Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade dependencies for fix vulnerabilities #599

Merged
merged 1 commit into from
Aug 10, 2023
Merged

Upgrade dependencies for fix vulnerabilities #599

merged 1 commit into from
Aug 10, 2023

Conversation

vsychov
Copy link
Contributor

@vsychov vsychov commented Jul 29, 2023
edited
Loading

Greetings, thank you for the wonderful tool, I hope it won't be abandoned.
This PR contains dependency updates to the latest versions and fixes after updates, to keep them up to date and to eliminate vulnerabilities, here is the trivy report:

before the update 
vulnerabilities:
    - fixedVersion: 2.38.5-r0
      installedVersion: 2.38.4-r1
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-25652
      resource: git
      severity: HIGH
      target: ''
      title: >-
        by feeding specially crafted input to `git apply --reject`, a path
        outside the working tree can be overwritten with partially controlled
        contents
      vulnerabilityID: CVE-2023-25652
    - fixedVersion: 2.38.5-r0
      installedVersion: 2.38.4-r1
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-29007
      resource: git
      severity: HIGH
      target: ''
      title: >-
        arbitrary configuration injection when renaming or deleting a section
        from a configuration file
      vulnerabilityID: CVE-2023-29007
    - fixedVersion: 2.38.5-r0
      installedVersion: 2.38.4-r1
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-25815
      resource: git
      severity: LOW
      target: ''
      title: >-
        malicious placement of crafted messages when git was compiled with
        runtime prefix
      vulnerabilityID: CVE-2023-25815
    - fixedVersion: 3.0.9-r0
      installedVersion: 3.0.8-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-2650
      resource: libcrypto3
      severity: HIGH
      target: ''
      title: Possible DoS translating ASN.1 object identifiers
      vulnerabilityID: CVE-2023-2650
    - fixedVersion: 3.0.8-r3
      installedVersion: 3.0.8-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-0466
      resource: libcrypto3
      severity: MEDIUM
      target: ''
      title: Certificate policy check not enabled
      vulnerabilityID: CVE-2023-0466
    - fixedVersion: 3.0.8-r4
      installedVersion: 3.0.8-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-1255
      resource: libcrypto3
      severity: MEDIUM
      target: ''
      title: Input buffer over-read in AES-XTS implementation on 64 bit ARM
      vulnerabilityID: CVE-2023-1255
    - fixedVersion: 3.0.9-r2
      installedVersion: 3.0.8-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-2975
      resource: libcrypto3
      severity: MEDIUM
      target: ''
      title: >-
        AES-SIV cipher implementation contains a bug that causes it to ignore
        empty associated data entries
      vulnerabilityID: CVE-2023-2975
    - fixedVersion: 3.0.9-r3
      installedVersion: 3.0.8-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-3446
      resource: libcrypto3
      severity: MEDIUM
      target: ''
      title: Excessive time spent checking DH keys and parameters
      vulnerabilityID: CVE-2023-3446
    - fixedVersion: 8.1.0-r0
      installedVersion: 7.88.1-r1
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-28319
      resource: libcurl
      severity: HIGH
      target: ''
      title: use after free in SSH sha256 fingerprint check
      vulnerabilityID: CVE-2023-28319
    - fixedVersion: 8.1.0-r0
      installedVersion: 7.88.1-r1
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-28320
      resource: libcurl
      severity: MEDIUM
      target: ''
      title: siglongjmp race condition may lead to crash
      vulnerabilityID: CVE-2023-28320
    - fixedVersion: 8.1.0-r0
      installedVersion: 7.88.1-r1
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-28321
      resource: libcurl
      severity: MEDIUM
      target: ''
      title: IDN wildcard match may lead to Improper Cerificate Validation
      vulnerabilityID: CVE-2023-28321
    - fixedVersion: 8.1.0-r0
