 0x77, 0x31, 0x1d, 0xed, 0x27, 0x04, 0xcd, 0x34, 0x75, 0xd4, 0x06, 0x34, 0xc4, 0xc1, - 0x41, 0xe8, 0x30, 0x9b, 0x3a, 0x44, 0x8a, 0x11, 0xe8, 0x9b, 0x42, 0x4d, 0x05, 0x33, 0xe8, 0x1e, - 0x80, 0x4f, 0xfa, 0x11, 0xde, 0x59, 0xb1, 0xf3, 0xab, 0xf3, 0x76, 0x6e, 0xc6, 0xd8, 0x72, 0xc7, - 0xa9, 0xe5, 0x9c, 0x39, 0xdf, 0x06, 0xb1, 0x98, 0xf2, 0x76, 0xe1, 0xd6, 0xba, 0x30, 0xb1, 0x82, - 0x19, 0x6e, 0x8b, 0x0a, 0x2a, 0x82, 0xd6, 0x39, 0x69, 0xad, 0x29, 0x50, 0xeb, 0x36, 0x9c, 0x9d, - 0xa1, 0x6a, 0xd4, 0x84, 0xf2, 0x88, 0x4c, 0x44, 0x88, 0xae, 0x9b, 0xfc, 0x13, 0x9d, 0x86, 0xe5, - 0x23, 0xec, 0x84, 0x44, 0x04, 0xd5, 0x9a, 0x29, 0x07, 0x37, 0x4b, 0xdf, 0xd0, 0x5a, 0xbf, 0xd0, - 0x60, 0x3d, 0x27, 0x78, 0xc1, 0xfa, 0x1f, 0xa6, 0xd7, 0xbf, 0x02, 0x33, 0xee, 0x3f, 0xc6, 0xfe, - 0x80, 0xb0, 0x94, 0x20, 0xc6, 0xdf, 0x34, 0xd0, 0x73, 0x1a, 0xfd, 0x9e, 0xcd, 0x86, 0x77, 0x6c, - 0x87, 0x04, 0xe8, 0x06, 0xac, 0xf8, 0x12, 0xa6, 0x12, 0xcf, 0x9b, 0x73, 0x0e, 0x62, 0x7f, 0xc9, - 0x8c, 0xb0, 0xd1, 0x47, 0x50, 0x1b, 0x13, 0x86, 0x7b, 0x98, 0x61, 0x25, 0xfb, 0x76, 0xd1, 0x4a, - 0xce, 0xe5, 0x40, 0xe1, 0xed, 0x2f, 0x99, 0xf1, 0x1a, 0xf4, 0x1e, 0x2c, 0x5b, 0xc3, 0xd0, 0x1d, - 0x89, 0x94, 0xd3, 0xd8, 0xb9, 0x30, 0x6b, 0xf1, 0x2d, 0x8e, 0xb4, 0xbf, 0x64, 0x4a, 0xec, 0x8f, - 0xab, 0x50, 0xa1, 0xd8, 0x67, 0xc6, 0x1d, 0x38, 0x5d, 0xc4, 0x82, 0xe7, 0x39, 0x6b, 0x48, 0xac, - 0x51, 0x10, 0x8e, 0x95, 0x9a, 0xe3, 0x31, 0x42, 0x50, 0x09, 0xec, 0xe7, 0x52, 0xd5, 0x65, 0x53, - 0x7c, 0x1b, 0x6f, 0xc3, 0xc6, 0x14, 0x37, 0x7e, 0xa8, 0x52, 0x36, 0x4e, 0x61, 0x55, 0xb1, 0x36, - 0x42, 0x38, 0xf3, 0x58, 0xe8, 0x22, 0x0e, 0xf6, 0x27, 0x91, 0xb9, 0x8d, 0x7d, 0xd8, 0xcc, 0xb3, - 0x0d, 0xa8, 0xe7, 0x06, 0x84, 0x9b, 0xbe, 0x88, 0x8e, 0x36, 0xe9, 0x25, 0xb3, 0x42, 0x8a, 0x9a, - 0x59, 0x30, 0x63, 0xfc, 0xb4, 0x04, 0x9b, 0x26, 0x09, 0x3c, 0xe7, 0x88, 0x44, 0xa1, 0xeb, 0x64, - 0x8a, 0x8f, 0x1f, 0x40, 0x19, 0x53, 0xaa, 0xcc, 0xe4, 0xee, 0x2b, 0x4b, 0xef, 0x26, 0xa7, 0x8a, - 0xde, 0x81, 0x0d, 0x3c, 0xee, 0xda, 0x83, 0xd0, 0x0b, 0x83, 0x68, 0x5b, 0xc2, 0xa8, 0xea, 0xe6, - 0xf4, 0x84, 0x61, 0xc1, 0xd9, 0x29, 0x15, 0x28, 0x75, 0xa6, 0x4b, 0x24, 0x2d, 0x57, 0x22, 0x15, - 0x32, 0x29, 0xcd, 0x62, 0xf2, 0x27, 0x0d, 0x9a, 0x89, 0xeb, 0x28, 0xf2, 0xe7, 0xa1, 0x3e, 0x56, - 0xb0, 0x40, 0xd7, 0x44, 0x7c, 0x4a, 0x00, 0xd9, 0x6a, 0xa9, 0x94, 0xaf, 0x96, 0x36, 0xa1, 0x2a, - 0x8b, 0x59, 0xb5, 0x31, 0x35, 0xca, 0x88, 0x5c, 0xc9, 0x89, 0xbc, 0x05, 0x10, 0xc4, 0xf1, 0x4b, - 0xaf, 0x8a, 0xd9, 0x14, 0x04, 0x19, 0xb0, 0x2a, 0x73, 0xab, 0x49, 0x82, 0xd0, 0x61, 0xfa, 0x8a, - 0xc0, 0xc8, 0xc0, 0x0c, 0x0f, 0xd6, 0xef, 0xdb, 0x7c, 0x0f, 0xfd, 0xe0, 0x64, 0x8c, 0xfd, 0x7d, - 0xa8, 0x70, 0x66, 0x7c, 0x63, 0x5d, 0x1f, 0xbb, 0xd6, 0x90, 0x44, 0xba, 0x8a, 0xc7, 0xdc, 0x8d, - 0x19, 0x1e, 0x04, 0x7a, 0x49, 0xc0, 0xc5, 0xb7, 0xf1, 0xbb, 0x92, 0x94, 0x74, 0x97, 0xd2, 0xe0, - 0xab, 0x2f, 0xa8, 0x8b, 0x53, 0x7c, 0x79, 0x3a, 0xc5, 0xe7, 0x44, 0xfe, 0x32, 0x29, 0xfe, 0x15, - 0xa5, 0x29, 0x23, 0x84, 0x95, 0x5d, 0x4a, 0xb9, 0x20, 0xe8, 0x1a, 0x54, 0x30, 0xa5, 0x52, 0xe1, - 0xb9, 0x88, 0xac, 0x50, 0xf8, 0x7f, 0x25, 0x92, 0x40, 0x6d, 0xdd, 0x80, 0x7a, 0x0c, 0x7a, 0x19, - 0xdb, 0x7a, 0x9a, 0xed, 0x36, 0x80, 0xac, 0x61, 0xef, 0xba, 0x7d, 0x8f, 0x1f, 0x29, 0x37, 0x76, - 0xb5, 0x54, 0x7c, 0x1b, 0x37, 0x23, 0x0c, 0x21, 0xdb, 0x3b, 0xb0, 0x6c, 0x33, 0x32, 0x8e, 0x84, - 0xdb, 0x4c, 0x0b, 0x97, 0x10, 0x32, 0x25, 0x92, 0xf1, 0xe7, 0x1a, 0x9c, 0xe3, 0x27, 0xf6, 0x48, - 0xb8, 0xc9, 0x2e, 0xa5, 0x9f, 0x10, 0x86, 0x6d, 0x27, 0xf8, 0x4e, 0x48, 0xfc, 0xc9, 0x6b, 0x36, - 0x8c, 0x01, 0x54, 0xa5, 0x97, 0xa9, 0x78, 0xf7, 0xca, 0xdb, 0x19, 0x45, 0x3e, 0xe9, 0x61, 0xca, - 0xaf, 0xa7, 0x87, 0x29, 0xea, 0x29, 0x2a, 0x27, 0xd4, 0x53, 0xcc, 0x6e, 0x2b, 0x53, 0xcd, 0x6a, - 0x35, 0xdb, 0xac, 0x16, 0x94, 0xea, 0x2b, 0xc7, 0x2d, 0xd5, 0x6b, 0x85, 0xa5, 0xfa, 0xb8, 0xd0, - 0x8f, 0xeb, 0x42, 0xdd, 0xdf, 0x4a, 0x5b, 0xe0, 0x4c, 0x5b, 0x5b, 0xa4, 0x68, 0x87, 0xd7, 0x5a, - 0xb4, 0x7f, 0x96, 0x29, 0xc2, 0x65, 0x1b, 0xfc, 0xde, 0xf1, 0xf6, 0x34, 0xa7, 0x1c, 0xff, 0xbf, - 0x2b, 0x9e, 0x7f, 0x2e, 0x6a, 0x26, 0xea, 0x25, 0x3a, 0x88, 0x13, 0x3a, 0xcf, 0x43, 0x3c, 0xb5, - 0xaa, 0xa0, 0xc5, 0xbf, 0xd1, 0x55, 0xa8, 0x70, 0x25, 0xab, 0xa2, 0xf6, 0x6c, 0x5a, 0x9f, 0xfc, - 0x24, 0x76, 0x29, 0x7d, 0x44, 0x89, 0x65, 0x0a, 0x24, 0x74, 0x13, 0xea, 0xb1, 0xe1, 0x2b, 0xcf, - 0x3a, 0x9f, 0x5e, 0x11, 0xfb, 0x49, 0xb4, 0x2c, 0x41, 0xe7, 0x6b, 0x7b, 0xb6, 0x4f, 0x2c, 0x51, - 0xf2, 0x2d, 0x4f, 0xaf, 0xfd, 0x24, 0x9a, 0x8c, 0xd7, 0xc6, 0xe8, 0xe8, 0x1a, 0x54, 0xe5, 0xbd, - 0x81, 0xf0, 0xa0, 0xc6, 0xce, 0xb9, 0xe9, 0x60, 0x1a, 0xad, 0x52, 0x88, 0xc6, 0x1f, 0x35, 0x78, - 0x2b, 0x31, 0x88, 0xc8, 0x9b, 0xa2, 0xaa, 0xfb, 0xab, 0xcf, 0xb8, 0x97, 0x60, 0x4d, 0x94, 0xf9, - 0xc9, 0xf5, 0x81, 0xbc, 0xc9, 0xca, 0x41, 0x8d, 0xdf, 0x6a, 0x70, 0x71, 0x7a, 0x1f, 0xb7, 0x86, - 0xd8, 0x67, 0xf1, 0xf1, 0x9e, 0xc4, 0x5e, 0xa2, 0x84, 0x57, 0x4a, 0x12, 0x5e, 0x66, 0x7f, 0xe5, - 0xec, 0xfe, 0x8c, 0xdf, 0x97, 0xa0, 0x91, 0x32, 0xa0, 0xa2, 0x84, 0xc9, 0x0b, 0x3e, 0x61, 0xb7, - 0xa2, 0xb1, 0x13, 0x49, 0xa1, 0x6e, 0xa6, 0x20, 0x68, 0x04, 0x40, 0xb1, 0x8f, 0xc7, 0x84, 0x11, - 0x9f, 0x47, 0x72, 0xee, 0xf1, 0xf7, 0x16, 0x8f, 0x2e, 0x87, 0x11, 0x4d, 0x33, 0x45, 0x9e, 0x57, - 0xac, 0x82, 0x75, 0xa0, 0xe2, 0xb7, 0x1a, 0xa1, 0x2f, 0x60, 0xad, 0x6f, 0x3b, 0xe4, 0x30, 0x11, - 0xa4, 0x2a, 0x04, 0x79, 0xb8, 0xb8, 0x20, 0x77, 0xd2, 0x74, 0xcd, 0x1c, 0x1b, 0xe3, 0x0a, 0x34, - 0xf3, 0xfe, 0xc4, 0x85, 0xb4, 0xc7, 0x78, 0x10, 0x6b, 0x4b, 0x8d, 0x0c, 0x04, 0xcd, 0xbc, 0xff, - 0x18, 0x7f, 0x2f, 0xc1, 0x99, 0x98, 0xdc, 0xae, 0xeb, 0x7a, 0xa1, 0x6b, 0x89, 0xab, 0xb8, 0xc2, - 0xb3, 0x38, 0x0d, 0xcb, 0xcc, 0x66, 0x4e, 0x5c, 0xf8, 0x88, 0x01, 0xcf, 0x5d, 0xcc, 0xf3, 0x1c, - 0x66, 0x53, 0x75, 0xc0, 0xd1, 0x50, 0x9e, 0xfd, 0xb3, 0xd0, 0xf6, 0x49, 0x4f, 0x44, 0x82, 0x9a, - 0x19, 0x8f, 0xf9, 0x1c, 0xaf, 0x6a, 0x44, 0x19, 0x2f, 0x95, 0x19, 0x8f, 0x85, 0xdd, 0x7b, 0x8e, - 0x43, 0x2c, 0xae, 0x8e, 0x54, 0xa1, 0x9f, 0x83, 0x8a, 0x06, 0x82, 0xf9, 0xb6, 0x3b, 0x50, 0x65, - 0xbe, 0x1a, 0x71, 0x39, 0xb1, 0xef, 0xe3, 0x89, 0x5e, 0x13, 0x0a, 0x90, 0x03, 0xf4, 0x21, 0x94, - 0xc7, 0x98, 0xaa, 0x44, 0x77, 0x25, 0x13, 0x1d, 0x8a, 0x34, 0xd0, 0x3e, 0xc0, 0x54, 0x66, 0x02, - 0xbe, 0xac, 0xf5, 0x3e, 0xd4, 0x22, 0xc0, 0x97, 0x2a, 0x09, 0x3f, 0x87, 0x53, 0x99, 0xe0, 0x83, - 0x9e, 0xc0, 0x66, 0x62, 0x51, 0x69, 0x86, 0xaa, 0x08, 0x7c, 0xeb, 0xa5, 0x92, 0x99, 0x33, 0x08, - 0x18, 0xcf, 0x60, 0x83, 0x9b, 0x8c, 0x70, 0xfc, 0x13, 0x6a, 0x6d, 0x3e, 0x80, 0x7a, 0xcc, 0xb2, - 0xd0, 0x66, 0x5a, 0x50, 0x3b, 0x8a, 0xae, 0x48, 0x65, 0x6f, 0x13, 0x8f, 0x8d, 0x5d, 0x40, 0x69, - 0x79, 0x55, 0x06, 0xba, 0x9a, 0x2d, 0x8a, 0xcf, 0xe4, 0xd3, 0x8d, 0x40, 0x8f, 0x6a, 0xe2, 0xdf, - 0x94, 0x60, 0x7d, 0xcf, 0x16, 0xb7, 0x1c, 0x27, 0x14, 0xe4, 0xae, 0x40, 0x33, 0x08, 0xbb, 0x63, - 0xaf, 0x17, 0x3a, 0x44, 0x15, 0x05, 0x2a, 0xd3, 0x4f, 0xc1, 0xe7, 0x05, 0x3f, 0xae, 0x2c, 0x8a, - 0xd9, 0x50, 0x75, 0xb8, 0xe2, 0x1b, 0x7d, 0x08, 0xe7, 0x1e, 0x90, 0x2f, 0xd4, 0x7e, 0xf6, 0x1c, - 0xaf, 0xdb, 0xb5, 0xdd, 0x41, 0xc4, 0x64, 0x59, 0x30, 0x99, 0x8d, 0x50, 0x54, 0x2a, 0x56, 0x0b, - 0x4b, 0x45, 0xe3, 0x67, 0x1a, 0x34, 0x13, 0xad, 0x29, 0xbd, 0xdf, 0x90, 0xfe, 0x21, 0xb5, 0x7e, - 0x31, 0xad, 0xf5, 0x3c, 0xea, 0x7f, 0xee, 0x1a, 0xab, 0x69, 0xd7, 0xf8, 0xa7, 0x06, 0x67, 0xf6, - 0x6c, 0x16, 0x05, 0x25, 0xfb, 0x7f, 0xed, 0x04, 0x0b, 0xf4, 0x5d, 0x29, 0xd6, 0x77, 0x1b, 0x36, - 0xf3, 0x1b, 0x55, 0x4a, 0x3f, 0x0d, 0xcb, 0xfc, 0xe4, 0xa3, 0xfb, 0x00, 0x39, 0x30, 0x7e, 0x5d, - 0x85, 0x0b, 0x9f, 0xd1, 0x1e, 0x66, 0xf1, 0x7d, 0xce, 0x1d, 0xcf, 0x3f, 0xe4, 0x53, 0x27, 0xa3, - 0xa1, 0xdc, 0x0b, 0x59, 0x69, 0xee, 0x0b, 0x59, 0x79, 0xce, 0x0b, 0x59, 0xe5, 0x58, 0x2f, 0x64, - 0xcb, 0x27, 0xf6, 0x42, 0x36, 0xdd, 0x23, 0x55, 0x0b, 0x7b, 0xa4, 0x27, 0x99, 0x3e, 0x62, 0x45, - 0xb8, 0xc4, 0x37, 0xd3, 0x2e, 0x31, 0xf7, 0x74, 0xe6, 0x5e, 0xed, 0xe7, 0x1e, 0x96, 0x6a, 0x2f, - 0x7d, 0x58, 0xaa, 0x4f, 0x3f, 0x2c, 0x15, 0xbf, 0x4d, 0xc0, 0xcc, 0xb7, 0x89, 0x4b, 0xb0, 0x16, - 0x4c, 0x5c, 0x8b, 0xf4, 0xe2, 0x5b, 0xbe, 0x86, 0xdc, 0x76, 0x16, 0x9a, 0xb1, 0xf6, 0xd5, 0x9c, - 0xb5, 0xc7, 0x96, 0x7a, 0x2a, 0x65, 0xa9, 0xff, 0x3d, 0x2d, 0xcd, 0x36, 0x6c, 0xcd, 0x3a, 0x13, - 0xe9, 0x6a, 0x3b, 0x7f, 0x00, 0xd8, 0x48, 0xaa, 0x64, 0xfe, 0xd7, 0xb6, 0x08, 0x7a, 0x08, 0xcd, - 0x3d, 0xf5, 0xc8, 0x1d, 0x5d, 0x6e, 0xa2, 0x79, 0xaf, 0x05, 0xad, 0xf3, 0xc5, 0x93, 0x92, 0x89, - 0xb1, 0x84, 0x2c, 0x38, 0x97, 0x27, 0x98, 0x3c, 0x4c, 0x7c, 0x7d, 0x0e, 0xe5, 0x18, 0xeb, 0x65, - 0x2c, 0x2e, 0x6b, 0xe8, 0x09, 0xac, 0x65, 0xaf, 0xcf, 0x51, 0xa6, 0x6c, 0x28, 0xbc, 0xd1, 0x6f, - 0x19, 0xf3, 0x50, 0x62, 0xf9, 0x9f, 0xf2, 0x03, 0xcd, 0xdc, 0x25, 0x23, 0x23, 0xdb, 0x41, 0x17, - 0xdd, 0xb5, 0xb7, 0xbe, 0x36, 0x17, 0x27, 0xa6, 0xfe, 0x01, 0xd4, 0xa2, 0xbb, 0xd7, 0xac, 0x9a, - 0x73, 0x37, 0xb2, 0xad, 0x66, 0x96, 0x5e, 0x3f, 0x30, 0x96, 0xd0, 0x47, 0x72, 0xf1, 0x2e, 0xa5, - 0x05, 0x8b, 0x53, 0x37, 0x8e, 0xad, 0x37, 0x0a, 0x6e, 0xf9, 0x8c, 0x25, 0xf4, 0x6d, 0x68, 0xf0, - 0xaf, 0x43, 0xf5, 0xbc, 0xbc, 0xd9, 0x96, 0xbf, 0x66, 0x68, 0x47, 0xbf, 0x66, 0x68, 0xdf, 0x1e, - 0x53, 0x36, 0x69, 0x15, 0x5c, 0xc3, 0x29, 0x02, 0x4f, 0xe1, 0xd4, 0x1e, 0x61, 0x49, 0xd7, 0x8c, - 0x2e, 0x1e, 0xeb, 0x6e, 0xa1, 0x65, 0xe4, 0xd1, 0xa6, 0x1b, 0x6f, 0x63, 0x09, 0xfd, 0x52, 0x83, - 0x37, 0xf6, 0x08, 0xcb, 0xf7, 0xa1, 0xe8, 0xdd, 0x62, 0x26, 0x33, 0xfa, 0xd5, 0xd6, 0x83, 0x45, - 0xbd, 0x2b, 0x4b, 0xd6, 0x58, 0x42, 0xbf, 0xd2, 0xe0, 0x6c, 0x4a, 0xb0, 0x74, 0x63, 0x89, 0xae, - 0xcd, 0x17, 0xae, 0xa0, 0x09, 0x6d, 0x7d, 0xba, 0xe0, 0xaf, 0x06, 0x52, 0x24, 0x8d, 0x25, 0x74, - 0x28, 0xce, 0x24, 0xa9, 0x23, 0xd1, 0x85, 0xc2, 0x82, 0x31, 0xe6, 0xbe, 0x35, 0x6b, 0x3a, 0x3e, - 0x87, 0x4f, 0xa1, 0xb1, 0x47, 0x58, 0x54, 0xf4, 0x64, 0x2d, 0x2d, 0x57, 0x6b, 0x66, 0x5d, 0x35, - 0x5f, 0x27, 0x09, 0x8b, 0xd9, 0x90, 0xb4, 0x52, 0xc9, 0x3f, 0xeb, 0xab, 0x85, 0x15, 0x50, 0xd6, - 0x62, 0x8a, 0x6b, 0x07, 0x63, 0x09, 0x3d, 0x83, 0xcd, 0xe2, 0xa0, 0x87, 0xde, 0x3e, 0x76, 0xb2, - 0x6a, 0x5d, 0x39, 0x0e, 0x6a, 0xc4, 0xf2, 0xe3, 0xdd, 0xbf, 0xbc, 0xd8, 0xd2, 0xfe, 0xfa, 0x62, - 0x4b, 0xfb, 0xc7, 0x8b, 0x2d, 0xed, 0xfb, 0xd7, 0x5f, 0xf2, 0xeb, 0xa2, 0xd4, 0x0f, 0x96, 0x30, - 0xb5, 0x2d, 0xc7, 0x26, 0x2e, 0xeb, 0x56, 0x85, 0xbf, 0x5d, 0xff, 0x77, 0x00, 0x00, 0x00, 0xff, - 0xff, 0x0e, 0xc8, 0x27, 0xc7, 0xcf, 0x24, 0x00, 0x00, + // 2285 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5a, 0x5f, 0x73, 0x1b, 0x49, + 0x11, 0xf7, 0x4a, 0xb2, 0x2c, 0xb5, 0x1d, 0x5b, 0x9e, 0x24, 0xce, 0x46, 0x97, 0xb8, 0x7c, 0x0b, + 0x49, 0xe5, 0x92, 0x3b, 0xa9, 0xe2, 0xd4, 0x5d, 0x20, 0x77, 0x1c, 0xe5, 0xcb, 0x25, 0x76, 0x2e, + 0x71, 0x62, 0x36, 0x39, 0xa8, 0x40, 0x80, 0x1a, 0xad, 0x46, 0xd2, 0x9e, 0x56, 0xbb, 0x93, 0xdd, + 0x59, 0x1f, 0x4a, 0x15, 0x4f, 0x50, 0x7c, 0x04, 0x1e, 0x78, 0xe5, 0x0b, 0x50, 0x45, 0x51, 0x3c, + 0xf2, 0x40, 0xf1, 0xe7, 0x91, 0xe2, 0x0b, 0x40, 0xe5, 0x85, 0x2a, 0x3e, 0x05, 0x35, 0x7f, 0xf6, + 0xaf, 0x56, 0x8a, 0x0f, 0x39, 0x3e, 0xb8, 0x17, 0x7b, 0xa7, 0x67, 0xa6, 0xbb, 0xa7, 0xa7, 0xbb, + 0xe7, 0xd7, 0x33, 0x82, 0xcb, 0x3e, 0xa1, 0x5e, 0x40, 0xfc, 0x43, 0xe2, 0xb7, 0xc5, 0xa7, 0xcd, + 0x3c, 0x7f, 0x9c, 0xfa, 0x6c, 0x51, 0xdf, 0x63, 0x1e, 0x82, 0x84, 0xd2, 0x7c, 0xd0, 0xb7, 0xd9, + 0x20, 0xec, 0xb4, 0x2c, 0x6f, 0xd4, 0xc6, 0x7e, 0xdf, 0xa3, 0xbe, 0xf7, 0x99, 0xf8, 0x78, 0xc7, + 0xea, 0xb6, 0x0f, 0xb7, 0xdb, 0x74, 0xd8, 0x6f, 0x63, 0x6a, 0x07, 0x6d, 0x4c, 0xa9, 0x63, 0x5b, + 0x98, 0xd9, 0x9e, 0xdb, 0x3e, 0xbc, 0x8e, 0x1d, 0x3a, 0xc0, 0xd7, 0xdb, 0x7d, 0xe2, 0x12, 0x1f, + 0x33, 0xd2, 0x95, 0x9c, 0x9b, 0x6f, 0xf4, 0x3d, 0xaf, 0xef, 0x90, 0xb6, 0x68, 0x75, 0xc2, 0x5e, + 0x9b, 0x8c, 0x28, 0x53, 0x62, 0x8d, 0x7f, 0xaf, 0xc0, 0xda, 0x3e, 0x76, 0xed, 0x1e, 0x09, 0x98, + 0x49, 0x9e, 0x87, 0x24, 0x60, 0xe8, 0x19, 0x54, 0xb8, 0x32, 0xba, 0xb6, 0xa5, 0x5d, 0x59, 0xde, + 0xde, 0x6b, 0x25, 0xda, 0xb4, 0x22, 0x6d, 0xc4, 0xc7, 0x8f, 0xad, 0x6e, 0xeb, 0x70, 0xbb, 0x45, + 0x87, 0xfd, 0x16, 0xd7, 0xa6, 0x95, 0xd2, 0xa6, 0x15, 0x69, 0xd3, 0x32, 0xe3, 0x65, 0x99, 0x82, + 0x2b, 0x6a, 0x42, 0xcd, 0x27, 0x87, 0x76, 0x60, 0x7b, 0xae, 0x5e, 0xda, 0xd2, 0xae, 0xd4, 0xcd, + 0xb8, 0x8d, 0x74, 0x58, 0x72, 0xbd, 0xdb, 0xd8, 0x1a, 0x10, 0xbd, 0xbc, 0xa5, 0x5d, 0xa9, 0x99, + 0x51, 0x13, 0x6d, 0xc1, 0x32, 0xa6, 0xf4, 0x01, 0xee, 0x10, 0xe7, 0x3e, 0x19, 0xeb, 0x15, 0x31, + 0x31, 0x4d, 0xe2, 0x73, 0x31, 0xa5, 0x0f, 0xf1, 0x88, 0xe8, 0x8b, 0xa2, 0x37, 0x6a, 0xa2, 0x0b, + 0x50, 0x77, 0xf1, 0x88, 0x04, 0x14, 0x5b, 0x44, 0xaf, 0x89, 0xbe, 0x84, 0x80, 0x7e, 0x0a, 0xeb, + 0x29, 0xc5, 0x1f, 0x7b, 0xa1, 0x6f, 0x11, 0x1d, 0xc4, 0xd2, 0x1f, 0xcd, 0xb7, 0xf4, 0x9d, 0x3c, + 0x5b, 0x73, 0x52, 0x12, 0xfa, 0x11, 0x2c, 0x8a, 0x9d, 0xd7, 0x97, 0xb7, 0xca, 0xc7, 0x6a, 0x6d, + 0xc9, 0x16, 0xb9, 0xb0, 0x44, 0x9d, 0xb0, 0x6f, 0xbb, 0x81, 0xbe, 0x22, 0x24, 0x3c, 0x99, 0x4f, + 0xc2, 0x6d, 0xcf, 0xed, 0xd9, 0xfd, 0x7d, 0xec, 0xe2, 0x3e, 0x19, 0x11, 0x97, 0x1d, 0x08, 0xe6, + 0x66, 0x24, 0x04, 0xbd, 0x80, 0xc6, 0x30, 0x0c, 0x98, 0x37, 0xb2, 0x5f, 0x90, 0x47, 0x94, 0xcf, + 0x0d, 0xf4, 0x53, 0xc2, 0x9a, 0x0f, 0xe7, 0x13, 0x7c, 0x3f, 0xc7, 0xd5, 0x9c, 0x90, 0xc3, 0x9d, + 0x64, 0x18, 0x76, 0xc8, 0x77, 0x89, 0x2f, 0xbc, 0x6b, 0x55, 0x3a, 0x49, 0x8a, 0x24, 0xdd, 0xc8, + 0x56, 0xad, 0x40, 0x5f, 0xdb, 0x2a, 0x4b, 0x37, 0x8a, 0x49, 0xe8, 0x0a, 0xac, 0x1d, 0x12, 0xdf, + 0xee, 0x8d, 0x1f, 0xdb, 0x7d, 0x17, 0xb3, 0xd0, 0x27, 0x7a, 0x43, 0xb8, 0x62, 0x9e, 0x8c, 0x46, + 0x70, 0x6a, 0x40, 0x9c, 0x11, 0x37, 0xf9, 0x6d, 0x9f, 0x74, 0x03, 0x7d, 0x5d, 0xd8, 0x77, 0x77, + 0xfe, 0x1d, 0x14, 0xec, 0xcc, 0x2c, 0x77, 0xae, 0x98, 0xeb, 0x99, 0x2a, 0x52, 0x64, 0x8c, 0x20, + 0xa9, 0x58, 0x8e, 0x8c, 0x2e, 0xc3, 0x2a, 0xf3, 0xb1, 0x35, 0xb4, 0xdd, 0xfe, 0x3e, 0x61, 0x03, + 0xaf, 0xab, 0x9f, 0x16, 0x96, 0xc8, 0x51, 0x91, 0x05, 0x88, 0xb8, 0xb8, 0xe3, 0x90, 0xae, 0xf4, + 0xc5, 0x27, 0x63, 0x4a, 0x02, 0xfd, 0x8c, 0x58, 0xc5, 0x8d, 0x56, 0x2a, 0x43, 0xe5, 0x12, 0x44, + 0xeb, 0xce, 0xc4, 0xac, 0x3b, 0x2e, 0xf3, 0xc7, 0x66, 0x01, 0x3b, 0x34, 0x84, 0x65, 0xbe, 0x8e, + 0xc8, 0x15, 0xce, 0x0a, 0x57, 0xb8, 0x37, 0x9f, 0x8d, 0xf6, 0x12, 0x86, 0x66, 0x9a, 0x3b, 0x6a, + 0x01, 0x1a, 0xe0, 0x60, 0x3f, 0x74, 0x98, 0x4d, 0x1d, 0x22, 0xd5, 0x08, 0xf4, 0x0d, 0x61, 0xa6, + 0x82, 0x1e, 0x74, 0x1f, 0xc0, 0x27, 0xbd, 0x68, 0xdc, 0x39, 0xb1, 0xf2, 0x6b, 0xb3, 0x56, 0x6e, + 0xc6, 0xa3, 0xe5, 0x8a, 0x53, 0xd3, 0xb9, 0x70, 0xbe, 0x0c, 0x62, 0x31, 0x15, 0xed, 0x22, 0xac, + 0x75, 0xe1, 0x62, 0x05, 0x3d, 0xdc, 0x17, 0x15, 0x55, 0x24, 0xad, 0xf3, 0xd2, 0x5b, 0x53, 0xa4, + 0xe6, 0x1d, 0x38, 0x37, 0xc5, 0xd4, 0xa8, 0x01, 0xe5, 0x21, 0x19, 0x8b, 0x14, 0x5d, 0x37, 0xf9, + 0x27, 0x3a, 0x03, 0x8b, 0x87, 0xd8, 0x09, 0x89, 0x48, 0xaa, 0x35, 0x53, 0x36, 0x6e, 0x95, 0xbe, + 0xa1, 0x35, 0x7f, 0xa1, 0xc1, 0x5a, 0x4e, 0xf1, 0x82, 0xf9, 0x3f, 0x4c, 0xcf, 0x3f, 0x06, 0x37, + 0xee, 0x3d, 0xc1, 0x7e, 0x9f, 0xb0, 0x94, 0x22, 0xc6, 0xdf, 0x35, 0xd0, 0x73, 0x16, 0xfd, 0x9e, + 0xcd, 0x06, 0x77, 0x6d, 0x87, 0x04, 0xe8, 0x26, 0x2c, 0xf9, 0x92, 0xa6, 0x0e, 0x9e, 0x37, 0x66, + 0x6c, 0xc4, 0xde, 0x82, 0x19, 0x8d, 0x46, 0x1f, 0x42, 0x6d, 0x44, 0x18, 0xee, 0x62, 0x86, 0x95, + 0xee, 0x5b, 0x45, 0x33, 0xb9, 0x94, 0x7d, 0x35, 0x6e, 0x6f, 0xc1, 0x8c, 0xe7, 0xa0, 0x77, 0x61, + 0xd1, 0x1a, 0x84, 0xee, 0x50, 0x1c, 0x39, 0xcb, 0xdb, 0x17, 0xa7, 0x4d, 0xbe, 0xcd, 0x07, 0xed, + 0x2d, 0x98, 0x72, 0xf4, 0x47, 0x55, 0xa8, 0x50, 0xec, 0x33, 0xe3, 0x2e, 0x9c, 0x29, 0x12, 0xc1, + 0xcf, 0x39, 0x6b, 0x40, 0xac, 0x61, 0x10, 0x8e, 0x94, 0x99, 0xe3, 0x36, 0x42, 0x50, 0x09, 0xec, + 0x17, 0xd2, 0xd4, 0x65, 0x53, 0x7c, 0x1b, 0x6f, 0xc1, 0xfa, 0x84, 0x34, 0xbe, 0xa9, 0x52, 0x37, + 0xce, 0x61, 0x45, 0x89, 0x36, 0x42, 0x38, 0xfb, 0x44, 0xd8, 0x22, 0x4e, 0xf6, 0x27, 0x71, 0x72, + 0x1b, 0x7b, 0xb0, 0x91, 0x17, 0x1b, 0x50, 0xcf, 0x0d, 0x08, 0x77, 0x7d, 0x91, 0x1d, 0x6d, 0xd2, + 0x4d, 0x7a, 0x85, 0x16, 0x35, 0xb3, 0xa0, 0xc7, 0xf8, 0x75, 0x09, 0x36, 0x4c, 0x12, 0x78, 0xce, + 0x21, 0x89, 0x52, 0xd7, 0xc9, 0x80, 0x8f, 0x1f, 0x40, 0x19, 0x53, 0xaa, 0xdc, 0xe4, 0xde, 0xb1, + 0x1d, 0xef, 0x26, 0xe7, 0x8a, 0xde, 0x86, 0x75, 0x3c, 0xea, 0xd8, 0xfd, 0xd0, 0x0b, 0x83, 0x68, + 0x59, 0xc2, 0xa9, 0xea, 0xe6, 0x64, 0x07, 0x0f, 0xff, 0x40, 0x44, 0xe4, 0x3d, 0xb7, 0x4b, 0x7e, + 0x22, 0x10, 0x4d, 0xd9, 0x4c, 0x93, 0x0c, 0x0b, 0xce, 0x4d, 0x18, 0x49, 0x19, 0x3c, 0x0d, 0xa2, + 0xb4, 0x1c, 0x88, 0x2a, 0x54, 0xa3, 0x34, 0x45, 0x0d, 0xe3, 0xcf, 0x1a, 0x34, 0x92, 0xe0, 0x52, + 0xec, 0x2f, 0x40, 0x7d, 0xa4, 0x68, 0x81, 0xae, 0x89, 0x0c, 0x96, 0x10, 0xb2, 0x78, 0xaa, 0x94, + 0xc7, 0x53, 0x1b, 0x50, 0x95, 0x70, 0x57, 0x2d, 0x5d, 0xb5, 0x32, 0x2a, 0x57, 0x72, 0x2a, 0x6f, + 0x02, 0x04, 0x71, 0x86, 0xd3, 0xab, 0xa2, 0x37, 0x45, 0x41, 0x06, 0xac, 0xc8, 0xd3, 0xd7, 0x24, + 0x41, 0xe8, 0x30, 0x7d, 0x49, 0x8c, 0xc8, 0xd0, 0x0c, 0x0f, 0xd6, 0x1e, 0xd8, 0x7c, 0x0d, 0xbd, + 0xe0, 0x64, 0xc2, 0xe1, 0x3d, 0xa8, 0x70, 0x61, 0x7c, 0x61, 0x1d, 0x1f, 0xbb, 0xd6, 0x80, 0x44, + 0xb6, 0x8a, 0xdb, 0x3c, 0xd0, 0x19, 0xee, 0x07, 0x7a, 0x49, 0xd0, 0xc5, 0xb7, 0xf1, 0xfb, 0x92, + 0xd4, 0x74, 0x87, 0xd2, 0xe0, 0xcb, 0x87, 0xdc, 0xc5, 0x20, 0xa0, 0x3c, 0x09, 0x02, 0x72, 0x2a, + 0x7f, 0x11, 0x10, 0x70, 0x4c, 0x07, 0x99, 0x11, 0xc2, 0xd2, 0x0e, 0xa5, 0x5c, 0x11, 0x74, 0x1d, + 0x2a, 0x98, 0x52, 0x69, 0xf0, 0x5c, 0xce, 0x56, 0x43, 0xf8, 0x7f, 0xa5, 0x92, 0x18, 0xda, 0xbc, + 0x09, 0xf5, 0x98, 0xf4, 0x2a, 0xb1, 0xf5, 0xb4, 0xd8, 0x2d, 0x00, 0x89, 0x72, 0xef, 0xb9, 0x3d, + 0x8f, 0x6f, 0x29, 0x77, 0x76, 0x35, 0x55, 0x7c, 0x1b, 0xb7, 0xa2, 0x11, 0x42, 0xb7, 0xb7, 0x61, + 0xd1, 0x66, 0x64, 0x14, 0x29, 0xb7, 0x91, 0x56, 0x2e, 0x61, 0x64, 0xca, 0x41, 0xc6, 0x5f, 0x6a, + 0x70, 0x9e, 0xef, 0xd8, 0x63, 0x11, 0x26, 0x3b, 0x94, 0x7e, 0x4c, 0x18, 0xb6, 0x9d, 0xe0, 0x3b, + 0x21, 0xf1, 0xc7, 0xaf, 0xd9, 0x31, 0xfa, 0x50, 0x95, 0x51, 0xa6, 0x32, 0xe2, 0xb1, 0x17, 0x3c, + 0x8a, 0x7d, 0x52, 0xe5, 0x94, 0x5f, 0x4f, 0x95, 0x53, 0x54, 0x75, 0x54, 0x4e, 0xa8, 0xea, 0x98, + 0x5e, 0x78, 0xa6, 0xca, 0xd9, 0x6a, 0xb6, 0x9c, 0x2d, 0x00, 0xf3, 0x4b, 0x47, 0x05, 0xf3, 0xb5, + 0x42, 0x30, 0x3f, 0x2a, 0x8c, 0xe3, 0xba, 0x30, 0xf7, 0xb7, 0xd2, 0x1e, 0x38, 0xd5, 0xd7, 0xe6, + 0x81, 0xf5, 0xf0, 0x5a, 0x61, 0xfd, 0xa7, 0x19, 0x98, 0x2e, 0x0b, 0xe5, 0x77, 0x8f, 0xb6, 0xa6, + 0x19, 0x80, 0xfd, 0x2b, 0x07, 0xaf, 0x7f, 0x2e, 0x50, 0x15, 0xf5, 0x12, 0x1b, 0xc4, 0x07, 0x3a, + 0x3f, 0x87, 0xf8, 0xd1, 0xaa, 0x92, 0x16, 0xff, 0x46, 0xd7, 0xa0, 0xc2, 0x8d, 0xac, 0x60, 0xef, + 0xb9, 0xb4, 0x3d, 0xf9, 0x4e, 0xec, 0x50, 0xfa, 0x98, 0x12, 0xcb, 0x14, 0x83, 0xd0, 0x2d, 0xa8, + 0xc7, 0x8e, 0xaf, 0x22, 0xeb, 0x42, 0x7a, 0x46, 0x1c, 0x27, 0xd1, 0xb4, 0x64, 0x38, 0x9f, 0xdb, + 0xb5, 0x7d, 0x62, 0x09, 0x50, 0xb8, 0x38, 0x39, 0xf7, 0xe3, 0xa8, 0x33, 0x9e, 0x1b, 0x0f, 0x47, + 0xd7, 0xa1, 0x2a, 0x6f, 0x16, 0x44, 0x04, 0x2d, 0x6f, 0x9f, 0x9f, 0x4c, 0xa6, 0xd1, 0x2c, 0x35, + 0xd0, 0xf8, 0x93, 0x06, 0x6f, 0x26, 0x0e, 0x11, 0x45, 0x53, 0x84, 0xcb, 0xbf, 0xfc, 0x13, 0xf7, + 0x32, 0xac, 0x8a, 0x42, 0x20, 0xb9, 0x60, 0x90, 0x77, 0x5d, 0x39, 0xaa, 0xf1, 0x3b, 0x0d, 0x2e, + 0x4d, 0xae, 0xe3, 0xf6, 0x00, 0xfb, 0x2c, 0xde, 0xde, 0x93, 0x58, 0x4b, 0x74, 0xe0, 0x95, 0x92, + 0x03, 0x2f, 0xb3, 0xbe, 0x72, 0x76, 0x7d, 0xc6, 0x1f, 0x4a, 0xb0, 0x9c, 0x72, 0xa0, 0xa2, 0x03, + 0x93, 0x03, 0x3e, 0xe1, 0xb7, 0xa2, 0xf4, 0x13, 0x87, 0x42, 0xdd, 0x4c, 0x51, 0xd0, 0x10, 0x80, + 0x62, 0x1f, 0x8f, 0x08, 0x23, 0x3e, 0xcf, 0xe4, 0x3c, 0xe2, 0xef, 0xcf, 0x9f, 0x5d, 0x0e, 0x22, + 0x9e, 0x66, 0x8a, 0x3d, 0x47, 0xac, 0x42, 0x74, 0xa0, 0xf2, 0xb7, 0x6a, 0xa1, 0xcf, 0x61, 0xb5, + 0x67, 0x3b, 0xe4, 0x20, 0x51, 0xa4, 0x2a, 0x14, 0x79, 0x34, 0xbf, 0x22, 0x77, 0xd3, 0x7c, 0xcd, + 0x9c, 0x18, 0xe3, 0x2a, 0x34, 0xf2, 0xf1, 0xc4, 0x95, 0xb4, 0x47, 0xb8, 0x1f, 0x5b, 0x4b, 0xb5, + 0x0c, 0x04, 0x8d, 0x7c, 0xfc, 0x18, 0xff, 0x28, 0xc1, 0xd9, 0x98, 0xdd, 0x8e, 0xeb, 0x7a, 0xa1, + 0x6b, 0x89, 0xcb, 0xba, 0xc2, 0xbd, 0x38, 0x03, 0x8b, 0xcc, 0x66, 0x4e, 0x0c, 0x7c, 0x44, 0x83, + 0x9f, 0x5d, 0xcc, 0xf3, 0x1c, 0x66, 0x53, 0xb5, 0xc1, 0x51, 0x53, 0xee, 0xfd, 0xf3, 0xd0, 0xf6, + 0x49, 0x57, 0x64, 0x82, 0x9a, 0x19, 0xb7, 0x79, 0x1f, 0x47, 0x35, 0x02, 0xc6, 0x4b, 0x63, 0xc6, + 0x6d, 0xe1, 0xf7, 0x9e, 0xe3, 0x10, 0x8b, 0x9b, 0x23, 0x05, 0xf4, 0x73, 0x54, 0x51, 0x40, 0x30, + 0xdf, 0x76, 0xfb, 0x0a, 0xe6, 0xab, 0x16, 0xd7, 0x13, 0xfb, 0x3e, 0x1e, 0xeb, 0x35, 0x61, 0x00, + 0xd9, 0x40, 0x1f, 0x40, 0x79, 0x84, 0xa9, 0x3a, 0xe8, 0xae, 0x66, 0xb2, 0x43, 0x91, 0x05, 0x5a, + 0xfb, 0x98, 0xca, 0x93, 0x80, 0x4f, 0x6b, 0xbe, 0x07, 0xb5, 0x88, 0xf0, 0x85, 0x20, 0xe1, 0x67, + 0x70, 0x2a, 0x93, 0x7c, 0xd0, 0x53, 0xd8, 0x48, 0x3c, 0x2a, 0x2d, 0x50, 0x81, 0xc0, 0x37, 0x5f, + 0xa9, 0x99, 0x39, 0x85, 0x81, 0xf1, 0x1c, 0xd6, 0xb9, 0xcb, 0x88, 0xc0, 0x3f, 0xa1, 0xd2, 0xe6, + 0x7d, 0xa8, 0xc7, 0x22, 0x0b, 0x7d, 0xa6, 0x09, 0xb5, 0xc3, 0xe8, 0x12, 0x55, 0xd6, 0x36, 0x71, + 0xdb, 0xd8, 0x01, 0x94, 0xd6, 0x57, 0x9d, 0x40, 0xd7, 0xb2, 0xa0, 0xf8, 0x6c, 0xfe, 0xb8, 0x11, + 0xc3, 0x23, 0x4c, 0xfc, 0xdb, 0x12, 0xac, 0xed, 0xda, 0xe2, 0x1e, 0xe4, 0x84, 0x92, 0xdc, 0x55, + 0x68, 0x04, 0x61, 0x67, 0xe4, 0x75, 0x43, 0x87, 0x28, 0x50, 0xa0, 0x4e, 0xfa, 0x09, 0xfa, 0xac, + 0xe4, 0xc7, 0x8d, 0x45, 0x31, 0x1b, 0xa8, 0x0a, 0x57, 0x7c, 0xa3, 0x0f, 0xe0, 0xfc, 0x43, 0xf2, + 0xb9, 0x5a, 0xcf, 0xae, 0xe3, 0x75, 0x3a, 0xb6, 0xdb, 0x8f, 0x84, 0x2c, 0x0a, 0x21, 0xd3, 0x07, + 0x14, 0x41, 0xc5, 0x6a, 0x21, 0x54, 0x34, 0x7e, 0xa6, 0x41, 0x23, 0xb1, 0x9a, 0xb2, 0xfb, 0x4d, + 0x19, 0x1f, 0xd2, 0xea, 0x97, 0xd2, 0x56, 0xcf, 0x0f, 0xfd, 0xef, 0x43, 0x63, 0x25, 0x1d, 0x1a, + 0xff, 0xd2, 0xe0, 0xec, 0xae, 0xcd, 0xa2, 0xa4, 0x64, 0xff, 0xbf, 0xed, 0x60, 0x81, 0xbd, 0x2b, + 0xc5, 0xf6, 0x6e, 0xc1, 0x46, 0x7e, 0xa1, 0xca, 0xe8, 0x67, 0x60, 0x91, 0xef, 0x7c, 0x74, 0x1f, + 0x20, 0x1b, 0xc6, 0x6f, 0xaa, 0x70, 0xf1, 0x53, 0xda, 0xc5, 0x2c, 0xbe, 0xcf, 0xb9, 0xeb, 0xf9, + 0x07, 0xbc, 0xeb, 0x64, 0x2c, 0x94, 0x7b, 0x43, 0x2b, 0xcd, 0x7c, 0x43, 0x2b, 0xcf, 0x78, 0x43, + 0xab, 0x1c, 0xe9, 0x0d, 0x6d, 0xf1, 0xc4, 0xde, 0xd0, 0x26, 0x6b, 0xa4, 0x6a, 0x61, 0x8d, 0xf4, + 0x34, 0x53, 0x47, 0x2c, 0x89, 0x90, 0xf8, 0x66, 0x3a, 0x24, 0x66, 0xee, 0xce, 0xcc, 0xcb, 0xff, + 0xdc, 0xd3, 0x53, 0xed, 0x95, 0x4f, 0x4f, 0xf5, 0xc9, 0xa7, 0xa7, 0xe2, 0xd7, 0x0b, 0x98, 0xfa, + 0x7a, 0x71, 0x19, 0x56, 0x83, 0xb1, 0x6b, 0x91, 0x6e, 0x7c, 0xcb, 0xb7, 0x2c, 0x97, 0x9d, 0xa5, + 0x66, 0xbc, 0x7d, 0x25, 0xe7, 0xed, 0xb1, 0xa7, 0x9e, 0x4a, 0x79, 0xea, 0xff, 0x4e, 0x49, 0xb3, + 0x05, 0x9b, 0xd3, 0xf6, 0x44, 0x86, 0xda, 0xf6, 0x1f, 0x01, 0xd6, 0x13, 0x94, 0xcc, 0xff, 0xda, + 0x16, 0x41, 0x8f, 0xa0, 0xb1, 0xab, 0x9e, 0xc1, 0xa3, 0xcb, 0x4d, 0x34, 0xeb, 0x3d, 0xa1, 0x79, + 0xa1, 0xb8, 0x53, 0x0a, 0x31, 0x16, 0x90, 0x05, 0xe7, 0xf3, 0x0c, 0x93, 0xa7, 0x8b, 0xaf, 0xcf, + 0xe0, 0x1c, 0x8f, 0x7a, 0x95, 0x88, 0x2b, 0x1a, 0x7a, 0x0a, 0xab, 0xd9, 0x0b, 0x76, 0x94, 0x81, + 0x0d, 0x85, 0x77, 0xfe, 0x4d, 0x63, 0xd6, 0x90, 0x58, 0xff, 0x67, 0x7c, 0x43, 0x33, 0x77, 0xc9, + 0xc8, 0xc8, 0x56, 0xd0, 0x45, 0xb7, 0xf1, 0xcd, 0xaf, 0xcd, 0x1c, 0x13, 0x73, 0x7f, 0x1f, 0x6a, + 0xd1, 0xdd, 0x6b, 0xd6, 0xcc, 0xb9, 0x1b, 0xd9, 0x66, 0x23, 0xcb, 0xaf, 0x17, 0x18, 0x0b, 0xe8, + 0x43, 0x39, 0x79, 0x87, 0xd2, 0x82, 0xc9, 0xa9, 0x1b, 0xc7, 0xe6, 0xe9, 0x82, 0x5b, 0x3e, 0x63, + 0x01, 0x7d, 0x1b, 0x96, 0xf9, 0xd7, 0x81, 0x7a, 0x80, 0xde, 0x68, 0xc9, 0xdf, 0x3b, 0xb4, 0xa2, + 0xdf, 0x3b, 0xb4, 0xee, 0x8c, 0x28, 0x1b, 0x37, 0x0b, 0xae, 0xe1, 0x14, 0x83, 0x67, 0x70, 0x6a, + 0x97, 0xb0, 0xa4, 0x6a, 0x46, 0x97, 0x8e, 0x74, 0xb7, 0xd0, 0x34, 0xf2, 0xc3, 0x26, 0x0b, 0x6f, + 0x63, 0x01, 0xfd, 0x52, 0x83, 0xd3, 0xbb, 0x84, 0xe5, 0xeb, 0x50, 0xf4, 0x4e, 0xb1, 0x90, 0x29, + 0xf5, 0x6a, 0xf3, 0xe1, 0xbc, 0xd1, 0x95, 0x65, 0x6b, 0x2c, 0xa0, 0x5f, 0x69, 0x70, 0x2e, 0xa5, + 0x58, 0xba, 0xb0, 0x44, 0xd7, 0x67, 0x2b, 0x57, 0x50, 0x84, 0x36, 0x3f, 0x99, 0xf3, 0x77, 0x05, + 0x29, 0x96, 0xc6, 0x02, 0x3a, 0x10, 0x7b, 0x92, 0xe0, 0x48, 0x74, 0xb1, 0x10, 0x30, 0xc6, 0xd2, + 0x37, 0xa7, 0x75, 0xc7, 0xfb, 0xf0, 0x09, 0x2c, 0xef, 0x12, 0x16, 0x81, 0x9e, 0xac, 0xa7, 0xe5, + 0xb0, 0x66, 0x36, 0x54, 0xf3, 0x38, 0x49, 0x78, 0xcc, 0xba, 0xe4, 0x95, 0x3a, 0xfc, 0xb3, 0xb1, + 0x5a, 0x88, 0x80, 0xb2, 0x1e, 0x53, 0x8c, 0x1d, 0x8c, 0x05, 0xf4, 0x1c, 0x36, 0x8a, 0x93, 0x1e, + 0x7a, 0xeb, 0xc8, 0x87, 0x55, 0xf3, 0xea, 0x51, 0x86, 0x46, 0x22, 0x3f, 0xda, 0xf9, 0xeb, 0xcb, + 0x4d, 0xed, 0x6f, 0x2f, 0x37, 0xb5, 0x7f, 0xbe, 0xdc, 0xd4, 0xbe, 0x7f, 0xe3, 0x15, 0xbf, 0x3f, + 0x4a, 0xfd, 0xa4, 0x09, 0x53, 0xdb, 0x72, 0x6c, 0xe2, 0xb2, 0x4e, 0x55, 0xc4, 0xdb, 0x8d, 0xff, + 0x04, 0x00, 0x00, 0xff, 0xff, 0x0f, 0x5b, 0x4a, 0xde, 0xf1, 0x24, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -3710,6 +3719,11 @@ func (m *ResolveRevisionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.SourceIndex != 0 { + i = encodeVarintRepository(dAtA, i, uint64(m.SourceIndex)) + i-- + dAtA[i] = 0x20 + } if len(m.AmbiguousRevision) > 0 { i -= len(m.AmbiguousRevision) copy(dAtA[i:], m.AmbiguousRevision) @@ -5582,6 +5596,9 @@ func (m *ResolveRevisionRequest) Size() (n int) { if l > 0 { n += 1 + l + sovRepository(uint64(l)) } + if m.SourceIndex != 0 { + n += 1 + sovRepository(uint64(m.SourceIndex)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -7849,6 +7866,25 @@ func (m *ResolveRevisionRequest) Unmarshal(dAtA []byte) error { } m.AmbiguousRevision = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field SourceIndex", wireType) + } + m.SourceIndex = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.SourceIndex |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/reposerver/cache/cache.go b/reposerver/cache/cache.go index 5b15299660ad4..71b8b69a718a7 100644 --- a/reposerver/cache/cache.go +++ b/reposerver/cache/cache.go @@ -354,6 +354,11 @@ func (c *Cache) GetManifests(revision string, appSrc *appv1.ApplicationSource, s // The expected hash matches the actual hash, so remove the hash from the returned value res.CacheEntryHash = "" + if res.ManifestResponse != nil { + // cached manifest response might be reused across different revisions, so we need to assume that the revision is the one we are looking for + res.ManifestResponse.Revision = revision + } + return nil } diff --git a/reposerver/cache/cache_test.go b/reposerver/cache/cache_test.go index 452a9f6e14edb..e1df3138daa08 100644 --- a/reposerver/cache/cache_test.go +++ b/reposerver/cache/cache_test.go @@ -124,11 +124,18 @@ func TestCache_GetManifests(t *testing.T) { assert.Equal(t, ErrCacheMiss, err) }) t.Run("expect cache hit", func(t *testing.T) { - err = cache.GetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil) + err = cache.SetManifests( + "my-revision1", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", + &CachedManifestResponse{ManifestResponse: &apiclient.ManifestResponse{SourceType: "my-source-type", Revision: "my-revision2"}}, nil) assert.NoError(t, err) - assert.Equal(t, &CachedManifestResponse{ManifestResponse: &apiclient.ManifestResponse{SourceType: "my-source-type"}}, value) + + err = cache.GetManifests("my-revision1", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil) + assert.NoError(t, err) + + assert.Equal(t, "my-source-type", value.ManifestResponse.SourceType) + assert.Equal(t, "my-revision1", value.ManifestResponse.Revision) }) - mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1, ExternalGets: 8}) + mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 2, ExternalGets: 8}) } func TestCache_GetAppDetails(t *testing.T) { diff --git a/reposerver/metrics/metrics.go b/reposerver/metrics/metrics.go index 44f3dbd01e1bb..4fd9cde3ba60a 100644 --- a/reposerver/metrics/metrics.go +++ b/reposerver/metrics/metrics.go @@ -13,6 +13,7 @@ import ( type MetricsServer struct { handler http.Handler gitFetchFailCounter *prometheus.CounterVec + gitLsRemoteFailCounter *prometheus.CounterVec gitRequestCounter *prometheus.CounterVec gitRequestHistogram *prometheus.HistogramVec repoPendingRequestsGauge *prometheus.GaugeVec @@ -42,6 +43,15 @@ func NewMetricsServer() *MetricsServer { ) registry.MustRegister(gitFetchFailCounter) + gitLsRemoteFailCounter := prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "argocd_git_lsremote_fail_total", + Help: "Number of git ls-remote requests failures by repo server", + }, + []string{"repo", "revision"}, + ) + registry.MustRegister(gitLsRemoteFailCounter) + gitRequestCounter := prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "argocd_git_request_total", @@ -92,6 +102,7 @@ func NewMetricsServer() *MetricsServer { return &MetricsServer{ handler: promhttp.HandlerFor(registry, promhttp.HandlerOpts{}), gitFetchFailCounter: gitFetchFailCounter, + gitLsRemoteFailCounter: gitLsRemoteFailCounter, gitRequestCounter: gitRequestCounter, gitRequestHistogram: gitRequestHistogram, repoPendingRequestsGauge: repoPendingRequestsGauge, @@ -108,6 +119,10 @@ func (m *MetricsServer) IncGitFetchFail(repo string, revision string) { m.gitFetchFailCounter.WithLabelValues(repo, revision).Inc() } +func (m *MetricsServer) IncGitLsRemoteFail(repo string, revision string) { + m.gitLsRemoteFailCounter.WithLabelValues(repo, revision).Inc() +} + // IncGitRequest increments the git requests counter func (m *MetricsServer) IncGitRequest(repo string, requestType GitRequestType) { m.gitRequestCounter.WithLabelValues(repo, string(requestType)).Inc() diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 83cc149f68c8a..ac738cd513d19 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -112,6 +112,7 @@ type RepoServerInitConstants struct { HelmManifestMaxExtractedSize int64 HelmRegistryMaxIndexSize int64 DisableHelmManifestMaxExtractedSize bool + IncludeHiddenDirectories bool } // NewService returns a new instance of the Manifest service @@ -1000,7 +1001,9 @@ func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoC // finally if repo is OCI and no credentials found, use the first OCI credential matching by hostname // see https://github.com/argoproj/argo-cd/issues/14636 for _, cred := range repositories { - if depURL, err := url.Parse("oci://" + dep.Repo); err == nil && cred.EnableOCI && depURL.Host == cred.Repo { + // if the repo is OCI, don't match the repository URL exactly, but only as a dependent repository prefix just like in the getRepoCredential function + // see https://github.com/argoproj/argo-cd/issues/12436 + if _, err := url.Parse("oci://" + dep.Repo); err == nil && cred.EnableOCI && strings.HasPrefix(dep.Repo, cred.Repo) { repo.Username = cred.Username repo.Password = cred.Password break @@ -2195,7 +2198,7 @@ func populatePluginAppDetails(ctx context.Context, res *apiclient.RepoAppDetails announcement, err := parametersAnnouncementStream.CloseAndRecv() if err != nil { - return fmt.Errorf("failed to get parameter anouncement: %w", err) + return fmt.Errorf("failed to get parameter announcement: %w", err) } res.Plugin = &apiclient.PluginAppSpec{ @@ -2345,6 +2348,7 @@ func (s *Service) newClientResolveRevision(repo *v1alpha1.Repository, revision s } commitSHA, err := gitClient.LsRemote(revision) if err != nil { + s.metricsServer.IncGitLsRemoteFail(gitClient.Root(), revision) return nil, "", err } return gitClient, commitSHA, nil @@ -2512,7 +2516,7 @@ func (s *Service) ResolveRevision(ctx context.Context, q *apiclient.ResolveRevis app := q.App ambiguousRevision := q.AmbiguousRevision var revision string - var source = app.Spec.GetSource() + var source = app.Spec.GetSourcePtrByIndex(int(q.SourceIndex)) if source.IsHelm() { _, revision, err := s.newHelmClientResolveRevision(repo, ambiguousRevision, source.Chart, true) @@ -2530,6 +2534,7 @@ func (s *Service) ResolveRevision(ctx context.Context, q *apiclient.ResolveRevis } revision, err = gitClient.LsRemote(ambiguousRevision) if err != nil { + s.metricsServer.IncGitLsRemoteFail(gitClient.Root(), revision) return &apiclient.ResolveRevisionResponse{Revision: "", AmbiguousRevision: ""}, err } return &apiclient.ResolveRevisionResponse{ @@ -2646,9 +2651,8 @@ func (s *Service) GetGitDirectories(_ context.Context, request *apiclient.GitDir return nil } - fname := entry.Name() - if strings.HasPrefix(fname, ".") { // Skip all folders starts with "." - return filepath.SkipDir + if !s.initConstants.IncludeHiddenDirectories && strings.HasPrefix(entry.Name(), ".") { + return filepath.SkipDir // Skip hidden directory } relativePath, err := filepath.Rel(repoRoot, path) @@ -2707,6 +2711,7 @@ func (s *Service) UpdateRevisionForPaths(_ context.Context, request *apiclient.U syncedRevision, err = gitClient.LsRemote(syncedRevision) if err != nil { + s.metricsServer.IncGitLsRemoteFail(gitClient.Root(), revision) return nil, status.Errorf(codes.Internal, "unable to resolve git revision %s: %v", revision, err) } diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index 253714a72bd50..f715ff8ce4c8c 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -73,6 +73,7 @@ message ResolveRevisionRequest { github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Repository repo = 1; github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.Application app = 2; string ambiguousRevision = 3; + int64 sourceIndex = 4; } // ResolveRevisionResponse diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 34b8088c77d12..14c877d3b42c9 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -205,7 +205,7 @@ func TestGenerateYamlManifestInDir(t *testing.T) { } // update this value if we add/remove manifests - const countOfManifests = 48 + const countOfManifests = 50 res1, err := service.GenerateManifest(context.Background(), &q) @@ -302,7 +302,7 @@ func TestGenerateManifests_K8SAPIResetCache(t *testing.T) { ProjectSourceRepos: []string{"*"}, } - cachedFakeResponse := &apiclient.ManifestResponse{Manifests: []string{"Fake"}} + cachedFakeResponse := &apiclient.ManifestResponse{Manifests: []string{"Fake"}, Revision: mock.Anything} err := service.cache.SetManifests(mock.Anything, &src, q.RefSources, &q, "", "", "", "", &cache.CachedManifestResponse{ManifestResponse: cachedFakeResponse}, nil) assert.NoError(t, err) @@ -653,7 +653,7 @@ func TestInvalidMetadata(t *testing.T) { q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, AppLabelKey: "test", AppName: "invalid-metadata", TrackingMethod: "annotation+label"} _, err := service.GenerateManifest(context.Background(), &q) assert.Error(t, err) - assert.Contains(t, err.Error(), "contains non-string key in the map") + assert.Contains(t, err.Error(), "contains non-string value in the map under key \"invalid\"") } func TestNilMetadataAccessors(t *testing.T) { @@ -3036,9 +3036,9 @@ func Test_populateHelmAppDetails_values_symlinks(t *testing.T) { }) } -func TestGetHelmRepos_OCIDependencies(t *testing.T) { +func TestGetHelmRepos_OCIDependenciesWithHelmRepo(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, HelmRepoCreds: []*argoappv1.RepoCreds{ + q := apiclient.ManifestRequest{Repos: []*argoappv1.Repository{}, ApplicationSource: &src, HelmRepoCreds: []*argoappv1.RepoCreds{ {URL: "example.com", Username: "test", Password: "test", EnableOCI: true}, }} @@ -3051,6 +3051,19 @@ func TestGetHelmRepos_OCIDependencies(t *testing.T) { assert.Equal(t, helmRepos[0].Repo, "example.com/myrepo") } +func TestGetHelmRepos_OCIDependenciesWithRepo(t *testing.T) { + src := argoappv1.ApplicationSource{Path: "."} + q := apiclient.ManifestRequest{Repos: []*argoappv1.Repository{{Repo: "example.com", Username: "test", Password: "test", EnableOCI: true}}, ApplicationSource: &src, HelmRepoCreds: []*argoappv1.RepoCreds{}} + + helmRepos, err := getHelmRepos("./testdata/oci-dependencies", q.Repos, q.HelmRepoCreds) + assert.Nil(t, err) + + assert.Equal(t, len(helmRepos), 1) + assert.Equal(t, helmRepos[0].Username, "test") + assert.Equal(t, helmRepos[0].EnableOci, true) + assert.Equal(t, helmRepos[0].Repo, "example.com/myrepo") +} + func TestGetHelmRepo_NamedRepos(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, Repos: []*argoappv1.Repository{{ @@ -3239,6 +3252,9 @@ func Test_getResolvedValueFiles(t *testing.T) { } } func TestErrorGetGitDirectories(t *testing.T) { + // test not using the cache + root := "./testdata/git-files-dirs" + type fields struct { service *Service } @@ -3265,6 +3281,7 @@ func TestErrorGetGitDirectories(t *testing.T) { s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) + gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(".", nil) paths.On("GetPathIfExists", mock.Anything).Return(".", nil) }, ".") @@ -3322,7 +3339,43 @@ func TestGetGitDirectories(t *testing.T) { }) } +func TestGetGitDirectoriesWithHiddenDirSupported(t *testing.T) { + // test not using the cache + root := "./testdata/git-files-dirs" + s, _, cacheMocks := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { + gitClient.On("Init").Return(nil) + gitClient.On("Fetch", mock.Anything).Return(nil) + gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil) + gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) + gitClient.On("Root").Return(root) + paths.On("GetPath", mock.Anything).Return(root, nil) + paths.On("GetPathIfExists", mock.Anything).Return(root, nil) + }, root) + s.initConstants.IncludeHiddenDirectories = true + dirRequest := &apiclient.GitDirectoriesRequest{ + Repo: &argoappv1.Repository{Repo: "a-url.com"}, + SubmoduleEnabled: false, + Revision: "HEAD", + } + directories, err := s.GetGitDirectories(context.TODO(), dirRequest) + assert.Nil(t, err) + assert.ElementsMatch(t, directories.GetPaths(), []string{"app", "app/bar", "app/foo/bar", "somedir", "app/foo", "app/bar/.hidden"}) + + // do the same request again to use the cache + // we only allow CheckOut to be called once in the mock + directories, err = s.GetGitDirectories(context.TODO(), dirRequest) + assert.Nil(t, err) + assert.ElementsMatch(t, []string{"app", "app/bar", "app/foo/bar", "somedir", "app/foo", "app/bar/.hidden"}, directories.GetPaths()) + cacheMocks.mockCache.AssertCacheCalledTimes(t, &repositorymocks.CacheCallCounts{ + ExternalSets: 1, + ExternalGets: 2, + }) +} + func TestErrorGetGitFiles(t *testing.T) { + // test not using the cache + root := "" + type fields struct { service *Service } @@ -3349,6 +3402,7 @@ func TestErrorGetGitFiles(t *testing.T) { s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) + gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(".", nil) paths.On("GetPathIfExists", mock.Anything).Return(".", nil) }, ".") @@ -3419,6 +3473,9 @@ func TestGetGitFiles(t *testing.T) { } func TestErrorUpdateRevisionForPaths(t *testing.T) { + // test not using the cache + root := "" + type fields struct { service *Service } @@ -3445,6 +3502,7 @@ func TestErrorUpdateRevisionForPaths(t *testing.T) { s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) + gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(".", nil) paths.On("GetPathIfExists", mock.Anything).Return(".", nil) }, ".") @@ -3463,6 +3521,7 @@ func TestErrorUpdateRevisionForPaths(t *testing.T) { gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) + gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(".", nil) paths.On("GetPathIfExists", mock.Anything).Return(".", nil) }, ".") diff --git a/reposerver/server.go b/reposerver/server.go index e1d611801c3ec..5d280329deed3 100644 --- a/reposerver/server.go +++ b/reposerver/server.go @@ -70,13 +70,13 @@ func NewServer(metricsServer *metrics.MetricsServer, cache *reposervercache.Cach serverLog := log.NewEntry(log.StandardLogger()) streamInterceptors := []grpc.StreamServerInterceptor{ - otelgrpc.StreamServerInterceptor(), + otelgrpc.StreamServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.StreamServerInterceptor(serverLog), grpc_prometheus.StreamServerInterceptor, grpc_util.PanicLoggerStreamServerInterceptor(serverLog), } unaryInterceptors := []grpc.UnaryServerInterceptor{ - otelgrpc.UnaryServerInterceptor(), + otelgrpc.UnaryServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258 grpc_logrus.UnaryServerInterceptor(serverLog), grpc_prometheus.UnaryServerInterceptor, grpc_util.PanicLoggerUnaryServerInterceptor(serverLog), diff --git a/resource_customizations/astra.netapp.io/AppVault/health.lua b/resource_customizations/astra.netapp.io/AppVault/health.lua new file mode 100644 index 0000000000000..7490ed2a89fd0 --- /dev/null +++ b/resource_customizations/astra.netapp.io/AppVault/health.lua @@ -0,0 +1,13 @@ +hs = { status = "Progressing", message = "No status available" } +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "available" or obj.status.state == "Available" then + hs.status = "Healthy" + hs.message = obj.kind .. " Available" + elseif obj.status.state == "failed" or obj.status.state == "Failed" then + hs.status = "Degraded" + hs.message = obj.kind .. " Failed" + end + end +end +return hs diff --git a/resource_customizations/astra.netapp.io/AppVault/health_test.yaml b/resource_customizations/astra.netapp.io/AppVault/health_test.yaml new file mode 100644 index 0000000000000..03918c3ecaa56 --- /dev/null +++ b/resource_customizations/astra.netapp.io/AppVault/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Progressing + message: "No status available" + inputPath: testdata/progressing_nostatus.yaml + - healthStatus: + status: Healthy + message: "AppVault Available" + inputPath: testdata/healthy.yaml + - healthStatus: + status: Degraded + message: "AppVault Failed" + inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml new file mode 100644 index 0000000000000..0ece84574b9b2 --- /dev/null +++ b/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml @@ -0,0 +1,23 @@ +apiVersion: astra.netapp.io/v1 +kind: AppVault +metadata: + creationTimestamp: "2024-04-26T14:25:45Z" + generation: 1 + name: astra-gcp-backup-743cfd150129 + namespace: astra-connector + resourceVersion: "12094908" + uid: 12943b68-323a-4e8a-ba78-604da0801d11 +spec: + providerConfig: + bucketName: astra-gcp-backup-743cfd150129 + providerCredentials: + credentials: + valueFromSecret: + key: credentials.json + name: astra-gcp-backup-734ced050128-5rdt4 + providerType: gcp +status: + error: + 'failed to close GCP object "appVault.json" in bucket "astra-gcp-backup-743cfd150129": + googleapi: Error 404: The specified bucket does not exist., notFound' + state: failed diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml new file mode 100644 index 0000000000000..3ea713e8ef74e --- /dev/null +++ b/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml @@ -0,0 +1,21 @@ +apiVersion: astra.netapp.io/v1 +kind: AppVault +metadata: + creationTimestamp: "2024-04-11T21:28:27Z" + generation: 1 + name: astra-gcp-backup-743cfd150129 + namespace: astra-connector + resourceVersion: "70908" + uid: d1b552b2-5d8e-467b-829b-1e6af7240400 +spec: + providerConfig: + bucketName: astra-gcp-backup-743cfd150129 + providerCredentials: + credentials: + valueFromSecret: + key: credentials.json + name: astra-gcp-backup-743cfd150129-5rdt4 + providerType: gcp +status: + state: available + uid: c708262e-3944-49bf-af96-ad1c3eb6cafb diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml new file mode 100644 index 0000000000000..d6987da72c348 --- /dev/null +++ b/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml @@ -0,0 +1,18 @@ +apiVersion: astra.netapp.io/v1 +kind: AppVault +metadata: + creationTimestamp: "2024-04-26T14:25:45Z" + generation: 1 + name: astra-gcp-backup-743cfd150129 + namespace: astra-connector + resourceVersion: "12094608" + uid: 12943b68-323a-4e8a-ba78-604da0801d11 +spec: + providerConfig: + bucketName: astra-gcp-backup-743cfd150129 + providerCredentials: + credentials: + valueFromSecret: + key: credentials.json + name: astra-gcp-backup-734ced050128-5rdt4 + providerType: gcp diff --git a/resource_customizations/astra.netapp.io/Application/health.lua b/resource_customizations/astra.netapp.io/Application/health.lua new file mode 100644 index 0000000000000..967400d8819b0 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Application/health.lua @@ -0,0 +1,17 @@ +hs = { status = "Progressing", message = "No status available" } +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for _, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" and condition.status == "True" then + hs.status = "Healthy" + hs.message = "Astra Application Ready, protectionState: " .. obj.status.protectionState + return hs + elseif condition.type == "Ready" and condition.status == "False" then + hs.status = "Degraded" + hs.message = "Astra Application Degraded, message: " .. condition.message + return hs + end + end + end +end +return hs diff --git a/resource_customizations/astra.netapp.io/Application/health_test.yaml b/resource_customizations/astra.netapp.io/Application/health_test.yaml new file mode 100644 index 0000000000000..d1c2bc9b769cb --- /dev/null +++ b/resource_customizations/astra.netapp.io/Application/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Progressing + message: "No status available" + inputPath: testdata/progressing.yaml + - healthStatus: + status: Healthy + message: "Astra Application Ready, protectionState: protected" + inputPath: testdata/healthy.yaml + - healthStatus: + status: Degraded + message: "Astra Application Degraded, message: namespace wordpress is in terminating state" + inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml new file mode 100644 index 0000000000000..9b25186fa9587 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml @@ -0,0 +1,26 @@ +apiVersion: astra.netapp.io/v1 +kind: Application +metadata: + creationTimestamp: "2024-04-15T20:59:56Z" + finalizers: + - astra.netapp.io/finalizer + generation: 2 + name: wordpress + namespace: astra-connector + resourceVersion: "10484469" + uid: 5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3 +spec: + includedNamespaces: + - labelSelector: {} + namespace: wordpress +status: + conditions: + - lastTransitionTime: "2024-04-24T16:13:26Z" + message: namespace wordpress is in terminating state + reason: Ready + status: "False" + type: Ready + protectionState: partial + protectionStateDetails: + - Active backup schedule missing + - Application unavailable diff --git a/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml new file mode 100644 index 0000000000000..f42f84b1a60ae --- /dev/null +++ b/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml @@ -0,0 +1,24 @@ +apiVersion: astra.netapp.io/v1 +kind: Application +metadata: + creationTimestamp: "2024-04-15T20:46:16Z" + finalizers: + - astra.netapp.io/finalizer + generation: 3 + labels: + argocd.argoproj.io/instance: ghost-demo + name: ghost + namespace: astra-connector + resourceVersion: "3235325" + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 +spec: + includedNamespaces: + - namespace: ghost +status: + conditions: + - lastTransitionTime: "2024-04-15T20:46:16Z" + message: "" + reason: Ready + status: "True" + type: Ready + protectionState: protected diff --git a/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml b/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml new file mode 100644 index 0000000000000..64450c1aebc8a --- /dev/null +++ b/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml @@ -0,0 +1,16 @@ +apiVersion: astra.netapp.io/v1 +kind: Application +metadata: + creationTimestamp: "2024-04-15T20:46:16Z" + finalizers: + - astra.netapp.io/finalizer + generation: 3 + labels: + argocd.argoproj.io/instance: ghost-demo + name: ghost + namespace: astra-connector + resourceVersion: "3235325" + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 +spec: + includedNamespaces: + - namespace: ghost diff --git a/resource_customizations/astra.netapp.io/Backup/health.lua b/resource_customizations/astra.netapp.io/Backup/health.lua new file mode 100644 index 0000000000000..39de4ac74eb68 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Backup/health.lua @@ -0,0 +1,16 @@ +hs = { status = "Progressing", message = "No status available" } +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Completed" then + hs.status = "Healthy" + hs.message = obj.kind .. " Completed" + elseif obj.status.state == "Running" then + hs.status = "Progressing" + hs.message = obj.kind .. " Running" + else + hs.status = "Degraded" + hs.message = obj.status.state + end + end +end +return hs diff --git a/resource_customizations/astra.netapp.io/Backup/health_test.yaml b/resource_customizations/astra.netapp.io/Backup/health_test.yaml new file mode 100644 index 0000000000000..56385a102f681 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Backup/health_test.yaml @@ -0,0 +1,17 @@ +tests: + - healthStatus: + status: Progressing + message: "No status available" + inputPath: testdata/progressing_nostatus.yaml + - healthStatus: + status: Progressing + message: "Backup Running" + inputPath: testdata/progressing_status.yaml + - healthStatus: + status: Healthy + message: "Backup Completed" + inputPath: testdata/healthy.yaml + - healthStatus: + status: Degraded + message: "Failed" + inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml new file mode 100644 index 0000000000000..8dbe9ca86c361 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml @@ -0,0 +1,79 @@ +apiVersion: astra.netapp.io/v1 +kind: Backup +metadata: + creationTimestamp: "2024-04-24T19:54:18Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + name: backup-20240424193746 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + kind: Application + name: ghost + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 + resourceVersion: "10641332" + uid: ad301b6a-6536-4313-89c1-d10ad0275430 +spec: + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost +status: + conditions: + - lastTransitionTime: "2024-04-24T19:54:18Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppOwnerReferenceCreated + - lastTransitionTime: "2024-04-24T19:54:18Z" + message: Successfully reconciled + reason: Done + status: "True" + type: SourceSnapshotExists + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: + "Source snapshot failed with permanent error: reconcile timeout of 1h0m0s + exceeded" + reason: Failed + status: "False" + type: SourceSnapshotCompleted + - lastTransitionTime: "2024-04-24T19:54:18Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: SnapshotAppArchiveCopied + - lastTransitionTime: "2024-04-24T19:54:18Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: PreBackupExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T19:54:18Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: VolumeBackupsCompleted + - lastTransitionTime: "2024-04-24T19:54:18Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: PostBackupExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T19:54:18Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: TemporarySnapshotCleanedUp + - lastTransitionTime: "2024-04-24T19:54:18Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: Completed + - lastTransitionTime: "2024-04-24T19:54:18Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: OnFailurePostBackupExecHooksRunCompleted + error: + "Source snapshot failed with permanent error: reconcile timeout of 1h0m0s + exceeded" + progress: {} + sourceSnapshotName: backup-ad301b6a-6536-4313-89c1-d10ad0275430 + state: Failed diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml new file mode 100644 index 0000000000000..d3f32fbf93d20 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml @@ -0,0 +1,116 @@ +apiVersion: astra.netapp.io/v1 +kind: Backup +metadata: + annotations: + astra.netapp.io/correlationid: 3c492b7e-8b1f-491a-af99-aa3fca9d54cf + created-by-astra-schedule-name: ghost-daily + created-by-astra-schedule-namespace: astra-connector + creationTimestamp: "2024-04-24T01:00:00Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + labels: + created-by-astra-schedule-uid: a2736922-6801-482c-a199-03ef8a3f35d7 + name: daily-a4587-20240424010000 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + kind: Application + name: ghost + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 + resourceVersion: "9965658" + uid: d4b61932-5c8e-4310-82a5-37a0b671aa2d +spec: + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost + snapshotRef: daily-a4587-20240424010000 +status: + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/backups/daily-a4587-20240424010000_d4b61932-5c8e-4310-82a5-37a0b671aa2d + completionTimestamp: "2024-04-24T01:02:30Z" + conditions: + - lastTransitionTime: "2024-04-24T01:00:00Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppOwnerReferenceCreated + - lastTransitionTime: "2024-04-24T01:00:00Z" + message: Successfully reconciled + reason: Done + status: "True" + type: SourceSnapshotExists + - lastTransitionTime: "2024-04-24T01:00:30Z" + message: Successfully reconciled + reason: Done + status: "True" + type: SourceSnapshotCompleted + - lastTransitionTime: "2024-04-24T01:00:33Z" + message: Successfully reconciled + reason: Done + status: "True" + type: SnapshotAppArchiveCopied + - lastTransitionTime: "2024-04-24T01:00:34Z" + message: Successfully reconciled + reason: Done + status: "True" + type: PreBackupExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T01:02:30Z" + message: Successfully reconciled + reason: Done + status: "True" + type: VolumeBackupsCompleted + - lastTransitionTime: "2024-04-24T01:02:30Z" + message: Successfully reconciled + reason: Done + status: "True" + type: PostBackupExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T01:02:30Z" + message: Successfully reconciled + reason: Done + status: "True" + type: TemporarySnapshotCleanedUp + - lastTransitionTime: "2024-04-24T01:02:31Z" + message: Successfully reconciled + reason: Done + status: "True" + type: Completed + - lastTransitionTime: "2024-04-24T01:00:00Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: OnFailurePostBackupExecHooksRunCompleted + postBackupExecHooksRunResults: [] + postSnapshotExecHooksRunResults: [] + preBackupExecHooksRunResults: [] + preSnapshotExecHooksRunResults: [] + progress: + volumeBackups: + - completionTimestamp: "2024-04-24T01:02:30Z" + pvcUid: b9ff9e05-5049-4862-82c6-dea080c2fe0d + resticRepositoryPath: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/ghost_b9ff9e05-5049-4862-82c6-dea080c2fe0d + resticSnapshotID: 5d066ee6e4626ec2e3eff50d766f080ba90b2339df5b9f7baf46c281d0763da6 + resticVolumeBackupCompleted: true + resticVolumeBackupCreated: true + sourceVolumeSnapshot: + name: snapshot-71804332-e19d-42a0-bc02-56bd606b9f66-pvc-b9ff9e05-5049-4862-82c6-dea080c2fe0d + namespace: ghost + volumeSnapshotContentCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vsc-ab718bad-fa67-4159-a761-6d1eb5de5330 + volumeSnapshotCopied: true + volumeSnapshotCopyDeleted: true + volumeSnapshotCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vs-d55f9b97-11e5-4fb7-89c0-a2559eba753d + volumeSnapshotCopyReadyToUse: true + - completionTimestamp: "2024-04-24T01:02:30Z" + pvcUid: 38c468b3-eed6-48f2-b43b-15083dd1c030 + resticRepositoryPath: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_38c468b3-eed6-48f2-b43b-15083dd1c030 + resticSnapshotID: dc601d5db3ed78823b134326c6cc9607f1636530783707eb8cd02a018b244e07 + resticVolumeBackupCompleted: true + resticVolumeBackupCreated: true + sourceVolumeSnapshot: + name: snapshot-71804332-e19d-42a0-bc02-56bd606b9f66-pvc-38c468b3-eed6-48f2-b43b-15083dd1c030 + namespace: ghost + volumeSnapshotContentCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vsc-df43df62-1501-406b-b7ba-90aafcd763d5 + volumeSnapshotCopied: true + volumeSnapshotCopyDeleted: true + volumeSnapshotCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vs-ecf680cf-1665-4320-9f84-c99911b48a2b + volumeSnapshotCopyReadyToUse: true + sourceSnapshotName: daily-a4587-20240424010000 + state: Completed diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml new file mode 100644 index 0000000000000..9cc87d827cb11 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml @@ -0,0 +1,26 @@ +apiVersion: astra.netapp.io/v1 +kind: Backup +metadata: + annotations: + astra.netapp.io/correlationid: 3c492b7e-8b1f-491a-af99-aa3fca9d54cf + created-by-astra-schedule-name: ghost-daily + created-by-astra-schedule-namespace: astra-connector + creationTimestamp: "2024-04-24T01:00:00Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + labels: + created-by-astra-schedule-uid: a2736922-6801-482c-a199-03ef8a3f35d7 + name: daily-a4587-20240424010000 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + kind: Application + name: ghost + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 + resourceVersion: "9965658" + uid: d4b61932-5c8e-4310-82a5-37a0b671aa2d +spec: + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost + snapshotRef: daily-a4587-20240424010000 diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml new file mode 100644 index 0000000000000..38477b5a3f02c --- /dev/null +++ b/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml @@ -0,0 +1,76 @@ +apiVersion: astra.netapp.io/v1 +kind: Backup +metadata: + annotations: + astra.netapp.io/correlationid: cd272631-d0a8-4a61-9cde-6a7202074051 + creationTimestamp: "2024-04-24T19:39:34Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + name: backup-20240424193745 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + kind: Application + name: ghost + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 + resourceVersion: "10599529" + uid: fea5520e-553c-400d-8539-e9d2bbe5b762 +spec: + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost +status: + conditions: + - lastTransitionTime: "2024-04-24T19:39:34Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppOwnerReferenceCreated + - lastTransitionTime: "2024-04-24T19:39:34Z" + message: Successfully reconciled + reason: Done + status: "True" + type: SourceSnapshotExists + - lastTransitionTime: "2024-04-24T19:39:34Z" + message: Waiting for source Snapshot to complete + reason: Waiting + status: "False" + type: SourceSnapshotCompleted + - lastTransitionTime: "2024-04-24T19:39:34Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: SnapshotAppArchiveCopied + - lastTransitionTime: "2024-04-24T19:39:34Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: PreBackupExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T19:39:34Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: VolumeBackupsCompleted + - lastTransitionTime: "2024-04-24T19:39:34Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: PostBackupExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T19:39:34Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: TemporarySnapshotCleanedUp + - lastTransitionTime: "2024-04-24T19:39:34Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: Completed + - lastTransitionTime: "2024-04-24T19:39:34Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: OnFailurePostBackupExecHooksRunCompleted + progress: {} + sourceSnapshotName: backup-fea5520e-553c-400d-8539-e9d2bbe5b762 + state: Running diff --git a/resource_customizations/astra.netapp.io/ExecHook/health.lua b/resource_customizations/astra.netapp.io/ExecHook/health.lua new file mode 100644 index 0000000000000..6d7389ccf0704 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ExecHook/health.lua @@ -0,0 +1,13 @@ +hs = { status = "Progressing", message = "No status available" } +if obj.spec ~= nil then + if obj.spec.enabled ~= nil then + if obj.spec.enabled == true then + hs.status = "Healthy" + hs.message = obj.kind .. " enabled" + elseif obj.spec.enabled == false then + hs.status = "Suspended" + hs.message = obj.kind .. " disabled" + end + end +end +return hs diff --git a/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml b/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml new file mode 100644 index 0000000000000..abe46b3f6714e --- /dev/null +++ b/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml @@ -0,0 +1,13 @@ +tests: + - healthStatus: + status: Progressing + message: "No status available" + inputPath: testdata/progressing_nostatus.yaml + - healthStatus: + status: Healthy + message: "ExecHook enabled" + inputPath: testdata/healthy.yaml + - healthStatus: + status: Suspended + message: "ExecHook disabled" + inputPath: testdata/suspended.yaml diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml new file mode 100644 index 0000000000000..fd0e7ad1af15b --- /dev/null +++ b/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml @@ -0,0 +1,23 @@ +apiVersion: astra.netapp.io/v1 +kind: ExecHook +metadata: + creationTimestamp: "2024-04-25T14:17:52Z" + generation: 1 + labels: + argocd.argoproj.io/instance: ghost-demo + name: pre-snapshot + namespace: astra-connector + resourceVersion: "11239151" + uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 +spec: + action: snapshot + applicationRef: ghost + arguments: + - pre + enabled: true + hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCmV4aXQgMA== + matchingCriteria: + - type: containerImage + value: mysql + stage: pre + timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml new file mode 100644 index 0000000000000..ba5af3f288bf4 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml @@ -0,0 +1,22 @@ +apiVersion: astra.netapp.io/v1 +kind: ExecHook +metadata: + creationTimestamp: "2024-04-25T14:17:52Z" + generation: 3 + labels: + argocd.argoproj.io/instance: ghost-demo + name: pre-snapshot + namespace: astra-connector + resourceVersion: "11342335" + uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 +spec: + action: snapshot + applicationRef: ghost + arguments: + - pre + hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCnNsZWVwIDMwMApleGl0IDA= + matchingCriteria: + - type: containerImage + value: mysql + stage: pre + timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml new file mode 100644 index 0000000000000..607b3df616164 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml @@ -0,0 +1,23 @@ +apiVersion: astra.netapp.io/v1 +kind: ExecHook +metadata: + creationTimestamp: "2024-04-25T14:17:52Z" + generation: 3 + labels: + argocd.argoproj.io/instance: ghost-demo + name: pre-snapshot + namespace: astra-connector + resourceVersion: "11342335" + uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 +spec: + action: snapshot + applicationRef: ghost + arguments: + - pre + enabled: false + hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCnNsZWVwIDMwMApleGl0IDA= + matchingCriteria: + - type: containerImage + value: mysql + stage: pre + timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua b/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua new file mode 100644 index 0000000000000..39de4ac74eb68 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua @@ -0,0 +1,16 @@ +hs = { status = "Progressing", message = "No status available" } +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Completed" then + hs.status = "Healthy" + hs.message = obj.kind .. " Completed" + elseif obj.status.state == "Running" then + hs.status = "Progressing" + hs.message = obj.kind .. " Running" + else + hs.status = "Degraded" + hs.message = obj.status.state + end + end +end +return hs diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml new file mode 100644 index 0000000000000..52b629e5e7013 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml @@ -0,0 +1,17 @@ +tests: + - healthStatus: + status: Progressing + message: "No status available" + inputPath: testdata/progressing_nostatus.yaml + - healthStatus: + status: Progressing + message: "ExecHooksRun Running" + inputPath: testdata/progressing_status.yaml + - healthStatus: + status: Healthy + message: "ExecHooksRun Completed" + inputPath: testdata/healthy.yaml + - healthStatus: + status: Degraded + message: "Failed" + inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml new file mode 100644 index 0000000000000..d8822c311f449 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml @@ -0,0 +1,71 @@ +apiVersion: astra.netapp.io/v1 +kind: ExecHooksRun +metadata: + annotations: + astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 + creationTimestamp: "2024-04-25T17:00:50Z" + generation: 1 + name: post-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Snapshot + name: argo-presync-20240425163524 + uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 + resourceVersion: "11335239" + uid: 9bfcda95-2731-47dc-8eb2-6e83ae19da00 +spec: + action: snapshot + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost + completionTimeout: 0s + resourceFilter: {} + stage: post +status: + completionTimestamp: "2024-04-25T17:00:56Z" + conditions: + - lastTransitionTime: "2024-04-25T17:00:50Z" + message: failed to get application archive + reason: Done + status: "False" + type: RetrievedMatchingContainers + - lastTransitionTime: "2024-04-25T17:00:50Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: WaitForReadiness + - lastTransitionTime: "2024-04-25T17:00:56Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: ProcessMatchingContainers + - lastTransitionTime: "2024-04-25T17:00:56Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: ArchiveExecHooksUsed + - lastTransitionTime: "2024-04-25T17:00:56Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: Completed + - lastTransitionTime: "2024-04-25T17:00:50Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: OnFailureArchiveExecHooksUsed + matchingContainers: + - completionTimestamp: "2024-04-25T17:00:56Z" + containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 + containerName: mysql + execHookRef: post-snapshot + execHookUID: 2cafb1b4-2575-426c-8102-29437ebee48b + jobName: ehr-47223ea8dd0115ca18a986c77380aeb3 + namespace: ghost + podName: ghost-mysql-5bfb6bc8f5-stw4w + podUID: 15ddfce0-1565-4574-89a6-80662450aedd + startTimestamp: "2024-04-25T17:00:50Z" + state: Failed diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml new file mode 100644 index 0000000000000..0d237f0eb75a5 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml @@ -0,0 +1,71 @@ +apiVersion: astra.netapp.io/v1 +kind: ExecHooksRun +metadata: + annotations: + astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 + creationTimestamp: "2024-04-25T17:00:50Z" + generation: 1 + name: post-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Snapshot + name: argo-presync-20240425163524 + uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 + resourceVersion: "11335239" + uid: 9bfcda95-2731-47dc-8eb2-6e83ae19da00 +spec: + action: snapshot + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost + completionTimeout: 0s + resourceFilter: {} + stage: post +status: + completionTimestamp: "2024-04-25T17:00:56Z" + conditions: + - lastTransitionTime: "2024-04-25T17:00:50Z" + message: Found 1 matching container/exechook pairs + reason: Done + status: "True" + type: RetrievedMatchingContainers + - lastTransitionTime: "2024-04-25T17:00:50Z" + message: Wait only needed on a restore + reason: Done + status: "True" + type: WaitForReadiness + - lastTransitionTime: "2024-04-25T17:00:56Z" + message: Successfully reconciled + reason: Done + status: "True" + type: ProcessMatchingContainers + - lastTransitionTime: "2024-04-25T17:00:56Z" + message: Successfully reconciled + reason: Done + status: "True" + type: ArchiveExecHooksUsed + - lastTransitionTime: "2024-04-25T17:00:56Z" + message: Successfully reconciled + reason: Done + status: "True" + type: Completed + - lastTransitionTime: "2024-04-25T17:00:50Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: OnFailureArchiveExecHooksUsed + matchingContainers: + - completionTimestamp: "2024-04-25T17:00:56Z" + containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 + containerName: mysql + execHookRef: post-snapshot + execHookUID: 2cafb1b4-2575-426c-8102-29437ebee48b + jobName: ehr-47223ea8dd0115ca18a986c77380aeb3 + namespace: ghost + podName: ghost-mysql-5bfb6bc8f5-stw4w + podUID: 15ddfce0-1565-4574-89a6-80662450aedd + startTimestamp: "2024-04-25T17:00:50Z" + state: Completed diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml new file mode 100644 index 0000000000000..4d3b6704d4d20 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml @@ -0,0 +1,26 @@ +apiVersion: astra.netapp.io/v1 +kind: ExecHooksRun +metadata: + annotations: + astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 + creationTimestamp: "2024-04-25T16:35:34Z" + generation: 1 + name: pre-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Snapshot + name: argo-presync-20240425163524 + uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 + resourceVersion: "11320392" + uid: 064199e2-d540-4628-b4ec-5b417bb85128 +spec: + action: snapshot + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 + appVaultRef: astra-gcp-backup-734ced050128 + applicationRef: ghost + completionTimeout: 0s + resourceFilter: {} + stage: pre diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml new file mode 100644 index 0000000000000..44578700d61dd --- /dev/null +++ b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml @@ -0,0 +1,69 @@ +apiVersion: astra.netapp.io/v1 +kind: ExecHooksRun +metadata: + annotations: + astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 + creationTimestamp: "2024-04-25T16:35:34Z" + generation: 1 + name: pre-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Snapshot + name: argo-presync-20240425163524 + uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 + resourceVersion: "11320407" + uid: 064199e2-d540-4628-b4ec-5b417bb85128 +spec: + action: snapshot + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost + completionTimeout: 0s + resourceFilter: {} + stage: pre +status: + conditions: + - lastTransitionTime: "2024-04-25T16:35:34Z" + message: Found 1 matching container/exechook pairs + reason: Done + status: "True" + type: RetrievedMatchingContainers + - lastTransitionTime: "2024-04-25T16:35:34Z" + message: Wait only needed on a restore + reason: Done + status: "True" + type: WaitForReadiness + - lastTransitionTime: "2024-04-25T16:35:34Z" + message: Waiting + reason: Waiting + status: "False" + type: ProcessMatchingContainers + - lastTransitionTime: "2024-04-25T16:35:34Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: ArchiveExecHooksUsed + - lastTransitionTime: "2024-04-25T16:35:34Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: Completed + - lastTransitionTime: "2024-04-25T16:35:34Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: OnFailureArchiveExecHooksUsed + matchingContainers: + - containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 + containerName: mysql + execHookRef: pre-snapshot + execHookUID: 105679e3-4acc-4618-a3c2-53e0e5949f65 + jobName: ehr-ea0e89c8221790b54e94b4ac937aeac2 + namespace: ghost + podName: ghost-mysql-5bfb6bc8f5-stw4w + podUID: 15ddfce0-1565-4574-89a6-80662450aedd + startTimestamp: "2024-04-25T16:35:34Z" + state: Running diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/health.lua b/resource_customizations/astra.netapp.io/ResourceBackup/health.lua new file mode 100644 index 0000000000000..39de4ac74eb68 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResourceBackup/health.lua @@ -0,0 +1,16 @@ +hs = { status = "Progressing", message = "No status available" } +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Completed" then + hs.status = "Healthy" + hs.message = obj.kind .. " Completed" + elseif obj.status.state == "Running" then + hs.status = "Progressing" + hs.message = obj.kind .. " Running" + else + hs.status = "Degraded" + hs.message = obj.status.state + end + end +end +return hs diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml new file mode 100644 index 0000000000000..21668ca2006eb --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml @@ -0,0 +1,17 @@ +tests: + - healthStatus: + status: Progressing + message: "No status available" + inputPath: testdata/progressing_nostatus.yaml + - healthStatus: + status: Progressing + message: "ResourceBackup Running" + inputPath: testdata/progressing_status.yaml + - healthStatus: + status: Healthy + message: "ResourceBackup Completed" + inputPath: testdata/healthy.yaml + - healthStatus: + status: Degraded + message: "Error" + inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml new file mode 100644 index 0000000000000..dc8bcd087f06c --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml @@ -0,0 +1,52 @@ +apiVersion: astra.netapp.io/v1 +kind: ResourceBackup +metadata: + annotations: + astra.netapp.io/correlationid: 6094b54d-b02b-475a-b5db-136729841240 + creationTimestamp: "2024-04-24T19:54:19Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + name: snapshot-7b0d4f5e-53d0-4742-adec-15ef5d527865 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Snapshot + name: backup-ad301b6a-6536-4313-89c1-d10ad0275430 + uid: 7b0d4f5e-53d0-4742-adec-15ef5d527865 + resourceVersion: "10608354" + uid: 9f8505a1-29ac-4755-92b5-536e6d825c35 +spec: + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424195419_backup-ad301b6a-6536-4313-89c1-d10ad0275430_7b0d4f5e-53d0-4742-adec-15ef5d527865 + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost +status: + conditions: + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppOwnerReferenceCreated + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: + 'unable to fetch appVault: AppVault.astra.netapp.io "astra-gcp-backup-743cfd150129" + not found' + reason: Error + status: "False" + type: JobCreated + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: JobCompleted + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: JobCleanedUp + error: + 'unable to fetch appVault: AppVault.astra.netapp.io "astra-gcp-backup-743cfd150129" + not found' + state: Error diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml new file mode 100644 index 0000000000000..047ccbf583b5a --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml @@ -0,0 +1,49 @@ +apiVersion: astra.netapp.io/v1 +kind: ResourceBackup +metadata: + annotations: + astra.netapp.io/correlationid: 5b89a58c-9b7c-42e8-b426-c8f863e88f41 + creationTimestamp: "2024-04-18T02:00:00Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + name: snapshot-0b1c9d28-33bd-45ce-b75b-2a45721e7218 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Snapshot + name: daily-02c95-20240418020000 + uid: 0b1c9d28-33bd-45ce-b75b-2a45721e7218 + resourceVersion: "5060306" + uid: 28c08689-2f8d-4b1e-bfa4-ac8c8795adff +spec: + appArchivePath: wordpress_5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3/snapshots/20240418020000_daily-02c95-20240418020000_0b1c9d28-33bd-45ce-b75b-2a45721e7218 + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: wordpress +status: + appArchivePath: wordpress_5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3/snapshots/20240418020000_daily-02c95-20240418020000_0b1c9d28-33bd-45ce-b75b-2a45721e7218 + completionTimestamp: "2024-04-18T02:00:09Z" + conditions: + - lastTransitionTime: "2024-04-18T02:00:00Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppOwnerReferenceCreated + - lastTransitionTime: "2024-04-18T02:00:00Z" + message: Successfully reconciled + reason: Done + status: "True" + type: JobCreated + - lastTransitionTime: "2024-04-18T02:00:09Z" + message: Successfully reconciled + reason: Done + status: "True" + type: JobCompleted + - lastTransitionTime: "2024-04-18T02:00:10Z" + message: Successfully reconciled + reason: Done + status: "True" + type: JobCleanedUp + state: Completed diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml new file mode 100644 index 0000000000000..e4e5f9f6512d5 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml @@ -0,0 +1,24 @@ +apiVersion: astra.netapp.io/v1 +kind: ResourceBackup +metadata: + annotations: + astra.netapp.io/correlationid: ee3baf3b-c470-486f-a327-47a6eada0722 + creationTimestamp: "2024-04-24T21:30:21Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + name: snapshot-0796d78d-e751-4835-a0d4-be61b9f9076a + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Snapshot + name: argo-presync-20240424213020 + uid: 0796d78d-e751-4835-a0d4-be61b9f9076a + resourceVersion: "10661760" + uid: 6ed660f0-95be-4369-b548-15cb094a44c2 +spec: + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml new file mode 100644 index 0000000000000..ba27f3627f798 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml @@ -0,0 +1,48 @@ +apiVersion: astra.netapp.io/v1 +kind: ResourceBackup +metadata: + annotations: + astra.netapp.io/correlationid: ee3baf3b-c470-486f-a327-47a6eada0722 + creationTimestamp: "2024-04-24T21:30:21Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + name: snapshot-0796d78d-e751-4835-a0d4-be61b9f9076a + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Snapshot + name: argo-presync-20240424213020 + uid: 0796d78d-e751-4835-a0d4-be61b9f9076a + resourceVersion: "10661760" + uid: 6ed660f0-95be-4369-b548-15cb094a44c2 +spec: + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost +status: + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a + conditions: + - lastTransitionTime: "2024-04-24T21:30:21Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppOwnerReferenceCreated + - lastTransitionTime: "2024-04-24T21:30:21Z" + message: Successfully reconciled + reason: Done + status: "True" + type: JobCreated + - lastTransitionTime: "2024-04-24T21:30:21Z" + message: waiting for resource backup job to complete + reason: Waiting + status: "False" + type: JobCompleted + - lastTransitionTime: "2024-04-24T21:30:21Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: JobCleanedUp + state: Running diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua b/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua new file mode 100644 index 0000000000000..39de4ac74eb68 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua @@ -0,0 +1,16 @@ +hs = { status = "Progressing", message = "No status available" } +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Completed" then + hs.status = "Healthy" + hs.message = obj.kind .. " Completed" + elseif obj.status.state == "Running" then + hs.status = "Progressing" + hs.message = obj.kind .. " Running" + else + hs.status = "Degraded" + hs.message = obj.status.state + end + end +end +return hs diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml new file mode 100644 index 0000000000000..2038e85656a2f --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml @@ -0,0 +1,17 @@ +tests: + - healthStatus: + status: Progressing + message: "No status available" + inputPath: testdata/progressing_nostatus.yaml + - healthStatus: + status: Progressing + message: "ResticVolumeBackup Running" + inputPath: testdata/progressing_status.yaml + - healthStatus: + status: Healthy + message: "ResticVolumeBackup Completed" + inputPath: testdata/healthy.yaml + - healthStatus: + status: Degraded + message: "Failed" + inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml new file mode 100644 index 0000000000000..dd1e080791b2a --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml @@ -0,0 +1,99 @@ +apiVersion: astra.netapp.io/v1 +kind: ResticVolumeBackup +metadata: + annotations: + astra.netapp.io/correlationid: 26d34f64-38cc-4775-881d-a2fa12437f4b + creationTimestamp: "2024-04-17T13:50:44Z" + deletionGracePeriodSeconds: 0 + deletionTimestamp: "2024-04-17T14:51:28Z" + finalizers: + - astra.netapp.io/finalizer + generation: 2 + name: backup-8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27-vs-54c8ec7f-42e8-48aa-b347-d4acab7b877b + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Backup + name: hourly-acde9-20240417135000 + uid: 8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27 + resourceVersion: "4675672" + uid: ba90a4f7-a68f-4978-bc04-86902281adc2 +spec: + clonePVC: + metadata: {} + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 100Gi + storageClassName: netapp-cvs-perf-premium + dataSourceRef: + apiGroup: snapshot.storage.k8s.io + kind: VolumeSnapshot + name: backup-8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27-vs-54c8ec7f-42e8-48aa-b347-d4acab7b877b + resticEnv: + - name: GOOGLE_PROJECT_ID + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json + - name: RESTIC_PASSWORD + value: password + resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/ghost_b9ff9e05-5049-4862-82c6-dea080c2fe0d + resticVolumeMounts: + - mount: + mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 + name: secret-astra-gcp-backup-743cfd150129-5rdt4 + readOnly: true + source: + items: + - key: credentials.json + path: credentials.json + secretName: astra-gcp-backup-743cfd150129-5rdt4 +status: + clonePVCName: restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 + clonePVName: "" + conditions: + - lastTransitionTime: "2024-04-17T13:50:44Z" + message: Successfully reconciled + reason: Done + status: "True" + type: SourcePVCExists + - lastTransitionTime: "2024-04-17T13:50:44Z" + message: Successfully reconciled + reason: Done + status: "True" + type: ResticJobCreated + - lastTransitionTime: "2024-04-17T13:50:44Z" + message: + "restic job restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 + failed: permanent error" + reason: Failed + status: "False" + type: ResticJobCompleted + - lastTransitionTime: "2024-04-17T13:50:44Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: ResticJobCleanedUp + - lastTransitionTime: "2024-04-17T13:50:44Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: TemporaryPVCCloneCleanedUp + - lastTransitionTime: "2024-04-17T13:50:44Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: TemporaryPVCloneCleanedUp + - lastTransitionTime: "2024-04-17T13:50:44Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: Completed + error: + "restic job restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 failed: + permanent error" + resticJobName: restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 + state: Failed diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml new file mode 100644 index 0000000000000..55d5fdf49055e --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml @@ -0,0 +1,94 @@ +apiVersion: astra.netapp.io/v1 +kind: ResticVolumeBackup +metadata: + annotations: + astra.netapp.io/correlationid: 2d54c3e9-2b18-4ce9-958e-4c307619e4e7 + creationTimestamp: "2024-04-25T20:30:15Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Backup + name: hourly-acde9-20240425195000 + uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 + resourceVersion: "11460297" + uid: f3424a57-862e-4609-88ce-e534a655a5d6 +spec: + clonePVC: + metadata: {} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: netapp-cvs-perf-premium + dataSourceRef: + apiGroup: snapshot.storage.k8s.io + kind: VolumeSnapshot + name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb + resticEnv: + - name: GOOGLE_PROJECT_ID + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json + - name: RESTIC_PASSWORD + value: password + resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 + resticVolumeMounts: + - mount: + mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 + name: secret-astra-gcp-backup-743cfd150129-5rdt4 + readOnly: true + source: + items: + - key: credentials.json + path: credentials.json + secretName: astra-gcp-backup-743cfd150129-5rdt4 +status: + clonePVCName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 + clonePVName: pvc-90470af6-7d44-4500-80c1-99f925193654 + completionTimestamp: "2024-04-25T20:31:57Z" + conditions: + - lastTransitionTime: "2024-04-25T20:30:15Z" + message: Successfully reconciled + reason: Done + status: "True" + type: SourcePVCExists + - lastTransitionTime: "2024-04-25T20:30:15Z" + message: Successfully reconciled + reason: Done + status: "True" + type: ResticJobCreated + - lastTransitionTime: "2024-04-25T20:30:54Z" + message: Successfully reconciled + reason: Done + status: "True" + type: ResticJobCompleted + - lastTransitionTime: "2024-04-25T20:30:54Z" + message: Successfully reconciled + reason: Done + status: "True" + type: ResticJobCleanedUp + - lastTransitionTime: "2024-04-25T20:30:54Z" + message: Successfully reconciled + reason: Done + status: "True" + type: TemporaryPVCCloneCleanedUp + - lastTransitionTime: "2024-04-25T20:31:57Z" + message: Successfully reconciled + reason: Done + status: "True" + type: TemporaryPVCloneCleanedUp + - lastTransitionTime: "2024-04-25T20:31:57Z" + message: Successfully reconciled + reason: Done + status: "True" + type: Completed + resticJobName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 + resticSnapshotID: 88c5684cf3e0cd73e57d96f11d20b1c6b03c913cf574cb73cb40da95078d6694 + state: Completed diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml new file mode 100644 index 0000000000000..b622e552015f1 --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml @@ -0,0 +1,49 @@ +apiVersion: astra.netapp.io/v1 +kind: ResticVolumeBackup +metadata: + creationTimestamp: "2024-04-25T20:30:15Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Backup + name: hourly-acde9-20240425195000 + uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 + resourceVersion: "11459172" + uid: f3424a57-862e-4609-88ce-e534a655a5d6 +spec: + clonePVC: + metadata: {} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: netapp-cvs-perf-premium + dataSourceRef: + apiGroup: snapshot.storage.k8s.io + kind: VolumeSnapshot + name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb + resticEnv: + - name: GOOGLE_PROJECT_ID + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json + - name: RESTIC_PASSWORD + value: password + resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 + resticVolumeMounts: + - mount: + mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 + name: secret-astra-gcp-backup-743cfd150129-5rdt4 + readOnly: true + source: + items: + - key: credentials.json + path: credentials.json + secretName: astra-gcp-backup-743cfd150129-5rdt4 diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml new file mode 100644 index 0000000000000..e0889bf955fdd --- /dev/null +++ b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml @@ -0,0 +1,92 @@ +apiVersion: astra.netapp.io/v1 +kind: ResticVolumeBackup +metadata: + annotations: + astra.netapp.io/correlationid: 2d54c3e9-2b18-4ce9-958e-4c307619e4e7 + creationTimestamp: "2024-04-25T20:30:15Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Backup + name: hourly-acde9-20240425195000 + uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 + resourceVersion: "11459181" + uid: f3424a57-862e-4609-88ce-e534a655a5d6 +spec: + clonePVC: + metadata: {} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: netapp-cvs-perf-premium + dataSourceRef: + apiGroup: snapshot.storage.k8s.io + kind: VolumeSnapshot + name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb + resticEnv: + - name: GOOGLE_PROJECT_ID + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json + - name: RESTIC_PASSWORD + value: password + resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 + resticVolumeMounts: + - mount: + mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 + name: secret-astra-gcp-backup-743cfd150129-5rdt4 + readOnly: true + source: + items: + - key: credentials.json + path: credentials.json + secretName: astra-gcp-backup-743cfd150129-5rdt4 +status: + clonePVCName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 + clonePVName: "" + conditions: + - lastTransitionTime: "2024-04-25T20:30:15Z" + message: Successfully reconciled + reason: Done + status: "True" + type: SourcePVCExists + - lastTransitionTime: "2024-04-25T20:30:15Z" + message: Successfully reconciled + reason: Done + status: "True" + type: ResticJobCreated + - lastTransitionTime: "2024-04-25T20:30:15Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: ResticJobCompleted + - lastTransitionTime: "2024-04-25T20:30:15Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: ResticJobCleanedUp + - lastTransitionTime: "2024-04-25T20:30:15Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: TemporaryPVCCloneCleanedUp + - lastTransitionTime: "2024-04-25T20:30:15Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: TemporaryPVCloneCleanedUp + - lastTransitionTime: "2024-04-25T20:30:15Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: Completed + resticJobName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 + state: Running diff --git a/resource_customizations/astra.netapp.io/Schedule/health.lua b/resource_customizations/astra.netapp.io/Schedule/health.lua new file mode 100644 index 0000000000000..5d122593e5b08 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Schedule/health.lua @@ -0,0 +1,7 @@ +hs = { status = "Healthy", message = "Protection policy not yet executed" } +if obj.status ~= nil then + if obj.status.lastScheduleTime ~= nil then + hs.message = "Protection policy lastScheduleTime: " .. obj.status.lastScheduleTime + end +end +return hs diff --git a/resource_customizations/astra.netapp.io/Schedule/health_test.yaml b/resource_customizations/astra.netapp.io/Schedule/health_test.yaml new file mode 100644 index 0000000000000..73414e0b58d5a --- /dev/null +++ b/resource_customizations/astra.netapp.io/Schedule/health_test.yaml @@ -0,0 +1,9 @@ +tests: + - healthStatus: + status: Healthy + message: "Protection policy not yet executed" + inputPath: testdata/healthy_nostatus.yaml + - healthStatus: + status: Healthy + message: "Protection policy lastScheduleTime: 2024-04-24T01:00:00Z" + inputPath: testdata/healthy_status.yaml diff --git a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml b/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml new file mode 100644 index 0000000000000..0456fb39fc0f6 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml @@ -0,0 +1,28 @@ +apiVersion: astra.netapp.io/v1 +kind: Schedule +metadata: + creationTimestamp: "2024-04-15T20:46:16Z" + generation: 2 + labels: + argocd.argoproj.io/instance: ghost-demo + name: ghost-monthly + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + kind: Application + name: ghost + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 + resourceVersion: "3231157" + uid: f75ebc6f-627c-4b34-ba36-e64ddc3948e3 +spec: + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost + backupRetention: "1" + dayOfMonth: "1" + dayOfWeek: "" + enabled: true + granularity: monthly + hour: "2" + minute: "0" + recurrenceRule: "" + snapshotRetention: "1" diff --git a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml b/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml new file mode 100644 index 0000000000000..71f99ddf23299 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml @@ -0,0 +1,30 @@ +apiVersion: astra.netapp.io/v1 +kind: Schedule +metadata: + creationTimestamp: "2024-04-15T20:46:16Z" + generation: 2 + labels: + argocd.argoproj.io/instance: ghost-demo + name: ghost-daily + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + kind: Application + name: ghost + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 + resourceVersion: "9963815" + uid: a2736922-6801-482c-a199-03ef8a3f35d7 +spec: + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost + backupRetention: "1" + dayOfMonth: "" + dayOfWeek: "" + enabled: true + granularity: daily + hour: "1" + minute: "0" + recurrenceRule: "" + snapshotRetention: "1" +status: + lastScheduleTime: "2024-04-24T01:00:00Z" diff --git a/resource_customizations/astra.netapp.io/Snapshot/health.lua b/resource_customizations/astra.netapp.io/Snapshot/health.lua new file mode 100644 index 0000000000000..39de4ac74eb68 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Snapshot/health.lua @@ -0,0 +1,16 @@ +hs = { status = "Progressing", message = "No status available" } +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Completed" then + hs.status = "Healthy" + hs.message = obj.kind .. " Completed" + elseif obj.status.state == "Running" then + hs.status = "Progressing" + hs.message = obj.kind .. " Running" + else + hs.status = "Degraded" + hs.message = obj.status.state + end + end +end +return hs diff --git a/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml b/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml new file mode 100644 index 0000000000000..c15b3d8b3a9f0 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml @@ -0,0 +1,17 @@ +tests: + - healthStatus: + status: Progressing + message: "No status available" + inputPath: testdata/progressing_nostatus.yaml + - healthStatus: + status: Progressing + message: "Snapshot Running" + inputPath: testdata/progressing_status.yaml + - healthStatus: + status: Healthy + message: "Snapshot Completed" + inputPath: testdata/healthy.yaml + - healthStatus: + status: Degraded + message: "Failed" + inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml new file mode 100644 index 0000000000000..89851bbe5dc0b --- /dev/null +++ b/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml @@ -0,0 +1,80 @@ +apiVersion: astra.netapp.io/v1 +kind: Snapshot +metadata: + annotations: + astra.netapp.io/correlationid: 6094b54d-b02b-475a-b5db-136729841240 + creationTimestamp: "2024-04-24T19:54:18Z" + finalizers: + - astra.netapp.io/finalizer + generation: 1 + name: backup-ad301b6a-6536-4313-89c1-d10ad0275430 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + blockOwnerDeletion: true + controller: true + kind: Backup + name: backup-20240424193746 + uid: ad301b6a-6536-4313-89c1-d10ad0275430 + - apiVersion: astra.netapp.io/v1 + kind: Application + name: ghost + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 + resourceVersion: "10641329" + uid: 7b0d4f5e-53d0-4742-adec-15ef5d527865 +spec: + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost + completionTimeout: 0s + volumeSnapshotsCreatedTimeout: 0s + volumeSnapshotsReadyToUseTimeout: 0s +status: + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424195419_backup-ad301b6a-6536-4313-89c1-d10ad0275430_7b0d4f5e-53d0-4742-adec-15ef5d527865 + conditions: + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppOwnerReferenceCreated + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppArchivePathNameGenerated + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: reconcile timeout of 1h0m0s exceeded + reason: Timeout + status: "False" + type: ResourceBackupCompleted + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: PreSnapshotExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: VolumeSnapshotsCreated + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: PostSnapshotExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: VolumeSnapshotsReady + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: Completed + - lastTransitionTime: "2024-04-24T19:54:19Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: OnFailurePostSnapshotExecHooksRunCompleted + error: reconcile timeout of 1h0m0s exceeded + state: Failed diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml new file mode 100644 index 0000000000000..7073f9c5147b5 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml @@ -0,0 +1,81 @@ +apiVersion: astra.netapp.io/v1 +kind: Snapshot +metadata: + annotations: + astra.netapp.io/correlationid: 87091676-6489-4c76-8728-6b81bf4936b0 + creationTimestamp: "2024-04-24T14:23:18Z" + finalizers: + - astra.netapp.io/finalizer + generation: 2 + name: argo-presync-20240424142317 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + kind: Application + name: ghost + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 + resourceVersion: "10421471" + uid: 152faab3-0374-4cef-bac9-6e7940b06aa9 +spec: + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost + completionTimeout: 0s + volumeSnapshotsCreatedTimeout: 0s + volumeSnapshotsReadyToUseTimeout: 0s +status: + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424142318_argo-presync-20240424142317_152faab3-0374-4cef-bac9-6e7940b06aa9 + completionTimestamp: "2024-04-24T14:23:43Z" + conditions: + - lastTransitionTime: "2024-04-24T14:23:18Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppOwnerReferenceCreated + - lastTransitionTime: "2024-04-24T14:23:18Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppArchivePathNameGenerated + - lastTransitionTime: "2024-04-24T14:23:30Z" + message: Successfully reconciled + reason: Done + status: "True" + type: ResourceBackupCompleted + - lastTransitionTime: "2024-04-24T14:23:31Z" + message: Successfully reconciled + reason: Done + status: "True" + type: PreSnapshotExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T14:23:41Z" + message: Successfully reconciled + reason: Done + status: "True" + type: VolumeSnapshotsCreated + - lastTransitionTime: "2024-04-24T14:23:42Z" + message: Successfully reconciled + reason: Done + status: "True" + type: PostSnapshotExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T14:23:43Z" + message: Successfully reconciled + reason: Done + status: "True" + type: VolumeSnapshotsReady + - lastTransitionTime: "2024-04-24T14:23:43Z" + message: Successfully reconciled + reason: Done + status: "True" + type: Completed + - lastTransitionTime: "2024-04-24T14:23:18Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: OnFailurePostSnapshotExecHooksRunCompleted + postSnapshotExecHooksRunResults: [] + preSnapshotExecHooksRunResults: [] + state: Completed + volumeSnapshots: + - name: snapshot-152faab3-0374-4cef-bac9-6e7940b06aa9-pvc-b9ff9e05-5049-4862-82c6-dea080c2fe0d + namespace: ghost + - name: snapshot-152faab3-0374-4cef-bac9-6e7940b06aa9-pvc-38c468b3-eed6-48f2-b43b-15083dd1c030 + namespace: ghost diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml new file mode 100644 index 0000000000000..28501e28fd95f --- /dev/null +++ b/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml @@ -0,0 +1,24 @@ +apiVersion: astra.netapp.io/v1 +kind: Snapshot +metadata: + annotations: + astra.netapp.io/correlationid: de2315e9-4733-4733-91a0-1abec5f1e44e + creationTimestamp: "2024-04-24T21:17:04Z" + finalizers: + - astra.netapp.io/finalizer + generation: 2 + name: argo-presync-20240424211703 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + kind: Application + name: ghost + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 + resourceVersion: "10654224" + uid: b200db48-c186-4ae8-9748-1ba7bec23d6d +spec: + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost + completionTimeout: 0s + volumeSnapshotsCreatedTimeout: 0s + volumeSnapshotsReadyToUseTimeout: 0s diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml new file mode 100644 index 0000000000000..08951648c6d74 --- /dev/null +++ b/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml @@ -0,0 +1,73 @@ +apiVersion: astra.netapp.io/v1 +kind: Snapshot +metadata: + annotations: + astra.netapp.io/correlationid: de2315e9-4733-4733-91a0-1abec5f1e44e + creationTimestamp: "2024-04-24T21:17:04Z" + finalizers: + - astra.netapp.io/finalizer + generation: 2 + name: argo-presync-20240424211703 + namespace: astra-connector + ownerReferences: + - apiVersion: astra.netapp.io/v1 + kind: Application + name: ghost + uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 + resourceVersion: "10654224" + uid: b200db48-c186-4ae8-9748-1ba7bec23d6d +spec: + appVaultRef: astra-gcp-backup-743cfd150129 + applicationRef: ghost + completionTimeout: 0s + volumeSnapshotsCreatedTimeout: 0s + volumeSnapshotsReadyToUseTimeout: 0s +status: + appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424211704_argo-presync-20240424211703_b200db48-c186-4ae8-9748-1ba7bec23d6d + conditions: + - lastTransitionTime: "2024-04-24T21:17:04Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppOwnerReferenceCreated + - lastTransitionTime: "2024-04-24T21:17:04Z" + message: Successfully reconciled + reason: Done + status: "True" + type: AppArchivePathNameGenerated + - lastTransitionTime: "2024-04-24T21:17:04Z" + message: Waiting for ResourceBackup to complete + reason: Waiting + status: "False" + type: ResourceBackupCompleted + - lastTransitionTime: "2024-04-24T21:17:04Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: PreSnapshotExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T21:17:04Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: VolumeSnapshotsCreated + - lastTransitionTime: "2024-04-24T21:17:04Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: PostSnapshotExecHooksRunCompleted + - lastTransitionTime: "2024-04-24T21:17:04Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: VolumeSnapshotsReady + - lastTransitionTime: "2024-04-24T21:17:04Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: Completed + - lastTransitionTime: "2024-04-24T21:17:04Z" + message: Not yet reconciled + reason: Pending + status: Unknown + type: OnFailurePostSnapshotExecHooksRunCompleted + state: Running diff --git a/resource_customizations/camel.apache.org/Integration/health.lua b/resource_customizations/camel.apache.org/Integration/health.lua new file mode 100644 index 0000000000000..d2c7494e36bc2 --- /dev/null +++ b/resource_customizations/camel.apache.org/Integration/health.lua @@ -0,0 +1,24 @@ +local hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + -- Let's check if something is wrong with the CRD deployment + if condition.type == "Ready" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + -- Let's check if things are healthy with the CRD deployment + if condition.type == "Ready" and condition.status == "True" then + hs.status = "Healthy" + hs.message = condition.message + return hs + end + end + end +end + +-- Otherwise let's assume that we are still busy building/deploying the Integration +hs.status = "Progressing" +hs.message = "Waiting for Integration" +return hs diff --git a/resource_customizations/camel.apache.org/Integration/health_test.yaml b/resource_customizations/camel.apache.org/Integration/health_test.yaml new file mode 100644 index 0000000000000..44d6fb38f2507 --- /dev/null +++ b/resource_customizations/camel.apache.org/Integration/health_test.yaml @@ -0,0 +1,13 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for Integration" + inputPath: testdata/progressing.yaml +- healthStatus: + status: Healthy + message: "" + inputPath: testdata/healthy.yaml +- healthStatus: + status: Degraded + message: "back-off 40s restarting failed container=integration pod=camelk-example-deployment" + inputPath: testdata/degraded.yaml diff --git a/resource_customizations/camel.apache.org/Integration/testdata/degraded.yaml b/resource_customizations/camel.apache.org/Integration/testdata/degraded.yaml new file mode 100644 index 0000000000000..40b6e69641f04 --- /dev/null +++ b/resource_customizations/camel.apache.org/Integration/testdata/degraded.yaml @@ -0,0 +1,58 @@ +apiVersion: camel.apache.org/v1 +kind: Integration +metadata: + annotations: + camel.apache.org/operator.id: camel-k + generation: 1 + name: camelk-example + namespace: default +spec: + sources: + - content: | + from('timer:tick?period=3000') + .setBody().constant('Hello world from Camel-K') + .to('log:info') + name: camelk-example.groovy + traits: {} +status: + conditions: + - firstTruthyTime: "2024-01-26T16:01:50Z" + lastTransitionTime: "2024-01-26T16:01:50Z" + lastUpdateTime: "2024-01-26T16:01:50Z" + message: camel-k/camel-k + reason: IntegrationPlatformAvailable + status: "True" + type: IntegrationPlatformAvailable + - firstTruthyTime: "2024-01-26T16:01:52Z" + lastTransitionTime: "2024-01-26T16:01:52Z" + lastUpdateTime: "2024-01-26T16:01:52Z" + message: kit-cmkkksgve68c73e60i60 + reason: IntegrationKitAvailable + status: "True" + type: IntegrationKitAvailable + - lastTransitionTime: "2024-01-26T16:01:52Z" + lastUpdateTime: "2024-01-26T16:01:52Z" + message: different controller strategy used (knative-service) + reason: CronJobNotAvailableReason + status: "False" + type: CronJobAvailable + - lastTransitionTime: "2024-01-26T16:01:52Z" + lastUpdateTime: "2024-01-26T16:01:52Z" + message: 'controller strategy: knative-service' + reason: DeploymentAvailable + status: "False" + type: DeploymentAvailable + - firstTruthyTime: "2024-01-26T16:01:52Z" + lastTransitionTime: "2024-01-26T16:01:52Z" + lastUpdateTime: "2024-01-26T16:01:52Z" + message: Knative service name is api-example + reason: KnativeServiceAvailable + status: "True" + type: KnativeServiceAvailable + - lastTransitionTime: "2024-01-26T16:01:52Z" + lastUpdateTime: "2024-01-26T16:02:55Z" + message: back-off 40s restarting failed container=integration pod=camelk-example-deployment + reason: Error + status: "False" + type: Ready + phase: Error diff --git a/resource_customizations/camel.apache.org/Integration/testdata/healthy.yaml b/resource_customizations/camel.apache.org/Integration/testdata/healthy.yaml new file mode 100644 index 0000000000000..6fb5e5e462110 --- /dev/null +++ b/resource_customizations/camel.apache.org/Integration/testdata/healthy.yaml @@ -0,0 +1,58 @@ +apiVersion: camel.apache.org/v1 +kind: Integration +metadata: + annotations: + camel.apache.org/operator.id: camel-k + generation: 1 + name: camelk-example + namespace: default +spec: + sources: + - content: | + from('timer:tick?period=3000') + .setBody().constant('Hello world from Camel-K') + .to('log:info') + name: camelk-example.groovy + traits: {} +status: + conditions: + - firstTruthyTime: "2024-01-26T09:13:16Z" + lastTransitionTime: "2024-01-26T09:13:16Z" + lastUpdateTime: "2024-01-26T09:13:16Z" + message: camel-k/camel-k + reason: IntegrationPlatformAvailable + status: "True" + type: IntegrationPlatformAvailable + - firstTruthyTime: "2024-01-26T09:13:19Z" + lastTransitionTime: "2024-01-26T09:13:19Z" + lastUpdateTime: "2024-01-26T09:13:19Z" + message: kit-cmkkksgve68c73e60i60 + reason: IntegrationKitAvailable + status: "True" + type: IntegrationKitAvailable + - lastTransitionTime: "2024-01-26T09:13:19Z" + lastUpdateTime: "2024-01-26T09:13:19Z" + message: different controller strategy used (knative-service) + reason: CronJobNotAvailableReason + status: "False" + type: CronJobAvailable + - lastTransitionTime: "2024-01-26T09:13:19Z" + lastUpdateTime: "2024-01-26T09:13:19Z" + message: 'controller strategy: knative-service' + reason: DeploymentAvailable + status: "False" + type: DeploymentAvailable + - firstTruthyTime: "2024-01-26T09:13:19Z" + lastTransitionTime: "2024-01-26T09:13:19Z" + lastUpdateTime: "2024-01-26T09:13:19Z" + message: Knative service name is camelk-example + reason: KnativeServiceAvailable + status: "True" + type: KnativeServiceAvailable + - firstTruthyTime: "2024-01-26T09:13:31Z" + lastTransitionTime: "2024-01-26T09:13:31Z" + lastUpdateTime: "2024-01-26T09:13:31Z" + reason: KnativeServiceReady + status: "True" + type: Ready + phase: Running diff --git a/resource_customizations/camel.apache.org/Integration/testdata/progressing.yaml b/resource_customizations/camel.apache.org/Integration/testdata/progressing.yaml new file mode 100644 index 0000000000000..58e7b4af64db6 --- /dev/null +++ b/resource_customizations/camel.apache.org/Integration/testdata/progressing.yaml @@ -0,0 +1,39 @@ +apiVersion: camel.apache.org/v1 +kind: Integration +metadata: + annotations: + camel.apache.org/operator.id: camel-k + generation: 1 + name: camelk-example + namespace: default +spec: + sources: + - content: | + from('timer:tick?period=3000') + .setBody().constant('Hello world from Camel-K') + .to('log:info') + name: camelk-example.groovy + traits: {} +status: + conditions: + - firstTruthyTime: "2024-01-26T09:13:16Z" + lastTransitionTime: "2024-01-26T09:13:16Z" + lastUpdateTime: "2024-01-26T09:13:16Z" + message: camel-k/camel-k + reason: IntegrationPlatformAvailable + status: "True" + type: IntegrationPlatformAvailable + - firstTruthyTime: "2024-01-26T09:13:19Z" + lastTransitionTime: "2024-01-26T09:13:19Z" + lastUpdateTime: "2024-01-26T09:13:19Z" + message: kit-cmkkksgve68c73e60i60 + reason: IntegrationKitAvailable + status: "True" + type: IntegrationKitAvailable + - lastTransitionTime: "2024-01-26T09:13:19Z" + lastUpdateTime: "2024-01-26T09:13:19Z" + message: different controller strategy used (knative-service) + reason: CronJobNotAvailableReason + status: "False" + type: CronJobAvailable + phase: Deploying \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAction/health.lua b/resource_customizations/core.humio.com/HumioAction/health.lua new file mode 100644 index 0000000000000..a99a0eb2e0d59 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAction/health.lua @@ -0,0 +1,30 @@ +hs = { + status = "Progressing", + message = "Update in progress" +} +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Exists" then + hs.status = "Healthy" + hs.message = "Component state: Exists." + end + if obj.status.state == "NotFound" then + hs.status = "Missing" + hs.message = "Component state: NotFound." + end + if obj.status.state == "ConfigError" then + hs.status = "Degraded" + hs.message = "Component state: ConfigError." + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + hs.message = "Component state: Unknown." + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + hs.message = "Component state: Unknown." + end + end + return hs +end +return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAction/health_test.yaml b/resource_customizations/core.humio.com/HumioAction/health_test.yaml new file mode 100644 index 0000000000000..f90baf9bccc9f --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAction/health_test.yaml @@ -0,0 +1,21 @@ +tests: +- healthStatus: + status: Healthy + message: "Component state: Exists." + inputPath: testdata/healthy.yaml +- healthStatus: + status: Missing + message: "Component state: NotFound." + inputPath: testdata/notfound.yaml +- healthStatus: + status: Degraded + message: "Component state: ConfigError." + inputPath: testdata/configerror.yaml +- healthStatus: + status: Unknown + message: "Component state: Unknown." + inputPath: testdata/unknown.yaml +- healthStatus: + status: Progressing + message: "Update in progress" + inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioAction/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioAction/testdata/configerror.yaml new file mode 100644 index 0000000000000..1c986292f21a4 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAction/testdata/configerror.yaml @@ -0,0 +1,23 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioAction +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: test-action-1 + namespace: humio + resourceVersion: '10768054' + uid: f339ddf1-3b3e-49e0-80cc-7f583dce532e +spec: + humioRepositoryProperties: + ingestTokenSource: + secretKeyRef: + key: test-token + name: token + managedClusterName: example-humiocluster + name: trigger_action + viewName: example-1 +status: + state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioAction/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioAction/testdata/healthy.yaml new file mode 100644 index 0000000000000..f6dfeffcf31a5 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAction/testdata/healthy.yaml @@ -0,0 +1,23 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioAction +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: test-action-1 + namespace: humio + resourceVersion: '10768054' + uid: f339ddf1-3b3e-49e0-80cc-7f583dce532e +spec: + humioRepositoryProperties: + ingestTokenSource: + secretKeyRef: + key: test-token + name: token + managedClusterName: example-humiocluster + name: trigger_action + viewName: example-1 +status: + state: Exists \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAction/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioAction/testdata/notfound.yaml new file mode 100644 index 0000000000000..2743fb1b7b54b --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAction/testdata/notfound.yaml @@ -0,0 +1,23 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioAction +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: test-action-1 + namespace: humio + resourceVersion: '10768054' + uid: f339ddf1-3b3e-49e0-80cc-7f583dce532e +spec: + humioRepositoryProperties: + ingestTokenSource: + secretKeyRef: + key: test-token + name: token + managedClusterName: example-humiocluster + name: trigger_action + viewName: example-1 +status: + state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAction/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioAction/testdata/progressing.yaml new file mode 100644 index 0000000000000..8a43ffc4fab01 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAction/testdata/progressing.yaml @@ -0,0 +1,21 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioAction +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: test-action-1 + namespace: humio + resourceVersion: '10768054' + uid: f339ddf1-3b3e-49e0-80cc-7f583dce532e +spec: + humioRepositoryProperties: + ingestTokenSource: + secretKeyRef: + key: test-token + name: token + managedClusterName: example-humiocluster + name: trigger_action + viewName: example-1 \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAction/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioAction/testdata/unknown.yaml new file mode 100644 index 0000000000000..e3ec98cd557b4 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAction/testdata/unknown.yaml @@ -0,0 +1,23 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioAction +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: test-action-1 + namespace: humio + resourceVersion: '10768054' + uid: f339ddf1-3b3e-49e0-80cc-7f583dce532e +spec: + humioRepositoryProperties: + ingestTokenSource: + secretKeyRef: + key: test-token + name: token + managedClusterName: example-humiocluster + name: trigger_action + viewName: example-1 +status: + state: Unknown diff --git a/resource_customizations/core.humio.com/HumioAlert/health.lua b/resource_customizations/core.humio.com/HumioAlert/health.lua new file mode 100644 index 0000000000000..a99a0eb2e0d59 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAlert/health.lua @@ -0,0 +1,30 @@ +hs = { + status = "Progressing", + message = "Update in progress" +} +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Exists" then + hs.status = "Healthy" + hs.message = "Component state: Exists." + end + if obj.status.state == "NotFound" then + hs.status = "Missing" + hs.message = "Component state: NotFound." + end + if obj.status.state == "ConfigError" then + hs.status = "Degraded" + hs.message = "Component state: ConfigError." + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + hs.message = "Component state: Unknown." + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + hs.message = "Component state: Unknown." + end + end + return hs +end +return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAlert/health_test.yaml b/resource_customizations/core.humio.com/HumioAlert/health_test.yaml new file mode 100644 index 0000000000000..f90baf9bccc9f --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAlert/health_test.yaml @@ -0,0 +1,21 @@ +tests: +- healthStatus: + status: Healthy + message: "Component state: Exists." + inputPath: testdata/healthy.yaml +- healthStatus: + status: Missing + message: "Component state: NotFound." + inputPath: testdata/notfound.yaml +- healthStatus: + status: Degraded + message: "Component state: ConfigError." + inputPath: testdata/configerror.yaml +- healthStatus: + status: Unknown + message: "Component state: Unknown." + inputPath: testdata/unknown.yaml +- healthStatus: + status: Progressing + message: "Update in progress" + inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioAlert/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioAlert/testdata/configerror.yaml new file mode 100644 index 0000000000000..043d08d6a2d17 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAlert/testdata/configerror.yaml @@ -0,0 +1,29 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioAlert +metadata: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 3 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-alert-1 + namespace: humio + resourceVersion: '10768150' + uid: eb138512-0661-47c1-a056-0e53f3b5fa1f +spec: + actions: + - move-to-alerts + description: Error counts + labels: + - test-label + managedClusterName: example-humiocluster + name: example-alert + query: + queryString: '#repo = humio | error = true | count() | _count > 0' + start: 24h + silenced: false + throttleTimeMillis: 60000 + viewName: example-view +status: + state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioAlert/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioAlert/testdata/healthy.yaml new file mode 100644 index 0000000000000..c62feb15a2943 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAlert/testdata/healthy.yaml @@ -0,0 +1,29 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioAlert +metadata: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 3 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-alert-1 + namespace: humio + resourceVersion: '10768150' + uid: eb138512-0661-47c1-a056-0e53f3b5fa1f +spec: + actions: + - move-to-alerts + description: Error counts + labels: + - test-label + managedClusterName: example-humiocluster + name: example-alert + query: + queryString: '#repo = humio | error = true | count() | _count > 0' + start: 24h + silenced: false + throttleTimeMillis: 60000 + viewName: example-view +status: + state: Exists \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAlert/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioAlert/testdata/notfound.yaml new file mode 100644 index 0000000000000..f694bf3788e5e --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAlert/testdata/notfound.yaml @@ -0,0 +1,29 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioAlert +metadata: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 3 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-alert-1 + namespace: humio + resourceVersion: '10768150' + uid: eb138512-0661-47c1-a056-0e53f3b5fa1f +spec: + actions: + - move-to-alerts + description: Error counts + labels: + - test-label + managedClusterName: example-humiocluster + name: example-alert + query: + queryString: '#repo = humio | error = true | count() | _count > 0' + start: 24h + silenced: false + throttleTimeMillis: 60000 + viewName: example-view +status: + state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAlert/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioAlert/testdata/progressing.yaml new file mode 100644 index 0000000000000..2740b020a9311 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAlert/testdata/progressing.yaml @@ -0,0 +1,27 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioAlert +metadata: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 3 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-alert-1 + namespace: humio + resourceVersion: '10768150' + uid: eb138512-0661-47c1-a056-0e53f3b5fa1f +spec: + actions: + - move-to-alerts + description: Error counts + labels: + - test-label + managedClusterName: example-humiocluster + name: example-alert + query: + queryString: '#repo = humio | error = true | count() | _count > 0' + start: 24h + silenced: false + throttleTimeMillis: 60000 + viewName: example-view \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAlert/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioAlert/testdata/unknown.yaml new file mode 100644 index 0000000000000..edbf4b3355866 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioAlert/testdata/unknown.yaml @@ -0,0 +1,29 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioAlert +metadata: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 3 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-alert-1 + namespace: humio + resourceVersion: '10768150' + uid: eb138512-0661-47c1-a056-0e53f3b5fa1f +spec: + actions: + - move-to-alerts + description: Error counts + labels: + - test-label + managedClusterName: example-humiocluster + name: example-alert + query: + queryString: '#repo = humio | error = true | count() | _count > 0' + start: 24h + silenced: false + throttleTimeMillis: 60000 + viewName: example-view +status: + state: Unknown diff --git a/resource_customizations/core.humio.com/HumioCluster/health.lua b/resource_customizations/core.humio.com/HumioCluster/health.lua new file mode 100644 index 0000000000000..95a13ce855cec --- /dev/null +++ b/resource_customizations/core.humio.com/HumioCluster/health.lua @@ -0,0 +1,67 @@ + +hs = { + status = "Progressing", + message = "Update in progress" +} + +if obj.status == nil then + hs.status= "Progressing" + if obj.status.message ~= nil then + hs.message = obj.status.message + end +end + +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Running" then + hs.status = "Healthy" + if obj.status.message ~= nil then + hs.message = obj.status.message + else + hs.message = "Cluster is in a healthy running state" + end + end + if obj.status.state == "Restarting" then + hs.status = "Progressing" + if obj.status.message ~= nil then + hs.message = obj.status.message + else + hs.message = "Cluster pods are being restarted" + end + end + if obj.status.state == "Upgrading" then + hs.status = "Progressing" + if obj.status.message ~= nil then + hs.message = obj.status.message + else + hs.message = "Cluster pods are being upgraded" + end + end + if obj.status.state == "ConfigError" then + hs.status = "Degraded" + if obj.status.message ~= nil then + hs.message = obj.status.message + else + hs.message = "User-provided cluster specification resulted in a configuration error" + end + end + if obj.status.state == "Pending" then + hs.status = "Progressing" + if obj.status.message ~= nil then + hs.message = obj.status.message + else + hs.message = "Cluster is waiting on resources to be provisioned" + end + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + if obj.status.message ~= nil then + hs.message = obj.status.message + else + hs.message = "Component state: Unknown." + end + end + end + return hs +end +return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioCluster/health_test.yaml b/resource_customizations/core.humio.com/HumioCluster/health_test.yaml new file mode 100644 index 0000000000000..cb3696d2cff93 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioCluster/health_test.yaml @@ -0,0 +1,29 @@ +tests: +- healthStatus: + status: Healthy + message: "Cluster is in a healthy running state" + inputPath: testdata/healthy.yaml +- healthStatus: + status: Progressing + message: "Cluster pods are being restarted" + inputPath: testdata/restarting.yaml +- healthStatus: + status: Progressing + message: "Cluster pods are being upgraded" + inputPath: testdata/upgrading.yaml +- healthStatus: + status: Progressing + message: "Cluster is waiting on resources to be provisioned" + inputPath: testdata/pending.yaml +- healthStatus: + status: Degraded + message: 'Secret "example-humiocluster-license" not found' + inputPath: testdata/configerror_custom.yaml +- healthStatus: + status: Degraded + message: 'User-provided cluster specification resulted in a configuration error' + inputPath: testdata/configerror.yaml +- healthStatus: + status: Unknown + message: "Component state: Unknown." + inputPath: testdata/unknown.yaml \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/configerror.yaml new file mode 100644 index 0000000000000..0998dd7deac86 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioCluster/testdata/configerror.yaml @@ -0,0 +1,30 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioCluster +metadata: + creationTimestamp: '2022-12-09T05:48:10Z' + generation: 1 + labels: + app: humio + app.kubernetes.io/instance: humio-cluster-failtest + name: example-humiocluster + namespace: failtes +spec: + dataVolumePersistentVolumeClaimSpecTemplate: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: longhorn + digestPartitionsCount: 2 + image: 'humio/humio-core:latest' + license: + secretKeyRef: + key: data + name: example-humiocluster-license + storagePartitionsCount: 2 + targetReplicationFactor: 1 + tls: + enabled: false +status: + state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/configerror_custom.