Closed renovate[bot] closed 1 month ago
In order to perform the update(s) described in the table above, Renovate ran the go get
command, which resulted in the following additional change(s):
Details:
Package | Change |
---|---|
github.com/ProtonMail/go-crypto |
v0.0.0-20230923063757-afb1ddc0824c -> v1.0.0 |
github.com/alibabacloud-go/tea |
v1.2.1 -> v1.2.2 |
github.com/aws/aws-sdk-go-v2/service/ecr |
v1.24.6 -> v1.24.7 |
github.com/aws/aws-sdk-go-v2/service/ecrpublic |
v1.21.5 -> v1.21.6 |
github.com/awslabs/amazon-ecr-credential-helper/ecr-login |
v0.0.0-20231213181459-b0fcec718dc6 -> v0.0.0-20240116161626-88cfadc80e8f |
github.com/docker/cli |
v24.0.7+incompatible -> v25.0.1+incompatible |
github.com/docker/docker |
v24.0.9+incompatible -> v25.0.5+incompatible |
github.com/docker/docker-credential-helpers |
v0.8.0 -> v0.8.1 |
github.com/emicklei/proto |
v1.13.0 -> v1.13.2 |
github.com/evanphx/json-patch/v5 |
v5.8.0 -> v5.9.0 |
github.com/klauspost/compress |
v1.17.4 -> v1.17.5 |
github.com/letsencrypt/boulder |
v0.0.0-20231221180706-5972d43924a1 -> v0.0.0-20240127020530-97a19b18d21e |
github.com/protocolbuffers/txtpbfmt |
v0.0.0-20231025115547-084445ff1adf -> v0.0.0-20240116145035-ef3ab179eed6 |
github.com/sigstore/cosign/v2 |
v2.2.2 -> v2.2.4 |
github.com/sigstore/k8s-manifest-sigstore |
v0.5.1 -> v0.5.4 |
k8s.io/kubectl |
v0.29.0 -> v0.29.2 |
k8s.io/pod-security-admission |
v0.29.0 -> v0.29.2 |
This PR contains the following updates:
v1.11.4
->v1.12.5
Release Notes
kyverno/kyverno (github.com/kyverno/kyverno)
### [`v1.12.5`](https://togithub.com/kyverno/kyverno/releases/tag/v1.12.5) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.12.4...v1.12.5) #### β¨ Added β¨ - Added the circuit breaker for `ephemeralreports` generated from the admission events which is used to create policy reports ([#10499](https://togithub.com/kyverno/kyverno/issues/10499), [#10596](https://togithub.com/kyverno/kyverno/issues/10596), [#10610](https://togithub.com/kyverno/kyverno/issues/10610), [#10613](https://togithub.com/kyverno/kyverno/issues/10613)) - Added the circuit breaker for `updaterequests` which is used to apply generate and mutate existing rules ([#10382](https://togithub.com/kyverno/kyverno/issues/10382)) #### π Fixed π - Fixed an issue for generate policies to correctly validate patterns for old and new objects ([#10310](https://togithub.com/kyverno/kyverno/issues/10310)) - Fixed a CLI issue to get namespace's labels in the cluster mode ([#10348](https://togithub.com/kyverno/kyverno/issues/10348)) - Normalized Global Context event's reason to be inline with other policies ([#10395](https://togithub.com/kyverno/kyverno/issues/10395)) - Fixed the `ephemeralreports` to use generate name to avoid duplicate names ([#10491](https://togithub.com/kyverno/kyverno/issues/10491)) - Fixed notary tests ([#10579](https://togithub.com/kyverno/kyverno/issues/10579)) - Fixed to delete resources for the cleanup policy ([#10582](https://togithub.com/kyverno/kyverno/issues/10582)) - Fixed a log issue to not append cleanup policy names ([#10583](https://togithub.com/kyverno/kyverno/issues/10583)) - Fixed CEL policies to be applied to deleted resources ([#10611](https://togithub.com/kyverno/kyverno/issues/10611)) - Fixed an Json context issue to delete non-exist old values for `foreach` rules ([#10615](https://togithub.com/kyverno/kyverno/issues/10615)) - Renamed level 1 logs to INFO from DEBUG ([#10617](https://togithub.com/kyverno/kyverno/issues/10617)) - Truncated event messages to 1024 chars ([#10636](https://togithub.com/kyverno/kyverno/issues/10636)) - Fixed mutatingwebhookconfiguraition configured rules ([#10639](https://togithub.com/kyverno/kyverno/issues/10639)) #### π§ Others π§ - Refactored VAPs registrations ([#10014](https://togithub.com/kyverno/kyverno/issues/10014)) - Removed unused parameters ([#10330](https://togithub.com/kyverno/kyverno/issues/10330)) - Bumped Chainsaw ([#10345](https://togithub.com/kyverno/kyverno/issues/10345)) ### [`v1.12.4`](https://togithub.com/kyverno/kyverno/releases/tag/v1.12.4) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.12.3...v1.12.4) ### βImportant Notice β If you are running 1.12, please upgrade to this version to pick up the [fix](https://togithub.com/kyverno/kyverno/pull/10415) for the ephemeralreports piling-up issue. Check this post and understand how to recover from an ETCD outage: [Amazon EKS- managing and fixing ETCD database size](https://marcincuber.medium.com/amazon-eks-managing-and-fixing-etcd-database-size-b6fb875888cb) \[updated] If you are seeing consistent creation of ephemeralreports, you can: 1. disable reporting for admission events, please see [this comment](https://togithub.com/kyverno/kyverno/issues/10308#issuecomment-2167597580). 2. tune `--aggregationWorkers` to increase the capacity of consuming ephemeralreports, see [this comment](https://togithub.com/kyverno/kyverno/issues/10308#issuecomment-2178088816). It can be configured directly via the [container flag](https://kyverno.io/docs/installation/customization/#container-flags), or through Helm [extraArgs](https://togithub.com/kyverno/kyverno/blob/e64df59df/charts/kyverno/values.yaml#L2237). 3. as a user of Argo CD, check whether something is causing [continuous reconcile operations](https://argo-cd.readthedocs.io/en/stable/operator-manual/reconcile/). #### π Fixed π - Added condition checking to notary attestation verify chainsaw test ([https://github.com/kyverno/kyverno/pull/10288](https://togithub.com/kyverno/kyverno/pull/10288)) - Fixed a CLI issue to apply namespace labels in the cluster mode ([https://github.com/kyverno/kyverno/pull/10348](https://togithub.com/kyverno/kyverno/pull/10348)) - Fixed a gloabl context look up issue to return the error properly ([https://github.com/kyverno/kyverno/pull/10398](https://togithub.com/kyverno/kyverno/pull/10398)) - Fixed logging verbosity got the background scanner ([https://github.com/kyverno/kyverno/pull/10404](https://togithub.com/kyverno/kyverno/pull/10404)) - Shutdown the controller properly when the context is canceled ([https://github.com/kyverno/kyverno/pull/10415](https://togithub.com/kyverno/kyverno/pull/10415)) - Fixed duplicate updaterequest creation for background policies ([https://github.com/kyverno/kyverno/pull/10431](https://togithub.com/kyverno/kyverno/pull/10431)) #### π§ Others π§ - Bumped chainsaw ([https://github.com/kyverno/kyverno/pull/10345](https://togithub.com/kyverno/kyverno/pull/10345)) - Added chainsaw test for controllers leader election ([https://github.com/kyverno/kyverno/pull/10416](https://togithub.com/kyverno/kyverno/pull/10416)) ### [`v1.12.3`](https://togithub.com/kyverno/kyverno/releases/tag/v1.12.3) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.12.2...v1.12.3) ### βImportant Notice β If you are running 1.12, please upgrade to [v1.12.4](https://togithub.com/kyverno/kyverno/releases/tag/v1.12.4) to pick up the [fix](https://togithub.com/kyverno/kyverno/pull/10415) for the