chore(deps): Bump github.com/kyverno/kyverno from 1.12.0-alpha.1 to 1.12.2-rc.1

[dependabot[bot]]

Bumps github.com/kyverno/kyverno from 1.12.0-alpha.1 to 1.12.2-rc.1.

Release notes

Sourced from github.com/kyverno/kyverno's releases.

v1.12.2-rc.1

No release notes provided.

v1.12.1

🐛 Fixed 🐛

• Fixed return status when celPreconditions.matchConditions aren't met (#9940)
• Fixed the CLI to evaluate namespaceObject for Kyverno policies (#9977, #9978)
• Fixed concurrent policy applications (#10139)
• Fixed endless updates of policy status (#10140)
• Fixed empty operations in mutating webhook configuration for a policy with a mixed types of rules (#10146)
• Fixed endless policy reports reconciliation issue (#10148)
• Fixed type conversion in jmespath context variables (#10152)

🔧 Others 🔧

• Fixed tests for codegen (#9942)
• Removed unused parameters, packages (#10007, #10101)
• Refactored VAPs registration in the API server (#10014)
• Updated performance testing docs for 1.12 (#10116)

v1.12.1-rc.1

No release notes provided.

v1.12.0

1.12 Release Notes

❗ Importance Notice ❗

Several critical issues are found in 1.12.0 and are being closely monitored within the 1.12.1 milestone. Please hold your upgrade to this release until 1.12.1 comes out.

❗ Breaking (Potentially) ❗

• Policies using long-deprecated or invalid operators in conditions (ex., In and NotIn) will be blocked. Please see the current list of available operators here (#8624)

✨ Added ✨

• Added a global cache via a new Custom Resource called GlobalContextEntry allowing caching of any resource (#9591, #9595, #9601, #9602, #9614, #9615, #9618, #9619, #9620, #9621, #9643, #9652, #9678, #9710, #9813)
• Added the ability to configure the listening ports of webhooks for admission and cleanup controllers (#7728)
• Several new and improved abilities to reduce the scope of webhooks based on policy configurations, including support for the CEL-based matchConditions available in Kubernetes 1.27+ (#8065, #8437, #9483, #9599)
• Added a new container flag --protectManagedResources to the cleanup controller (#8566)
• Added a new container flag --renewBefore to the admission cleanup controllers to configure the cert renewal time (#8567)
• Added a new container flag --loggingtsFormat which can be used to change the time format of logs (#9276)
• Policy Exceptions now support conditions (#8577)
• Policy Exceptions now support excluding specific controls when using a Pod Security sub-rule validate.podSecurity (#9343, #9817)
• Pod Security sub-rule (validate.podSecurity) has a new ability to exclude based on restricted fields (exclude.restrictedField and associated values (#8585, #9770, #9658)
• Added a new field to verifyImages rules called skipImageReferences allowing you to exclude certain images (#8633)
• Added a new field to generate rules (data-type) called orphanDownstreamOnPolicyDelete which will preserve downstream resources when the policy/rule is deleted (#9579)
• Added the ability to deploy specific controllers with CRDs following suit (#8849, #9608)
• Added the ability to apply custom labels to Kyverno's webhooks, helpful especially for Argo CD users (#9015)
• Added support for more types of JSON patch operations like "move", "copy", and "test" (#9476)

... (truncated)

Commits

• a1ce044 release v1.12.2-rc.1 (#10282)
• b7fa943 fix: add a copy method to the policy context (#10236) (#10280)
• 91c10b6 fix: sort webhookconfig.operations (#10274) (#10275)
• efa2d4f fix: webhook config set (#10262) (#10273)
• e3d95bb chore: cherry-pick #10270 (#10272)
• d415da7 fix: generate VAPs that match all resources when kinds is set to * (#10266)
• 9de7f8f fix flake test in VAPs (#10269)
• 3571d1b fix: process the matched resources only for mutate existing policies (#10164)...
• 41a3648 fix: add resourceNames field in the generated VAPs (#10187) (#10265)
• 1365827 chore: cherry-pick #10250 (#10264)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #132.