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/configerror_custom.yaml new file mode 100644 index 0000000000000..545b9f33ba4ea --- /dev/null +++ b/resource_customizations/core.humio.com/HumioCluster/testdata/configerror_custom.yaml @@ -0,0 +1,33 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioCluster +metadata: + creationTimestamp: '2022-12-09T05:48:10Z' + generation: 1 + labels: + app: humio + app.kubernetes.io/instance: humio-cluster-failtest + name: example-humiocluster + namespace: failtes +spec: + dataVolumePersistentVolumeClaimSpecTemplate: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: longhorn + digestPartitionsCount: 2 + image: 'humio/humio-core:latest' + license: + secretKeyRef: + key: data + name: example-humiocluster-license + storagePartitionsCount: 2 + targetReplicationFactor: 1 + tls: + enabled: false +status: + licenseStatus: {} + message: Secret "example-humiocluster-license" not found + observedGeneration: '1' + state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/healthy.yaml new file mode 100644 index 0000000000000..4620df81e3159 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioCluster/testdata/healthy.yaml @@ -0,0 +1,30 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioCluster +metadata: + creationTimestamp: '2022-12-09T05:48:10Z' + generation: 1 + labels: + app: humio + app.kubernetes.io/instance: humio-cluster-failtest + name: example-humiocluster + namespace: failtes +spec: + dataVolumePersistentVolumeClaimSpecTemplate: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: longhorn + digestPartitionsCount: 2 + image: 'humio/humio-core:latest' + license: + secretKeyRef: + key: data + name: example-humiocluster-license + storagePartitionsCount: 2 + targetReplicationFactor: 1 + tls: + enabled: false +status: + state: Running diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/pending.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/pending.yaml new file mode 100644 index 0000000000000..9cb591f5e56d9 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioCluster/testdata/pending.yaml @@ -0,0 +1,30 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioCluster +metadata: + creationTimestamp: '2022-12-09T05:48:10Z' + generation: 1 + labels: + app: humio + app.kubernetes.io/instance: humio-cluster-failtest + name: example-humiocluster + namespace: failtes +spec: + dataVolumePersistentVolumeClaimSpecTemplate: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: longhorn + digestPartitionsCount: 2 + image: 'humio/humio-core:latest' + license: + secretKeyRef: + key: data + name: example-humiocluster-license + storagePartitionsCount: 2 + targetReplicationFactor: 1 + tls: + enabled: false +status: + state: Pending diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/progressing.yaml new file mode 100644 index 0000000000000..78a6fd893dd1c --- /dev/null +++ b/resource_customizations/core.humio.com/HumioCluster/testdata/progressing.yaml @@ -0,0 +1,28 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioCluster +metadata: + creationTimestamp: '2022-12-09T05:48:10Z' + generation: 1 + labels: + app: humio + app.kubernetes.io/instance: humio-cluster-failtest + name: example-humiocluster + namespace: failtes +spec: + dataVolumePersistentVolumeClaimSpecTemplate: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: longhorn + digestPartitionsCount: 2 + image: 'humio/humio-core:latest' + license: + secretKeyRef: + key: data + name: example-humiocluster-license + storagePartitionsCount: 2 + targetReplicationFactor: 1 + tls: + enabled: false diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/restarting.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/restarting.yaml new file mode 100644 index 0000000000000..84943fe0484c1 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioCluster/testdata/restarting.yaml @@ -0,0 +1,30 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioCluster +metadata: + creationTimestamp: '2022-12-09T05:48:10Z' + generation: 1 + labels: + app: humio + app.kubernetes.io/instance: humio-cluster-failtest + name: example-humiocluster + namespace: failtes +spec: + dataVolumePersistentVolumeClaimSpecTemplate: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: longhorn + digestPartitionsCount: 2 + image: 'humio/humio-core:latest' + license: + secretKeyRef: + key: data + name: example-humiocluster-license + storagePartitionsCount: 2 + targetReplicationFactor: 1 + tls: + enabled: false +status: + state: Restarting diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/unknown.yaml new file mode 100644 index 0000000000000..1d08a2e885795 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioCluster/testdata/unknown.yaml @@ -0,0 +1,33 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioCluster +metadata: + creationTimestamp: '2022-12-09T05:48:10Z' + generation: 1 + labels: + app: humio + app.kubernetes.io/instance: humio-cluster-failtest + name: example-humiocluster + namespace: failtes +spec: + dataVolumePersistentVolumeClaimSpecTemplate: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: longhorn + digestPartitionsCount: 2 + image: 'humio/humio-core:latest' + license: + secretKeyRef: + key: data + name: example-humiocluster-license + storagePartitionsCount: 2 + targetReplicationFactor: 1 + tls: + enabled: false +status: + state: Unknown + + + diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/upgrading.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/upgrading.yaml new file mode 100644 index 0000000000000..76a322288aab0 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioCluster/testdata/upgrading.yaml @@ -0,0 +1,33 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioCluster +metadata: + creationTimestamp: '2022-12-09T05:48:10Z' + generation: 1 + labels: + app: humio + app.kubernetes.io/instance: humio-cluster-failtest + name: example-humiocluster + namespace: failtes +spec: + dataVolumePersistentVolumeClaimSpecTemplate: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + storageClassName: longhorn + digestPartitionsCount: 2 + image: 'humio/humio-core:latest' + license: + secretKeyRef: + key: data + name: example-humiocluster-license + storagePartitionsCount: 2 + targetReplicationFactor: 1 + tls: + enabled: false +status: + state: Upgrading + + + diff --git a/resource_customizations/core.humio.com/HumioIngestToken/health.lua b/resource_customizations/core.humio.com/HumioIngestToken/health.lua new file mode 100644 index 0000000000000..a99a0eb2e0d59 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioIngestToken/health.lua @@ -0,0 +1,30 @@ +hs = { + status = "Progressing", + message = "Update in progress" +} +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Exists" then + hs.status = "Healthy" + hs.message = "Component state: Exists." + end + if obj.status.state == "NotFound" then + hs.status = "Missing" + hs.message = "Component state: NotFound." + end + if obj.status.state == "ConfigError" then + hs.status = "Degraded" + hs.message = "Component state: ConfigError." + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + hs.message = "Component state: Unknown." + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + hs.message = "Component state: Unknown." + end + end + return hs +end +return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioIngestToken/health_test.yaml b/resource_customizations/core.humio.com/HumioIngestToken/health_test.yaml new file mode 100644 index 0000000000000..f90baf9bccc9f --- /dev/null +++ b/resource_customizations/core.humio.com/HumioIngestToken/health_test.yaml @@ -0,0 +1,21 @@ +tests: +- healthStatus: + status: Healthy + message: "Component state: Exists." + inputPath: testdata/healthy.yaml +- healthStatus: + status: Missing + message: "Component state: NotFound." + inputPath: testdata/notfound.yaml +- healthStatus: + status: Degraded + message: "Component state: ConfigError." + inputPath: testdata/configerror.yaml +- healthStatus: + status: Unknown + message: "Component state: Unknown." + inputPath: testdata/unknown.yaml +- healthStatus: + status: Progressing + message: "Update in progress" + inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioIngestToken/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioIngestToken/testdata/configerror.yaml new file mode 100644 index 0000000000000..df1ed30141ded --- /dev/null +++ b/resource_customizations/core.humio.com/HumioIngestToken/testdata/configerror.yaml @@ -0,0 +1,20 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioIngestToken +metadata: + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: test-token-1 + namespace: humio + resourceVersion: '10768058' + uid: f0a51e3d-8b64-483c-99fa-d7184a840707 +spec: + managedClusterName: example-humiocluster + name: test-token + parserName: json + repositoryName: example-1 + tokenSecretName: example-test-token-1 +status: + state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioIngestToken/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioIngestToken/testdata/healthy.yaml new file mode 100644 index 0000000000000..3eb03b98569b8 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioIngestToken/testdata/healthy.yaml @@ -0,0 +1,20 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioIngestToken +metadata: + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: test-token-1 + namespace: humio + resourceVersion: '10768058' + uid: f0a51e3d-8b64-483c-99fa-d7184a840707 +spec: + managedClusterName: example-humiocluster + name: test-token + parserName: json + repositoryName: example-1 + tokenSecretName: example-test-token-1 +status: + state: Exists diff --git a/resource_customizations/core.humio.com/HumioIngestToken/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioIngestToken/testdata/notfound.yaml new file mode 100644 index 0000000000000..6d36afdc1ef04 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioIngestToken/testdata/notfound.yaml @@ -0,0 +1,20 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioIngestToken +metadata: + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: test-token-1 + namespace: humio + resourceVersion: '10768058' + uid: f0a51e3d-8b64-483c-99fa-d7184a840707 +spec: + managedClusterName: example-humiocluster + name: test-token + parserName: json + repositoryName: example-1 + tokenSecretName: example-test-token-1 +status: + state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioIngestToken/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioIngestToken/testdata/progressing.yaml new file mode 100644 index 0000000000000..5dd35fc65c62a --- /dev/null +++ b/resource_customizations/core.humio.com/HumioIngestToken/testdata/progressing.yaml @@ -0,0 +1,18 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioIngestToken +metadata: + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: test-token-1 + namespace: humio + resourceVersion: '10768058' + uid: f0a51e3d-8b64-483c-99fa-d7184a840707 +spec: + managedClusterName: example-humiocluster + name: test-token + parserName: json + repositoryName: example-1 + tokenSecretName: example-test-token-1 \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioIngestToken/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioIngestToken/testdata/unknown.yaml new file mode 100644 index 0000000000000..3b5a50e620823 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioIngestToken/testdata/unknown.yaml @@ -0,0 +1,20 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioIngestToken +metadata: + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: test-token-1 + namespace: humio + resourceVersion: '10768058' + uid: f0a51e3d-8b64-483c-99fa-d7184a840707 +spec: + managedClusterName: example-humiocluster + name: test-token + parserName: json + repositoryName: example-1 + tokenSecretName: example-test-token-1 +status: + state: Unknown diff --git a/resource_customizations/core.humio.com/HumioParser/health.lua b/resource_customizations/core.humio.com/HumioParser/health.lua new file mode 100644 index 0000000000000..a99a0eb2e0d59 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioParser/health.lua @@ -0,0 +1,30 @@ +hs = { + status = "Progressing", + message = "Update in progress" +} +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Exists" then + hs.status = "Healthy" + hs.message = "Component state: Exists." + end + if obj.status.state == "NotFound" then + hs.status = "Missing" + hs.message = "Component state: NotFound." + end + if obj.status.state == "ConfigError" then + hs.status = "Degraded" + hs.message = "Component state: ConfigError." + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + hs.message = "Component state: Unknown." + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + hs.message = "Component state: Unknown." + end + end + return hs +end +return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioParser/health_test.yaml b/resource_customizations/core.humio.com/HumioParser/health_test.yaml new file mode 100644 index 0000000000000..f90baf9bccc9f --- /dev/null +++ b/resource_customizations/core.humio.com/HumioParser/health_test.yaml @@ -0,0 +1,21 @@ +tests: +- healthStatus: + status: Healthy + message: "Component state: Exists." + inputPath: testdata/healthy.yaml +- healthStatus: + status: Missing + message: "Component state: NotFound." + inputPath: testdata/notfound.yaml +- healthStatus: + status: Degraded + message: "Component state: ConfigError." + inputPath: testdata/configerror.yaml +- healthStatus: + status: Unknown + message: "Component state: Unknown." + inputPath: testdata/unknown.yaml +- healthStatus: + status: Progressing + message: "Update in progress" + inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioParser/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioParser/testdata/configerror.yaml new file mode 100644 index 0000000000000..f1334b3110848 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioParser/testdata/configerror.yaml @@ -0,0 +1,39 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioParser +metadata: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-1-parser + namespace: humio + resourceVersion: '10768079' + uid: 5641590d-b8e9-42e8-a544-d0673bf0e1a2 +spec: + managedClusterName: example-humiocluster + name: example-1 + parserScript: > + /(?\S+)\s+-\s+(?\S+)\s+\[(?<@timestamp>.*)\]\s+"((?\S+)\s+(?\S+)?\s+(?\S+)?|-)"\s+(?\d+)\s+(?\S+)\s+"(?[^"]*)"\s+"(?[^"]*)"\s*(?(\d|\.)+)?/ + | parseTimestamp(format="dd/MMM/yyyy:HH:mm:ss Z", field=@timestamp) + repositoryName: example-repo + tagFields: + - statuscode + - client + testData: + - >- + 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "GET /administrator/ + HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) + Gecko/20100101 Firefox/34.0" "-" + - >- + 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "POST + /administrator/index.php HTTP/1.1" 200 4494 + "http://github.com/administrator/" "Mozilla/5.0 (Windows NT 6.0; + rv:34.0) Gecko/20100101 Firefox/34.0" "-" + - >- + 4.4.4.4 - - [12/Dec/2015:18:31:08 +0100] "GET /administrator/ + HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) + Gecko/20100101 Firefox/34.0" "-" +status: + state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioParser/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioParser/testdata/healthy.yaml new file mode 100644 index 0000000000000..9a4d92d25c75a --- /dev/null +++ b/resource_customizations/core.humio.com/HumioParser/testdata/healthy.yaml @@ -0,0 +1,39 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioParser +metadata: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-1-parser + namespace: humio + resourceVersion: '10768079' + uid: 5641590d-b8e9-42e8-a544-d0673bf0e1a2 +spec: + managedClusterName: example-humiocluster + name: example-1 + parserScript: > + /(?\S+)\s+-\s+(?\S+)\s+\[(?<@timestamp>.*)\]\s+"((?\S+)\s+(?\S+)?\s+(?\S+)?|-)"\s+(?\d+)\s+(?\S+)\s+"(?[^"]*)"\s+"(?[^"]*)"\s*(?(\d|\.)+)?/ + | parseTimestamp(format="dd/MMM/yyyy:HH:mm:ss Z", field=@timestamp) + repositoryName: example-repo + tagFields: + - statuscode + - client + testData: + - >- + 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "GET /administrator/ + HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) + Gecko/20100101 Firefox/34.0" "-" + - >- + 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "POST + /administrator/index.php HTTP/1.1" 200 4494 + "http://github.com/administrator/" "Mozilla/5.0 (Windows NT 6.0; + rv:34.0) Gecko/20100101 Firefox/34.0" "-" + - >- + 4.4.4.4 - - [12/Dec/2015:18:31:08 +0100] "GET /administrator/ + HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) + Gecko/20100101 Firefox/34.0" "-" +status: + state: Exists diff --git a/resource_customizations/core.humio.com/HumioParser/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioParser/testdata/notfound.yaml new file mode 100644 index 0000000000000..87565368f42c5 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioParser/testdata/notfound.yaml @@ -0,0 +1,39 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioParser +metadata: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-1-parser + namespace: humio + resourceVersion: '10768079' + uid: 5641590d-b8e9-42e8-a544-d0673bf0e1a2 +spec: + managedClusterName: example-humiocluster + name: example-1 + parserScript: > + /(?\S+)\s+-\s+(?\S+)\s+\[(?<@timestamp>.*)\]\s+"((?\S+)\s+(?\S+)?\s+(?\S+)?|-)"\s+(?\d+)\s+(?\S+)\s+"(?[^"]*)"\s+"(?[^"]*)"\s*(?(\d|\.)+)?/ + | parseTimestamp(format="dd/MMM/yyyy:HH:mm:ss Z", field=@timestamp) + repositoryName: example-repo + tagFields: + - statuscode + - client + testData: + - >- + 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "GET /administrator/ + HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) + Gecko/20100101 Firefox/34.0" "-" + - >- + 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "POST + /administrator/index.php HTTP/1.1" 200 4494 + "http://github.com/administrator/" "Mozilla/5.0 (Windows NT 6.0; + rv:34.0) Gecko/20100101 Firefox/34.0" "-" + - >- + 4.4.4.4 - - [12/Dec/2015:18:31:08 +0100] "GET /administrator/ + HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) + Gecko/20100101 Firefox/34.0" "-" +status: + state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioParser/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioParser/testdata/progressing.yaml new file mode 100644 index 0000000000000..e46557b7931e2 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioParser/testdata/progressing.yaml @@ -0,0 +1,37 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioParser +metadata: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-1-parser + namespace: humio + resourceVersion: '10768079' + uid: 5641590d-b8e9-42e8-a544-d0673bf0e1a2 +spec: + managedClusterName: example-humiocluster + name: example-1 + parserScript: > + /(?\S+)\s+-\s+(?\S+)\s+\[(?<@timestamp>.*)\]\s+"((?\S+)\s+(?\S+)?\s+(?\S+)?|-)"\s+(?\d+)\s+(?\S+)\s+"(?[^"]*)"\s+"(?[^"]*)"\s*(?(\d|\.)+)?/ + | parseTimestamp(format="dd/MMM/yyyy:HH:mm:ss Z", field=@timestamp) + repositoryName: example-repo + tagFields: + - statuscode + - client + testData: + - >- + 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "GET /administrator/ + HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) + Gecko/20100101 Firefox/34.0" "-" + - >- + 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "POST + /administrator/index.php HTTP/1.1" 200 4494 + "http://github.com/administrator/" "Mozilla/5.0 (Windows NT 6.0; + rv:34.0) Gecko/20100101 Firefox/34.0" "-" + - >- + 4.4.4.4 - - [12/Dec/2015:18:31:08 +0100] "GET /administrator/ + HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) + Gecko/20100101 Firefox/34.0" "-" \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioParser/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioParser/testdata/unknown.yaml new file mode 100644 index 0000000000000..9def4c7cbba62 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioParser/testdata/unknown.yaml @@ -0,0 +1,39 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioParser +metadata: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-1-parser + namespace: humio + resourceVersion: '10768079' + uid: 5641590d-b8e9-42e8-a544-d0673bf0e1a2 +spec: + managedClusterName: example-humiocluster + name: example-1 + parserScript: > + /(?\S+)\s+-\s+(?\S+)\s+\[(?<@timestamp>.*)\]\s+"((?\S+)\s+(?\S+)?\s+(?\S+)?|-)"\s+(?\d+)\s+(?\S+)\s+"(?[^"]*)"\s+"(?[^"]*)"\s*(?(\d|\.)+)?/ + | parseTimestamp(format="dd/MMM/yyyy:HH:mm:ss Z", field=@timestamp) + repositoryName: example-repo + tagFields: + - statuscode + - client + testData: + - >- + 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "GET /administrator/ + HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) + Gecko/20100101 Firefox/34.0" "-" + - >- + 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "POST + /administrator/index.php HTTP/1.1" 200 4494 + "http://github.com/administrator/" "Mozilla/5.0 (Windows NT 6.0; + rv:34.0) Gecko/20100101 Firefox/34.0" "-" + - >- + 4.4.4.4 - - [12/Dec/2015:18:31:08 +0100] "GET /administrator/ + HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) + Gecko/20100101 Firefox/34.0" "-" +status: + state: Unknown diff --git a/resource_customizations/core.humio.com/HumioRepository/health.lua b/resource_customizations/core.humio.com/HumioRepository/health.lua new file mode 100644 index 0000000000000..a99a0eb2e0d59 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioRepository/health.lua @@ -0,0 +1,30 @@ +hs = { + status = "Progressing", + message = "Update in progress" +} +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Exists" then + hs.status = "Healthy" + hs.message = "Component state: Exists." + end + if obj.status.state == "NotFound" then + hs.status = "Missing" + hs.message = "Component state: NotFound." + end + if obj.status.state == "ConfigError" then + hs.status = "Degraded" + hs.message = "Component state: ConfigError." + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + hs.message = "Component state: Unknown." + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + hs.message = "Component state: Unknown." + end + end + return hs +end +return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioRepository/health_test.yaml b/resource_customizations/core.humio.com/HumioRepository/health_test.yaml new file mode 100644 index 0000000000000..f90baf9bccc9f --- /dev/null +++ b/resource_customizations/core.humio.com/HumioRepository/health_test.yaml @@ -0,0 +1,21 @@ +tests: +- healthStatus: + status: Healthy + message: "Component state: Exists." + inputPath: testdata/healthy.yaml +- healthStatus: + status: Missing + message: "Component state: NotFound." + inputPath: testdata/notfound.yaml +- healthStatus: + status: Degraded + message: "Component state: ConfigError." + inputPath: testdata/configerror.yaml +- healthStatus: + status: Unknown + message: "Component state: Unknown." + inputPath: testdata/unknown.yaml +- healthStatus: + status: Progressing + message: "Update in progress" + inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioRepository/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioRepository/testdata/configerror.yaml new file mode 100644 index 0000000000000..01286b1f77b0b --- /dev/null +++ b/resource_customizations/core.humio.com/HumioRepository/testdata/configerror.yaml @@ -0,0 +1,24 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioRepository +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 3 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-repo-1 + namespace: humio + resourceVersion: '10768154' + uid: bb626adb-1cdd-4db2-baa8-ae5e30132603 +spec: + description: example description + managedClusterName: example-humiocluster + name: example-repo + retention: + ingestSizeInGB: 4 + storageSizeInGB: 50 + timeInDays: 730 +status: + state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioRepository/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioRepository/testdata/healthy.yaml new file mode 100644 index 0000000000000..2b2443047faf9 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioRepository/testdata/healthy.yaml @@ -0,0 +1,24 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioRepository +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 3 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-repo-1 + namespace: humio + resourceVersion: '10768154' + uid: bb626adb-1cdd-4db2-baa8-ae5e30132603 +spec: + description: example description + managedClusterName: example-humiocluster + name: example-repo + retention: + ingestSizeInGB: 4 + storageSizeInGB: 50 + timeInDays: 730 +status: + state: Exists \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioRepository/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioRepository/testdata/notfound.yaml new file mode 100644 index 0000000000000..86a3c6cfa10ef --- /dev/null +++ b/resource_customizations/core.humio.com/HumioRepository/testdata/notfound.yaml @@ -0,0 +1,24 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioRepository +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 3 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-repo-1 + namespace: humio + resourceVersion: '10768154' + uid: bb626adb-1cdd-4db2-baa8-ae5e30132603 +spec: + description: example description + managedClusterName: example-humiocluster + name: example-repo + retention: + ingestSizeInGB: 4 + storageSizeInGB: 50 + timeInDays: 730 +status: + state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioRepository/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioRepository/testdata/progressing.yaml new file mode 100644 index 0000000000000..9c40d176e131e --- /dev/null +++ b/resource_customizations/core.humio.com/HumioRepository/testdata/progressing.yaml @@ -0,0 +1,22 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioRepository +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 3 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-repo-1 + namespace: humio + resourceVersion: '10768154' + uid: bb626adb-1cdd-4db2-baa8-ae5e30132603 +spec: + description: example description + managedClusterName: example-humiocluster + name: example-repo + retention: + ingestSizeInGB: 4 + storageSizeInGB: 50 + timeInDays: 730 \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioRepository/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioRepository/testdata/unknown.yaml new file mode 100644 index 0000000000000..22d343a44eec8 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioRepository/testdata/unknown.yaml @@ -0,0 +1,24 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioRepository +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 3 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-repo-1 + namespace: humio + resourceVersion: '10768154' + uid: bb626adb-1cdd-4db2-baa8-ae5e30132603 +spec: + description: example description + managedClusterName: example-humiocluster + name: example-repo + retention: + ingestSizeInGB: 4 + storageSizeInGB: 50 + timeInDays: 730 +status: + state: Unknown diff --git a/resource_customizations/core.humio.com/HumioView/health.lua b/resource_customizations/core.humio.com/HumioView/health.lua new file mode 100644 index 0000000000000..e11956922fb7a --- /dev/null +++ b/resource_customizations/core.humio.com/HumioView/health.lua @@ -0,0 +1,26 @@ +hs = { + status = "Progressing", + message = "Update in progress" +} +if obj.status ~= nil then + if obj.status.state ~= nil then + if obj.status.state == "Exists" then + hs.status = "Healthy" + hs.message = "Component state: Exists." + end + if obj.status.state == "NotFound" then + hs.status = "Missing" + hs.message = "Component state: NotFound." + end + if obj.status.state == "ConfigError" then + hs.status = "Degraded" + hs.message = "Component state: ConfigError." + end + if obj.status.state == "Unknown" then + hs.status = "Unknown" + hs.message = "Component state: Unknown." + end + end + return hs +end +return hs diff --git a/resource_customizations/core.humio.com/HumioView/health_test.yaml b/resource_customizations/core.humio.com/HumioView/health_test.yaml new file mode 100644 index 0000000000000..f90baf9bccc9f --- /dev/null +++ b/resource_customizations/core.humio.com/HumioView/health_test.yaml @@ -0,0 +1,21 @@ +tests: +- healthStatus: + status: Healthy + message: "Component state: Exists." + inputPath: testdata/healthy.yaml +- healthStatus: + status: Missing + message: "Component state: NotFound." + inputPath: testdata/notfound.yaml +- healthStatus: + status: Degraded + message: "Component state: ConfigError." + inputPath: testdata/configerror.yaml +- healthStatus: + status: Unknown + message: "Component state: Unknown." + inputPath: testdata/unknown.yaml +- healthStatus: + status: Progressing + message: "Update in progress" + inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioView/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioView/testdata/configerror.yaml new file mode 100644 index 0000000000000..917c1c8b5eaab --- /dev/null +++ b/resource_customizations/core.humio.com/HumioView/testdata/configerror.yaml @@ -0,0 +1,24 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioView +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-view + namespace: humio + resourceVersion: '10768121' + uid: 2c49ac77-1be2-4e2c-a473-44f3f0e03453 +spec: + connections: + - filter: '*' + repositoryName: example-1 + - filter: '*' + repositoryName: example-2 + managedClusterName: example-humiocluster + name: example-view +status: + state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioView/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioView/testdata/healthy.yaml new file mode 100644 index 0000000000000..7c75082be60a0 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioView/testdata/healthy.yaml @@ -0,0 +1,24 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioView +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-view + namespace: humio + resourceVersion: '10768121' + uid: 2c49ac77-1be2-4e2c-a473-44f3f0e03453 +spec: + connections: + - filter: '*' + repositoryName: example-1 + - filter: '*' + repositoryName: example-2 + managedClusterName: example-humiocluster + name: example-view +status: + state: Exists \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioView/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioView/testdata/notfound.yaml new file mode 100644 index 0000000000000..2d929ef2ae584 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioView/testdata/notfound.yaml @@ -0,0 +1,24 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioView +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-view + namespace: humio + resourceVersion: '10768121' + uid: 2c49ac77-1be2-4e2c-a473-44f3f0e03453 +spec: + connections: + - filter: '*' + repositoryName: example-1 + - filter: '*' + repositoryName: example-2 + managedClusterName: example-humiocluster + name: example-view +status: + state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioView/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioView/testdata/progressing.yaml new file mode 100644 index 0000000000000..4b44ad4cbbf83 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioView/testdata/progressing.yaml @@ -0,0 +1,22 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioView +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-view + namespace: humio + resourceVersion: '10768121' + uid: 2c49ac77-1be2-4e2c-a473-44f3f0e03453 +spec: + connections: + - filter: '*' + repositoryName: example-1 + - filter: '*' + repositoryName: example-2 + managedClusterName: example-humiocluster + name: example-view \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioView/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioView/testdata/unknown.yaml new file mode 100644 index 0000000000000..ac4453048e0e7 --- /dev/null +++ b/resource_customizations/core.humio.com/HumioView/testdata/unknown.yaml @@ -0,0 +1,24 @@ +apiVersion: core.humio.com/v1alpha1 +kind: HumioView +metadata: + annotations: + creationTimestamp: '2022-12-08T02:03:07Z' + finalizers: + - core.humio.com/finalizer + generation: 1 + labels: + app.kubernetes.io/instance: humio-deploy + name: example-view + namespace: humio + resourceVersion: '10768121' + uid: 2c49ac77-1be2-4e2c-a473-44f3f0e03453 +spec: + connections: + - filter: '*' + repositoryName: example-1 + - filter: '*' + repositoryName: example-2 + managedClusterName: example-humiocluster + name: example-view +status: + state: Unknown diff --git a/resource_customizations/k8s.mariadb.com/Backup/health.lua b/resource_customizations/k8s.mariadb.com/Backup/health.lua new file mode 100644 index 0000000000000..ac78b482648e0 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/Backup/health.lua @@ -0,0 +1,25 @@ +local health_status = {} + +if obj.status ~= nil and obj.status.conditions ~= nil then + + for i, condition in ipairs(obj.status.conditions) do + + health_status.message = condition.reason .. " " .. condition.message + + if condition.status == "False" then + if condition.reason == "CronJobScheduled" and condition.message == "Failed" then + health_status.status = "Degraded" + return health_status + end + health_status.status = "Progressing" + return health_status + end + end + + health_status.status = "Healthy" + return health_status +end + +health_status.status = "Progressing" +health_status.message = "No status info available" +return health_status diff --git a/resource_customizations/k8s.mariadb.com/Backup/health_test.yaml b/resource_customizations/k8s.mariadb.com/Backup/health_test.yaml new file mode 100644 index 0000000000000..2acfdebc9052b --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/Backup/health_test.yaml @@ -0,0 +1,9 @@ +tests: +- healthStatus: + status: Healthy + message: "CronJobSucess Success" + inputPath: testdata/ok.yaml +- healthStatus: + status: Degraded + message: "CronJobScheduled Failed" + inputPath: testdata/failed.yaml diff --git a/resource_customizations/k8s.mariadb.com/Backup/testdata/failed.yaml b/resource_customizations/k8s.mariadb.com/Backup/testdata/failed.yaml new file mode 100644 index 0000000000000..731288ba52e60 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/Backup/testdata/failed.yaml @@ -0,0 +1,30 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Backup +metadata: + name: backup-local +spec: + backoffLimit: 5 + logLevel: info + mariaDbRef: + name: mariadb + waitForIt: true + maxRetention: 168h + restartPolicy: OnFailure + schedule: + cron: 0 */2 * * * + suspend: false + serviceAccountName: backup-local + storage: + persistentVolumeClaim: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 80Gi +status: + conditions: + - lastTransitionTime: "2024-04-22T20:00:00Z" + message: Failed + reason: CronJobScheduled + status: "False" + type: Complete diff --git a/resource_customizations/k8s.mariadb.com/Backup/testdata/ok.yaml b/resource_customizations/k8s.mariadb.com/Backup/testdata/ok.yaml new file mode 100644 index 0000000000000..daf8b55fc6c0f --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/Backup/testdata/ok.yaml @@ -0,0 +1,41 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Backup +metadata: + annotations: + argocd.argoproj.io/tracking-id: apps-bridge-demo-de1:k8s.mariadb.com/Backup:bridge/backup-local-bridge + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"k8s.mariadb.com/v1alpha1","kind":"Backup","metadata":{"annotations":{"argocd.argoproj.io/tracking-id":"apps-bridge-demo-de1:k8s.mariadb.com/Backup:bridge/backup-local-bridge"},"name":"backup-local-bridge","namespace":"bridge"},"spec":{"args":["--databases bridge"],"mariaDbRef":{"name":"mariadb"},"maxRetention":"168h","schedule":{"cron":"0 1-23/2 * * *","suspend":false},"storage":{"persistentVolumeClaim":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"80Gi"}}}}}} + creationTimestamp: "2024-04-12T12:35:41Z" + generation: 2 + name: backup-local-bridge + namespace: bridge + resourceVersion: "506591405" + uid: 67364d0a-6da9-4369-97fd-45ea468dbbea +spec: + args: + - --databases bridge + backoffLimit: 5 + logLevel: info + mariaDbRef: + name: mariadb + waitForIt: true + maxRetention: 168h + restartPolicy: OnFailure + schedule: + cron: 0 1-23/2 * * * + suspend: false + serviceAccountName: backup-local-bridge + storage: + persistentVolumeClaim: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 80Gi +status: + conditions: + - lastTransitionTime: "2024-04-24T15:00:23Z" + message: Success + reason: CronJobSucess + status: "True" + type: Complete diff --git a/resource_customizations/k8s.mariadb.com/Database/health.lua b/resource_customizations/k8s.mariadb.com/Database/health.lua new file mode 100644 index 0000000000000..17372dbbbf503 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/Database/health.lua @@ -0,0 +1,23 @@ +local health_status = {} +health_status.status = "Progressing" +health_status.message = "No status info available" + +if obj.status ~= nil and obj.status.conditions ~= nil then + + for i, condition in ipairs(obj.status.conditions) do + + health_status.message = condition.message + + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + else + health_status.status = "Degraded" + end + return health_status + end + end +end + + +return health_status diff --git a/resource_customizations/k8s.mariadb.com/Database/health_test.yaml b/resource_customizations/k8s.mariadb.com/Database/health_test.yaml new file mode 100644 index 0000000000000..fa21c37fe26d0 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/Database/health_test.yaml @@ -0,0 +1,5 @@ +tests: +- healthStatus: + status: Healthy + message: "Created" + inputPath: testdata/database-ready.yaml diff --git a/resource_customizations/k8s.mariadb.com/Database/testdata/database-ready.yaml b/resource_customizations/k8s.mariadb.com/Database/testdata/database-ready.yaml new file mode 100644 index 0000000000000..f1ccff4f2699b --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/Database/testdata/database-ready.yaml @@ -0,0 +1,19 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: dbname +spec: + characterSet: utf8 + collate: utf8_general_ci + mariaDbRef: + name: mariadb + waitForIt: true + requeueInterval: 30s + retryInterval: 5s +status: + conditions: + - lastTransitionTime: "2024-04-12T13:43:57Z" + message: Created + reason: Created + status: "True" + type: Ready diff --git a/resource_customizations/k8s.mariadb.com/Grant/health.lua b/resource_customizations/k8s.mariadb.com/Grant/health.lua new file mode 100644 index 0000000000000..8e426f15e2b3c --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/Grant/health.lua @@ -0,0 +1,22 @@ +local health_status = {} +health_status.status = "Progressing" +health_status.message = "No status info available" +if obj.status ~= nil and obj.status.conditions ~= nil then + + for i, condition in ipairs(obj.status.conditions) do + + health_status.message = condition.message + + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + else + health_status.status = "Degraded" + end + return health_status + end + end +end + + +return health_status diff --git a/resource_customizations/k8s.mariadb.com/Grant/health_test.yaml b/resource_customizations/k8s.mariadb.com/Grant/health_test.yaml new file mode 100644 index 0000000000000..1f420e183cbb5 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/Grant/health_test.yaml @@ -0,0 +1,6 @@ +tests: +- healthStatus: + status: Healthy + message: "Created" + inputPath: testdata/grant-ready.yaml + diff --git a/resource_customizations/k8s.mariadb.com/Grant/testdata/grant-ready.yaml b/resource_customizations/k8s.mariadb.com/Grant/testdata/grant-ready.yaml new file mode 100644 index 0000000000000..2081010f9dae3 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/Grant/testdata/grant-ready.yaml @@ -0,0 +1,26 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Grant +metadata: + name: mariadb-metrics +spec: + database: '*' + grantOption: false + mariaDbRef: + name: mariadb + namespace: bridge + waitForIt: false + privileges: + - SELECT + - PROCESS + - REPLICATION CLIENT + - REPLICA MONITOR + - SLAVE MONITOR + table: '*' + username: mariadb-metrics +status: + conditions: + - lastTransitionTime: "2024-04-20T20:45:02Z" + message: Created + reason: Created + status: "True" + type: Ready diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/health.lua b/resource_customizations/k8s.mariadb.com/MariaDB/health.lua new file mode 100644 index 0000000000000..b0278bb22650e --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/MariaDB/health.lua @@ -0,0 +1,25 @@ +local health_status = {} + +if obj.status ~= nil and obj.status.conditions ~= nil then + + for i, condition in ipairs(obj.status.conditions) do + + health_status.message = condition.message + + if condition.status == "False" then + if condition.reason == "Failed" then + health_status.status = "Degraded" + return health_status + end + health_status.status = "Progressing" + return health_status + end + end + + health_status.status = "Healthy" + return health_status +end + +health_status.status = "Progressing" +health_status.message = "No status info available" +return health_status diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/health_test.