ephemeralreports piling-up issue. Check this post and understand how to recover from an ETCD outage: [Amazon EKS- managing and fixing ETCD database size](https://marcincuber.medium.com/amazon-eks-managing-and-fixing-etcd-database-size-b6fb875888cb) If you are seeing consistent creation of ephemeralreports, please track [this issue](https://togithub.com/kyverno/kyverno/issues/10308#issuecomment-2167597580) to avoid creation of too many ephemeralreports. #### β¨ Added β¨ - Added support for background scanning of existing resource in image verification ([#10311](https://togithub.com/kyverno/kyverno/issues/10311)) - Added a cleanup cronjob to delete updaterequests ([#10326](https://togithub.com/kyverno/kyverno/issues/10326)) - Added cleanup cronjobs for (cluster)ephemeralreports ([#10334](https://togithub.com/kyverno/kyverno/issues/10334)) - Add aggregation workers flag to configure (cluster)ephemeralreports consumer ([#10343](https://togithub.com/kyverno/kyverno/issues/10343)) #### π§ Others π§ - Removed unused parameters ([#10329](https://togithub.com/kyverno/kyverno/issues/10329)) ### [`v1.12.2`](https://togithub.com/kyverno/kyverno/releases/tag/v1.12.2) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.12.1...v1.12.2) ### βImportant Notice β If you are running 1.12, please upgrade to [v1.12.4](https://togithub.com/kyverno/kyverno/releases/tag/v1.12.4) to pick up the [fix](https://togithub.com/kyverno/kyverno/pull/10415) for the ephemeralreports piling-up issue. Check this post and understand how to recover from an ETCD outage: [Amazon EKS- managing and fixing ETCD database size](https://marcincuber.medium.com/amazon-eks-managing-and-fixing-etcd-database-size-b6fb875888cb) If you are seeing consistent creation of ephemeralreports, please track [this issue](https://togithub.com/kyverno/kyverno/issues/10308#issuecomment-2167597580) to avoid creation of too many ephemeralreports. #### β¨ Added β¨ - Added an option to allow kyverno apply command to continue on failure ([#10036](https://togithub.com/kyverno/kyverno/issues/10036)) ##### Helm - Added an option to configure webhook pod annotations ([#9875](https://togithub.com/kyverno/kyverno/issues/9875)) #### π Fixed π - Fixed missing CONNECT operation in the webhook config for `pod/exec` subresource ([#9855](https://togithub.com/kyverno/kyverno/issues/9855)) - Fixed an issue to evaluate multiple `policyexceptions` regardless of condition failures ([#9994](https://togithub.com/kyverno/kyverno/issues/9994)) - Fixed the VAPs generation issues for `pods/ephemeralcontainers`, resourceNames field ([#10162](https://togithub.com/kyverno/kyverno/issues/10162), [#10187](https://togithub.com/kyverno/kyverno/issues/10187), [#10208](https://togithub.com/kyverno/kyverno/issues/10208)) - Fixed the mutate existing policies to be applied on matched resources only ([#10164](https://togithub.com/kyverno/kyverno/issues/10164)) - Fixed an issue to skip generating VAPs for policies that match multiple resources with a namespace/object selector ([#10181](https://togithub.com/kyverno/kyverno/issues/10181)) - Fixed a CLI issue when the level parameter of the apply and test commands does not work ([#10216](https://togithub.com/kyverno/kyverno/issues/10216)) - Fixed CVEs ([#10225](https://togithub.com/kyverno/kyverno/issues/10225)) - Fixed an issue when applying multiple validate rules produces the wrong result ([#10236](https://togithub.com/kyverno/kyverno/issues/10236)) - Fixed context canceled issue when creating reports ([#10245](https://togithub.com/kyverno/kyverno/issues/10245)) - Fixed an issue in `foreach` mutate policies with `Descending` order defined causing unexpected patches ([#10252](https://togithub.com/kyverno/kyverno/issues/10252)) - Fixed an event generation issue when the size exceeds the limit ([#10255](https://togithub.com/kyverno/kyverno/issues/10255)) - Fixed operation-based webhook configuration issue when there are multiple policies matching the same kind ([#10262](https://togithub.com/kyverno/kyverno/issues/10262)) - Fixed flake VAPs tests ([#10263](https://togithub.com/kyverno/kyverno/issues/10263)) - Fixed a CLI issue when loading policies from the filesystem ([#10270](https://togithub.com/kyverno/kyverno/issues/10270)) - Fixed webhook configuration update loop ([#10274](https://togithub.com/kyverno/kyverno/issues/10274)) - Fixed an issue when a rule has both conditional and equality anchors defined ([https://github.com/kyverno/kyverno/issues/10117](https://togithub.com/kyverno/kyverno/issues/10117)) #### π§ Others π§ - Made CLI results count public ([#10177](https://togithub.com/kyverno/kyverno/issues/10177)) - Added a new linter `prealloc` to enforce slice declarations best practice ([#10250](https://togithub.com/kyverno/kyverno/issues/10250)) ### [`v1.12.1`](https://togithub.com/kyverno/kyverno/releases/tag/v1.12.1) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.12.0...v1.12.1) ### βImportant Notice β If you are running 1.12, please upgrade to [v1.12.4](https://togithub.com/kyverno/kyverno/releases/tag/v1.12.4) to pick up the [fix](https://togithub.com/kyverno/kyverno/pull/10415) for the ephemeralreports piling-up issue. Check this post and understand how to recover from an ETCD outage: [Amazon EKS- managing and fixing ETCD database size](https://marcincuber.medium.com/amazon-eks-managing-and-fixing-etcd-database-size-b6fb875888cb) If you are seeing consistent creation of ephemeralreports, please track [this issue](https://togithub.com/kyverno/kyverno/issues/10308#issuecomment-2167597580) to avoid creation of too many ephemeralreports. #### π Fixed π - Fixed return status when `celPreconditions.matchConditions` aren't met ([#9940](https://togithub.com/kyverno/kyverno/issues/9940)) - Fixed the CLI to evaluate `namespaceObject` for Kyverno policies ([#9977](https://togithub.com/kyverno/kyverno/issues/9977), [#9978](https://togithub.com/kyverno/kyverno/issues/9978)) - Fixed concurrent policy applications ([#10139](https://togithub.com/kyverno/kyverno/issues/10139)) - Fixed endless updates of policy status ([#10140](https://togithub.com/kyverno/kyverno/issues/10140)) - Fixed empty operations in mutating webhook configuration for a policy with a mixed types of rules ([#10146](https://togithub.com/kyverno/kyverno/issues/10146)) - Fixed endless policy reports reconciliation issue ([#10148](https://togithub.com/kyverno/kyverno/issues/10148)) - Fixed type conversion in jmespath context variables ([#10152](https://togithub.com/kyverno/kyverno/issues/10152)) #### π§ Others π§ - Fixed tests for codegen ([#9942](https://togithub.com/kyverno/kyverno/issues/9942)) - Removed unused parameters, packages ([#10007](https://togithub.com/kyverno/kyverno/issues/10007), [#10101](https://togithub.com/kyverno/kyverno/issues/10101)) - Refactored VAPs registration in the API server ([#10014](https://togithub.com/kyverno/kyverno/issues/10014)) - Updated performance testing docs for 1.12 ([#10116](https://togithub.com/kyverno/kyverno/issues/10116)) ### [`v1.12.0`](https://togithub.com/kyverno/kyverno/releases/tag/v1.12.0) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.11.5...v1.12.0) ### 1.12 Release Notes #### β Importance Notice β If you are running 1.12, please upgrade to [v1.12.4](https://togithub.com/kyverno/kyverno/releases/tag/v1.12.4) to pick up the [fix](https://togithub.com/kyverno/kyverno/pull/10415) for the ephemeralreports piling-up issue. Check this post and understand how to recover from an ETCD outage: [Amazon EKS- managing and fixing ETCD database size](https://marcincuber.medium.com/amazon-eks-managing-and-fixing-etcd-database-size-b6fb875888cb) If you are seeing consistent creation of ephemeralreports, please track [this issue](https://togithub.com/kyverno/kyverno/issues/10308#issuecomment-2167597580) to avoid creation of too many ephemeralreports. Several critical issues are found in 1.12.0 and are being closely monitored within the [1.12.1 milestone](https://togithub.com/kyverno/kyverno/milestone/89). Please hold your upgrade to this release until 1.12.1 comes out. #### β Breaking (Potentially) β - Policies using long-deprecated or invalid operators in conditions (ex., `In` and `NotIn`) will be blocked. Please see the current list of available operators [here](https://kyverno.io/docs/writing-policies/preconditions/#operators) ([#8624](https://togithub.com/kyverno/kyverno/issues/8624)) #### β¨ Added β¨ - Added a global cache via a new Custom Resource called GlobalContextEntry allowing caching of any resource ([#9591](https://togithub.com/kyverno/kyverno/issues/9591), [#9595](https://togithub.com/kyverno/kyverno/issues/9595), [#9601](https://togithub.com/kyverno/kyverno/issues/9601), [#9602](https://togithub.com/kyverno/kyverno/issues/9602), [#9614](https://togithub.com/kyverno/kyverno/issues/9614), [#9615](https://togithub.com/kyverno/kyverno/issues/9615), [#9618](https://togithub.com/kyverno/kyverno/issues/9618), [#9619](https://togithub.com/kyverno/kyverno/issues/9619), [#9620](https://togithub.com/kyverno/kyverno/issues/9620), [#9621](https://togithub.com/kyverno/kyverno/issues/9621), [#9643](https://togithub.com/kyverno/kyverno/issues/9643), [#9652](https://togithub.com/kyverno/kyverno/issues/9652), [#9678](https://togithub.com/kyverno/kyverno/issues/9678), [#9710](https://togithub.com/kyverno/kyverno/issues/9710), [#9813](https://togithub.com/kyverno/kyverno/issues/9813)) - Added the ability to configure the listening ports of webhooks for admission and cleanup controllers ([#7728](https://togithub.com/kyverno/kyverno/issues/7728)) - Several new and improved abilities to reduce the scope of webhooks based on policy configurations, including support for the CEL-based `matchConditions` available in Kubernetes 1.27+ ([#8065](https://togithub.com/kyverno/kyverno/issues/8065), [#8437](https://togithub.com/kyverno/kyverno/issues/8437), [#9483](https://togithub.com/kyverno/kyverno/issues/9483), [#9599](https://togithub.com/kyverno/kyverno/issues/9599)) - Added a new container flag `--protectManagedResources` to the cleanup controller ([#8566](https://togithub.com/kyverno/kyverno/issues/8566)) - Added a new container flag `--renewBefore` to the admission cleanup controllers to configure the cert renewal time ([#8567](https://togithub.com/kyverno/kyverno/issues/8567)) - Added a new container flag `--loggingtsFormat` which can be used to change the time format of logs ([#9276](https://togithub.com/kyverno/kyverno/issues/9276)) - Policy Exceptions now support conditions ([#8577](https://togithub.com/kyverno/kyverno/issues/8577)) - Policy Exceptions now support excluding specific controls when using a Pod Security sub-rule `validate.podSecurity` ([#9343](https://togithub.com/kyverno/kyverno/issues/9343), [#9817](https://togithub.com/kyverno/kyverno/issues/9817)) - Pod Security sub-rule (`validate.podSecurity`) has a new ability to exclude based on restricted fields (`exclude.restrictedField` and associated values ([#8585](https://togithub.com/kyverno/kyverno/issues/8585), [#9770](https://togithub.com/kyverno/kyverno/issues/9770), [#9658](https://togithub.com/kyverno/kyverno/issues/9658)) - Added a new field to verifyImages rules called `skipImageReferences` allowing you to exclude certain images ([#8633](https://togithub.com/kyverno/kyverno/issues/8633)) - Added a new field to generate rules (data-type) called `orphanDownstreamOnPolicyDelete` which will preserve downstream resources when the policy/rule is deleted ([#9579](https://togithub.com/kyverno/kyverno/issues/9579)) - Added the ability to deploy specific controllers with CRDs following suit ([#8849](https://togithub.com/kyverno/kyverno/issues/8849), [#9608](https://togithub.com/kyverno/kyverno/issues/9608)) - Added the ability to apply custom labels to Kyverno's webhooks, helpful especially for Argo CD users ([#9015](https://togithub.com/kyverno/kyverno/issues/9015)) - Added support for more types of JSON patch operations like "move", "copy", and "test" ([#9476](https://togithub.com/kyverno/kyverno/issues/9476)) - Policy Reports can now be generated from ValidatingAdmissionPolicies and their bindings ([#9506](https://togithub.com/kyverno/kyverno/issues/9506)) - Created a new API group `reports.kyverno.io` for storing new ephemeral report kinds `EphemeralReports` and `ClusterEphemeralReports` ([#9521](https://togithub.com/kyverno/kyverno/issues/9521), [#9537](https://togithub.com/kyverno/kyverno/issues/9537)) - New `is_external_url()` JMESPath function to determine whether a given URL is an external URL ([#8614](https://togithub.com/kyverno/kyverno/issues/8614)) - New `sha256()` JMESPath function to convert a string of any length to a fixed hash value ([#9144](https://togithub.com/kyverno/kyverno/issues/9144)) - Kyverno CLI: Added a new `migrate` command which is used to migrate Kyverno resources to the current API version ([#9296](https://togithub.com/kyverno/kyverno/issues/9296)) - Kyverno CLI: Added a new (experimental) `json` command which incorporates the [Kyverno JSON subproject](https://togithub.com/kyverno/kyverno-json) into the main CLI allowing for testing of any JSON content ([#9639](https://togithub.com/kyverno/kyverno/issues/9639), [#9651](https://togithub.com/kyverno/kyverno/issues/9651)) - Kyverno CLI: The `test` command now supports the same [assertion trees](https://kyverno.io/blog/2023/12/13/kyverno-chainsaw-exploring-the-power-of-assertion-trees/) available in Chainsaw ([#9380](https://togithub.com/kyverno/kyverno/issues/9380)) - Kyverno CLI: The `apply` command now supports ValidatingAdmissionPolicyBindings ([#9468](https://togithub.com/kyverno/kyverno/issues/9468), [#9751](https://togithub.com/kyverno/kyverno/issues/9751), [#9759](https://togithub.com/kyverno/kyverno/issues/9759)) - Kyverno CLI: `apply` and `test` commands now support Policy Exceptions ([#9525](https://togithub.com/kyverno/kyverno/issues/9525), [#9624](https://togithub.com/kyverno/kyverno/issues/9624), [#9714](https://togithub.com/kyverno/kyverno/issues/9714), [#9749](https://togithub.com/kyverno/kyverno/issues/9749)) - Kyverno