search

kyverno / reports-server

Alternate reports storage in Kubernetes outside etcd
Apache License 2.0
20 stars 12 forks source link

chore(deps): Bump github.com/kyverno/kyverno from 1.12.0-alpha.1 to 1.12.1-rc.1 #116

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 6 months ago

Bumps github.com/kyverno/kyverno from 1.12.0-alpha.1 to 1.12.1-rc.1.

Release notes

Sourced from github.com/kyverno/kyverno's releases.

v1.12.1-rc.1

🐛 Fixed 🐛

  • Fixed return status when celPreconditions.matchConditions aren't met (#9940)
  • Fixed the CLI to evaluate namespaceObject for Kyverno policies (#9977, #9978)
  • Fixed concurrent policy applications (#10139)
  • Fixed endless updates of policy status (#10140)
  • Fixed empty operations in mutating webhook configuration for a policy with a mixed types of rules (#10146)
  • Fixed endless policy reports reconciliation issue (#10148)
  • Fixed type conversion in jmespath context variables (#10152)

🔧 Others 🔧

  • Fixed tests for codegen (#9942)
  • Removed unused parameters, packages (#10007, #10101)
  • Refactored VAPs registration in the API server (#10014)
  • Updated performance testing docs for 1.12 (#10116)

v1.12.0

1.12 Release Notes

❗ Importance Notice ❗

Several critical issues are found in 1.12.0 and are being closely monitored within the 1.12.1 milestone. Please hold your upgrade to this release until 1.12.1 comes out.

❗ Breaking (Potentially) ❗

  • Policies using long-deprecated or invalid operators in conditions (ex., In and NotIn) will be blocked. Please see the current list of available operators here (#8624)

✨ Added ✨

  • Added a global cache via a new Custom Resource called GlobalContextEntry allowing caching of any resource (#9591, #9595, #9601, #9602, #9614, #9615, #9618, #9619, #9620, #9621, #9643, #9652, #9678, #9710, #9813)
  • Added the ability to configure the listening ports of webhooks for admission and cleanup controllers (#7728)
  • Several new and improved abilities to reduce the scope of webhooks based on policy configurations, including support for the CEL-based matchConditions available in Kubernetes 1.27+ (#8065, #8437, #9483, #9599)
  • Added a new container flag --protectManagedResources to the cleanup controller (#8566)
  • Added a new container flag --renewBefore to the admission cleanup controllers to configure the cert renewal time (#8567)
  • Added a new container flag --loggingtsFormat which can be used to change the time format of logs (#9276)
  • Policy Exceptions now support conditions (#8577)
  • Policy Exceptions now support excluding specific controls when using a Pod Security sub-rule validate.podSecurity (#9343, #9817)
  • Pod Security sub-rule (validate.podSecurity) has a new ability to exclude based on restricted fields (exclude.restrictedField and associated values (#8585, #9770, #9658)
  • Added a new field to verifyImages rules called skipImageReferences allowing you to exclude certain images (#8633)
  • Added a new field to generate rules (data-type) called orphanDownstreamOnPolicyDelete which will preserve downstream resources when the policy/rule is deleted (#9579)
  • Added the ability to deploy specific controllers with CRDs following suit (#8849, #9608)
  • Added the ability to apply custom labels to Kyverno's webhooks, helpful especially for Argo CD users (#9015)
  • Added support for more types of JSON patch operations like "move", "copy", and "test" (#9476)
  • Policy Reports can now be generated from ValidatingAdmissionPolicies and their bindings (#9506)
  • Created a new API group reports.kyverno.io for storing new ephemeral report kinds EphemeralReports and ClusterEphemeralReports (#9521, #9537)
  • New is_external_url() JMESPath function to determine whether a given URL is an external URL (#8614)
  • New sha256() JMESPath function to convert a string of any length to a fixed hash value (#9144)
  • Kyverno CLI: Added a new migrate command which is used to migrate Kyverno resources to the current API version (#9296)
  • Kyverno CLI: Added a new (experimental) json command which incorporates the Kyverno JSON subproject into the main CLI allowing for testing of any JSON content (#9639, #9651)

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 6 months ago

Superseded by #120.