diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 406306bbeca2e..8df709b18f6cd 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,8 +1,6 @@ - Checklist: @@ -16,8 +14,8 @@ Checklist: * [ ] Optional. My organization is added to USERS.md. * [ ] I have signed off all my commits as required by [DCO](https://github.com/argoproj/argoproj/blob/master/community/CONTRIBUTING.md#legal) * [ ] I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged. -* [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/latest/developer-guide/ci/)). +* [ ] My build is green ([troubleshooting builds](https://argo-cd.readthedocs.io/en/latest/developer-guide/ci/)). * [ ] My new feature complies with the [feature status](https://github.com/argoproj/argoproj/blob/master/community/feature-status.md) guidelines. * [ ] I have added a brief description of why this PR is necessary and/or what this PR solves. - +Please see [Contribution FAQs](https://argo-cd.readthedocs.io/en/latest/developer-guide/faq/) if you have questions about your pull-request. diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 6d4302d2b540c..cea27d9b8560a 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -16,7 +16,7 @@ ## image-reuse.yaml - The resuable workflow can be used to publish or build images with multiple container registries(Quay,GHCR, dockerhub), and then sign them with cosign when an image is published. -- A GO version `must` be specified e.g. 1.21 +- A GO version `must` be specified e.g. 1.19 - The image name for each registry *must* contain the tag. Note: multiple tags are allowed for each registry using a CSV type. - Multiple platforms can be specified e.g. linux/amd64,linux/arm64 - Images are not published by default. A boolean value must be set to `true` to push images. diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index aac287b1ce0fd..0ee9cb2f7155d 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -13,7 +13,7 @@ on: env: # Golang version to use across CI steps - GOLANG_VERSION: '1.21' + GOLANG_VERSION: '1.20' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -30,7 +30,7 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Download all Go modules @@ -48,7 +48,7 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Restore go build cache @@ -72,14 +72,14 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint - uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0 + uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0 with: - version: v1.54.0 - args: --enable gofmt --timeout 10m --exclude SA5011 --verbose --max-issues-per-linter 0 --max-same-issues 0 + version: v1.51.0 + args: --timeout 10m --exclude SA5011 --verbose test-go: name: Run unit tests for Go packages @@ -97,7 +97,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -164,7 +164,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -217,7 +217,7 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Create symlink in GOPATH @@ -265,9 +265,9 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup NodeJS - uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # v3.8.0 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: - node-version: '20.4.0' + node-version: '20.3.1' - name: Restore node dependency cache id: cache-dependencies uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 @@ -381,7 +381,7 @@ jobs: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: GH actions workaround - Kill XSP4 process diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index a0a62669fc5b1..890a098d9af9e 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -69,17 +69,17 @@ jobs: if: ${{ github.ref_type != 'tag'}} - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: ${{ inputs.go-version }} - name: Install cosign - uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 + uses: sigstore/cosign-installer@d13028333d784fcc802b67ec924bcebe75aa0a5f # v3.1.0 with: cosign-release: 'v2.0.0' - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1 + - uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2.7.0 - name: Setup tags for container image as a CSV type run: | diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 56ec503c1c35d..e98ae27708263 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -52,7 +52,7 @@ jobs: uses: ./.github/workflows/image-reuse.yaml with: # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.21 + go-version: 1.20 platforms: ${{ needs.set-vars.outputs.platforms }} push: false @@ -68,7 +68,7 @@ jobs: quay_image_name: quay.io/argoproj/argocd:latest ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.21 + go-version: 1.20 platforms: ${{ needs.set-vars.outputs.platforms }} push: true secrets: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 24618a8d8f596..9237d28b433d7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ on: permissions: {} env: - GOLANG_VERSION: '1.21' # Note: go-version must also be set in job argocd-image.with.go-version + GOLANG_VERSION: '1.20' # Note: go-version must also be set in job argocd-image.with.go-version jobs: argocd-image: @@ -23,7 +23,7 @@ jobs: with: quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.21 + go-version: 1.20 platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le push: true secrets: @@ -77,7 +77,7 @@ jobs: fi - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} @@ -88,14 +88,14 @@ jobs: echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV - name: Run GoReleaser - uses: goreleaser/goreleaser-action@3fa32b8bb5620a2c1afe798654bbad59f9da4906 # v4.4.0 + uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 id: run-goreleaser with: version: latest args: release --clean --timeout 55m env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - KUBECTL_VERSION: ${{ env.KUBECTL_VERSION }} + KUBECTL_VERSION: ${{ env.KUBECTL_VERSION }} GIT_TREE_STATE: ${{ env.GIT_TREE_STATE }} - name: Generate subject for provenance @@ -145,7 +145,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: ${{ env.GOLANG_VERSION }} @@ -178,7 +178,7 @@ jobs: fi cd /tmp && tar -zcf sbom.tar.gz *.spdx - + - name: Generate SBOM hash shell: bash id: sbom-hash @@ -187,7 +187,7 @@ jobs: # base64 -w0 encodes to base64 and outputs on a single line. # sha256sum /tmp/sbom.tar.gz ... | base64 -w0 echo "hashes=$(sha256sum /tmp/sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT" - + - name: Upload SBOM uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 env: @@ -195,7 +195,7 @@ jobs: with: files: | /tmp/sbom.tar.gz - + sbom-provenance: needs: [generate-sbom] permissions: @@ -209,7 +209,7 @@ jobs: base64-subjects: "${{ needs.generate-sbom.outputs.hashes }}" provenance-name: "argocd-sbom.intoto.jsonl" upload-assets: true - + post-release: needs: - argocd-image diff --git a/Dockerfile b/Dockerfile index 1822816f64a83..f69e34cce45d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:0bced47fffa3361afa981854fca # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.21.0@sha256:ec457a2fcd235259273428a24e09900c496d0c52207266f96a330062a01e3622 AS builder +FROM docker.io/library/golang:1.20.6@sha256:8e5a0067e6b387263a01d06b91ef1a983f90e9638564f6e25392fd2695f7ab6c AS builder RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -83,7 +83,7 @@ WORKDIR /home/argocd #################################################################################################### # Argo CD UI stage #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/node:20.5.0@sha256:32ec50b65ac9572eda92baa6004a04dbbfc8021ea806fa62d37336183cad04e6 AS argocd-ui +FROM --platform=$BUILDPLATFORM docker.io/library/node:20.3.1@sha256:2f0b0c15f97441defa812268ee943bbfaaf666ea6cf7cac62ee3f127906b35c6 AS argocd-ui WORKDIR /src COPY ["ui/package.json", "ui/yarn.lock", "./"] @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.21.0@sha256:ec457a2fcd235259273428a24e09900c496d0c52207266f96a330062a01e3622 AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.20.6@sha256:8e5a0067e6b387263a01d06b91ef1a983f90e9638564f6e25392fd2695f7ab6c AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd diff --git a/Makefile b/Makefile index 4c119188105b9..aceebcc6689ad 100644 --- a/Makefile +++ b/Makefile @@ -352,7 +352,7 @@ lint-local: golangci-lint --version # NOTE: If you get a "Killed" OOM message, try reducing the value of GOGC # See https://github.com/golangci/golangci-lint#memory-usage-of-golangci-lint - GOGC=$(ARGOCD_LINT_GOGC) GOMAXPROCS=2 golangci-lint run --enable gofmt --fix --verbose --timeout 3000s --max-issues-per-linter 0 --max-same-issues 0 + GOGC=$(ARGOCD_LINT_GOGC) GOMAXPROCS=2 golangci-lint run --fix --verbose --timeout 3000s .PHONY: lint-ui lint-ui: test-tools-image @@ -652,4 +652,4 @@ help: @echo 'codegen:' @echo ' codegen(-local) -- if using -local, run the following targets first' @echo ' install-codegen-tools-local -- run this to install the codegen tools' - @echo ' install-go-tools-local -- run this to install go libraries for codegen' + @echo ' install-go-tools-local -- run this to install go libraries for codegen' \ No newline at end of file diff --git a/README.md b/README.md index ef5664de5b5b7..8a6d971f8419e 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h ### Blogs and Presentations 1. [Awesome-Argo: A Curated List of Awesome Projects and Resources Related to Argo](https://github.com/terrytangyuan/awesome-argo) -1. [Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD](https://akuity.io/blog/unveil-the-secret-ingredients-of-continuous-delivery-at-enterprise-scale-with-argocd-kubecon-china-2021/) +1. [Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD](https://blog.akuity.io/unveil-the-secret-ingredients-of-continuous-delivery-at-enterprise-scale-with-argo-cd-7c5b4057ee49) 1. [GitOps Without Pipelines With ArgoCD Image Updater](https://youtu.be/avPUQin9kzU) 1. [Combining Argo CD (GitOps), Crossplane (Control Plane), And KubeVela (OAM)](https://youtu.be/eEcgn_gU3SM) 1. [How to Apply GitOps to Everything - Combining Argo CD and Crossplane](https://youtu.be/yrj4lmScKHQ) diff --git a/SECURITY.md b/SECURITY.md index 479cd5ef29c97..38574aa2bd0db 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -50,7 +50,7 @@ of releasing it within a patch branch for the currently supported releases. ## Reporting a Vulnerability -If you find a security related bug in Argo CD, we kindly ask you for responsible +If you find a security related bug in ArgoCD, we kindly ask you for responsible disclosure and for giving us appropriate time to react, analyze and develop a fix to mitigate the found security vulnerability. diff --git a/USERS.md b/USERS.md index e4737c062bbe2..4fef125a9ca1a 100644 --- a/USERS.md +++ b/USERS.md @@ -24,7 +24,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [AppDirect](https://www.appdirect.com) 1. [Arctiq Inc.](https://www.arctiq.ca) 1. [ARZ Allgemeines Rechenzentrum GmbH](https://www.arz.at/) -2. [Autodesk](https://www.autodesk.com) 1. [Axual B.V.](https://axual.com) 1. [Back Market](https://www.backmarket.com) 1. [Baloise](https://www.baloise.com) @@ -43,7 +42,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Capital One](https://www.capitalone.com) 1. [CARFAX](https://www.carfax.com) 1. [CARFAX Europe](https://www.carfax.eu) -1. [Carrefour Group](https://www.carrefour.com) 1. [Casavo](https://casavo.com) 1. [Celonis](https://www.celonis.com/) 1. [CERN](https://home.cern/) @@ -87,7 +85,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Farfetch](https://www.farfetch.com) 1. [Faro](https://www.faro.com/) 1. [Fave](https://myfave.com) -1. [Flexport](https://www.flexport.com/) 1. [Flip](https://flip.id) 1. [Fonoa](https://www.fonoa.com/) 1. [freee](https://corp.freee.co.jp/en/company/) @@ -129,7 +126,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Info Support](https://www.infosupport.com/) 1. [InsideBoard](https://www.insideboard.com) 1. [Intuit](https://www.intuit.com/) -1. [Jellysmack](https://www.jellysmack.com) 1. [Joblift](https://joblift.com/) 1. [JovianX](https://www.jovianx.com/) 1. [Kaltura](https://corp.kaltura.com/) @@ -277,7 +273,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Trusting Social](https://trustingsocial.com/) 1. [Twilio SendGrid](https://sendgrid.com) 1. [tZERO](https://www.tzero.com/) -1. [U.S. Veterans Affairs Department](https://www.va.gov/) 1. [UBIO](https://ub.io/) 1. [UFirstGroup](https://www.ufirstgroup.com/en/) 1. [ungleich.ch](https://ungleich.ch/) @@ -287,7 +282,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Vectra](https://www.vectra.ai) 1. [Veepee](https://www.veepee.com) 1. [Viaduct](https://www.viaduct.ai/) -1. [VietMoney](https://vietmoney.vn/) 1. [Vinted](https://vinted.com/) 1. [Virtuo](https://www.govirtuo.com/) 1. [VISITS Technologies](https://visits.world/en) diff --git a/VERSION b/VERSION index c8e38b614057b..dbe590065479b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.9.0 +2.8.1 diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index 8b31f0a1e95a4..1914783c4c79e 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -448,7 +448,7 @@ func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Con conditions, err := argoutil.ValidatePermissions(ctx, &app.Spec, proj, r.ArgoDB) if err != nil { - return nil, fmt.Errorf("error validating permissions: %s", err) + return nil, err } if len(conditions) > 0 { errorsByIndex[i] = fmt.Errorf("application spec is invalid: %s", argoutil.FormatAppConditions(conditions)) @@ -692,7 +692,7 @@ func (r *ApplicationSetReconciler) getCurrentApplications(_ context.Context, app err := r.Client.List(context.Background(), ¤t, client.MatchingFields{".metadata.controller": applicationSet.Name}) if err != nil { - return nil, fmt.Errorf("error retrieving applications: %w", err) + return nil, err } return current.Items, nil diff --git a/applicationset/generators/cluster.go b/applicationset/generators/cluster.go index d8647d78d3a5c..587b0dfa5955f 100644 --- a/applicationset/generators/cluster.go +++ b/applicationset/generators/cluster.go @@ -78,7 +78,7 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap // ListCluster from Argo CD's util/db package will include the local cluster in the list of clusters clustersFromArgoCD, err := utils.ListClusters(g.ctx, g.clientset, g.namespace) if err != nil { - return nil, fmt.Errorf("error listing clusters: %w", err) + return nil, err } if clustersFromArgoCD == nil { diff --git a/applicationset/generators/duck_type.go b/applicationset/generators/duck_type.go index f98afd0e01381..cdd13e8aeaf7a 100644 --- a/applicationset/generators/duck_type.go +++ b/applicationset/generators/duck_type.go @@ -74,7 +74,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A // ListCluster from Argo CD's util/db package will include the local cluster in the list of clusters clustersFromArgoCD, err := utils.ListClusters(g.ctx, g.clientset, g.namespace) if err != nil { - return nil, fmt.Errorf("error listing clusters: %w", err) + return nil, err } if clustersFromArgoCD == nil { @@ -85,7 +85,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A cm, err := g.clientset.CoreV1().ConfigMaps(g.namespace).Get(g.ctx, appSetGenerator.ClusterDecisionResource.ConfigMapRef, metav1.GetOptions{}) if err != nil { - return nil, fmt.Errorf("error reading configMapRef: %w", err) + return nil, err } // Extract GVK data for the dynamic client to use diff --git a/applicationset/generators/generator_spec_processor.go b/applicationset/generators/generator_spec_processor.go index 447e99d83ab37..a6af3ae8c45cd 100644 --- a/applicationset/generators/generator_spec_processor.go +++ b/applicationset/generators/generator_spec_processor.go @@ -125,7 +125,7 @@ func GetRelevantGenerators(requestedGenerator *argoprojiov1alpha1.ApplicationSet func flattenParameters(in map[string]interface{}) (map[string]string, error) { flat, err := flatten.Flatten(in, "", flatten.DotStyle) if err != nil { - return nil, fmt.Errorf("error flatenning parameters: %w", err) + return nil, err } out := make(map[string]string, len(flat)) diff --git a/applicationset/generators/git.go b/applicationset/generators/git.go index d3d46f51c4575..9b2825618d80a 100644 --- a/applicationset/generators/git.go +++ b/applicationset/generators/git.go @@ -66,7 +66,7 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic return nil, EmptyAppSetGeneratorError } if err != nil { - return nil, fmt.Errorf("error generating params from git: %w", err) + return nil, err } return res, nil @@ -77,7 +77,7 @@ func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoproj // Directories, not files allPaths, err := g.repos.GetDirectories(context.TODO(), appSetGenerator.Git.RepoURL, appSetGenerator.Git.Revision) if err != nil { - return nil, fmt.Errorf("error getting directories from repo: %w", err) + return nil, err } log.WithFields(log.Fields{ @@ -92,7 +92,7 @@ func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoproj res, err := g.generateParamsFromApps(requestedApps, appSetGenerator, useGoTemplate, goTemplateOptions) if err != nil { - return nil, fmt.Errorf("error generating params from apps: %w", err) + return nil, fmt.Errorf("failed to generate params from apps: %w", err) } return res, nil @@ -177,7 +177,7 @@ func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent [] } else { flat, err := flatten.Flatten(objectFound, "", flatten.DotStyle) if err != nil { - return nil, fmt.Errorf("error flattening object: %w", err) + return nil, err } for k, v := range flat { params[k] = fmt.Sprintf("%v", v) diff --git a/applicationset/generators/git_test.go b/applicationset/generators/git_test.go index 479987e8e763e..a236b00bca7bb 100644 --- a/applicationset/generators/git_test.go +++ b/applicationset/generators/git_test.go @@ -251,7 +251,7 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) { repoApps: []string{}, repoError: fmt.Errorf("error"), expected: []map[string]interface{}{}, - expectedError: fmt.Errorf("error generating params from git: error getting directories from repo: error"), + expectedError: fmt.Errorf("error"), }, } @@ -547,7 +547,7 @@ func TestGitGenerateParamsFromDirectoriesGoTemplate(t *testing.T) { repoApps: []string{}, repoError: fmt.Errorf("error"), expected: []map[string]interface{}{}, - expectedError: fmt.Errorf("error generating params from git: error getting directories from repo: error"), + expectedError: fmt.Errorf("error"), }, } @@ -742,7 +742,7 @@ func TestGitGenerateParamsFromFiles(t *testing.T) { repoFileContents: map[string][]byte{}, repoPathsError: fmt.Errorf("paths error"), expected: []map[string]interface{}{}, - expectedError: fmt.Errorf("error generating params from git: paths error"), + expectedError: fmt.Errorf("paths error"), }, { name: "test invalid JSON file returns error", @@ -752,7 +752,7 @@ func TestGitGenerateParamsFromFiles(t *testing.T) { }, repoPathsError: nil, expected: []map[string]interface{}{}, - expectedError: fmt.Errorf("error generating params from git: unable to process file 'cluster-config/production/config.json': unable to parse file: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type map[string]interface {}"), + expectedError: fmt.Errorf("unable to process file 'cluster-config/production/config.json': unable to parse file: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type map[string]interface {}"), }, { name: "test JSON array", @@ -1048,7 +1048,7 @@ func TestGitGenerateParamsFromFilesGoTemplate(t *testing.T) { repoFileContents: map[string][]byte{}, repoPathsError: fmt.Errorf("paths error"), expected: []map[string]interface{}{}, - expectedError: fmt.Errorf("error generating params from git: paths error"), + expectedError: fmt.Errorf("paths error"), }, { name: "test invalid JSON file returns error", @@ -1058,7 +1058,7 @@ func TestGitGenerateParamsFromFilesGoTemplate(t *testing.T) { }, repoPathsError: nil, expected: []map[string]interface{}{}, - expectedError: fmt.Errorf("error generating params from git: unable to process file 'cluster-config/production/config.json': unable to parse file: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type map[string]interface {}"), + expectedError: fmt.Errorf("unable to process file 'cluster-config/production/config.json': unable to parse file: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type map[string]interface {}"), }, { name: "test JSON array", diff --git a/applicationset/generators/list.go b/applicationset/generators/list.go index b3afabe6dac7d..c76a0549142db 100644 --- a/applicationset/generators/list.go +++ b/applicationset/generators/list.go @@ -83,7 +83,7 @@ func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appli if err != nil { return nil, fmt.Errorf("error unmarshling decoded ElementsYaml %v", err) } - res = append(res, yamlElements...) + res = append(res, yamlElements...) } return res, nil diff --git a/applicationset/generators/matrix.go b/applicationset/generators/matrix.go index e4d1b74cb7ecc..2d5d18c8a203c 100644 --- a/applicationset/generators/matrix.go +++ b/applicationset/generators/matrix.go @@ -50,7 +50,7 @@ func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App g0, err := m.getParams(appSetGenerator.Matrix.Generators[0], appSet, nil) if err != nil { - return nil, fmt.Errorf("error failed to get params for first generator in matrix generator: %w", err) + return nil, err } for _, a := range g0 { g1, err := m.getParams(appSetGenerator.Matrix.Generators[1], appSet, a) @@ -94,7 +94,7 @@ func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Appli } mergeGen, err := getMergeGenerator(appSetBaseGenerator) if err != nil { - return nil, fmt.Errorf("error retrieving merge generator: %w", err) + return nil, err } if mergeGen != nil && !appSet.Spec.ApplyNestedSelectors { foundSelector := dropDisabledNestedSelectors(mergeGen.Generators) diff --git a/applicationset/generators/merge.go b/applicationset/generators/merge.go index 48ac2596ef0d9..6d79925e5d61a 100644 --- a/applicationset/generators/merge.go +++ b/applicationset/generators/merge.go @@ -38,10 +38,10 @@ func NewMergeGenerator(supportedGenerators map[string]Generator) Generator { // in slices ordered according to the order of the given generators. func (m *MergeGenerator) getParamSetsForAllGenerators(generators []argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([][]map[string]interface{}, error) { var paramSets [][]map[string]interface{} - for i, generator := range generators { + for _, generator := range generators { generatorParamSets, err := m.getParams(generator, appSet) if err != nil { - return nil, fmt.Errorf("error getting params from generator %d of %d: %w", i+1, len(generators), err) + return nil, err } // concatenate param lists produced by each generator paramSets = append(paramSets, generatorParamSets) @@ -61,18 +61,18 @@ func (m *MergeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appl paramSetsFromGenerators, err := m.getParamSetsForAllGenerators(appSetGenerator.Merge.Generators, appSet) if err != nil { - return nil, fmt.Errorf("error getting param sets from generators: %w", err) + return nil, err } baseParamSetsByMergeKey, err := getParamSetsByMergeKey(appSetGenerator.Merge.MergeKeys, paramSetsFromGenerators[0]) if err != nil { - return nil, fmt.Errorf("error getting param sets by merge key: %w", err) + return nil, err } for _, paramSets := range paramSetsFromGenerators[1:] { paramSetsByMergeKey, err := getParamSetsByMergeKey(appSetGenerator.Merge.MergeKeys, paramSets) if err != nil { - return nil, fmt.Errorf("error getting param sets by merge key: %w", err) + return nil, err } for mergeKeyValue, baseParamSet := range baseParamSetsByMergeKey { @@ -80,13 +80,13 @@ func (m *MergeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appl if appSet.Spec.GoTemplate { if err := mergo.Merge(&baseParamSet, overrideParamSet, mergo.WithOverride); err != nil { - return nil, fmt.Errorf("error merging base param set with override param set: %w", err) + return nil, fmt.Errorf("failed to merge base param set with override param set: %w", err) } baseParamSetsByMergeKey[mergeKeyValue] = baseParamSet } else { overriddenParamSet, err := utils.CombineStringMapsAllowDuplicates(baseParamSet, overrideParamSet) if err != nil { - return nil, fmt.Errorf("error combining string maps: %w", err) + return nil, err } baseParamSetsByMergeKey[mergeKeyValue] = utils.ConvertToMapStringInterface(overriddenParamSet) } @@ -125,7 +125,7 @@ func getParamSetsByMergeKey(mergeKeys []string, paramSets []map[string]interface } paramSetKeyJson, err := json.Marshal(paramSetKey) if err != nil { - return nil, fmt.Errorf("error marshalling param set key json: %w", err) + return nil, err } paramSetKeyString := string(paramSetKeyJson) if _, exists := paramSetsByMergeKey[paramSetKeyString]; exists { @@ -234,7 +234,7 @@ func getMergeGenerator(r argoprojiov1alpha1.ApplicationSetNestedGenerator) (*arg } merge, err := argoprojiov1alpha1.ToNestedMergeGenerator(r.Merge) if err != nil { - return nil, fmt.Errorf("error converting to nested merge generator: %w", err) + return nil, err } return merge.ToMergeGenerator(), nil } diff --git a/applicationset/generators/plugin.go b/applicationset/generators/plugin.go index e0acca0622cdc..9876d0ff93a2a 100644 --- a/applicationset/generators/plugin.go +++ b/applicationset/generators/plugin.go @@ -71,7 +71,7 @@ func (g *PluginGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App pluginClient, err := g.getPluginFromGenerator(ctx, applicationSetInfo.Name, providerConfig) if err != nil { - return nil, fmt.Errorf("error getting plugin from generator: %w", err) + return nil, err } list, err := pluginClient.List(ctx, providerConfig.Input.Parameters) @@ -81,7 +81,7 @@ func (g *PluginGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App res, err := g.generateParams(appSetGenerator, applicationSetInfo, list.Output.Parameters, appSetGenerator.Plugin.Input.Parameters, applicationSetInfo.Spec.GoTemplate) if err != nil { - return nil, fmt.Errorf("error generating params: %w", err) + return nil, err } return res, nil @@ -108,7 +108,7 @@ func (g *PluginGenerator) getPluginFromGenerator(ctx context.Context, appSetName pluginClient, err := plugin.NewPluginService(ctx, appSetName, cm["baseUrl"], token, requestTimeout) if err != nil { - return nil, fmt.Errorf("error initializing plugin client: %w", err) + return nil, err } return pluginClient, nil } diff --git a/applicationset/generators/plugin_test.go b/applicationset/generators/plugin_test.go index 9611a2cbf14c1..19f53a90b9442 100644 --- a/applicationset/generators/plugin_test.go +++ b/applicationset/generators/plugin_test.go @@ -475,7 +475,7 @@ func TestPluginGenerateParams(t *testing.T) { }, }, }, - expectedError: fmt.Errorf("error getting plugin from generator: error fetching Secret token: error fetching secret default/argocd-secret: secrets \"argocd-secret\" not found"), + expectedError: fmt.Errorf("error fetching Secret token: error fetching secret default/argocd-secret: secrets \"argocd-secret\" not found"), }, { name: "no configmap", @@ -522,7 +522,7 @@ func TestPluginGenerateParams(t *testing.T) { }, }, }, - expectedError: fmt.Errorf("error getting plugin from generator: error fetching ConfigMap: configmaps \"\" not found"), + expectedError: fmt.Errorf("error fetching ConfigMap: configmaps \"\" not found"), }, { name: "no baseUrl", @@ -577,7 +577,7 @@ func TestPluginGenerateParams(t *testing.T) { }, }, }, - expectedError: fmt.Errorf("error getting plugin from generator: error fetching ConfigMap: baseUrl not found in ConfigMap"), + expectedError: fmt.Errorf("error fetching ConfigMap: baseUrl not found in ConfigMap"), }, { name: "no token", @@ -624,7 +624,7 @@ func TestPluginGenerateParams(t *testing.T) { }, }, }, - expectedError: fmt.Errorf("error getting plugin from generator: error fetching ConfigMap: token not found in ConfigMap"), + expectedError: fmt.Errorf("error fetching ConfigMap: token not found in ConfigMap"), }, } diff --git a/applicationset/generators/pull_request_test.go b/applicationset/generators/pull_request_test.go index 72017f522946e..b5b8dced1dbab 100644 --- a/applicationset/generators/pull_request_test.go +++ b/applicationset/generators/pull_request_test.go @@ -27,7 +27,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { return pullrequest.NewFakeService( ctx, []*pullrequest.PullRequest{ - { + &pullrequest.PullRequest{ Number: 1, Branch: "branch1", TargetBranch: "master", @@ -56,7 +56,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { return pullrequest.NewFakeService( ctx, []*pullrequest.PullRequest{ - { + &pullrequest.PullRequest{ Number: 2, Branch: "feat/areally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", TargetBranch: "feat/anotherreally+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", @@ -85,7 +85,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { return pullrequest.NewFakeService( ctx, []*pullrequest.PullRequest{ - { + &pullrequest.PullRequest{ Number: 1, Branch: "a-very-short-sha", TargetBranch: "master", @@ -125,7 +125,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { return pullrequest.NewFakeService( ctx, []*pullrequest.PullRequest{ - { + &pullrequest.PullRequest{ Number: 1, Branch: "branch1", TargetBranch: "master", @@ -162,7 +162,7 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { return pullrequest.NewFakeService( ctx, []*pullrequest.PullRequest{ - { + &pullrequest.PullRequest{ Number: 1, Branch: "branch1", TargetBranch: "master", diff --git a/applicationset/generators/scm_provider.go b/applicationset/generators/scm_provider.go index 69e45a3f40834..67ea279b3fb39 100644 --- a/applicationset/generators/scm_provider.go +++ b/applicationset/generators/scm_provider.go @@ -118,7 +118,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if err != nil { return nil, fmt.Errorf("error fetching Gitlab token: %v", err) } - provider, err = scm_provider.NewGitlabProvider(ctx, providerConfig.Gitlab.Group, token, providerConfig.Gitlab.API, providerConfig.Gitlab.AllBranches, providerConfig.Gitlab.IncludeSubgroups, providerConfig.Gitlab.WillIncludeSharedProjects(), providerConfig.Gitlab.Insecure, g.scmRootCAPath) + provider, err = scm_provider.NewGitlabProvider(ctx, providerConfig.Gitlab.Group, token, providerConfig.Gitlab.API, providerConfig.Gitlab.AllBranches, providerConfig.Gitlab.IncludeSubgroups, providerConfig.Gitlab.Insecure, g.scmRootCAPath) if err != nil { return nil, fmt.Errorf("error initializing Gitlab service: %v", err) } diff --git a/applicationset/generators/scm_provider_test.go b/applicationset/generators/scm_provider_test.go index 4dcb8fdf3ce6f..cfe16b115f6e2 100644 --- a/applicationset/generators/scm_provider_test.go +++ b/applicationset/generators/scm_provider_test.go @@ -108,26 +108,26 @@ func TestSCMProviderGenerateParams(t *testing.T) { }, expected: []map[string]interface{}{ { - "organization": "myorg", - "repository": "repo1", - "url": "git@github.com:myorg/repo1.git", - "branch": "main", + "organization": "myorg", + "repository": "repo1", + "url": "git@github.com:myorg/repo1.git", + "branch": "main", "branchNormalized": "main", - "sha": "0bc57212c3cbbec69d20b34c507284bd300def5b", - "short_sha": "0bc57212", - "short_sha_7": "0bc5721", - "labels": "prod,staging", + "sha": "0bc57212c3cbbec69d20b34c507284bd300def5b", + "short_sha": "0bc57212", + "short_sha_7": "0bc5721", + "labels": "prod,staging", }, { - "organization": "myorg", - "repository": "repo2", - "url": "git@github.com:myorg/repo2.git", - "branch": "main", + "organization": "myorg", + "repository": "repo2", + "url": "git@github.com:myorg/repo2.git", + "branch": "main", "branchNormalized": "main", - "sha": "59d0", - "short_sha": "59d0", - "short_sha_7": "59d0", - "labels": "", + "sha": "59d0", + "short_sha": "59d0", + "short_sha_7": "59d0", + "labels": "", }, }, }, diff --git a/applicationset/services/pull_request/gitea_test.go b/applicationset/services/pull_request/gitea_test.go index 125c8ee481b3a..c450a40a268b6 100644 --- a/applicationset/services/pull_request/gitea_test.go +++ b/applicationset/services/pull_request/gitea_test.go @@ -269,9 +269,9 @@ func TestGetGiteaPRLabelNames(t *testing.T) { { Name: "PR has labels", PullLabels: []*gitea.Label{ - {Name: "label1"}, - {Name: "label2"}, - {Name: "label3"}, + &gitea.Label{Name: "label1"}, + &gitea.Label{Name: "label2"}, + &gitea.Label{Name: "label3"}, }, ExpectedResult: []string{"label1", "label2", "label3"}, }, diff --git a/applicationset/services/pull_request/github_test.go b/applicationset/services/pull_request/github_test.go index c47031acb7e31..4c89404c09a6a 100644 --- a/applicationset/services/pull_request/github_test.go +++ b/applicationset/services/pull_request/github_test.go @@ -22,9 +22,9 @@ func TestContainLabels(t *testing.T) { Name: "Match labels", Labels: []string{"label1", "label2"}, PullLabels: []*github.Label{ - {Name: toPtr("label1")}, - {Name: toPtr("label2")}, - {Name: toPtr("label3")}, + &github.Label{Name: toPtr("label1")}, + &github.Label{Name: toPtr("label2")}, + &github.Label{Name: toPtr("label3")}, }, Expect: true, }, @@ -32,9 +32,9 @@ func TestContainLabels(t *testing.T) { Name: "Not match labels", Labels: []string{"label1", "label4"}, PullLabels: []*github.Label{ - {Name: toPtr("label1")}, - {Name: toPtr("label2")}, - {Name: toPtr("label3")}, + &github.Label{Name: toPtr("label1")}, + &github.Label{Name: toPtr("label2")}, + &github.Label{Name: toPtr("label3")}, }, Expect: false, }, @@ -42,9 +42,9 @@ func TestContainLabels(t *testing.T) { Name: "No specify", Labels: []string{}, PullLabels: []*github.Label{ - {Name: toPtr("label1")}, - {Name: toPtr("label2")}, - {Name: toPtr("label3")}, + &github.Label{Name: toPtr("label1")}, + &github.Label{Name: toPtr("label2")}, + &github.Label{Name: toPtr("label3")}, }, Expect: true, }, @@ -68,9 +68,9 @@ func TestGetGitHubPRLabelNames(t *testing.T) { { Name: "PR has labels", PullLabels: []*github.Label{ - {Name: toPtr("label1")}, - {Name: toPtr("label2")}, - {Name: toPtr("label3")}, + &github.Label{Name: toPtr("label1")}, + &github.Label{Name: toPtr("label2")}, + &github.Label{Name: toPtr("label3")}, }, ExpectedResult: []string{"label1", "label2", "label3"}, }, diff --git a/applicationset/services/repo_service.go b/applicationset/services/repo_service.go index 8ad261fda11cd..6697756a54af1 100644 --- a/applicationset/services/repo_service.go +++ b/applicationset/services/repo_service.go @@ -58,13 +58,13 @@ func (a *argoCDService) GetFiles(ctx context.Context, repoURL string, revision s } closer, client, err := a.repoServerClientSet.NewRepoServerClient() if err != nil { - return nil, fmt.Errorf("error initialising new repo server client: %w", err) + return nil, err } defer io.Close(closer) fileResponse, err := client.GetGitFiles(ctx, fileRequest) if err != nil { - return nil, fmt.Errorf("error retrieving Git files: %w", err) + return nil, err } return fileResponse.GetMap(), nil } @@ -83,13 +83,13 @@ func (a *argoCDService) GetDirectories(ctx context.Context, repoURL string, revi closer, client, err := a.repoServerClientSet.NewRepoServerClient() if err != nil { - return nil, fmt.Errorf("error initialising new repo server client: %w", err) + return nil, err } defer io.Close(closer) dirResponse, err := client.GetGitDirectories(ctx, dirRequest) if err != nil { - return nil, fmt.Errorf("error retrieving Git Directories: %w", err) + return nil, err } return dirResponse.GetPaths(), nil diff --git a/applicationset/services/scm_provider/bitbucket_cloud_test.go b/applicationset/services/scm_provider/bitbucket_cloud_test.go index fca03e1693ade..359eac17e3f11 