CLI: Added a `--resources` flag as an alias for the existing `--resource` flag ([#9749](https://togithub.com/kyverno/kyverno/issues/9749)) ##### Helm - Add chart parameters for setting `revisionHistoryLimit` ([#8907](https://togithub.com/kyverno/kyverno/issues/8907)) - Allow excluding resources from config.resourceFilters ([#8946](https://togithub.com/kyverno/kyverno/issues/8946)) - Allow defining ca-certificates bundle for Kyverno deployments ([#8969](https://togithub.com/kyverno/kyverno/issues/8969)) - Clean up Helm change logs ([#9057](https://togithub.com/kyverno/kyverno/issues/9057)) - Added ability to set extra environment variables globally ([#9269](https://togithub.com/kyverno/kyverno/issues/9269)) - Added the ability to enable performance profiling to the chart ([#9338](https://togithub.com/kyverno/kyverno/issues/9338)) - Added a global nodeSelector to the chart ([#9339](https://togithub.com/kyverno/kyverno/issues/9339)) - Allow adding Pod labels to cleanup jobs in the chart ([#9391](https://togithub.com/kyverno/kyverno/issues/9391)) - Added a CRD migration capability via hooks to the chart ([#9481](https://togithub.com/kyverno/kyverno/issues/9481), [#9657](https://togithub.com/kyverno/kyverno/issues/9657)) - Added the ability to define additional resources to be excluded via resourceFilters ([#9530](https://togithub.com/kyverno/kyverno/issues/9530)) - Added a small note for AKS users when the chart is installed ([#9552](https://togithub.com/kyverno/kyverno/issues/9552)) - Added the ability to configure backoff limits in jobs in the chart ([#9569](https://togithub.com/kyverno/kyverno/issues/9569)) - Added default exclusions in webhooks ([#9950](https://togithub.com/kyverno/kyverno/issues/9950)) #### β οΈ Changed β οΈ - Allow setting admission controller replica count to 2 ([#8932](https://togithub.com/kyverno/kyverno/issues/8932)) - The `spec.schemaValidation` field is formally deprecated. As of 1.11 it has no effect. ([#9189](https://togithub.com/kyverno/kyverno/issues/9189)) - The `--reportsChunkSize` flag is deprecated and has no effect since aggregation has changed ([#9697](https://togithub.com/kyverno/kyverno/issues/9697)) - The `--imageSignatureRepository` flag is deprecated and has no effect, use the `verifyImages.Repository` field instead ([#9698](https://togithub.com/kyverno/kyverno/issues/9698)) - Policy Exceptions will now be evaluated against existing resources when the exception is created ([#8659](https://togithub.com/kyverno/kyverno/issues/8659), [#8713](https://togithub.com/kyverno/kyverno/issues/8713), [#8544](https://togithub.com/kyverno/kyverno/issues/8544)) - Policy Exceptions API graduated to v2 ([#9208](https://togithub.com/kyverno/kyverno/issues/9208), [#9412](https://togithub.com/kyverno/kyverno/issues/9412)) - Cleanup Policies API graduated to v2 ([#9261](https://togithub.com/kyverno/kyverno/issues/9261), [#9420](https://togithub.com/kyverno/kyverno/issues/9420)) - Admission and Background reports APIs graduated to v2 ([#9262](https://togithub.com/kyverno/kyverno/issues/9262)) - UpdateRequests API graduated to v2 ([#9267](https://togithub.com/kyverno/kyverno/issues/9267)) - Reduced some logged messages ([#9509](https://togithub.com/kyverno/kyverno/issues/9509), [#9626](https://togithub.com/kyverno/kyverno/issues/9626)) - Default logging time format is changed to RFC3339 ([#9775](https://togithub.com/kyverno/kyverno/issues/9775)) - Updated the internal Pod Security Standards up through 1.29 ([#9783](https://togithub.com/kyverno/kyverno/issues/9783)) - The `time_parse()` JMESPath filter now supports epoch time ([#9173](https://togithub.com/kyverno/kyverno/issues/9173)) - Kyverno will validate ValidatingAdmissionPolicies' CEL expressions and show a warning, or block, if invalid ([#9566](https://togithub.com/kyverno/kyverno/issues/9566)) - Kyverno CLI: The CLI will now perform field defaulting in policies being tested, moving it out of experimental status ([#9220](https://togithub.com/kyverno/kyverno/issues/9220)) ##### Helm - Chart will now omit policy applied and skipped events by default ([#9493](https://togithub.com/kyverno/kyverno/issues/9493)) - Allow configuring the policy kind in kyverno-policies chart ([#8827](https://togithub.com/kyverno/kyverno/issues/8827)) - Refined permissions by removing wildcards ([#9507](https://togithub.com/kyverno/kyverno/issues/9507), [#9516](https://togithub.com/kyverno/kyverno/issues/9516)) - Rename the Grafana dashboard file from `dashboard.json` to `kyverno-dashboard.json` ([#9041](https://togithub.com/kyverno/kyverno/issues/9041)) #### Performance - Initialize JMESPath interpreter once and reuse it across searches ([#8299](https://togithub.com/kyverno/kyverno/issues/8299)) - Optimize JSON context processing using in-memory maps ([#8322](https://togithub.com/kyverno/kyverno/issues/8322)) - Optimize how Events are created and processed ([#9323](https://togithub.com/kyverno/kyverno/issues/9323), [#9324](https://togithub.com/kyverno/kyverno/issues/9324)) - Optimize validate policy application by adding a worker pool ([#10056](https://togithub.com/kyverno/kyverno/issues/10056)) #### π Fixed π - Fixed handling of escaped variables in an expression with multiple escaped variables ([#8311](https://togithub.com/kyverno/kyverno/issues/8311)) - Fixed an issue when verifying attestations using multiple keys ([#8880](https://togithub.com/kyverno/kyverno/issues/8880)) - Fixed an issue causing application of mutation policies to fail even when `failurePolicy` was set to `Ignore` ([#8952](https://togithub.com/kyverno/kyverno/issues/8952)) - Fixed an issue that allowed violating resources when a policy had validationFailureAction set to `Enforce` and `failurePolicy` of Ignore ([#8953](https://togithub.com/kyverno/kyverno/issues/8953)) - Fixed an issue causing premature skipping of resources in validate policies with anchors defined ([#9155](https://togithub.com/kyverno/kyverno/issues/9155)) - Fixed an issue where the `-v` container flag for logging was not honored ([#9163](https://togithub.com/kyverno/kyverno/issues/9163)) - Switched a logged error to info when preconditions didn't pass in a mutate existing rule ([#9232](https://togithub.com/kyverno/kyverno/issues/9232)) - Reports aggregation fixes and improvements ([#9697](https://togithub.com/kyverno/kyverno/issues/9697)) - Fixed an issue preventing of generating a ValidatingAdmissionPolicy when `exclude` was used in the rule ([#9331](https://togithub.com/kyverno/kyverno/issues/9331)) - Fixed an issue resulting in ValidatingAdmissionPolicies getting generated when there was a Policy Exception in place ([#9386](https://togithub.com/kyverno/kyverno/issues/9386)) - Fixed an issue where a ValidatingAdmissionPolicy was applied to the wrong resource in background scans ([#9468](https://togithub.com/kyverno/kyverno/issues/9468)) - Fixed an issue when generating Events associated