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/health_test.yaml new file mode 100644 index 0000000000000..f3dba1ac80c58 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/MariaDB/health_test.yaml @@ -0,0 +1,25 @@ +tests: +- healthStatus: + status: Progressing + message: "No status info available" + inputPath: testdata/no_status.yaml +- healthStatus: + status: Healthy + message: "Running" + inputPath: testdata/statefulset_ready.yaml +- healthStatus: + status: Progressing + message: "Not ready" + inputPath: testdata/statefulset_not_ready.yaml +- healthStatus: + status: Healthy + message: "Running" + inputPath: testdata/restore_complete.yaml +- healthStatus: + status: Progressing + message: "Restoring backup" + inputPath: testdata/restore_not_complete.yaml +- healthStatus: + status: Degraded + message: "Error creating ConfigMap" + inputPath: testdata/mariadb_error.yaml diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/mariadb_error.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/mariadb_error.yaml new file mode 100644 index 0000000000000..9566f9fa3c262 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/mariadb_error.yaml @@ -0,0 +1,27 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-server +spec: + rootPasswordSecretKeyRef: + name: mariadb + key: root-password + image: + repository: mariadb + tag: "10.7.4" + pullPolicy: IfNotPresent + port: 3306 + volumeClaimTemplate: + resources: + requests: + storage: 100Mi + storageClassName: standard + accessModes: + - ReadWriteOnce +status: + conditions: + - lastTransitionTime: '2023-04-20T15:31:15Z' + message: Error creating ConfigMap + reason: Failed + status: 'False' + type: Ready diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/no_status.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/no_status.yaml new file mode 100644 index 0000000000000..dcf61713069c1 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/no_status.yaml @@ -0,0 +1,22 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-server +spec: + rootPasswordSecretKeyRef: + name: mariadb + key: root-password + image: + repository: mariadb + tag: "10.7.4" + pullPolicy: IfNotPresent + port: 3306 + volumeClaimTemplate: + resources: + requests: + storage: 100Mi + storageClassName: standard + accessModes: + - ReadWriteOnce +status: + revision: 0 diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_complete.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_complete.yaml new file mode 100644 index 0000000000000..e861bc1119683 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_complete.yaml @@ -0,0 +1,32 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-server +spec: + rootPasswordSecretKeyRef: + name: mariadb + key: root-password + image: + repository: mariadb + tag: "10.7.4" + pullPolicy: IfNotPresent + port: 3306 + volumeClaimTemplate: + resources: + requests: + storage: 100Mi + storageClassName: standard + accessModes: + - ReadWriteOnce +status: + conditions: + - lastTransitionTime: "2023-04-05T14:18:01Z" + message: Ready + reason: RestoreComplete + status: "True" + type: Bootstrapped + - lastTransitionTime: "2023-04-05T14:18:02Z" + message: Running + reason: RestoreComplete + status: "True" + type: Ready diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_not_complete.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_not_complete.yaml new file mode 100644 index 0000000000000..df7882ec56147 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_not_complete.yaml @@ -0,0 +1,32 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-server +spec: + rootPasswordSecretKeyRef: + name: mariadb + key: root-password + image: + repository: mariadb + tag: "10.7.4" + pullPolicy: IfNotPresent + port: 3306 + volumeClaimTemplate: + resources: + requests: + storage: 100Mi + storageClassName: standard + accessModes: + - ReadWriteOnce +status: + conditions: + - lastTransitionTime: "2023-04-05T14:18:01Z" + message: Restoring backup + reason: RestoreNotComplete + status: "False" + type: Ready + - lastTransitionTime: "2023-04-05T14:18:02Z" + message: Not ready + reason: RestoreNotComplete + status: "False" + type: Bootstrapped diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_not_ready.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_not_ready.yaml new file mode 100644 index 0000000000000..faaf12dab205e --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_not_ready.yaml @@ -0,0 +1,27 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-server +spec: + rootPasswordSecretKeyRef: + name: mariadb + key: root-password + image: + repository: mariadb + tag: "10.7.4" + pullPolicy: IfNotPresent + port: 3306 + volumeClaimTemplate: + resources: + requests: + storage: 100Mi + storageClassName: standard + accessModes: + - ReadWriteOnce +status: + conditions: + - lastTransitionTime: "2023-04-05T14:18:01Z" + message: Not ready + reason: StatefulSetNotReady + status: "False" + type: Ready diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_ready.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_ready.yaml new file mode 100644 index 0000000000000..90d82fc08d583 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_ready.yaml @@ -0,0 +1,27 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb-server +spec: + rootPasswordSecretKeyRef: + name: mariadb + key: root-password + image: + repository: mariadb + tag: "10.7.4" + pullPolicy: IfNotPresent + port: 3306 + volumeClaimTemplate: + resources: + requests: + storage: 100Mi + storageClassName: standard + accessModes: + - ReadWriteOnce +status: + conditions: + - lastTransitionTime: "2023-04-05T14:18:01Z" + message: Running + reason: StatefulSetReady + status: "True" + type: Ready diff --git a/resource_customizations/k8s.mariadb.com/SqlJob/health.lua b/resource_customizations/k8s.mariadb.com/SqlJob/health.lua new file mode 100644 index 0000000000000..0a666f2c28fe3 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/SqlJob/health.lua @@ -0,0 +1,21 @@ +local health_status = {} +health_status.status = "Progressing" +health_status.message = "No status info available" + +if obj.status ~= nil and obj.status.conditions ~= nil then + + for i, condition in ipairs(obj.status.conditions) do + + health_status.message = condition.reason .. " " .. condition.message + if condition.reason == "JobComplete" and condition.status == "True" then + health_status.status = "Healthy" + return health_status + end + + if condition.reason == "JobFailed" and condition.status == "True" then + health_status.status = "Degraded" + return health_status + end + end +end +return health_status diff --git a/resource_customizations/k8s.mariadb.com/SqlJob/health_test.yaml b/resource_customizations/k8s.mariadb.com/SqlJob/health_test.yaml new file mode 100644 index 0000000000000..4ecd2cb9446c3 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/SqlJob/health_test.yaml @@ -0,0 +1,9 @@ +tests: +- healthStatus: + status: Healthy + message: "JobComplete Success" + inputPath: testdata/sqljobs-ok.yaml +- healthStatus: + status: Degraded + message: "JobFailed Failed" + inputPath: testdata/sqljobs-failed.yaml diff --git a/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-failed.yaml b/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-failed.yaml new file mode 100644 index 0000000000000..f676a151f4057 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-failed.yaml @@ -0,0 +1,24 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: SqlJob +metadata: + name: jobname +spec: + backoffLimit: 5 + database: dbname + mariaDbRef: + name: mariadb + waitForIt: true + passwordSecretKeyRef: + key: password + name: mariadb-root + restartPolicy: OnFailure + serviceAccountName: jobname + sql: "Some SQL" + username: root +status: + conditions: + - lastTransitionTime: "2024-03-19T11:39:00Z" + message: Failed + reason: JobFailed + status: "True" + type: Complete diff --git a/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-ok.yaml b/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-ok.yaml new file mode 100644 index 0000000000000..84d80cfa6abb1 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-ok.yaml @@ -0,0 +1,23 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: SqlJob +metadata: + name: jobname +spec: + backoffLimit: 5 + database: dbname + mariaDbRef: + name: mariadb + waitForIt: true + passwordSecretKeyRef: + key: password + name: mariadb-root + restartPolicy: Never + serviceAccountName: jobname + sql: "some SQL;" +status: + conditions: + - lastTransitionTime: "2024-04-22T14:08:49Z" + message: Success + reason: JobComplete + status: "True" + type: Complete diff --git a/resource_customizations/k8s.mariadb.com/User/health.lua b/resource_customizations/k8s.mariadb.com/User/health.lua new file mode 100644 index 0000000000000..8f0fcb704ab08 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/User/health.lua @@ -0,0 +1,23 @@ +local health_status = {} + +health_status.status = "Progressing" +health_status.message = "No status info available" + +if obj.status ~= nil and obj.status.conditions ~= nil then + + for i, condition in ipairs(obj.status.conditions) do + + health_status.message = condition.message + + if condition.type == "Ready" then + if condition.status == "True" then + health_status.status = "Healthy" + else + health_status.status = "Degraded" + end + return health_status + end + end +end + +return health_status diff --git a/resource_customizations/k8s.mariadb.com/User/health_test.yaml b/resource_customizations/k8s.mariadb.com/User/health_test.yaml new file mode 100644 index 0000000000000..b6e41d0e578c3 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/User/health_test.yaml @@ -0,0 +1,5 @@ +tests: +- healthStatus: + status: Healthy + message: "Created" + inputPath: testdata/user-created.yaml diff --git a/resource_customizations/k8s.mariadb.com/User/testdata/user-created.yaml b/resource_customizations/k8s.mariadb.com/User/testdata/user-created.yaml new file mode 100644 index 0000000000000..935f621efe464 --- /dev/null +++ b/resource_customizations/k8s.mariadb.com/User/testdata/user-created.yaml @@ -0,0 +1,37 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: User +metadata: + creationTimestamp: "2024-04-12T13:43:56Z" + finalizers: + - user.k8s.mariadb.com/finalizer + generation: 1 + labels: + db.bridge.a3p.com: mariadb + name: mariadb-metrics + namespace: bridge + ownerReferences: + - apiVersion: k8s.mariadb.com/v1alpha1 + blockOwnerDeletion: true + controller: true + kind: MariaDB + name: mariadb + uid: a29fc76f-66a5-4612-9b15-16c405f7edd9 + resourceVersion: "345121483" + uid: ecce1099-7b71-418b-b386-893db5fd7e59 +spec: + mariaDbRef: + name: mariadb + namespace: bridge + waitForIt: false + maxUserConnections: 3 + name: mariadb-metrics + passwordSecretKeyRef: + key: password + name: mariadb-metrics-password +status: + conditions: + - lastTransitionTime: "2024-04-12T13:43:57Z" + message: Created + reason: Created + status: "True" + type: Ready diff --git a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua index 7422fd4104727..071e288989502 100644 --- a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua +++ b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua @@ -1,5 +1,10 @@ local health_status = {} if obj.status ~= nil then + if obj.status.state == "ClusterRollingUpgrading" then + health_status.message = "Kafka Cluster is Rolling Upgrading." + health_status.status = "Progressing" + return health_status + end if obj.status.brokersState ~= nil then local numberBrokers = 0 local healthyBrokers = 0 @@ -23,11 +28,6 @@ if obj.status ~= nil then health_status.status = "Progressing" return health_status end - if obj.status.state == "ClusterRollingUpgrading" then - health_status.message = "Kafka Cluster is Rolling Upgrading." - health_status.status = "Progressing" - return health_status - end end else health_status.message = "Broker Config is out of Sync or CruiseControlState is not Ready" @@ -38,4 +38,4 @@ if obj.status ~= nil then end health_status.status = "Progressing" health_status.message = "Waiting for KafkaCluster" -return health_status \ No newline at end of file +return health_status diff --git a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml index 776cc02739326..33e921c2ab236 100644 --- a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml +++ b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml @@ -7,6 +7,10 @@ tests: status: Progressing message: "Waiting for KafkaCluster" inputPath: testdata/updating.yaml +- healthStatus: + status: Progressing + message: "Kafka Cluster is Rolling Upgrading." + inputPath: testdata/rollingUpgrade.yaml - healthStatus: status: Degraded message: "Broker Config is out of Sync or CruiseControlState is not Ready" @@ -14,4 +18,4 @@ tests: - healthStatus: status: Healthy message: "Kafka Brokers, CruiseControl and cluster are in Healthy State." - inputPath: testdata/healthy.yaml \ No newline at end of file + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/testdata/rollingUpgrade.yaml b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/testdata/rollingUpgrade.yaml new file mode 100644 index 0000000000000..c0bbfb335e243 --- /dev/null +++ b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/testdata/rollingUpgrade.yaml @@ -0,0 +1,48 @@ +apiVersion: kafka.banzaicloud.io/v1beta1 +kind: KafkaCluster +metadata: + finalizers: + - finalizer.kafkaclusters.kafka.banzaicloud.io + - topics.kafkaclusters.kafka.banzaicloud.io + - users.kafkaclusters.kafka.banzaicloud.io + generation: 4 + labels: + argocd.argoproj.io/instance: kafka-cluster + controller-tools.k8s.io: "1.0" + name: kafkacluster + namespace: kafka + name: kafkacluster + namespace: kafka + resourceVersion: "31935335" + selfLink: /apis/kafka.banzaicloud.io/v1beta1/namespaces/2269-kafka/kafkaclusters/kafkacluster + uid: c6affef0-651d-44c7-8bff-638961517c8d +spec: {} +status: + alertCount: 0 + brokersState: + "0": + configurationState: ConfigInSync + gracefulActionState: + cruiseControlState: GracefulUpscaleSucceeded + errorMessage: CruiseControlTopicReady + rackAwarenessState: | + broker.rack=us-east-1,us-east-1c + "1": + configurationState: ConfigInSync + gracefulActionState: + cruiseControlState: GracefulUpscaleSucceeded + errorMessage: CruiseControlTopicReady + rackAwarenessState: | + broker.rack=us-east-1,us-east-1b + "2": + configurationState: ConfigOutOfSync + gracefulActionState: + cruiseControlState: GracefulUpscaleSucceeded + errorMessage: CruiseControlTopicReady + rackAwarenessState: | + broker.rack=us-east-1,us-east-1a + cruiseControlTopicStatus: CruiseControlTopicReady + rollingUpgradeStatus: + errorCount: 0 + lastSuccess: "" + state: ClusterRollingUpgrading diff --git a/resource_customizations/kafka.strimzi.io/KafkaBridge/health.lua b/resource_customizations/kafka.strimzi.io/KafkaBridge/health.lua new file mode 100644 index 0000000000000..5cc1908db0ac2 --- /dev/null +++ b/resource_customizations/kafka.strimzi.io/KafkaBridge/health.lua @@ -0,0 +1,21 @@ +local hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "NotReady" and condition.status == "True" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Ready" and condition.status == "True" then + hs.status = "Healthy" + hs.message = "" + return hs + end + end + end +end + +hs.status = "Progressing" +hs.message = "Waiting for KafkaBridge" +return hs diff --git a/resource_customizations/kafka.strimzi.io/KafkaBridge/health_test.yaml b/resource_customizations/kafka.strimzi.io/KafkaBridge/health_test.yaml new file mode 100644 index 0000000000000..3598282b2b4bd --- /dev/null +++ b/resource_customizations/kafka.strimzi.io/KafkaBridge/health_test.yaml @@ -0,0 +1,12 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for KafkaBridge" + inputPath: testdata/progressing_noStatus.yaml +- healthStatus: + status: Degraded + message: "Error" + inputPath: testdata/degraded.yaml +- healthStatus: + status: Healthy + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/degraded.yaml b/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/degraded.yaml new file mode 100644 index 0000000000000..46a692282e1be --- /dev/null +++ b/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/degraded.yaml @@ -0,0 +1,54 @@ +apiVersion: kafka.strimzi.io/v1beta1 +kind: KafkaBridge +metadata: + creationTimestamp: "2020-02-13T14:03:15Z" + deletionGracePeriodSeconds: 0 + deletionTimestamp: "2020-05-28T10:29:44Z" + finalizers: + - foregroundDeletion + generation: 25 + labels: + app.kubernetes.io/instance: kafka-bridge + name: kafka-bridge + namespace: strimzi + resourceVersion: "43088521" + selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkabridge/kafka + uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 +spec: + authentication: + passwordSecret: + password: password + secretName: kafka-bridge + type: scram-sha-512 + username: kafka-bridge + bootstrapServers: 'kafka-bootstrap:9095' + enableMetrics: true + http: + port: 8080 + logging: + loggers: + kafka.root.logger.level: DEBUG + logger.send.level: DEBUG + logger.send.name: http.openapi.operation.send + type: inline + producer: + config: + ssl.cipher.suites: TLS_AES_256_GCM_SHA384 + ssl.enabled.protocols: TLSv1.3 + ssl.protocol: TLSv1.3 + replicas: 1 + tls: + trustedCertificates: + - certificate: ca.crt + secretName: kafka-cluster-cluster-ca-cert +status: + conditions: + - lastTransitionTime: '2024-05-15T09:34:44.930056634Z' + status: "True" + type: NotReady + message: "Error" + labelSelector: >- + strimzi.io/cluster=kafka-bridge,strimzi.io/name=kafka-bridge-bridge,strimzi.io/kind=KafkaBridge + observedGeneration: 14 + replicas: 1 + url: 'http://kafka-bridge-bridge-service.strimzi.svc:8080' \ No newline at end of file diff --git a/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/healthy.yaml b/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/healthy.yaml new file mode 100644 index 0000000000000..0246a7a964429 --- /dev/null +++ b/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/healthy.yaml @@ -0,0 +1,53 @@ +apiVersion: kafka.strimzi.io/v1beta1 +kind: KafkaBridge +metadata: + creationTimestamp: "2020-02-13T14:03:15Z" + deletionGracePeriodSeconds: 0 + deletionTimestamp: "2020-05-28T10:29:44Z" + finalizers: + - foregroundDeletion + generation: 25 + labels: + app.kubernetes.io/instance: kafka-bridge + name: kafka-bridge + namespace: strimzi + resourceVersion: "43088521" + selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkabridge/kafka + uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 +spec: + authentication: + passwordSecret: + password: password + secretName: kafka-bridge + type: scram-sha-512 + username: kafka-bridge + bootstrapServers: 'kafka-bootstrap:9095' + enableMetrics: true + http: + port: 8080 + logging: + loggers: + kafka.root.logger.level: DEBUG + logger.send.level: DEBUG + logger.send.name: http.openapi.operation.send + type: inline + producer: + config: + ssl.cipher.suites: TLS_AES_256_GCM_SHA384 + ssl.enabled.protocols: TLSv1.3 + ssl.protocol: TLSv1.3 + replicas: 1 + tls: + trustedCertificates: + - certificate: ca.crt + secretName: kafka-cluster-cluster-ca-cert +status: + conditions: + - lastTransitionTime: '2024-05-15T09:34:44.930056634Z' + status: 'True' + type: Ready + labelSelector: >- + strimzi.io/cluster=kafka-bridge,strimzi.io/name=kafka-bridge-bridge,strimzi.io/kind=KafkaBridge + observedGeneration: 14 + replicas: 1 + url: 'http://kafka-bridge-bridge-service.strimzi.svc:8080' \ No newline at end of file diff --git a/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/progressing_noStatus.yaml b/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/progressing_noStatus.yaml new file mode 100644 index 0000000000000..5b1d35293d16d --- /dev/null +++ b/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/progressing_noStatus.yaml @@ -0,0 +1,43 @@ +apiVersion: kafka.strimzi.io/v1beta1 +kind: KafkaBridge +metadata: + creationTimestamp: "2020-02-13T14:03:15Z" + deletionGracePeriodSeconds: 0 + deletionTimestamp: "2020-05-28T10:29:44Z" + finalizers: + - foregroundDeletion + generation: 25 + labels: + app.kubernetes.io/instance: kafka-bridge + name: kafka-bridge + namespace: strimzi + resourceVersion: "43088521" + selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkabridge/kafka + uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 +spec: + authentication: + passwordSecret: + password: password + secretName: kafka-bridge + type: scram-sha-512 + username: kafka-bridge + bootstrapServers: 'kafka-bootstrap:9095' + enableMetrics: true + http: + port: 8080 + logging: + loggers: + kafka.root.logger.level: DEBUG + logger.send.level: DEBUG + logger.send.name: http.openapi.operation.send + type: inline + producer: + config: + ssl.cipher.suites: TLS_AES_256_GCM_SHA384 + ssl.enabled.protocols: TLSv1.3 + ssl.protocol: TLSv1.3 + replicas: 1 + tls: + trustedCertificates: + - certificate: ca.crt + secretName: kafka-cluster-cluster-ca-cert \ No newline at end of file diff --git a/resource_customizations/kafka.strimzi.io/KafkaConnector/health.lua b/resource_customizations/kafka.strimzi.io/KafkaConnector/health.lua new file mode 100644 index 0000000000000..3f35894629bf0 --- /dev/null +++ b/resource_customizations/kafka.strimzi.io/KafkaConnector/health.lua @@ -0,0 +1,21 @@ +local hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "NotReady" and condition.status == "True" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Ready" and condition.status == "True" then + hs.status = "Healthy" + hs.message = "" + return hs + end + end + end +end + +hs.status = "Progressing" +hs.message = "Waiting for KafkaConnector" +return hs diff --git a/resource_customizations/kafka.strimzi.io/KafkaConnector/health_test.yaml b/resource_customizations/kafka.strimzi.io/KafkaConnector/health_test.yaml new file mode 100644 index 0000000000000..ec96bb4f029d5 --- /dev/null +++ b/resource_customizations/kafka.strimzi.io/KafkaConnector/health_test.yaml @@ -0,0 +1,12 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for KafkaConnector" + inputPath: testdata/progressing_noStatus.yaml +- healthStatus: + status: Degraded + message: "The following tasks have failed: 0, see connectorStatus for more details." + inputPath: testdata/degraded.yaml +- healthStatus: + status: Healthy + inputPath: testdata/healthy.yaml diff --git a/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/degraded.yaml b/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/degraded.yaml new file mode 100644 index 0000000000000..806da605e36d3 --- /dev/null +++ b/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/degraded.yaml @@ -0,0 +1,51 @@ +apiVersion: kafka.strimzi.io/v1beta1 +kind: KafkaConnector +metadata: + creationTimestamp: "2020-02-13T14:03:15Z" + deletionGracePeriodSeconds: 0 + deletionTimestamp: "2020-05-28T10:29:44Z" + finalizers: + - foregroundDeletion + generation: 25 + labels: + app.kubernetes.io/instance: kafka-connect + strimzi.io/cluster: strimzi-connect-cluster + name: my-connector + namespace: strimzi + resourceVersion: "43088521" + selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkaconnector/kafka + uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 +spec: + class: org.apache.kafka.connect.file.FileStreamSourceConnector + tasksMax: 2 + config: + file: "/opt/kafka/LICENSE" + topic: my-topic +status: + autoRestart: + count: 1 + lastRestartTimestamp: '2024-05-17T15:55:21.611546835Z' + conditions: + - lastTransitionTime: '2024-05-17T15:57:09.059039185Z' + message: >- + The following tasks have failed: 0, see connectorStatus for more + details. + reason: Throwable + status: 'True' + type: NotReady + connectorStatus: + connector: + state: RUNNING + worker_id: >- + kafka-connect-cluster-connect-0.kafka-connect-cluster-connect.strimzi.svc:8083 + name: my-connector + tasks: + - id: 0 + state: FAILED + trace: "org.apache.kafka.connect.errors.ConnectException: Tolerance exceeded in error handler..." + worker_id: >- + kafka-connect-cluster-connect-0.kafka-connect-cluster-connect.strimzi.svc:8083 + type: source + observedGeneration: 1 + tasksMax: 1 + topics: [] \ No newline at end of file diff --git a/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/healthy.yaml b/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/healthy.yaml new file mode 100644 index 0000000000000..18f88ed67a140 --- /dev/null +++ b/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/healthy.yaml @@ -0,0 +1,43 @@ +apiVersion: kafka.strimzi.io/v1beta1 +kind: KafkaConnector +metadata: + creationTimestamp: "2020-02-13T14:03:15Z" + deletionGracePeriodSeconds: 0 + deletionTimestamp: "2020-05-28T10:29:44Z" + finalizers: + - foregroundDeletion + generation: 25 + labels: + app.kubernetes.io/instance: kafka-connect + strimzi.io/cluster: strimzi-connect-cluster + name: my-connector + namespace: strimzi + resourceVersion: "43088521" + selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkaconnector/kafka + uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 +spec: + class: org.apache.kafka.connect.file.FileStreamSourceConnector + tasksMax: 2 + config: + file: "/opt/kafka/LICENSE" + topic: my-topic +status: + conditions: + - lastTransitionTime: '2024-05-17T15:55:22.356665885Z' + status: 'True' + type: Ready + connectorStatus: + connector: + state: RUNNING + worker_id: >- + kafka-connect-cluster-connect-0.kafka-connect-cluster-connect.strimzi.svc:8083 + name: my-connector + tasks: + - id: 0 + state: RUNNING + worker_id: >- + kafka-connect-cluster-connect-0.kafka-connect-cluster-connect.strimzi.svc:8083 + type: source + observedGeneration: 1 + tasksMax: 1 + topics: [] \ No newline at end of file diff --git a/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/progressing_noStatus.yaml b/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/progressing_noStatus.yaml new file mode 100644 index 0000000000000..7dd14e5fc1241 --- /dev/null +++ b/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/progressing_noStatus.yaml @@ -0,0 +1,23 @@ +apiVersion: kafka.strimzi.io/v1beta1 +kind: KafkaConnector +metadata: + creationTimestamp: "2020-02-13T14:03:15Z" + deletionGracePeriodSeconds: 0 + deletionTimestamp: "2020-05-28T10:29:44Z" + finalizers: + - foregroundDeletion + generation: 25 + labels: + app.kubernetes.io/instance: kafka-connect + strimzi.io/cluster: strimzi-connect-cluster + name: my-connector + namespace: strimzi + resourceVersion: "43088521" + selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkaconnector/kafka + uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 +spec: + class: org.apache.kafka.connect.file.FileStreamSourceConnector + tasksMax: 2 + config: + file: "/opt/kafka/LICENSE" + topic: my-topic \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/health.lua b/resource_customizations/keda.sh/ScaledObject/health.lua new file mode 100644 index 0000000000000..84cc5ad17a433 --- /dev/null +++ b/resource_customizations/keda.sh/ScaledObject/health.lua @@ -0,0 +1,35 @@ +local hs = {} +local healthy = false +local degraded = false +local suspended = false +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.status == "False" and condition.type == "Ready" then + hs.message = condition.message + degraded = true + end + if condition.status == "True" and condition.type == "Ready" then + hs.message = condition.message + healthy = true + end + if condition.status == "True" and condition.type == "Paused" then + hs.message = condition.message + suspended = true + end + end + end +end +if degraded == true then + hs.status = "Degraded" + return hs +elseif healthy == true and suspended == false then + hs.status = "Healthy" + return hs +elseif healthy == true and suspended == true then + hs.status = "Suspended" + return hs +end +hs.status = "Progressing" +hs.message = "Creating HorizontalPodAutoscaler Object" +return hs \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/health_test.yaml b/resource_customizations/keda.sh/ScaledObject/health_test.yaml new file mode 100644 index 0000000000000..969334650ba14 --- /dev/null +++ b/resource_customizations/keda.sh/ScaledObject/health_test.yaml @@ -0,0 +1,21 @@ +tests: +- healthStatus: + status: Progressing + message: "Creating HorizontalPodAutoscaler Object" + inputPath: testdata/keda-progressing.yaml +- healthStatus: + status: Degraded + message: "ScaledObject doesn't have correct Idle/Min/Max Replica Counts specification" + inputPath: testdata/keda-degraded-1.yaml +- healthStatus: + status: Degraded + message: "ScaledObject doesn't have correct triggers specification" + inputPath: testdata/keda-degraded.yaml +- healthStatus: + status: Healthy + message: "ScaledObject is defined correctly and is ready for scaling" + inputPath: testdata/keda-healthy.yaml +- healthStatus: + status: Suspended + message: "ScaledObject is paused" + inputPath: testdata/keda-suspended.yaml diff --git a/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded-1.yaml b/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded-1.yaml new file mode 100644 index 0000000000000..3c3aba78a16a4 --- /dev/null +++ b/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded-1.yaml @@ -0,0 +1,52 @@ +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + annotations: + finalizers: + - finalizer.keda.sh + labels: + argocd.argoproj.io/instance: keda-default + name: keda + namespace: keda + resourceVersion: '160591442' + uid: 73ee438a-f383-43f3-9346-b901d9773f4b +spec: + maxReplicaCount: 3 + minReplicaCount: 0 + scaleTargetRef: + name: keda + triggers: + - metadata: + desiredReplicas: '1' + end: 00 17 * * 1-5 + start: 00 08 * * 1-5 + timezone: Europe/Stockholm + type: cron +status: + conditions: + - message: >- + ScaledObject doesn't have correct Idle/Min/Max Replica Counts specification + reason: ScaledObjectCheckFailed + status: 'False' + type: Ready + - message: ScaledObject check failed + reason: UnknownState + status: Unknown + type: Active + - message: No fallbacks are active on this scaled object + reason: NoFallbackFound + status: 'False' + type: Fallback + - status: Unknown + type: Paused + externalMetricNames: + - s0-cron-Europe-Stockholm-0008xx1-5-0019xx1-5 + hpaName: keda-hpa + lastActiveTime: '2023-12-18T17:59:55Z' + originalReplicaCount: 1 + scaleTargetGVKR: + group: apps + kind: Deployment + resource: deployments + version: v1 + scaleTargetKind: apps/v1.Deployment \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded.yaml b/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded.yaml new file mode 100644 index 0000000000000..4996905fed7f4 --- /dev/null +++ b/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded.yaml @@ -0,0 +1,51 @@ +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + annotations: + finalizers: + - finalizer.keda.sh + labels: + argocd.argoproj.io/instance: keda-default + name: keda + namespace: keda + resourceVersion: '160591442' + uid: 73ee438a-f383-43f3-9346-b901d9773f4b +spec: + maxReplicaCount: 3 + minReplicaCount: 0 + scaleTargetRef: + name: keda + triggers: + - metadata: + desiredReplicas: '1' + end: 00 17 * * 1-5 + start: 00 08 * * 1-5 + timezone: Europe/Stockholm + type: cron +status: + conditions: + - message: ScaledObject doesn't have correct triggers specification + reason: ScaledObjectCheckFailed + status: 'False' + type: Ready + - message: Scaling is not performed because triggers are not active + reason: ScalerNotActive + status: 'False' + type: Active + - message: No fallbacks are active on this scaled object + reason: NoFallbackFound + status: 'False' + type: Fallback + - status: Unknown + type: Paused + externalMetricNames: + - s0-cron-Europe-Stockholm-0008xx1-5-0019xx1-5 + hpaName: keda-hpa + lastActiveTime: '2023-12-18T17:59:55Z' + originalReplicaCount: 1 + scaleTargetGVKR: + group: apps + kind: Deployment + resource: deployments + version: v1 + scaleTargetKind: apps/v1.Deployment \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/testdata/keda-healthy.yaml b/resource_customizations/keda.sh/ScaledObject/testdata/keda-healthy.yaml new file mode 100644 index 0000000000000..38bd24dc1953f --- /dev/null +++ b/resource_customizations/keda.sh/ScaledObject/testdata/keda-healthy.yaml @@ -0,0 +1,51 @@ +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + annotations: + finalizers: + - finalizer.keda.sh + labels: + argocd.argoproj.io/instance: keda-default + name: keda + namespace: keda + resourceVersion: '160591442' + uid: 73ee438a-f383-43f3-9346-b901d9773f4b +spec: + maxReplicaCount: 3 + minReplicaCount: 0 + scaleTargetRef: + name: backstage + triggers: + - metadata: + desiredReplicas: '1' + end: 00 17 * * 1-5 + start: 00 08 * * 1-5 + timezone: Europe/Stockholm + type: cron +status: + conditions: + - message: ScaledObject is defined correctly and is ready for scaling + reason: ScaledObjectReady + status: 'True' + type: Ready + - message: Scaling is not performed because triggers are not active + reason: ScalerNotActive + status: 'False' + type: Active + - message: No fallbacks are active on this scaled object + reason: NoFallbackFound + status: 'False' + type: Fallback + - status: Unknown + type: Paused + externalMetricNames: + - s0-cron-Europe-Stockholm-0008xx1-5-0019xx1-5 + hpaName: keda-hpa-backstage-kambi-standard-chart + lastActiveTime: '2023-12-18T17:59:55Z' + originalReplicaCount: 1 + scaleTargetGVKR: + group: apps + kind: Deployment + resource: deployments + version: v1 + scaleTargetKind: apps/v1.Deployment \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/testdata/keda-progressing.yaml b/resource_customizations/keda.sh/ScaledObject/testdata/keda-progressing.yaml new file mode 100644 index 0000000000000..2206bfbff97f1 --- /dev/null +++ b/resource_customizations/keda.sh/ScaledObject/testdata/keda-progressing.yaml @@ -0,0 +1,30 @@ +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + annotations: + finalizers: + - finalizer.keda.sh + labels: + argocd.argoproj.io/instance: keda-default + name: keda + namespace: keda + resourceVersion: '160591442' + uid: 73ee438a-f383-43f3-9346-b901d9773f4b +spec: + maxReplicaCount: 3 + minReplicaCount: 0 + scaleTargetRef: + name: backstage + triggers: + - metadata: + desiredReplicas: '1' + end: 00 17 * * 1-5 + start: 00 08 * * 1-5 + timezone: Europe/Stockholm + type: cron +status: + conditions: + - message: Creating HorizontalPodAutoscaler Object + reason: Running + status: 'True' + type: Running \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/testdata/keda-suspended.yaml b/resource_customizations/keda.sh/ScaledObject/testdata/keda-suspended.yaml new file mode 100644 index 0000000000000..a2d0b2b5dcf67 --- /dev/null +++ b/resource_customizations/keda.sh/ScaledObject/testdata/keda-suspended.yaml @@ -0,0 +1,51 @@ +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + annotations: + finalizers: + - finalizer.keda.sh + labels: + argocd.argoproj.io/instance: keda-default + name: keda + namespace: keda + resourceVersion: '160591442' + uid: 73ee438a-f383-43f3-9346-b901d9773f4b +spec: + maxReplicaCount: 3 + minReplicaCount: 0 + scaleTargetRef: + name: backstage + triggers: + - metadata: + desiredReplicas: '1' + end: 00 17 * * 1-5 + start: 00 08 * * 1-5 + timezone: Europe/Stockholm + type: cron +status: + conditions: + - message: ScaledObject is defined correctly and is ready for scaling + reason: ScaledObjectReady + status: 'True' + type: Ready + - message: ScaledObject check failed + reason: UnknownState + status: Unknown + type: Active + - status: Unknown + type: Fallback + - message: ScaledObject is paused + reason: ScaledObjectPaused + status: 'True' + type: Paused + externalMetricNames: + - s0-cron-Europe-Stockholm-0008xx1-5-0019xx1-5 + hpaName: keda-hpa-backstage-kambi-standard-chart + lastActiveTime: '2023-12-18T17:59:55Z' + originalReplicaCount: 1 + scaleTargetGVKR: + group: apps + kind: Deployment + resource: deployments + version: v1 + scaleTargetKind: apps/v1.Deployment \ No newline at end of file diff --git a/resource_customizations/openfaas.com/Function/health.lua b/resource_customizations/openfaas.com/Function/health.lua new file mode 100644 index 0000000000000..df72e228b04fa --- /dev/null +++ b/resource_customizations/openfaas.com/Function/health.lua @@ -0,0 +1,31 @@ +hs = {} +if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Stalled" and condition.status == "True" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Ready" and condition.status == "True" then + if obj.status.replicas ~= nil and obj.status.replicas > 0 then + hs.status = "Healthy" + hs.message = condition.message + else + hs.status = "Suspended" + hs.message = "No replicas available" + end + return hs + end + end + end +end + +hs.status = "Progressing" +hs.message = "Waiting for Function" +return hs diff --git a/resource_customizations/openfaas.com/Function/health_test.yaml b/resource_customizations/openfaas.com/Function/health_test.yaml new file mode 100644 index 0000000000000..750089fac48ea --- /dev/null +++ b/resource_customizations/openfaas.com/Function/health_test.yaml @@ -0,0 +1,17 @@ +tests: +- healthStatus: + status: Progressing + message: "Waiting for Function" + inputPath: testdata/progressing.yaml +- healthStatus: + status: Degraded + message: "Secret missing: secrets \"missing-secret\" not found" + inputPath: testdata/degraded_no_secret.yaml +- healthStatus: + status: Healthy + message: "Deployment and service reconciled" + inputPath: testdata/healthy.yaml +- healthStatus: + status: Suspended + message: "No replicas available" + inputPath: testdata/suspended_zero_replicas.yaml diff --git a/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml b/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml new file mode 100644 index 0000000000000..a1c0c981f1176 --- /dev/null +++ b/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml @@ -0,0 +1,48 @@ +{ + "apiVersion": "openfaas.com/v1", + "kind": "Function", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"openfaas.com/v1\",\"kind\":\"Function\",\"metadata\":{\"annotations\":{},\"name\":\"env\",\"namespace\":\"openfaas-fn\"},\"spec\":{\"annotations\":{},\"environment\":{\"fprocess\":\"env\",\"test\":\"yes\"},\"image\":\"ghcr.io/openfaas/alpine:latest\",\"labels\":{},\"name\":\"env\",\"secrets\":[\"missing-secret\"]}}\n" + }, + "creationTimestamp": "2024-04-29T13:42:46Z", + "generation": 1, + "name": "env", + "namespace": "openfaas-fn", + "resourceVersion": "580675", + "uid": "7a00bc7b-eb01-4f6a-b5f7-7893422ace7d" + }, + "spec": { + "annotations": {}, + "environment": { + "fprocess": "env", + "test": "yes" + }, + "image": "ghcr.io/openfaas/alpine:latest", + "labels": {}, + "name": "env", + "secrets": [ + "missing-secret" + ] + }, + "status": { + "conditions": [ + { + "lastTransitionTime": "2024-04-29T13:42:46Z", + "message": "Function queued for creation", + "observedGeneration": 1, + "reason": "Reconciling", + "status": "True", + "type": "Reconciling" + }, + { + "lastTransitionTime": "2024-04-29T13:42:46Z", + "message": "Secret missing: secrets \"missing-secret\" not found", + "observedGeneration": 1, + "reason": "SecretMissing", + "status": "True", + "type": "Stalled" + } + ] + } +} diff --git a/resource_customizations/openfaas.com/Function/testdata/healthy.yaml b/resource_customizations/openfaas.com/Function/testdata/healthy.yaml new file mode 100644 index 0000000000000..7d09972561710 --- /dev/null +++ b/resource_customizations/openfaas.com/Function/testdata/healthy.yaml @@ -0,0 +1,36 @@ +apiVersion: openfaas.com/v1 +kind: Function +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} + creationTimestamp: "2024-04-29T13:38:50Z" + generation: 1 + name: env + namespace: openfaas-fn + resourceVersion: "580323" + uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 +spec: + annotations: {} + environment: + fprocess: env + test: "yes" + image: ghcr.io/openfaas/alpine:latest + labels: {} + name: env +status: + availableReplicas: 1 + conditions: + - lastTransitionTime: "2024-04-29T13:38:50Z" + message: Deployment and service reconciled + observedGeneration: 1 + reason: Ready + status: "True" + type: Ready + - lastTransitionTime: "2024-04-29T13:38:53Z" + message: At least one replica available + observedGeneration: 1 + reason: ReplicaAvailable + status: "True" + type: Healthy + replicas: 1 diff --git a/resource_customizations/openfaas.com/Function/testdata/progressing.yaml b/resource_customizations/openfaas.com/Function/testdata/progressing.yaml new file mode 100644 index 0000000000000..4b70ad08c19aa --- /dev/null +++ b/resource_customizations/openfaas.com/Function/testdata/progressing.