nirmata / kyverno-notation-aws

Kyverno extension service for Notation and the AWS signer
Apache License 2.0
11 stars 11 forks source link

chore(deps): Bump github.com/kyverno/kyverno from 1.12.1 to 1.13.0 #298

Open dependabot[bot] opened 2 weeks ago

dependabot[bot] commented 2 weeks ago

Bumps github.com/kyverno/kyverno from 1.12.1 to 1.13.0.

Release notes

Sourced from github.com/kyverno/kyverno's releases.

v1.13.0

Release notes will be available soon.

For upgrade guidance please see here.

v1.13.0-rc.3

No release notes provided.

v1.13.0-rc.2

No release notes provided.

v1.13.0-rc.1

No release notes provided.

v1.13.0-beta.1

This is for internal testing only.

v1.12.6

πŸ› Fixed πŸ›

  • Change: Disable updaterequest cleanup cronjob (#10678)
  • Fix(helm): Remove namespace from RoleBinding/roleRef field (#10685)
  • Fix: Properly use useCache field in image verification policies (#10709)
  • Fix: Check for the client being nil before applying a mutation (#10726)
  • Fix: Resource namespace checks for Kyverno CLI (#10738)
  • Fix: Range through all resources to build webhook (#10748)
  • Fix: Get namespace labels before creating a policy context (#10773)
  • Fix: Wrong evaluation of pod security standard version (#10924)
  • Fix: Frequent API GET/UPDATE requests regarding webhooks reconciliation when no policies (#11203, #11225, #11230, #11233)

πŸ”§ Others πŸ”§

  • Fix: Bump docker in release 1.12 (#11088)
  • Fix: Updated Go version to v1.22.7 to address CVE-2024-34156 (#11142)
  • Chore: Bump chainsaw (#10687)
  • Chore: Bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible (#10750)

v1.12.6-rc.3

No release notes provided.

v1.12.6-rc.2

No release notes provided.

v1.12.6-rc.1

No release notes provided.

v1.12.5

✨ Added ✨

... (truncated)

Changelog

Sourced from github.com/kyverno/kyverno's changelog.

v1.13.0

Note

  • Removed deprecated flag reportsChunkSize.
  • Added --tufRootRaw flag to pass tuf root for custom sigstore deployments.

v1.11.0

v1.11.0-rc.1

Note

  • Added --tufRoot and --tufMirror flags to configure tuf for custom sigstore deployments.
  • Remove description from deprecated fields in CRDs
  • Remove CLI kyverno test manifest ... commands (replaced by kyverno create ...).
  • Added --caSecretName and --tlsSecretName flags to control names of certificate related secrets.
  • Added match conditions support in kyverno config map.
  • Deprecated flag --imageSignatureRepository. Will be removed in 1.12. Use per rule configuration verifyImages.Repository instead.
  • Added --aggregateReports flag for reports controller to enable/disable aggregated reports (default value is true).
  • Added --policyReports flag for reports controller to enable/disable policy reports (default value is true).
  • Renamed CLI flag --compact to --detailed-results (and changed default value from true to false).
  • Changed the default value of --enablePolicyException from false to true.

v1.10.0

v1.10.0-rc.1

Note

  • Removed GenerateRequest CRD.
  • Refactored kyverno chart, migration instructions are available in chart README.md.
  • Image references in the json context are not mutated to canonical form anymore, do not assume a registry domain is always present.
  • Added support for configuring webhook annotations in the config map through webhookAnnotations stanza.
  • Added excludeRoles and excludeClusterRoles support in configuration.
  • Added new flag skipResourceFilters to reports controller to enable/disable considering resource filters in the background (default value is true)
  • Removed hardcoded defaults for excludeGroups and excludeUsernames. They are always read from the config map.

v1.9.0-rc.1

Note

  • Flag backgroundScanInterval was added to force background scans at regular intervals (default value is 1h).
  • Flag splitPolicyReport was removed, was unused and marked for removal in 1.9.
  • Webhook is no longer updated to match pods/ephemeralcontainers when policy only specifies pods. If users want to match on pods/ephemeralcontainers, they must specify pods/ephemeralcontainers in the policy.
  • Webhook is no longer updated to match services/status when policy only specifies services. If users want to match on services/status, they must specify services/status in the policy.
  • Flag autogenInternals was removed, policy mutation has been removed.
  • Flag leaderElectionRetryPeriod was added to control leader election renewal frequency (default value is 2s).
  • Support upper case Audit and Enforce in .spec.validationFailureAction of the Kyverno policy, failure actions audit and enforce are deprecated and will be removed in v1.11.0.
  • Flag profileAddress was added to configure address of profiling server (default value is "").

... (truncated)

Commits


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nirmata/kyverno-notation-aws/network/alerts).