      installedVersion: 7.88.1-r1
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-28322
      resource: libcurl
      severity: LOW
      target: ''
      title: more POST-after-PUT confusion
      vulnerabilityID: CVE-2023-28322
    - fixedVersion: 3.0.9-r0
      installedVersion: 3.0.8-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-2650
      resource: libssl3
      severity: HIGH
      target: ''
      title: Possible DoS translating ASN.1 object identifiers
      vulnerabilityID: CVE-2023-2650
    - fixedVersion: 3.0.8-r3
      installedVersion: 3.0.8-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-0466
      resource: libssl3
      severity: MEDIUM
      target: ''
      title: Certificate policy check not enabled
      vulnerabilityID: CVE-2023-0466
    - fixedVersion: 3.0.8-r4
      installedVersion: 3.0.8-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-1255
      resource: libssl3
      severity: MEDIUM
      target: ''
      title: Input buffer over-read in AES-XTS implementation on 64 bit ARM
      vulnerabilityID: CVE-2023-1255
    - fixedVersion: 3.0.9-r2
      installedVersion: 3.0.8-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-2975
      resource: libssl3
      severity: MEDIUM
      target: ''
      title: >-
        AES-SIV cipher implementation contains a bug that causes it to ignore
        empty associated data entries
      vulnerabilityID: CVE-2023-2975
    - fixedVersion: 3.0.9-r3
      installedVersion: 3.0.8-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-3446
      resource: libssl3
      severity: MEDIUM
      target: ''
      title: Excessive time spent checking DH keys and parameters
      vulnerabilityID: CVE-2023-3446
    - fixedVersion: 6.3_p20221119-r1
      installedVersion: 6.3_p20221119-r0
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-29491
      resource: ncurses-libs
      severity: HIGH
      target: ''
      title: >-
        Local users can trigger security-relevant memory corruption via
        malformed data
      vulnerabilityID: CVE-2023-29491
    - fixedVersion: 6.3_p20221119-r1
      installedVersion: 6.3_p20221119-r0
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-29491
      resource: ncurses-terminfo-base
      severity: HIGH
      target: ''
      title: >-
        Local users can trigger security-relevant memory corruption via
        malformed data
      vulnerabilityID: CVE-2023-29491
    - fixedVersion: 1.51.0-r1
      installedVersion: 1.51.0-r0
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-35945
      resource: nghttp2-libs
      severity: HIGH
      target: ''
      title: HTTP/2 memory leak in nghttp2 codec
      vulnerabilityID: CVE-2023-35945
    - fixedVersion: 9.1_p1-r3
      installedVersion: 9.1_p1-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-28531
      resource: openssh-client-common
      severity: CRITICAL
      target: ''
      title: >-
        openssh: smartcard keys to ssh-agent without the intended per-hop
        destination constraints.
      vulnerabilityID: CVE-2023-28531
    - fixedVersion: 9.1_p1-r4
      installedVersion: 9.1_p1-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-38408
      resource: openssh-client-common
      severity: HIGH
      target: ''
      title: Remote code execution in ssh-agent PKCS#11 support
      vulnerabilityID: CVE-2023-38408
    - fixedVersion: 9.1_p1-r3
      installedVersion: 9.1_p1-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-28531
      resource: openssh-client-default
      severity: CRITICAL
      target: ''
      title: >-
        openssh: smartcard keys to ssh-agent without the intended per-hop
        destination constraints.
      vulnerabilityID: CVE-2023-28531
    - fixedVersion: 9.1_p1-r4
      installedVersion: 9.1_p1-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-38408
      resource: openssh-client-default
      severity: HIGH
      target: ''
      title: Remote code execution in ssh-agent PKCS#11 support
      vulnerabilityID: CVE-2023-38408
    - fixedVersion: 9.1_p1-r3
      installedVersion: 9.1_p1-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-28531