with ValidatingAdmissionPolicies ([#9392](https://togithub.com/kyverno/kyverno/issues/9392)) - Fixed an issue with UpdateRequests getting stuck in a perpetual Pending state when using variables from admission ([#9355](https://togithub.com/kyverno/kyverno/issues/9355)) - Fixed an issue preventing validating image signatures on AWS with a FIPS endpoint from working ([#9416](https://togithub.com/kyverno/kyverno/issues/9416)) - Fixed an issue preventing variables from being substituted in messages when using `anyPattern` validate rules ([#9713](https://togithub.com/kyverno/kyverno/issues/9713)) - Fixed an issue where skipped policies due to preconditions were returned in denial response messages ([#9719](https://togithub.com/kyverno/kyverno/issues/9719)) - Removed an unnecessary podSecurity check ([#9790](https://togithub.com/kyverno/kyverno/issues/9790)) - Fixed an issue when verifying images from an insecure registry ([#9838](https://togithub.com/kyverno/kyverno/issues/9838)) - Fixed an issue with some validate rules and the UPDATE operation ([#9893](https://togithub.com/kyverno/kyverno/issues/9893)) - Kyverno CLI: Fixed an issue doing a test with an UPDATE operation ([#9191](https://togithub.com/kyverno/kyverno/issues/9191)) - Kyverno CLI: Fixed applying `cloneList` generate policies with `apply` command ([#9036](https://togithub.com/kyverno/kyverno/issues/9036)) - Kyverno CLI: Fixed a logging error ([#9238](https://togithub.com/kyverno/kyverno/issues/9238)) - Kyverno CLI: Testing of generate rules which use the `useServerSideApply` field now work properly ([#9385](https://togithub.com/kyverno/kyverno/issues/9385)) - Kyverno CLI: Fixed and issue causing the `apply` command to panic when applying a mutate existing rule ([#9492](https://togithub.com/kyverno/kyverno/issues/9492)) - Kyverno CLI: Fixed an issue with the `apply` command where some errors weren't shown ([#9533](https://togithub.com/kyverno/kyverno/issues/9533)) - Kyverno CLI: Fixed an issue with the `apply` command where a `foreach` with zero elements was a `skip` ([#9534](https://togithub.com/kyverno/kyverno/issues/9534), [#9543](https://togithub.com/kyverno/kyverno/issues/9543)) - Kyverno CLI: Fixed a regression where the `--warn-exit-code` stopped working ([#9828](https://togithub.com/kyverno/kyverno/issues/9828)) - Fixed cosign ctlog unit tests ([#9971](https://togithub.com/kyverno/kyverno/issues/9971)) - Fixed deferred loader panic when mutate and generate policies are applied ([#9968](https://togithub.com/kyverno/kyverno/issues/9968)) - Fixed an autogen issue where now Kyverno only generates rule for request kind ([#9997](https://togithub.com/kyverno/kyverno/issues/9997)) - Fixed the issue where the mutex is not added to mock policy context builder ([#10059](https://togithub.com/kyverno/kyverno/issues/10059)) - Fixed policy status reconciliation when it fails to set policy to ready ([#10047](https://togithub.com/kyverno/kyverno/issues/10047)) - Fixed the container flag `maxQueuedEvents` ([#10031](https://togithub.com/kyverno/kyverno/issues/10031)) - Fixed an issue where rekor opts are missing in cosign certificate verification and make rekor url optional ([#10025](https://togithub.com/kyverno/kyverno/issues/10025)) ##### Helm - Fixed an issue deploying ServiceMonitor CR with ArgoCD via the chart ([#8913](https://togithub.com/kyverno/kyverno/issues/8913)) - Fixed an issue preventing multiple replicas from being defined in the chart ([#9066](https://togithub.com/kyverno/kyverno/issues/9066)) - Make role and binding names consistent ([#9482](https://togithub.com/kyverno/kyverno/issues/9482)) - Fixed some minor issues with the Helm report cleanup jobs ([#9555](https://togithub.com/kyverno/kyverno/issues/9555)) - Fixed a typo in the Kyverno chart README ([#8911](https://togithub.com/kyverno/kyverno/issues/8911))Click to expand all PRs
[#10013](https://togithub.com/kyverno/kyverno/issues/10013) chore: bump chainsaw to v0.1.9 [#10025](https://togithub.com/kyverno/kyverno/issues/10025) fix: add rekor opts to cosign certificate verification and make rekor url optional [#10039](https://togithub.com/kyverno/kyverno/issues/10039) chore: bump cosign to v2.2.4 [#10031](https://togithub.com/kyverno/kyverno/issues/10031) fix: re-use the maxQueuedEvents [#10047](https://togithub.com/kyverno/kyverno/issues/10047) fix: policy status reconciliation [#10056](https://togithub.com/kyverno/kyverno/issues/10056) feat(audit): use a worker pool for Audit policies [#10059](https://togithub.com/kyverno/kyverno/issues/10059) fix: add mutex to mock policy context builder [#9989](https://togithub.com/kyverno/kyverno/issues/9989) chore: bump kyverno-json to latest [#9997](https://togithub.com/kyverno/kyverno/issues/9997) fix(autogen): only generate rule for request kind [#9950](https://togithub.com/kyverno/kyverno/issues/9950) feat: set default exclusions in webhooks [#9968](https://togithub.com/kyverno/kyverno/issues/9968) fix: deferred loader panic when mutate and generate policies are applied [#9971](https://togithub.com/kyverno/kyverno/issues/9971) fix: cosign ctlog unit tests [#9903](https://togithub.com/kyverno/kyverno/issues/9903) fix(globalcontext): panics and validation [#9893](https://togithub.com/kyverno/kyverno/issues/9893) fix: properly update policy context after preexisting resource in violation check [#9849](https://togithub.com/kyverno/kyverno/issues/9849) fix: release CRDs manifests [#9845](https://togithub.com/kyverno/kyverno/issues/9845) fix: add missing unit tests for podSecurity.hostpathVolume check [#9838](https://togithub.com/kyverno/kyverno/issues/9838) fix: use gcr crane opts while fetching image descriptors [#9835](https://togithub.com/kyverno/kyverno/issues/9835) fix: remove duplicate chainsaw tests for PSA [#9828](https://togithub.com/kyverno/kyverno/issues/9828) \[Bug] \[CLI] Restore warn-exit-code functionality for apply command [#9817](https://togithub.com/kyverno/kyverno/issues/9817) fix: add podSecurity validation checks for exceptions [#9813](https://togithub.com/kyverno/kyverno/issues/9813) fix(globalcontext): old WaitGroup not stopping [#9791](https://togithub.com/kyverno/kyverno/issues/9791) fix: remove unnecessary podSecurity chainsaw test [#9790](https://togithub.com/kyverno/kyverno/issues/9790) fix: remove unnecessary validation check for podSecurity rule [#9783](https://togithub.com/kyverno/kyverno/issues/9783) update versions [#9781](https://togithub.com/kyverno/kyverno/issues/9781) chore: add tests for exceptions in the CLI [#9775](https://togithub.com/kyverno/kyverno/issues/9775) chore: default logging format to rfc3339 [#9770](https://togithub.com/kyverno/kyverno/issues/9770) fix: add validation check for podSecurity subrule [#9763](https://togithub.com/kyverno/kyverno/issues/9763) chore: bump chainsaw [#9759](https://togithub.com/kyverno/kyverno/issues/9759) feat: support bindings in Kyvenro CLI test command [#9751](https://togithub.com/kyverno/kyverno/issues/9751) feat: apply VAP bindings