100644 --- a/applicationset/services/scm_provider/bitbucket_cloud_test.go +++ b/applicationset/services/scm_provider/bitbucket_cloud_test.go @@ -5,6 +5,7 @@ import ( "fmt" "net/http" "net/http/httptest" + "os" "testing" "github.com/stretchr/testify/assert" @@ -61,7 +62,7 @@ func TestBitbucketHasRepo(t *testing.T) { })) defer func() { testServer.Close() }() - t.Setenv("BITBUCKET_API_BASE_URL", testServer.URL) + os.Setenv("BITBUCKET_API_BASE_URL", testServer.URL) cases := []struct { name, path, repo, owner, sha string status int @@ -448,7 +449,7 @@ func TestBitbucketListRepos(t *testing.T) { })) defer func() { testServer.Close() }() - t.Setenv("BITBUCKET_API_BASE_URL", testServer.URL) + os.Setenv("BITBUCKET_API_BASE_URL", testServer.URL) cases := []struct { name, proto, owner string hasError, allBranches bool diff --git a/applicationset/services/scm_provider/gitlab.go b/applicationset/services/scm_provider/gitlab.go index b759f0fbec91e..ac3d5668d327c 100644 --- a/applicationset/services/scm_provider/gitlab.go +++ b/applicationset/services/scm_provider/gitlab.go @@ -13,16 +13,15 @@ import ( ) type GitlabProvider struct { - client *gitlab.Client - organization string - allBranches bool - includeSubgroups bool - includeSharedProjects bool + client *gitlab.Client + organization string + allBranches bool + includeSubgroups bool } var _ SCMProviderService = &GitlabProvider{} -func NewGitlabProvider(ctx context.Context, organization string, token string, url string, allBranches, includeSubgroups, includeSharedProjects, insecure bool, scmRootCAPath string) (*GitlabProvider, error) { +func NewGitlabProvider(ctx context.Context, organization string, token string, url string, allBranches, includeSubgroups, insecure bool, scmRootCAPath string) (*GitlabProvider, error) { // Undocumented environment variable to set a default token, to be used in testing to dodge anonymous rate limits. if token == "" { token = os.Getenv("GITLAB_TOKEN") @@ -48,8 +47,7 @@ func NewGitlabProvider(ctx context.Context, organization string, token string, u return nil, err } } - - return &GitlabProvider{client: client, organization: organization, allBranches: allBranches, includeSubgroups: includeSubgroups, includeSharedProjects: includeSharedProjects}, nil + return &GitlabProvider{client: client, organization: organization, allBranches: allBranches, includeSubgroups: includeSubgroups}, nil } func (g *GitlabProvider) GetBranches(ctx context.Context, repo *Repository) ([]*Repository, error) { @@ -77,9 +75,7 @@ func (g *GitlabProvider) ListRepos(ctx context.Context, cloneProtocol string) ([ opt := &gitlab.ListGroupProjectsOptions{ ListOptions: gitlab.ListOptions{PerPage: 100}, IncludeSubGroups: &g.includeSubgroups, - WithShared: &g.includeSharedProjects, } - repos := []*Repository{} for { gitlabRepos, resp, err := g.client.Groups.ListGroupProjects(g.organization, opt) diff --git a/applicationset/services/scm_provider/gitlab_test.go b/applicationset/services/scm_provider/gitlab_test.go index 5b284d90f0420..6611669ba4941 100644 --- a/applicationset/services/scm_provider/gitlab_test.go +++ b/applicationset/services/scm_provider/gitlab_test.go @@ -19,7 +19,7 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { switch r.RequestURI { case "/api/v4": fmt.Println("here1") - case "/api/v4/groups/test-argocd-proton/projects?include_subgroups=false&per_page=100", "/api/v4/groups/test-argocd-proton/projects?include_subgroups=false&per_page=100&with_shared=false": + case "/api/v4/groups/test-argocd-proton/projects?include_subgroups=false&per_page=100": fmt.Println("here") _, err := io.WriteString(w, `[{ "id": 27084533, @@ -143,501 +143,6 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { if err != nil { t.Fail() } - case "/api/v4/groups/test-argocd-proton/projects?include_subgroups=true&per_page=100&with_shared=false": - fmt.Println("here") - _, err := io.WriteString(w, `[{ - "id": 27084533, - "description": "", - "name": "argocd", - "name_with_namespace": "test argocd proton / argocd", - "path": "argocd", - "path_with_namespace": "test-argocd-proton/argocd", - "created_at": "2021-06-01T17:30:44.724Z", - "default_branch": "master", - "tag_list": [], - "topics": [], - "ssh_url_to_repo": "git@gitlab.com:test-argocd-proton/argocd.git", - "http_url_to_repo": "https://gitlab.com/test-argocd-proton/argocd.git", - "web_url": "https://gitlab.com/test-argocd-proton/argocd", - "readme_url": null, - "avatar_url": null, - "forks_count": 0, - "star_count": 0, - "last_activity_at": "2021-06-04T08:19:51.656Z", - "namespace": { - "id": 12258515, - "name": "test argocd proton", - "path": "test-argocd-proton", - "kind": "gro* Connection #0 to host gitlab.com left intact up ", - "full_path ": "test - argocd - proton ", - "parent_id ": null, - "avatar_url ": null, - "web_url ": "https: //gitlab.com/groups/test-argocd-proton" - }, - "container_registry_image_prefix": "registry.gitlab.com/test-argocd-proton/argocd", - "_links": { - "self": "https://gitlab.com/api/v4/projects/27084533", - "issues": "https://gitlab.com/api/v4/projects/27084533/issues", - "merge_requests": "https://gitlab.com/api/v4/projects/27084533/merge_requests", - "repo_branches": "https://gitlab.com/api/v4/projects/27084533/repository/branches", - "labels": "https://gitlab.com/api/v4/projects/27084533/labels", - "events": "https://gitlab.com/api/v4/projects/27084533/events", - "members": "https://gitlab.com/api/v4/projects/27084533/members", - "cluster_agents": "https://gitlab.com/api/v4/projects/27084533/cluster_agents" - }, - "packages_enabled": true, - "empty_repo": false, - "archived": false, - "visibility": "public", - "resolve_outdated_diff_discussions": false, - "container_expiration_policy": { - "cadence": "1d", - "enabled": false, - "keep_n": 10, - "older_than": "90d", - "name_regex": ".*", - "name_regex_keep": null, - "next_run_at": "2021-06-02T17:30:44.740Z" - }, - "issues_enabled": true, - "merge_requests_enabled": true, - "wiki_enabled": true, - "jobs_enabled": true, - "snippets_enabled": true, - "container_registry_enabled": true, - "service_desk_enabled": true, - "can_create_merge_request_in": false, - "issues_access_level": "enabled", - "repository_access_level": "enabled", - "merge_requests_access_level": "enabled", - "forking_access_level": "enabled", - "wiki_access_level": "enabled", - "builds_access_level": "enabled", - "snippets_access_level": "enabled", - "pages_access_level": "enabled", - "operations_access_level": "enabled", - "analytics_access_level": "enabled", - "container_registry_access_level": "enabled", - "security_and_compliance_access_level": "private", - "emails_disabled": null, - "shared_runners_enabled": true, - "lfs_enabled": true, - "creator_id": 2378866, - "import_status": "none", - "open_issues_count": 0, - "ci_default_git_depth": 50, - "ci_forward_deployment_enabled": true, - "ci_job_token_scope_enabled": false, - "public_jobs": true, - "build_timeout": 3600, - "auto_cancel_pending_pipelines": "enabled", - "ci_config_path": "", - "shared_with_groups": [], - "only_allow_merge_if_pipeline_succeeds": false, - "allow_merge_on_skipped_pipeline": null, - "restrict_user_defined_variables": false, - "request_access_enabled": true, - "only_allow_merge_if_all_discussions_are_resolved": false, - "remove_source_branch_after_merge": true, - "printing_merge_request_link_enabled": true, - "merge_method": "merge", - "squash_option": "default_off", - "suggestion_commit_message": null, - "merge_commit_template": null, - "squash_commit_template": null, - "auto_devops_enabled": false, - "auto_devops_deploy_strategy": "continuous", - "autoclose_referenced_issues": true, - "keep_latest_artifact": true, - "runner_token_expiration_interval": null, - "approvals_before_merge": 0, - "mirror": false, - "external_authorization_classification_label": "", - "marked_for_deletion_at": null, - "marked_for_deletion_on": null, - "requirements_enabled": true, - "requirements_access_level": "enabled", - "security_and_compliance_enabled": false, - "compliance_frameworks": [], - "issues_template": null, - "merge_requests_template": null, - "merge_pipelines_enabled": false, - "merge_trains_enabled": false - }, - { - "id": 27084538, - "description": "This is a Project from a Subgroup", - "name": "argocd-subgroup", - "name_with_namespace": "test argocd proton / subgroup / argocd-subgroup", - "path": "argocd-subgroup", - "path_with_namespace": "test-argocd-proton/subgroup/argocd-subgroup", - "created_at": "2021-06-01T17:30:44.724Z", - "default_branch": "master", - "tag_list": [], - "topics": [], - "ssh_url_to_repo": "git@gitlab.com:test-argocd-proton/subgroup/argocd-subgroup.git", - "http_url_to_repo": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup.git", - "web_url": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup", - "readme_url": null, - "avatar_url": null, - "forks_count": 0, - "star_count": 0, - "last_activity_at": "2021-06-04T08:19:51.656Z", - "namespace": { - "id": 12258542, - "name": "subgroup", - "path": "subgroup", - "kind": "group ", - "full_path ": "test-argocd-proton/subgroup", - "parent_id ": 12258515, - "avatar_url ": null, - "web_url ": "https: //gitlab.com/groups/test-argocd-proton/subgroup" - }, - "container_registry_image_prefix": "registry.gitlab.com/test-argocd-proton/subgroup/argocd", - "_links": { - "self": "https://gitlab.com/api/v4/projects/27084538", - "issues": "https://gitlab.com/api/v4/projects/27084538/issues", - "merge_requests": "https://gitlab.com/api/v4/projects/27084538/merge_requests", - "repo_branches": "https://gitlab.com/api/v4/projects/27084538/repository/branches", - "labels": "https://gitlab.com/api/v4/projects/27084538/labels", - "events": "https://gitlab.com/api/v4/projects/27084538/events", - "members": "https://gitlab.com/api/v4/projects/27084538/members", - "cluster_agents": "https://gitlab.com/api/v4/projects/27084538/cluster_agents" - }, - "packages_enabled": true, - "empty_repo": false, - "archived": false, - "visibility": "public", - "resolve_outdated_diff_discussions": false, - "container_expiration_policy": { - "cadence": "1d", - "enabled": false, - "keep_n": 10, - "older_than": "90d", - "name_regex": ".*", - "name_regex_keep": null, - "next_run_at": "2021-06-02T17:30:44.740Z" - }, - "issues_enabled": true, - "merge_requests_enabled": true, - "wiki_enabled": true, - "jobs_enabled": true, - "snippets_enabled": true, - "container_registry_enabled": true, - "service_desk_enabled": true, - "can_create_merge_request_in": false, - "issues_access_level": "enabled", - "repository_access_level": "enabled", - "merge_requests_access_level": "enabled", - "forking_access_level": "enabled", - "wiki_access_level": "enabled", - "builds_access_level": "enabled", - "snippets_access_level": "enabled", - "pages_access_level": "enabled", - "operations_access_level": "enabled", - "analytics_access_level": "enabled", - "container_registry_access_level": "enabled", - "security_and_compliance_access_level": "private", - "emails_disabled": null, - "shared_runners_enabled": true, - "lfs_enabled": true, - "creator_id": 2378866, - "import_status": "none", - "open_issues_count": 0, - "ci_default_git_depth": 50, - "ci_forward_deployment_enabled": true, - "ci_job_token_scope_enabled": false, - "public_jobs": true, - "build_timeout": 3600, - "auto_cancel_pending_pipelines": "enabled", - "ci_config_path": "", - "shared_with_groups": [], - "only_allow_merge_if_pipeline_succeeds": false, - "allow_merge_on_skipped_pipeline": null, - "restrict_user_defined_variables": false, - "request_access_enabled": true, - "only_allow_merge_if_all_discussions_are_resolved": false, - "remove_source_branch_after_merge": true, - "printing_merge_request_link_enabled": true, - "merge_method": "merge", - "squash_option": "default_off", - "suggestion_commit_message": null, - "merge_commit_template": null, - "squash_commit_template": null, - "auto_devops_enabled": false, - "auto_devops_deploy_strategy": "continuous", - "autoclose_referenced_issues": true, - "keep_latest_artifact": true, - "runner_token_expiration_interval": null, - "approvals_before_merge": 0, - "mirror": false, - "external_authorization_classification_label": "", - "marked_for_deletion_at": null, - "marked_for_deletion_on": null, - "requirements_enabled": true, - "requirements_access_level": "enabled", - "security_and_compliance_enabled": false, - "compliance_frameworks": [], - "issues_template": null, - "merge_requests_template": null, - "merge_pipelines_enabled": false, - "merge_trains_enabled": false - } - ]`) - if err != nil { - t.Fail() - } - case "/api/v4/groups/test-argocd-proton/projects?include_subgroups=true&per_page=100&with_shared=true": - fmt.Println("here") - _, err := io.WriteString(w, `[{ - "id": 27084533, - "description": "", - "name": "argocd", - "name_with_namespace": "test argocd proton / argocd", - "path": "argocd", - "path_with_namespace": "test-argocd-proton/argocd", - "created_at": "2021-06-01T17:30:44.724Z", - "default_branch": "master", - "tag_list": [], - "topics": [], - "ssh_url_to_repo": "git@gitlab.com:test-argocd-proton/argocd.git", - "http_url_to_repo": "https://gitlab.com/test-argocd-proton/argocd.git", - "web_url": "https://gitlab.com/test-argocd-proton/argocd", - "readme_url": null, - "avatar_url": null, - "forks_count": 0, - "star_count": 0, - "last_activity_at": "2021-06-04T08:19:51.656Z", - "namespace": { - "id": 12258515, - "name": "test argocd proton", - "path": "test-argocd-proton", - "kind": "gro* Connection #0 to host gitlab.com left intact up ", - "full_path ": "test - argocd - proton ", - "parent_id ": null, - "avatar_url ": null, - "web_url ": "https: //gitlab.com/groups/test-argocd-proton" - }, - "container_registry_image_prefix": "registry.gitlab.com/test-argocd-proton/argocd", - "_links": { - "self": "https://gitlab.com/api/v4/projects/27084533", - "issues": "https://gitlab.com/api/v4/projects/27084533/issues", - "merge_requests": "https://gitlab.com/api/v4/projects/27084533/merge_requests", - "repo_branches": "https://gitlab.com/api/v4/projects/27084533/repository/branches", - "labels": "https://gitlab.com/api/v4/projects/27084533/labels", - "events": "https://gitlab.com/api/v4/projects/27084533/events", - "members": "https://gitlab.com/api/v4/projects/27084533/members", - "cluster_agents": "https://gitlab.com/api/v4/projects/27084533/cluster_agents" - }, - "packages_enabled": true, - "empty_repo": false, - "archived": false, - "visibility": "public", - "resolve_outdated_diff_discussions": false, - "container_expiration_policy": { - "cadence": "1d", - "enabled": false, - "keep_n": 10, - "older_than": "90d", - "name_regex": ".*", - "name_regex_keep": null, - "next_run_at": "2021-06-02T17:30:44.740Z" - }, - "issues_enabled": true, - "merge_requests_enabled": true, - "wiki_enabled": true, - "jobs_enabled": true, - "snippets_enabled": true, - "container_registry_enabled": true, - "service_desk_enabled": true, - "can_create_merge_request_in": false, - "issues_access_level": "enabled", - "repository_access_level": "enabled", - "merge_requests_access_level": "enabled", - "forking_access_level": "enabled", - "wiki_access_level": "enabled", - "builds_access_level": "enabled", - "snippets_access_level": "enabled", - "pages_access_level": "enabled", - "operations_access_level": "enabled", - "analytics_access_level": "enabled", - "container_registry_access_level": "enabled", - "security_and_compliance_access_level": "private", - "emails_disabled": null, - "shared_runners_enabled": true, - "lfs_enabled": true, - "creator_id": 2378866, - "import_status": "none", - "open_issues_count": 0, - "ci_default_git_depth": 50, - "ci_forward_deployment_enabled": true, - "ci_job_token_scope_enabled": false, - "public_jobs": true, - "build_timeout": 3600, - "auto_cancel_pending_pipelines": "enabled", - "ci_config_path": "", - "shared_with_groups": [], - "only_allow_merge_if_pipeline_succeeds": false, - "allow_merge_on_skipped_pipeline": null, - "restrict_user_defined_variables": false, - "request_access_enabled": true, - "only_allow_merge_if_all_discussions_are_resolved": false, - "remove_source_branch_after_merge": true, - "printing_merge_request_link_enabled": true, - "merge_method": "merge", - "squash_option": "default_off", - "suggestion_commit_message": null, - "merge_commit_template": null, - "squash_commit_template": null, - "auto_devops_enabled": false, - "auto_devops_deploy_strategy": "continuous", - "autoclose_referenced_issues": true, - "keep_latest_artifact": true, - "runner_token_expiration_interval": null, - "approvals_before_merge": 0, - "mirror": false, - "external_authorization_classification_label": "", - "marked_for_deletion_at": null, - "marked_for_deletion_on": null, - "requirements_enabled": true, - "requirements_access_level": "enabled", - "security_and_compliance_enabled": false, - "compliance_frameworks": [], - "issues_template": null, - "merge_requests_template": null, - "merge_pipelines_enabled": false, - "merge_trains_enabled": false - }, - { - "id": 27084534, - "description": "This is a Shared Project", - "name": "shared-argocd", - "name_with_namespace": "shared project to test argocd proton / argocd", - "path": "shared-argocd", - "path_with_namespace": "test-shared-argocd-proton/shared-argocd", - "created_at": "2021-06-11T17:30:44.724Z", - "default_branch": "master", - "tag_list": [], - "topics": [], - "ssh_url_to_repo": "git@gitlab.com:test-shared-argocd-proton/shared-argocd.git", - "http_url_to_repo": "https://gitlab.com/test-shared-argocd-proton/shared-argocd.git", - "web_url": "https://gitlab.com/test-shared-argocd-proton/shared-argocd", - "readme_url": null, - "avatar_url": null, - "forks_count": 0, - "star_count": 0, - "last_activity_at": "2021-06-04T08:19:51.656Z", - "namespace": { - "id": 12258518, - "name": "test shared argocd proton", - "path": "test-shared-argocd-proton", - "kind": "group", - "full_path ": "test-shared-argocd-proton", - "parent_id ": null, - "avatar_url ": null, - "web_url ": "https: //gitlab.com/groups/test-shared-argocd-proton" - }, - "container_registry_image_prefix": "registry.gitlab.com/test-shared-argocd-proton/shared-argocd", - "_links": { - "self": "https://gitlab.com/api/v4/projects/27084534", - "issues": "https://gitlab.com/api/v4/projects/27084534/issues", - "merge_requests": "https://gitlab.com/api/v4/projects/27084534/merge_requests", - "repo_branches": "https://gitlab.com/api/v4/projects/27084534/repository/branches", - "labels": "https://gitlab.com/api/v4/projects/27084534/labels", - "events": "https://gitlab.com/api/v4/projects/27084534/events", - "members": "https://gitlab.com/api/v4/projects/27084534/members", - "cluster_agents": "https://gitlab.com/api/v4/projects/27084534/cluster_agents" - }, - "packages_enabled": true, - "empty_repo": false, - "archived": false, - "visibility": "public", - "resolve_outdated_diff_discussions": false, - "container_expiration_policy": { - "cadence": "1d", - "enabled": false, - "keep_n": 10, - "older_than": "90d", - "name_regex": ".*", - "name_regex_keep": null, - "next_run_at": "2021-06-12T17:30:44.740Z" - }, - "issues_enabled": true, - "merge_requests_enabled": true, - "wiki_enabled": true, - "jobs_enabled": true, - "snippets_enabled": true, - "container_registry_enabled": true, - "service_desk_enabled": true, - "can_create_merge_request_in": false, - "issues_access_level": "enabled", - "repository_access_level": "enabled", - "merge_requests_access_level": "enabled", - "forking_access_level": "enabled", - "wiki_access_level": "enabled", - "builds_access_level": "enabled", - "snippets_access_level": "enabled", - "pages_access_level": "enabled", - "operations_access_level": "enabled", - "analytics_access_level": "enabled", - "container_registry_access_level": "enabled", - "security_and_compliance_access_level": "private", - "emails_disabled": null, - "shared_runners_enabled": true, - "lfs_enabled": true, - "creator_id": 2378866, - "import_status": "none", - "open_issues_count": 0, - "ci_default_git_depth": 50, - "ci_forward_deployment_enabled": true, - "ci_job_token_scope_enabled": false, - "public_jobs": true, - "build_timeout": 3600, - "auto_cancel_pending_pipelines": "enabled", - "ci_config_path": "", - "shared_with_groups": [ - { - "group_id": 12258515, - "group_name": "test-argocd-proton", - "group_full_path": "test-shared-argocd-proton", - "group_access_level": 30, - "expires_at": null - } - ], - "only_allow_merge_if_pipeline_succeeds": false, - "allow_merge_on_skipped_pipeline": null, - "restrict_user_defined_variables": false, - "request_access_enabled": true, - "only_allow_merge_if_all_discussions_are_resolved": false, - "remove_source_branch_after_merge": true, - "printing_merge_request_link_enabled": true, - "merge_method": "merge", - "squash_option": "default_off", - "suggestion_commit_message": null, - "merge_commit_template": null, - "squash_commit_template": null, - "auto_devops_enabled": false, - "auto_devops_deploy_strategy": "continuous", - "autoclose_referenced_issues": true, - "keep_latest_artifact": true, - "runner_token_expiration_interval": null, - "approvals_before_merge": 0, - "mirror": false, - "external_authorization_classification_label": "", - "marked_for_deletion_at": null, - "marked_for_deletion_on": null, - "requirements_enabled": true, - "requirements_access_level": "enabled", - "security_and_compliance_enabled": false, - "compliance_frameworks": [], - "issues_template": null, - "merge_requests_template": null, - "merge_pipelines_enabled": false, - "merge_trains_enabled": false - }]`) - if err != nil { - t.Fail() - } case "/api/v4/projects/27084533/repository/branches/master": fmt.Println("returning") _, err := io.WriteString(w, `{ @@ -724,116 +229,6 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { if err != nil { t.Fail() } - case "/api/v4/projects/27084534/repository/branches?per_page=100": - _, err := io.WriteString(w, `[{ - "name": "master", - "commit": { - "id": "8898d7999fc99dd0fd578650b58b244fc63f6b53", - "short_id": "8898d799", - "created_at": "2021-06-04T08:24:44.000+00:00", - "parent_ids": null, - "title": "Merge branch 'pipeline-1317911429' into 'master'", - "message": "Merge branch 'pipeline-1317911429' into 'master'", - "author_name": "Martin Vozník", - "author_email": "martin@voznik.cz", - "authored_date": "2021-06-04T08:24:44.000+00:00", - "committer_name": "Martin Vozník", - "committer_email": "martin@voznik.cz", - "committed_date": "2021-06-04T08:24:44.000+00:00", - "trailers": null, - "web_url": "https://gitlab.com/test-shared-argocd-proton/shared-argocd/-/commit/8898d7999fc99dd0fd578650b58b244fc63f6b53" - }, - "merged": false, - "protected": true, - "developers_can_push": false, - "developers_can_merge": false, - "can_push": false, - "default": true, - "web_url": "https://gitlab.com/test-shared-argocd-proton/shared-argocd/-/tree/master" - }, { - "name": "pipeline-2310077506", - "commit": { - "id": "0f92540e5f396ba960adea4ed0aa905baf3f73d1", - "short_id": "0f92540e", - "created_at": "2021-06-01T18:39:59.000+00:00", - "parent_ids": null, - "title": "[testapp-ci] manifests/demo/test-app.yaml: release v1.0.1", - "message": "[testapp-ci] manifests/demo/test-app.yaml: release v1.0.1", - "author_name": "ci-test-app", - "author_email": "mvoznik+cicd@protonmail.com", - "authored_date": "2021-06-01T18:39:59.000+00:00", - "committer_name": "ci-test-app", - "committer_email": "mvoznik+cicd@protonmail.com", - "committed_date": "2021-06-01T18:39:59.000+00:00", - "trailers": null, - "web_url": "https://gitlab.com/test-shared-argocd-proton/shared-argocd/-/commit/0f92540e5f396ba960adea4ed0aa905baf3f73d1" - }, - "merged": false, - "protected": false, - "developers_can_push": false, - "developers_can_merge": false, - "can_push": false, - "default": false, - "web_url": "https://gitlab.com/test-shared-argocd-proton/shared-argocd/-/tree/pipeline-1310077506" - }]`) - if err != nil { - t.Fail() - } - case "/api/v4/projects/27084538/repository/branches?per_page=100": - _, err := io.WriteString(w, `[{ - "name": "master", - "commit": { - "id": "8898d7999fc99dd0fd578650b58b244fc63f6b58", - "short_id": "8898d801", - "created_at": "2021-06-04T08:24:44.000+00:00", - "parent_ids": null, - "title": "Merge branch 'pipeline-1317911429' into 'master'", - "message": "Merge branch 'pipeline-1317911429' into 'master'", - "author_name": "Martin Vozník", - "author_email": "martin@voznik.cz", - "authored_date": "2021-06-04T08:24:44.000+00:00", - "committer_name": "Martin Vozník", - "committer_email": "martin@voznik.cz", - "committed_date": "2021-06-04T08:24:44.000+00:00", - "trailers": null, - "web_url": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup/-/commit/8898d7999fc99dd0fd578650b58b244fc63f6b53" - }, - "merged": false, - "protected": true, - "developers_can_push": false, - "developers_can_merge": false, - "can_push": false, - "default": true, - "web_url": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup/-/tree/master" - }, { - "name": "pipeline-2310077506", - "commit": { - "id": "0f92540e5f396ba960adea4ed0aa905baf3f73d1", - "short_id": "0f92540e", - "created_at": "2021-06-01T18:39:59.000+00:00", - "parent_ids": null, - "title": "[testapp-ci] manifests/demo/test-app.yaml: release v1.0.1", - "message": "[testapp-ci] manifests/demo/test-app.yaml: release v1.0.1", - "author_name": "ci-test-app", - "author_email": "mvoznik+cicd@protonmail.com", - "authored_date": "2021-06-01T18:39:59.000+00:00", - "committer_name": "ci-test-app", - "committer_email": "mvoznik+cicd@protonmail.com", - "committed_date": "2021-06-01T18:39:59.000+00:00", - "trailers": null, - "web_url": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup/-/commit/0f92540e5f396ba960adea4ed0aa905baf3f73d1" - }, - "merged": false, - "protected": false, - "developers_can_push": false, - "developers_can_merge": false, - "can_push": false, - "default": false, - "web_url": "https://gitlab.com/test-argocd-proton/subgroup/argocd-subgroup/-/tree/pipeline-1310077506" - }]`) - if err != nil { - t.Fail() - } case "/api/v4/projects/test-argocd-proton%2Fargocd": fmt.Println("auct") _, err := io.WriteString(w, `{ @@ -891,10 +286,10 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { } func TestGitlabListRepos(t *testing.T) { cases := []struct { - name, proto, url string - hasError, allBranches, includeSubgroups, includeSharedProjects, insecure bool - branches []string - filters []v1alpha1.SCMProviderGeneratorFilter + name, proto, url string + hasError, allBranches, includeSubgroups, insecure bool + branches []string + filters []v1alpha1.SCMProviderGeneratorFilter }{ { name: "blank protocol", @@ -922,54 +317,32 @@ func TestGitlabListRepos(t *testing.T) { url: "git@gitlab.com:test-argocd-proton/argocd.git", branches: []string{"master"}, }, - { - name: "all subgroups", - allBranches: true, - url: "git@gitlab.com:test-argocd-proton/argocd.git", - branches: []string{"master"}, - includeSharedProjects: false, - includeSubgroups: true, - }, - { - name: "all subgroups and shared projects", - allBranches: true, - url: "git@gitlab.com:test-argocd-proton/argocd.git", - branches: []string{"master"}, - includeSharedProjects: true, - includeSubgroups: true, - }, } ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { gitlabMockHandler(t)(w, r) })) for _, c := range cases { t.Run(c.name, func(t *testing.T) { - provider, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, c.allBranches, c.includeSubgroups, c.includeSharedProjects, c.insecure, "") + provider, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, c.allBranches, c.includeSubgroups, c.insecure, "") rawRepos, err := ListRepos(context.Background(), provider, c.filters, c.proto) if c.hasError { assert.NotNil(t, err) } else { assert.Nil(t, err) - // Just check that this one project shows up. Not a great test but better than nothing? + // Just check that this one project shows up. Not a great test but better thing nothing? repos := []*Repository{} - uniqueRepos := map[string]int{} branches := []string{} for _, r := range rawRepos { if r.Repository == "argocd" { repos = append(repos, r) branches = append(branches, r.Branch) } - uniqueRepos[r.Repository]++ } assert.NotEmpty(t, repos) assert.Equal(t, c.url, repos[0].URL) for _, b := range c.branches { assert.Contains(t, branches, b) } - // In case of listing subgroups, validate the number of returned projects - if c.includeSubgroups || c.includeSharedProjects { - assert.Equal(t, 2, len(uniqueRepos)) - } } }) } @@ -979,7 +352,7 @@ func TestGitlabHasPath(t *testing.T) { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { gitlabMockHandler(t)(w, r) })) - host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "") + host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, false, "") repo := &Repository{ Organization: "test-argocd-proton", Repository: "argocd", @@ -1025,7 +398,7 @@ func TestGitlabGetBranches(t *testing.T) { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { gitlabMockHandler(t)(w, r) })) - host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, true, false, "") + host, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, false, true, false, "") repo := &Repository{ RepositoryId: 27084533, diff --git a/applicationset/webhook/webhook.go b/applicationset/webhook/webhook.go index 22ac065f00b30..f1dd5b5ebb0eb 100644 --- a/applicationset/webhook/webhook.go +++ b/applicationset/webhook/webhook.go @@ -19,9 +19,9 @@ import ( "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" argosettings "github.com/argoproj/argo-cd/v2/util/settings" - "github.com/go-playground/webhooks/v6/github" - "github.com/go-playground/webhooks/v6/gitlab" log "github.com/sirupsen/logrus" + "gopkg.in/go-playground/webhooks.v5/github" + "gopkg.in/go-playground/webhooks.v5/gitlab" ) type WebhookHandler struct { diff --git a/assets/embed.go b/assets/embed.go index ac148cafd3de6..8095b0f282df3 100644 --- a/assets/embed.go +++ b/assets/embed.go @@ -3,6 +3,5 @@ package assets import "embed" // Embedded contains embedded assets -// //go:embed * var Embedded embed.FS diff --git a/assets/swagger.json b/assets/swagger.json index 7fda4caeea71c..1c724f649504d 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -5654,8 +5654,19 @@ }, "v1Time": { "description": "Time is a wrapper around time.Time which supports correct\nmarshaling to YAML and JSON. Wrappers are provided for many\nof the factory methods that the time package offers.\n\n+protobuf.options.marshal=false\n+protobuf.as=Timestamp\n+protobuf.options.(gogoproto.goproto_stringer)=false", - "type": "string", - "format": "date-time" + "type": "object", + "properties": { + "nanos": { + "description": "Non-negative fractions of a second at nanosecond resolution. Negative\nsecond values with fractions must still have non-negative nanos values\nthat count forward in time. Must be from 0 to 999,999,999\ninclusive. This field may be limited in precision depending on context.", + "type": "integer", + "format": "int32" + }, + "seconds": { + "description": "Represents seconds of UTC time since Unix epoch\n1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to\n9999-12-31T23:59:59Z inclusive.", + "type": "string", + "format": "int64" + } + } }, "v1alpha1AWSAuthConfig": { "type": "object", @@ -5841,16 +5852,16 @@ "title": "ApplicationDestination holds information about the application's destination", "properties": { "name": { - "description": "Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.", - "type": "string" + "type": "string", + "title": "Name is an alternate way of specifying the target cluster by its symbolic name" }, "namespace": { "type": "string", "title": "Namespace specifies the target namespace for the application's resources.