      resource: openssh-keygen
      severity: CRITICAL
      target: ''
      title: >-
        openssh: smartcard keys to ssh-agent without the intended per-hop
        destination constraints.
      vulnerabilityID: CVE-2023-28531
    - fixedVersion: 9.1_p1-r4
      installedVersion: 9.1_p1-r2
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-38408
      resource: openssh-keygen
      severity: HIGH
      target: ''
      title: Remote code execution in ssh-agent PKCS#11 support
      vulnerabilityID: CVE-2023-38408
    - fixedVersion: 2.1.15, 2.2.9, 2.3.4
      installedVersion: v2.2.7
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-29165
      resource: github.com/argoproj/argo-cd/v2
      severity: CRITICAL
      target: ''
      title: >-
        argocd: ArgoCD will blindly trust JWT claims if anonymous access is
        enabled
      vulnerabilityID: CVE-2022-29165
    - fixedVersion: 2.4.1, 2.3.5, 2.2.10, 2.1.16
      installedVersion: v2.2.7
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-31035
      resource: github.com/argoproj/argo-cd/v2
      severity: CRITICAL
      target: ''
      title: >-
        argocd: cross-site scripting (XSS) allow a malicious user to inject a
        javascript link in the UI
      vulnerabilityID: CVE-2022-31035
    - fixedVersion: 2.3.2, 2.2.8, 2.1.14
      installedVersion: v2.2.7
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-1025
      resource: github.com/argoproj/argo-cd/v2
      severity: HIGH
      target: ''
      title: >-
        Openshift-Gitops: Improper access control allows admin privilege
        escalation
      vulnerabilityID: CVE-2022-1025
    - fixedVersion: 2.4.1, 2.3.5, 2.2.10, 2.1.16
      installedVersion: v2.2.7
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-31034
      resource: github.com/argoproj/argo-cd/v2
      severity: HIGH
      target: ''
      title: >-
        argocd: vulnerable to a variety of attacks when an SSO login is
        initiated from the Argo CD CLI or the UI.
      vulnerabilityID: CVE-2022-31034
    - fixedVersion: 2.3.4, 2.2.9, 2.1.15
      installedVersion: v2.2.7
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-24904
      resource: github.com/argoproj/argo-cd/v2
      severity: MEDIUM
      target: ''
      title: >-
        argocd: Symlink following allows leaking out-of-bound manifests and JSON
        files from Argo CD repo-server
      vulnerabilityID: CVE-2022-24904
    - fixedVersion: 2.1.15, 2.2.9, 2.3.4
      installedVersion: v2.2.7
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-24905
      resource: github.com/argoproj/argo-cd/v2
      severity: MEDIUM
      target: ''
      title: 'argocd: Login screen allows message spoofing if SSO is enabled'
      vulnerabilityID: CVE-2022-24905
    - fixedVersion: 2.4.1, 2.3.5, 2.2.10, 2.1.16
      installedVersion: v2.2.7
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-31016
      resource: github.com/argoproj/argo-cd/v2
      severity: MEDIUM
      target: ''
      title: 'argocd: vulnerable to an uncontrolled memory consumption bug'
      vulnerabilityID: CVE-2022-31016
    - fixedVersion: 2.4.1, 2.3.5, 2.2.10, 2.1.16
      installedVersion: v2.2.7
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-31036
      resource: github.com/argoproj/argo-cd/v2
      severity: MEDIUM
      target: ''
      title: >-
        argocd: vulnerable to a symlink following bug allowing a malicious user
        with repository write access
      vulnerabilityID: CVE-2022-31036
    - fixedVersion: 2.4.28, 2.6.7, 2.5.16
      installedVersion: v2.2.7
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-41354
      resource: github.com/argoproj/argo-cd/v2
      severity: MEDIUM
      target: ''
      title: >-
        Authenticated but unauthorized users may enumerate Application names via
        the API
      vulnerabilityID: CVE-2022-41354
    - fixedVersion: 2.0.0
      installedVersion: v1.1.1
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-39304
      resource: github.com/bradleyfalzon/ghinstallation