in CLI apply command in offline mode [#9749](https://togithub.com/kyverno/kyverno/issues/9749) add plural form aliases for resources and exceptions flags [#9719](https://togithub.com/kyverno/kyverno/issues/9719) fix: Policies skipped because of preconditions not met should not be included in admission requests denial responses [#9714](https://togithub.com/kyverno/kyverno/issues/9714) fix: add the support of v2alpha1 exceptions in the CLI [#9713](https://togithub.com/kyverno/kyverno/issues/9713) Fix :variables are not getting processed in validation message for "anyPattern" [#9710](https://togithub.com/kyverno/kyverno/issues/9710) feat: enhance global context [#9709](https://togithub.com/kyverno/kyverno/issues/9709) chore: bump otel deps [#9698](https://togithub.com/kyverno/kyverno/issues/9698) fix: remove deprecated imageSignatureRepository flag [#9697](https://togithub.com/kyverno/kyverno/issues/9697) fix: reports aggregation [#9691](https://togithub.com/kyverno/kyverno/issues/9691) fix: modify the conformance config name [#9690](https://togithub.com/kyverno/kyverno/issues/9690) chore: rename admission to ephemeral in reports aggregation controller [#9682](https://togithub.com/kyverno/kyverno/issues/9682) chore(deps): bump kyverno/action-install-chainsaw from 0.1.2 to 0.1.3 [#9680](https://togithub.com/kyverno/kyverno/issues/9680) chore: bump kind and k8s images [#9679](https://togithub.com/kyverno/kyverno/issues/9679) fix: don't delete garbage collected policy reports [#9678](https://togithub.com/kyverno/kyverno/issues/9678) feat(validation-webhook): validate global context reference [#9677](https://togithub.com/kyverno/kyverno/issues/9677) feat: remove admission report controller [#9672](https://togithub.com/kyverno/kyverno/issues/9672) feat: add chainsaw tests for exceptions [#9667](https://togithub.com/kyverno/kyverno/issues/9667) feat: add chainsaw tests for pod security in exceptions [#9661](https://togithub.com/kyverno/kyverno/issues/9661) test(globalcontext): add e2e tests [#9658](https://togithub.com/kyverno/kyverno/issues/9658) \[Bug] Fix message and formatting of podSecurity validation failure with restrictedField [#9657](https://togithub.com/kyverno/kyverno/issues/9657) fix: add missing migrations [#9652](https://togithub.com/kyverno/kyverno/issues/9652) chore(globalcontext): remove global context flag [#9651](https://togithub.com/kyverno/kyverno/issues/9651) feat: add scan command for generic resources [#9645](https://togithub.com/kyverno/kyverno/issues/9645) feat: add chainsaw test for policy webhook based configuration [#9643](https://togithub.com/kyverno/kyverno/issues/9643) fix: global context validation [#9639](https://togithub.com/kyverno/kyverno/issues/9639) feat: add root command to process generic json resources [#9630](https://togithub.com/kyverno/kyverno/issues/9630) chore: remove renovate config [#9628](https://togithub.com/kyverno/kyverno/issues/9628) feat: add chainsaw tests for global context crd validation [#9626](https://togithub.com/kyverno/kyverno/issues/9626) changed the log level in match policy context [#9624](https://togithub.com/kyverno/kyverno/issues/9624) support -e shorthand letter with --exception flag [#9621](https://togithub.com/kyverno/kyverno/issues/9621) fix: global context crd improvements [#9620](https://togithub.com/kyverno/kyverno/issues/9620) feat: consider maxAPICallResponseLength [#9619](https://togithub.com/kyverno/kyverno/issues/9619) feat: add global context entry validation webhook [#9618](https://togithub.com/kyverno/kyverno/issues/9618) chore: move global context package out of engine [#9616](https://togithub.com/kyverno/kyverno/issues/9616) feat: use the check block for checking CLI output in chainsaw tests [#9615](https://togithub.com/kyverno/kyverno/issues/9615) feat: update refreshInterval in globalcontext CRD to use a duration [#9614](https://togithub.com/kyverno/kyverno/issues/9614) feat: add global context support in helm chart [#9609](https://togithub.com/kyverno/kyverno/issues/9609) make exception in cli exportable [#9608](https://togithub.com/kyverno/kyverno/issues/9608) sanity check in parent chart for crd-controller mismatch [#9606](https://togithub.com/kyverno/kyverno/issues/9606) chore: enable chainsaw fail fast [#9602](https://togithub.com/kyverno/kyverno/issues/9602) feat: add globalcontext loader and interface [#9601](https://togithub.com/kyverno/kyverno/issues/9601) feat: add globalcontext controller [#9600](https://togithub.com/kyverno/kyverno/issues/9600) chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.2 to 2.2.3 [#9599](https://togithub.com/kyverno/kyverno/issues/9599) feat: apply `.matchConditions` when generating reports [#9598](https://togithub.com/kyverno/kyverno/issues/9598) fix: client codegen not deleting old files [#9597](https://togithub.com/kyverno/kyverno/issues/9597) fix: codecov missing token [#9596](https://togithub.com/kyverno/kyverno/issues/9596) fix: make ApplyCommandConfig public again [#9595](https://togithub.com/kyverno/kyverno/issues/9595) feat: add global context crd to codegen [#9592](https://togithub.com/kyverno/kyverno/issues/9592) fix: codecov args [#9591](https://togithub.com/kyverno/kyverno/issues/9591) feat: add global context crd [#9585](https://togithub.com/kyverno/kyverno/issues/9585) fix: update cli docs [#9583](https://togithub.com/kyverno/kyverno/issues/9583) test: added test for pkg/utils/policy/marshal.go [#9579](https://togithub.com/kyverno/kyverno/issues/9579) feat (generate): add `orphanDownstreamOnPolicyDelete` to preserve downstream on policy deletion [#9574](https://togithub.com/kyverno/kyverno/issues/9574) fix: nancy ignore [#9573](https://togithub.com/kyverno/kyverno/issues/9573) chore: small nits in cli test command [#9572](https://togithub.com/kyverno/kyverno/issues/9572) fix: omit events flag [#9570](https://togithub.com/kyverno/kyverno/issues/9570) chore: remove reports aggregation per namespace [#9569](https://togithub.com/kyverno/kyverno/issues/9569) configured backoff limit in chart cronjobs [#9566](https://togithub.com/kyverno/kyverno/issues/9566) feat: Support CEL expression warnings [#9561](https://togithub.com/kyverno/kyverno/issues/9561) chore: add chainsaw tests for policy based webhook configuration [#9555](https://togithub.com/kyverno/kyverno/issues/9555) fix: helm chart jobs [#9554](https://togithub.com/kyverno/kyverno/issues/9554) fix: nancy ignore [#9553](https://togithub.com/kyverno/kyverno/issues/9553) fix: make alternate reports storage transparent [#9552](https://togithub.com/kyverno/kyverno/issues/9552) Add Helm note for AKS users [#9546](https://togithub.com/kyverno/kyverno/issues/9546) feat: add openapi-gen to policyreports [#9543](https://togithub.com/kyverno/kyverno/issues/9543) fix: follow up for [#9534](https://togithub.com/kyverno/kyverno/issues/9534) [#9542](https://togithub.com/kyverno/kyverno/issues/9542) fix: CRDs codegen [#9540](https://togithub.com/kyverno/kyverno/issues/9540) chore: bump a couple