\nThe namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace" }, "server": { - "description": "Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.", - "type": "string" + "type": "string", + "title": "Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API" } } }, @@ -8212,15 +8223,13 @@ "$ref": "#/definitions/v1alpha1ResourceRef" } }, + "resourceRef": { + "$ref": "#/definitions/v1alpha1ResourceRef" + }, "resourceVersion": { "type": "string" } - }, - "allOf": [ - { - "$ref": "#/definitions/v1alpha1ResourceRef" - } - ] + } }, "v1alpha1ResourceOverride": { "type": "object", @@ -8679,10 +8688,6 @@ "description": "Gitlab group to scan. Required. You can use either the project id (recommended) or the full namespaced path.", "type": "string" }, - "includeSharedProjects": { - "type": "boolean", - "title": "When recursing through subgroups, also include shared Projects (true) or scan only the subgroups under same path (false). Defaults to \"true\"" - }, "includeSubgroups": { "type": "boolean", "title": "Recurse through subgroups (true) or scan only the base group (false). Defaults to \"false\"" diff --git a/cmd/argocd-application-controller/commands/argocd_application_controller.go b/cmd/argocd-application-controller/commands/argocd_application_controller.go index e32b2deee5d47..ab88d4ccbdf93 100644 --- a/cmd/argocd-application-controller/commands/argocd_application_controller.go +++ b/cmd/argocd-application-controller/commands/argocd_application_controller.go @@ -56,7 +56,7 @@ func NewCommand() *cobra.Command { metricsCacheExpiration time.Duration metricsAplicationLabels []string kubectlParallelismLimit int64 - cacheSource func() (*appstatecache.Cache, error) + cacheSrc func() (*appstatecache.Cache, error) redisClient *redis.Client repoServerPlaintext bool repoServerStrictTLS bool @@ -126,7 +126,7 @@ func NewCommand() *cobra.Command { repoClientset := apiclient.NewRepoServerClientset(repoServerAddress, repoServerTimeoutSeconds, tlsConfig) - cache, err := cacheSource() + cache, err := cacheSrc() errors.CheckError(err) cache.Cache.SetClient(cacheutil.NewTwoLevelClient(cache.Cache.GetClient(), 10*time.Minute)) @@ -199,7 +199,7 @@ func NewCommand() *cobra.Command { command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces that applications are allowed to be reconciled from") command.Flags().BoolVar(&persistResourceHealth, "persist-resource-health", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH", true), "Enables storing the managed resources health in the Application CRD") command.Flags().StringVar(&shardingAlgorithm, "sharding-method", env.StringFromEnv(common.EnvControllerShardingAlgorithm, common.DefaultShardingAlgorithm), "Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin] ") - cacheSource = appstatecache.AddCacheFlagsToCmd(&command, func(client *redis.Client) { + cacheSrc = appstatecache.AddCacheFlagsToCmd(&command, func(client *redis.Client) { redisClient = client }) return &command diff --git a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go index a8bc6451eeb0e..1226202de7e01 100644 --- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go +++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go @@ -40,7 +40,10 @@ import ( argosettings "github.com/argoproj/argo-cd/v2/util/settings" ) -var gitSubmoduleEnabled = env.ParseBoolFromEnv(common.EnvGitSubmoduleEnabled, true) +// TODO: load this using Cobra. +func getSubmoduleEnabled() bool { + return env.ParseBoolFromEnv(common.EnvGitSubmoduleEnabled, true) +} func NewCommand() *cobra.Command { var ( @@ -153,7 +156,7 @@ func NewCommand() *cobra.Command { } repoClientset := apiclient.NewRepoServerClientset(argocdRepoServer, repoServerTimeoutSeconds, tlsConfig) - argoCDService, err := services.NewArgoCDService(argoCDDB, gitSubmoduleEnabled, repoClientset, enableNewGitFileGlobbing) + argoCDService, err := services.NewArgoCDService(argoCDDB, getSubmoduleEnabled(), repoClientset, enableNewGitFileGlobbing) errors.CheckError(err) terminalGenerators := map[string]generators.Generator{ diff --git a/cmd/argocd-notification/commands/controller.go b/cmd/argocd-notification/commands/controller.go index 3bcd721ef4b89..15675e7af376b 100644 --- a/cmd/argocd-notification/commands/controller.go +++ b/cmd/argocd-notification/commands/controller.go @@ -74,26 +74,26 @@ func NewCommand() *cobra.Command { restConfig, err := clientConfig.ClientConfig() if err != nil { - return fmt.Errorf("failed to create REST client config: %w", err) + return err } restConfig.UserAgent = fmt.Sprintf("argocd-notifications-controller/%s (%s)", vers.Version, vers.Platform) dynamicClient, err := dynamic.NewForConfig(restConfig) if err != nil { - return fmt.Errorf("failed to create dynamic client: %w", err) + return err } k8sClient, err := kubernetes.NewForConfig(restConfig) if err != nil { - return fmt.Errorf("failed to create Kubernetes client: %w", err) + return err } if namespace == "" { namespace, _, err = clientConfig.Namespace() if err != nil { - return fmt.Errorf("failed to determine controller's host namespace: %w", err) + return err } } level, err := log.ParseLevel(logLevel) if err != nil { - return fmt.Errorf("failed to parse log level: %w", err) + return err } log.SetLevel(level) @@ -105,7 +105,7 @@ func NewCommand() *cobra.Command { log.SetFormatter(&log.TextFormatter{ForceColors: true}) } default: - return fmt.Errorf("unknown log format '%s'", logFormat) + return fmt.Errorf("Unknown log format '%s'", logFormat) } tlsConfig := apiclient.TLSConfiguration{ @@ -118,14 +118,14 @@ func NewCommand() *cobra.Command { fmt.Sprintf("%s/reposerver/tls/ca.crt", env.StringFromEnv(common.EnvAppConfigPath, common.DefaultAppConfigPath)), ) if err != nil { - return fmt.Errorf("failed to load repo-server certificate pool: %w", err) + return err } tlsConfig.Certificates = pool } repoClientset := apiclient.NewRepoServerClientset(argocdRepoServer, 5, tlsConfig) argocdService, err := service.NewArgoCDService(k8sClient, namespace, repoClientset) if err != nil { - return fmt.Errorf("failed to initialize Argo CD service: %w", err) + return err } defer argocdService.Close() @@ -141,7 +141,7 @@ func NewCommand() *cobra.Command { ctrl := notificationscontroller.NewController(k8sClient, dynamicClient, argocdService, namespace, appLabelSelector, registry, secretName, configMapName) err = ctrl.Init(ctx) if err != nil { - return fmt.Errorf("failed to initialize controller: %w", err) + return err } go ctrl.Run(ctx, processorsCount) diff --git a/cmd/argocd-repo-server/commands/argocd_repo_server.go b/cmd/argocd-repo-server/commands/argocd_repo_server.go index e33aa65139b71..b9a0378b13ed5 100644 --- a/cmd/argocd-repo-server/commands/argocd_repo_server.go +++ b/cmd/argocd-repo-server/commands/argocd_repo_server.go @@ -5,6 +5,7 @@ import ( "math" "net" "net/http" + "os" "time" "github.com/argoproj/pkg/stats" @@ -35,17 +36,34 @@ import ( const ( // CLIName is the name of the CLI - cliName = "argocd-repo-server" -) + cliName = "argocd-repo-server" + gnuPGSourcePath = "/app/config/gpg/source" -var ( - gnuPGSourcePath = env.StringFromEnv(common.EnvGPGDataPath, "/app/config/gpg/source") - pauseGenerationAfterFailedGenerationAttempts = env.ParseNumFromEnv(common.EnvPauseGenerationAfterFailedAttempts, 3, 0, math.MaxInt32) - pauseGenerationOnFailureForMinutes = env.ParseNumFromEnv(common.EnvPauseGenerationMinutes, 60, 0, math.MaxInt32) - pauseGenerationOnFailureForRequests = env.ParseNumFromEnv(common.EnvPauseGenerationRequests, 0, 0, math.MaxInt32) - gitSubmoduleEnabled = env.ParseBoolFromEnv(common.EnvGitSubmoduleEnabled, true) + defaultPauseGenerationAfterFailedGenerationAttempts = 3 + defaultPauseGenerationOnFailureForMinutes = 60 + defaultPauseGenerationOnFailureForRequests = 0 ) +func getGnuPGSourcePath() string { + return env.StringFromEnv(common.EnvGPGDataPath, gnuPGSourcePath) +} + +func getPauseGenerationAfterFailedGenerationAttempts() int { + return env.ParseNumFromEnv(common.EnvPauseGenerationAfterFailedAttempts, defaultPauseGenerationAfterFailedGenerationAttempts, 0, math.MaxInt32) +} + +func getPauseGenerationOnFailureForMinutes() int { + return env.ParseNumFromEnv(common.EnvPauseGenerationMinutes, defaultPauseGenerationOnFailureForMinutes, 0, math.MaxInt32) +} + +func getPauseGenerationOnFailureForRequests() int { + return env.ParseNumFromEnv(common.EnvPauseGenerationRequests, defaultPauseGenerationOnFailureForRequests, 0, math.MaxInt32) +} + +func getSubmoduleEnabled() bool { + return env.ParseBoolFromEnv(common.EnvGitSubmoduleEnabled, true) +} + func NewCommand() *cobra.Command { var ( parallelismLimit int64 @@ -107,10 +125,10 @@ func NewCommand() *cobra.Command { cacheutil.CollectMetrics(redisClient, metricsServer) server, err := reposerver.NewServer(metricsServer, cache, tlsConfigCustomizer, repository.RepoServerInitConstants{ ParallelismLimit: parallelismLimit, - PauseGenerationAfterFailedGenerationAttempts: pauseGenerationAfterFailedGenerationAttempts, - PauseGenerationOnFailureForMinutes: pauseGenerationOnFailureForMinutes, - PauseGenerationOnFailureForRequests: pauseGenerationOnFailureForRequests, - SubmoduleEnabled: gitSubmoduleEnabled, + PauseGenerationAfterFailedGenerationAttempts: getPauseGenerationAfterFailedGenerationAttempts(), + PauseGenerationOnFailureForMinutes: getPauseGenerationOnFailureForMinutes(), + PauseGenerationOnFailureForRequests: getPauseGenerationOnFailureForRequests(), + SubmoduleEnabled: getSubmoduleEnabled(), MaxCombinedDirectoryManifestsSize: maxCombinedDirectoryManifestsQuantity, CMPTarExcludedGlobs: cmpTarExcludedGlobs, AllowOutOfBoundsSymlinks: allowOutOfBoundsSymlinks, @@ -164,12 +182,12 @@ func NewCommand() *cobra.Command { err = gpg.InitializeGnuPG() errors.CheckError(err) - log.Infof("Populating GnuPG keyring with keys from %s", gnuPGSourcePath) - added, removed, err := gpg.SyncKeyRingFromDirectory(gnuPGSourcePath) + log.Infof("Populating GnuPG keyring with keys from %s", getGnuPGSourcePath()) + added, removed, err := gpg.SyncKeyRingFromDirectory(getGnuPGSourcePath()) errors.CheckError(err) log.Infof("Loaded %d (and removed %d) keys from keyring", len(added), len(removed)) - go func() { errors.CheckError(reposerver.StartGPGWatcher(gnuPGSourcePath)) }() + go func() { errors.CheckError(reposerver.StartGPGWatcher(getGnuPGSourcePath())) }() } log.Infof("argocd-repo-server is listening on %s", listener.Addr()) @@ -181,6 +199,9 @@ func NewCommand() *cobra.Command { return nil }, } + if cmdutil.LogFormat == "" { + cmdutil.LogFormat = os.Getenv("ARGOCD_REPO_SERVER_LOGLEVEL") + } command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_REPO_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_REPO_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error") command.Flags().Int64Var(¶llelismLimit, "parallelismlimit", int64(env.ParseNumFromEnv("ARGOCD_REPO_SERVER_PARALLELISM_LIMIT", 0, 0, math.MaxInt32)), "Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.") diff --git a/cmd/argocd-server/commands/argocd_server.go b/cmd/argocd-server/commands/argocd_server.go index 89f116f7b8d30..b9ef17a79c832 100644 --- a/cmd/argocd-server/commands/argocd_server.go +++ b/cmd/argocd-server/commands/argocd_server.go @@ -35,10 +35,15 @@ const ( ) var ( - failureRetryCount = env.ParseNumFromEnv(failureRetryCountEnv, 0, 0, 10) - failureRetryPeriodMilliSeconds = env.ParseNumFromEnv(failureRetryPeriodMilliSecondsEnv, 100, 0, 1000) + failureRetryCount = 0 + failureRetryPeriodMilliSeconds = 100 ) +func init() { + failureRetryCount = env.ParseNumFromEnv(failureRetryCountEnv, failureRetryCount, 0, 10) + failureRetryPeriodMilliSeconds = env.ParseNumFromEnv(failureRetryPeriodMilliSecondsEnv, failureRetryPeriodMilliSeconds, 0, 1000) +} + // NewCommand returns a new instance of an argocd command func NewCommand() *cobra.Command { var ( diff --git a/cmd/argocd/commands/account.go b/cmd/argocd/commands/account.go index 2f73dd796f89f..3dced8ce67c45 100644 --- a/cmd/argocd/commands/account.go +++ b/cmd/argocd/commands/account.go @@ -130,9 +130,9 @@ has appropriate RBAC permissions to change other accounts. }, } - command.Flags().StringVar(¤tPassword, "current-password", "", "Password of the currently logged on user") - command.Flags().StringVar(&newPassword, "new-password", "", "New password you want to update to") - command.Flags().StringVar(&account, "account", "", "An account name that should be updated. Defaults to current user account") + command.Flags().StringVar(¤tPassword, "current-password", "", "password of the currently logged on user") + command.Flags().StringVar(&newPassword, "new-password", "", "new password you want to update to") + command.Flags().StringVar(&account, "account", "", "an account name that should be updated. Defaults to current user account") return command } diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index d0da5e1781e76..cf927b1edfece 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -846,9 +846,9 @@ func targetObjects(resources []*argoappv1.ResourceDiff) ([]*unstructured.Unstruc return objs, nil } -func getLocalObjects(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, +func getLocalObjects(ctx context.Context, app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, trackingMethod string) []*unstructured.Unstructured { - manifestStrings := getLocalObjectsString(ctx, app, proj, local, localRepoRoot, appLabelKey, kubeVersion, apiVersions, kustomizeOptions, trackingMethod) + manifestStrings := getLocalObjectsString(ctx, app, local, localRepoRoot, appLabelKey, kubeVersion, apiVersions, kustomizeOptions, trackingMethod) objs := make([]*unstructured.Unstructured, len(manifestStrings)) for i := range manifestStrings { obj := unstructured.Unstructured{} @@ -859,21 +859,19 @@ func getLocalObjects(ctx context.Context, app *argoappv1.Application, proj *argo return objs } -func getLocalObjectsString(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, +func getLocalObjectsString(ctx context.Context, app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, trackingMethod string) []string { source := app.Spec.GetSource() res, err := repository.GenerateManifests(ctx, local, localRepoRoot, source.TargetRevision, &repoapiclient.ManifestRequest{ - Repo: &argoappv1.Repository{Repo: source.RepoURL}, - AppLabelKey: appLabelKey, - AppName: app.Name, - Namespace: app.Spec.Destination.Namespace, - ApplicationSource: &source, - KustomizeOptions: kustomizeOptions, - KubeVersion: kubeVersion, - ApiVersions: apiVersions, - TrackingMethod: trackingMethod, - ProjectName: proj.Name, - ProjectSourceRepos: proj.Spec.SourceRepos, + Repo: &argoappv1.Repository{Repo: source.RepoURL}, + AppLabelKey: appLabelKey, + AppName: app.Name, + Namespace: app.Spec.Destination.Namespace, + ApplicationSource: &source, + KustomizeOptions: kustomizeOptions, + KubeVersion: kubeVersion, + ApiVersions: apiVersions, + TrackingMethod: trackingMethod, }, true, &git.NoopCredsStore{}, resource.MustParse("0"), nil) errors.CheckError(err) @@ -991,8 +989,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co diffOption.cluster = cluster } } - proj := getProject(c, clientOpts, ctx, app.Spec.Project) - foundDiffs := findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption) + foundDiffs := findandPrintDiff(ctx, app, resources, argoSettings, diffOption) if foundDiffs && exitCode { os.Exit(1) } @@ -1020,13 +1017,13 @@ type DifferenceOption struct { } // findandPrintDiff ... Prints difference between application current state and state stored in git or locally, returns boolean as true if difference is found else returns false -func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, resources *application.ManagedResourcesResponse, argoSettings *settings.Settings, diffOptions *DifferenceOption) bool { +func findandPrintDiff(ctx context.Context, app *argoappv1.Application, resources *application.ManagedResourcesResponse, argoSettings *settings.Settings, diffOptions *DifferenceOption) bool { var foundDiffs bool liveObjs, err := cmdutil.LiveObjects(resources.Items) errors.CheckError(err) items := make([]objKeyLiveTarget, 0) if diffOptions.local != "" { - localObjs := groupObjsByKey(getLocalObjects(ctx, app, proj, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace) + localObjs := groupObjsByKey(getLocalObjects(ctx, app, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace) items = groupObjsForDiff(resources, localObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace) } else if diffOptions.revision != "" { var unstructureds []*unstructured.Unstructured @@ -1535,7 +1532,6 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co force bool replace bool serverSideApply bool - applyOutOfSyncOnly bool async bool retryLimit int64 retryBackoffDuration time.Duration @@ -1698,8 +1694,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co errors.CheckError(err) argoio.Close(conn) - proj := getProject(c, clientOpts, ctx, app.Spec.Project) - localObjsStrings = getLocalObjectsString(ctx, app, proj.Project, local, localRepoRoot, argoSettings.AppLabelKey, cluster.Info.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) + localObjsStrings = getLocalObjectsString(ctx, app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.Info.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) errors.CheckError(err) diffOption.local = local diffOption.localRepoRoot = localRepoRoot @@ -1715,9 +1710,6 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co if serverSideApply { items = append(items, common.SyncOptionServerSideApply) } - if applyOutOfSyncOnly { - items = append(items, common.SyncOptionApplyOutOfSyncOnly) - } if len(items) == 0 { // for prevent send even empty array if not need @@ -1772,8 +1764,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co foundDiffs := false fmt.Printf("====== Previewing differences between live and desired state of application %s ======\n", appQualifiedName) - proj := getProject(c, clientOpts, ctx, app.Spec.Project) - foundDiffs = findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption) + foundDiffs = findandPrintDiff(ctx, app, resources, argoSettings, diffOption) if foundDiffs { if !diffChangesConfirm { yesno := cli.AskToProceed(fmt.Sprintf("Please review changes to application %s shown above. Do you want to continue the sync process? (y/n): ", appQualifiedName)) @@ -1822,7 +1813,6 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co command.Flags().BoolVar(&force, "force", false, "Use a force apply") command.Flags().BoolVar(&replace, "replace", false, "Use a kubectl create/replace instead apply") command.Flags().BoolVar(&serverSideApply, "server-side", false, "Use server-side apply while syncing the application") - command.Flags().BoolVar(&applyOutOfSyncOnly, "apply-out-of-sync-only", false, "Sync only out-of-sync resources") command.Flags().BoolVar(&async, "async", false, "Do not wait for application to sync before continuing") command.Flags().StringVar(&local, "local", "", "Path to a local directory. When this flag is present no git queries will be made") command.Flags().StringVar(&localRepoRoot, "local-repo-root", "/", "Path to the repository root. Used together with --local allows setting the repository root") @@ -2386,8 +2376,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob cluster, err := clusterIf.Get(context.Background(), &clusterpkg.ClusterQuery{Name: app.Spec.Destination.Name, Server: app.Spec.Destination.Server}) errors.CheckError(err) - proj := getProject(c, clientOpts, ctx, app.Spec.Project) - unstructureds = getLocalObjects(context.Background(), app, proj.Project, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) + unstructureds = getLocalObjects(context.Background(), app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) } else if revision != "" { q := application.ApplicationManifestQuery{ Name: &appName, diff --git a/cmd/argocd/commands/app_test.go b/cmd/argocd/commands/app_test.go index 0880fdc1c1ae5..673bceec7b632 100644 --- a/cmd/argocd/commands/app_test.go +++ b/cmd/argocd/commands/app_test.go @@ -307,8 +307,8 @@ func Test_groupObjsByKey(t *testing.T) { } expected := map[kube.ResourceKey]*unstructured.Unstructured{ - {Group: "", Kind: "Pod", Namespace: "default", Name: "pod-name"}: localObjs[0], - {Group: "apiextensions.k8s.io", Kind: "CustomResourceDefinition", Namespace: "", Name: "certificates.cert-manager.io"}: localObjs[1], + kube.ResourceKey{Group: "", Kind: "Pod", Namespace: "default", Name: "pod-name"}: localObjs[0], + kube.ResourceKey{Group: "apiextensions.k8s.io", Kind: "CustomResourceDefinition", Namespace: "", Name: "certificates.cert-manager.io"}: localObjs[1], } objByKey := groupObjsByKey(localObjs, liveObjs, "default") diff --git a/cmd/argocd/commands/applicationset_test.go b/cmd/argocd/commands/applicationset_test.go index 18e5f85feebbc..ce6fab64526c3 100644 --- a/cmd/argocd/commands/applicationset_test.go +++ b/cmd/argocd/commands/applicationset_test.go @@ -40,12 +40,12 @@ func TestPrintApplicationSetTable(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Generators: []v1alpha1.ApplicationSetGenerator{ - { + v1alpha1.ApplicationSetGenerator{ Git: &v1alpha1.GitGenerator{ RepoURL: "https://github.com/argoproj/argo-cd.git", Revision: "head", Directories: []v1alpha1.GitDirectoryGeneratorItem{ - { + v1alpha1.GitDirectoryGeneratorItem{ Path: "applicationset/examples/git-generator-directory/cluster-addons/*", }, }, @@ -60,7 +60,7 @@ func TestPrintApplicationSetTable(t *testing.T) { }, Status: v1alpha1.ApplicationSetStatus{ Conditions: []v1alpha1.ApplicationSetCondition{ - { + v1alpha1.ApplicationSetCondition{ Status: v1alpha1.ApplicationSetConditionStatusTrue, Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, }, @@ -75,12 +75,12 @@ func TestPrintApplicationSetTable(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Generators: []v1alpha1.ApplicationSetGenerator{ - { + v1alpha1.ApplicationSetGenerator{ Git: &v1alpha1.GitGenerator{ RepoURL: "https://github.com/argoproj/argo-cd.git", Revision: "head", Directories: []v1alpha1.GitDirectoryGeneratorItem{ - { + v1alpha1.GitDirectoryGeneratorItem{ Path: "applicationset/examples/git-generator-directory/cluster-addons/*", }, }, @@ -95,7 +95,7 @@ func TestPrintApplicationSetTable(t *testing.T) { }, Status: v1alpha1.ApplicationSetStatus{ Conditions: []v1alpha1.ApplicationSetCondition{ - { + v1alpha1.ApplicationSetCondition{ Status: v1alpha1.ApplicationSetConditionStatusTrue, Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, }, @@ -118,12 +118,12 @@ func TestPrintAppSetSummaryTable(t *testing.T) { }, Spec: v1alpha1.ApplicationSetSpec{ Generators: []v1alpha1.ApplicationSetGenerator{ - { + v1alpha1.ApplicationSetGenerator{ Git: &v1alpha1.GitGenerator{ RepoURL: "https://github.com/argoproj/argo-cd.git", Revision: "head", Directories: []v1alpha1.GitDirectoryGeneratorItem{ - { + v1alpha1.GitDirectoryGeneratorItem{ Path: "applicationset/examples/git-generator-directory/cluster-addons/*", }, }, @@ -138,7 +138,7 @@ func TestPrintAppSetSummaryTable(t *testing.T) { }, Status: v1alpha1.ApplicationSetStatus{ Conditions: []v1alpha1.ApplicationSetCondition{ - { + v1alpha1.ApplicationSetCondition{ Status: v1alpha1.ApplicationSetConditionStatusTrue, Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, }, diff --git a/cmd/argocd/commands/cert.go b/cmd/argocd/commands/cert.go index d443d57e337d4..b8a042f6cc524 100644 --- a/cmd/argocd/commands/cert.go +++ b/cmd/argocd/commands/cert.go @@ -130,7 +130,7 @@ func NewCertAddTLSCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command } }, } - command.Flags().StringVar(&fromFile, "from", "", "Read TLS certificate data from file (default is to read from stdin)") + command.Flags().StringVar(&fromFile, "from", "", "read TLS certificate data from file (default is to read from stdin)") command.Flags().BoolVar(&upsert, "upsert", false, "Replace existing TLS certificate if certificate is different in input") return command } @@ -300,9 +300,9 @@ func NewCertListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { } command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide") - command.Flags().StringVar(&sortOrder, "sort", "", "Set display sort order for output format wide. One of: hostname|type") - command.Flags().StringVar(&certType, "cert-type", "", "Only list certificates of given type, valid: 'ssh','https'") - command.Flags().StringVar(&hostNamePattern, "hostname-pattern", "", "Only list certificates for hosts matching given glob-pattern") + command.Flags().StringVar(&sortOrder, "sort", "", "set display sort order for output format wide. One of: hostname|type") + command.Flags().StringVar(&certType, "cert-type", "", "only list certificates of given type, valid: 'ssh','https'") + command.Flags().StringVar(&hostNamePattern, "hostname-pattern", "", "only list certificates for hosts matching given glob-pattern") return command } diff --git a/cmd/argocd/commands/headless/headless.go b/cmd/argocd/commands/headless/headless.go index 00344a979e9f6..ac994e4fdaba2 100644 --- a/cmd/argocd/commands/headless/headless.go +++ b/cmd/argocd/commands/headless/headless.go @@ -127,15 +127,15 @@ func (c *forwardRepoClientset) NewRepoServerClient() (io.Closer, repoapiclient.R func testAPI(ctx context.Context, clientOpts *apiclient.ClientOptions) error { apiClient, err := apiclient.NewClient(clientOpts) if err != nil { - return fmt.Errorf("failed to create API client: %w", err) + return err } closer, versionClient, err := apiClient.NewVersionClient() if err != nil { - return fmt.Errorf("failed to create version client: %w", err) + return err } defer io.Close(closer) _, err = versionClient.Version(ctx, &empty.Empty{}) - return fmt.Errorf("failed to get version: %w", err) + return err } // StartLocalServer allows executing command in a headless mode: on the fly starts Argo CD API server and @@ -147,12 +147,12 @@ func StartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOptions, if !startInProcessAPI { localCfg, err := localconfig.ReadLocalConfig(clientOpts.ConfigPath) if err != nil { - return fmt.Errorf("error reading local config: %w", err) + return err } if localCfg != nil { configCtx, err := localCfg.ResolveContext(clientOpts.Context) if err != nil { - return fmt.Errorf("error resolving context: %w", err) + return err } startInProcessAPI = configCtx.Server.Core } @@ -173,7 +173,7 @@ func StartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOptions, addr := fmt.Sprintf("%s:0", *address) ln, err := net.Listen("tcp", addr) if err != nil { - return fmt.Errorf("failed to listen on %q: %w", addr, err) + return err } port = &ln.Addr().(*net.TCPAddr).Port io.Close(ln) @@ -181,25 +181,25 @@ func StartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOptions, restConfig, err := clientConfig.ClientConfig() if err != nil { - return fmt.Errorf("error creating client config: %w", err) + return err } appClientset, err := appclientset.NewForConfig(restConfig) if err != nil { - return fmt.Errorf("error creating app clientset: %w", err) + return err } kubeClientset, err := kubernetes.NewForConfig(restConfig) if err != nil { - return fmt.Errorf("error creating kubernetes clientset: %w", err) + return err } namespace, _, err := clientConfig.Namespace() if err != nil { - return fmt.Errorf("error getting namespace: %w", err) + return err } mr, err := miniredis.Run() if err != nil { - return fmt.Errorf("error running miniredis: %w", err) + return err } appstateCache := appstatecache.NewCache(cache.NewCache(&forwardCacheClient{namespace: namespace, context: ctxStr, compression: compression}), time.Hour) srv := server.NewServer(ctx, server.ArgoCDServerOpts{ @@ -220,7 +220,7 @@ func StartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOptions, lns, err := srv.Listen() if err != nil { - return fmt.Errorf("failed to listen: %w", err) + return err } go srv.Run(ctx, lns) clientOpts.ServerAddr = fmt.Sprintf("%s:%d", *address, *port) @@ -236,7 +236,7 @@ func StartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOptions, } time.Sleep(time.Second) } - return fmt.Errorf("all retries failed: %w", err) + return err } // NewClientOrDie creates a new API client from a set of config options, or fails fatally if the new client creation fails. diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 4f08665eb437b..fc7b6617c13b9 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -1,7 +1,6 @@ package commands import ( - "context" "encoding/json" "fmt" "io" @@ -819,7 +818,10 @@ func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command os.Exit(1) } projName := args[0] - detailedProject := getProject(c, clientOpts, ctx, projName) + conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() + defer argoio.Close(conn) + detailedProject, err := projIf.GetDetailedProject(ctx, &projectpkg.ProjectQuery{Name: projName}) + errors.CheckError(err) switch output { case "yaml", "json": @@ -836,14 +838,6 @@ func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command return command } -func getProject(c *cobra.Command, clientOpts *argocdclient.ClientOptions, ctx context.Context, projName string) *projectpkg.DetailedProjectsResponse { - conn, projIf := headless.NewClientOrDie(clientOpts, c).NewProjectClientOrDie() - defer argoio.Close(conn) - detailedProject, err := projIf.GetDetailedProject(ctx, &projectpkg.ProjectQuery{Name: projName}) - errors.CheckError(err) - return detailedProject -} - func NewProjectEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var command = &cobra.Command{ Use: "edit PROJECT", diff --git a/cmpserver/apiclient/clientset.go b/cmpserver/apiclient/clientset.go index 6b4c19f0261ff..025625ff8092e 100644 --- a/cmpserver/apiclient/clientset.go +++ b/cmpserver/apiclient/clientset.go @@ -7,7 +7,6 @@ import ( grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry" log "github.com/sirupsen/logrus" - "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" @@ -47,8 +46,8 @@ func NewConnection(address string) (*grpc.ClientConn, error) { grpc.WithStreamInterceptor(grpc_retry.StreamClientInterceptor(retryOpts...)), grpc.WithUnaryInterceptor(grpc_middleware.ChainUnaryClient(unaryInterceptors...)), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(MaxGRPCMessageSize), grpc.MaxCallSendMsgSize(MaxGRPCMessageSize)), - grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor()), - grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor()), + grpc.WithUnaryInterceptor(grpc_util.OTELUnaryClientInterceptor()), + grpc.WithStreamInterceptor(grpc_util.OTELStreamClientInterceptor()), } dialOpts = append(dialOpts, grpc.WithTransportCredentials(insecure.NewCredentials())) diff --git a/cmpserver/plugin/plugin_windows.go b/cmpserver/plugin/plugin_windows.go index 2a188e61f6f9e..b8873a9793601 100644 --- a/cmpserver/plugin/plugin_windows.go +++ b/cmpserver/plugin/plugin_windows.go @@ -14,3 +14,7 @@ func newSysProcAttr(setpgid bool) *syscall.SysProcAttr { func sysCallKill(pid int) error { return nil } + +func sysCallTerm(pid int) error { + return nil +} diff --git a/controller/clusterinfoupdater.go b/controller/clusterinfoupdater.go index a2f488534aeb0..75f2644b49d1e 100644 --- a/controller/clusterinfoupdater.go +++ b/controller/clusterinfoupdater.go @@ -3,14 +3,12 @@ package controller import ( "context" "fmt" - "time" - - "github.com/argoproj/argo-cd/v2/util/env" "github.com/argoproj/gitops-engine/pkg/cache" "github.com/argoproj/gitops-engine/pkg/utils/kube" log "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" + "time" "github.com/argoproj/argo-cd/v2/controller/metrics" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -21,13 +19,7 @@ import ( ) const ( - defaultSecretUpdateInterval = 10 * time.Second - - EnvClusterInfoTimeout = "ARGO_CD_UPDATE_CLUSTER_INFO_TIMEOUT" -) - -var ( - clusterInfoTimeout = env.ParseDurationFromEnv(EnvClusterInfoTimeout, defaultSecretUpdateInterval, defaultSecretUpdateInterval, 1*time.Minute) + secretUpdateInterval = 10 * time.Second ) type clusterInfoUpdater struct { @@ -38,7 +30,6 @@ type clusterInfoUpdater struct { clusterFilter func(cluster *appv1.Cluster) bool projGetter func(app *appv1.Application) (*appv1.AppProject, error) namespace string - lastUpdated time.Time } func NewClusterInfoUpdater( @@ -50,17 +41,17 @@ func NewClusterInfoUpdater( projGetter func(app *appv1.Application) (*appv1.AppProject, error), namespace string) *clusterInfoUpdater { - return &clusterInfoUpdater{infoSource, db, appLister, cache, clusterFilter, projGetter, namespace, time.Time{}} + return &clusterInfoUpdater{infoSource, db, appLister, cache, clusterFilter, projGetter, namespace} } func (c *clusterInfoUpdater) Run(ctx context.Context) { c.updateClusters() - ticker := time.NewTicker(clusterInfoTimeout) + ticker := time.NewTicker(secretUpdateInterval) for { select { case <-ctx.Done(): ticker.Stop() - return + break case <-ticker.C: c.updateClusters() } @@ -68,23 +59,13 @@ func (c *clusterInfoUpdater) Run(ctx context.Context) { } func (c *clusterInfoUpdater) updateClusters() { - if time.Since(c.lastUpdated) < clusterInfoTimeout { - return - } - - ctx, cancel := context.WithTimeout(context.Background(), clusterInfoTimeout) - defer func() { - cancel() - c.lastUpdated = time.Now() - }() - infoByServer := make(map[string]*cache.ClusterInfo) clustersInfo := c.infoSource.GetClustersInfo() for i := range clustersInfo { info := clustersInfo[i] infoByServer[info.Server] = &info } - clusters, err := c.db.ListClusters(ctx) + clusters, err := c.db.ListClusters(context.Background()) if err != nil { log.Warnf("Failed to save clusters info: %v", err) return @@ -101,7 +82,7 @@ func (c *clusterInfoUpdater) updateClusters() { } _ = kube.RunAllAsync(len(clustersFiltered), func(i int) error { cluster := clustersFiltered[i] - if err := c.updateClusterInfo(ctx, cluster, infoByServer[cluster.Server]); err != nil { + if err := c.updateClusterInfo(cluster, infoByServer[cluster.Server]); err != nil { log.Warnf("Failed to save clusters info: %v", err) } return nil @@ -109,7 +90,7 @@ func (c *clusterInfoUpdater) updateClusters() { log.Debugf("Successfully saved info of %d clusters", len(clustersFiltered)) } -func (c *clusterInfoUpdater) updateClusterInfo(ctx context.Context, cluster appv1.Cluster, info *cache.ClusterInfo) error { +func (c *clusterInfoUpdater) updateClusterInfo(cluster appv1.Cluster, info *cache.ClusterInfo) error { apps, err := c.appLister.List(labels.Everything()) if err != nil { return fmt.Errorf("error while fetching the apps list: %w", err) @@ -122,7 +103,7 @@ func (c *clusterInfoUpdater) updateClusterInfo(ctx context.Context, cluster appv continue } } - if err := argo.ValidateDestination(ctx, &a.Spec.Destination, c.db); err != nil { + if err := argo.ValidateDestination(context.Background(), &a.Spec.Destination, c.db); err != nil { continue } if a.Spec.Destination.Server == cluster.Server { diff --git a/controller/clusterinfoupdater_test.go b/controller/clusterinfoupdater_test.go index bac0bb56cbe08..60f074d2cfd37 100644 --- a/controller/clusterinfoupdater_test.go +++ b/controller/clusterinfoupdater_test.go @@ -88,7 +88,7 @@ func TestClusterSecretUpdater(t *testing.T) { lister := applisters.NewApplicationLister(appInformer.GetIndexer()).Applications(fakeNamespace) updater := NewClusterInfoUpdater(nil, argoDB, lister, appCache, nil, nil, fakeNamespace) - err = updater.updateClusterInfo(context.Background(), *cluster, info) + err = updater.updateClusterInfo(*cluster, info) assert.NoError(t, err, "Invoking updateClusterInfo failed.") var clusterInfo v1alpha1.ClusterInfo diff --git a/controller/metrics/metrics.go b/controller/metrics/metrics.go index 3cfb16a249339..3cd9837ff7036 100644 --- a/controller/metrics/metrics.go +++ b/controller/metrics/metrics.go @@ -56,7 +56,7 @@ var ( descAppInfo = prometheus.NewDesc( "argocd_app_info", "Information about application.", - append(descAppDefaultLabels, "autosync_enabled", "repo", "dest_server", "dest_namespace", "sync_status", "health_status", "operation"), + append(descAppDefaultLabels, "repo", "dest_server", "dest_namespace", "sync_status", "health_status", "operation"), nil, ) // DEPRECATED @@ -381,9 +381,7 @@ func (c *appCollector) collectApps(ch chan<- prometheus.Metric, app *argoappv1.A healthStatus = health.HealthStatusUnknown } - autoSyncEnabled := app.Spec.SyncPolicy != nil && app.Spec.SyncPolicy.Automated != nil - - addGauge(descAppInfo, 1, strconv.FormatBool(autoSyncEnabled), git.NormalizeGitURL(app.Spec.GetSource().RepoURL), app.Spec.Destination.Server, app.Spec.Destination.Namespace, string(syncStatus), string(healthStatus), operation) + addGauge(descAppInfo, 1, git.NormalizeGitURL(app.Spec.GetSource().RepoURL), app.Spec.Destination.Server, app.Spec.Destination.Namespace, string(syncStatus), string(healthStatus), operation) if len(c.appLabels) > 0 { labelValues := []string{} diff --git a/controller/metrics/metrics_test.go b/controller/metrics/metrics_test.go index 61a99a46492a2..c5583cb478bff 100644 --- a/controller/metrics/metrics_test.go +++ b/controller/metrics/metrics_test.go @@ -5,6 +5,7 @@ import ( "log" "net/http" "net/http/httptest" + "os" "strings" "testing" "time" @@ -66,10 +67,6 @@ spec: source: path: some/path repoURL: https://github.com/argoproj/argocd-example-apps.git - syncPolicy: - automated: - selfHeal: false - prune: true status: sync: status: Synced @@ -101,10 +98,6 @@ spec: source: path: some/path repoURL: https://github.com/argoproj/argocd-example-apps.git - syncPolicy: - automated: - selfHeal: true - prune: false status: sync: status: OutOfSync @@ -235,9 +228,9 @@ func TestMetrics(t *testing.T) { responseContains: ` # HELP argocd_app_info Information about application. # TYPE argocd_app_info gauge -argocd_app_info{autosync_enabled="true",dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Degraded",name="my-app-3",namespace="argocd",operation="delete",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="OutOfSync"} 1 -argocd_app_info{autosync_enabled="false",dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app",namespace="argocd",operation="",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 -argocd_app_info{autosync_enabled="true",dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app-2",namespace="argocd",operation="sync",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 +argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Degraded",name="my-app-3",namespace="argocd",operation="delete",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="OutOfSync"} 1 +argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app",namespace="argocd",operation="",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 +argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app-2",namespace="argocd",operation="sync",project="important-project",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 `, }, { @@ -245,7 +238,7 @@ argocd_app_info{autosync_enabled="true",dest_namespace="dummy-namespace",dest_se responseContains: ` # HELP argocd_app_info Information about application. # TYPE argocd_app_info gauge -argocd_app_info{autosync_enabled="false",dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app",namespace="argocd",operation="",project="default",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 +argocd_app_info{dest_namespace="dummy-namespace",dest_server="https://localhost:6443",health_status="Healthy",name="my-app",namespace="argocd",operation="",project="default",repo="https://github.com/argoproj/argocd-example-apps",sync_status="Synced"} 1 `, }, } @@ -299,7 +292,8 @@ argocd_app_labels{label_non_existing="",name="my-app-3",namespace="argocd",proje } func TestLegacyMetrics(t *testing.T) { - t.Setenv(EnvVarLegacyControllerMetrics, "true") + os.Setenv(EnvVarLegacyControllerMetrics, "true") + defer os.Unsetenv(EnvVarLegacyControllerMetrics) expectedResponse := ` # HELP argocd_app_created_time Creation time in unix timestamp for an application. diff --git a/controller/sharding/sharding_test.go b/controller/sharding/sharding_test.go index 629c023c4a054..ca44bf32e2d6b 100644 --- a/controller/sharding/sharding_test.go +++ b/controller/sharding/sharding_test.go @@ -14,7 +14,7 @@ import ( ) func TestGetShardByID_NotEmptyID(t *testing.T) { - t.Setenv(common.EnvControllerReplicas, "1") + os.Setenv(common.EnvControllerReplicas, "1") assert.Equal(t, 0, LegacyDistributionFunction()(&v1alpha1.Cluster{ID: "1"})) assert.Equal(t, 0, LegacyDistributionFunction()(&v1alpha1.Cluster{ID: "2"})) assert.Equal(t, 0, LegacyDistributionFunction()(&v1alpha1.Cluster{ID: "3"})) @@ -22,21 +22,21 @@ func TestGetShardByID_NotEmptyID(t *testing.T) { } func TestGetShardByID_EmptyID(t *testing.T) { - t.Setenv(common.EnvControllerReplicas, "1") + os.Setenv(common.EnvControllerReplicas, "1") distributionFunction := LegacyDistributionFunction shard := distributionFunction()(&v1alpha1.Cluster{}) assert.Equal(t, 0, shard) } func TestGetShardByID_NoReplicas(t *testing.T) { - t.Setenv(common.EnvControllerReplicas, "0") + os.Setenv(common.EnvControllerReplicas, "0") distributionFunction := LegacyDistributionFunction shard := distributionFunction()(&v1alpha1.Cluster{}) assert.Equal(t, -1, shard) } func TestGetShardByID_NoReplicasUsingHashDistributionFunction(t *testing.T) { - t.Setenv(common.EnvControllerReplicas, "0") + os.Setenv(common.EnvControllerReplicas, "0") distributionFunction := LegacyDistributionFunction shard := distributionFunction()(&v1alpha1.Cluster{}) assert.Equal(t, -1, shard) @@ -45,8 +45,8 @@ func TestGetShardByID_NoReplicasUsingHashDistributionFunction(t *testing.T) { func TestGetShardByID_NoReplicasUsingHashDistributionFunctionWithClusters(t *testing.T) { db, cluster1, cluster2, cluster3, cluster4, cluster5 := createTestClusters() // Test with replicas set to 0 - t.Setenv(common.EnvControllerReplicas, "0") - t.Setenv(common.EnvControllerShardingAlgorithm, common.RoundRobinShardingAlgorithm) + os.Setenv(common.EnvControllerReplicas, "0") + os.Setenv(common.EnvControllerShardingAlgorithm, common.RoundRobinShardingAlgorithm) distributionFunction := RoundRobinDistributionFunction(db) assert.Equal(t, -1, distributionFunction(nil)) assert.Equal(t, -1, distributionFunction(&cluster1)) @@ -54,12 +54,13 @@ func TestGetShardByID_NoReplicasUsingHashDistributionFunctionWithClusters(t *tes assert.Equal(t, -1, distributionFunction(&cluster3)) assert.Equal(t, -1, distributionFunction(&cluster4)) assert.Equal(t, -1, distributionFunction(&cluster5)) + } func TestGetClusterFilterDefault(t *testing.T) { shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) os.Unsetenv(common.EnvControllerShardingAlgorithm) - t.