      severity: MEDIUM
      target: ''
      title: Leak of bearer JWT from http.RoundTripper response
      vulnerabilityID: CVE-2022-39304
    - fixedVersion: 2.8.2-beta.1
      installedVersion: v2.8.1+incompatible
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-2253
      resource: github.com/docker/distribution
      severity: HIGH
      target: ''
      title: DoS from malicious API request
      vulnerabilityID: CVE-2023-2253
    - fixedVersion: 2.16.0
      installedVersion: v2.9.5+incompatible
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-1996
      resource: github.com/emicklei/go-restful
      severity: CRITICAL
      target: ''
      title: Authorization Bypass Through User-Controlled Key
      vulnerabilityID: CVE-2022-1996
    - fixedVersion: 0.0.0-20220314234659-1baeb1ce4c0b
      installedVersion: v0.0.0-20211215153901-e495a2d5b3d3
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-27191
      resource: golang.org/x/crypto
      severity: HIGH
      target: ''
      title: crash in a golang.org/x/crypto/ssh server
      vulnerabilityID: CVE-2022-27191
    - fixedVersion: 0.7.0
      installedVersion: v0.4.0
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2022-41723
      resource: golang.org/x/net
      severity: HIGH
      target: ''
      title: avoid quadratic complexity in HPACK decoding
      vulnerabilityID: CVE-2022-41723
    - fixedVersion: 1.27.2, 1.26.5, 1.25.10, 1.24.14
      installedVersion: v1.22.4
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-2431
      resource: k8s.io/kubernetes
      severity: MEDIUM
      target: ''
      title: Bypass of seccomp profile enforcement
      vulnerabilityID: CVE-2023-2431
    - fixedVersion: 1.24.15, 1.25.11, 1.26.6, 1.27.3
      installedVersion: v1.22.4
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-2727
      resource: k8s.io/kubernetes
      severity: MEDIUM
      target: ''
      title: Bypassing policies imposed by the ImagePolicyWebhook  admission plugin
      vulnerabilityID: CVE-2023-2727
    - fixedVersion: 1.24.15, 1.25.11, 1.26.6, 1.27.3
      installedVersion: v1.22.4
      links: []
      primaryLink: https://avd.aquasec.com/nvd/cve-2023-2728
      resource: k8s.io/kubernetes
      severity: MEDIUM
      target: ''
      title: >-
        Bypassing enforce mountable secrets policy imposed by the
        ServiceAccount admission plugin
      vulnerabilityID: CVE-2023-2728
and here it is after 
vulnerabilities:
  - fixedVersion: 2.0.0
    installedVersion: v1.1.1
    links: []
    primaryLink: https://avd.aquasec.com/nvd/cve-2022-39304
    resource: github.com/bradleyfalzon/ghinstallation
    severity: MEDIUM
    target: ''
    title: Leak of bearer JWT from http.RoundTripper response
    vulnerabilityID: CVE-2022-39304
  - fixedVersion: 2.8.2-beta.1
    installedVersion: v2.8.1+incompatible
    links: []
    primaryLink: https://avd.aquasec.com/nvd/cve-2023-2253
    resource: github.com/docker/distribution
    severity: HIGH
    target: ''
    title: DoS from malicious API request
    vulnerabilityID: CVE-2023-2253
  - fixedVersion: 1.27.2, 1.26.5, 1.25.10, 1.24.14
    installedVersion: v1.24.2
    links: []
    primaryLink: https://avd.aquasec.com/nvd/cve-2023-2431
    resource: k8s.io/kubernetes
    severity: MEDIUM
    target: ''
    title: Bypass of seccomp profile enforcement
    vulnerabilityID: CVE-2023-2431
  - fixedVersion: 1.24.15, 1.25.11, 1.26.6, 1.27.3
    installedVersion: v1.24.2
    links: []
    primaryLink: https://avd.aquasec.com/nvd/cve-2023-2727
    resource: k8s.io/kubernetes
    severity: MEDIUM
    target: ''
    title: Bypassing policies imposed by the ImagePolicyWebhook  admission plugin
    vulnerabilityID: CVE-2023-2727
  - fixedVersion: 1.24.15, 1.25.11, 1.26.6, 1.27.3
    installedVersion: v1.24.2
    links: []
    primaryLink: https://avd.aquasec.com/nvd/cve-2023-2728
    resource: k8s.io/kubernetes
    severity: MEDIUM
    target: ''
    title: >-
      Bypassing enforce mountable secrets policy imposed by the 
      ServiceAccount admission plugin
    vulnerabilityID: CVE-2023-2728