of deps [#9539](https://togithub.com/kyverno/kyverno/issues/9539) chore: remove reference to kuttl [#9538](https://togithub.com/kyverno/kyverno/issues/9538) test: added test for pkg/utils/admission/metadata.go [#9537](https://togithub.com/kyverno/kyverno/issues/9537) refactor: use single type for ephemeral reports [#9535](https://togithub.com/kyverno/kyverno/issues/9535) chore: configure gh workflows schemas [#9534](https://togithub.com/kyverno/kyverno/issues/9534) fix: show skip when foreach with zero elements [#9533](https://togithub.com/kyverno/kyverno/issues/9533) Fix: not showing error during policy validation error [#9531](https://togithub.com/kyverno/kyverno/issues/9531) fix: move new reports api to top level folder [#9530](https://togithub.com/kyverno/kyverno/issues/9530) [#9529](https://togithub.com/kyverno/kyverno/issues/9529) Support adding extra elements to the default resourceFilters list [#9525](https://togithub.com/kyverno/kyverno/issues/9525) Support PolicyExceptions with CLI [#9521](https://togithub.com/kyverno/kyverno/issues/9521) feat: add a new API group `reports.kyverno.io` [#9520](https://togithub.com/kyverno/kyverno/issues/9520) test: added test for pkg/utils/admission/policy.go [#9516](https://togithub.com/kyverno/kyverno/issues/9516) Move admission controller hardcoded wildcard permissions to new opt-out value [#9515](https://togithub.com/kyverno/kyverno/issues/9515) ci: add load testing workflow [#9509](https://togithub.com/kyverno/kyverno/issues/9509) fix: reduce logs in controllers when an item is not found [#9507](https://togithub.com/kyverno/kyverno/issues/9507) feat: add more granular rbac rules to remove wildcards [#9506](https://togithub.com/kyverno/kyverno/issues/9506) feat: support vap bindings in reports [#9495](https://togithub.com/kyverno/kyverno/issues/9495) test: added test for pkg/utils/admission/exception.go [#9493](https://togithub.com/kyverno/kyverno/issues/9493) chore(helm): omit normal events by default [#9492](https://togithub.com/kyverno/kyverno/issues/9492) fix: kyverno apply panic for mutate policies [#9487](https://togithub.com/kyverno/kyverno/issues/9487) chore: bump a couple of deps [#9486](https://togithub.com/kyverno/kyverno/issues/9486) test: added test for pkg/utils/admission/cleanup.go [#9483](https://togithub.com/kyverno/kyverno/issues/9483) feat: configure admission webhooks per policy [#9482](https://togithub.com/kyverno/kyverno/issues/9482) fix: align clusterroles and bindings names [#9481](https://togithub.com/kyverno/kyverno/issues/9481) feat: improve crd migration helm hooks [#9476](https://togithub.com/kyverno/kyverno/issues/9476) feat: support all valid jsonpatches in validation webhook [#9469](https://togithub.com/kyverno/kyverno/issues/9469) chore(contrib): add Khaled Emara as contributor [#9468](https://togithub.com/kyverno/kyverno/issues/9468) feat: support validatingadmissionpolicybindings in CLI apply command [#9467](https://togithub.com/kyverno/kyverno/issues/9467) update README for new features and OSS security index card [#9465](https://togithub.com/kyverno/kyverno/issues/9465) chore: load cli image when deploying locally [#9464](https://togithub.com/kyverno/kyverno/issues/9464) Update DEVELOPMENT.md [#9463](https://togithub.com/kyverno/kyverno/issues/9463) fix: change generic policy to not return any [#9461](https://togithub.com/kyverno/kyverno/issues/9461) Update CONTRIBUTORS.md [#9459](https://togithub.com/kyverno/kyverno/issues/9459) added tests for validate foreach with 0 elements [#9442](https://togithub.com/kyverno/kyverno/issues/9442) chore: bump otel deps [#9440](https://togithub.com/kyverno/kyverno/issues/9440) chore: bump a couple of deps [#9433](https://togithub.com/kyverno/kyverno/issues/9433) chore: use upstream cosign on main [#9428](https://togithub.com/kyverno/kyverno/issues/9428) fix: nancy ignore list [#9427](https://togithub.com/kyverno/kyverno/issues/9427) chore: bump json-patch [#9426](https://togithub.com/kyverno/kyverno/issues/9426) chore: bump a couple of deps [#9420](https://togithub.com/kyverno/kyverno/issues/9420) feat: migrate existing cleanup policies to the new storage version in helm hook [#9416](https://togithub.com/kyverno/kyverno/issues/9416) feat: use awslabs keychain for AWS and gcr keychain for GCP [#9412](https://togithub.com/kyverno/kyverno/issues/9412) feat: migrate existing policy exceptions to the new storage version in helm hook [#9408](https://togithub.com/kyverno/kyverno/issues/9408) chore: bump bitnami/kubectl [#9395](https://togithub.com/kyverno/kyverno/issues/9395) \[Feature] Security Improvements based on CLOMonitor Checks [#9392](https://togithub.com/kyverno/kyverno/issues/9392) fix: use the correct API version for VAPs in the generated events [#9391](https://togithub.com/kyverno/kyverno/issues/9391) feat: add podLabels to the hook jobs pod template [#9389](https://togithub.com/kyverno/kyverno/issues/9389) fix PSA chainsaw tests [#9386](https://togithub.com/kyverno/kyverno/issues/9386) feat: skip generating VAP when an exception is defined [#9385](https://togithub.com/kyverno/kyverno/issues/9385) fix: Allow generate cli tests to work with server-side apply policies [#9380](https://togithub.com/kyverno/kyverno/issues/9380) feat: use assertion trees in cli test command [#9362](https://togithub.com/kyverno/kyverno/issues/9362) chore(deps): bump golang.org/x/crypto from 0.17.0 to 0.18.0 [#9360](https://togithub.com/kyverno/kyverno/issues/9360) chore(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 [#9355](https://togithub.com/kyverno/kyverno/issues/9355) fix: clean up URs if the trigger doesn't exist [#9348](https://togithub.com/kyverno/kyverno/issues/9348) Fix report-on-vulnerabilities [#9343](https://togithub.com/kyverno/kyverno/issues/9343) feat: support podSecurity exclusion in exceptions [#9341](https://togithub.com/kyverno/kyverno/issues/9341) fix PSA chainsaw tests [#9339](https://togithub.com/kyverno/kyverno/issues/9339) Add global nodeSelector [#9338](https://togithub.com/kyverno/kyverno/issues/9338) feat: add profiling to the helm Chart [#9332](https://togithub.com/kyverno/kyverno/issues/9332) fix a chainsaw test [#9331](https://togithub.com/kyverno/kyverno/issues/9331) fix: remove the check of exclude in VAPs [#9326](https://togithub.com/kyverno/kyverno/issues/9326) chore(deps): bump kubectl-validate version [#9324](https://togithub.com/kyverno/kyverno/issues/9324) feat: use custom events watcher [#9323](https://togithub.com/kyverno/kyverno/issues/9323) feat: add new client for events [#9296](https://togithub.com/kyverno/kyverno/issues/9296) feat: add resource migration command [#9279](https://togithub.com/kyverno/kyverno/issues/9279) fix: remove policy informer from vap controller [#9276](https://togithub.com/kyverno/kyverno/issues/9276) Feat: Human readable timestamps in logs [#9270](https://togithub.com/kyverno/kyverno/issues/9270) feat: stop serving v2alpha1 cleanup policies [#9269](https://togithub.com/kyverno/kyverno/issues/9269) Support