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerReplicas, "2") filter := GetClusterFilter(GetDistributionFunction(nil, common.DefaultShardingAlgorithm), shardIndex) assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) assert.True(t, filter(&v1alpha1.Cluster{ID: "2"})) @@ -69,8 +70,8 @@ func TestGetClusterFilterDefault(t *testing.T) { func TestGetClusterFilterLegacy(t *testing.T) { shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) - t.Setenv(common.EnvControllerReplicas, "2") - t.Setenv(common.EnvControllerShardingAlgorithm, common.LegacyShardingAlgorithm) + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, common.LegacyShardingAlgorithm) filter := GetClusterFilter(GetDistributionFunction(nil, common.LegacyShardingAlgorithm), shardIndex) assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) assert.True(t, filter(&v1alpha1.Cluster{ID: "2"})) @@ -80,8 +81,8 @@ func TestGetClusterFilterLegacy(t *testing.T) { func TestGetClusterFilterUnknown(t *testing.T) { shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) - t.Setenv(common.EnvControllerReplicas, "2") - t.Setenv(common.EnvControllerShardingAlgorithm, "unknown") + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, "unknown") filter := GetClusterFilter(GetDistributionFunction(nil, "unknown"), shardIndex) assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) assert.True(t, filter(&v1alpha1.Cluster{ID: "2"})) @@ -91,7 +92,7 @@ func TestGetClusterFilterUnknown(t *testing.T) { func TestLegacyGetClusterFilterWithFixedShard(t *testing.T) { shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) - t.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerReplicas, "2") filter := GetClusterFilter(GetDistributionFunction(nil, common.DefaultShardingAlgorithm), shardIndex) assert.False(t, filter(nil)) assert.False(t, filter(&v1alpha1.Cluster{ID: "1"})) @@ -106,11 +107,12 @@ func TestLegacyGetClusterFilterWithFixedShard(t *testing.T) { fixedShard = 1 filter = GetClusterFilter(GetDistributionFunction(nil, common.DefaultShardingAlgorithm), int(fixedShard)) assert.True(t, filter(&v1alpha1.Cluster{Name: "cluster4", ID: "4", Shard: &fixedShard})) + } func TestRoundRobinGetClusterFilterWithFixedShard(t *testing.T) { shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) - t.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerReplicas, "2") db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() filter := GetClusterFilter(GetDistributionFunction(db, common.RoundRobinShardingAlgorithm), shardIndex) @@ -133,8 +135,8 @@ func TestRoundRobinGetClusterFilterWithFixedShard(t *testing.T) { func TestGetClusterFilterLegacyHash(t *testing.T) { shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) - t.Setenv(common.EnvControllerReplicas, "2") - t.Setenv(common.EnvControllerShardingAlgorithm, "hash") + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, "hash") db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() filter := GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), shardIndex) assert.False(t, filter(&cluster1)) @@ -156,64 +158,55 @@ func TestGetClusterFilterLegacyHash(t *testing.T) { func TestGetClusterFilterWithEnvControllerShardingAlgorithms(t *testing.T) { db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() shardIndex := 1 - t.Setenv(common.EnvControllerReplicas, "2") - - t.Run("legacy", func(t *testing.T) { - t.Setenv(common.EnvControllerShardingAlgorithm, common.LegacyShardingAlgorithm) - shardShouldProcessCluster := GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), shardIndex) - assert.False(t, shardShouldProcessCluster(&cluster1)) - assert.True(t, shardShouldProcessCluster(&cluster2)) - assert.False(t, shardShouldProcessCluster(&cluster3)) - assert.True(t, shardShouldProcessCluster(&cluster4)) - assert.False(t, shardShouldProcessCluster(nil)) - }) - - t.Run("roundrobin", func(t *testing.T) { - t.Setenv(common.EnvControllerShardingAlgorithm, common.RoundRobinShardingAlgorithm) - shardShouldProcessCluster := GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), shardIndex) - assert.False(t, shardShouldProcessCluster(&cluster1)) - assert.True(t, shardShouldProcessCluster(&cluster2)) - assert.False(t, shardShouldProcessCluster(&cluster3)) - assert.True(t, shardShouldProcessCluster(&cluster4)) - assert.False(t, shardShouldProcessCluster(nil)) - }) + os.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerShardingAlgorithm, common.LegacyShardingAlgorithm) + shardShouldProcessCluster := GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), shardIndex) + assert.False(t, shardShouldProcessCluster(&cluster1)) + assert.True(t, shardShouldProcessCluster(&cluster2)) + assert.False(t, shardShouldProcessCluster(&cluster3)) + assert.True(t, shardShouldProcessCluster(&cluster4)) + assert.False(t, shardShouldProcessCluster(nil)) + + os.Setenv(common.EnvControllerShardingAlgorithm, common.RoundRobinShardingAlgorithm) + shardShouldProcessCluster = GetClusterFilter(GetDistributionFunction(db, common.LegacyShardingAlgorithm), shardIndex) + assert.False(t, shardShouldProcessCluster(&cluster1)) + assert.True(t, shardShouldProcessCluster(&cluster2)) + assert.False(t, shardShouldProcessCluster(&cluster3)) + assert.True(t, shardShouldProcessCluster(&cluster4)) + assert.False(t, shardShouldProcessCluster(nil)) } func TestGetShardByIndexModuloReplicasCountDistributionFunction2(t *testing.T) { db, cluster1, cluster2, cluster3, cluster4, cluster5 := createTestClusters() + // Test with replicas set to 1 + os.Setenv(common.EnvControllerReplicas, "1") + distributionFunction := RoundRobinDistributionFunction(db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 0, distributionFunction(&cluster2)) + assert.Equal(t, 0, distributionFunction(&cluster3)) + assert.Equal(t, 0, distributionFunction(&cluster4)) + assert.Equal(t, 0, distributionFunction(&cluster5)) + + // Test with replicas set to 2 + os.Setenv(common.EnvControllerReplicas, "2") + distributionFunction = RoundRobinDistributionFunction(db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 1, distributionFunction(&cluster2)) + assert.Equal(t, 0, distributionFunction(&cluster3)) + assert.Equal(t, 1, distributionFunction(&cluster4)) + assert.Equal(t, 0, distributionFunction(&cluster5)) - t.Run("replicas set to 1", func(t *testing.T) { - t.Setenv(common.EnvControllerReplicas, "1") - distributionFunction := RoundRobinDistributionFunction(db) - assert.Equal(t, 0, distributionFunction(nil)) - assert.Equal(t, 0, distributionFunction(&cluster1)) - assert.Equal(t, 0, distributionFunction(&cluster2)) - assert.Equal(t, 0, distributionFunction(&cluster3)) - assert.Equal(t, 0, distributionFunction(&cluster4)) - assert.Equal(t, 0, distributionFunction(&cluster5)) - }) - - t.Run("replicas set to 2", func(t *testing.T) { - t.Setenv(common.EnvControllerReplicas, "2") - distributionFunction := RoundRobinDistributionFunction(db) - assert.Equal(t, 0, distributionFunction(nil)) - assert.Equal(t, 0, distributionFunction(&cluster1)) - assert.Equal(t, 1, distributionFunction(&cluster2)) - assert.Equal(t, 0, distributionFunction(&cluster3)) - assert.Equal(t, 1, distributionFunction(&cluster4)) - assert.Equal(t, 0, distributionFunction(&cluster5)) - }) - - t.Run("replicas set to 3", func(t *testing.T) { - t.Setenv(common.EnvControllerReplicas, "3") - distributionFunction := RoundRobinDistributionFunction(db) - assert.Equal(t, 0, distributionFunction(nil)) - assert.Equal(t, 0, distributionFunction(&cluster1)) - assert.Equal(t, 1, distributionFunction(&cluster2)) - assert.Equal(t, 2, distributionFunction(&cluster3)) - assert.Equal(t, 0, distributionFunction(&cluster4)) - assert.Equal(t, 1, distributionFunction(&cluster5)) - }) + // // Test with replicas set to 3 + os.Setenv(common.EnvControllerReplicas, "3") + distributionFunction = RoundRobinDistributionFunction(db) + assert.Equal(t, 0, distributionFunction(nil)) + assert.Equal(t, 0, distributionFunction(&cluster1)) + assert.Equal(t, 1, distributionFunction(&cluster2)) + assert.Equal(t, 2, distributionFunction(&cluster3)) + assert.Equal(t, 0, distributionFunction(&cluster4)) + assert.Equal(t, 1, distributionFunction(&cluster5)) } func TestGetShardByIndexModuloReplicasCountDistributionFunctionWhenClusterNumberIsHigh(t *testing.T) { @@ -229,7 +222,7 @@ func TestGetShardByIndexModuloReplicasCountDistributionFunctionWhenClusterNumber clusterList.Items = append(clusterList.Items, cluster) } db.On("ListClusters", mock.Anything).Return(clusterList, nil) - t.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerReplicas, "2") distributionFunction := RoundRobinDistributionFunction(&db) for i, c := range clusterList.Items { assert.Equal(t, i%2, distributionFunction(&c)) @@ -249,7 +242,7 @@ func TestGetShardByIndexModuloReplicasCountDistributionFunctionWhenClusterIsAdde db.On("ListClusters", mock.Anything).Return(clusterList, nil) // Test with replicas set to 2 - t.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerReplicas, "2") distributionFunction := RoundRobinDistributionFunction(&db) assert.Equal(t, 0, distributionFunction(nil)) assert.Equal(t, 0, distributionFunction(&cluster1)) @@ -266,11 +259,12 @@ func TestGetShardByIndexModuloReplicasCountDistributionFunctionWhenClusterIsAdde // Now, we remove the last added cluster, it should be unassigned as well clusterList.Items = clusterList.Items[:len(clusterList.Items)-1] assert.Equal(t, -1, distributionFunction(&cluster6)) + } func TestGetShardByIndexModuloReplicasCountDistributionFunction(t *testing.T) { db, cluster1, cluster2, _, _, _ := createTestClusters() - t.Setenv(common.EnvControllerReplicas, "2") + os.Setenv(common.EnvControllerReplicas, "2") distributionFunction := RoundRobinDistributionFunction(db) // Test that the function returns the correct shard for cluster1 and cluster2 @@ -309,6 +303,7 @@ func TestInferShard(t *testing.T) { osHostnameFunction = func() (string, error) { return "example-shard", nil } _, err = InferShard() assert.NotNil(t, err) + } func createTestClusters() (*dbmocks.ArgoDB, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster) { diff --git a/controller/sharding/shuffle_test.go b/controller/sharding/shuffle_test.go index 9e089e31bad0f..2baaa6a758ca9 100644 --- a/controller/sharding/shuffle_test.go +++ b/controller/sharding/shuffle_test.go @@ -3,6 +3,7 @@ package sharding import ( "fmt" "math" + "os" "testing" "github.com/argoproj/argo-cd/v2/common" @@ -23,7 +24,7 @@ func TestLargeShuffle(t *testing.T) { } db.On("ListClusters", mock.Anything).Return(clusterList, nil) // Test with replicas set to 256 - t.Setenv(common.EnvControllerReplicas, "256") + os.Setenv(common.EnvControllerReplicas, "256") distributionFunction := RoundRobinDistributionFunction(&db) for i, c := range clusterList.Items { assert.Equal(t, i%2567, distributionFunction(&c)) @@ -46,7 +47,7 @@ func TestShuffle(t *testing.T) { db.On("ListClusters", mock.Anything).Return(clusterList, nil) // Test with replicas set to 3 - t.Setenv(common.EnvControllerReplicas, "3") + os.Setenv(common.EnvControllerReplicas, "3") distributionFunction := RoundRobinDistributionFunction(&db) assert.Equal(t, 0, distributionFunction(nil)) assert.Equal(t, 0, distributionFunction(&cluster1)) diff --git a/controller/state.go b/controller/state.go index 8b9842d91b249..a2765f249bc82 100644 --- a/controller/state.go +++ b/controller/state.go @@ -200,8 +200,6 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, sources []v1alp HelmOptions: helmOptions, HasMultipleSources: app.Spec.HasMultipleSources(), RefSources: refSources, - ProjectName: proj.Name, - ProjectSourceRepos: proj.Spec.SourceRepos, }) if err != nil { return nil, nil, fmt.Errorf("failed to generate manifest for source %d of %d: %w", i+1, len(sources), err) diff --git a/controller/state_test.go b/controller/state_test.go index ab004af591807..537c0208e734b 100644 --- a/controller/state_test.go +++ b/controller/state_test.go @@ -341,6 +341,7 @@ func TestAppRevisionsSingleSource(t *testing.T) { assert.NotNil(t, compRes.syncStatus) assert.NotEmpty(t, compRes.syncStatus.Revision) assert.Len(t, compRes.syncStatus.Revisions, 0) + } // TestAppRevisions tests that revisions are properly propagated for a multi source app @@ -707,8 +708,9 @@ var signedProj = argoappv1.AppProject{ } func TestSignedResponseNoSignatureRequired(t *testing.T) { - t.Setenv("ARGOCD_GPG_ENABLED", "true") - + oldval := os.Getenv("ARGOCD_GPG_ENABLED") + os.Setenv("ARGOCD_GPG_ENABLED", "true") + defer os.Setenv("ARGOCD_GPG_ENABLED", oldval) // We have a good signature response, but project does not require signed commits { app := newFakeApp() @@ -764,7 +766,9 @@ func TestSignedResponseNoSignatureRequired(t *testing.T) { } func TestSignedResponseSignatureRequired(t *testing.T) { - t.Setenv("ARGOCD_GPG_ENABLED", "true") + oldval := os.Getenv("ARGOCD_GPG_ENABLED") + os.Setenv("ARGOCD_GPG_ENABLED", "true") + defer os.Setenv("ARGOCD_GPG_ENABLED", oldval) // We have a good signature response, valid key, and signing is required - sync! { @@ -930,7 +934,7 @@ func TestSignedResponseSignatureRequired(t *testing.T) { assert.Contains(t, app.Status.Conditions[0].Message, "Cannot use local manifests") } - t.Setenv("ARGOCD_GPG_ENABLED", "false") + os.Setenv("ARGOCD_GPG_ENABLED", "false") // We have a bad signature response and signing would be required, but GPG subsystem is disabled - sync { app := newFakeApp() @@ -986,6 +990,7 @@ func TestSignedResponseSignatureRequired(t *testing.T) { assert.Len(t, compRes.managedResources, 0) assert.Len(t, app.Status.Conditions, 0) } + } func TestComparisonResult_GetHealthStatus(t *testing.T) { diff --git a/controller/sync_test.go b/controller/sync_test.go index da68e5d9a3dfe..a1a8161386436 100644 --- a/controller/sync_test.go +++ b/controller/sync_test.go @@ -2,6 +2,7 @@ package controller import ( "context" + "os" "testing" "github.com/argoproj/gitops-engine/pkg/sync" @@ -178,7 +179,8 @@ func TestSyncComparisonError(t *testing.T) { opState := &v1alpha1.OperationState{Operation: v1alpha1.Operation{ Sync: &v1alpha1.SyncOperation{}, }} - t.Setenv("ARGOCD_GPG_ENABLED", "true") + os.Setenv("ARGOCD_GPG_ENABLED", "true") + defer os.Setenv("ARGOCD_GPG_ENABLED", "false") ctrl.appStateManager.SyncAppState(app, opState) conditions := app.Status.GetConditions(map[v1alpha1.ApplicationConditionType]bool{v1alpha1.ApplicationConditionComparisonError: true}) diff --git a/docs/assets/azure-devops-webhook-config.png b/docs/assets/azure-devops-webhook-config.png deleted file mode 100644 index 26fb6d0683d63..0000000000000 Binary files a/docs/assets/azure-devops-webhook-config.png and /dev/null differ diff --git a/docs/developer-guide/releasing.md b/docs/developer-guide/releasing.md index bb51ebfa8d14b..a55be0d8b0c12 100644 --- a/docs/developer-guide/releasing.md +++ b/docs/developer-guide/releasing.md @@ -2,7 +2,7 @@ ## Introduction -Argo CD is released in a 2 step automated fashion using GitHub actions. The release process takes about 60 minutes, +ArgoCD is released in a 2 step automated fashion using GitHub actions. The release process takes about 60 minutes, sometimes a little less, depending on the performance of GitHub Actions runners. The target release branch must already exist in the GitHub repository. If you for diff --git a/docs/faq.md b/docs/faq.md index 19273acc04d23..588415fc04d2d 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -139,7 +139,7 @@ See [#1482](https://github.com/argoproj/argo-cd/issues/1482). ## How often does Argo CD check for changes to my Git or Helm repository ? The default polling interval is 3 minutes (180 seconds). -You can change the setting by updating the `timeout.reconciliation` value in the [argocd-cm](https://github.com/argoproj/argo-cd/blob/2d6ce088acd4fb29271ffb6f6023dbb27594d59b/docs/operator-manual/argocd-cm.yaml#L279-L282) config map. If there are any Git changes, Argo CD will only update applications with the [auto-sync setting](user-guide/auto_sync.md) enabled. If you set it to `0` then Argo CD will stop polling Git repositories automatically and you can only use alternative methods such as [webhooks](operator-manual/webhook.md) and/or manual syncs for deploying applications. +You can change the setting by updating the `timeout.reconciliation` value in the [argocd-cm](https://github.com/argoproj/argo-cd/blob/2d6ce088acd4fb29271ffb6f6023dbb27594d59b/docs/operator-manual/argocd-cm.yaml#L279-L282) config map. If there are any Git changes, ArgoCD will only update applications with the [auto-sync setting](user-guide/auto_sync.md) enabled. If you set it to `0` then Argo CD will stop polling Git repositories automatically and you can only use alternative methods such as [webhooks](operator-manual/webhook.md) and/or manual syncs for deploying applications. ## Why Are My Resource Limits `Out Of Sync`? @@ -194,7 +194,7 @@ argocd ... --insecure ## I have configured Dex via `dex.config` in `argocd-cm`, it still says Dex is unconfigured. Why? -Most likely you forgot to set the `url` in `argocd-cm` to point to your Argo CD as well. See also +Most likely you forgot to set the `url` in `argocd-cm` to point to your ArgoCD as well. See also [the docs](./operator-manual/user-management/index.md#2-configure-argo-cd-for-sso). ## Why are `SealedSecret` resources reporting a `Status`? @@ -208,14 +208,14 @@ fixed CRD if you want this feature to work at all. ## Why are resources of type `SealedSecret` stuck in the `Progressing` state? The controller of the `SealedSecret` resource may expose the status condition on resource it provisioned. Since -version `v2.0.0` Argo CD picks up that status condition to derive a health status for the `SealedSecret`. +version `v2.0.0` ArgoCD picks up that status condition to derive a health status for the `SealedSecret`. Versions before `v0.15.0` of the `SealedSecret` controller are affected by an issue regarding this status conditions updates, which is why this feature is disabled by default in these versions. Status condition updates may be enabled by starting the `SealedSecret` controller with the `--update-status` command line parameter or by setting the `SEALED_SECRETS_UPDATE_STATUS` environment variable. -To disable Argo CD from checking the status condition on `SealedSecret` resources, add the following resource +To disable ArgoCD from checking the status condition on `SealedSecret` resources, add the following resource customization in your `argocd-cm` ConfigMap via `resource.customizations.health.` key. ```yaml diff --git a/docs/index.md b/docs/index.md index 6315ced37efad..975b4ae56cae4 100644 --- a/docs/index.md +++ b/docs/index.md @@ -25,7 +25,7 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/st ``` Follow our [getting started guide](getting_started.md). Further user oriented [documentation](user-guide/) -is provided for additional features. If you are looking to upgrade Argo CD, see the [upgrade guide](./operator-manual/upgrading/overview.md). +is provided for additional features. If you are looking to upgrade ArgoCD, see the [upgrade guide](./operator-manual/upgrading/overview.md). Developer oriented [documentation](developer-guide/) is available for people interested in building third-party integrations. ## How it works diff --git a/docs/operator-manual/applicationset/Generators-Plugin.md b/docs/operator-manual/applicationset/Generators-Plugin.md index 3747c38865df5..57ae0f90fb840 100644 --- a/docs/operator-manual/applicationset/Generators-Plugin.md +++ b/docs/operator-manual/applicationset/Generators-Plugin.md @@ -94,8 +94,8 @@ metadata: type: Opaque data: # ... - # The secret value must be base64 encoded **once**. - # this value corresponds to: `printf "strong-password" | base64`. + # The secret value must be base64 encoded **once** + # this value corresponds to: `printf "strong-password" | base64` plugin.myplugin.token: "c3Ryb25nLXBhc3N3b3Jk" # ... ``` @@ -124,9 +124,9 @@ type: Opaque data: # ... # Store client secret like below. - # The secret value must be base64 encoded **once**. - # This value corresponds to: `printf "strong-password" | base64`. - plugin.myplugin.token: "c3Ryb25nLXBhc3N3b3Jk" + # Ensure the secret is base64 encoded + plugin.myplugin.token: + # ... ``` ### HTTP server @@ -138,7 +138,7 @@ You can deploy it either as a sidecar or as a standalone deployment (the latter In the example, the token is stored in a file at this location : `/var/run/argo/token` ``` -strong-password +string-password ``` ```python @@ -199,7 +199,7 @@ if __name__ == '__main__': Execute getparams with curl : ``` -curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer strong-password" -d \ +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ '{ "applicationSetName": "fake-appset", "input": { @@ -283,7 +283,7 @@ To illustrate : - The generator plugin would then perform 2 requests as follows : ```shell -curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer strong-password" -d \ +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ '{ "applicationSetName": "fb-matrix", "input": { @@ -297,7 +297,7 @@ curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer st Then, ```shell -curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer strong-password" -d \ +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer string-password" -d \ '{ "applicationSetName": "fb-matrix", "input": { diff --git a/docs/operator-manual/applicationset/Generators-Pull-Request.md b/docs/operator-manual/applicationset/Generators-Pull-Request.md index 693b43ac96415..cd37844548d29 100644 --- a/docs/operator-manual/applicationset/Generators-Pull-Request.md +++ b/docs/operator-manual/applicationset/Generators-Pull-Request.md @@ -232,7 +232,7 @@ spec: - `api`: Optional URL to access the Bitbucket REST API. For the example above, an API request would be made to `https://api.bitbucket.org/2.0/repositories/{workspace}/{repo_slug}/pullrequests`. If not set, defaults to `https://api.bitbucket.org/2.0` - `branchMatch`: Optional regexp filter which should match the source branch name. This is an alternative to labels which are not supported by Bitbucket server. -If you want to access a private repository, Argo CD will need credentials to access repository in Bitbucket Cloud. You can use Bitbucket App Password (generated per user, with access to whole workspace), or Bitbucket App Token (generated per repository, with access limited to repository scope only). If both App Password and App Token are defined, App Token will be used. +If you want to access a private repository, ArgoCD will need credentials to access repository in Bitbucket Cloud. You can use Bitbucket App Password (generated per user, with access to whole workspace), or Bitbucket App Token (generated per repository, with access limited to repository scope only). If both App Password and App Token are defined, App Token will be used. To use Bitbucket App Password, use `basicAuth` section. - `username`: The username to authenticate with. It only needs read access to the relevant repo. diff --git a/docs/operator-manual/applicationset/Generators-SCM-Provider.md b/docs/operator-manual/applicationset/Generators-SCM-Provider.md index 9651633c9b172..095d6616ee5e3 100644 --- a/docs/operator-manual/applicationset/Generators-SCM-Provider.md +++ b/docs/operator-manual/applicationset/Generators-SCM-Provider.md @@ -87,9 +87,6 @@ spec: allBranches: true # If true, recurses through subgroups. If false, it searches only in the base group. Defaults to false. includeSubgroups: true - # If true and includeSubgroups is also true, include Shared Projects, which is gitlab API default. - # If false only search Projects under the same path. Defaults to true. - includeSharedProjects: false # Reference to a Secret containing an access token. (optional) tokenRef: secretName: gitlab-token @@ -104,7 +101,6 @@ spec: * `api`: If using self-hosted GitLab, the URL to access it. * `allBranches`: By default (false) the template will only be evaluated for the default branch of each repo. If this is true, every branch of every repository will be passed to the filters. If using this flag, you likely want to use a `branchMatch` filter. * `includeSubgroups`: By default (false) the controller will only search for repos directly in the base group. If this is true, it will recurse through all the subgroups searching for repos to scan. -* `includeSharedProjects`: If true and includeSubgroups is also true, include Shared Projects, which is gitlab API default. If false only search Projects under the same path. In general most would want the behaviour when set to false. Defaults to true. * `tokenRef`: A `Secret` name and key containing the GitLab access token to use for requests. If not specified, will make anonymous requests which have a lower rate limit and can only see public repositories. * `insecure`: By default (false) - Skip checking the validity of the SCM's certificate - useful for self-signed TLS certificates. @@ -318,7 +314,7 @@ Depending on whether `role` is provided in `awsCodeCommit` property, AWS IAM per #### Discover AWS CodeCommit Repositories in the same AWS Account as ApplicationSet Controller Without specifying `role`, ApplicationSet controller will use its own AWS identity to scan AWS CodeCommit repos. -This is suitable when you have a simple setup that all AWS CodeCommit repos reside in the same AWS account as your Argo CD. +This is suitable when you have a simple setup that all AWS CodeCommit repos reside in the same AWS account as your ArgoCD. As the ApplicationSet controller AWS identity is used directly for repo discovery, it must be granted below AWS permissions. diff --git a/docs/operator-manual/applicationset/Progressive-Syncs.md b/docs/operator-manual/applicationset/Progressive-Syncs.md index f29689af6dfc3..8864151e9dcb7 100644 --- a/docs/operator-manual/applicationset/Progressive-Syncs.md +++ b/docs/operator-manual/applicationset/Progressive-Syncs.md @@ -15,7 +15,7 @@ As an experimental feature, progressive syncs must be explicitly enabled, in one 1. Pass `--enable-progressive-syncs` to the ApplicationSet controller args. 1. Set `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS=true` in the ApplicationSet controller environment variables. -1. Set `applicationsetcontroller.enable.progressive.syncs: true` in the Argo CD ConfigMap. +1. Set `applicationsetcontroller.enable.progressive.syncs: true` in the Argo CD `argocd-cmd-params-cm` ConfigMap. ## Strategies diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md index 4519bb2d1c6a2..248dc0c447685 100644 --- a/docs/operator-manual/declarative-setup.md +++ b/docs/operator-manual/declarative-setup.md @@ -12,7 +12,7 @@ All resources, including `Application` and `AppProject` specs, have to be instal |-----------------------------------------------------------------------|------------------------------------------------------------------------------------|-----------|--------------------------------------------------------------------------------------| | [`argocd-cm.yaml`](argocd-cm-yaml.md) | argocd-cm | ConfigMap | General Argo CD configuration | | [`argocd-repositories.yaml`](argocd-repositories-yaml.md) | my-private-repo / istio-helm-repo / private-helm-repo / private-repo | Secrets | Sample repository connection details | -| [`argocd-repo-creds.yaml`](argocd-repo-creds.yaml) | argoproj-https-creds / argoproj-ssh-creds / github-creds / github-enterprise-creds | Secrets | Sample repository credential templates | +| [`argocd-repo-creds.yaml`](argocd-repo-creds-yaml.md) | argoproj-https-creds / argoproj-ssh-creds / github-creds / github-enterprise-creds | Secrets | Sample repository credential templates | | [`argocd-cmd-params-cm.yaml`](argocd-cmd-params-cm-yaml.md) | argocd-cmd-params-cm | ConfigMap | Argo CD env variables configuration | | [`argocd-secret.yaml`](argocd-secret-yaml.md) | argocd-secret | Secret | User Passwords, Certificates (deprecated), Signing Key, Dex secrets, Webhook secrets | | [`argocd-rbac-cm.yaml`](argocd-rbac-cm-yaml.md) | argocd-rbac-cm | ConfigMap | RBAC Configuration | @@ -209,7 +209,7 @@ metadata: argocd.argoproj.io/secret-type: repository stringData: type: git - url: git@github.com:argoproj/my-private-repository.git + url: git@github.com:argoproj/my-private-repository sshPrivateKey: | -----BEGIN OPENSSH PRIVATE KEY----- ... diff --git a/docs/operator-manual/deep_links.md b/docs/operator-manual/deep_links.md index c166a1d25d75d..df46cced2ae90 100644 --- a/docs/operator-manual/deep_links.md +++ b/docs/operator-manual/deep_links.md @@ -37,7 +37,7 @@ Each link in the list has five subfields: As mentioned earlier the links and conditions can be templated to use data from the resource, each category of links can access different types of data linked to that resource. Overall we have these 4 resources available for templating in the system: -- `app` or `application`: this key is used to access the application resource data. +- `application`: this key is used to access the application resource data. - `resource`: this key is used to access values for the actual k8s resource. - `cluster`: this key is used to access the related destination cluster data like name, server, namespaces etc. - `project`: this key is used to access the project resource data. @@ -45,7 +45,7 @@ Overall we have these 4 resources available for templating in the system: The above resources are accessible in particular link categories, here's a list of resources available in each category: - `resource.links`: `resource`, `application`, `cluster` and `project` -- `application.links`: `app`/`application` and `cluster` +- `application.links`: `application` and `cluster` - `project.links`: `project` An example `argocd-cm.yaml` file with deep links and their variations : @@ -60,16 +60,16 @@ An example `argocd-cm.yaml` file with deep links and their variations : # sample application level links application.links: | # pkg.go.dev/text/template is used for evaluating url templates - - url: https://mycompany.splunk.com?search={{.app.spec.destination.namespace}}&env={{.project.metadata.labels.env}} + - url: https://mycompany.splunk.com?search={{.application.spec.destination.namespace}}&env={{.project.metadata.labels.env}} title: Splunk # conditionally show link e.g. for specific project # github.com/antonmedv/expr is used for evaluation of conditions - - url: https://mycompany.splunk.com?search={{.app.spec.destination.namespace}} + - url: https://mycompany.splunk.com?search={{.application.spec.destination.namespace}} title: Splunk if: application.spec.project == "default" - - url: https://{{.app.metadata.annotations.splunkhost}}?search={{.app.spec.destination.namespace}} + - url: https://{{.application.metadata.annotations.splunkhost}}?search={{.application.spec.destination.namespace}} title: Splunk - if: app.metadata.annotations.splunkhost != "" + if: application.metadata.annotations.splunkhost != "" # sample resource level links resource.links: | - url: https://mycompany.splunk.com?search={{.resource.metadata.name}}&env={{.project.metadata.labels.env}} diff --git a/docs/operator-manual/high_availability.md b/docs/operator-manual/high_availability.md index 499e7de954956..eaa000b5d96d5 100644 --- a/docs/operator-manual/high_availability.md +++ b/docs/operator-manual/high_availability.md @@ -64,8 +64,6 @@ controller replicas. To enable sharding increase the number of replicas in `argo and repeat the number of replicas in the `ARGOCD_CONTROLLER_REPLICAS` environment variable. The strategic merge patch below demonstrates changes required to configure two controller replicas. -* By default, the controller will update the cluster information every 10 seconds. If there is a problem with your cluster network environment that is causing the update time to take a long time, you can try modifying the environment variable `ARGO_CD_UPDATE_CLUSTER_INFO_TIMEOUT` to increase the timeout (the unit is seconds). - ```yaml apiVersion: apps/v1 kind: StatefulSet diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md index 84b2bcaf34a67..d60165e284542 100644 --- a/docs/operator-manual/ingress.md +++ b/docs/operator-manual/ingress.md @@ -414,132 +414,6 @@ Once we create this service, we can configure the Ingress to conditionally route - argocd.argoproj.io ``` -## [Istio](https://www.istio.io) -You can put Argo CD behind Istio using following configurations. Here we will achive both serving Argo CD behind istio and using subpath on Istio - -First we need to make sure that we can run Argo CD with subpath (ie /argocd). For this we have used install.yaml from argocd project as is - -```bash -curl -kLs -o install.yaml https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml -``` - -save following file as kustomization.yml - -```yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ./install.yaml - -patches: -- path: ./patch.yml -``` - -And following lines as patch.yml - -```yaml -# Use --insecure so Ingress can send traffic with HTTP -# --bashref /argocd is the subpath like https://IP/argocd -# env was added because of https://github.com/argoproj/argo-cd/issues/3572 error ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: argocd-server -spec: - template: - spec: - containers: - - args: - - /usr/local/bin/argocd-server - - --staticassets - - /shared/app - - --redis - - argocd-redis-ha-haproxy:6379 - - --insecure - - --basehref - - /argocd - - --rootpath - - /argocd - name: argocd-server - env: - - name: ARGOCD_MAX_CONCURRENT_LOGIN_REQUESTS_COUNT - value: "0" -``` - -After that install Argo CD (there should be only 3 yml file defined above in current directory ) - -```bash -kubectl apply -k ./ -n argocd --wait=true -``` - -Be sure you create secret for Isito ( in our case secretname is argocd-server-tls on argocd Namespace). After that we create Istio Resources - -```yaml -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: argocd-gateway - namespace: argocd -spec: - selector: - istio: ingressgateway - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "*" - tls: - httpsRedirect: true - - port: - number: 443 - name: https - protocol: HTTPS - hosts: - - "*" - tls: - credentialName: argocd-server-tls - maxProtocolVersion: TLSV1_3 - minProtocolVersion: TLSV1_2 - mode: SIMPLE - cipherSuites: - - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-GCM-SHA256 - - ECDHE-ECDSA-AES128-SHA - - AES128-GCM-SHA256 - - AES128-SHA - - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-GCM-SHA384 - - ECDHE-ECDSA-AES256-SHA - - AES256-GCM-SHA384 - - AES256-SHA ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: argocd-virtualservice - namespace: argocd -spec: - hosts: - - "*" - gateways: - - argocd-gateway - http: - - match: - - uri: - prefix: /argocd - route: - - destination: - host: argocd-server - port: - number: 80 -``` - -And now we can browse http://{{ IP }}/argocd (it will be rewritten to https://{{ IP }}/argocd - - ## Google Cloud load balancers with Kubernetes Ingress You can make use of the integration of GKE with Google Cloud to deploy Load Balancers using just Kubernetes objects. @@ -712,7 +586,7 @@ Once the DNS change is propagated, you're ready to use Argo with your Google Clo ## Authenticating through multiple layers of authenticating reverse proxies -Argo CD endpoints may be protected by one or more reverse proxies layers, in that case, you can provide additional headers through the `argocd` CLI `--header` parameter to authenticate through those layers. +ArgoCD endpoints may be protected by one or more reverse proxies layers, in that case, you can provide additional headers through the `argocd` CLI `--header` parameter to authenticate through those layers. ```shell $ argocd login : --header 'x-token1:foo' --header 'x-token2:bar' # can be repeated multiple times @@ -720,7 +594,7 @@ $ argocd login : --header 'x-token1:foo,x-token2:bar' # headers can ``` ## ArgoCD Server and UI Root Path (v1.5.3) -Argo CD server and UI can be configured to be available under a non-root path (e.g. `/argo-cd`). +ArgoCD server and UI can be configured to be available under a non-root path (e.g. `/argo-cd`). To do this, add the `--rootpath` flag into the `argocd-server` deployment command: ```yaml diff --git a/docs/operator-manual/metrics.md b/docs/operator-manual/metrics.md index 174b08fd75c2c..da816f82f519b 100644 --- a/docs/operator-manual/metrics.md +++ b/docs/operator-manual/metrics.md @@ -7,7 +7,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin | Metric | Type | Description | |--------|:----:|-------------| -| `argocd_app_info` | gauge | Information about Applications. It contains labels such as `sync_status` and `health_status` that reflect the application state in Argo CD. | +| `argocd_app_info` | gauge | Information about Applications. It contains labels such as `sync_status` and `health_status` that reflect the application state in ArgoCD. | | `argocd_app_k8s_request_total` | counter | Number of kubernetes requests executed during application reconciliation | | `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section below about how to enable it. | | `argocd_app_reconcile` | histogram | Application reconciliation performance. | @@ -23,7 +23,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin | `argocd_redis_request_duration` | histogram | Redis requests duration. | | `argocd_redis_request_total` | counter | Number of redis requests executed during application reconciliation | -If you use Argo CD with many application and project creation and deletion, +If you use ArgoCD with many application and project creation and deletion, the metrics page will keep in cache your application and project's history. If you are having issues because of a large number of metrics cardinality due to deleted resources, you can schedule a metrics reset to clean the @@ -32,16 +32,16 @@ history with an application controller flag. Example: ### Exposing Application labels as Prometheus metrics -There are use-cases where Argo CD Applications contain labels that are desired to be exposed as Prometheus metrics. +There are use-cases where ArgoCD Applications contain labels that are desired to be exposed as Prometheus metrics. Some examples are: * Having the team name as a label to allow routing alerts to specific receivers * Creating dashboards broken down by business units As the Application labels are specific to each company, this feature is disabled by default. To enable it, add the -`--metrics-application-labels` flag to the Argo CD application controller. +`--metrics-application-labels` flag to the ArgoCD application controller. -The example below will expose the Argo CD Application labels `team-name` and `business-unit` to Prometheus: +The example below will expose the ArgoCD Application labels `team-name` and `business-unit` to Prometheus: containers: - command: diff --git a/docs/operator-manual/secret-management.md b/docs/operator-manual/secret-management.md index 0756734c7b822..54795fe4cc56c 100644 --- a/docs/operator-manual/secret-management.md +++ b/docs/operator-manual/secret-management.md @@ -10,7 +10,7 @@ Here are some ways people are doing GitOps secrets: * [Bitnami Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets) * [External Secrets Operator](https://github.com/external-secrets/external-secrets) * [Hashicorp Vault](https://www.vaultproject.io) -* [Bank-Vaults]((https://bank-vaults.dev/)) +* [Banzai Cloud Bank-Vaults](https://github.com/banzaicloud/bank-vaults) * [Helm Secrets](https://github.com/jkroepke/helm-secrets) * [Kustomize secret generator plugins](https://github.com/kubernetes-sigs/kustomize/blob/fd7a353df6cece4629b8e8ad56b71e30636f38fc/examples/kvSourceGoPlugin.md#secret-values-from-anywhere) * [aws-secret-operator](https://github.com/mumoshu/aws-secret-operator) diff --git a/docs/operator-manual/security.md b/docs/operator-manual/security.md index 3ba9fdfe39363..593030e1756e4 100644 --- a/docs/operator-manual/security.md +++ b/docs/operator-manual/security.md @@ -173,7 +173,7 @@ kubectl edit clusterrole argocd-application-controller ``` !!! tip - If you want to deny Argo CD access to a kind of resource then add it as an [excluded resource](declarative-setup.md#resource-exclusion). + If you want to deny ArgoCD access to a kind of resource then add it as an [excluded resource](declarative-setup.md#resource-exclusion). ## Auditing diff --git a/docs/operator-manual/signed-release-assets.md b/docs/operator-manual/signed-release-assets.md index 9aec6bb071047..1cd8636edf5a3 100644 --- a/docs/operator-manual/signed-release-assets.md +++ b/docs/operator-manual/signed-release-assets.md @@ -142,7 +142,7 @@ A single attestation (`argocd-sbom.intoto.jsonl`) from each release is provided slsa-verifier verify-artifact sbom.tar.gz \ --provenance-path argocd-sbom.intoto.jsonl \ --source-uri github.com/argoproj/argo-cd \ - --source-tag v2.7.0 + --source-tag v2.8.0 ``` *** diff --git a/docs/operator-manual/tested-kubernetes-versions.md b/docs/operator-manual/tested-kubernetes-versions.md index 897620296a515..1550f3f691e68 100644 --- a/docs/operator-manual/tested-kubernetes-versions.md +++ b/docs/operator-manual/tested-kubernetes-versions.md @@ -1,6 +1,5 @@ | Argo CD version | Kubernetes versions | |-----------------|---------------------| +| 2.8 | v1.27, v1.26, v1.25, v1.24 | | 2.7 | v1.26, v1.25, v1.24, v1.23 | | 2.6 | v1.24, v1.23, v1.22 | -| 2.5 | v1.24, v1.23, v1.22 | - diff --git a/docs/operator-manual/user-management/index.md b/docs/operator-manual/user-management/index.md index 1b3b96cd72104..5bac93db92d06 100644 --- a/docs/operator-manual/user-management/index.md +++ b/docs/operator-manual/user-management/index.md @@ -44,24 +44,6 @@ Each user might have two capabilities: * apiKey - allows generating authentication tokens for API access * login - allows to login using UI -### Delete user - -In order to delete a user, you must remove the corresponding entry defined in the `argocd-cm` ConfigMap: - -Example: - -```bash -kubectl patch -n argocd cm argocd-cm --type='json' -p='[{"op": "remove", "path": "/data/accounts.alice"}]' -``` - -It is recommended to also remove the password entry in the `argocd-secret` Secret: - -Example: - -```bash -kubectl patch -n argocd secrets argocd-secret --type='json' -p='[{"op": "remove", "path": "/data/accounts.alice.password"}]' -``` - ### Disable admin user As soon as additional users are created it is recommended to disable `admin` user: diff --git a/docs/operator-manual/webhook.md b/docs/operator-manual/webhook.md index 1d5ad5ec79c96..9a93d6ff0208c 100644 --- a/docs/operator-manual/webhook.md +++ b/docs/operator-manual/webhook.md @@ -4,7 +4,7 @@ Argo CD polls Git repositories every three minutes to detect changes to the manifests. To eliminate this delay from polling, the API server can be configured to receive webhook events. Argo CD supports -Git webhook notifications from GitHub, GitLab, Bitbucket, Bitbucket Server, Azure DevOps and Gogs. The following explains how to configure +Git webhook notifications from GitHub, GitLab, Bitbucket, Bitbucket Server and Gogs. The following explains how to configure a Git webhook for GitHub, but the same process should be applicable to other providers. !!! note @@ -12,28 +12,19 @@ a Git webhook for GitHub, but the same process should be applicable to other pro the same. A hook event for a push to branch `x` will trigger a refresh for an app pointing at the same repo with `targetRevision: refs/tags/x`. -## 1. Create The WebHook In The Git Provider +### 1. Create The WebHook In The Git Provider In your Git provider, navigate to the settings page where webhooks can be configured. The payload URL configured in the Git provider should use the `/api/webhook` endpoint of your Argo CD instance (e.g. `https://argocd.example.com/api/webhook`). If you wish to use a shared secret, input an arbitrary value in the secret. This value will be used when configuring the webhook in the next step. -## Github - ![Add Webhook](../assets/webhook-config.png "Add Webhook") !!! note When creating the webhook in GitHub, the "Content type" needs to be set to "application/json". The default value "application/x-www-form-urlencoded" is not supported by the library used to handle the hooks -## Azure DevOps - -![Add Webhook](../assets/azure-devops-webhook-config.png "Add Webhook") - -Azure DevOps optionally supports securing the webhook using basic authentication. To use it, specify the username and password in the webhook configuration and configure the same username/password in `argocd-secret` Kubernetes secret in -`webhook.azuredevops.username` and `webhook.azuredevops.password` keys. - -## 2. Configure Argo CD With The WebHook Secret (Optional) +### 2. Configure Argo CD With The WebHook Secret (Optional) Configuring a webhook shared secret is optional, since Argo CD will still refresh applications related to the Git repository, even with unauthenticated webhook events. This is safe to do since @@ -45,14 +36,12 @@ In the `argocd-secret` kubernetes secret, configure one of the following keys wi provider's webhook secret configured in step 1. | Provider | K8s Secret Key | -|-----------------|----------------------------------| +|-----------------| ---------------------------------| | GitHub | `webhook.github.secret` | | GitLab | `webhook.gitlab.secret` | | BitBucket | `webhook.bitbucket.uuid` | | BitBucketServer | `webhook.bitbucketserver.secret` | | Gogs | `webhook.gogs.secret` | -| Azure DevOps | `webhook.azuredevops.username` | -| | `webhook.azuredevops.password` | Edit the Argo CD kubernetes secret: @@ -90,10 +79,6 @@ stringData: # gogs server webhook secret webhook.gogs.secret: shhhh! it's a gogs server secret - - # azuredevops username and password - webhook.azuredevops.username: admin - webhook.azuredevops.password: secret-password ``` After saving, the changes should take effect automatically. diff --git a/docs/proposals/feature-bounties.md b/docs/proposals/feature-bounties.md deleted file mode 100644 index a3b978bf0becb..0000000000000 --- a/docs/proposals/feature-bounties.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Offering Feature Bounties (Experimental) -authors: - - "@crenshaw-dev" - - "@todaywasawesome" -sponsors: - - "@jannfis" -reviewers: - - TBD -approvers: - - TBD - -creation-date: 2023-06-27 ---- -# Offering Feature Bounties (Experimental) - -## Summary -We'd like to have the ability to offer monetary rewards for significant features to be added to Argo. - -## Motivation -The Argo Project is driven by community contributions and in shared trust with maintainer companies. Sometimes there are important features worth investing in that represent substantial work and are tougher, or take longer to implement. - -By providing a financial incentive, we can spur additional development from the community and indepdent contributors. - -## Proposal -Add the ability to mark a proposal with a bounty and a specific amount. When a PR is successfully merged, release payment to the PR author(s). - -This proposal is experimental, meaning after trying a single bounty, we will review as a project and decide if we would like to continue this program. Accepting this proposal only constitutes the program for a single bounty as an experiment. - -### Guidelines and Rules - -#### Creating a Bounty -A bounty is a special proposal created under `docs/proposals/feature-bounties`. -* A bounty proposal may only be created by an existing Argo maintainer. -* The proposal document must be reviewed in regular maintainer meetings and an invitation for feedback will provide 7-days to comment. -* Bounty should have approval with [lazy-consensus](https://community.apache.org/committers/lazyConsensus.html) -* Once a bounty is created, they must be honored. -* Bounty progress will be tracked in a GitHub issue linked in the proposal. -* Creating a bounty requires the funds be available and not already committed elsewhere. - -#### Claiming a Bounty -* Argo will pay out bounties once a pull request implementing the requested features/changes/fixes is merged. -* A bounty is limited to a single successful PR. -* Those interested in working on the bounty are encouraged to comment on the issue, and users may team up to split a bounty if they prefer but collaboration is not required and users should not shame eachother for their preferences to work alone or together. -* A comment of interest does not constitute a claim and will not be treated as such. -* The first pull request submitted that is ready for merge will be reviewed by maintainers. Maintainers will also consider any competing pull requests submitted within 24-hours. We expect this will be a very rare circumstance. If multiple, high-quality, merge ready pull requests are submitted, 3-5 Approvers for the sub-project will vote to decide the final pull request merged. - -### Funding -The Argo Project has a small amount of funds from HackerOne bounties that can provide for a few feature bounties. \ No newline at end of file diff --git a/docs/proposals/native-ocp-support.md b/docs/proposals/native-ocp-support.md deleted file mode 100644 index 64918fde8904e..0000000000000 --- a/docs/proposals/native-ocp-support.md +++ /dev/null @@ -1,135 +0,0 @@ ---- -title: Argo CD first-class OCI support -authors: - - "@sabre1041" - - "@crenshaw-dev" - - "@todaywasawesome" - -sponsors: - - TBD -reviewers: - - "@alexmt" -approvers: - - "@alexmt" - -creation-date: 2023-05-09 ---- - -# Argo CD first-class OCI support - -Storing and retrieving manifests within in OCI registries - -## Summary - -Currently, Argo CD supports obtaining manifests from either a Git repository, a Helm chart repository, or a Helm chart stored within an OCI registry. Given that OCI registries are more frequently being used to store content aside from container images, introduce a mechanism for storing and retrieving manifests that can be used by any of the existing supported tools in any of the supported methods of representing assets that are to be applied to a Kubernetes environment. - - -## Motivation - -The industry is seeing a rapid adoption of OCI Artifacts as a method for storing and retrieving content. Adding support for sourcing resources stored in OCI artifacts not only provides immediate benefits, but opens up additional possible integrations in the future. - -**Dependency Reduction** - - At the present time, a user must have access to either a Git repository, or a remote Helm chart repository. Most users or enterprise organizations already have access to an OCI registry as it represents the primary source of image related content within a Kubernetes environment. By sourcing assets from OCI registries, no additional infrastructure is required in order to store a variety of content types simplifying the set of requirements in order to begin to fully leverage the capabilities of Argo CD. - -**Market Relevance** - -Argo CD continues to be one of the most popular GitOps tools in the industry. As the industry continues to evolve, other tools within the GitOps market have already began to adopt OCI artifacts as a source for storing and retrieving GitOps resources. - -### Goals - -* Enable the retrieval of resources stored as artifacts in OCI registries that are formatted in any of the supported options (Kustomize, Jsonnet, Helm, plain-manifest, CMPs, etc) -* Define a format for storing resources that can be processed by Argo CD as an OCI artifact including the composition and [Media Type(s)](https://github.com/opencontainers/image-spec/blob/main/media-types.md) -* Support the retrieval of artifacts from OCI registries using custom / self signed TLS certificates. -* Support the retrieval of artifacts from OCI registries requiring authentication. - -### Non-Goals - -* CLI Integration to package and publish resources in a format for storage in an OCI registry -* Attach metadata to OCI artifact manifest to provide additional details related to the content (such as original Git source [URL, revision]) - -## Proposal - -This is where we get down to details of what the proposal is about. - -### Use cases - -Add a list of detailed use cases this enhancement intends to take care of. - -#### Publishing and retrieval of content from OCI registries: - -As a user, I would like to make use of content that is represented by any of the supported options (Kustomize, Jsonnet, Helm, plain-manifest, etc) or those that could be consumed using a Config Management Plugin from an OCI registry. - -#### Authenticating to OCI registries: - -As a user, I would like to enforce proper security controls by requiring authentication to an OCI registry and configure Argo CD to be able to interact with this registry. - -#### CLI Integration: - -As a user, I would like the ability to produce, store and retrieve resources (pull/push) in a OCI registry using the Argo CD CLI. - -### Implementation Details/Notes/Constraints - -The Argo CD repo-server currently maintains two types of clients - Helm and git. By adding a third client, and invoking it in the same places as the other two, we can support OCI artifacts. - -It seems likely that we should create a new, common interface to represent all three clients. Then we can instantiate the client we need, toggling on whatever value in the repo config determines what kind of repo we're fetching from. - -#### Format of OCI Artifact - -An OCI artifact can contain any type of binary content. It is important that the content be formatted in a manner that can be consumed by Argo CD. - -#### Content - -Resources that is consumed by Argo CD can be represented by a series of files and folders. To be stored within an OCI artifact, these assets are stored within a compressed tar archive (.tar.gz) OCI layer. The [OCI Image Specification](https://specs.opencontainers.org/image-spec/) allows for metadata to be added through the use of annotations to provide attribute based details describing the included content. This level of detail is important as it satisfies many of the existing capabilities of Argo CD for tracking content, such as Git repository URL, branch name/revision. - - -#### Media Types - -The [OCI Image Specification](https://specs.opencontainers.org/image-spec/) makes extensive use of Media Types to identity the format of content. To provide not only a way that signifies the content of the OCI artifact contains Argo CD manifests, but to define the structure of the content. An understanding of the composition and requirements enable a broad ecosystem of tooling that can be used to produce and consume Argo CD resources within OCI registries. - -Two new Media Types will be used for this purpose as defined below: - -* `application/vnd.cncf.argoproj.argocd.content.v1.tar+gzip` - Primary asset stored within the OCI artifact containing a gzip compressed tar archive of Argo CD resources. Further details are outlined in the prior section. -* `application/vnd.cncf.argoproj.argocd.config.v1+json` - An [OCI Image Configuration](https://specs.opencontainers.org/image-spec/config/) - - -### Detailed examples - - -### Security Considerations - -The direct integration with an external endpoint from the core subsystem of Argo CD introduces several considerations as it relates to security. It is worthy to note that Argo CD currently does support sourcing Helm charts that are stored within OCI registries. However, this interaction is performed by Helm and its underlying library, [ORAS](https://oras.land), and not Argo CD itself. Capabilities included within this proposal can make use of the same libraries to facilitate the interaction. - -#### Credentials - -Security controls may be enforced within the OCI registry to enforce that clients authenticate. The introduction of additional mechanisms to authenticate against target systems is outside the scope of this proposal. However, an integration with existing capabilities and features, such as sourcing from _repository_ credentials is required. - - -### Risks and Mitigation's - -#### Overlap with existing Helm OCI integration - -Argo CD already includes support for sourcing Helm Charts from OCI registries and the retrieval is delegated to functionality provided by Helm. Considerations must be taken into account to determine whether the intent by the end user is to consume an OCI artifact containing Argo CD related resources or a Helm chart. One such method for addressing this concern is to inspect the `mediaType` of the OCI artifact. - - -### Upgrade / Downgrade Strategy - -If applicable, how will the component be upgraded and downgraded? Make sure this is in the test -plan. - -Consider the following in developing an upgrade/downgrade strategy for this enhancement: - -- What changes (in invocations, configurations, API use, etc.) is an existing cluster required to - make on upgrade in order to keep previous behavior? -- What changes (in invocations, configurations, API use, etc.) is an existing cluster required to - make on upgrade in order to make use of the enhancement? - -## Drawbacks - -* Sourcing content from an OCI registry may be perceived to be against GitOps principles as content is not sourced from a Git repository. This concern could be mitigated by attaching additional details related to the content (such as original Git source [URL, revision]). Though it should be noted that the GitOps principles only require a source of truth to be visioned and immutable which OCI registires support. - -## Alternatives - -### Config Management Plugin - -Content stored within OCI artifacts could be sourced using a Config Management Plugin which would not require changes to the core capabilities provided by Argo CD. However, this would be hacky and not represent itself within the Argo CD UI. \ No newline at end of file diff --git a/docs/proposals/respect-rbac-for-resource-exclusions.md b/docs/proposals/respect-rbac-for-resource-exclusions.md deleted file mode 100644 index fb4227638b6e7..0000000000000 --- a/docs/proposals/respect-rbac-for-resource-exclusions.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Respect RBAC for Resource Inclusions/Exclusions - -authors: -- "@gdsoumya" -- "@alexmt" - -sponsors: -- TBD - -reviewers: -- @jannfis - -approvers: -- @jannfis - -creation-date: 2023-05-03 - ---- - -# Enhancement Idea - -This is a proposal to provide the ability to configure argocd controller, to respect the current RBAC permissions -when handling resources besides the already existing resource inclusions and exclusions. - -## Summary - -Argo CD administrator will be able to configure in `argocd-cm`, whether to enable or disable(default) the feature where the controller will -only monitor resources that the current service account allows it to read. - -## Motivation - -Some users restrict the access of the argocd to specific resources using rbac and this feature will enable them to continue -using argocd without having to manually configure resource exclusions for all the resources that they don't want argocd to be managing. - -## Proposal - -The configuration for this will be present in the `argocd-cm`, we will add new boolean field `resource.respectRBAC` in the -cm which can be set to `true` to enable this feature, by default the feature is disabled. - -For the implementation there are 3 proposals : - -1. Modify `gitops-engine` pkg to make a `SelfSubjectAccessReview` request before adding any resource to the watch list, in this approach we are making an extra - api server call to check if controller has access to the resource, this does increase the no. of kubeapi calls made but is more accurate. -2. Modify `gitops-engine` pkg to check for forbidden/unauthorized errors when listing for resources, this is more efficient approach as the - no. of kubeapi calls made does not change, but there is a chance of false positives as similar errors can be returned from kubeapi server or env specific proxies in other situations -3. Combine approaches 1 and 2, in this controller will check the api response for the list call, and if it receives forbidden/unauthorized it will make the `SelfSubjectAccessReview` call. - This approach is accurate and at the same time, only makes extra api calls if the list calls fail in the first place. - -In all solutions, once controller determines that it does not have access to the resource it will stop monitoring it. - -### Implementation decision - -It was decided that we will go with approach 3 from the above list, but instead of a boolean flag we will have the `resource.respectRBAC` take 3 configuration options for the users : - - `strict` : This will perform both the checks i.e. whether the list call response is forbidden/unauthorized and if it is make the `SelfSubjectAccessReview` call to confirm. - - `normal` : This will only check whether the list call response is forbidden/unauthorized and skip `SelfSubjectAccessReview` call. - - unset/empty : This will disable the feature and controller will continue to monitor all resources. - -NOTE: By default `resource.respectRBAC` will be unset or `""` which disables the feature - -Users who are okay with an increase in kube api server calls can opt for strict option while users who are concerned with higher api calls can compromise on the accuracy and opt for the normal option. - -## Security Considerations and Risks - -There are no particular security risks associated with this change, this proposal rather improves the argocd controller -to not access/monitor resources that it does not have permission to access. - -## Upgrade / Downgrade Strategy - -There is no special upgrade strategy needed, all existing argocd configmaps will continue to work -and old configs without the `resource.respectRBAC` config will cause no change in argocd controllers behavior. - -While downgrading to older version, if the user had configured `resource.respectRBAC` previously this would be ignored completely -and argocd would revert to its default behavior of trying to monitor all resources. \ No newline at end of file diff --git a/docs/requirements.txt b/docs/requirements.txt index 09b5d35eb5d5b..ca3bc2f803744 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,6 +1,6 @@ mkdocs==1.3.0 mkdocs-material==7.1.8 markdown_include==0.6.0 -pygments==2.15.0 +pygments==2.7.4 jinja2==3.0.3 markdown==3.3.7 \ No newline at end of file diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 3b38f8d119dc9..ab6ad1e3fd0ce 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -14,62 +14,49 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| | [go.mod](master/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.37.0](master/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 3 | 0 | +| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.36.0](master/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | | [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 2 | 15 | -| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 3 | 0 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](master/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.8.0-rc7 +### v2.7.6 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.8.0-rc7/argocd-test.html) | 0 | 1 | 0 | 0 | -| [ui/yarn.lock](v2.8.0-rc7/argocd-test.html) | 0 | 0 | 0 | 0 | -| [dex:v2.37.0](v2.8.0-rc7/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 3 | 0 | -| [haproxy:2.6.14-alpine](v2.8.0-rc7/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.8.0-rc7](v2.8.0-rc7/quay.io_argoproj_argocd_v2.8.0-rc7.html) | 0 | 0 | 2 | 15 | -| [redis:7.0.11-alpine](v2.8.0-rc7/redis_7.0.11-alpine.html) | 0 | 0 | 3 | 0 | -| [install.yaml](v2.8.0-rc7/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.8.0-rc7/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.7.6/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.7.6/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.36.0](v2.7.6/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.14-alpine](v2.7.6/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.7.6](v2.7.6/quay.io_argoproj_argocd_v2.7.6.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](v2.7.6/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.7.6/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.7.6/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.7.11 +### v2.6.11 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.7.11/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.7.11/argocd-test.html) | 0 | 1 | 0 | 0 | -| [dex:v2.37.0](v2.7.11/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 3 | 0 | -| [haproxy:2.6.14-alpine](v2.7.11/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.7.11](v2.7.11/quay.io_argoproj_argocd_v2.7.11.html) | 0 | 0 | 2 | 15 | -| [redis:7.0.11-alpine](v2.7.11/redis_7.0.11-alpine.html) | 0 | 0 | 3 | 0 | -| [install.yaml](v2.7.11/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.7.11/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.6.11/argocd-test.html) | 0 | 0 | 0 | 0 | +| [ui/yarn.lock](v2.6.11/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.36.0](v2.6.11/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.14-alpine](v2.6.11/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.6.11](v2.6.11/quay.io_argoproj_argocd_v2.6.11.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](v2.6.11/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.6.11/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.6.11/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.6.14 +### v2.5.19 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.6.14/argocd-test.html) | 0 | 0 | 0 | 0 | -| [ui/yarn.lock](v2.6.14/argocd-test.html) | 0 | 1 | 0 | 0 | -| [dex:v2.37.0](v2.6.14/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 3 | 0 | -| [haproxy:2.6.14-alpine](v2.6.14/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.6.14](v2.6.14/quay.io_argoproj_argocd_v2.6.14.html) | 0 | 0 | 2 | 15 | -| [redis:7.0.11-alpine](v2.6.14/redis_7.0.11-alpine.html) | 0 | 0 | 3 | 0 | -| [install.yaml](v2.6.14/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.6.14/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.5.22 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.5.22/argocd-test.html) | 0 | 0 | 2 | 0 | -| [ui/yarn.lock](v2.5.22/argocd-test.html) | 0 | 1 | 4 | 0 | -| [dex:v2.37.0](v2.5.22/ghcr.io_dexidp_dex_v2.37.0.html) | 0 | 0 | 3 | 0 | -| [haproxy:2.6.14-alpine](v2.5.22/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | -| [argocd:v2.5.22](v2.5.22/quay.io_argoproj_argocd_v2.5.22.html) | 0 | 0 | 2 | 15 | -| [redis:7.0.11-alpine](v2.5.22/redis_7.0.11-alpine.html) | 0 | 0 | 3 | 0 | -| [install.yaml](v2.5.22/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.5.22/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.5.19/argocd-test.html) | 0 | 0 | 2 | 0 | +| [ui/yarn.lock](v2.5.19/argocd-test.html) | 0 | 0 | 5 | 0 | +| [dex:v2.36.0](v2.5.19/ghcr.io_dexidp_dex_v2.36.0.html) | 0 | 2 | 3 | 0 | +| [haproxy:2.6.14-alpine](v2.5.19/haproxy_2.6.14-alpine.html) | 0 | 0 | 0 | 0 | +| [argocd:v2.5.19](v2.5.19/quay.io_argoproj_argocd_v2.5.19.html) | 0 | 0 | 0 | 17 | +| [redis:7.0.11-alpine](v2.5.19/redis_7.0.11-alpine.html) | 0 | 0 | 0 | 0 | +| [install.yaml](v2.5.19/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.5.19/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 28eeb9c116c57..cf18cf0689f48 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