//nolint:staticcheck added for suppress linter issue:

SA1019: schema1.History is deprecated: Docker Image Manifest v2, Schema 1 is deprecated since 2015. Use Docker Image Manifest v2, Schema 2, or the OCI Image Specification. (staticcheck)

Hope this will be merged asap. Changes is tested on real env.

@codecov-commenter
Copy link

codecov-commenter commented Jul 29, 2023
edited
Loading

Codecov Report

Merging #599 (3b761a4) into master (d5a8f94) will not change coverage.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master     #599   +/-   ##
=======================================
  Coverage   65.63%   65.63%           
=======================================
  Files          22       22           
  Lines        2069     2069           
=======================================
  Hits         1358     1358           
  Misses        577      577           
  Partials      134      134
Files Changed Coverage Δ
pkg/registry/client.go 13.51% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@vsychov vsychov force-pushed the fix-vulnerabilities branch from d889071 to 90a3683 Compare July 29, 2023 20:25
@jannfis
Copy link
Contributor

jannfis commented Jul 30, 2023

Hi @vsychov, thanks a lot for your PR!

I had just merged #594, which has some overlaps with the changes in your PR.

Could you please rebase yours and see what's in your PR that has not been in #594?

Thank you.

@vsychov vsychov force-pushed the fix-vulnerabilities branch from 90a3683 to 3b761a4 Compare July 30, 2023 17:45
@vsychov
Copy link
Contributor Author

vsychov commented Jul 30, 2023

@jannfis , done

@vsychov
Copy link
Contributor Author

vsychov commented Aug 10, 2023

Hello @jannfis , any chance that it will be merged?

jannfis
jannfis approved these changes Aug 10, 2023
View reviewed changes
Copy link
Contributor

@jannfis jannfis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Guess we can remove support for Schema v1 as well anytime soon, not sure whether it's still used by people out there.

@jannfis
Copy link
Contributor

jannfis commented Aug 10, 2023

Sorry @vsychov and thanks for the ping. Sometimes, issues go by so quickly, it's hard to catch up :)

@jannfis jannfis merged commit c6cce47 into argoproj-labs:master Aug 10, 2023
jwhy89 pushed a commit to jwhy89/argocd-image-updater that referenced this pull request Aug 17, 2023
@vsychov @jwhy89
chore(deps): upgrade dependencies for fix vulnerabilities (argoproj-l…
1cc47a2 
…abs#599)

Signed-off-by: Viacheslav Sychov <[email protected]>
Signed-off-by: Jarvis Yang <[email protected]>
jessebye pushed a commit to jessebye/argocd-image-updater that referenced this pull request Sep 1, 2023
@vsychov @jessebye
chore(deps): upgrade dependencies for fix vulnerabilities (argoproj-l…
3779f8c 
…abs#599)

Signed-off-by: Viacheslav Sychov <[email protected]>
Signed-off-by: Jesse Bye <[email protected]>
jessebye pushed a commit to jessebye/argocd-image-updater that referenced this pull request Sep 1, 2023
@suzaku @jessebye
chore: Fix spell checking config (argoproj-labs#577)
a753e62 
Signed-off-by: satoru <[email protected]>
Signed-off-by: Jesse Bye <[email protected]>

docs: Fixed typo (argoproj-labs#589)

Signed-off-by: Jesse Bye <[email protected]>

chore: Preallocate space for slices with known size (argoproj-labs#575)

Signed-off-by: satoru <[email protected]>
Signed-off-by: Jesse Bye <[email protected]>

ci: Fix codegen and update kustomize to post-2.0 (argoproj-labs#590)

* ci: Fix codegen

Signed-off-by: jannfis <[email protected]>

* Fix tar call

Signed-off-by: jannfis <[email protected]>

---------

Signed-off-by: jannfis <[email protected]>
Signed-off-by: Jesse Bye <[email protected]>

feat: Respect original parameter overrides with git write-back (argoproj-labs#573)

* Fix original override not respected

Signed-off-by: KS. Yim <[email protected]>

* Add writeOverrides unittest

Signed-off-by: KS. Yim <[email protected]>

* Add helm override commit test

Signed-off-by: KS. Yim <[email protected]>

* lint

Signed-off-by: KS. Yim <[email protected]>

* fix shadowed err

Signed-off-by: KS. Yim <[email protected]>

---------

Signed-off-by: KS. Yim <[email protected]>
Co-authored-by: KS. Yim <[email protected]>
Signed-off-by: Jesse Bye <[email protected]>

chore: Update to newer argocd version for better API compatibility (argoproj-labs#594)

* fix: update go mods to use newer argocd app definition

Signed-off-by: Jesse Bye <[email protected]>

* fix deps and tests

Signed-off-by: Jesse Bye <[email protected]>

* fix spelling

Signed-off-by: Jesse Bye <[email protected]>

---------

Signed-off-by: Jesse Bye <[email protected]>

chore(deps): upgrade dependencies for fix vulnerabilities (argoproj-labs#599)

Signed-off-by: Viacheslav Sychov <[email protected]>
Signed-off-by: Jesse Bye <[email protected]>

fix: tighten securityContext to comply with restricted PSS (argoproj-labs#600)

makes argocd-image-updater compatible with restricted Pod Security Standard

Signed-off-by: Takeo Sawada <[email protected]>
Signed-off-by: Jesse Bye <[email protected]>

feat: Add possibility to specify write-back GIT repository as annotation (argoproj-labs#424)

* Add possibility to specify write-back GIT repository as annotation.

Signed-off-by: flozzone <[email protected]>

* Update golangci-lint to 1.52.2.