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: openfaas.com/v1 +kind: Function +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} + creationTimestamp: "2024-04-29T13:38:50Z" + generation: 1 + name: env + namespace: openfaas-fn + resourceVersion: "580277" + uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 +spec: + annotations: {} + environment: + fprocess: env + test: "yes" + image: ghcr.io/openfaas/alpine:latest + labels: {} + name: env +status: + conditions: + - lastTransitionTime: "2024-04-29T13:38:50Z" + message: Function queued for creation + observedGeneration: 1 + reason: Reconciling + status: "True" + type: Reconciling +--- diff --git a/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml b/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml new file mode 100644 index 0000000000000..3307dfd8e4fe4 --- /dev/null +++ b/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: openfaas.com/v1 +kind: Function +metadata: + annotations: + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} + creationTimestamp: "2024-04-29T13:38:50Z" + generation: 1 + name: env + namespace: openfaas-fn + resourceVersion: "580543" + uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 +spec: + annotations: {} + environment: + fprocess: env + test: "yes" + image: ghcr.io/openfaas/alpine:latest + labels: {} + name: env +status: + conditions: + - lastTransitionTime: "2024-04-29T13:38:50Z" + message: Deployment and service reconciled + observedGeneration: 1 + reason: Ready + status: "True" + type: Ready + - lastTransitionTime: "2024-04-29T13:41:27Z" + message: At least one replica available + observedGeneration: 1 + reason: ReplicaAvailable + status: "False" + type: Healthy diff --git a/server/account/account_test.go b/server/account/account_test.go index d65c2e925b63d..367f3aa080767 100644 --- a/server/account/account_test.go +++ b/server/account/account_test.go @@ -82,7 +82,7 @@ func getAdminAccount(mgr *settings.SettingsManager) (*settings.Account, error) { func adminContext(ctx context.Context) context.Context { // nolint:staticcheck - return context.WithValue(ctx, "claims", &jwt.StandardClaims{Subject: "admin", Issuer: sessionutil.SessionManagerClaimsIssuer}) + return context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin", Issuer: sessionutil.SessionManagerClaimsIssuer}) } func ssoAdminContext(ctx context.Context, iat time.Time) context.Context { diff --git a/server/application/application.go b/server/application/application.go index 77c74783018c2..c1510a0debd12 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -34,7 +34,7 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/cache" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" argocommon "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" @@ -469,16 +469,16 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan } sources := make([]appv1.ApplicationSource, 0) + appSpec := a.Spec.DeepCopy() if a.Spec.HasMultipleSources() { numOfSources := int64(len(a.Spec.GetSources())) for i, pos := range q.SourcePositions { - if pos <= numOfSources { - a.Spec.Sources[pos-1].TargetRevision = q.Revisions[i] - } else { - return fmt.Errorf("source position cannot be greater than number of sources in the application") + if pos <= 0 || pos > numOfSources { + return fmt.Errorf("source position is out of range") } + appSpec.Sources[pos-1].TargetRevision = q.Revisions[i] } - sources = a.Spec.GetSources() + sources = appSpec.GetSources() } else { source := a.Spec.GetSource() if q.GetRevision() != "" { @@ -488,7 +488,7 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan } // Store the map of all sources having ref field into a map for applications with sources field - refSources, err := argo.GetRefSources(context.Background(), a.Spec, s.db) + refSources, err := argo.GetRefSources(context.Background(), *appSpec, s.db) if err != nil { return fmt.Errorf("failed to get ref sources: %v", err) } @@ -561,7 +561,7 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan manifestInfo.Manifests[i] = string(data) } } - manifests.Manifests = manifestInfo.Manifests + manifests.Manifests = append(manifests.Manifests, manifestInfo.Manifests...) } return manifests, nil @@ -1300,9 +1300,9 @@ func (s *Server) getCachedAppState(ctx context.Context, a *appv1.Application, ge return errors.New(argoutil.FormatAppConditions(conditions)) } _, err = s.Get(ctx, &application.ApplicationQuery{ - Name: pointer.String(a.GetName()), - AppNamespace: pointer.String(a.GetNamespace()), - Refresh: pointer.String(string(appv1.RefreshTypeNormal)), + Name: ptr.To(a.GetName()), + AppNamespace: ptr.To(a.GetNamespace()), + Refresh: ptr.To(string(appv1.RefreshTypeNormal)), }) if err != nil { return fmt.Errorf("error getting application by query: %w", err) @@ -1325,9 +1325,15 @@ func (s *Server) getAppResources(ctx context.Context, a *appv1.Application) (*ap func (s *Server) getAppLiveResource(ctx context.Context, action string, q *application.ApplicationResourceRequest) (*appv1.ResourceNode, *rest.Config, *appv1.Application, error) { a, _, err := s.getApplicationEnforceRBACInformer(ctx, action, q.GetProject(), q.GetAppNamespace(), q.GetName()) + if err == permissionDeniedErr && (action == rbacpolicy.ActionDelete || action == rbacpolicy.ActionUpdate) { + // If users dont have permission on the whole applications, maybe they have fine-grained access to the specific resources + action = fmt.Sprintf("%s/%s/%s/%s/%s", action, q.GetGroup(), q.GetKind(), q.GetNamespace(), q.GetResourceName()) + a, _, err = s.getApplicationEnforceRBACInformer(ctx, action, q.GetProject(), q.GetAppNamespace(), q.GetName()) + } if err != nil { return nil, nil, nil, err } + tree, err := s.getAppResources(ctx, a) if err != nil { return nil, nil, nil, fmt.Errorf("error getting app resources: %w", err) @@ -1574,10 +1580,10 @@ func (s *Server) PodLogs(q *application.ApplicationPodLogsQuery, ws application. var sinceSeconds, tailLines *int64 if q.GetSinceSeconds() > 0 { - sinceSeconds = pointer.Int64(q.GetSinceSeconds()) + sinceSeconds = ptr.To(q.GetSinceSeconds()) } if q.GetTailLines() > 0 { - tailLines = pointer.Int64(q.GetTailLines()) + tailLines = ptr.To(q.GetTailLines()) } var untilTime *metav1.Time if q.GetUntilTime() != "" { @@ -1698,10 +1704,10 @@ func (s *Server) PodLogs(q *application.ApplicationPodLogsQuery, ws application. ts := metav1.NewTime(entry.timeStamp) if untilTime != nil && entry.timeStamp.After(untilTime.Time) { done <- ws.Send(&application.LogEntry{ - Last: pointer.Bool(true), + Last: ptr.To(true), PodName: &entry.podName, Content: &entry.line, - TimeStampStr: pointer.String(entry.timeStamp.Format(time.RFC3339Nano)), + TimeStampStr: ptr.To(entry.timeStamp.Format(time.RFC3339Nano)), TimeStamp: &ts, }) return @@ -1710,9 +1716,9 @@ func (s *Server) PodLogs(q *application.ApplicationPodLogsQuery, ws application. if err := ws.Send(&application.LogEntry{ PodName: &entry.podName, Content: &entry.line, - TimeStampStr: pointer.String(entry.timeStamp.Format(time.RFC3339Nano)), + TimeStampStr: ptr.To(entry.timeStamp.Format(time.RFC3339Nano)), TimeStamp: &ts, - Last: pointer.Bool(false), + Last: ptr.To(false), }); err != nil { done <- err break @@ -1723,10 +1729,10 @@ func (s *Server) PodLogs(q *application.ApplicationPodLogsQuery, ws application. now := time.Now() nowTS := metav1.NewTime(now) done <- ws.Send(&application.LogEntry{ - Last: pointer.Bool(true), - PodName: pointer.String(""), - Content: pointer.String(""), - TimeStampStr: pointer.String(now.Format(time.RFC3339Nano)), + Last: ptr.To(true), + PodName: ptr.To(""), + Content: ptr.To(""), + TimeStampStr: ptr.To(now.Format(time.RFC3339Nano)), TimeStamp: &nowTS, }) }() @@ -1811,8 +1817,6 @@ func (s *Server) Sync(ctx context.Context, syncReq *application.ApplicationSyncR return nil, err } - source := a.Spec.GetSource() - if syncReq.Manifests != nil { if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplications, rbacpolicy.ActionOverride, a.RBACName(s.ns)); err != nil { return nil, err @@ -1824,14 +1828,10 @@ func (s *Server) Sync(ctx context.Context, syncReq *application.ApplicationSyncR if a.DeletionTimestamp != nil { return nil, status.Errorf(codes.FailedPrecondition, "application is deleting") } - if a.Spec.SyncPolicy != nil && a.Spec.SyncPolicy.Automated != nil && !syncReq.GetDryRun() { - if syncReq.GetRevision() != "" && syncReq.GetRevision() != text.FirstNonEmpty(source.TargetRevision, "HEAD") { - return nil, status.Errorf(codes.FailedPrecondition, "Cannot sync to %s: auto-sync currently set to %s", syncReq.GetRevision(), source.TargetRevision) - } - } - revision, displayRevision, err := s.resolveRevision(ctx, a, syncReq) + + revision, displayRevision, sourceRevisions, displayRevisions, err := s.resolveSourceRevisions(ctx, a, syncReq) if err != nil { - return nil, status.Errorf(codes.FailedPrecondition, err.Error()) + return nil, err } var retry *appv1.RetryStrategy @@ -1869,6 +1869,8 @@ func (s *Server) Sync(ctx context.Context, syncReq *application.ApplicationSyncR SyncStrategy: syncReq.Strategy, Resources: resources, Manifests: syncReq.Manifests, + Sources: a.Spec.Sources, + Revisions: sourceRevisions, }, InitiatedBy: appv1.OperationInitiator{Username: session.Username(ctx)}, Info: syncReq.Infos, @@ -1888,7 +1890,12 @@ func (s *Server) Sync(ctx context.Context, syncReq *application.ApplicationSyncR if len(syncReq.Resources) > 0 { partial = "partial " } - reason := fmt.Sprintf("initiated %ssync to %s", partial, displayRevision) + var reason string + if a.Spec.HasMultipleSources() { + reason = fmt.Sprintf("initiated %ssync to %s", partial, strings.Join(displayRevisions, ",")) + } else { + reason = fmt.Sprintf("initiated %ssync to %s", partial, displayRevision) + } if syncReq.Manifests != nil { reason = fmt.Sprintf("initiated %ssync locally", partial) } @@ -1896,6 +1903,48 @@ func (s *Server) Sync(ctx context.Context, syncReq *application.ApplicationSyncR return a, nil } +func (s *Server) resolveSourceRevisions(ctx context.Context, a *appv1.Application, syncReq *application.ApplicationSyncRequest) (string, string, []string, []string, error) { + if a.Spec.HasMultipleSources() { + numOfSources := int64(len(a.Spec.GetSources())) + sourceRevisions := make([]string, numOfSources) + displayRevisions := make([]string, numOfSources) + + sources := a.Spec.GetSources() + for i, pos := range syncReq.SourcePositions { + if pos <= 0 || pos > numOfSources { + return "", "", nil, nil, fmt.Errorf("source position is out of range") + } + sources[pos-1].TargetRevision = syncReq.Revisions[i] + } + for index, source := range sources { + if a.Spec.SyncPolicy != nil && a.Spec.SyncPolicy.Automated != nil && !syncReq.GetDryRun() { + if text.FirstNonEmpty(a.Spec.GetSources()[index].TargetRevision, "HEAD") != text.FirstNonEmpty(source.TargetRevision, "HEAD") { + return "", "", nil, nil, status.Errorf(codes.FailedPrecondition, "Cannot sync source %s to %s: auto-sync currently set to %s", source.RepoURL, source.TargetRevision, a.Spec.Sources[index].TargetRevision) + } + } + revision, displayRevision, err := s.resolveRevision(ctx, a, syncReq, index) + if err != nil { + return "", "", nil, nil, status.Errorf(codes.FailedPrecondition, err.Error()) + } + sourceRevisions[index] = revision + displayRevisions[index] = displayRevision + } + return "", "", sourceRevisions, displayRevisions, nil + } else { + source := a.Spec.GetSource() + if a.Spec.SyncPolicy != nil && a.Spec.SyncPolicy.Automated != nil && !syncReq.GetDryRun() { + if syncReq.GetRevision() != "" && syncReq.GetRevision() != text.FirstNonEmpty(source.TargetRevision, "HEAD") { + return "", "", nil, nil, status.Errorf(codes.FailedPrecondition, "Cannot sync to %s: auto-sync currently set to %s", syncReq.GetRevision(), source.TargetRevision) + } + } + revision, displayRevision, err := s.resolveRevision(ctx, a, syncReq, -1) + if err != nil { + return "", "", nil, nil, status.Errorf(codes.FailedPrecondition, err.Error()) + } + return revision, displayRevision, nil, nil, nil + } +} + func (s *Server) Rollback(ctx context.Context, rollbackReq *application.ApplicationRollbackRequest) (*appv1.Application, error) { a, _, err := s.getApplicationEnforceRBACClient(ctx, rbacpolicy.ActionSync, rollbackReq.GetProject(), rollbackReq.GetAppNamespace(), rollbackReq.GetName(), "") if err != nil { @@ -2068,17 +2117,41 @@ func (s *Server) ListResourceLinks(ctx context.Context, req *application.Applica return finalList, nil } +func getAmbiguousRevision(app *appv1.Application, syncReq *application.ApplicationSyncRequest, sourceIndex int) string { + ambiguousRevision := "" + if app.Spec.HasMultipleSources() { + for i, pos := range syncReq.SourcePositions { + if pos == int64(sourceIndex) { + ambiguousRevision = syncReq.Revisions[i] + } + } + if ambiguousRevision == "" { + ambiguousRevision = app.Spec.Sources[sourceIndex].TargetRevision + } + } else { + ambiguousRevision = syncReq.GetRevision() + if ambiguousRevision == "" { + ambiguousRevision = app.Spec.GetSource().TargetRevision + } + } + return ambiguousRevision +} + // resolveRevision resolves the revision specified either in the sync request, or the // application source, into a concrete revision that will be used for a sync operation. -func (s *Server) resolveRevision(ctx context.Context, app *appv1.Application, syncReq *application.ApplicationSyncRequest) (string, string, error) { +func (s *Server) resolveRevision(ctx context.Context, app *appv1.Application, syncReq *application.ApplicationSyncRequest, sourceIndex int) (string, string, error) { if syncReq.Manifests != nil { return "", "", nil } - ambiguousRevision := syncReq.GetRevision() - if ambiguousRevision == "" { - ambiguousRevision = app.Spec.GetSource().TargetRevision + + ambiguousRevision := getAmbiguousRevision(app, syncReq, sourceIndex) + + repoUrl := app.Spec.GetSource().RepoURL + if app.Spec.HasMultipleSources() { + repoUrl = app.Spec.Sources[sourceIndex].RepoURL } - repo, err := s.db.GetRepository(ctx, app.Spec.GetSource().RepoURL) + + repo, err := s.db.GetRepository(ctx, repoUrl) if err != nil { return "", "", fmt.Errorf("error getting repository by URL: %w", err) } @@ -2088,7 +2161,7 @@ func (s *Server) resolveRevision(ctx context.Context, app *appv1.Application, sy } defer ioutil.Close(conn) - source := app.Spec.GetSource() + source := app.Spec.GetSourcePtrByIndex(sourceIndex) if !source.IsHelm() { if git.IsCommitSHA(ambiguousRevision) { // If it's already a commit SHA, then no need to look it up @@ -2100,6 +2173,7 @@ func (s *Server) resolveRevision(ctx context.Context, app *appv1.Application, sy Repo: repo, App: app, AmbiguousRevision: ambiguousRevision, + SourceIndex: int64(sourceIndex), }) if err != nil { return "", "", fmt.Errorf("error resolving repo revision: %w", err) diff --git a/server/application/application.proto b/server/application/application.proto index c01c09a9a8ace..2a70e1c518c09 100644 --- a/server/application/application.proto +++ b/server/application/application.proto @@ -131,6 +131,8 @@ message ApplicationSyncRequest { optional SyncOptions syncOptions = 11; optional string appNamespace = 12; optional string project = 13; + repeated int64 sourcePositions = 14; + repeated string revisions = 15; } // ApplicationUpdateSpecRequest is a request to update application spec diff --git a/server/application/application_test.go b/server/application/application_test.go index e82a011895544..d084022beea6f 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -37,12 +37,13 @@ import ( "k8s.io/client-go/rest" kubetesting "k8s.io/client-go/testing" k8scache "k8s.io/client-go/tools/cache" - "k8s.io/utils/pointer" + "k8s.io/utils/ptr" "sigs.k8s.io/yaml" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" appsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" apps "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake" appinformer "github.com/argoproj/argo-cd/v2/pkg/client/informers/externalversions" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" @@ -243,7 +244,7 @@ func newTestAppServerWithEnforcerConfigure(f func(*rbac.Enforcer), t *testing.T, } }() }) - broadcaster.On("OnAdd", mock.Anything).Return() + broadcaster.On("OnAdd", mock.Anything, mock.Anything).Return() broadcaster.On("OnUpdate", mock.Anything, mock.Anything).Return() broadcaster.On("OnDelete", mock.Anything).Return() @@ -423,7 +424,7 @@ func newTestAppServerWithEnforcerConfigureWithBenchmark(f func(*rbac.Enforcer), } }() }) - broadcaster.On("OnAdd", mock.Anything).Return() + broadcaster.On("OnAdd", mock.Anything, mock.Anything).Return() broadcaster.On("OnUpdate", mock.Anything, mock.Anything).Return() broadcaster.On("OnDelete", mock.Anything).Return() @@ -607,9 +608,9 @@ func (t *TestServerStream) Recv() (*application.ApplicationManifestQueryWithFile t.headerSent = true return &application.ApplicationManifestQueryWithFilesWrapper{Part: &application.ApplicationManifestQueryWithFilesWrapper_Query{ Query: &application.ApplicationManifestQueryWithFiles{ - Name: pointer.String(t.appName), - Project: pointer.String(t.project), - Checksum: pointer.String(""), + Name: ptr.To(t.appName), + Project: ptr.To(t.project), + Checksum: ptr.To(""), }, }}, nil } @@ -761,58 +762,58 @@ func TestNoAppEnumeration(t *testing.T) { t.Run("Get", func(t *testing.T) { // nolint:staticcheck - _, err := appServer.Get(adminCtx, &application.ApplicationQuery{Name: pointer.String("test")}) + _, err := appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("test")}) assert.NoError(t, err) // nolint:staticcheck - _, err = appServer.Get(noRoleCtx, &application.ApplicationQuery{Name: pointer.String("test")}) + _, err = appServer.Get(noRoleCtx, &application.ApplicationQuery{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") // nolint:staticcheck - _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: pointer.String("doest-not-exist")}) + _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") // nolint:staticcheck - _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: pointer.String("doest-not-exist"), Project: []string{"test"}}) + _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("doest-not-exist"), Project: []string{"test"}}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("GetManifests", func(t *testing.T) { - _, err := appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: pointer.String("test")}) + _, err := appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.GetManifests(noRoleCtx, &application.ApplicationManifestQuery{Name: pointer.String("test")}) + _, err = appServer.GetManifests(noRoleCtx, &application.ApplicationManifestQuery{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: pointer.String("doest-not-exist")}) + _, err = appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListResourceEvents", func(t *testing.T) { - _, err := appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: pointer.String("test")}) + _, err := appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.ListResourceEvents(noRoleCtx, &application.ApplicationResourceEventsQuery{Name: pointer.String("test")}) + _, err = appServer.ListResourceEvents(noRoleCtx, &application.ApplicationResourceEventsQuery{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: pointer.String("doest-not-exist")}) + _, err = appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("UpdateSpec", func(t *testing.T) { - _, err := appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: pointer.String("test"), Spec: &appsv1.ApplicationSpec{ + _, err := appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: ptr.To("test"), Spec: &appsv1.ApplicationSpec{ Destination: appsv1.ApplicationDestination{Namespace: "default", Server: "https://cluster-api.example.com"}, Source: &appsv1.ApplicationSource{RepoURL: "https://some-fake-source", Path: "."}, }}) assert.NoError(t, err) - _, err = appServer.UpdateSpec(noRoleCtx, &application.ApplicationUpdateSpecRequest{Name: pointer.String("test"), Spec: &appsv1.ApplicationSpec{ + _, err = appServer.UpdateSpec(noRoleCtx, &application.ApplicationUpdateSpecRequest{Name: ptr.To("test"), Spec: &appsv1.ApplicationSpec{ Destination: appsv1.ApplicationDestination{Namespace: "default", Server: "https://cluster-api.example.com"}, Source: &appsv1.ApplicationSource{RepoURL: "https://some-fake-source", Path: "."}, }}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: pointer.String("doest-not-exist"), Spec: &appsv1.ApplicationSpec{ + _, err = appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: ptr.To("doest-not-exist"), Spec: &appsv1.ApplicationSpec{ Destination: appsv1.ApplicationDestination{Namespace: "default", Server: "https://cluster-api.example.com"}, Source: &appsv1.ApplicationSource{RepoURL: "https://some-fake-source", Path: "."}, }}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), Spec: &appsv1.ApplicationSpec{ + _, err = appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test"), Spec: &appsv1.ApplicationSpec{ Destination: appsv1.ApplicationDestination{Namespace: "default", Server: "https://cluster-api.example.com"}, Source: &appsv1.ApplicationSource{RepoURL: "https://some-fake-source", Path: "."}, }}) @@ -820,103 +821,103 @@ func TestNoAppEnumeration(t *testing.T) { }) t.Run("Patch", func(t *testing.T) { - _, err := appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/source/path", "value": "foo"}]`)}) + _, err := appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/source/path", "value": "foo"}]`)}) assert.NoError(t, err) - _, err = appServer.Patch(noRoleCtx, &application.ApplicationPatchRequest{Name: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/source/path", "value": "foo"}]`)}) + _, err = appServer.Patch(noRoleCtx, &application.ApplicationPatchRequest{Name: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/source/path", "value": "foo"}]`)}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: pointer.String("doest-not-exist")}) + _, err = appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("GetResource", func(t *testing.T) { - _, err := appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err := appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.GetResource(noRoleCtx, &application.ApplicationResourceRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err = appServer.GetResource(noRoleCtx, &application.ApplicationResourceRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err = appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("doest-not-exist"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err = appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("PatchResource", func(t *testing.T) { - _, err := appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) + _, err := appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) // This will always throw an error, because the kubectl mock for PatchResource is hard-coded to return nil. // The best we can do is to confirm we get past the permission check. assert.NotEqual(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.PatchResource(noRoleCtx, &application.ApplicationResourcePatchRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) + _, err = appServer.PatchResource(noRoleCtx, &application.ApplicationResourcePatchRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: pointer.String("doest-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) + _, err = appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: ptr.To("doest-not-exist"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) + _, err = appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("DeleteResource", func(t *testing.T) { - _, err := appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err := appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.DeleteResource(noRoleCtx, &application.ApplicationResourceDeleteRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err = appServer.DeleteResource(noRoleCtx, &application.ApplicationResourceDeleteRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: pointer.String("doest-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err = appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: ptr.To("doest-not-exist"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err = appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ResourceTree", func(t *testing.T) { - _, err := appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("test")}) + _, err := appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.ResourceTree(noRoleCtx, &application.ResourcesQuery{ApplicationName: pointer.String("test")}) + _, err = appServer.ResourceTree(noRoleCtx, &application.ResourcesQuery{ApplicationName: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist")}) + _, err = appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("RevisionMetadata", func(t *testing.T) { - _, err := appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("test")}) + _, err := appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.RevisionMetadata(noRoleCtx, &application.RevisionMetadataQuery{Name: pointer.String("test")}) + _, err = appServer.RevisionMetadata(noRoleCtx, &application.RevisionMetadataQuery{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist")}) + _, err = appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("RevisionChartDetails", func(t *testing.T) { - _, err := appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("test-helm")}) + _, err := appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("test-helm")}) assert.NoError(t, err) - _, err = appServer.RevisionChartDetails(noRoleCtx, &application.RevisionMetadataQuery{Name: pointer.String("test-helm")}) + _, err = appServer.RevisionChartDetails(noRoleCtx, &application.RevisionMetadataQuery{Name: ptr.To("test-helm")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist")}) + _, err = appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ManagedResources", func(t *testing.T) { - _, err := appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("test")}) + _, err := appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.ManagedResources(noRoleCtx, &application.ResourcesQuery{ApplicationName: pointer.String("test")}) + _, err = appServer.ManagedResources(noRoleCtx, &application.ResourcesQuery{ApplicationName: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist")}) + _, err = appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("Sync", func(t *testing.T) { - _, err := appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: pointer.String("test")}) + _, err := appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.Sync(noRoleCtx, &application.ApplicationSyncRequest{Name: pointer.String("test")}) + _, err = appServer.Sync(noRoleCtx, &application.ApplicationSyncRequest{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: pointer.String("doest-not-exist")}) + _, err = appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) @@ -924,62 +925,62 @@ func TestNoAppEnumeration(t *testing.T) { // The sync operation is already started from the previous test. We just need to set the field that the // controller would set if this were an actual Argo CD environment. setSyncRunningOperationState(t, appServer) - _, err := appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: pointer.String("test")}) + _, err := appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.TerminateOperation(noRoleCtx, &application.OperationTerminateRequest{Name: pointer.String("test")}) + _, err = appServer.TerminateOperation(noRoleCtx, &application.OperationTerminateRequest{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: pointer.String("doest-not-exist")}) + _, err = appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("Rollback", func(t *testing.T) { unsetSyncRunningOperationState(t, appServer) - _, err := appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: pointer.String("test")}) + _, err := appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.Rollback(noRoleCtx, &application.ApplicationRollbackRequest{Name: pointer.String("test")}) + _, err = appServer.Rollback(noRoleCtx, &application.ApplicationRollbackRequest{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: pointer.String("doest-not-exist")}) + _, err = appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListResourceActions", func(t *testing.T) { - _, err := appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err := appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.ListResourceActions(noRoleCtx, &application.ApplicationResourceRequest{Name: pointer.String("test")}) + _, err = appServer.ListResourceActions(noRoleCtx, &application.ApplicationResourceRequest{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceActions(noRoleCtx, &application.ApplicationResourceRequest{Group: pointer.String("argoproj.io"), Kind: pointer.String("Application"), Name: pointer.String("test")}) + _, err = appServer.ListResourceActions(noRoleCtx, &application.ApplicationResourceRequest{Group: ptr.To("argoproj.io"), Kind: ptr.To("Application"), Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist")}) + _, err = appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("RunResourceAction", func(t *testing.T) { - _, err := appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Action: pointer.String("restart")}) + _, err := appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Action: ptr.To("restart")}) assert.NoError(t, err) - _, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Name: pointer.String("test")}) + _, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Group: pointer.String("argoproj.io"), Kind: pointer.String("Application"), Name: pointer.String("test")}) + _, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Group: ptr.To("argoproj.io"), Kind: ptr.To("Application"), Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: pointer.String("doest-not-exist")}) + _, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("GetApplicationSyncWindows", func(t *testing.T) { - _, err := appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: pointer.String("test")}) + _, err := appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.GetApplicationSyncWindows(noRoleCtx, &application.ApplicationSyncWindowsQuery{Name: pointer.String("test")}) + _, err = appServer.GetApplicationSyncWindows(noRoleCtx, &application.ApplicationSyncWindowsQuery{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: pointer.String("doest-not-exist")}) + _, err = appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) @@ -995,58 +996,58 @@ func TestNoAppEnumeration(t *testing.T) { }) t.Run("WatchResourceTree", func(t *testing.T) { - err := appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: pointer.String("test")}, &TestResourceTreeServer{ctx: adminCtx}) + err := appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: ptr.To("test")}, &TestResourceTreeServer{ctx: adminCtx}) assert.NoError(t, err) - err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: pointer.String("test")}, &TestResourceTreeServer{ctx: noRoleCtx}) + err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: ptr.To("test")}, &TestResourceTreeServer{ctx: noRoleCtx}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: pointer.String("does-not-exist")}, &TestResourceTreeServer{ctx: adminCtx}) + err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: ptr.To("does-not-exist")}, &TestResourceTreeServer{ctx: adminCtx}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: pointer.String("does-not-exist"), Project: pointer.String("test")}, &TestResourceTreeServer{ctx: adminCtx}) + err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: ptr.To("does-not-exist"), Project: ptr.To("test")}, &TestResourceTreeServer{ctx: adminCtx}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("PodLogs", func(t *testing.T) { - err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("test")}, &TestPodLogsServer{ctx: adminCtx}) + err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("test")}, &TestPodLogsServer{ctx: adminCtx}) assert.NoError(t, err) - err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("test")}, &TestPodLogsServer{ctx: noRoleCtx}) + err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("test")}, &TestPodLogsServer{ctx: noRoleCtx}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("does-not-exist")}, &TestPodLogsServer{ctx: adminCtx}) + err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("does-not-exist")}, &TestPodLogsServer{ctx: adminCtx}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("does-not-exist"), Project: pointer.String("test")}, &TestPodLogsServer{ctx: adminCtx}) + err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("does-not-exist"), Project: ptr.To("test")}, &TestPodLogsServer{ctx: adminCtx}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListLinks", func(t *testing.T) { - _, err := appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: pointer.String("test")}) + _, err := appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.ListLinks(noRoleCtx, &application.ListAppLinksRequest{Name: pointer.String("test")}) + _, err = appServer.ListLinks(noRoleCtx, &application.ListAppLinksRequest{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: pointer.String("does-not-exist")}) + _, err = appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: ptr.To("does-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: pointer.String("does-not-exist"), Project: pointer.String("test")}) + _, err = appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: ptr.To("does-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListResourceLinks", func(t *testing.T) { - _, err := appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err := appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.ListResourceLinks(noRoleCtx, &application.ApplicationResourceRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err = appServer.ListResourceLinks(noRoleCtx, &application.ApplicationResourceRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("does-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + _, err = appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("does-not-exist"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("does-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Project: pointer.String("test")}) + _, err = appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("does-not-exist"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) // Do this last so other stuff doesn't fail. t.Run("Delete", func(t *testing.T) { - _, err := appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: pointer.String("test")}) + _, err := appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: ptr.To("test")}) assert.NoError(t, err) - _, err = appServer.Delete(noRoleCtx, &application.ApplicationDeleteRequest{Name: pointer.String("test")}) + _, err = appServer.Delete(noRoleCtx, &application.ApplicationDeleteRequest{Name: ptr.To("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: pointer.String("doest-not-exist")}) + _, err = appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: ptr.To("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) + _, err = appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) } @@ -1577,6 +1578,132 @@ func TestDeleteApp(t *testing.T) { }) } +func TestDeleteResourcesRBAC(t *testing.T) { + ctx := context.Background() + // nolint:staticcheck + ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "test-user"}) + testApp := newTestApp() + appServer := newTestAppServer(t, testApp) + appServer.enf.SetDefaultRole("") + + req := application.ApplicationResourceDeleteRequest{ + Name: &testApp.Name, + AppNamespace: &testApp.Namespace, + Group: strToPtr("fake.io"), + Kind: strToPtr("PodTest"), + Namespace: strToPtr("fake-ns"), + ResourceName: strToPtr("my-pod-test"), + } + + expectedErrorWhenDeleteAllowed := "rpc error: code = InvalidArgument desc = PodTest fake.io my-pod-test not found as part of application test-app" + + t.Run("delete with application permission", func(t *testing.T) { + _ = appServer.enf.SetBuiltinPolicy(` +p, test-user, applications, delete, default/test-app, allow +`) + _, err := appServer.DeleteResource(ctx, &req) + assert.Equal(t, expectedErrorWhenDeleteAllowed, err.Error()) + }) + + t.Run("delete with application permission but deny subresource", func(t *testing.T) { + _ = appServer.enf.SetBuiltinPolicy(` +p, test-user, applications, delete, default/test-app, allow +p, test-user, applications, delete/*, default/test-app, deny +`) + _, err := appServer.DeleteResource(ctx, &req) + assert.Equal(t, expectedErrorWhenDeleteAllowed, err.Error()) + }) + + t.Run("delete with subresource", func(t *testing.T) { + _ = appServer.enf.SetBuiltinPolicy(` +p, test-user, applications, delete/*, default/test-app, allow +`) + _, err := appServer.DeleteResource(ctx, &req) + assert.Equal(t, expectedErrorWhenDeleteAllowed, err.Error()) + }) + + t.Run("delete with subresource but deny applications", func(t *testing.T) { + _ = appServer.enf.SetBuiltinPolicy(` +p, test-user, applications, delete, default/test-app, deny +p, test-user, applications, delete/*, default/test-app, allow +`) + _, err := appServer.DeleteResource(ctx, &req) + assert.Equal(t, expectedErrorWhenDeleteAllowed, err.Error()) + }) + + t.Run("delete with specific subresource denied", func(t *testing.T) { + _ = appServer.enf.SetBuiltinPolicy(` +p, test-user, applications, delete/*, default/test-app, allow +p, test-user, applications, delete/fake.io/PodTest/*, default/test-app, deny +`) + _, err := appServer.DeleteResource(ctx, &req) + assert.Equal(t, codes.PermissionDenied.String(), status.Code(err).String()) + }) +} + +func TestPatchResourcesRBAC(t *testing.T) { + ctx := context.Background() + // nolint:staticcheck + ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "test-user"}) + testApp := newTestApp() + appServer := newTestAppServer(t, testApp) + appServer.enf.SetDefaultRole("") + + req := application.ApplicationResourcePatchRequest{ + Name: &testApp.Name, + AppNamespace: &testApp.Namespace, + Group: strToPtr("fake.io"), + Kind: strToPtr("PodTest"), + Namespace: strToPtr("fake-ns"), + ResourceName: strToPtr("my-pod-test"), + } + + expectedErrorWhenUpdateAllowed := "rpc error: code = InvalidArgument desc = PodTest fake.io my-pod-test not found as part of application test-app" + + t.Run("patch with application permission", func(t *testing.T) { + _ = appServer.enf.SetBuiltinPolicy(` +p, test-user, applications, update, default/test-app, allow +`) + _, err := appServer.PatchResource(ctx, &req) + assert.Equal(t, expectedErrorWhenUpdateAllowed, err.Error()) + }) + + t.Run("patch with application permission but deny subresource", func(t *testing.T) { + _ = appServer.enf.SetBuiltinPolicy(` +p, test-user, applications, update, default/test-app, allow +p, test-user, applications, update/*, default/test-app, deny +`) + _, err := appServer.PatchResource(ctx, &req) + assert.Equal(t, expectedErrorWhenUpdateAllowed, err.Error()) + }) + + t.Run("patch with subresource", func(t *testing.T) { + _ = appServer.enf.SetBuiltinPolicy(` +p, test-user, applications, update/*, default/test-app, allow +`) + _, err := appServer.PatchResource(ctx, &req) + assert.Equal(t, expectedErrorWhenUpdateAllowed, err.Error()) + }) + + t.Run("patch with subresource but deny applications", func(t *testing.T) { + _ = appServer.enf.SetBuiltinPolicy(` +p, test-user, applications, update, default/test-app, deny +p, test-user, applications, update/*, default/test-app, allow +`) + _, err := appServer.PatchResource(ctx, &req) + assert.Equal(t, expectedErrorWhenUpdateAllowed, err.Error()) + }) + + t.Run("patch with specific subresource denied", func(t *testing.T) { + _ = appServer.enf.SetBuiltinPolicy(` +p, test-user, applications, update/*, default/test-app, allow +p, test-user, applications, update/fake.io/PodTest/*, default/test-app, deny +`) + _, err := appServer.PatchResource(ctx, &req) + assert.Equal(t, codes.PermissionDenied.String(), status.Code(err).String()) + }) +} + func TestSyncAndTerminate(t *testing.T) { ctx := context.Background() appServer := newTestAppServer(t) @@ -1680,7 +1807,7 @@ func TestRollbackApp(t *testing.T) { updatedApp, err := appServer.Rollback(context.Background(), &application.ApplicationRollbackRequest{ Name: &testApp.Name, - Id: pointer.Int64(1), + Id: ptr.To(int64(1)), }) assert.Nil(t, err) @@ -1695,7 +1822,7 @@ func TestUpdateAppProject(t *testing.T) { testApp := newTestApp() ctx := context.Background() // nolint:staticcheck - ctx = context.WithValue(ctx, "claims", &jwt.StandardClaims{Subject: "admin"}) + ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin"}) appServer := newTestAppServer(t, testApp) appServer.enf.SetDefaultRole("") @@ -1759,23 +1886,23 @@ func TestAppJsonPatch(t *testing.T) { testApp := newTestAppWithAnnotations() ctx := context.Background() // nolint:staticcheck - ctx = context.WithValue(ctx, "claims", &jwt.StandardClaims{Subject: "admin"}) + ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin"}) appServer := newTestAppServer(t, testApp) appServer.enf.SetDefaultRole("") - app, err := appServer.Patch(ctx, &application.ApplicationPatchRequest{Name: &testApp.Name, Patch: pointer.String("garbage")}) + app, err := appServer.Patch(ctx, &application.ApplicationPatchRequest{Name: &testApp.Name, Patch: ptr.To("garbage")}) assert.Error(t, err) assert.Nil(t, app) - app, err = appServer.Patch(ctx, &application.ApplicationPatchRequest{Name: &testApp.Name, Patch: pointer.String("[]")}) + app, err = appServer.Patch(ctx, &application.ApplicationPatchRequest{Name: &testApp.Name, Patch: ptr.To("[]")}) assert.NoError(t, err) assert.NotNil(t, app) - app, err = appServer.Patch(ctx, &application.ApplicationPatchRequest{Name: &testApp.Name, Patch: pointer.String(`[{"op": "replace", "path": "/spec/source/path", "value": "foo"}]`)}) + app, err = appServer.Patch(ctx, &application.ApplicationPatchRequest{Name: &testApp.Name, Patch: ptr.To(`[{"op": "replace", "path": "/spec/source/path", "value": "foo"}]`)}) assert.NoError(t, err) assert.Equal(t, "foo", app.Spec.Source.Path) - app, err = appServer.Patch(ctx, &application.ApplicationPatchRequest{Name: &testApp.Name, Patch: pointer.String(`[{"op": "remove", "path": "/metadata/annotations/test.annotation"}]`)}) + app, err = appServer.Patch(ctx, &application.ApplicationPatchRequest{Name: &testApp.Name, Patch: ptr.To(`[{"op": "remove", "path": "/metadata/annotations/test.annotation"}]`)}) assert.NoError(t, err) assert.NotContains(t, app.Annotations, "test.annotation") } @@ -1784,12 +1911,12 @@ func TestAppMergePatch(t *testing.T) { testApp := newTestApp() ctx := context.Background() // nolint:staticcheck - ctx = context.WithValue(ctx, "claims", &jwt.StandardClaims{Subject: "admin"}) + ctx = context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin"}) appServer := newTestAppServer(t, testApp) appServer.enf.SetDefaultRole("") app, err := appServer.Patch(ctx, &application.ApplicationPatchRequest{ - Name: &testApp.Name, Patch: pointer.String(`{"spec": { "source": { "path": "foo" } }}`), PatchType: pointer.String("merge")}) + Name: &testApp.Name, Patch: ptr.To(`{"spec": { "source": { "path": "foo" } }}`), PatchType: ptr.To("merge")}) assert.NoError(t, err) assert.Equal(t, "foo", app.Spec.Source.Path) } @@ -1997,7 +2124,7 @@ func TestMaxPodLogsRender(t *testing.T) { appServer, adminCtx := createAppServerWithMaxLodLogs(t, podNumber) t.Run("PodLogs", func(t *testing.T) { - err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("test")}, &TestPodLogsServer{ctx: adminCtx}) + err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("test")}, &TestPodLogsServer{ctx: adminCtx}) statusCode, _ := status.FromError(err) assert.Equal(t, codes.OK, statusCode.Code()) }) @@ -2007,7 +2134,7 @@ func TestMaxPodLogsRender(t *testing.T) { appServer, adminCtx = createAppServerWithMaxLodLogs(t, podNumber) t.Run("PodLogs", func(t *testing.T) { - err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("test")}, &TestPodLogsServer{ctx: adminCtx}) + err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("test")}, &TestPodLogsServer{ctx: adminCtx}) assert.NotNil(t, err) statusCode, _ := status.FromError(err) assert.Equal(t, codes.InvalidArgument, statusCode.Code()) @@ -2020,7 +2147,7 @@ func TestMaxPodLogsRender(t *testing.T) { appServer, adminCtx = createAppServerWithMaxLodLogs(t, podNumber, customMaxPodLogsToRender) t.Run("PodLogs", func(t *testing.T) { - err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("test")}, &TestPodLogsServer{ctx: adminCtx}) + err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("test")}, &TestPodLogsServer{ctx: adminCtx}) statusCode, _ := status.FromError(err) assert.Equal(t, codes.OK, statusCode.Code()) }) @@ -2031,7 +2158,7 @@ func TestMaxPodLogsRender(t *testing.T) { appServer, adminCtx = createAppServerWithMaxLodLogs(t, podNumber, customMaxPodLogsToRender) t.Run("PodLogs", func(t *testing.T) { - err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("test")}, &TestPodLogsServer{ctx: adminCtx}) + err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("test")}, &TestPodLogsServer{ctx: adminCtx}) assert.NotNil(t, err) statusCode, _ := status.FromError(err) assert.Equal(t, codes.InvalidArgument, statusCode.Code()) @@ -2125,7 +2252,7 @@ func TestGetAppRefresh_NormalRefresh(t *testing.T) { _, err := appServer.Get(context.Background(), &application.ApplicationQuery{ Name: &testApp.Name, - Refresh: pointer.String(string(appsv1.RefreshTypeNormal)), + Refresh: ptr.To(string(appsv1.RefreshTypeNormal)), }) assert.NoError(t, err) @@ -2161,7 +2288,7 @@ func TestGetAppRefresh_HardRefresh(t *testing.T) { _, err := appServer.Get(context.Background(), &application.ApplicationQuery{ Name: &testApp.Name, - Refresh: pointer.String(string(appsv1.RefreshTypeHard)), + Refresh: ptr.To(string(appsv1.RefreshTypeHard)), }) assert.NoError(t, err) require.NotNil(t, getAppDetailsQuery) @@ -2492,7 +2619,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { testApp2 := newTestApp() testApp2.Namespace = "argocd-1" appServer := newTestAppServer(t, testApp1, testApp2) - apps, err := appServer.List(context.TODO(), &application.ApplicationQuery{AppNamespace: pointer.String("argocd-1")}) + apps, err := appServer.List(context.TODO(), &application.ApplicationQuery{AppNamespace: ptr.To("argocd-1")}) require.NoError(t, err) require.Len(t, apps.Items, 0) }) @@ -2511,7 +2638,7 @@ func TestAppNamespaceRestrictions(t *testing.T) { testApp := newTestApp() appServer := newTestAppServer(t, testApp) app, err := appServer.Get(context.TODO(), &application.ApplicationQuery{ - Name: pointer.String("test-app"), + Name: ptr.To("test-app"), }) require.NoError(t, err) assert.Equal(t, "test-app", app.GetName()) @@ -2521,8 +2648,8 @@ func TestAppNamespaceRestrictions(t *testing.T) { testApp.Namespace = "argocd-1" appServer := newTestAppServer(t, testApp) app, err := appServer.Get(context.TODO(), &application.ApplicationQuery{ - Name: pointer.String("test-app"), - AppNamespace: pointer.String("argocd-1"), + Name: ptr.To("test-app"), + AppNamespace: ptr.To("argocd-1"), }) require.Error(t, err) require.ErrorContains(t, err, "permission denied") @@ -2543,8 +2670,8 @@ func TestAppNamespaceRestrictions(t *testing.T) { appServer := newTestAppServer(t, testApp, otherNsProj) appServer.enabledNamespaces = []string{"argocd-1"} app, err := appServer.Get(context.TODO(), &application.ApplicationQuery{ - Name: pointer.String("test-app"), - AppNamespace: pointer.String("argocd-1"), + Name: ptr.To("test-app"), + AppNamespace: ptr.To("argocd-1"), }) require.NoError(t, err) require.NotNil(t, app) @@ -2566,8 +2693,8 @@ func TestAppNamespaceRestrictions(t *testing.T) { appServer := newTestAppServer(t, testApp, otherNsProj) appServer.enabledNamespaces = []string{"argocd-1"} app, err := appServer.Get(context.TODO(), &application.ApplicationQuery{ - Name: pointer.String("test-app"), - AppNamespace: pointer.String("argocd-1"), + Name: ptr.To("test-app"), + AppNamespace: ptr.To("argocd-1"), }) require.Error(t, err) require.Nil(t, app) @@ -2691,8 +2818,8 @@ func TestAppNamespaceRestrictions(t *testing.T) { appServer := newTestAppServer(t, testApp, otherNsProj) appServer.enabledNamespaces = []string{"argocd-1"} links, err := appServer.ListLinks(context.TODO(), &application.ListAppLinksRequest{ - Name: pointer.String("test-app"), - Namespace: pointer.String("argocd-1"), + Name: ptr.To("test-app"), + Namespace: ptr.To("argocd-1"), }) require.Error(t, err) require.Nil(t, links) @@ -2713,10 +2840,133 @@ func TestAppNamespaceRestrictions(t *testing.T) { appServer := newTestAppServer(t, testApp, otherNsProj) appServer.enabledNamespaces = []string{"argocd-1"} links, err := appServer.ListLinks(context.TODO(), &application.ListAppLinksRequest{ - Name: pointer.String("test-app"), - Namespace: pointer.String("argocd-1"), + Name: ptr.To("test-app"), + Namespace: ptr.To("argocd-1"), }) require.NoError(t, err) assert.Equal(t, 0, len(links.Items)) }) } + +func TestGetAmbiguousRevision_MultiSource(t *testing.T) { + app := &appv1.Application{ + Spec: appv1.ApplicationSpec{ + Sources: []appv1.ApplicationSource{ + { + TargetRevision: "revision1", + }, + { + TargetRevision: "revision2", + }, + }, + }, + } + syncReq := &application.ApplicationSyncRequest{ + SourcePositions: []int64{0, 1}, + Revisions: []string{"rev1", "rev2"}, + } + + sourceIndex := 0 + expected := "rev1" + result := getAmbiguousRevision(app, syncReq, sourceIndex) + if result != expected { + t.Errorf("Expected ambiguous revision to be %s, but got %s", expected, result) + } + + sourceIndex = 1 + expected = "rev2" + result = getAmbiguousRevision(app, syncReq, sourceIndex) + if result != expected { + t.Errorf("Expected ambiguous revision to be %s, but got %s", expected, result) + } + + // Test when app.Spec.HasMultipleSources() is false + app.Spec = appv1.ApplicationSpec{ + Source: &appv1.ApplicationSource{ + TargetRevision: "revision3", + }, + Sources: nil, + } + syncReq = &application.ApplicationSyncRequest{ + Revision: strToPtr("revision3"), + } + expected = "revision3" + result = getAmbiguousRevision(app, syncReq, sourceIndex) + if result != expected { + t.Errorf("Expected ambiguous revision to be %s, but got %s", expected, result) + } +} + +func TestGetAmbiguousRevision_SingleSource(t *testing.T) { + app := &appv1.Application{ + Spec: appv1.ApplicationSpec{ + Source: &appv1.ApplicationSource{ + TargetRevision: "revision1", + }, + }, + } + syncReq := &application.ApplicationSyncRequest{ + Revision: strToPtr("rev1"), + } + + // Test when app.Spec.HasMultipleSources() is true + sourceIndex := 1 + expected := "rev1" + result := getAmbiguousRevision(app, syncReq, sourceIndex) + if result != expected { + t.Errorf("Expected ambiguous revision to be %s, but got %s", expected, result) + } +} + +func TestServer_ResolveSourceRevisions_MultiSource(t *testing.T) { + s := newTestAppServer(t) + + ctx := context.Background() + a := &appv1.Application{ + Spec: appv1.ApplicationSpec{ + Sources: []appv1.ApplicationSource{ + { + RepoURL: "https://github.com/example/repo.git", + }, + }, + }, + } + + syncReq := &application.ApplicationSyncRequest{ + SourcePositions: []int64{1}, + Revisions: []string{"HEAD"}, + } + + revision, displayRevision, sourceRevisions, displayRevisions, err := s.resolveSourceRevisions(ctx, a, syncReq) + + assert.NoError(t, err) + assert.Equal(t, "", revision) + assert.Equal(t, "", displayRevision) + assert.Equal(t, []string{fakeResolveRevisionResponse().Revision}, sourceRevisions) + assert.Equal(t, []string{fakeResolveRevisionResponse().AmbiguousRevision}, displayRevisions) +} + +func TestServer_ResolveSourceRevisions_SingleSource(t *testing.T) { + s := newTestAppServer(t) + + ctx := context.Background() + a := &appv1.Application{ + Spec: appv1.ApplicationSpec{ + Source: &appv1.ApplicationSource{ + RepoURL: "https://github.com/example/repo.git", + }, + }, + } + + syncReq := &application.ApplicationSyncRequest{ + Revision: strToPtr("HEAD"), + } + + revision, displayRevision, sourceRevisions, displayRevisions, err := s.resolveSourceRevisions(ctx, a, syncReq) + + assert.NoError(t, err) + assert.Equal(t, fakeResolveRevisionResponse().Revision, revision) + assert.Equal(t, fakeResolveRevisionResponse().AmbiguousRevision, displayRevision) + assert.Equal(t, ([]string)(nil), sourceRevisions) + assert.Equal(t, ([]string)(nil), displayRevisions) +} diff --git a/server/application/broadcaster.go b/server/application/broadcaster.go index e791e6e61de18..c8a562123ad19 100644 --- a/server/application/broadcaster.go +++ b/server/application/broadcaster.go @@ -26,7 +26,7 @@ func (s *subscriber) matches(event *appv1.ApplicationWatchEvent) bool { // Broadcaster is an interface for broadcasting application informer watch events to multiple subscribers. type Broadcaster interface { Subscribe(ch chan *appv1.ApplicationWatchEvent, filters ...func(event *appv1.ApplicationWatchEvent) bool) func() - OnAdd(interface{}) + OnAdd(interface{}, bool) OnUpdate(interface{}, interface{}) OnDelete(interface{}) } @@ -76,7 +76,7 @@ func (b *broadcasterHandler) Subscribe(ch chan *appv1.ApplicationWatchEvent, fil } } -func (b *broadcasterHandler) OnAdd(obj interface{}) { +func (b *broadcasterHandler) OnAdd(obj interface{}, _ bool) { if app, ok := obj.(*appv1.Application); ok { b.notify(&appv1.ApplicationWatchEvent{Application: *app, Type: watch.Added}) } diff --git a/server/application/mocks/Broadcaster.go b/server/application/mocks/Broadcaster.go index 88d682315a715..4ad9c7cfec2d4 100644 --- a/server/application/mocks/Broadcaster.go +++ b/server/application/mocks/Broadcaster.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.13.1. DO NOT EDIT. +// Code generated by mockery v2.42.1. DO NOT EDIT. package mocks @@ -12,9 +12,9 @@ type Broadcaster struct { mock.Mock } -// OnAdd provides a mock function with given fields: _a0 -func (_m *Broadcaster) OnAdd(_a0 interface{}) { - _m.Called(_a0) +// OnAdd provides a mock function with given fields: _a0, _a1 +func (_m *Broadcaster) OnAdd(_a0 interface{}, _a1 bool) { + _m.Called(_a0, _a1) } // OnDelete provides a mock function with given fields: _a0 @@ -38,6 +38,10 @@ func (_m *Broadcaster) Subscribe(ch chan *v1alpha1.ApplicationWatchEvent, filter _ca = append(_ca, _va...) ret := _m.Called(_ca...) + if len(ret) == 0 { + panic("no return value specified for Subscribe") + } + var r0 func() if rf, ok := ret.Get(0).(func(chan *v1alpha1.ApplicationWatchEvent, ...func(*v1alpha1.ApplicationWatchEvent) bool) func()); ok { r0 = rf(ch, filters...) @@ -50,13 +54,12 @@ func (_m *Broadcaster) Subscribe(ch chan *v1alpha1.ApplicationWatchEvent, filter return r0 } -type mockConstructorTestingTNewBroadcaster interface { +// NewBroadcaster creates a new instance of Broadcaster. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewBroadcaster(t interface { mock.TestingT Cleanup(func()) -} - -// NewBroadcaster creates a new instance of Broadcaster. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -func NewBroadcaster(t mockConstructorTestingTNewBroadcaster) *Broadcaster { +}) *Broadcaster { mock := &Broadcaster{} mock.Mock.Test(t) diff --git a/server/applicationset/applicationset.go b/server/applicationset/applicationset.go index d67815bd9a53d..1875d01616858 100644 --- a/server/applicationset/applicationset.go +++ b/server/applicationset/applicationset.go @@ -280,6 +280,52 @@ func (s *Server) Delete(ctx context.Context, q *applicationset.ApplicationSetDel } +func (s *Server) ResourceTree(ctx context.Context, q *applicationset.ApplicationSetTreeQuery) (*v1alpha1.ApplicationSetTree, error) { + namespace := s.appsetNamespaceOrDefault(q.AppsetNamespace) + + if !s.isNamespaceEnabled(namespace) { + return nil, security.NamespaceNotPermittedError(namespace) + } + + a, err := s.appclientset.ArgoprojV1alpha1().ApplicationSets(namespace).Get(ctx, q.Name, metav1.GetOptions{}) + + if err != nil { + return nil, fmt.Errorf("error getting ApplicationSet: %w", err) + } + if err = s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplicationSets, rbacpolicy.ActionGet, a.RBACName(s.ns)); err != nil { + return nil, err + } + + return s.buildApplicationSetTree(ctx, a) +} + +func (s *Server) buildApplicationSetTree(ctx context.Context, a *v1alpha1.ApplicationSet) (*v1alpha1.ApplicationSetTree, error) { + var tree v1alpha1.ApplicationSetTree + + gvk := v1alpha1.ApplicationSetSchemaGroupVersionKind + parentRefs := []v1alpha1.ResourceRef{ + {Group: gvk.Group, Version: gvk.Version, Kind: gvk.Kind, Name: a.Name, Namespace: a.Namespace, UID: string(a.UID)}, + } + + apps := a.Status.Resources + for _, app := range apps { + tree.Nodes = append(tree.Nodes, v1alpha1.ResourceNode{ + Health: app.Health, + ResourceRef: v1alpha1.ResourceRef{ + Name: app.Name, + Group: app.Group, + Version: app.Version, + Kind: app.Kind, + Namespace: a.Namespace, + }, + ParentRefs: parentRefs, + }) + } + tree.Normalize() + + return &tree, nil +} + func (s *Server) validateAppSet(ctx context.Context, appset *v1alpha1.ApplicationSet) (string, error) { if appset == nil { return "", fmt.Errorf("ApplicationSet cannot be validated for nil value") diff --git a/server/applicationset/applicationset.proto b/server/applicationset/applicationset.proto index 2a857d41a00ce..07ed4e2c89384 100644 --- a/server/applicationset/applicationset.proto +++ b/server/applicationset/applicationset.proto @@ -46,6 +46,11 @@ message ApplicationSetDeleteRequest { string appsetNamespace = 2; } +message ApplicationSetTreeQuery { + string name = 1; + // The application set namespace. Default empty is argocd control plane namespace + string appsetNamespace = 2; +} // ApplicationSetService service ApplicationSetService { @@ -73,4 +78,9 @@ service ApplicationSetService { option (google.api.http).delete = "/api/v1/applicationsets/{name}"; } -} \ No newline at end of file + // ResourceTree returns resource tree + rpc ResourceTree(ApplicationSetTreeQuery) returns (github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTree) { + option (google.api.http).get = "/api/v1/applicationsets/{name}/resource-tree"; + } + +} diff --git a/server/applicationset/applicationset_test.go b/server/applicationset/applicationset_test.go index c49ddb35a7970..e72fec497c9b8 100644 --- a/server/applicationset/applicationset_test.go +++ b/server/applicationset/applicationset_test.go @@ -4,6 +4,7 @@ import ( "context" "testing" + "github.com/argoproj/gitops-engine/pkg/health" "github.com/argoproj/pkg/sync" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" @@ -474,3 +475,90 @@ func TestUpdateAppSet(t *testing.T) { }) } + +func TestResourceTree(t *testing.T) { + appSet1 := newTestAppSet(func(appset *appsv1.ApplicationSet) { + appset.Name = "AppSet1" + appset.Status.Resources = []appsv1.ResourceStatus{ + { + Name: "app1", + Kind: "Application", + Group: "argoproj.io", + Version: "v1alpha1", + Namespace: "default", + Health: &appsv1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + Status: appsv1.SyncStatusCodeSynced, + }, + } + }) + + appSet2 := newTestAppSet(func(appset *appsv1.ApplicationSet) { + appset.Name = "AppSet2" + }) + + appSet3 := newTestAppSet(func(appset *appsv1.ApplicationSet) { + appset.Name = "AppSet3" + }) + + expectedTree := &appsv1.ApplicationSetTree{ + Nodes: []appsv1.ResourceNode{ + { + ResourceRef: appsv1.ResourceRef{ + Kind: "Application", + Group: "argoproj.io", + Version: "v1alpha1", + Namespace: "default", + Name: "app1", + }, + ParentRefs: []appsv1.ResourceRef{ + { + Kind: "ApplicationSet", + Group: "argoproj.io", + Version: "v1alpha1", + Namespace: "default", + Name: "AppSet1", + }, + }, + Health: &appsv1.HealthStatus{ + Status: health.HealthStatusHealthy, + Message: "OK", + }, + }, + }, + } + + t.Run("ResourceTree in default namespace", func(t *testing.T) { + + appSetServer := newTestAppSetServer(appSet1, appSet2, appSet3) + + appsetQuery := applicationset.ApplicationSetTreeQuery{Name: "AppSet1"} + + res, err := appSetServer.ResourceTree(context.Background(), &appsetQuery) + assert.NoError(t, err) + assert.Equal(t, expectedTree, res) + }) + + t.Run("ResourceTree in named namespace", func(t *testing.T) { + + appSetServer := newTestAppSetServer(appSet1, appSet2, appSet3) + + appsetQuery := applicationset.ApplicationSetTreeQuery{Name: "AppSet1", AppsetNamespace: testNamespace} + + res, err := appSetServer.ResourceTree(context.Background(), &appsetQuery) + assert.NoError(t, err) + assert.Equal(t, expectedTree, res) + }) + + t.Run("ResourceTree in not allowed namespace", func(t *testing.T) { + + appSetServer := newTestAppSetServer(appSet1, appSet2, appSet3) + + appsetQuery := applicationset.ApplicationSetTreeQuery{Name: "AppSet1", AppsetNamespace: "NOT-ALLOWED"} + + _, err := appSetServer.ResourceTree(context.Background(), &appsetQuery) + assert.Equal(t, "namespace 'NOT-ALLOWED' is not permitted", err.Error()) + }) +} diff --git a/server/badge/badge.go b/server/badge/badge.go index 8a706f67f2b05..5ed445e6643c3 100644 --- a/server/badge/badge.go +++ b/server/badge/badge.go @@ -5,6 +5,7 @@ import ( "fmt" "net/http" "regexp" + "strconv" "strings" healthutil "github.com/argoproj/gitops-engine/pkg/health" @@ -45,18 +46,21 @@ var ( titleTextPattern = regexp.MustCompile(`id="titleText" [^>]*>([^<]*)`) titleRectWidthPattern = regexp.MustCompile(`(id="titleRect" .* width=)("0")`) rightRectWidthPattern = regexp.MustCompile(`(id="rightRect" .* width=)("\d*")`) + revisionRectWidthPattern = regexp.MustCompile(`(id="revisionRect" .* width=)("\d*")`) leftRectYCoodPattern = regexp.MustCompile(`(id="leftRect" .* y=)("\d*")`) rightRectYCoodPattern = regexp.MustCompile(`(id="rightRect" .* y=)("\d*")`) revisionRectYCoodPattern = regexp.MustCompile(`(id="revisionRect" .* y=)("\d*")`) leftTextYCoodPattern = regexp.MustCompile(`(id="leftText" .* y=)("\d*")`) rightTextYCoodPattern = regexp.MustCompile(`(id="rightText" .* y=)("\d*")`) revisionTextYCoodPattern = regexp.MustCompile(`(id="revisionText" .* y=)("\d*")`) + revisionTextXCoodPattern = regexp.MustCompile(`(id="revisionText" x=)("\d*")`) svgHeightPattern = regexp.MustCompile(`^( 7 { - shortRevision = shortRevision[:7] + + adjustWidth = true + displayedRevision = revision + if keepFullRevisionParam, ok := r.URL.Query()["keepFullRevision"]; !(ok && strings.EqualFold(keepFullRevisionParam[0], "true")) && len(revision) > 7 { + displayedRevision = revision[:7] + svgWidth = svgWidthWithRevision + } else { + svgWidth = svgWidthWithFullRevision + } + + badge = replaceFirstGroupSubMatch(revisionTextPattern, badge, fmt.Sprintf("(%s)", displayedRevision)) + } + + if widthParam, ok := r.URL.Query()["width"]; ok && enabled { + width, err := strconv.Atoi(widthParam[0]) + if err == nil { + svgWidth = width + adjustWidth = true + } + } + + // Increase width of SVG + if adjustWidth { + badge = svgWidthPattern.ReplaceAllString(badge, fmt.Sprintf(`=8.16.0" semver@^5.3.0: version "5.7.2" resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== -serialize-javascript@5.0.1: - version "5.0.1" - resolved "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-5.0.1.tgz" - integrity sha512-SaaNal9imEO737H2c05Og0/8LUXG7EnsZyMa8MzkmuHoELfT6txuj0cMqRj6zfPKnmQ1yasR4PCJc8x+M4JSPA== +serialize-javascript@6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.0.tgz#efae5d88f45d7924141da8b5c3a7a7e663fefeb8" + integrity sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag== dependencies: randombytes "^2.1.0" -set-blocking@^2.0.0: - version "2.0.0" - resolved "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz" - integrity sha1-BF+XgtARrppoA93TgrJDkrPYkPc= +set-function-length@^1.2.1: + version "1.2.2" + resolved "https://registry.yarnpkg.com/set-function-length/-/set-function-length-1.2.2.tgz#aac72314198eaed975cf77b2c3b6b880695e5449" + integrity sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg== + dependencies: + define-data-property "^1.1.4" + es-errors "^1.3.0" + function-bind "^1.1.2" + get-intrinsic "^1.2.4" + gopd "^1.0.1" + has-property-descriptors "^1.0.2" -set-immediate-shim@~1.0.1: - version "1.0.1" - resolved "https://registry.npmjs.org/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz" - integrity sha1-SysbJ+uAip+NzEgaWOXlb1mfP2E= +setimmediate@^1.0.5: + version "1.0.5" + resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285" + integrity sha512-MATJdZp8sLqDl/68LfQmbP8zKPLQNV6BIZoIgrscFDQ+RsvK/BxeDQOgyxKKoh0y/8h3BqVFnCqQ/gd+reiIXA== -slash@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/slash/-/slash-3.0.0.tgz#6539be870c165adbd5240220dbe361f1bc4d4634" - integrity sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q== +smart-buffer@^4.2.0: + version "4.2.0" + resolved "https://registry.yarnpkg.com/smart-buffer/-/smart-buffer-4.2.0.tgz#6e1d71fa4f18c05f7d0ff216dd16a481d0e8d9ae" + integrity sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg== + +socks-proxy-agent@^8.0.2: + version "8.0.3" + resolved "https://registry.yarnpkg.com/socks-proxy-agent/-/socks-proxy-agent-8.0.3.tgz#6b2da3d77364fde6292e810b496cb70440b9b89d" + integrity sha512-VNegTZKhuGq5vSD6XNKlbqWhyt/40CgoEw8XxD6dhnm8Jq9IEa3nIa4HwnM8XOqU0CdB0BwWVXusqiFXfHB3+A== + dependencies: + agent-base "^7.1.1" + debug "^4.3.4" + socks "^2.7.1" + +socks@^2.7.1: + version "2.8.3" + resolved "https://registry.yarnpkg.com/socks/-/socks-2.8.3.tgz#1ebd0f09c52ba95a09750afe3f3f9f724a800cb5" + integrity sha512-l5x7VUUWbjVFbafGLxPWkYsHIhEvmF85tbIeFZWc8ZPtoMyybuEhL7Jye/ooC4/d48FgOjSJXgsF/AJPYCW8Zw== + dependencies: + ip-address "^9.0.5" + smart-buffer "^4.2.0" + +source-map@~0.6.1: + version "0.6.1" + resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263" + integrity sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g== + +sprintf-js@^1.1.3: + version "1.1.3" + resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.1.3.tgz#4914b903a2f8b685d17fdf78a70e917e872e444a" + integrity sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA== sprintf-js@~1.0.2: version "1.0.3" resolved "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz" integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw= -"string-width@^1.0.2 || 2": - version "2.1.1" - resolved "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz" - integrity sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw== +string-width@^4.1.0, string-width@^4.2.0: + version "4.2.3" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== dependencies: - is-fullwidth-code-point "^2.0.0" - strip-ansi "^4.0.0" - -string-width@^3.0.0, string-width@^3.1.0: - version "3.1.0" - resolved "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz" - integrity sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w== - dependencies: - emoji-regex "^7.0.1" - is-fullwidth-code-point "^2.0.0" - strip-ansi "^5.1.0" + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" string.prototype.trimend@^1.0.1: version "1.0.3" @@ -1293,29 +1380,22 @@ string_decoder@~1.1.1: dependencies: safe-buffer "~5.1.0" -strip-ansi@^4.0.0: - version "4.0.0" - resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz" - integrity sha1-qEeQIusaw2iocTibY1JixQXuNo8= +strip-ansi@^6.0.0, strip-ansi@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== dependencies: - ansi-regex "^3.0.0" - -strip-ansi@^5.0.0, strip-ansi@^5.1.0, strip-ansi@^5.2.0: - version "5.2.0" - resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz" - integrity sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA== - dependencies: - ansi-regex "^4.1.0" + ansi-regex "^5.0.1" strip-json-comments@3.1.1: version "3.1.1" resolved "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz" integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig== -supports-color@7.2.0, supports-color@^7.1.0: - version "7.2.0" - resolved "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz" - integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw== +supports-color@8.1.1: + version "8.1.1" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-8.1.1.tgz#cd6fc17e28500cff56c1b86c0a7fd4a54a73005c" + integrity sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q== dependencies: has-flag "^4.0.0" @@ -1326,7 +1406,14 @@ supports-color@^5.3.0: dependencies: has-flag "^3.0.0" -tcp-port-used@^1.0.1: +supports-color@^7.1.0: + version "7.2.0" + resolved "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz" + integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw== + dependencies: + has-flag "^4.0.0" + +tcp-port-used@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/tcp-port-used/-/tcp-port-used-1.0.2.tgz#9652b7436eb1f4cfae111c79b558a25769f6faea" integrity sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA== @@ -1334,12 +1421,10 @@ tcp-port-used@^1.0.1: debug "4.3.1" is2 "^2.0.6" -tmp@^0.1.0: - version "0.1.0" - resolved "https://registry.npmjs.org/tmp/-/tmp-0.1.0.tgz" - integrity sha512-J7Z2K08jbGcdA1kkQpJSqLF6T0tdQqpR2pnSUXsIchbPdTI9v3e85cLW0d6WDhwuAleOV71j2xWs8qMPfK7nKw== - dependencies: - rimraf "^2.6.3" +tmp@^0.2.3: + version "0.2.3" + resolved "https://registry.yarnpkg.com/tmp/-/tmp-0.2.3.tgz#eb783cc22bc1e8bebd0671476d46ea4eb32a79ae" + integrity sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w== to-regex-range@^5.0.1: version "5.0.1" @@ -1353,6 +1438,11 @@ tslib@^1.13.0, tslib@^1.7.1, tslib@^1.8.1: resolved "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz" integrity sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg== +tslib@^2.0.1: + version "2.6.2" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.2.tgz#703ac29425e7b37cd6fd456e92404d46d1f3e4ae" + integrity sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q== + tslint-config-prettier@^1.18.0: version "1.18.0" resolved "https://registry.npmjs.org/tslint-config-prettier/-/tslint-config-prettier-1.18.0.tgz" @@ -1393,33 +1483,37 @@ tsutils@^2.29.0: dependencies: tslib "^1.8.1" -typescript@^4.0.3: - version "4.1.3" - resolved "https://registry.npmjs.org/typescript/-/typescript-4.1.3.tgz" - integrity sha512-B3ZIOf1IKeH2ixgHhj6la6xdwR9QrLC5d1VKeCSY4tvkqhF2eqd9O7txNlS0PO3GrBAFIdr3L1ndNwteUbZLYg== +typescript@^5.4.5: + version "5.4.5" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.4.5.tgz#42ccef2c571fdbd0f6718b1d1f5e6e5ef006f611" + integrity sha512-vcI4UpRgg81oIRUFwR0WSIHKt11nJ7SAVlYNIu+QpqeyXP+gpQJy/Z4+F0aGxSE4MqwjyXvW/TzgkLAx2AGHwQ== + +undici-types@~5.26.4: + version "5.26.5" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" + integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== + +universalify@^2.0.0: + version "2.0.1" + resolved "https://registry.yarnpkg.com/universalify/-/universalify-2.0.1.tgz#168efc2180964e6386d061e094df61afe239b18d" + integrity sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw== util-deprecate@~1.0.1: version "1.0.2" resolved "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz" integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8= -util@^0.12.0: - version "0.12.3" - resolved "https://registry.npmjs.org/util/-/util-0.12.3.tgz" - integrity sha512-I8XkoQwE+fPQEhy9v012V+TSdH2kp9ts29i20TaaDUXsg7x/onePbhFJUExBfv/2ay1ZOp/Vsm3nDlmnFGSAog== +util@^0.12.5: + version "0.12.5" + resolved "https://registry.yarnpkg.com/util/-/util-0.12.5.tgz#5f17a6059b73db61a875668781a1c2b136bd6fbc" + integrity sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA== dependencies: inherits "^2.0.3" is-arguments "^1.0.4" is-generator-function "^1.0.7" is-typed-array "^1.1.3" - safe-buffer "^5.1.2" which-typed-array "^1.1.2" -which-module@^2.0.0: - version "2.0.0" - resolved "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz" - integrity sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho= - which-typed-array@^1.1.2: version "1.1.4" resolved "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.4.tgz" @@ -1433,56 +1527,44 @@ which-typed-array@^1.1.2: has-symbols "^1.0.1" is-typed-array "^1.1.3" -which@2.0.2: - version "2.0.2" - resolved "https://registry.npmjs.org/which/-/which-2.0.2.tgz" - integrity sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA== - dependencies: - isexe "^2.0.0" +workerpool@6.2.1: + version "6.2.1" + resolved "https://registry.yarnpkg.com/workerpool/-/workerpool-6.2.1.tgz#46fc150c17d826b86a008e5a4508656777e9c343" + integrity sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw== -wide-align@1.1.3: - version "1.1.3" - resolved "https://registry.npmjs.org/wide-align/-/wide-align-1.1.3.tgz" - integrity sha512-QGkOQc8XL6Bt5PwnsExKBPuMKBxnGxWWW3fU55Xt4feHozMUhdUMaBCk290qpm/wG5u/RSKzwdAC4i51YigihA== - dependencies: - string-width "^1.0.2 || 2" - -workerpool@6.0.2: - version "6.0.2" - resolved "https://registry.npmjs.org/workerpool/-/workerpool-6.0.2.tgz" - integrity sha512-DSNyvOpFKrNusaaUwk+ej6cBj1bmhLcBfj80elGk+ZIo5JSkq+unB1dLKEOcNfJDZgjGICfhQ0Q5TbP0PvF4+Q== - -wrap-ansi@^5.1.0: - version "5.1.0" - resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-5.1.0.tgz" - integrity sha512-QC1/iN/2/RPVJ5jYK8BGttj5z83LmSKmvbvrXPNCLZSEb32KKVDJDl/MOt2N01qU2H/FkzEa9PKto1BqDjtd7Q== +wrap-ansi@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== dependencies: - ansi-styles "^3.2.0" - string-width "^3.0.0" - strip-ansi "^5.0.0" + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" wrappy@1: version "1.0.2" resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f" integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8= -ws@^7.3.1: - version "7.5.3" - resolved "https://registry.npmjs.org/ws/-/ws-7.5.3.tgz" - integrity sha512-kQ/dHIzuLrS6Je9+uv81ueZomEwH0qVYstcAQ4/Z93K8zeko9gtAbttJWzoC5ukqXY1PpoouV3+VSOqEAFt5wg== +ws@>=8.16.0: + version "8.17.0" + resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.0.tgz#d145d18eca2ed25aaf791a183903f7be5e295fea" + integrity sha512-uJq6108EgZMAl20KagGkzCKfMEjxmKvZHG7Tlq0Z6nOky7YF7aq4mOx6xK8TJ/i1LeK4Qus7INktacctDgY8Ow== -y18n@^4.0.0: - version "4.0.1" - resolved "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz" - integrity sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ== +y18n@^5.0.5: + version "5.0.8" + resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55" + integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA== -yargs-parser@13.1.2, yargs-parser@^13.1.2: - version "13.1.2" - resolved "https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz" - integrity sha512-3lbsNRf/j+A4QuSZfDRA7HRSfWrzO0YjqTJd5kjAq37Zep1CEgaYmrH9Q3GwPiB9cHyd1Y1UwggGhJGoxipbzg== - dependencies: - camelcase "^5.0.0" - decamelize "^1.2.0" +yargs-parser@20.2.4: + version "20.2.4" + resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.4.tgz#b42890f14566796f85ae8e3a25290d205f154a54" + integrity sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA== + +yargs-parser@^20.2.2: + version "20.2.9" + resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.9.tgz#2eb7dc3b0289718fc295f362753845c41a0c94ee" + integrity sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w== yargs-unparser@2.0.0: version "2.0.0" @@ -1494,26 +1576,23 @@ yargs-unparser@2.0.0: flat "^5.0.2" is-plain-obj "^2.1.0" -yargs@13.3.2: - version "13.3.2" - resolved "https://registry.npmjs.org/yargs/-/yargs-13.3.2.tgz" - integrity sha512-AX3Zw5iPruN5ie6xGRIDgqkT+ZhnRlZMLMHAs8tg7nRruy2Nb+i5o9bwghAogtM08q1dpr2LVoS8KSTMYpWXUw== +yargs@16.2.0: + version "16.2.0" + resolved "https://registry.yarnpkg.com/yargs/-/yargs-16.2.0.tgz#1c82bf0f6b6a66eafce7ef30e376f49a12477f66" + integrity sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw== dependencies: - cliui "^5.0.0" - find-up "^3.0.0" - get-caller-file "^2.0.1" + cliui "^7.0.2" + escalade "^3.1.1" + get-caller-file "^2.0.5" require-directory "^2.1.1" - require-main-filename "^2.0.0" - set-blocking "^2.0.0" - string-width "^3.0.0" - which-module "^2.0.0" - y18n "^4.0.0" - yargs-parser "^13.1.2" - -yarn@^1.22.13: - version "1.22.13" - resolved "https://registry.yarnpkg.com/yarn/-/yarn-1.22.13.tgz#8789ef23b630fe99b819b044f4b7b93ab1bc1b8f" - integrity sha512-G8qG4t7Ef5cLVpzbM3HWWsow4hpfeSCfKtMnjfERmp9V5qSCOKz0uGAIQCM/x3gWfCzH8Bvb4hl3ZfhG/XD1Jg== + string-width "^4.2.0" + y18n "^5.0.5" + yargs-parser "^20.2.2" + +yarn@^1.22.22: + version "1.22.22" + resolved "https://registry.yarnpkg.com/yarn/-/yarn-1.22.22.tgz#ac34549e6aa8e7ead463a7407e1c7390f61a6610" + integrity sha512-prL3kGtyG7o9Z9Sv8IPfBNrWTDmXB4Qbes8A9rEzt6wkJV8mUvoirjU0Mp3GGAU06Y0XQyA3/2/RQFVuK7MTfg== yauzl@^2.10.0: version "2.10.0" diff --git a/ui/.prettierrc b/ui/.prettierrc index 9e18402b642d4..13a9584287dd1 100644 --- a/ui/.prettierrc +++ b/ui/.prettierrc @@ -6,5 +6,6 @@ "tabWidth": 4, "jsxBracketSameLine": true, "quoteProps": "consistent", - "arrowParens": "avoid" + "arrowParens": "avoid", + "trailingComma": "none" } diff --git a/ui/README.md b/ui/README.md index aec1971e6797d..aa6393fb9196f 100644 --- a/ui/README.md +++ b/ui/README.md @@ -22,4 +22,25 @@ Make sure your code passes the lint checks: ``` yarn lint --fix -``` \ No newline at end of file +``` + +If you are using VSCode, add this configuration to `.vscode/settings.json` in the root of this repository to identify and fix lint issues automatically before you save file. + +Install [Eslint Extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) in VSCode. + +`.vscode/settings.json` +```json +{ + "eslint.format.enable": true, + "editor.codeActionsOnSave": { + "source.fixAll.eslint": "always" + }, + "eslint.workingDirectories": [ + { + "directory": "./ui", + "!cwd": false + } + ], + "eslint.experimental.useFlatConfig": true +} +``` diff --git a/ui/eslint.config.mjs b/ui/eslint.config.mjs new file mode 100644 index 0000000000000..45cca74acdcf7 --- /dev/null +++ b/ui/eslint.config.mjs @@ -0,0 +1,37 @@ +import globals from 'globals'; +import pluginJs from '@eslint/js'; +import tseslint from 'typescript-eslint'; +import pluginReactConfig from 'eslint-plugin-react/configs/recommended.js'; +import eslintPluginPrettierRecommended from 'eslint-plugin-prettier/recommended'; + +export default [ + {languageOptions: {globals: globals.browser}}, + pluginJs.configs.recommended, + ...tseslint.configs.recommended, + { + rules: { + '@typescript-eslint/no-explicit-any': 'off', + '@typescript-eslint/ban-types': 'off', + '@typescript-eslint/no-var-requires': 'off' + } + }, + { + settings: { + react: { + version: 'detect' + } + }, + ...pluginReactConfig, + rules: { + 'react/display-name': 'off', + 'react/no-string-refs': 'off' + } + }, + eslintPluginPrettierRecommended, + { + files: ['./src/**/*.{ts,tsx}'] + }, + { + ignores: ['dist', 'assets', '**/*.config.js', '__mocks__', 'coverage', '**/*.test.{ts,tsx}'] + } +]; diff --git a/ui/package.json b/ui/package.json index 8eaaaa26dfcfe..a7ec12f6d0071 100644 --- a/ui/package.json +++ b/ui/package.json @@ -6,14 +6,14 @@ "start": "webpack-dev-server --config ./src/app/webpack.config.js --mode development", "docker": "./scripts/build_docker.sh", "build": "find ./dist -type f -not -name gitkeep -delete && webpack --config ./src/app/webpack.config.js --mode production", - "lint": "tsc --noEmit --project ./src/app && tslint -p ./src/app", - "lint:fix": "tslint -p ./src/app --fix", + "lint": "tsc --noEmit --project ./src/app && eslint", + "lint:fix": "eslint --fix", "test": "jest" }, "dependencies": { - "@fortawesome/fontawesome-free": "^6.4.0", + "@fortawesome/fontawesome-free": "^6.5.2", "@types/react-virtualized": "^9.21.21", - "@types/superagent": "^4.1.21", + "@types/superagent": "^8.1.6", "ansi-to-react": "^6.1.6", "argo-ui": "git+https://github.com/argoproj/argo-ui.git", "buffer": "^6.0.3", @@ -22,10 +22,10 @@ "dagre": "^0.8.5", "date-fns": "^2.30.0", "deepmerge": "^3.2.0", - "foundation-sites": "^6.7.5", + "foundation-sites": "^6.8.1", "git-url-parse": "^13.1.0", "history": "^4.7.2", - "js-yaml": "^3.14.1", + "js-yaml": "^4.1.0", "json-merge-patch": "^0.2.3", "lodash-es": "^4.17.21", "minimatch": "^3.1.2", @@ -43,7 +43,7 @@ "react-helmet": "^6.1.0", "react-hot-loader": "^3.1.3", "react-moment": "^0.9.7", - "react-paginate": "^8.1.4", + "react-paginate": "^8.2.0", "react-router": "^4.3.1", "react-router-dom": "^4.2.2", "react-svg-piechart": "^2.4.2", @@ -69,54 +69,58 @@ "@babel/preset-env": "^7.7.1", "@babel/preset-react": "^7.18.6", "@babel/preset-typescript": "^7.7.2", + "@eslint/js": "^9.1.1", "@types/classnames": "^2.2.3", "@types/cookie": "^0.5.1", "@types/dagre": "^0.7.40", "@types/deepmerge": "^2.2.0", "@types/git-url-parse": "^9.0.1", - "@types/jest": "^24.0.13", - "@types/js-yaml": "^3.11.2", + "@types/jest": "^29.5.12", + "@types/js-yaml": "^4.0.9", "@types/lodash-es": "^4.17.6", "@types/minimatch": "^3.0.3", "@types/node": "20.6.3", "@types/prop-types": "^15.7.5", "@types/react": "^16.8.5", - "@types/react-autocomplete": "^1.8.4", + "@types/react-autocomplete": "^1.8.10", "@types/react-dom": "^16.9.14", "@types/react-form": "^2.16.0", "@types/react-helmet": "^6.1.6", - "@types/react-paginate": "^6.2.0", + "@types/react-paginate": "^7.1.4", "@types/react-router": "^4.0.27", "@types/react-router-dom": "^4.2.3", "@types/react-test-renderer": "^16.8.3", "@types/uuid": "^9.0.1", "add": "^2.0.6", - "babel-jest": "^26.6.3", + "babel-jest": "^29.7.0", "babel-loader": "^8.0.6", "codecov": "^3.8.3", "copy-webpack-plugin": "^6.1.1", "esbuild-loader": "^2.18.0", - "html-webpack-plugin": "^5.5.0", + "eslint": "^9.1.1", + "eslint-config-prettier": "^9.1.0", + "eslint-plugin-prettier": "^5.1.3", + "eslint-plugin-react": "^7.34.1", + "globals": "^15.1.0", + "html-webpack-plugin": "^5.6.0", "identity-obj-proxy": "^3.0.0", - "jest": "^27.5.1", + "jest": "^29.7.0", + "jest-environment-jsdom": "^29.7.0", "jest-junit": "^6.4.0", "jest-transform-css": "^2.0.0", - "monaco-editor-webpack-plugin": "^7.0.0", + "monaco-editor-webpack-plugin": "^7.1.0", "postcss": "^8.4.38", - "prettier": "1.19", + "prettier": "^3.2.5", "raw-loader": "^0.5.1", "react-test-renderer": "16.8.3", "sass": "^1.49.9", - "sass-loader": "^12.6.0", + "sass-loader": "^14.2.1", "source-map-loader": "^0.2.3", "style-loader": "^0.20.1", - "ts-jest": "^27.1.3", - "ts-node": "10.9.1", - "tslint": "^6.1.3", - "tslint-config-prettier": "^1.18.0", - "tslint-plugin-prettier": "^2.0.1", - "tslint-react": "^5.0.0", + "ts-jest": "^29.1.2", + "ts-node": "10.9.2", "typescript": "^4.9.5", + "typescript-eslint": "^7.8.0", "webpack": "^5.84.1", "webpack-cli": "^4.9.2", "webpack-dev-server": "^4.7.4", diff --git a/ui/src/app/app.tsx b/ui/src/app/app.tsx index d0a58d3fbdc7f..fb52e54e03ddc 100644 --- a/ui/src/app/app.tsx +++ b/ui/src/app/app.tsx @@ -26,7 +26,7 @@ const base = bases.length > 0 ? bases[0].getAttribute('href') || '/' : '/'; export const history = createBrowserHistory({basename: base}); requests.setBaseHRef(base); -type Routes = {[path: string]: {component: React.ComponentType>; noLayout?: boolean; extension?: boolean}}; +type Routes = {[path: string]: {component: React.ComponentType>; noLayout?: boolean}}; const routes: Routes = { '/login': {component: login.component as any, noLayout: true}, @@ -98,10 +98,7 @@ requests.onError.subscribe(async err => { } // Query for basehref and remove trailing /. // If basehref is the default `/` it will become an empty string. - const basehref = document - .querySelector('head > base') - .getAttribute('href') - .replace(/\/$/, ''); + const basehref = document.querySelector('head > base').getAttribute('href').replace(/\/$/, ''); if (isSSO) { window.location.href = `${basehref}/auth/login?return_url=${encodeURIComponent(location.href)}`; } else { @@ -185,8 +182,7 @@ export class App extends React.Component< ); extendedRoutes[extension.path] = { - component: component as React.ComponentType>, - extension: true + component: component as React.ComponentType> }; } @@ -240,11 +236,7 @@ export class App extends React.Component< ) : ( services.viewPreferences.getPreferences()}> {pref => ( - this.setState({showVersionPanel: true})} - navItems={this.navItems} - pref={pref} - isExtension={route.extension}> + this.setState({showVersionPanel: true})} navItems={this.navItems} pref={pref}> diff --git a/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap b/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap index c3756c3510277..10f05e4cf80fe 100644 --- a/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap +++ b/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap @@ -1,12 +1,12 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`ComparisonStatusIcon.OutOfSync 1`] = ` -Array [ +[ { if (app?.spec?.destination?.name && app.spec.destination.name !== '') { @@ -180,7 +183,7 @@ export const ApplicationCreatePanel = (props: { 'Cluster name is required' })} defaultValues={app} - formDidUpdate={state => props.onAppChanged(state.values as any)} + formDidUpdate={state => debouncedOnAppChanged(state.values as any)} onSubmit={props.createApp} getApi={props.getFormApi}> {api => { diff --git a/ui/src/app/applications/components/application-details/application-details.tsx b/ui/src/app/applications/components/application-details/application-details.tsx index a3e8175591dde..790919f5c271a 100644 --- a/ui/src/app/applications/components/application-details/application-details.tsx +++ b/ui/src/app/applications/components/application-details/application-details.tsx @@ -573,16 +573,12 @@ export class ApplicationDetails extends React.Component {data => ( this.selectNode(fullName)} resources={data} nodeMenu={node => - AppUtils.renderResourceMenu( - {...node, root: node}, - application, - tree, - this.appContext.apis, - this.appChanged, - () => this.getApplicationActionMenu(application, false) + AppUtils.renderResourceMenu(node, application, tree, this.appContext.apis, this.appChanged, () => + this.getApplicationActionMenu(application, false) ) } tree={tree} @@ -608,10 +604,11 @@ export class ApplicationDetails extends React.Component {data => ( this.selectNode(fullName)} resources={data} nodeMenu={node => - AppUtils.renderResourceMenu({...node, root: node}, application, tree, this.appContext.apis, this.appChanged, () => + AppUtils.renderResourceMenu(node, application, tree, this.appContext.apis, this.appChanged, () => this.getApplicationActionMenu(application, false) ) } diff --git a/ui/src/app/applications/components/application-details/application-resource-list.tsx b/ui/src/app/applications/components/application-details/application-resource-list.tsx index 6cee8b04a7205..2230e31bacea1 100644 --- a/ui/src/app/applications/components/application-details/application-resource-list.tsx +++ b/ui/src/app/applications/components/application-details/application-resource-list.tsx @@ -1,18 +1,19 @@ -import {DropDown} from 'argo-ui'; +import {DropDown, Tooltip} from 'argo-ui'; import * as React from 'react'; import * as classNames from 'classnames'; import * as models from '../../../shared/models'; import {ResourceIcon} from '../resource-icon'; import {ResourceLabel} from '../resource-label'; -import {ComparisonStatusIcon, HealthStatusIcon, nodeKey, createdOrNodeKey} from '../utils'; +import {ComparisonStatusIcon, HealthStatusIcon, nodeKey, createdOrNodeKey, isSameNode} from '../utils'; +import {AppDetailsPreferences} from '../../../shared/services'; import {Consumer} from '../../../shared/context'; -import * as _ from 'lodash'; import Moment from 'react-moment'; import {format} from 'date-fns'; -import {ResourceNode, ResourceRef} from '../../../shared/models'; +import {ResourceNode} from '../../../shared/models'; import './application-resource-list.scss'; export interface ApplicationResourceListProps { + pref: AppDetailsPreferences; resources: models.ResourceStatus[]; onNodeClick?: (fullName: string) => any; nodeMenu?: (node: models.ResourceNode) => React.ReactNode; @@ -20,29 +21,25 @@ export interface ApplicationResourceListProps { } export const ApplicationResourceList = (props: ApplicationResourceListProps) => { - function getResNode(nodes: ResourceNode[], nodeId: string): models.ResourceNode { - for (const node of nodes) { - if (nodeKey(node) === nodeId) { - return node; - } - } - return null; - } - const parentNode = ((props.resources || []).length > 0 && (getResNode(props.tree.nodes, nodeKey(props.resources[0])) as ResourceNode)?.parentRefs?.[0]) || ({} as ResourceRef); - const searchParams = new URLSearchParams(window.location.search); - const view = searchParams.get('view'); + const nodeByKey = new Map(); + props.tree?.nodes?.forEach(res => nodeByKey.set(nodeKey(res), res)); + + const firstParentNode = props.resources.length > 0 && (nodeByKey.get(nodeKey(props.resources[0])) as ResourceNode)?.parentRefs?.[0]; + const isSameParent = firstParentNode && props.resources?.every(x => (nodeByKey.get(nodeKey(x)) as ResourceNode)?.parentRefs?.every(p => isSameNode(p, firstParentNode))); + const isSameKind = props.resources?.every(x => x.group === props.resources[0].group && x.kind === props.resources[0].kind); + const view = props.pref.view; const ParentRefDetails = () => { - return Object.keys(parentNode).length > 0 ? ( + return isSameParent ? (