August 13th 2023, 12:16:02 am (UTC+00:00)

+

June 25th 2023, 12:20:31 am (UTC+00:00)

Scanned the following path: @@ -507,7 +507,7 @@

Role with dangerous permissions

  • - Line number: 18478 + Line number: 17965
    • @@ -553,7 +553,7 @@

    Role with dangerous permissions

  • - Line number: 18555 + Line number: 18042
    • @@ -599,7 +599,7 @@

    Role with dangerous permissions

  • - Line number: 18583 + Line number: 18070
    • @@ -645,7 +645,7 @@

    Role with dangerous permissions

  • - Line number: 18631 + Line number: 18118
    • @@ -691,7 +691,7 @@

    Role with dangerous permissions

  • - Line number: 18613 + Line number: 18100
    • @@ -737,7 +737,7 @@

    Role with dangerous permissions

  • - Line number: 18647 + Line number: 18134
    • @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 19744 + Line number: 19218
    • @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 19119 + Line number: 18605
    • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 19352 + Line number: 18826
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 19318 + Line number: 18792
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 19412 + Line number: 18886
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 19499 + Line number: 18973
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 19744 + Line number: 19218
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 19556 + Line number: 19030
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 19829 + Line number: 19303
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 20145 + Line number: 19619
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 19332 + Line number: 18806
    • @@ -1415,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 19119 + Line number: 18605
    • @@ -1467,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 19318 + Line number: 18792
    • @@ -1519,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 19352 + Line number: 18826
    • @@ -1571,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 19499 + Line number: 18973
    • @@ -1623,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 19744 + Line number: 19218
    • @@ -1681,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 19119 + Line number: 18605
    • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 19318 + Line number: 18792
    • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 19352 + Line number: 18826
    • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 19412 + Line number: 18886
    • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 19499 + Line number: 18973
    • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 19744 + Line number: 19218
    • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 19556 + Line number: 19030
    • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 19829 + Line number: 19303
    • @@ -2145,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 20145 + Line number: 19619
    • @@ -2201,7 +2201,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19242 + Line number: 18716
    • @@ -2257,7 +2257,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19360 + Line number: 18834
    • @@ -2313,7 +2313,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19335 + Line number: 18809
    • @@ -2369,7 +2369,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19433 + Line number: 18907
    • @@ -2425,7 +2425,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19509 + Line number: 18983
    • @@ -2481,7 +2481,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19751 + Line number: 19225
    • @@ -2537,7 +2537,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 19717 + Line number: 19191
    • @@ -2593,7 +2593,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20055 + Line number: 19529
    • @@ -2649,7 +2649,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20293 + Line number: 19767
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index 39cbb14b7d533..ec9d1f8e97380 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    August 13th 2023, 12:16:14 am (UTC+00:00)

    +

    June 25th 2023, 12:20:44 am (UTC+00:00)

    Scanned the following path: @@ -789,7 +789,7 @@

    Container could be running with outdated image

  • - Line number: 1250 + Line number: 1237
    • @@ -847,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 625 + Line number: 624
    • @@ -905,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 858 + Line number: 845
    • @@ -963,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 824 + Line number: 811
    • @@ -1021,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 918 + Line number: 905
    • @@ -1079,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 1005 + Line number: 992
    • @@ -1137,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1250 + Line number: 1237
    • @@ -1195,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1062 + Line number: 1049
    • @@ -1253,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1335 + Line number: 1322
    • @@ -1311,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1651 + Line number: 1638
    • @@ -1363,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 838 + Line number: 825
    • @@ -1415,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 625 + Line number: 624
    • @@ -1467,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 824 + Line number: 811
    • @@ -1519,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 858 + Line number: 845
    • @@ -1571,7 +1571,7 @@

    Container is running without liveness probe

  • - Line number: 1005 + Line number: 992
    • @@ -1623,7 +1623,7 @@

    Container is running without liveness probe

  • - Line number: 1250 + Line number: 1237
    • @@ -1681,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 625 + Line number: 624
    • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 824 + Line number: 811
    • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 858 + Line number: 845
    • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 918 + Line number: 905
    • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 1005 + Line number: 992
    • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 1250 + Line number: 1237
    • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 1062 + Line number: 1049
    • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 1335 + Line number: 1322
    • @@ -2145,7 +2145,7 @@

    Container is running without memory limit

  • - Line number: 1651 + Line number: 1638
    • @@ -2201,7 +2201,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 748 + Line number: 735
    • @@ -2257,7 +2257,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 866 + Line number: 853
    • @@ -2313,7 +2313,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 841 + Line number: 828
    • @@ -2369,7 +2369,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 939 + Line number: 926
    • @@ -2425,7 +2425,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1015 + Line number: 1002
    • @@ -2481,7 +2481,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1257 + Line number: 1244
    • @@ -2537,7 +2537,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1223 + Line number: 1210
    • @@ -2593,7 +2593,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1561 + Line number: 1548
    • @@ -2649,7 +2649,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1799 + Line number: 1786
    • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index e32fc44b0f52e..bdf5f2c6056ef 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    August 13th 2023, 12:13:27 am (UTC+00:00)

    +

    June 25th 2023, 12:17:47 am (UTC+00:00)

    Scanned the following paths: @@ -466,16 +466,167 @@

    Snyk test report

    -
    0 known vulnerabilities
    -
    0 vulnerable dependency paths
    -
    1860 dependencies
    +
    1 known vulnerabilities
    +
    1 vulnerable dependency paths
    +
    1799 dependencies

    - No known vulnerabilities detected. +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + semver +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, superagent@8.0.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + superagent@8.0.9 + + semver@7.3.8 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    semver is a semantic version parser used by npm.

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

    +

    PoC

    + 
    
+        const semver = require('semver')
+        const lengths_2 = [2000, 4000, 8000, 16000, 32000, 64000, 128000]
+        
+        console.log("n[+] Valid range - Test payloads")
+        for (let i = 0; i =1.2.3' + ' '.repeat(lengths_2[i]) + '<1.3.0';
+        const start = Date.now()
+        semver.validRange(value)
+        // semver.minVersion(value)
+        // semver.maxSatisfying(["1.2.3"], value)
+        // semver.minSatisfying(["1.2.3"], value)
+        // new semver.Range(value, {})
+        
+        const end = Date.now();
+        console.log('length=%d, time=%d ms', value.length, end - start);
+        }
+
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    Upgrade semver to version 7.5.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    diff --git a/docs/snyk/v2.6.14/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html similarity index 54% rename from docs/snyk/v2.6.14/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html index ce3acf27ba464..310ff9f6365eb 100644 --- a/docs/snyk/v2.6.14/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

    Snyk test report

    -

    August 13th 2023, 12:22:18 am (UTC+00:00)

    +

    June 25th 2023, 12:17:59 am (UTC+00:00)

    Scanned the following paths:
      -
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
      • +
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
    • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
    • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
    -
    4 known vulnerabilities
    -
    22 vulnerable dependency paths
    -
    786 dependencies
    +
    5 known vulnerabilities
    +
    35 vulnerable dependency paths
    +
    760 dependencies
    @@ -476,19 +476,19 @@

    Snyk test report

    -
    -

    Improper Authentication

    +
    +

    Improper Certificate Validation

    -
    - medium severity +
    + high severity
    • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
    • Vulnerable module: @@ -498,7 +498,7 @@

      Improper Authentication

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -511,75 +511,216 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    A security vulnerability has been identified in all supported versions

    +

    of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

    +

    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Allocation of Resources Without Limits or Throttling

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -591,46 +732,72 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

      -

      Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

      -

      The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

      -

      As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

      +

      Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

      +

      Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

      +

      An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

      +

      When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

      +

      With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

      +

      Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

      +

      Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

      +

      In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

      +

      The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

      +

      In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      +

      Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Inefficient Regular Expression Complexity

    +

    Improper Certificate Validation

    @@ -641,7 +808,7 @@

    Inefficient Regular Expression Complexity

    • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
    • Vulnerable module: @@ -651,7 +818,7 @@

      Inefficient Regular Expression Complexity

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -664,75 +831,73 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -744,55 +909,39 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

      -

      However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

      +

      Applications that use a non-default option when verifying certificates may be + vulnerable to an attack from a malicious CA to circumvent certain checks.

      +

      Invalid certificate policies in leaf certificates are silently ignored by + OpenSSL and other certificate policy checks are skipped for that certificate. + A malicious CA could use this to deliberately assert invalid certificate policies + in order to circumvent policy checking on the certificate altogether.

      +

      Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      +

      Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Excessive Iteration

    +

    Improper Certificate Validation

    @@ -803,7 +952,7 @@

    Excessive Iteration

    • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
    • Vulnerable module: @@ -813,7 +962,7 @@

      Excessive Iteration

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -826,75 +975,73 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + busybox/ssl_client@1.35.0-r29 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -906,50 +1053,45 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

      +

      The function X509_VERIFY_PARAM_add0_policy() is documented to + implicitly enable the certificate policy check when doing certificate + verification. However the implementation of the function does not + enable the check which allows certificates with invalid or incorrect + policies to pass the certificate verification.

      +

      As suddenly enabling the policy check could break existing deployments it was + decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() + function.

      +

      Instead the applications that require OpenSSL to perform certificate + policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly + enable the policy check by calling X509_VERIFY_PARAM_set_flags() with + the X509_V_FLAG_POLICY_CHECK flag argument.

      +

      Certificate policy checks are disabled by default in OpenSSL and are not + commonly used by applications.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      +

      Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Cross-site Scripting (XSS)

    +

    Out-of-bounds Read

    @@ -960,17 +1102,17 @@

    Cross-site Scripting (XSS)

    • - Package Manager: golang + Package Manager: alpine:3.17
    • Vulnerable module: - golang.org/x/net/html + openssl/libcrypto3
    • Introduced through: - github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -983,9 +1125,73 @@

    Detailed paths

    • Introduced through: - github.com/dexidp/dex@* + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 - golang.org/x/net/html@v0.11.0 + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 @@ -996,78 +1202,38 @@

      Detailed paths

      -

      Overview

      -

      golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

      -

      Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

      -

      Details

      -

      A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

      -

      This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

      -

      Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

      -

      Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

      -

      The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

      -

      Types of attacks

      -

      There are a few methods by which XSS can be manipulated:

      - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      TypeOriginDescription
      StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
      ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
      DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
      MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
      -

      Affected environments

      -

      The following environments are susceptible to an XSS attack:

      -
        -
      • Web servers
        • -
      • Application servers
        • -
      • Web application environments
        • -
      -

      How to prevent

      -

      This section describes the top best practices designed to specifically protect your code:

      -
        -
      • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
        • -
      • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
        • -
      • Give users the option to disable client-side scripts.
        • -
      • Redirect invalid requests.
        • -
      • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
        • -
      • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
        • -
      • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
        • -
      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

      +

      Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

      +

      Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

      +

      The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

      +

      If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

      Remediation

      -

      Upgrade golang.org/x/net/html to version 0.13.0 or higher.

      +

      Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    diff --git a/docs/snyk/master/haproxy_2.6.14-alpine.html b/docs/snyk/master/haproxy_2.6.14-alpine.html index 5908a781791c8..f8134d7f2d603 100644 --- a/docs/snyk/master/haproxy_2.6.14-alpine.html +++ b/docs/snyk/master/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    August 13th 2023, 12:13:45 am (UTC+00:00)

    +

    June 25th 2023, 12:18:06 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 4e9f33b188f6e..6ab33d6b7c9f6 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    August 13th 2023, 12:14:19 am (UTC+00:00)

    +

    June 25th 2023, 12:18:33 am (UTC+00:00)

    Scanned the following paths: @@ -467,8 +467,8 @@

    Snyk test report

    17 known vulnerabilities
    -
    84 vulnerable dependency paths
    -
    2114 dependencies
    +
    64 vulnerable dependency paths
    +
    2108 dependencies
    @@ -476,315 +476,6 @@

    Snyk test report

    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - procps/libprocps8 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and procps/libprocps8@2:3.3.17-6ubuntu2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps/libprocps8@2:3.3.17-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps@2:3.3.17-6ubuntu2 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - procps@2:3.3.17-6ubuntu2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream procps package and not the procps package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 procps.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-36054

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - meta-common-packages@meta - - krb5/libkrb5support0@1.19.2-2ubuntu0.2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    CVE-2022-46908

    @@ -914,7 +605,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1182,7 +873,7 @@

    References

    -

    Improper Authentication

    +

    Information Exposure

    @@ -1198,12 +889,12 @@

    Improper Authentication

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.10 + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1218,111 +909,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssl/libssl3@3.0.2-0ubuntu1.10 - - - - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.10 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - openssl@3.0.2-0ubuntu1.10 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.10 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1334,42 +921,28 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

    -

    Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

    -

    The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

    -

    As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

    +

    The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 openssl.

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • @@ -1395,7 +968,7 @@

    CVE-2023-28531

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.3 + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1410,7 +983,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1432,7 +1005,6 @@

    References

  • ADVISORY
  • cve@mitre.org
  • cve@mitre.org
    • -
  • cve@mitre.org
    • @@ -1481,7 +1053,7 @@

    Detailed paths

    gnupg2/dirmngr@2.2.27-3ubuntu2.1 - openldap/libldap-2.5-0@2.5.16+dfsg-0ubuntu0.22.04.1 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -1492,9 +1064,9 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - openldap/libldap-2.5-0@2.5.16+dfsg-0ubuntu0.22.04.1 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -1503,7 +1075,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openldap/libldap-common@2.5.16+dfsg-0ubuntu0.22.04.1 + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -1525,13 +1097,6 @@

    References

  • ADVISORY
  • secalert@redhat.com
  • secalert@redhat.com
    • -
  • secalert@redhat.com
    • -
  • secalert@redhat.com
    • -
  • secalert@redhat.com
    • -
  • secalert@redhat.com
    • -
  • secalert@redhat.com
    • -
  • secalert@redhat.com
    • -
  • secalert@redhat.com
    • @@ -1601,7 +1166,6 @@

    References

    @@ -1740,7 +1304,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1753,7 +1317,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1766,7 +1330,7 @@

    Detailed paths

    git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 @@ -2378,6 +1942,150 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2023-28322

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Certificate Validation

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    diff --git a/docs/snyk/master/redis_7.0.11-alpine.html b/docs/snyk/master/redis_7.0.11-alpine.html index 43ad8c8b79904..6875043b87b13 100644 --- a/docs/snyk/master/redis_7.0.11-alpine.html +++ b/docs/snyk/master/redis_7.0.11-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    August 13th 2023, 12:14:26 am (UTC+00:00)

    +

    June 25th 2023, 12:18:41 am (UTC+00:00)

    Scanned the following path: @@ -466,8 +466,8 @@

    Snyk test report

    -
    3 known vulnerabilities
    -
    27 vulnerable dependency paths
    +
    0 known vulnerabilities
    +
    0 vulnerable dependency paths
    18 dependencies
    @@ -484,546 +484,7 @@

    Snyk test report

    -
    -
    -

    Improper Authentication

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

    -

    Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

    -

    The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

    -

    As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Inefficient Regular Expression Complexity

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

    -

    The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

    -

    However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

    -

    An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

    -

    The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

    -

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Excessive Iteration

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

    -

    The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

    -

    An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

    -

    The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

    -

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    + No known vulnerabilities detected.
    diff --git a/docs/snyk/v2.5.22/argocd-iac-install.html b/docs/snyk/v2.5.19/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.5.22/argocd-iac-install.html rename to docs/snyk/v2.5.19/argocd-iac-install.html index 312be3f446992..121123f582315 100644 --- a/docs/snyk/v2.5.22/argocd-iac-install.html +++ b/docs/snyk/v2.5.19/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    August 13th 2023, 12:26:29 am (UTC+00:00)

    +

    June 25th 2023, 12:28:57 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.5.22/argocd-iac-namespace-install.html b/docs/snyk/v2.5.19/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.5.22/argocd-iac-namespace-install.html rename to docs/snyk/v2.5.19/argocd-iac-namespace-install.html index 1932c53c9ffaf..2ae5c37f1c052 100644 --- a/docs/snyk/v2.5.22/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.5.19/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    August 13th 2023, 12:26:46 am (UTC+00:00)

    +

    June 25th 2023, 12:29:09 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.5.22/argocd-test.html b/docs/snyk/v2.5.19/argocd-test.html similarity index 99% rename from docs/snyk/v2.5.22/argocd-test.html rename to docs/snyk/v2.5.19/argocd-test.html index fc57771eb95e8..b37a0df06074f 100644 --- a/docs/snyk/v2.5.22/argocd-test.html +++ b/docs/snyk/v2.5.19/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    August 13th 2023, 12:24:50 am (UTC+00:00)

    +

    June 25th 2023, 12:27:11 am (UTC+00:00)

    Scanned the following paths: @@ -476,12 +476,12 @@

    Snyk test report

    -
    +

    Regular Expression Denial of Service (ReDoS)

    -
    - high severity +
    + medium severity
    @@ -609,12 +609,10 @@

    Details

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    Remediation

    -

    Upgrade semver to version 5.7.2, 6.3.1, 7.5.2 or higher.

    +

    Upgrade semver to version 7.5.2 or higher.

    References

      -
    • GitHub Commit
    • GitHub Commit
      • -
    • GitHub Commit
    • GitHub PR
    • Vulnerable Code
    • Vulnerable Code
      • diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.5.19/ghcr.io_dexidp_dex_v2.36.0.html similarity index 54% rename from docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.5.19/ghcr.io_dexidp_dex_v2.36.0.html index 75bf683f2f592..975132ade0e2e 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.5.19/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

      Snyk test report

      -

      August 13th 2023, 12:13:40 am (UTC+00:00)

      +

      June 25th 2023, 12:27:20 am (UTC+00:00)

      Scanned the following paths:
        -
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
      • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
        • +
      • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
      • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
      • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
      • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
      -
      4 known vulnerabilities
      -
      22 vulnerable dependency paths
      -
      786 dependencies
      +
      5 known vulnerabilities
      +
      35 vulnerable dependency paths
      +
      760 dependencies
    @@ -476,19 +476,19 @@

    Snyk test report

    -
    -

    Improper Authentication

    +
    +

    Improper Certificate Validation

    -
    - medium severity +
    + high severity
    • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
    • Vulnerable module: @@ -498,7 +498,7 @@

      Improper Authentication

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -511,75 +511,216 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

    +

    A security vulnerability has been identified in all supported versions

    +

    of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

    +

    Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

    +

    Remediation

    +

    Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Allocation of Resources Without Limits or Throttling

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.17 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -591,46 +732,72 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

      -

      Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

      -

      The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

      -

      As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

      +

      Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

      +

      Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

      +

      An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

      +

      When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

      +

      With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

      +

      Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

      +

      Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

      +

      In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

      +

      The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

      +

      In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      +

      Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Inefficient Regular Expression Complexity

    +

    Improper Certificate Validation

    @@ -641,7 +808,7 @@

    Inefficient Regular Expression Complexity

    • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
    • Vulnerable module: @@ -651,7 +818,7 @@

      Inefficient Regular Expression Complexity

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -664,75 +831,73 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -744,55 +909,39 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

      -

      However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

      +

      Applications that use a non-default option when verifying certificates may be + vulnerable to an attack from a malicious CA to circumvent certain checks.

      +

      Invalid certificate policies in leaf certificates are silently ignored by + OpenSSL and other certificate policy checks are skipped for that certificate. + A malicious CA could use this to deliberately assert invalid certificate policies + in order to circumvent policy checking on the certificate altogether.

      +

      Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      +

      Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Excessive Iteration

    +

    Improper Certificate Validation

    @@ -803,7 +952,7 @@

    Excessive Iteration

    • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
    • Vulnerable module: @@ -813,7 +962,7 @@

      Excessive Iteration

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -826,75 +975,73 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + busybox/ssl_client@1.35.0-r29 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -906,50 +1053,45 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

      +

      The function X509_VERIFY_PARAM_add0_policy() is documented to + implicitly enable the certificate policy check when doing certificate + verification. However the implementation of the function does not + enable the check which allows certificates with invalid or incorrect + policies to pass the certificate verification.

      +

      As suddenly enabling the policy check could break existing deployments it was + decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() + function.

      +

      Instead the applications that require OpenSSL to perform certificate + policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly + enable the policy check by calling X509_VERIFY_PARAM_set_flags() with + the X509_V_FLAG_POLICY_CHECK flag argument.

      +

      Certificate policy checks are disabled by default in OpenSSL and are not + commonly used by applications.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      +

      Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Cross-site Scripting (XSS)

    +

    Out-of-bounds Read

    @@ -960,17 +1102,17 @@

    Cross-site Scripting (XSS)

    • - Package Manager: golang + Package Manager: alpine:3.17
    • Vulnerable module: - golang.org/x/net/html + openssl/libcrypto3
    • Introduced through: - github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
    @@ -983,9 +1125,73 @@

    Detailed paths

    • Introduced through: - github.com/dexidp/dex@* + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 - golang.org/x/net/html@v0.11.0 + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 @@ -996,78 +1202,38 @@

      Detailed paths

      -

      Overview

      -

      golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

      -

      Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

      -

      Details

      -

      A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

      -

      This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

      -

      Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

      -

      Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

      -

      The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

      -

      Types of attacks

      -

      There are a few methods by which XSS can be manipulated:

      - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      TypeOriginDescription
      StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
      ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
      DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
      MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
      -

      Affected environments

      -

      The following environments are susceptible to an XSS attack:

      -
        -
      • Web servers
        • -
      • Application servers
        • -
      • Web application environments
        • -
      -

      How to prevent

      -

      This section describes the top best practices designed to specifically protect your code:

      -
        -
      • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
        • -
      • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
        • -
      • Give users the option to disable client-side scripts.
        • -
      • Redirect invalid requests.
        • -
      • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
        • -
      • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
        • -
      • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
        • -
      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

      +

      Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

      +

      Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

      +

      The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

      +

      If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

      Remediation

      -

      Upgrade golang.org/x/net/html to version 0.13.0 or higher.

      +

      Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    diff --git a/docs/snyk/v2.5.22/haproxy_2.6.14-alpine.html b/docs/snyk/v2.5.19/haproxy_2.6.14-alpine.html similarity index 99% rename from docs/snyk/v2.5.22/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.5.19/haproxy_2.6.14-alpine.html index 1dcc1270d0916..1df40c85fcb4f 100644 --- a/docs/snyk/v2.5.22/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.5.19/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    August 13th 2023, 12:25:04 am (UTC+00:00)

    +

    June 25th 2023, 12:27:25 am (UTC+00:00)

    Scanned the following path: diff --git a/docs/snyk/v2.6.14/quay.io_argoproj_argocd_v2.6.14.html b/docs/snyk/v2.5.19/quay.io_argoproj_argocd_v2.5.19.html similarity index 83% rename from docs/snyk/v2.6.14/quay.io_argoproj_argocd_v2.6.14.html rename to docs/snyk/v2.5.19/quay.io_argoproj_argocd_v2.5.19.html index 4db5b90015ec7..b83ede07842b2 100644 --- a/docs/snyk/v2.6.14/quay.io_argoproj_argocd_v2.6.14.html +++ b/docs/snyk/v2.5.19/quay.io_argoproj_argocd_v2.5.19.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

    Snyk test report

    -

    August 13th 2023, 12:22:43 am (UTC+00:00)

    +

    June 25th 2023, 12:27:50 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.6.14/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.6.14/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.6.14/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.6.14/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.6.14/git-lfs/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.5.19/argoproj/argocd (deb)
    • quay.io/argoproj/argocd:v2.5.19/argoproj/argo-cd/v2 (gomodules)
    • quay.io/argoproj/argocd:v2.5.19/kustomize/kustomize/v4 (gomodules)
    • quay.io/argoproj/argocd:v2.5.19/helm/v3 (gomodules)
    • quay.io/argoproj/argocd:v2.5.19/git-lfs/git-lfs (gomodules)
    -
    26 known vulnerabilities
    -
    95 vulnerable dependency paths
    -
    2064 dependencies
    +
    27 known vulnerabilities
    +
    76 vulnerable dependency paths
    +
    2047 dependencies
    @@ -879,7 +879,7 @@

    References

    -

    Out-of-bounds Write

    +

    Denial of Service (DoS)

    @@ -890,17 +890,17 @@

    Out-of-bounds Write

    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - procps/libprocps8 + gopkg.in/yaml.v2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and procps/libprocps8@2:3.3.17-6ubuntu2 + github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4
    @@ -913,29 +913,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + github.com/argoproj/argo-cd/v2@* - procps@2:3.3.17-6ubuntu2 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - procps@2:3.3.17-6ubuntu2 + gopkg.in/yaml.v2@v2.2.4 @@ -946,244 +926,34 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream procps package and not the procps package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 procps.

      -

      References

      +

      Overview

      +

      gopkg.in/yaml.v2 is a YAML support package for the Go language.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      - -
      - -
      -

      More about this vulnerability

      -
      - -
    -
    -

    CVE-2023-36054

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.6.14 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - meta-common-packages@meta - - krb5/libkrb5support0@1.19.2-2ubuntu0.2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -1410,7 +1180,7 @@

    References

    -

    Improper Verification of Cryptographic Signature

    +

    Improper Input Validation

    @@ -1426,12 +1196,12 @@

    Improper Verification of Cryptographic Signature

  • Vulnerable module: - golang.org/x/crypto/openpgp/clearsign + go.mongodb.org/mongo-driver/bson/bsonrw
  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220525230936-793ad666bf5e + github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2
    • @@ -1444,9 +1214,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + github.com/argoproj/argo-cd/v2@* - golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220525230936-793ad666bf5e + go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 @@ -1458,20 +1228,21 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the crypto/openpgp/clearsign/clearsign.go component. An attacker can spoof the 'Hash' Armor Header, leading a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, the attacker can prepend arbitrary text to cleartext messages without invalidating the signatures.

      +

      go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.

      +

      Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

      Remediation

      -

      Upgrade golang.org/x/crypto/openpgp/clearsign to version 0.1.0 or higher.

      +

      Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1498,7 +1269,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.5.19, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1510,7 +1281,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1569,7 +1340,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1582,7 +1353,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1591,7 +1362,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 adduser@3.118ubuntu5 @@ -1602,9 +1373,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1613,7 +1384,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1670,7 +1441,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1683,7 +1454,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1692,7 +1463,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 grep@3.7-1build1 @@ -1754,7 +1525,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.19 and patch@2.7.6-7build2
    @@ -1767,7 +1538,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 patch@2.7.6-7build2 @@ -1821,7 +1592,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.5.19 and patch@2.7.6-7build2
    @@ -1834,7 +1605,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 patch@2.7.6-7build2 @@ -1872,7 +1643,7 @@

      References

    -

    Improper Authentication

    +

    Information Exposure

    @@ -1888,12 +1659,12 @@

    Improper Authentication

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and openssl/libssl3@3.0.2-0ubuntu1.10 + docker-image|quay.io/argoproj/argocd@v2.5.19 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1906,113 +1677,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.10 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 - openssl@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.10 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2024,42 +1691,28 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

      -

      Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

      -

      The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

      -

      As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

      +

      The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssl.

      +

      There is no fixed version for Ubuntu:22.04 openssh.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -2085,7 +1738,7 @@

    CVE-2023-28531

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and openssh/openssh-client@1:8.9p1-3ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.5.19 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -2098,9 +1751,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2122,7 +1775,6 @@

      References

    • ADVISORY
    • cve@mitre.org
    • cve@mitre.org
      • -
    • cve@mitre.org
    @@ -2155,7 +1807,7 @@

    NULL Pointer Dereference

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.5.19, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    • @@ -2167,33 +1819,33 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/dirmngr@2.2.27-3ubuntu2.1 - openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 - openldap/libldap-common@2.5.15+dfsg-0ubuntu0.22.04.1 + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2215,13 +1867,6 @@

      References

    • ADVISORY
    • secalert@redhat.com
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
    @@ -2254,7 +1899,7 @@

    Resource Exhaustion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.5.19, meta-common-packages@meta and others
    • @@ -2266,7 +1911,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 meta-common-packages@meta @@ -2291,7 +1936,6 @@

      References

      @@ -2323,7 +1967,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.5.19 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -2336,7 +1980,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2345,7 +1989,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 adduser@3.118ubuntu5 @@ -2366,7 +2010,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 adduser@3.118ubuntu5 @@ -2389,7 +2033,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2398,7 +2042,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 adduser@3.118ubuntu5 @@ -2419,7 +2063,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2428,9 +2072,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2439,11 +2083,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2452,11 +2096,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 @@ -2467,7 +2111,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 adduser@3.118ubuntu5 @@ -2486,7 +2130,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 meta-common-packages@meta @@ -2545,7 +2189,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2558,7 +2202,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2567,7 +2211,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 apt@2.4.9 @@ -2578,7 +2222,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2589,7 +2233,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2600,7 +2244,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2611,7 +2255,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2624,7 +2268,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2637,7 +2281,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2646,7 +2290,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2657,7 +2301,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2670,7 +2314,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2679,7 +2323,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2690,7 +2334,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2699,7 +2343,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2710,7 +2354,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2719,7 +2363,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2730,7 +2374,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2743,7 +2387,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2756,7 +2400,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2765,7 +2409,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2776,7 +2420,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2789,7 +2433,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2802,7 +2446,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2811,7 +2455,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2822,7 +2466,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2831,7 +2475,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2842,7 +2486,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2851,7 +2495,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2862,7 +2506,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2921,7 +2565,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2934,7 +2578,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2943,7 +2587,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 meta-common-packages@meta @@ -3002,7 +2646,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.5.19, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3014,7 +2658,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 git@1:2.34.1-1ubuntu1.9 @@ -3025,7 +2669,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 git@1:2.34.1-1ubuntu1.9 @@ -3034,7 +2678,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 git-lfs@3.0.2-1ubuntu0.2 @@ -3068,6 +2712,150 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-28322

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.19, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.19 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Certificate Validation

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.5.19, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.5.19 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    @@ -3091,7 +2879,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and coreutils@8.32-4.1ubuntu1
    • @@ -3104,7 +2892,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 coreutils@8.32-4.1ubuntu1 @@ -3161,7 +2949,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.5.19 and bash@5.1-6ubuntu1
    @@ -3174,7 +2962,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.6.14 + docker-image|quay.io/argoproj/argocd@v2.5.19 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.6.14/haproxy_2.6.14-alpine.html b/docs/snyk/v2.5.19/redis_7.0.11-alpine.html similarity index 97% rename from docs/snyk/v2.6.14/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.5.19/redis_7.0.11-alpine.html index ce2cdd4fbc859..16d9350161d9a 100644 --- a/docs/snyk/v2.6.14/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.5.19/redis_7.0.11-alpine.html @@ -456,12 +456,12 @@

      Snyk test report

      -

      August 13th 2023, 12:22:23 am (UTC+00:00)

      +

      June 25th 2023, 12:27:55 am (UTC+00:00)

      Scanned the following path:
        -
      • haproxy:2.6.14-alpine (apk)
        • +
      • redis:7.0.11-alpine (apk)
      @@ -476,8 +476,8 @@

      Snyk test report

      - - + + diff --git a/docs/snyk/v2.5.22/redis_7.0.11-alpine.html b/docs/snyk/v2.5.22/redis_7.0.11-alpine.html deleted file mode 100644 index 8632f50ae8e07..0000000000000 --- a/docs/snyk/v2.5.22/redis_7.0.11-alpine.html +++ /dev/null @@ -1,1031 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      August 13th 2023, 12:25:30 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • redis:7.0.11-alpine (apk)
        • -
      -
      - -
      -
      3 known vulnerabilities
      -
      27 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      -
      Project docker-image|haproxy
      Path haproxy:2.6.14-alpine
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      - - - - - - -
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      Improper Authentication

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

      -

      Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

      -

      The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

      -

      As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Inefficient Regular Expression Complexity

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

      -

      However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Excessive Iteration

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      - - - - diff --git a/docs/snyk/v2.6.14/argocd-iac-install.html b/docs/snyk/v2.6.11/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.6.14/argocd-iac-install.html rename to docs/snyk/v2.6.11/argocd-iac-install.html index 6279b54663276..91c5319a8d3de 100644 --- a/docs/snyk/v2.6.14/argocd-iac-install.html +++ b/docs/snyk/v2.6.11/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      August 13th 2023, 12:24:11 am (UTC+00:00)

      +

      June 25th 2023, 12:26:38 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.6.14/argocd-iac-namespace-install.html b/docs/snyk/v2.6.11/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.6.14/argocd-iac-namespace-install.html rename to docs/snyk/v2.6.11/argocd-iac-namespace-install.html index f242ea2ce943e..84ff3692269ec 100644 --- a/docs/snyk/v2.6.14/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.6.11/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      August 13th 2023, 12:24:31 am (UTC+00:00)

      +

      June 25th 2023, 12:26:50 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.6.14/argocd-test.html b/docs/snyk/v2.6.11/argocd-test.html similarity index 97% rename from docs/snyk/v2.6.14/argocd-test.html rename to docs/snyk/v2.6.11/argocd-test.html index 6bb7dda5535f3..56c82cec44500 100644 --- a/docs/snyk/v2.6.14/argocd-test.html +++ b/docs/snyk/v2.6.11/argocd-test.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      August 13th 2023, 12:22:11 am (UTC+00:00)

      +

      June 25th 2023, 12:24:05 am (UTC+00:00)

      Scanned the following paths: @@ -468,7 +468,7 @@

      Snyk test report

      1 known vulnerabilities
      1 vulnerable dependency paths
      -
      1727 dependencies
      +
      1728 dependencies
      @@ -476,12 +476,12 @@

      Snyk test report

      -
      +

      Regular Expression Denial of Service (ReDoS)

      -
      - high severity +
      + medium severity
      @@ -609,12 +609,10 @@

      Details

      By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

      Remediation

      -

      Upgrade semver to version 5.7.2, 6.3.1, 7.5.2 or higher.