Signed-off-by: flozzone <[email protected]>

* Replace deprecated golangci linters with 'unused' linter.

Signed-off-by: flozzone <[email protected]>

* Fix Goimport issues.

Signed-off-by: flozzone <[email protected]>

---------

Signed-off-by: flozzone <[email protected]>
Signed-off-by: Jesse Bye <[email protected]>

fix: support ocischema.DeserializedImageIndex in registry client

Signed-off-by: Jesse Bye <[email protected]>

fix test

Signed-off-by: Jesse Bye <[email protected]>

fix: update go mods to use newer argocd app definition

Signed-off-by: Jesse Bye <[email protected]>

fix deps and tests

Signed-off-by: Jesse Bye <[email protected]>

merge master

Signed-off-by: Jesse Bye <[email protected]>

fix go mods

Signed-off-by: Jesse Bye <[email protected]>

refactor: use shared function to reduce duplication

Signed-off-by: Jesse Bye <[email protected]>

fix: update go mods to use newer argocd app definition

Signed-off-by: Jesse Bye <[email protected]>

fix deps and tests

Signed-off-by: Jesse Bye <[email protected]>

merge master

Signed-off-by: Jesse Bye <[email protected]>

fix go mods

Signed-off-by: Jesse Bye <[email protected]>

Fix after rebase

Signed-off-by: Jesse Bye <[email protected]>

chore: Fix spell checking config (argoproj-labs#577)

Signed-off-by: satoru <[email protected]>

docs: Fixed typo (argoproj-labs#589)

chore: Preallocate space for slices with known size (argoproj-labs#575)

Signed-off-by: satoru <[email protected]>

ci: Fix codegen and update kustomize to post-2.0 (argoproj-labs#590)

* ci: Fix codegen

Signed-off-by: jannfis <[email protected]>

* Fix tar call

Signed-off-by: jannfis <[email protected]>

---------

Signed-off-by: jannfis <[email protected]>

feat: Respect original parameter overrides with git write-back (argoproj-labs#573)

* Fix original override not respected

Signed-off-by: KS. Yim <[email protected]>

* Add writeOverrides unittest

Signed-off-by: KS. Yim <[email protected]>

* Add helm override commit test

Signed-off-by: KS. Yim <[email protected]>

* lint

Signed-off-by: KS. Yim <[email protected]>

* fix shadowed err

Signed-off-by: KS. Yim <[email protected]>

---------

Signed-off-by: KS. Yim <[email protected]>
Co-authored-by: KS. Yim <[email protected]>

chore: Update to newer argocd version for better API compatibility (argoproj-labs#594)

* fix: update go mods to use newer argocd app definition

Signed-off-by: Jesse Bye <[email protected]>

* fix deps and tests

Signed-off-by: Jesse Bye <[email protected]>

* fix spelling

Signed-off-by: Jesse Bye <[email protected]>

---------

Signed-off-by: Jesse Bye <[email protected]>

chore(deps): upgrade dependencies for fix vulnerabilities (argoproj-labs#599)

Signed-off-by: Viacheslav Sychov <[email protected]>

fix: tighten securityContext to comply with restricted PSS (argoproj-labs#600)

makes argocd-image-updater compatible with restricted Pod Security Standard

Signed-off-by: Takeo Sawada <[email protected]>
xescab pushed a commit to xescab/argocd-image-updater that referenced this pull request Sep 8, 2023
@vsychov @xescab
chore(deps): upgrade dependencies for fix vulnerabilities (argoproj-l…
f4c0b87 
…abs#599)

Signed-off-by: Viacheslav Sychov <[email protected]>
Signed-off-by: Francesc Arbona <[email protected]>
dlactin pushed a commit to dlactin/argocd-image-updater that referenced this pull request May 9, 2024
@vsychov @dlactin
chore(deps): upgrade dependencies for fix vulnerabilities (argoproj-l…
5e46c59 
…abs#599)

Signed-off-by: Viacheslav Sychov <[email protected]>
sribiere-jellysmack pushed a commit to sribiere-jellysmack/argocd-image-updater that referenced this pull request Aug 13, 2024
@vsychov @sribiere-jellysmack
chore(deps): upgrade dependencies for fix vulnerabilities (argoproj-l…
62a17f5 
…abs#599)

Signed-off-by: Viacheslav Sychov <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jannfis jannfis jannfis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vsychov @codecov-commenter @jannfis