setting global extraEnvVars [#9267](https://togithub.com/kyverno/kyverno/issues/9267) chore: introduce v2 for updaterequests [#9262](https://togithub.com/kyverno/kyverno/issues/9262) chore: introduce v2 for internal reports resources [#9261](https://togithub.com/kyverno/kyverno/issues/9261) feat: add cleanup policies v2 [#9260](https://togithub.com/kyverno/kyverno/issues/9260) chore: bump a couple of deps [#9255](https://togithub.com/kyverno/kyverno/issues/9255) refactor: mutate checks [#9254](https://togithub.com/kyverno/kyverno/issues/9254) fix: set v2beta1 of exceptions the storage version [#9240](https://togithub.com/kyverno/kyverno/issues/9240) fix: remove unused file in a test [#9238](https://togithub.com/kyverno/kyverno/issues/9238) move error message to log [#9236](https://togithub.com/kyverno/kyverno/issues/9236) refactor: events controller [#9232](https://togithub.com/kyverno/kyverno/issues/9232) Fixed error log [#9220](https://togithub.com/kyverno/kyverno/issues/9220) feat: enable kubectl-validate by default in cli [#9218](https://togithub.com/kyverno/kyverno/issues/9218) chore: add k8s 1.29 in custom-sigstore test [#9213](https://togithub.com/kyverno/kyverno/issues/9213) chore: add missing context unit test [#9212](https://togithub.com/kyverno/kyverno/issues/9212) (docs) changed docs tool to kubernetes-sigs/reference-docs [#9211](https://togithub.com/kyverno/kyverno/issues/9211) chore: remove v2alpha1 version of policy exceptions [#9208](https://togithub.com/kyverno/kyverno/issues/9208) feat: promote policy exceptions to v2 [#9200](https://togithub.com/kyverno/kyverno/issues/9200) refactor: make CLI store non static [#9198](https://togithub.com/kyverno/kyverno/issues/9198) chore: bump a couple of deps [#9192](https://togithub.com/kyverno/kyverno/issues/9192) chore: add cli update test [#9191](https://togithub.com/kyverno/kyverno/issues/9191) fix: deep copy resource in cli when operation is update [#9189](https://togithub.com/kyverno/kyverno/issues/9189) fix: deprecate spec.schemaValidation [#9187](https://togithub.com/kyverno/kyverno/issues/9187) chore: fix conformance tests [#9180](https://togithub.com/kyverno/kyverno/issues/9180) Minor fix [#9179](https://togithub.com/kyverno/kyverno/issues/9179) chore: use sigstore/cosign 2.2.2 on main [#9175](https://togithub.com/kyverno/kyverno/issues/9175) fix: updates make codegen-deepcopy back to make codegen-deepcopy-all flag back to api deep copy function generatio... [#9173](https://togithub.com/kyverno/kyverno/issues/9173) feat(jmespath):time_parse() support epoch time [#9165](https://togithub.com/kyverno/kyverno/issues/9165) chore: move a mutateExisting chainsaw test under its directory [#9163](https://togithub.com/kyverno/kyverno/issues/9163) fix: set logger level [#9161](https://togithub.com/kyverno/kyverno/issues/9161) chore: add 1.29 to all test grids and remove 1.25 [#9158](https://togithub.com/kyverno/kyverno/issues/9158) chore: add 1.29 to the test grid [#9155](https://togithub.com/kyverno/kyverno/issues/9155) fix: validate pattern premature skip [#9148](https://togithub.com/kyverno/kyverno/issues/9148) fix: chainsaw test [#9144](https://togithub.com/kyverno/kyverno/issues/9144) support for SHA256 jmespath function [#9143](https://togithub.com/kyverno/kyverno/issues/9143) chore: use new chainsaw github action [#9140](https://togithub.com/kyverno/kyverno/issues/9140) chore: bump chainsaw [#9130](https://togithub.com/kyverno/kyverno/issues/9130) chore: add myself to the maintainers list [#9125](https://togithub.com/kyverno/kyverno/issues/9125) feat: add myself (vishal-chdhry) to maintainers list [#9124](https://togithub.com/kyverno/kyverno/issues/9124) support for Add Variable unit test [#9120](https://togithub.com/kyverno/kyverno/issues/9120) chore: bump chainsaw [#9114](https://togithub.com/kyverno/kyverno/issues/9114) chore: bump chainsaw [#9113](https://togithub.com/kyverno/kyverno/issues/9113) chore: convert chainsaw tests to Test resource [#9109](https://togithub.com/kyverno/kyverno/issues/9109) chore: convert chainsaw tests to Test resource [#9108](https://togithub.com/kyverno/kyverno/issues/9108) chore: update PR template to require documentation PR [#9103](https://togithub.com/kyverno/kyverno/issues/9103) chore: improve cluster startup in conformance tests [#9100](https://togithub.com/kyverno/kyverno/issues/9100) chore: convert chainsaw tests to Test resource [#9099](https://togithub.com/kyverno/kyverno/issues/9099) chore: convert chainsaw tests to Test resource [#9098](https://togithub.com/kyverno/kyverno/issues/9098) chore: improve ci perf [#9094](https://togithub.com/kyverno/kyverno/issues/9094) chore: convert chainsaw tests to Test resource [#9093](https://togithub.com/kyverno/kyverno/issues/9093) chore: install kind from binaries [#9092](https://togithub.com/kyverno/kyverno/issues/9092) chore: remove kuttl from makefile [#9088](https://togithub.com/kyverno/kyverno/issues/9088) fix: nancy ignore [#9087](https://togithub.com/kyverno/kyverno/issues/9087) chore: convert chainsaw tests to Test resource [#9086](https://togithub.com/kyverno/kyverno/issues/9086) chore: improve conformance tests ci perf [#9085](https://togithub.com/kyverno/kyverno/issues/9085) fix: conformance tests [#9071](https://togithub.com/kyverno/kyverno/issues/9071) chore: bump chainsaw [#9066](https://togithub.com/kyverno/kyverno/issues/9066) Fix Helm chart to not error when replicas defined [#9064](https://togithub.com/kyverno/kyverno/issues/9064) chore: bump chainsaw [#9057](https://togithub.com/kyverno/kyverno/issues/9057) Update helm docs [#9052](https://togithub.com/kyverno/kyverno/issues/9052) chore: use Kubernetes 1.28 by default [#9046](https://togithub.com/kyverno/kyverno/issues/9046) Use nancy on actually included dependencies [#9045](https://togithub.com/kyverno/kyverno/issues/9045) chore: add 1.10.4-6 & 1.11.1 to github issue templates [#9041](https://togithub.com/kyverno/kyverno/issues/9041) fix(helm): Rename dashboard.json to kyverno-dashboard.json [#9038](https://togithub.com/kyverno/kyverno/issues/9038) chore: bump chainsaw [#9036](https://togithub.com/kyverno/kyverno/issues/9036) fix: Provide kind list hints to the fake dynamic client. [#9028](https://togithub.com/kyverno/kyverno/issues/9028) chore: fix chainsaw tests cleanup timeout [#9023](https://togithub.com/kyverno/kyverno/issues/9023) chore: remove kuttl tests folder [#9018](https://togithub.com/kyverno/kyverno/issues/9018) chore: replace more kuttl tests by chainsaw [#9017](https://togithub.com/kyverno/kyverno/issues/9017) chore: replace more kuttl tests by chainsaw [#9016](https://togithub.com/kyverno/kyverno/issues/9016) chore: replace standard kuttl tests by chainsaw ones [#9015](https://togithub.com/kyverno/kyverno/issues/9015) feat: webhook labels [#9013](https://togithub.com/kyverno/kyverno/issues/9013) chore: fix chainsaw exec timeout issue [#9012](https://togithub.com/kyverno/kyverno/issues/9012) chore: enable all chainsaw tests [