      +

      Upgrade semver to version 7.5.2 or higher.

      References

        -
      • GitHub Commit
      • GitHub Commit
        • -
      • GitHub Commit
      • GitHub PR
      • Vulnerable Code
      • Vulnerable Code
        • diff --git a/docs/snyk/v2.5.22/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.6.11/ghcr.io_dexidp_dex_v2.36.0.html similarity index 54% rename from docs/snyk/v2.5.22/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.6.11/ghcr.io_dexidp_dex_v2.36.0.html index 854284df5423c..c28883993a4ff 100644 --- a/docs/snyk/v2.5.22/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.6.11/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

        Snyk test report

        -

        August 13th 2023, 12:25:00 am (UTC+00:00)

        +

        June 25th 2023, 12:24:13 am (UTC+00:00)

        Scanned the following paths:
          -
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
        • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
          • +
        • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
        • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
        • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
        • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
        -
        4 known vulnerabilities
        -
        22 vulnerable dependency paths
        -
        786 dependencies
        +
        5 known vulnerabilities
        +
        35 vulnerable dependency paths
        +
        760 dependencies
      @@ -476,19 +476,19 @@

      Snyk test report

      -
      -

      Improper Authentication

      +
      +

      Improper Certificate Validation

      -
      - medium severity +
      + high severity
      • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
      • Vulnerable module: @@ -498,7 +498,7 @@

        Improper Authentication

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
      @@ -511,75 +511,216 @@

      Detailed paths

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
        • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

      +

      A security vulnerability has been identified in all supported versions

      +

      of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

      +

      Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      +

      Remediation

      +

      Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      Allocation of Resources Without Limits or Throttling

      +
      + +
      + high severity +
      + +
      + +
        +
      • + Package Manager: alpine:3.17 +
        • +
      • + Vulnerable module: + + openssl/libcrypto3 +
        • + +
      • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -591,46 +732,72 @@

        Detailed paths

        NVD Description

        -

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

        -

        Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

        -

        Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

        -

        The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

        -

        As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

        +

        Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

        +

        Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

        +

        An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

        +

        When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

        +

        With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

        +

        Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

        +

        Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

        +

        In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

        +

        The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

        +

        In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

        Remediation

        -

        Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

        +

        Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

        References

        -

        More about this vulnerability

        +

        More about this vulnerability

      -

      Inefficient Regular Expression Complexity

      +

      Improper Certificate Validation

      @@ -641,7 +808,7 @@

      Inefficient Regular Expression Complexity

      • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
      • Vulnerable module: @@ -651,7 +818,7 @@

        Inefficient Regular Expression Complexity

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
      @@ -664,75 +831,73 @@

      Detailed paths

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -744,55 +909,39 @@

        Detailed paths

        NVD Description

        -

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

        -

        Issue summary: Checking excessively long DH keys or parameters may be very slow.

        -

        Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

        -

        The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

        -

        However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

        -

        An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

        -

        The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

        -

        Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

        -

        The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

        +

        Applications that use a non-default option when verifying certificates may be + vulnerable to an attack from a malicious CA to circumvent certain checks.

        +

        Invalid certificate policies in leaf certificates are silently ignored by + OpenSSL and other certificate policy checks are skipped for that certificate. + A malicious CA could use this to deliberately assert invalid certificate policies + in order to circumvent policy checking on the certificate altogether.

        +

        Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

        Remediation

        -

        Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

        +

        Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

        References

        -

        More about this vulnerability

        +

        More about this vulnerability

      -

      Excessive Iteration

      +

      Improper Certificate Validation

      @@ -803,7 +952,7 @@

      Excessive Iteration

      • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
      • Vulnerable module: @@ -813,7 +962,7 @@

        Excessive Iteration

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
      @@ -826,75 +975,73 @@

      Detailed paths

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + busybox/ssl_client@1.35.0-r29 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -906,50 +1053,45 @@

        Detailed paths

        NVD Description

        -

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

        -

        Issue summary: Checking excessively long DH keys or parameters may be very slow.

        -

        Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

        -

        The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

        -

        An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

        -

        The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

        -

        Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

        -

        The OpenSSL SSL/TLS implementation is not affected by this issue.

        -

        The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

        +

        The function X509_VERIFY_PARAM_add0_policy() is documented to + implicitly enable the certificate policy check when doing certificate + verification. However the implementation of the function does not + enable the check which allows certificates with invalid or incorrect + policies to pass the certificate verification.

        +

        As suddenly enabling the policy check could break existing deployments it was + decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() + function.

        +

        Instead the applications that require OpenSSL to perform certificate + policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly + enable the policy check by calling X509_VERIFY_PARAM_set_flags() with + the X509_V_FLAG_POLICY_CHECK flag argument.

        +

        Certificate policy checks are disabled by default in OpenSSL and are not + commonly used by applications.

        Remediation

        -

        Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

        +

        Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

        References

        -

        More about this vulnerability

        +

        More about this vulnerability

      -

      Cross-site Scripting (XSS)

      +

      Out-of-bounds Read

      @@ -960,17 +1102,17 @@

      Cross-site Scripting (XSS)

      • - Package Manager: golang + Package Manager: alpine:3.17
      • Vulnerable module: - golang.org/x/net/html + openssl/libcrypto3
      • Introduced through: - github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
      @@ -983,9 +1125,73 @@

      Detailed paths

      • Introduced through: - github.com/dexidp/dex@* + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 - golang.org/x/net/html@v0.11.0 + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 @@ -996,78 +1202,38 @@

        Detailed paths

        -

        Overview

        -

        golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

        -

        Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

        -

        Details

        -

        A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

        -

        This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

        -

        Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

        -

        Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

        -

        The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

        -

        Types of attacks

        -

        There are a few methods by which XSS can be manipulated:

        - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        TypeOriginDescription
        StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
        ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
        DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
        MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
        -

        Affected environments

        -

        The following environments are susceptible to an XSS attack:

        -
          -
        • Web servers
          • -
        • Application servers
          • -
        • Web application environments
          • -
        -

        How to prevent

        -

        This section describes the top best practices designed to specifically protect your code:

        -
          -
        • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
          • -
        • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
          • -
        • Give users the option to disable client-side scripts.
          • -
        • Redirect invalid requests.
          • -
        • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
          • -
        • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
          • -
        • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
          • -
        +

        NVD Description

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

        +

        Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

        +

        Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

        +

        The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

        +

        If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

        Remediation

        -

        Upgrade golang.org/x/net/html to version 0.13.0 or higher.

        +

        Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

        References

        -

        More about this vulnerability

        +

        More about this vulnerability

      diff --git a/docs/snyk/v2.7.11/haproxy_2.6.14-alpine.html b/docs/snyk/v2.6.11/haproxy_2.6.14-alpine.html similarity index 99% rename from docs/snyk/v2.7.11/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.6.11/haproxy_2.6.14-alpine.html index 48873a3503971..cfa12a3490ad0 100644 --- a/docs/snyk/v2.7.11/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.6.11/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      August 13th 2023, 12:19:45 am (UTC+00:00)

      +

      June 25th 2023, 12:24:19 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.5.22/quay.io_argoproj_argocd_v2.5.22.html b/docs/snyk/v2.6.11/quay.io_argoproj_argocd_v2.6.11.html similarity index 78% rename from docs/snyk/v2.5.22/quay.io_argoproj_argocd_v2.5.22.html rename to docs/snyk/v2.6.11/quay.io_argoproj_argocd_v2.6.11.html index 9d6a2c6436095..da97d1f0c6061 100644 --- a/docs/snyk/v2.5.22/quay.io_argoproj_argocd_v2.5.22.html +++ b/docs/snyk/v2.6.11/quay.io_argoproj_argocd_v2.6.11.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

      Snyk test report

      -

      August 13th 2023, 12:25:25 am (UTC+00:00)

      +

      June 25th 2023, 12:24:53 am (UTC+00:00)

      Scanned the following paths:
        -
      • quay.io/argoproj/argocd:v2.5.22/argoproj/argocd (deb)
      • quay.io/argoproj/argocd:v2.5.22/argoproj/argo-cd/v2 (gomodules)
      • quay.io/argoproj/argocd:v2.5.22/kustomize/kustomize/v4 (gomodules)
      • quay.io/argoproj/argocd:v2.5.22/helm/v3 (gomodules)
      • quay.io/argoproj/argocd:v2.5.22/git-lfs/git-lfs (gomodules)
        • +
      • quay.io/argoproj/argocd:v2.6.11/argoproj/argocd (deb)
      • quay.io/argoproj/argocd:v2.6.11/argoproj/argo-cd/v2 (gomodules)
      • quay.io/argoproj/argocd:v2.6.11/kustomize/kustomize/v4 (gomodules)
      • quay.io/argoproj/argocd:v2.6.11/helm/v3 (gomodules)
      • quay.io/argoproj/argocd:v2.6.11/git-lfs/git-lfs (gomodules)
      -
      28 known vulnerabilities
      -
      97 vulnerable dependency paths
      -
      2047 dependencies
      +
      25 known vulnerabilities
      +
      74 vulnerable dependency paths
      +
      2064 dependencies
      @@ -877,394 +877,6 @@

      References

      More about this vulnerability

      -
      -
      -

      Out-of-bounds Write

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - procps/libprocps8 -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.22 and procps/libprocps8@2:3.3.17-6ubuntu2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - procps@2:3.3.17-6ubuntu2 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - procps@2:3.3.17-6ubuntu2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream procps package and not the procps package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 procps.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2023-36054

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - krb5/libk5crypto3 -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.5.22 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - meta-common-packages@meta - - krb5/libkrb5support0@1.19.2-2ubuntu0.2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Denial of Service (DoS)

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: golang -
        • -
      • - Vulnerable module: - - gopkg.in/yaml.v2 -
        • - -
      • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/yaml.v2@v2.2.4 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/yaml.v2@v2.2.4 - - - -
        • -
      - -
      - -
      - -

      Overview

      -

      gopkg.in/yaml.v2 is a YAML support package for the Go language.

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible for authorized users to send malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      -

      Remediation

      -

      Upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      -

      Improper Input Validation

      @@ -1317,179 +929,34 @@

      Detailed paths

      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

    -

    Remediation

    -

    Upgrade golang.org/x/text/language to version 0.3.8 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Incorrect Privilege Assignment

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/sys/unix -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    -

    Remediation

    -

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    + + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Improper Input Validation due to the parser being, by design, exposed to untrusted user input, which can be leveraged to force a program to consume significant time parsing Accept-Language headers.

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

    +

    Upgrade golang.org/x/text/language to version 0.3.8 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Improper Verification of Cryptographic Signature

    +

    Incorrect Privilege Assignment

    @@ -1505,12 +972,12 @@

    Improper Verification of Cryptographic Signature

  • Vulnerable module: - golang.org/x/crypto/openpgp/clearsign + golang.org/x/sys/unix
  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220525230936-793ad666bf5e + helm.sh/helm/v3@* and golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f
    • @@ -1525,7 +992,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* - golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220525230936-793ad666bf5e + golang.org/x/sys/unix@v0.0.0-20220722155257-8c9f86f7a55f @@ -1537,25 +1004,24 @@

    Detailed paths

    Overview

    -

    Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the crypto/openpgp/clearsign/clearsign.go component. An attacker can spoof the 'Hash' Armor Header, leading a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, the attacker can prepend arbitrary text to cleartext messages without invalidating the signatures.

    +

    Affected versions of this package are vulnerable to Incorrect Privilege Assignment such that when called with a non-zero flags parameter, the Faccessat function can incorrectly report that a file is accessible.

    Remediation

    -

    Upgrade golang.org/x/crypto/openpgp/clearsign to version 0.1.0 or higher.

    +

    Upgrade golang.org/x/sys/unix to version 0.1.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Improper Input Validation

    +

    Denial of Service (DoS)

    @@ -1571,12 +1037,12 @@

    Improper Input Validation

  • Vulnerable module: - go.mongodb.org/mongo-driver/bson/bsonrw + golang.org/x/net/http2
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b
    • @@ -1589,9 +1055,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - go.mongodb.org/mongo-driver/bson/bsonrw@v1.1.2 + golang.org/x/net/http2@v0.0.0-20220722155237-a158d28d115b @@ -1603,21 +1069,34 @@

      Detailed paths

      Overview

      -

      go.mongodb.org/mongo-driver/bson/bsonrw is a The MongoDB supported driver for Go.

      -

      Affected versions of this package are vulnerable to Improper Input Validation. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents.

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper checks and limitations for the number of entries in the cache, which can allow an attacker to consume unbounded amounts of memory by sending a small number of very large keys.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      Upgrade go.mongodb.org/mongo-driver/bson/bsonrw to version 1.5.1 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.4.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1644,7 +1123,7 @@

    CVE-2022-46908

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.6.11, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    • @@ -1656,7 +1135,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1715,7 +1194,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1728,7 +1207,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1737,7 +1216,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 adduser@3.118ubuntu5 @@ -1748,9 +1227,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1759,7 +1238,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1816,7 +1295,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1829,7 +1308,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1838,7 +1317,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 grep@3.7-1build1 @@ -1900,7 +1379,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.6.11 and patch@2.7.6-7build2
    @@ -1913,7 +1392,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 patch@2.7.6-7build2 @@ -1967,7 +1446,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.6.11 and patch@2.7.6-7build2
    @@ -1980,7 +1459,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 patch@2.7.6-7build2 @@ -2018,7 +1497,7 @@

      References

    -

    Improper Authentication

    +

    Information Exposure

    @@ -2034,12 +1513,12 @@

    Improper Authentication

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 and openssl/libssl3@3.0.2-0ubuntu1.10 + docker-image|quay.io/argoproj/argocd@v2.6.11 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -2052,113 +1531,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.10 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - openssl@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 - - ca-certificates@20230311ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.6.11 - openssl@3.0.2-0ubuntu1.10 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2170,42 +1545,28 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

      -

      Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

      -

      The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

      -

      As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

      +

      The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssl.

      +

      There is no fixed version for Ubuntu:22.04 openssh.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -2231,7 +1592,7 @@

    CVE-2023-28531

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 and openssh/openssh-client@1:8.9p1-3ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.6.11 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -2244,9 +1605,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -2268,7 +1629,6 @@

      References

    • ADVISORY
    • cve@mitre.org
    • cve@mitre.org
      • -
    • cve@mitre.org
    @@ -2301,7 +1661,7 @@

    NULL Pointer Dereference

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.6.11, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    • @@ -2313,33 +1673,33 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/dirmngr@2.2.27-3ubuntu2.1 - openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 - openldap/libldap-common@2.5.15+dfsg-0ubuntu0.22.04.1 + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -2361,13 +1721,6 @@

      References

    • ADVISORY
    • secalert@redhat.com
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
    @@ -2400,7 +1753,7 @@

    Resource Exhaustion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.6.11, meta-common-packages@meta and others
    • @@ -2412,7 +1765,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 meta-common-packages@meta @@ -2437,7 +1790,6 @@

      References

      @@ -2469,7 +1821,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.6.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -2482,7 +1834,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -2491,7 +1843,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 adduser@3.118ubuntu5 @@ -2512,7 +1864,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 adduser@3.118ubuntu5 @@ -2535,7 +1887,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -2544,7 +1896,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 adduser@3.118ubuntu5 @@ -2565,7 +1917,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2574,9 +1926,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2585,11 +1937,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -2598,11 +1950,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 @@ -2613,7 +1965,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 adduser@3.118ubuntu5 @@ -2632,7 +1984,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 meta-common-packages@meta @@ -2691,7 +2043,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2704,7 +2056,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2713,7 +2065,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 apt@2.4.9 @@ -2724,7 +2076,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2735,7 +2087,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2746,7 +2098,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2757,7 +2109,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2770,7 +2122,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2783,7 +2135,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2792,7 +2144,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2803,7 +2155,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2816,7 +2168,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2825,7 +2177,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2836,7 +2188,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2845,7 +2197,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2856,7 +2208,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2865,7 +2217,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2876,7 +2228,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2889,7 +2241,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2902,7 +2254,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2911,7 +2263,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2922,7 +2274,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2935,7 +2287,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2948,7 +2300,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2957,7 +2309,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2968,7 +2320,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2977,7 +2329,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2988,7 +2340,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2997,7 +2349,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3008,7 +2360,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3067,7 +2419,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -3080,7 +2432,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 glibc/libc-bin@2.35-0ubuntu3.1 @@ -3089,7 +2441,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 meta-common-packages@meta @@ -3148,7 +2500,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.6.11, git@1:2.34.1-1ubuntu1.9 and others
    @@ -3160,7 +2512,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 git@1:2.34.1-1ubuntu1.9 @@ -3171,7 +2523,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 git@1:2.34.1-1ubuntu1.9 @@ -3180,7 +2532,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 git-lfs@3.0.2-1ubuntu0.2 @@ -3214,6 +2566,150 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-28322

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.11, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.11 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Certificate Validation

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.6.11, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.6.11 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    @@ -3237,7 +2733,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and coreutils@8.32-4.1ubuntu1
    • @@ -3250,7 +2746,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 coreutils@8.32-4.1ubuntu1 @@ -3307,7 +2803,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.6.11 and bash@5.1-6ubuntu1
    @@ -3320,7 +2816,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.5.22 + docker-image|quay.io/argoproj/argocd@v2.6.11 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.6.11/redis_7.0.11-alpine.html b/docs/snyk/v2.6.11/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..1dba88fbadc20 --- /dev/null +++ b/docs/snyk/v2.6.11/redis_7.0.11-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      June 25th 2023, 12:24:58 am (UTC+00:00)

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.11-alpine (apk)
        • +
      +
      + +
      +
      0 known vulnerabilities
      +
      0 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      +
      +
      + No known vulnerabilities detected. +
      +
      + + + diff --git a/docs/snyk/v2.6.14/redis_7.0.11-alpine.html b/docs/snyk/v2.6.14/redis_7.0.11-alpine.html deleted file mode 100644 index fc44050d1a0c3..0000000000000 --- a/docs/snyk/v2.6.14/redis_7.0.11-alpine.html +++ /dev/null @@ -1,1031 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      August 13th 2023, 12:22:49 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • redis:7.0.11-alpine (apk)
        • -
      -
      - -
      -
      3 known vulnerabilities
      -
      27 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      Improper Authentication

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

      -

      Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

      -

      The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

      -

      As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Inefficient Regular Expression Complexity

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

      -

      However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Excessive Iteration

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.7.11/redis_7.0.11-alpine.html b/docs/snyk/v2.7.11/redis_7.0.11-alpine.html deleted file mode 100644 index d667d6ed816db..0000000000000 --- a/docs/snyk/v2.7.11/redis_7.0.11-alpine.html +++ /dev/null @@ -1,1031 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      August 13th 2023, 12:20:17 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • redis:7.0.11-alpine (apk)
        • -
      -
      - -
      -
      3 known vulnerabilities
      -
      27 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      Improper Authentication

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

      -

      Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

      -

      The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

      -

      As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Inefficient Regular Expression Complexity

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

      -

      However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Excessive Iteration

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.7.11/argocd-iac-install.html b/docs/snyk/v2.7.6/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.7.11/argocd-iac-install.html rename to docs/snyk/v2.7.6/argocd-iac-install.html index fc3b8a5d16679..14c82299141ec 100644 --- a/docs/snyk/v2.7.11/argocd-iac-install.html +++ b/docs/snyk/v2.7.6/argocd-iac-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      August 13th 2023, 12:21:43 am (UTC+00:00)

      +

      June 25th 2023, 12:23:36 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.7.11/argocd-iac-namespace-install.html b/docs/snyk/v2.7.6/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.7.11/argocd-iac-namespace-install.html rename to docs/snyk/v2.7.6/argocd-iac-namespace-install.html index 9a773e5e0ea93..ff33e66c22ec7 100644 --- a/docs/snyk/v2.7.11/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.7.6/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      August 13th 2023, 12:21:59 am (UTC+00:00)

      +

      June 25th 2023, 12:23:49 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.7.11/argocd-test.html b/docs/snyk/v2.7.6/argocd-test.html similarity index 97% rename from docs/snyk/v2.7.11/argocd-test.html rename to docs/snyk/v2.7.6/argocd-test.html index 7174bc93fd654..bde5d01810904 100644 --- a/docs/snyk/v2.7.11/argocd-test.html +++ b/docs/snyk/v2.7.6/argocd-test.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      August 13th 2023, 12:19:25 am (UTC+00:00)

      +

      June 25th 2023, 12:21:08 am (UTC+00:00)

      Scanned the following paths: @@ -468,7 +468,7 @@

      Snyk test report

      1 known vulnerabilities
      1 vulnerable dependency paths
      -
      1748 dependencies
      +
      1749 dependencies
      @@ -476,12 +476,12 @@

      Snyk test report

      -
      +

      Regular Expression Denial of Service (ReDoS)

      -
      - high severity +
      + medium severity
      @@ -609,12 +609,10 @@

      Details

      By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

      Remediation

      -

      Upgrade semver to version 5.7.2, 6.3.1, 7.5.2 or higher.

      +

      Upgrade semver to version 7.5.2 or higher.

      References

        -
      • GitHub Commit
      • GitHub Commit
        • -
      • GitHub Commit
      • GitHub PR
      • Vulnerable Code
      • Vulnerable Code
        • diff --git a/docs/snyk/v2.7.11/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.7.6/ghcr.io_dexidp_dex_v2.36.0.html similarity index 54% rename from docs/snyk/v2.7.11/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.7.6/ghcr.io_dexidp_dex_v2.36.0.html index 28383604de810..86e12e3e99933 100644 --- a/docs/snyk/v2.7.11/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.7.6/ghcr.io_dexidp_dex_v2.36.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,19 +456,19 @@

        Snyk test report

        -

        August 13th 2023, 12:19:36 am (UTC+00:00)

        +

        June 25th 2023, 12:21:17 am (UTC+00:00)

        Scanned the following paths:
          -
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
        • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
        • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
          • +
        • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (apk)
        • ghcr.io/dexidp/dex:v2.36.0/hairyhenderson/gomplate/v3 (gomodules)
        • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
        • ghcr.io/dexidp/dex:v2.36.0/dexidp/dex (gomodules)
        -
        4 known vulnerabilities
        -
        22 vulnerable dependency paths
        -
        786 dependencies
        +
        5 known vulnerabilities
        +
        35 vulnerable dependency paths
        +
        760 dependencies
      @@ -476,19 +476,19 @@

      Snyk test report

      -
      -

      Improper Authentication

      +
      +

      Improper Certificate Validation

      -
      - medium severity +
      + high severity
      • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
      • Vulnerable module: @@ -498,7 +498,7 @@

        Improper Authentication

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
      @@ -511,75 +511,216 @@

      Detailed paths

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 + + + +
        • +
      + +
      + +
      + +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

      +

      A security vulnerability has been identified in all supported versions

      +

      of OpenSSL related to the verification of X.509 certificate chains + that include policy constraints. Attackers may be able to exploit this + vulnerability by creating a malicious certificate chain that triggers + exponential use of computational resources, leading to a denial-of-service + (DoS) attack on affected systems.

      +

      Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

      +

      Remediation

      +

      Upgrade Alpine:3.17 openssl to version 3.0.8-r1 or higher.

      +

      References

      + + +
      + +
      +

      More about this vulnerability

      +
      + +
      +
      +

      Allocation of Resources Without Limits or Throttling

      +
      + +
      + high severity +
      + +
      + +
        +
      • + Package Manager: alpine:3.17 +
        • +
      • + Vulnerable module: + + openssl/libcrypto3 +
        • + +
      • Introduced through: + + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0 + +
        • +
      + +
      + + +

      Detailed paths

      + +
        +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -591,46 +732,72 @@

        Detailed paths

        NVD Description

        -

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

        -

        Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

        -

        Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

        -

        The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

        -

        As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

        +

        Issue summary: Processing some specially crafted ASN.1 object identifiers or + data containing them may be very slow.

        +

        Impact summary: Applications that use OBJ_obj2txt() directly, or use any of + the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message + size limit may experience notable to very long delays when processing those + messages, which may lead to a Denial of Service.

        +

        An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - + most of which have no size limit. OBJ_obj2txt() may be used to translate + an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL + type ASN1_OBJECT) to its canonical numeric text form, which are the + sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by + periods.

        +

        When one of the sub-identifiers in the OBJECT IDENTIFIER is very large + (these are sizes that are seen as absurdly large, taking up tens or hundreds + of KiBs), the translation to a decimal number in text may take a very long + time. The time complexity is O(n^2) with 'n' being the size of the + sub-identifiers in bytes (*).

        +

        With OpenSSL 3.0, support to fetch cryptographic algorithms using names / + identifiers in string form was introduced. This includes using OBJECT + IDENTIFIERs in canonical numeric text form as identifiers for fetching + algorithms.

        +

        Such OBJECT IDENTIFIERs may be received through the ASN.1 structure + AlgorithmIdentifier, which is commonly used in multiple protocols to specify + what cryptographic algorithm should be used to sign or verify, encrypt or + decrypt, or digest passed data.

        +

        Applications that call OBJ_obj2txt() directly with untrusted data are + affected, with any version of OpenSSL. If the use is for the mere purpose + of display, the severity is considered low.

        +

        In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, + CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 + certificates, including simple things like verifying its signature.

        +

        The impact on TLS is relatively low, because all versions of OpenSSL have a + 100KiB limit on the peer's certificate chain. Additionally, this only + impacts clients, or servers that have explicitly enabled client + authentication.

        +

        In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, + such as X.509 certificates. This is assumed to not happen in such a way + that it would cause a Denial of Service, so these versions are considered + not affected by this issue in such a way that it would be cause for concern, + and the severity is therefore considered low.

        Remediation

        -

        Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

        +

        Upgrade Alpine:3.17 openssl to version 3.0.9-r0 or higher.

        References

        -

        More about this vulnerability

        +

        More about this vulnerability

      -

      Inefficient Regular Expression Complexity

      +

      Improper Certificate Validation

      @@ -641,7 +808,7 @@

      Inefficient Regular Expression Complexity

      • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
      • Vulnerable module: @@ -651,7 +818,7 @@

        Inefficient Regular Expression Complexity

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
      @@ -664,75 +831,73 @@

      Detailed paths

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -744,55 +909,39 @@

        Detailed paths

        NVD Description

        -

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

        -

        Issue summary: Checking excessively long DH keys or parameters may be very slow.

        -

        Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

        -

        The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

        -

        However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

        -

        An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

        -

        The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

        -

        Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

        -

        The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

        +

        Applications that use a non-default option when verifying certificates may be + vulnerable to an attack from a malicious CA to circumvent certain checks.

        +

        Invalid certificate policies in leaf certificates are silently ignored by + OpenSSL and other certificate policy checks are skipped for that certificate. + A malicious CA could use this to deliberately assert invalid certificate policies + in order to circumvent policy checking on the certificate altogether.

        +

        Policy processing is disabled by default but can be enabled by passing + the -policy&#39; argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.

        Remediation

        -

        Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

        +

        Upgrade Alpine:3.17 openssl to version 3.0.8-r2 or higher.

        References

        -

        More about this vulnerability

        +

        More about this vulnerability

      -

      Excessive Iteration

      +

      Improper Certificate Validation

      @@ -803,7 +952,7 @@

      Excessive Iteration

      • - Package Manager: alpine:3.18 + Package Manager: alpine:3.17
      • Vulnerable module: @@ -813,7 +962,7 @@

        Excessive Iteration

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
      @@ -826,75 +975,73 @@

      Detailed paths

      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + openssl/libssl3@3.0.8-r0 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + apk-tools/apk-tools@2.12.10-r1 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + busybox/ssl_client@1.35.0-r29 - openssl/libcrypto3@3.1.1-r1 + openssl/libcrypto3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - apk-tools/apk-tools@2.14.0-r2 + apk-tools/apk-tools@2.12.10-r1 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0
      • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 - busybox/ssl_client@1.36.1-r0 + busybox/ssl_client@1.35.0-r29 - openssl/libssl3@3.1.1-r1 + openssl/libssl3@3.0.8-r0 @@ -906,50 +1053,45 @@

        Detailed paths

        NVD Description

        -

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

        -

        Issue summary: Checking excessively long DH keys or parameters may be very slow.

        -

        Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

        -

        The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

        -

        An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

        -

        The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

        -

        Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

        -

        The OpenSSL SSL/TLS implementation is not affected by this issue.

        -

        The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

        +

        The function X509_VERIFY_PARAM_add0_policy() is documented to + implicitly enable the certificate policy check when doing certificate + verification. However the implementation of the function does not + enable the check which allows certificates with invalid or incorrect + policies to pass the certificate verification.

        +

        As suddenly enabling the policy check could break existing deployments it was + decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() + function.

        +

        Instead the applications that require OpenSSL to perform certificate + policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly + enable the policy check by calling X509_VERIFY_PARAM_set_flags() with + the X509_V_FLAG_POLICY_CHECK flag argument.

        +

        Certificate policy checks are disabled by default in OpenSSL and are not + commonly used by applications.

        Remediation

        -

        Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

        +

        Upgrade Alpine:3.17 openssl to version 3.0.8-r3 or higher.

        References

        -

        More about this vulnerability

        +

        More about this vulnerability

      -

      Cross-site Scripting (XSS)

      +

      Out-of-bounds Read

      @@ -960,17 +1102,17 @@

      Cross-site Scripting (XSS)

      • - Package Manager: golang + Package Manager: alpine:3.17
      • Vulnerable module: - golang.org/x/net/html + openssl/libcrypto3
      • Introduced through: - github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 + docker-image|ghcr.io/dexidp/dex@v2.36.0 and openssl/libcrypto3@3.0.8-r0
      @@ -983,9 +1125,73 @@

      Detailed paths

      • Introduced through: - github.com/dexidp/dex@* + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 - golang.org/x/net/html@v0.11.0 + busybox/ssl_client@1.35.0-r29 + + openssl/libcrypto3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + openssl/libssl3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + apk-tools/apk-tools@2.12.10-r1 + + openssl/libssl3@3.0.8-r0 + + + +
        • +
      • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.36.0 + + busybox/ssl_client@1.35.0-r29 + + openssl/libssl3@3.0.8-r0 @@ -996,78 +1202,38 @@

        Detailed paths

        -

        Overview

        -

        golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

        -

        Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

        -

        Details

        -

        A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

        -

        This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

        -

        Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

        -

        Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

        -

        The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

        -

        Types of attacks

        -

        There are a few methods by which XSS can be manipulated:

        - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        TypeOriginDescription
        StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
        ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
        DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
        MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
        -

        Affected environments

        -

        The following environments are susceptible to an XSS attack:

        -
          -
        • Web servers
          • -
        • Application servers
          • -
        • Web application environments
          • -
        -

        How to prevent

        -

        This section describes the top best practices designed to specifically protect your code:

        -
          -
        • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
          • -
        • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
          • -
        • Give users the option to disable client-side scripts.
          • -
        • Redirect invalid requests.
          • -
        • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
          • -
        • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
          • -
        • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
          • -
        +

        NVD Description

        +

        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.17. + See How to fix? for Alpine:3.17 relevant fixed versions and status.

        +

        Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM + platform contains a bug that could cause it to read past the input buffer, + leading to a crash.

        +

        Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM + platform can crash in rare circumstances. The AES-XTS algorithm is usually + used for disk encryption.

        +

        The AES-XTS cipher decryption implementation for 64 bit ARM platform will read + past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 + byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext + buffer is unmapped, this will trigger a crash which results in a denial of + service.

        +

        If an attacker can control the size and location of the ciphertext buffer + being decrypted by an application using AES-XTS on 64 bit ARM, the + application is affected. This is fairly unlikely making this issue + a Low severity one.

        Remediation

        -

        Upgrade golang.org/x/net/html to version 0.13.0 or higher.

        +

        Upgrade Alpine:3.17 openssl to version 3.0.8-r4 or higher.