            Parent Node Info
            Name:
            -
            {parentNode?.name}
            +
            {firstParentNode.name}
            Kind:
            -
            {parentNode?.kind}
            +
            {firstParentNode.kind}
            ) : ( @@ -50,123 +47,126 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) => ); }; return ( -
            - {/* Display only when the view is set to or network */} - {(view === 'tree' || view === 'network') && ( -
            - -
            - )} -
            -
            -
            -
            -
            NAME
            -
            GROUP/KIND
            -
            SYNC ORDER
            -
            NAMESPACE
            - {(parentNode.kind === 'Rollout' || parentNode.kind === 'Deployment') &&
            REVISION
            } -
            CREATED AT
            -
            STATUS
            + props.resources.length > 0 && ( +
            + {/* Display only when the view is set to or network */} + {(view === 'tree' || view === 'network') && ( +
            +
            -
            - {props.resources - .sort((first, second) => -createdOrNodeKey(first).localeCompare(createdOrNodeKey(second))) - .map(res => ( -
            props.onNodeClick && props.onNodeClick(nodeKey(res))}> -
            -
            -
            - -
            -
            {ResourceLabel({kind: res.kind})}
            -
            -
            -
            - {res.name} - {res.kind === 'Application' && ( - - {ctx => ( - - e.stopPropagation()} - title='Open application'> - - - + )} +
            +
            +
            +
            +
            NAME
            +
            GROUP/KIND
            +
            SYNC ORDER
            +
            NAMESPACE
            + {isSameKind && props.resources[0].kind === 'ReplicaSet' &&
            REVISION
            } +
            CREATED AT
            +
            STATUS
            +
            +
            + {props.resources + .sort((first, second) => -createdOrNodeKey(first).localeCompare(createdOrNodeKey(second))) + .map(res => { + const groupkindjoin = [res.group, res.kind].filter(item => !!item).join('/'); + return ( +
            props.onNodeClick && props.onNodeClick(nodeKey(res))}> +
            +
            +
            + +
            +
            {ResourceLabel({kind: res.kind})}
            +
            +
            + +
            + {res.name} + {res.kind === 'Application' && ( + + {ctx => ( + + e.stopPropagation()} + title='Open application'> + + + + )} + + )} +
            +             + +
            {groupkindjoin}
            +             + +
            {res.syncWave || '-'}
            +             + +
            {res.namespace}
            +             + {isSameKind && + res.kind === 'ReplicaSet' && + ((nodeByKey.get(nodeKey(res)) as ResourceNode).info || []) + .filter(tag => !tag.name.includes('Node')) + .slice(0, 4) + .map((tag, i) => { + return ( +
            + {tag?.value?.split(':')[1] || '-'} +
            + ); + })} + +
            + {res.createdAt && ( + + + {res.createdAt} + +  ago   {format(new Date(res.createdAt), 'MM/dd/yy')} + + )} +
            +             +
            + {res.health && ( + + {res.health.status}   + )} - - )} -
            -
            {[res.group, res.kind].filter(item => !!item).join('/')}
            -
            {res.syncWave || '-'}
            -
            {res.namespace}
            - {res.kind === 'ReplicaSet' && - ((getResNode(props.tree.nodes, nodeKey(res)) as ResourceNode).info || []) - .filter(tag => !tag.name.includes('Node')) - .slice(0, 4) - .map((tag, i) => { - return ( -
            - {tag?.value?.split(':')[1] || '-'} + {res.status && } + {res.hook && } + {props.nodeMenu && ( +
            + ( + + )}> + {() => props.nodeMenu(nodeByKey.get(nodeKey(res)))} +
            - ); - })} - -
            - {res.createdAt && ( - - - {res.createdAt} - -  ago   {format(new Date(res.createdAt), 'MM/dd/yy')} - - )} -
            -
            - {res.health && ( - - {res.health.status}   - - )} - {res.status && } - {res.hook && } - {props.nodeMenu && ( -
            - ( - - )}> - {() => - props.nodeMenu({ - name: res.name, - version: res.version, - kind: res.kind, - namespace: res.namespace, - group: res.group, - info: null, - uid: '', - resourceVersion: null, - parentRefs: [] - }) - } - + )}
            - )} +
            -
            -
            - ))} + ); + })} +
            -
            + ) ); }; diff --git a/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.tsx b/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.tsx index c7e669f46dded..03baa4e44e655 100644 --- a/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.tsx +++ b/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.tsx @@ -15,6 +15,7 @@ export const ApplicationFullscreenLogs = (props: RouteComponentProps<{name: stri const group = q.get('group'); const kind = q.get('kind'); const title = `${podName || `${group}/${kind}/${name}`}:${props.match.params.container}`; + const fullscreen = true; return (
            @@ -28,6 +29,7 @@ export const ApplicationFullscreenLogs = (props: RouteComponentProps<{name: stri kind={kind} name={name} podName={podName} + fullscreen={fullscreen} />
            ); diff --git a/ui/src/app/applications/components/application-parameters/application-parameters.tsx b/ui/src/app/applications/components/application-parameters/application-parameters.tsx index 3028c3a13725c..6ab9134343167 100644 --- a/ui/src/app/applications/components/application-parameters/application-parameters.tsx +++ b/ui/src/app/applications/components/application-parameters/application-parameters.tsx @@ -189,10 +189,10 @@ export const ApplicationParameters = (props: { } else { const v: models.ApplicationSource[] = new Array(); v.push(app.spec.source); - return getEditablePanel(attributes, props.details, 0, v); + return getEditablePanel(attributes, props.details, 0, v, true); } - function getEditablePanel(panel: EditablePanelItem[], repoAppDetails: models.RepoAppDetails, ind: number, sources: models.ApplicationSource[]): any { + function getEditablePanel(panel: EditablePanelItem[], repoAppDetails: models.RepoAppDetails, ind: number, sources: models.ApplicationSource[], isSingleSource?: boolean): any { const src: models.ApplicationSource = sources[ind]; let descriptionCollapsed: string; let floatingTitle: string; @@ -230,6 +230,8 @@ export const ApplicationParameters = (props: { save={ props.save && (async (input: models.Application) => { + const updatedSrc = isSingleSource ? input.spec.source : input.spec.sources[ind]; + function isDefined(item: any) { return item !== null && item !== undefined; } @@ -237,19 +239,21 @@ export const ApplicationParameters = (props: { return item !== null && item !== undefined && item.match(/:/); } - if (src.helm && src.helm.parameters) { - src.helm.parameters = src.helm.parameters.filter(isDefined); + if (updatedSrc.helm && updatedSrc.helm.parameters) { + updatedSrc.helm.parameters = updatedSrc.helm.parameters.filter(isDefined); } - if (src.kustomize && src.kustomize.images) { - src.kustomize.images = src.kustomize.images.filter(isDefinedWithVersion); + if (updatedSrc.kustomize && updatedSrc.kustomize.images) { + updatedSrc.kustomize.images = updatedSrc.kustomize.images.filter(isDefinedWithVersion); } let params = input.spec?.source?.plugin?.parameters; if (params) { for (const param of params) { if (param.map && param.array) { + // eslint-disable-next-line @typescript-eslint/ban-ts-comment // @ts-ignore param.map = param.array.reduce((acc, {name, value}) => { + // eslint-disable-next-line @typescript-eslint/ban-ts-comment // @ts-ignore acc[name] = value; return acc; @@ -262,7 +266,7 @@ export const ApplicationParameters = (props: { input.spec.source.plugin.parameters = params; } if (input.spec.source.helm && input.spec.source.helm.valuesObject) { - input.spec.source.helm.valuesObject = jsYaml.safeLoad(input.spec.source.helm.values); // Deserialize json + input.spec.source.helm.valuesObject = jsYaml.load(input.spec.source.helm.values); // Deserialize json input.spec.source.helm.values = ''; } await props.save(input, {}); @@ -283,7 +287,7 @@ export const ApplicationParameters = (props: { } if (updatedApp.spec.source.helm && updatedApp.spec.source.helm.values) { - const parsedValues = jsYaml.safeLoad(updatedApp.spec.source.helm.values); + const parsedValues = jsYaml.load(updatedApp.spec.source.helm.values); errors['spec.source.helm.values'] = typeof parsedValues === 'object' ? null : 'Values must be a map'; } @@ -320,6 +324,7 @@ function gatherDetails( setAppParamsDeletedState: any ): EditablePanelItem[] { const hasMultipleSources = app.spec.sources && app.spec.sources.length > 0; + // eslint-disable-next-line no-prototype-builtins const isHelm = source.hasOwnProperty('chart'); if (hasMultipleSources) { attributes.push({ @@ -481,7 +486,7 @@ function gatherDetails( } } else if (repoDetails.type === 'Helm' && repoDetails.helm) { const isValuesObject = source?.helm?.valuesObject; - const helmValues = isValuesObject ? jsYaml.safeDump(source.helm.valuesObject) : source?.helm?.values; + const helmValues = isValuesObject ? jsYaml.dump(source.helm.valuesObject) : source?.helm?.values; attributes.push({ title: 'VALUES FILES', view: (source.helm && (source.helm.valueFiles || []).join(', ')) || 'No values files selected', diff --git a/ui/src/app/applications/components/application-parameters/kustomize-image.test.ts b/ui/src/app/applications/components/application-parameters/kustomize-image.test.ts index 471228d780523..75106fc301513 100644 --- a/ui/src/app/applications/components/application-parameters/kustomize-image.test.ts +++ b/ui/src/app/applications/components/application-parameters/kustomize-image.test.ts @@ -1,4 +1,4 @@ -import { format, parse } from './kustomize-image'; +import {format, parse} from './kustomize-image'; test('parse image version override', () => { const image = parse('foo/bar:v1.0.0'); @@ -8,7 +8,7 @@ test('parse image version override', () => { }); test('format image version override', () => { - const formatted = format({ name: 'foo/bar', newTag: 'v1.0.0' }); + const formatted = format({name: 'foo/bar', newTag: 'v1.0.0'}); expect(formatted).toBe('foo/bar:v1.0.0'); }); @@ -21,7 +21,7 @@ test('parse image name override', () => { }); test('format image name override', () => { - const formatted = format({ name: 'foo/bar', newTag: 'v1.0.0', newName: 'foo/bar1' }); + const formatted = format({name: 'foo/bar', newTag: 'v1.0.0', newName: 'foo/bar1'}); expect(formatted).toBe('foo/bar=foo/bar1:v1.0.0'); }); @@ -33,6 +33,6 @@ test('parse image digest override', () => { }); test('format image digest override', () => { - const formatted = format({ name: 'foo/bar', digest: 'sha:123' }); + const formatted = format({name: 'foo/bar', digest: 'sha:123'}); expect(formatted).toBe('foo/bar@sha:123'); }); diff --git a/ui/src/app/applications/components/application-pod-view/pod-view.tsx b/ui/src/app/applications/components/application-pod-view/pod-view.tsx index 2c1bb54770abf..caba162b82eba 100644 --- a/ui/src/app/applications/components/application-pod-view/pod-view.tsx +++ b/ui/src/app/applications/components/application-pod-view/pod-view.tsx @@ -11,7 +11,7 @@ import {PodViewPreferences, services, ViewPreferences} from '../../../shared/ser import {ResourceTreeNode} from '../application-resource-tree/application-resource-tree'; import {ResourceIcon} from '../resource-icon'; import {ResourceLabel} from '../resource-label'; -import {ComparisonStatusIcon, isYoungerThanXMinutes, HealthStatusIcon, nodeKey, PodHealthIcon, deletePodAction} from '../utils'; +import {ComparisonStatusIcon, isYoungerThanXMinutes, HealthStatusIcon, nodeKey, PodHealthIcon} from '../utils'; import './pod-view.scss'; import {PodTooltip} from './pod-tooltip'; @@ -145,9 +145,7 @@ export class PodView extends React.Component {
            ) : null} - {group.info?.map(infoItem => ( -
            {infoItem.value}
            - ))} + {group.info?.map(infoItem =>
            {infoItem.value}
            )}
            )}
            @@ -159,83 +157,43 @@ export class PodView extends React.Component { )}
            - {group.pods.map(pod => ( - ( - } - popperOptions={{ - modifiers: { - preventOverflow: { - enabled: true - }, - hide: { - enabled: false - }, - flip: { - enabled: false - } - } - }} - key={pod.metadata.name}> -
            - {isYoungerThanXMinutes(pod, 30) && ( - - )} -
            - -
            -
            -             - )} - items={[ - { - title: ( - - Info - - ), - action: () => this.props.onItemClick(pod.fullName) - }, - { - title: ( - - Logs - - ), - action: () => { - this.appContext.apis.navigation.goto('.', {node: pod.fullName, tab: 'logs'}, {replace: true}); - } - }, - { - title: ( - - Exec - - ), - action: () => { - this.appContext.apis.navigation.goto('.', {node: pod.fullName, tab: 'exec'}, {replace: true}); - } - }, - { - title: ( - - Delete - - ), - action: () => { - deletePodAction( - pod, - this.appContext, - this.props.app.metadata.name, - this.props.app.metadata.namespace - ); - } - } - ]} - /> - ))} + {group.pods.map( + pod => + this.props.nodeMenu && ( + ( + } + popperOptions={{ + modifiers: { + preventOverflow: { + enabled: true + }, + hide: { + enabled: false + }, + flip: { + enabled: false + } + } + }} + key={pod.metadata.name}> +
            + {isYoungerThanXMinutes(pod, 30) && ( + + )} +
            + +
            +
            +             + )}> + {() => this.props.nodeMenu(pod)} +             + ) + )}
            PODS
            {(podPrefs.sortMode === 'parentResource' || podPrefs.sortMode === 'topLevelResource') && ( diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.test.tsx b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.test.tsx index d9918fb28523d..45a7797aa9a0f 100644 --- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.test.tsx +++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.test.tsx @@ -1,93 +1,109 @@ -import {compareNodes, describeNode, ResourceTreeNode} from "./application-resource-tree"; +import {compareNodes, describeNode, ResourceTreeNode} from './application-resource-tree'; -test("describeNode.NoImages", () => { - expect(describeNode({ - kind: "my-kind", - name: "my-name", - namespace: "my-ns", - } as ResourceTreeNode)).toBe(`Kind: my-kind +test('describeNode.NoImages', () => { + expect( + describeNode({ + kind: 'my-kind', + name: 'my-name', + namespace: 'my-ns', + } as ResourceTreeNode), + ).toBe(`Kind: my-kind Namespace: my-ns -Name: my-name`) +Name: my-name`); }); -test("describeNode.Images", () => { - expect(describeNode({ - kind: "my-kind", - name: "my-name", - namespace: "my-ns", - images: ['my-image:v1'], - } as ResourceTreeNode)).toBe(`Kind: my-kind +test('describeNode.Images', () => { + expect( + describeNode({ + kind: 'my-kind', + name: 'my-name', + namespace: 'my-ns', + images: ['my-image:v1'], + } as ResourceTreeNode), + ).toBe(`Kind: my-kind Namespace: my-ns Name: my-name Images: -- my-image:v1`) +- my-image:v1`); }); -test("compareNodes", () => { +test('compareNodes', () => { const nodes = [ - { - resourceVersion: "1", - name: "a", - info: [{ - "name": "Revision", - "value": "Rev:1" - }], - } as ResourceTreeNode, - { - orphaned: false, - resourceVersion: "1", - name: "a", - info: [{ - "name": "Revision", - "value": "Rev:1" - }], - } as ResourceTreeNode, - { - orphaned: false, - resourceVersion: "1", - name: "b", - info: [{ - "name": "Revision", - "value": "Rev:1" - }], - } as ResourceTreeNode, - { - orphaned: false, - resourceVersion: "2", - name: "a", - info: [{ - "name": "Revision", - "value": "Rev:2" - }], - } as ResourceTreeNode, - { - orphaned: false, - resourceVersion: "2", - name: "b", - info: [{ - "name": "Revision", - "value": "Rev:2" - }], - } as ResourceTreeNode, - { - orphaned: true, - resourceVersion: "1", - name: "a", - info: [{ - "name": "Revision", - "value": "Rev:1" - }], - } as ResourceTreeNode, + { + resourceVersion: '1', + name: 'a', + info: [ + { + name: 'Revision', + value: 'Rev:1', + }, + ], + } as ResourceTreeNode, + { + orphaned: false, + resourceVersion: '1', + name: 'a', + info: [ + { + name: 'Revision', + value: 'Rev:1', + }, + ], + } as ResourceTreeNode, + { + orphaned: false, + resourceVersion: '1', + name: 'b', + info: [ + { + name: 'Revision', + value: 'Rev:1', + }, + ], + } as ResourceTreeNode, + { + orphaned: false, + resourceVersion: '2', + name: 'a', + info: [ + { + name: 'Revision', + value: 'Rev:2', + }, + ], + } as ResourceTreeNode, + { + orphaned: false, + resourceVersion: '2', + name: 'b', + info: [ + { + name: 'Revision', + value: 'Rev:2', + }, + ], + } as ResourceTreeNode, + { + orphaned: true, + resourceVersion: '1', + name: 'a', + info: [ + { + name: 'Revision', + value: 'Rev:1', + }, + ], + } as ResourceTreeNode, ]; - expect(compareNodes(nodes[0], nodes[1])).toBe(0) - expect(compareNodes(nodes[2], nodes[1])).toBe(1) - expect(compareNodes(nodes[1], nodes[2])).toBe(-1) - expect(compareNodes(nodes[3], nodes[2])).toBe(-1) - expect(compareNodes(nodes[2], nodes[3])).toBe(1) - expect(compareNodes(nodes[4], nodes[3])).toBe(1) - expect(compareNodes(nodes[3], nodes[4])).toBe(-1) - expect(compareNodes(nodes[5], nodes[4])).toBe(1) - expect(compareNodes(nodes[4], nodes[5])).toBe(-1) - expect(compareNodes(nodes[0], nodes[4])).toBe(-1) - expect(compareNodes(nodes[4], nodes[0])).toBe(1) + expect(compareNodes(nodes[0], nodes[1])).toBe(0); + expect(compareNodes(nodes[2], nodes[1])).toBe(1); + expect(compareNodes(nodes[1], nodes[2])).toBe(-1); + expect(compareNodes(nodes[3], nodes[2])).toBe(-1); + expect(compareNodes(nodes[2], nodes[3])).toBe(1); + expect(compareNodes(nodes[4], nodes[3])).toBe(1); + expect(compareNodes(nodes[3], nodes[4])).toBe(-1); + expect(compareNodes(nodes[5], nodes[4])).toBe(1); + expect(compareNodes(nodes[4], nodes[5])).toBe(-1); + expect(compareNodes(nodes[0], nodes[4])).toBe(-1); + expect(compareNodes(nodes[4], nodes[0])).toBe(1); }); diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx index 06ba5e331e041..0e1cfb9a00783 100644 --- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx +++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx @@ -1,4 +1,4 @@ -import {DropDown, DropDownMenu, Tooltip} from 'argo-ui'; +import {DropDown, Tooltip} from 'argo-ui'; import * as classNames from 'classnames'; import * as dagre from 'dagre'; import * as React from 'react'; @@ -15,7 +15,6 @@ import {ResourceLabel} from '../resource-label'; import { BASE_COLORS, ComparisonStatusIcon, - deletePodAction, getAppOverridesCount, HealthStatusIcon, isAppNode, @@ -94,15 +93,7 @@ const NODE_TYPES = { podGroup: 'pod_group' }; // generate lots of colors with different darkness -const TRAFFIC_COLORS = [0, 0.25, 0.4, 0.6] - .map(darken => - BASE_COLORS.map(item => - color(item) - .darken(darken) - .hex() - ) - ) - .reduce((first, second) => first.concat(second), []); +const TRAFFIC_COLORS = [0, 0.25, 0.4, 0.6].map(darken => BASE_COLORS.map(item => color(item).darken(darken).hex())).reduce((first, second) => first.concat(second), []); function getGraphSize(nodes: dagre.Node[]): {width: number; height: number} { let width = 0; @@ -600,83 +591,58 @@ function renderPodGroupByStatus(props: ApplicationResourceTreeProps, node: any,
            ) : ( - pods.map(pod => ( - ( - - {pod.metadata.name} -
            Health: {pod.health}
            - {pod.createdAt && ( - - Created: - - {pod.createdAt} - - ago ({{pod.createdAt}}) - - )} -
            - } - popperOptions={{ - modifiers: { - preventOverflow: { - enabled: true - }, - hide: { - enabled: false - }, - flip: { - enabled: false + pods.map( + pod => + props.nodeMenu && ( + ( + + {pod.metadata.name} +
            Health: {pod.health}
            + {pod.createdAt && ( + + Created: + + {pod.createdAt} + + ago ({{pod.createdAt}}) + + )} +
            } - } - }} - key={pod.metadata.name}> -
            - {isYoungerThanXMinutes(pod, 30) && ( - - )} -
            - -
            -
            - - )} - items={[ - { - title: ( - - Info - - ), - action: () => props.onNodeClick(pod.fullName) - }, - { - title: ( - - Logs - - ), - action: () => { - props.appContext.apis.navigation.goto('.', {node: pod.fullName, tab: 'logs'}, {replace: true}); - } - }, - { - title: ( - - Delete - - ), - action: () => { - deletePodAction(pod, props.appContext, props.app.metadata.name, props.app.metadata.namespace); - } - } - ]} - /> - )) + popperOptions={{ + modifiers: { + preventOverflow: { + enabled: true + }, + hide: { + enabled: false + }, + flip: { + enabled: false + } + } + }} + key={pod.metadata.name}> +
            + {isYoungerThanXMinutes(pod, 30) && ( + + )} +
            + +
            +
            + + )}> + {() => props.nodeMenu(pod)} + + ) + ) )}
            ); @@ -892,7 +858,8 @@ export const ApplicationResourceTree = (props: ApplicationResourceTreeProps) => resourceVersion: props.app.metadata.resourceVersion, group: 'argoproj.io', version: '', - children: Array(), + // @ts-expect-error its not any + children: [], status: props.app.status.sync.status, health: props.app.status.health, uid: props.app.kind + '-' + props.app.metadata.namespace + '-' + props.app.metadata.name, @@ -1035,7 +1002,7 @@ export const ApplicationResourceTree = (props: ApplicationResourceTreeProps) => const loadBalancers = root.networkingInfo.ingress.map(ingress => ingress.hostname || ingress.ip); const colorByService = new Map(); (childrenByParentKey.get(treeNodeKey(root)) || []).forEach((child, i) => colorByService.set(treeNodeKey(child), TRAFFIC_COLORS[i % TRAFFIC_COLORS.length])); - (childrenByParentKey.get(treeNodeKey(root)) || []).sort(compareNodes).forEach((child, i) => { + (childrenByParentKey.get(treeNodeKey(root)) || []).sort(compareNodes).forEach(child => { processNode(child, root, [colorByService.get(treeNodeKey(child))]); }); if (root.podGroup && props.showCompactNodes) { diff --git a/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx b/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx index 18eb941981a37..f21dbe326fa41 100644 --- a/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx +++ b/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx @@ -20,8 +20,8 @@ export const ApplicationResourcesDiff = (props: ApplicationResourcesDiffProps) = const diffText = props.states .map(state => { return { - a: state.normalizedLiveState ? jsYaml.safeDump(state.normalizedLiveState, {indent: 2}) : '', - b: state.predictedLiveState ? jsYaml.safeDump(state.predictedLiveState, {indent: 2}) : '', + a: state.normalizedLiveState ? jsYaml.dump(state.normalizedLiveState, {indent: 2}) : '', + b: state.predictedLiveState ? jsYaml.dump(state.predictedLiveState, {indent: 2}) : '', hook: state.hook, // doubles as sort order name: (state.group || '') + '/' + state.kind + '/' + (state.namespace ? state.namespace + '/' : '') + state.name diff --git a/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx b/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx index 48b72de19551e..c9e6f9265f208 100644 --- a/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx +++ b/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx @@ -1,3 +1,4 @@ +/* eslint-disable no-prototype-builtins */ import * as React from 'react'; import {FormApi, NestedForm, Text, Form} from 'react-form'; import {Checkbox, FormField} from 'argo-ui'; @@ -7,6 +8,7 @@ import * as models from '../../../shared/models'; import './application-retry-options.scss'; +// eslint-disable-next-line no-useless-escape const durationRegex = /^([\d\.]+[HMS])+$/i; const durationRegexError = 'Should be 1h10m10s/10h10m/10m/10s'; diff --git a/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx b/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx index a97d9d5b98609..0baeca32ce6ee 100644 --- a/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx +++ b/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx @@ -21,6 +21,6 @@ const retryOptionsView: Array<(initData: models.RetryStrategy) => React.ReactNod ]; export const ApplicationRetryView = ({initValues}: {initValues?: models.RetryStrategy}) => { - const result = !initValues ? 'Retry disabled' : retryOptionsView.map((render, i) => render(initValues)); + const result = !initValues ? 'Retry disabled' : retryOptionsView.map(render => render(initValues)); return
            {result}
            ; }; diff --git a/ui/src/app/applications/components/application-summary/application-summary.tsx b/ui/src/app/applications/components/application-summary/application-summary.tsx index 83916a001860e..702030be3b288 100644 --- a/ui/src/app/applications/components/application-summary/application-summary.tsx +++ b/ui/src/app/applications/components/application-summary/application-summary.tsx @@ -1,3 +1,4 @@ +/* eslint-disable no-prototype-builtins */ import {AutocompleteField, DropDownMenu, ErrorNotification, FormField, FormSelect, HelpIcon, NotificationType} from 'argo-ui'; import * as React from 'react'; import {FormApi, Text} from 'react-form'; diff --git a/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx b/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx index 1d774cd9cd4df..d1b2d597079a1 100644 --- a/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx +++ b/ui/src/app/applications/components/application-summary/edit-notification-subscriptions.tsx @@ -10,6 +10,7 @@ import './edit-notification-subscriptions.scss'; export const NOTIFICATION_SUBSCRIPTION_ANNOTATION_PREFIX = 'notifications.argoproj.io/subscribe'; +// eslint-disable-next-line no-useless-escape export const NOTIFICATION_SUBSCRIPTION_ANNOTATION_REGEX = new RegExp(`^notifications\.argoproj\.io\/subscribe\.[a-zA-Z-]{1,100}\.[a-zA-Z-]{1,100}$`); export type TNotificationSubscription = { @@ -96,20 +97,22 @@ export const useEditNotificationSubscriptions = (annotations: models.Application const onRemoveSubscription = (idx: number) => idx >= 0 && setSubscriptions(subscriptions.filter((_, i) => i !== idx)); - const withNotificationSubscriptions = (updateApp: ApplicationSummaryProps['updateApp']) => (...args: Parameters) => { - const app = args[0]; + const withNotificationSubscriptions = + (updateApp: ApplicationSummaryProps['updateApp']) => + (...args: Parameters) => { + const app = args[0]; - const notificationSubscriptionsRaw = notificationSubscriptionsParser.subscriptionsToAnnotations(subscriptions); + const notificationSubscriptionsRaw = notificationSubscriptionsParser.subscriptionsToAnnotations(subscriptions); - if (Object.keys(notificationSubscriptionsRaw)?.length) { - app.metadata.annotations = { - ...notificationSubscriptionsRaw, - ...(app.metadata.annotations || {}) - }; - } + if (Object.keys(notificationSubscriptionsRaw)?.length) { + app.metadata.annotations = { + ...notificationSubscriptionsRaw, + ...(app.metadata.annotations || {}) + }; + } - return updateApp(app, args[1]); - }; + return updateApp(app, args[1]); + }; const onResetNotificationSubscriptions = () => setSubscriptions(notificationSubscriptionsParser.annotationsToSubscriptions(annotations)); diff --git a/ui/src/app/applications/components/application-urls.test.ts b/ui/src/app/applications/components/application-urls.test.ts index a3093a5a29c1d..74a0dfc20e3c0 100644 --- a/ui/src/app/applications/components/application-urls.test.ts +++ b/ui/src/app/applications/components/application-urls.test.ts @@ -1,4 +1,4 @@ -import { ExternalLink, ExternalLinks, InvalidExternalLinkError } from './application-urls'; +import {ExternalLink, ExternalLinks, InvalidExternalLinkError} from './application-urls'; test('rejects malicious URLs', () => { expect(() => { @@ -29,24 +29,19 @@ test('allows relative URLs', () => { expect(new ExternalLink('/applications').ref).toEqual('/applications'); }); - test('URLs format', () => { expect(new ExternalLink('https://localhost:8080/applications')).toEqual({ ref: 'https://localhost:8080/applications', title: 'https://localhost:8080/applications', - }) + }); expect(new ExternalLink('title|https://localhost:8080/applications')).toEqual({ ref: 'https://localhost:8080/applications', title: 'title', - }) + }); }); - test('malicious URLs from list to be removed', () => { - const urls: string[] = [ - 'javascript:alert("hi")', - 'https://localhost:8080/applications', - ] + const urls: string[] = ['javascript:alert("hi")', 'https://localhost:8080/applications']; const links = ExternalLinks(urls); expect(links).toHaveLength(1); @@ -56,16 +51,8 @@ test('malicious URLs from list to be removed', () => { }); }); - test('list to be sorted', () => { - const urls: string[] = [ - 'https://a', - 'https://b', - 'a|https://c', - 'z|https://c', - 'x|https://d', - 'x|https://c', - ] + const urls: string[] = ['https://a', 'https://b', 'a|https://c', 'z|https://c', 'x|https://d', 'x|https://c']; const links = ExternalLinks(urls); // 'a|https://c', @@ -75,12 +62,12 @@ test('list to be sorted', () => { // 'https://a', // 'https://b', expect(links).toHaveLength(6); - expect(links[0].title).toEqual('a') - expect(links[1].title).toEqual('x') - expect(links[1].ref).toEqual('https://c') - expect(links[2].title).toEqual('x') - expect(links[2].ref).toEqual('https://d') - expect(links[3].title).toEqual('z') - expect(links[4].title).toEqual('https://a') - expect(links[5].title).toEqual('https://b') + expect(links[0].title).toEqual('a'); + expect(links[1].title).toEqual('x'); + expect(links[1].ref).toEqual('https://c'); + expect(links[2].title).toEqual('x'); + expect(links[2].ref).toEqual('https://d'); + expect(links[3].title).toEqual('z'); + expect(links[4].title).toEqual('https://a'); + expect(links[5].title).toEqual('https://b'); }); diff --git a/ui/src/app/applications/components/applications-list/applications-status-bar.tsx b/ui/src/app/applications/components/applications-list/applications-status-bar.tsx index c20b5612d121f..d1b4f8a460a14 100644 --- a/ui/src/app/applications/components/applications-list/applications-status-bar.tsx +++ b/ui/src/app/applications/components/applications-list/applications-status-bar.tsx @@ -53,7 +53,7 @@ export const ApplicationsStatusBar = ({applications}: ApplicationsStatusBarProps return ( - {ctx => ( + {() => ( <> {totalItems > 1 && (
            diff --git a/ui/src/app/applications/components/applications-list/applications-summary.tsx b/ui/src/app/applications/components/applications-list/applications-summary.tsx index 0a77350fd1127..efff821a01def 100644 --- a/ui/src/app/applications/components/applications-list/applications-summary.tsx +++ b/ui/src/app/applications/components/applications-list/applications-summary.tsx @@ -40,7 +40,7 @@ export const ApplicationsSummary = ({applications}: {applications: models.Applic }, { title: 'CLUSTERS', - value: new Set(applications.map(app => app.spec.destination.server)).size + value: new Set(applications.map(app => app.spec.destination.server || app.spec.destination.name)).size }, { title: 'NAMESPACES', diff --git a/ui/src/app/applications/components/applications-list/applications-table.tsx b/ui/src/app/applications/components/applications-list/applications-table.tsx index a34ea5d4d2191..a024059e16e5b 100644 --- a/ui/src/app/applications/components/applications-list/applications-table.tsx +++ b/ui/src/app/applications/components/applications-list/applications-table.tsx @@ -140,9 +140,21 @@ export const ApplicationsTable = (props: { )} items={[ - {title: 'Sync', action: () => props.syncApplication(app.metadata.name, app.metadata.namespace)}, - {title: 'Refresh', action: () => props.refreshApplication(app.metadata.name, app.metadata.namespace)}, - {title: 'Delete', action: () => props.deleteApplication(app.metadata.name, app.metadata.namespace)} + { + title: 'Sync', + iconClassName: 'fa fa-fw fa-sync', + action: () => props.syncApplication(app.metadata.name, app.metadata.namespace) + }, + { + title: 'Refresh', + iconClassName: 'fa fa-fw fa-redo', + action: () => props.refreshApplication(app.metadata.name, app.metadata.namespace) + }, + { + title: 'Delete', + iconClassName: 'fa fa-fw fa-times-circle', + action: () => props.deleteApplication(app.metadata.name, app.metadata.namespace) + } ]} />
            diff --git a/ui/src/app/applications/components/label-selector.ts b/ui/src/app/applications/components/label-selector.ts index 86909ee0d116b..7814e068052c8 100644 --- a/ui/src/app/applications/components/label-selector.ts +++ b/ui/src/app/applications/components/label-selector.ts @@ -1,3 +1,4 @@ +/* eslint-disable no-prototype-builtins */ type operatorFn = (labels: {[name: string]: string}, key: string, values: string[]) => boolean; const operators: {[type: string]: operatorFn} = { diff --git a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx index 18778e2b848b2..719fb42b05cf4 100644 --- a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx +++ b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx @@ -39,6 +39,7 @@ export interface PodLogsProps { timestamp?: string; containerGroups?: any[]; onClickContainer?: (group: any, i: number, tab: string) => void; + fullscreen?: boolean; } // ansi colors, see https://en.wikipedia.org/wiki/ANSI_escape_code#Colors @@ -94,6 +95,7 @@ export const PodsLogsViewer = (props: PodLogsProps) => { useEffect(() => { // https://stackoverflow.com/questions/3561493/is-there-a-regexp-escape-function-in-javascript // matchNothing this is chosen instead of empty regexp, because that would match everything and break colored logs + // eslint-disable-next-line no-useless-escape setHighlight(filter === '' ? matchNothing : new RegExp(filter.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&'), 'g')); }, [filter]); diff --git a/ui/src/app/applications/components/resource-details/resource-details.tsx b/ui/src/app/applications/components/resource-details/resource-details.tsx index 1dfeb153d07ef..8dea158c9b22e 100644 --- a/ui/src/app/applications/components/resource-details/resource-details.tsx +++ b/ui/src/app/applications/components/resource-details/resource-details.tsx @@ -116,7 +116,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { } ]); } - if (selectedNode.kind === 'Pod' && execEnabled && execAllowed) { + if (selectedNode?.kind === 'Pod' && execEnabled && execAllowed) { tabs = tabs.concat([ { key: 'exec', @@ -264,6 +264,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { }))) || []; let podState: State; + let childResources: models.ResourceNode[] = []; if (selectedNode.kind === 'Pod') { podState = liveState; } else { @@ -271,6 +272,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { if (childPod) { podState = await services.applications.getResource(application.metadata.name, application.metadata.namespace, childPod).catch(() => null); } + childResources = AppUtils.findChildResources(selectedNode, tree); } const settings = await services.authService.settings(); @@ -278,7 +280,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { const logsAllowed = await services.accounts.canI('logs', 'get', application.spec.project + '/' + application.metadata.name); const execAllowed = execEnabled && (await services.accounts.canI('exec', 'create', application.spec.project + '/' + application.metadata.name)); const links = await services.applications.getResourceLinks(application.metadata.name, application.metadata.namespace, selectedNode).catch(() => null); - return {controlledState, liveState, events, podState, execEnabled, execAllowed, logsAllowed, links}; + return {controlledState, liveState, events, podState, execEnabled, execAllowed, logsAllowed, links, childResources}; }}> {data => ( @@ -303,7 +305,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { SYNC {' '}