        References

        -

        More about this vulnerability

        +

        More about this vulnerability

      diff --git a/docs/snyk/v2.8.0-rc7/haproxy_2.6.14-alpine.html b/docs/snyk/v2.7.6/haproxy_2.6.14-alpine.html similarity index 99% rename from docs/snyk/v2.8.0-rc7/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.7.6/haproxy_2.6.14-alpine.html index 16cd038ee44b3..ec8f5e0639727 100644 --- a/docs/snyk/v2.8.0-rc7/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.7.6/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

      Snyk test report

      -

      August 13th 2023, 12:16:45 am (UTC+00:00)

      +

      June 25th 2023, 12:21:23 am (UTC+00:00)

      Scanned the following path: diff --git a/docs/snyk/v2.7.11/quay.io_argoproj_argocd_v2.7.11.html b/docs/snyk/v2.7.6/quay.io_argoproj_argocd_v2.7.6.html similarity index 80% rename from docs/snyk/v2.7.11/quay.io_argoproj_argocd_v2.7.11.html rename to docs/snyk/v2.7.6/quay.io_argoproj_argocd_v2.7.6.html index f155da7317d4c..3f5722dbbe540 100644 --- a/docs/snyk/v2.7.11/quay.io_argoproj_argocd_v2.7.11.html +++ b/docs/snyk/v2.7.6/quay.io_argoproj_argocd_v2.7.6.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,18 +456,18 @@

      Snyk test report

      -

      August 13th 2023, 12:20:07 am (UTC+00:00)

      +

      June 25th 2023, 12:21:49 am (UTC+00:00)

      Scanned the following paths:
        -
      • quay.io/argoproj/argocd:v2.7.11/argoproj/argocd (deb)
      • quay.io/argoproj/argocd:v2.7.11/argoproj/argo-cd/v2 (gomodules)
      • quay.io/argoproj/argocd:v2.7.11/kustomize/kustomize/v5 (gomodules)
      • quay.io/argoproj/argocd:v2.7.11/helm/v3 (gomodules)
      • quay.io/argoproj/argocd:v2.7.11/git-lfs/git-lfs (gomodules)
        • +
      • quay.io/argoproj/argocd:v2.7.6/argoproj/argocd (deb)
      • quay.io/argoproj/argocd:v2.7.6/argoproj/argo-cd/v2 (gomodules)
      • quay.io/argoproj/argocd:v2.7.6/kustomize/kustomize/v5 (gomodules)
      • quay.io/argoproj/argocd:v2.7.6/helm/v3 (gomodules)
      • quay.io/argoproj/argocd:v2.7.6/git-lfs/git-lfs (gomodules)
      19 known vulnerabilities
      -
      86 vulnerable dependency paths
      +
      66 vulnerable dependency paths
      2066 dependencies
      @@ -634,315 +634,6 @@

      References

      More about this vulnerability

      -
      -
      -

      Out-of-bounds Write

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - procps/libprocps8 -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.11 and procps/libprocps8@2:3.3.17-6ubuntu2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - procps@2:3.3.17-6ubuntu2 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - procps@2:3.3.17-6ubuntu2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream procps package and not the procps package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 procps.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2023-36054

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - krb5/libk5crypto3 -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.7.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - meta-common-packages@meta - - krb5/libkrb5support0@1.19.2-2ubuntu0.2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      -

      CVE-2022-46908

      @@ -967,7 +658,7 @@

      CVE-2022-46908

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11, gnupg2/gpg@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.7.6, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
    @@ -979,7 +670,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1038,7 +729,7 @@

      Arbitrary Code Injection

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 and shadow/passwd@1:4.8.1-2ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -1051,7 +742,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1060,7 +751,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 adduser@3.118ubuntu5 @@ -1071,9 +762,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 shadow/passwd@1:4.8.1-2ubuntu2.1 @@ -1082,7 +773,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 shadow/login@1:4.8.1-2ubuntu2.1 @@ -1139,7 +830,7 @@

      Uncontrolled Recursion

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1152,7 +843,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1161,7 +852,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 grep@3.7-1build1 @@ -1223,7 +914,7 @@

      Release of Invalid Pointer or Reference

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.6 and patch@2.7.6-7build2
    @@ -1236,7 +927,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 patch@2.7.6-7build2 @@ -1290,7 +981,7 @@

      Double Free

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.6 and patch@2.7.6-7build2
    @@ -1303,7 +994,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 patch@2.7.6-7build2 @@ -1341,7 +1032,7 @@

      References

    -

    Improper Authentication

    +

    Information Exposure

    @@ -1357,12 +1048,12 @@

    Improper Authentication

  • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 and openssl/libssl3@3.0.2-0ubuntu1.10 + docker-image|quay.io/argoproj/argocd@v2.7.6 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1375,113 +1066,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.10 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 - - openssl@3.0.2-0ubuntu1.10 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.10 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1493,42 +1080,28 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. +

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

      -

      Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

      -

      The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

      -

      As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

      +

      The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssl.

      +

      There is no fixed version for Ubuntu:22.04 openssh.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1554,7 +1127,7 @@

    CVE-2023-28531

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 and openssh/openssh-client@1:8.9p1-3ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.6 and openssh/openssh-client@1:8.9p1-3ubuntu0.1
    • @@ -1567,9 +1140,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 @@ -1591,7 +1164,6 @@

      References

    • ADVISORY
    • cve@mitre.org
    • cve@mitre.org
      • -
    • cve@mitre.org
    @@ -1624,7 +1196,7 @@

    NULL Pointer Dereference

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others + docker-image|quay.io/argoproj/argocd@v2.7.6, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others
    • @@ -1636,33 +1208,33 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/dirmngr@2.2.27-3ubuntu2.1 - openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 - openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1 + openldap/libldap-2.5-0@2.5.14+dfsg-0ubuntu0.22.04.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 - openldap/libldap-common@2.5.15+dfsg-0ubuntu0.22.04.1 + openldap/libldap-common@2.5.14+dfsg-0ubuntu0.22.04.2 @@ -1684,13 +1256,6 @@

      References

    • ADVISORY
    • secalert@redhat.com
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
      • -
    • secalert@redhat.com
    @@ -1723,7 +1288,7 @@

    Resource Exhaustion

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11, meta-common-packages@meta and others + docker-image|quay.io/argoproj/argocd@v2.7.6, meta-common-packages@meta and others
    • @@ -1735,7 +1300,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 meta-common-packages@meta @@ -1760,7 +1325,6 @@

      References

      @@ -1792,7 +1356,7 @@

      Integer Overflow or Wraparound

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 + docker-image|quay.io/argoproj/argocd@v2.7.6 and krb5/libk5crypto3@1.19.2-2ubuntu0.2
    @@ -1805,7 +1369,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 krb5/libk5crypto3@1.19.2-2ubuntu0.2 @@ -1814,7 +1378,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 adduser@3.118ubuntu5 @@ -1835,7 +1399,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 adduser@3.118ubuntu5 @@ -1858,7 +1422,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 krb5/libkrb5-3@1.19.2-2ubuntu0.2 @@ -1867,7 +1431,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 adduser@3.118ubuntu5 @@ -1888,7 +1452,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1897,9 +1461,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 - openssh/openssh-client@1:8.9p1-3ubuntu0.3 + openssh/openssh-client@1:8.9p1-3ubuntu0.1 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1908,11 +1472,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 @@ -1921,11 +1485,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 git@1:2.34.1-1ubuntu1.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 @@ -1936,7 +1500,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 adduser@3.118ubuntu5 @@ -1955,7 +1519,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 meta-common-packages@meta @@ -2014,7 +1578,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -2027,7 +1591,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2036,7 +1600,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 apt@2.4.9 @@ -2047,7 +1611,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2058,7 +1622,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2069,7 +1633,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2080,7 +1644,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2093,7 +1657,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2106,7 +1670,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2115,7 +1679,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2126,7 +1690,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2139,7 +1703,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -2148,7 +1712,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2159,7 +1723,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2168,7 +1732,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2179,7 +1743,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2188,7 +1752,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2199,7 +1763,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2212,7 +1776,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2225,7 +1789,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2234,7 +1798,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2245,7 +1809,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2258,7 +1822,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2271,7 +1835,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2280,7 +1844,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2291,7 +1855,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2300,7 +1864,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2311,7 +1875,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2320,7 +1884,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2331,7 +1895,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2390,7 +1954,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 and glibc/libc-bin@2.35-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and glibc/libc-bin@2.35-0ubuntu3.1
    @@ -2403,7 +1967,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 glibc/libc-bin@2.35-0ubuntu3.1 @@ -2412,7 +1976,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 meta-common-packages@meta @@ -2471,7 +2035,7 @@

      Improper Input Validation

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11, git@1:2.34.1-1ubuntu1.9 and others + docker-image|quay.io/argoproj/argocd@v2.7.6, git@1:2.34.1-1ubuntu1.9 and others
    @@ -2483,7 +2047,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 git@1:2.34.1-1ubuntu1.9 @@ -2494,7 +2058,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 git@1:2.34.1-1ubuntu1.9 @@ -2503,7 +2067,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 git-lfs@3.0.2-1ubuntu0.2 @@ -2537,6 +2101,150 @@

      References

      More about this vulnerability

    +
    +
    +

    CVE-2023-28322

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.7.6, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.6 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Certificate Validation

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + curl/libcurl3-gnutls +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.7.6, git@1:2.34.1-1ubuntu1.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.6 + + git@1:2.34.1-1ubuntu1.9 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.10 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu:22.04. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with xn-- and should not be allowed to pattern match, but the wildcard check in curl could still check for x*, which would match even though the IDN name most likely contained nothing even resembling an x.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 curl.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Improper Input Validation

    @@ -2560,7 +2268,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 and coreutils@8.32-4.1ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and coreutils@8.32-4.1ubuntu1
    • @@ -2573,7 +2281,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 coreutils@8.32-4.1ubuntu1 @@ -2630,7 +2338,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 and bash@5.1-6ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.7.6 and bash@5.1-6ubuntu1
    @@ -2643,7 +2351,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.7.11 + docker-image|quay.io/argoproj/argocd@v2.7.6 bash@5.1-6ubuntu1 diff --git a/docs/snyk/v2.7.6/redis_7.0.11-alpine.html b/docs/snyk/v2.7.6/redis_7.0.11-alpine.html new file mode 100644 index 0000000000000..442e65a79af43 --- /dev/null +++ b/docs/snyk/v2.7.6/redis_7.0.11-alpine.html @@ -0,0 +1,492 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
      +
      +
      +
      + + + Snyk - Open Source Security + + + + + + + +
      +

      Snyk test report

      + +

      June 25th 2023, 12:21:53 am (UTC+00:00)

      +
      +
      + Scanned the following path: +
        +
      • redis:7.0.11-alpine (apk)
        • +
      +
      + +
      +
      0 known vulnerabilities
      +
      0 vulnerable dependency paths
      +
      18 dependencies
      +
      +
      +
      +
      +
      + + + + + + + +
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      +
      +
      + No known vulnerabilities detected. +
      +
      + + + diff --git a/docs/snyk/v2.8.0-rc7/argocd-iac-install.html b/docs/snyk/v2.8.0-rc7/argocd-iac-install.html deleted file mode 100644 index 15df1e7e70c21..0000000000000 --- a/docs/snyk/v2.8.0-rc7/argocd-iac-install.html +++ /dev/null @@ -1,2679 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      August 13th 2023, 12:18:53 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • /argo-cd/manifests/install.yaml (Kubernetes)
        • -
      -
      - -
      -
      40 total issues
      -
      -
      -
      -
      - -
      - - - - - - -
      Project manifests/install.yaml
      Path /argo-cd/manifests/install.yaml
      Project Type Kubernetes
      -
      -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 10] - - rules[0] - - resources - -
        • - -
      • - Line number: 18466 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 11] - - rules[4] - - resources - -
        • - -
      • - Line number: 18543 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
        • - -
      • - Line number: 18571 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 13] - - rules[3] - - resources - -
        • - -
      • - Line number: 18619 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 13] - - rules[1] - - resources - -
        • - -
      • - Line number: 18601 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 14] - - rules[0] - - resources - -
        • - -
      • - Line number: 18635 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container could be running with outdated image

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-42 -
        • - -
      • Introduced through: - [DocId: 45] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
        • - -
      • - Line number: 19731 -
        • -
      - -
      - -

      Impact

      -

      The container may run with outdated or unauthorized image

      - -

      Remediation

      -

      Set `imagePullPolicy` attribute to `Always`

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 41] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 19106 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 19339 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 19305 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 19399 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 19486 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 19731 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 19543 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 19816 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 20132 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running with multiple open ports

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-36 -
        • - -
      • Introduced through: - [DocId: 42] - - spec - - template - - spec - - containers[dex] - - ports - -
        • - -
      • - Line number: 19319 -
        • -
      - -
      - -

      Impact

      -

      Increases the attack surface of the application and the container.

      - -

      Remediation

      -

      Reduce `ports` count to 2

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without liveness probe

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-41 -
        • - -
      • Introduced through: - [DocId: 41] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
        • - -
      • - Line number: 19106 -
        • -
      - -
      - -

      Impact

      -

      Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

      - -

      Remediation

      -

      Add `livenessProbe` attribute

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without liveness probe

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-41 -
        • - -
      • Introduced through: - [DocId: 42] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
        • - -
      • - Line number: 19305 -
        • -
      - -
      - -

      Impact

      -

      Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

      - -

      Remediation

      -

      Add `livenessProbe` attribute

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without liveness probe

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-41 -
        • - -
      • Introduced through: - [DocId: 42] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
        • - -
      • - Line number: 19339 -
        • -
      - -
      - -

      Impact

      -

      Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

      - -

      Remediation

      -

      Add `livenessProbe` attribute

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without liveness probe

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-41 -
        • - -
      • Introduced through: - [DocId: 44] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
        • - -
      • - Line number: 19486 -
        • -
      - -
      - -

      Impact

      -

      Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

      - -

      Remediation

      -

      Add `livenessProbe` attribute

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without liveness probe

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-41 -
        • - -
      • Introduced through: - [DocId: 45] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
        • - -
      • - Line number: 19731 -
        • -
      - -
      - -

      Impact

      -

      Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

      - -

      Remediation

      -

      Add `livenessProbe` attribute

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 41] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
        • - -
      • - Line number: 19106 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
        • - -
      • - Line number: 19305 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
        • - -
      • - Line number: 19339 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
        • - -
      • - Line number: 19399 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
        • - -
      • - Line number: 19486 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
        • - -
      • - Line number: 19731 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
        • - -
      • - Line number: 19543 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
        • - -
      • - Line number: 19816 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
        • - -
      • - Line number: 20132 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 41] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 19229 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 19347 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 42] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 19322 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 43] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 19420 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 44] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 19496 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 19738 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 19704 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 20042 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 20280 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -
      - -
      - - - diff --git a/docs/snyk/v2.8.0-rc7/argocd-iac-namespace-install.html b/docs/snyk/v2.8.0-rc7/argocd-iac-namespace-install.html deleted file mode 100644 index 48793bb6c3e54..0000000000000 --- a/docs/snyk/v2.8.0-rc7/argocd-iac-namespace-install.html +++ /dev/null @@ -1,2679 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      August 13th 2023, 12:19:05 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
        • -
      -
      - -
      -
      40 total issues
      -
      -
      -
      -
      - -
      - - - - - - -
      Project manifests/namespace-install.yaml
      Path /argo-cd/manifests/namespace-install.yaml
      Project Type Kubernetes
      -
      -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 7] - - rules[0] - - resources - -
        • - -
      • - Line number: 77 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 8] - - rules[4] - - resources - -
        • - -
      • - Line number: 154 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 9] - - rules[0] - - resources - -
        • - -
      • - Line number: 182 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 10] - - rules[3] - - resources - -
        • - -
      • - Line number: 230 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 10] - - rules[1] - - resources - -
        • - -
      • - Line number: 212 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Role with dangerous permissions

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-47 -
        • - -
      • Introduced through: - [DocId: 11] - - rules[0] - - resources - -
        • - -
      • - Line number: 246 -
        • -
      - -
      - -

      Impact

      -

      Using this role grants dangerous permissions

      - -

      Remediation

      -

      Consider removing this permissions

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container could be running with outdated image

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-42 -
        • - -
      • Introduced through: - [DocId: 38] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
        • - -
      • - Line number: 1249 -
        • -
      - -
      - -

      Impact

      -

      The container may run with outdated or unauthorized image

      - -

      Remediation

      -

      Set `imagePullPolicy` attribute to `Always`

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 624 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 857 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 823 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 917 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 1004 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 1249 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 1061 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 1334 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container has no CPU limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-5 -
        • - -
      • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
        • - -
      • - Line number: 1650 -
        • -
      - -
      - -

      Impact

      -

      CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

      - -

      Remediation

      -

      Add `resources.limits.cpu` field with required CPU limit value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running with multiple open ports

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-36 -
        • - -
      • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[dex] - - ports - -
        • - -
      • - Line number: 837 -
        • -
      - -
      - -

      Impact

      -

      Increases the attack surface of the application and the container.

      - -

      Remediation

      -

      Reduce `ports` count to 2

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without liveness probe

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-41 -
        • - -
      • Introduced through: - [DocId: 34] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
        • - -
      • - Line number: 624 -
        • -
      - -
      - -

      Impact

      -

      Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

      - -

      Remediation

      -

      Add `livenessProbe` attribute

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without liveness probe

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-41 -
        • - -
      • Introduced through: - [DocId: 35] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
        • - -
      • - Line number: 823 -
        • -
      - -
      - -

      Impact

      -

      Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

      - -

      Remediation

      -

      Add `livenessProbe` attribute

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without liveness probe

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-41 -
        • - -
      • Introduced through: - [DocId: 35] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
        • - -
      • - Line number: 857 -
        • -
      - -
      - -

      Impact

      -

      Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

      - -

      Remediation

      -

      Add `livenessProbe` attribute

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without liveness probe

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-41 -
        • - -
      • Introduced through: - [DocId: 37] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
        • - -
      • - Line number: 1004 -
        • -
      - -
      - -

      Impact

      -

      Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

      - -

      Remediation

      -

      Add `livenessProbe` attribute

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without liveness probe

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-41 -
        • - -
      • Introduced through: - [DocId: 38] - - spec - - template - - spec - - initContainers[copyutil] - - livenessProbe - -
        • - -
      • - Line number: 1249 -
        • -
      - -
      - -

      Impact

      -

      Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

      - -

      Remediation

      -

      Add `livenessProbe` attribute

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
        • - -
      • - Line number: 624 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
        • - -
      • - Line number: 823 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
        • - -
      • - Line number: 857 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
        • - -
      • - Line number: 917 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
        • - -
      • - Line number: 1004 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
        • - -
      • - Line number: 1249 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
        • - -
      • - Line number: 1061 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
        • - -
      • - Line number: 1334 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container is running without memory limit

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-4 -
        • - -
      • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
        • - -
      • - Line number: 1650 -
        • -
      - -
      - -

      Impact

      -

      Containers without memory limits are more likely to be terminated when the node runs out of memory

      - -

      Remediation

      -

      Set `resources.limits.memory` value

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 34] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 747 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 865 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 35] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 840 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 36] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 938 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 37] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 1014 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 1256 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 38] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 1222 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 1560 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -

      Container's or Pod's UID could clash with host's UID

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Public ID: SNYK-CC-K8S-11 -
        • - -
      • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
        • - -
      • - Line number: 1798 -
        • -
      - -
      - -

      Impact

      -

      UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

      - -

      Remediation

      -

      Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

      - - -
      -
      - -
      -

      More about this issue

      -
      - -
      -
      -
      - -
      - - - diff --git a/docs/snyk/v2.8.0-rc7/argocd-test.html b/docs/snyk/v2.8.0-rc7/argocd-test.html deleted file mode 100644 index 0f8c20b574591..0000000000000 --- a/docs/snyk/v2.8.0-rc7/argocd-test.html +++ /dev/null @@ -1,566 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      August 13th 2023, 12:16:34 am (UTC+00:00)

      -
      -
      - Scanned the following paths: -
        -
      • /argo-cd/argoproj/argo-cd/v2 (gomodules)
      • /argo-cd (yarn)
        • -
      -
      - -
      -
      1 known vulnerabilities
      -
      1 vulnerable dependency paths
      -
      1851 dependencies
      -
      -
      -
      -
      - -
      -
      -
      -

      Denial of Service (DoS)

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: golang -
        • -
      • - Vulnerable module: - - nhooyr.io/websocket -
        • - -
      • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 and others -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - nhooyr.io/websocket@1.8.6 - - - -
        • -
      - -
      - -
      - -

      Overview

      -

      nhooyr.io/websocket is a minimal and idiomatic WebSocket library for Go.

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS). A double channel close panic is possible if a peer sent back multiple pongs for every ping. - If the second pong arrived before the ping goroutine deleted its channel from the map, the channel would be closed twice and a panic would - occur.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      -

      Remediation

      -

      Upgrade nhooyr.io/websocket to version 1.8.7 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.8.0-rc7/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.8.0-rc7/ghcr.io_dexidp_dex_v2.37.0.html deleted file mode 100644 index 084d7911d5698..0000000000000 --- a/docs/snyk/v2.8.0-rc7/ghcr.io_dexidp_dex_v2.37.0.html +++ /dev/null @@ -1,1079 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      August 13th 2023, 12:16:41 am (UTC+00:00)

      -
      -
      - Scanned the following paths: -
        -
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
      • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 (gomodules)
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
      • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (gomodules)
        • -
      -
      - -
      -
      4 known vulnerabilities
      -
      22 vulnerable dependency paths
      -
      786 dependencies
      -
      -
      -
      -
      - -
      -
      -
      -

      Improper Authentication

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

      -

      Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

      -

      The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

      -

      As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Inefficient Regular Expression Complexity

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

      -

      However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Excessive Iteration

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Cross-site Scripting (XSS)

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: golang -
        • -
      • - Vulnerable module: - - golang.org/x/net/html -
        • - -
      • Introduced through: - - github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/html@v0.11.0 - - - -
        • -
      - -
      - -
      - -

      Overview

      -

      golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

      -

      Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

      -

      Details

      -

      A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

      -

      This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

      -

      Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

      -

      Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

      -

      The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

      -

      Types of attacks

      -

      There are a few methods by which XSS can be manipulated:

      - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      TypeOriginDescription
      StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
      ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
      DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
      MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
      -

      Affected environments

      -

      The following environments are susceptible to an XSS attack:

      -
        -
      • Web servers
        • -
      • Application servers
        • -
      • Web application environments
        • -
      -

      How to prevent

      -

      This section describes the top best practices designed to specifically protect your code:

      -
        -
      • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
        • -
      • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
        • -
      • Give users the option to disable client-side scripts.
        • -
      • Redirect invalid requests.
        • -
      • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
        • -
      • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
        • -
      • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
        • -
      -

      Remediation

      -

      Upgrade golang.org/x/net/html to version 0.13.0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.8.0-rc7/quay.io_argoproj_argocd_v2.8.0-rc7.html b/docs/snyk/v2.8.0-rc7/quay.io_argoproj_argocd_v2.8.0-rc7.html deleted file mode 100644 index 4e00c0a021d27..0000000000000 --- a/docs/snyk/v2.8.0-rc7/quay.io_argoproj_argocd_v2.8.0-rc7.html +++ /dev/null @@ -1,2604 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      August 13th 2023, 12:17:14 am (UTC+00:00)

      -
      -
      - Scanned the following paths: -
        -
      • quay.io/argoproj/argocd:v2.8.0-rc7/argoproj/argocd (deb)
      • quay.io/argoproj/argocd:v2.8.0-rc7/argoproj/argo-cd/v2 (gomodules)
      • quay.io/argoproj/argocd:v2.8.0-rc7/kustomize/kustomize/v5 (gomodules)
      • quay.io/argoproj/argocd:v2.8.0-rc7/helm/v3 (gomodules)
      • quay.io/argoproj/argocd:v2.8.0-rc7/git-lfs/git-lfs (gomodules)
        • -
      -
      - -
      -
      18 known vulnerabilities
      -
      85 vulnerable dependency paths
      -
      2117 dependencies
      -
      -
      -
      -
      - -
      -
      -
      -

      Denial of Service (DoS)

      -
      - -
      - high severity -
      - -
      - -
        -
      • - Package Manager: golang -
        • -
      • - Vulnerable module: - - nhooyr.io/websocket -
        • - -
      • Introduced through: - - github.com/argoproj/argo-cd/v2@* and nhooyr.io/websocket@v1.8.6 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - nhooyr.io/websocket@v1.8.6 - - - -
        • -
      - -
      - -
      - -

      Overview

      -

      nhooyr.io/websocket is a minimal and idiomatic WebSocket library for Go.

      -

      Affected versions of this package are vulnerable to Denial of Service (DoS). A double channel close panic is possible if a peer sent back multiple pongs for every ping. - If the second pong arrived before the ping goroutine deleted its channel from the map, the channel would be closed twice and a panic would - occur.

      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      -

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      -

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      -

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      -

      Two common types of DoS vulnerabilities:

      -
        -

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        -
        • -

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        -
        • -
      -

      Remediation

      -

      Upgrade nhooyr.io/websocket to version 1.8.7 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Out-of-bounds Write

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - procps/libprocps8 -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and procps/libprocps8@2:3.3.17-6ubuntu2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - procps@2:3.3.17-6ubuntu2 - - procps/libprocps8@2:3.3.17-6ubuntu2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - procps@2:3.3.17-6ubuntu2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream procps package and not the procps package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 procps.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2023-36054

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - krb5/libk5crypto3 -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - meta-common-packages@meta - - krb5/libkrb5support0@1.19.2-2ubuntu0.2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2022-46908

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - sqlite3/libsqlite3-0 -
        • - -
      • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7, gnupg2/gpg@2.2.27-3ubuntu2.1 and others -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - sqlite3/libsqlite3-0@3.37.2-2ubuntu0.1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 sqlite3.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Arbitrary Code Injection

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - shadow/passwd -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and shadow/passwd@1:4.8.1-2ubuntu2.1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - shadow/login@1:4.8.1-2ubuntu2.1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 shadow.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Uncontrolled Recursion

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - pcre3/libpcre3 -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - grep@3.7-1build1 - - pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 pcre3.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Release of Invalid Pointer or Reference

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - patch -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and patch@2.7.6-7build2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - patch@2.7.6-7build2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 patch.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Double Free

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - patch -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and patch@2.7.6-7build2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - patch@2.7.6-7build2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 patch.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Authentication

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - openssl/libssl3 -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and openssl/libssl3@3.0.2-0ubuntu1.10 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.10 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - openssl/libssl3@3.0.2-0ubuntu1.10 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - openssl@3.0.2-0ubuntu1.10 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.10 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

      -

      Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

      -

      The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

      -

      As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssl.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      CVE-2023-28531

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - openssh/openssh-client -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and openssh/openssh-client@1:8.9p1-3ubuntu0.3 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssh.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      NULL Pointer Dereference

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - openldap/libldap-2.5-0 -
        • - -
      • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7, gnupg2/dirmngr@2.2.27-3ubuntu2.1 and others -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - openldap/libldap-2.5-0@2.5.15+dfsg-0ubuntu0.22.04.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - openldap/libldap-common@2.5.15+dfsg-0ubuntu0.22.04.1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openldap package and not the openldap package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openldap.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Resource Exhaustion

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - libzstd/libzstd1 -
        • - -
      • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7, meta-common-packages@meta and others -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - meta-common-packages@meta - - libzstd/libzstd1@1.4.8+dfsg-3build1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 libzstd.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Integer Overflow or Wraparound

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - krb5/libk5crypto3 -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and krb5/libk5crypto3@1.19.2-2ubuntu0.2 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - krb5/libk5crypto3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - krb5/libkrb5-3@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - openssh/openssh-client@1:8.9p1-3ubuntu0.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - git@1:2.34.1-1ubuntu1.9 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.13 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.1 - - pam/libpam-modules@1.4.0-11ubuntu2.3 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.2 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - meta-common-packages@meta - - krb5/libkrb5support0@1.19.2-2ubuntu0.2 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Out-of-bounds Write

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - gnupg2/gpgv -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and gnupg2/gpgv@2.2.27-3ubuntu2.1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - apt@2.4.9 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgv@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpgsm@2.2.27-3ubuntu2.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 gnupg2.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Allocation of Resources Without Limits or Throttling

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - glibc/libc-bin -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and glibc/libc-bin@2.35-0ubuntu3.1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - glibc/libc-bin@2.35-0ubuntu3.1 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - meta-common-packages@meta - - glibc/libc6@2.35-0ubuntu3.1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 glibc.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Input Validation

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - git/git-man -
        • - -
      • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7, git@1:2.34.1-1ubuntu1.9 and others -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - git@1:2.34.1-1ubuntu1.9 - - git/git-man@1:2.34.1-1ubuntu1.9 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - git@1:2.34.1-1ubuntu1.9 - - - -
        • -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - git-lfs@3.0.2-1ubuntu0.2 - - git@1:2.34.1-1ubuntu1.9 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 git.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Improper Input Validation

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - coreutils -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and coreutils@8.32-4.1ubuntu1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - coreutils@8.32-4.1ubuntu1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 coreutils.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Out-of-bounds Write

      -
      - -
      - low severity -
      - -
      - -
        -
      • - Package Manager: ubuntu:22.04 -
        • -
      • - Vulnerable module: - - bash -
        • - -
      • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 and bash@5.1-6ubuntu1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.0-rc7 - - bash@5.1-6ubuntu1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu:22.04. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 bash.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/snyk/v2.8.0-rc7/redis_7.0.11-alpine.html b/docs/snyk/v2.8.0-rc7/redis_7.0.11-alpine.html deleted file mode 100644 index 1293d04e5adf8..0000000000000 --- a/docs/snyk/v2.8.0-rc7/redis_7.0.11-alpine.html +++ /dev/null @@ -1,1031 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
      -
      -
      -
      - - - Snyk - Open Source Security - - - - - - - -
      -

      Snyk test report

      - -

      August 13th 2023, 12:17:20 am (UTC+00:00)

      -
      -
      - Scanned the following path: -
        -
      • redis:7.0.11-alpine (apk)
        • -
      -
      - -
      -
      3 known vulnerabilities
      -
      27 vulnerable dependency paths
      -
      18 dependencies
      -
      -
      -
      -
      -
      - - - - - - - -
      Project docker-image|redis
      Path redis:7.0.11-alpine
      Package Manager apk
      -
      -
      -
      -
      -

      Improper Authentication

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

      -

      Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

      -

      The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

      -

      As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Inefficient Regular Expression Complexity

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

      -

      However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -

      Excessive Iteration

      -
      - -
      - medium severity -
      - -
      - -
        -
      • - Package Manager: alpine:3.18 -
        • -
      • - Vulnerable module: - - openssl/libcrypto3 -
        • - -
      • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
        • -
      - -
      - - -

      Detailed paths

      - -
        -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
        • -
      - -
      - -
      - -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine:3.18. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

      -

      The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

      -

      An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

      -

      The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

      -

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
      -
      -
      -
      - - - diff --git a/docs/user-guide/annotations-and-labels.md b/docs/user-guide/annotations-and-labels.md new file mode 100644 index 0000000000000..4e3a997b393d4 --- /dev/null +++ b/docs/user-guide/annotations-and-labels.md @@ -0,0 +1,26 @@ +# Annotations and Labels used by Argo CD + +## Annotations + +| Annotation key | Target resource(es) | Possible values | Description | +|--------------------------------------------|---------------------|---------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| argocd.argoproj.io/application-set-refresh | ApplicationSet | `"true"` | Added when an ApplicationSet is requested to be refreshed by a webhook. The ApplicationSet controller will remove this annotation at the end of reconciliation. | +| argocd.argoproj.io/compare-options | any | [see compare options docs](compare-options.md) | Configures how an app's current state is compared to its desired state. | +| argocd.argoproj.io/hook | any | [see resource hooks docs](resource_hooks.md) | Used to configure [resource hooks](resource_hooks.md). | +| argocd.argoproj.io/hook-delete-policy | any | [see resource hooks docs](resource_hooks.md#hook-deletion-policies) | Used to set a [resource hook's deletion policy](resource_hooks.md#hook-deletion-policies). | +| argocd.argoproj.io/manifest-generate-paths | Application | [see scaling docs](../operator-manual/high_availability.md#webhook-and-manifest-paths-annotation) | Used to avoid unnecessary Application refreshes, especially in mono-repos. | +| argocd.argoproj.io/refresh | Application | `normal`, `hard` | Indicates that app needs to be refreshed. Removed by application controller after app is refreshed. Value `"hard"` means manifest cache and target cluster state cache should be invalidated before refresh. | +| argocd.argoproj.io/skip-reconcile | Application | `"true"` | Indicates to the Argo CD application controller that the Application should not be reconciled. See the [skip reconcile documentation](skip_reconcile.md) for use cases. | +| argocd.argoproj.io/sync-options | any | [see sync options docs](sync-options.md) | Provides a variety of settings to determine how an Application's resources are synced. | +| argocd.argoproj.io/sync-wave | any | [see sync waves docs](sync-waves.md) | | +| argocd.argoproj.io/tracking-id | any | any | Used by Argo CD to track resources it manages. See [resource tracking docs](resource_tracking.md) for details. | +| link.argocd.argoproj.io/{some link name} | any | An http(s) URL | Adds a link to the Argo CD UI for the resource. See [external URL docs](external-url.md) for details. | +| pref.argocd.argoproj.io/default-pod-sort | Application | [see UI customization docs](../operator-manual/ui-customization.md) | Sets the Application's default grouping mechanism. | +| pref.argocd.argoproj.io/default-view | Application | [see UI customization docs](../operator-manual/ui-customization.md) | Sets the Application's default view mode (e.g. "tree" or "list") | + +## Labels + +| Label key | Target resource(es) | Possible values | Description | +|--------------------------------|---------------------|---------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------| +| argocd.argoproj.io/instance | Application | any | Recommended tracking label to [avoid conflicts with other tools which use `app.kubernetes.io/instance`](../faq.md#why-is-my-app-out-of-sync-even-after-syncing. | +| argocd.argoproj.io/secret-type | Secret | `cluster`, `repository`, `repo-creds` | Identifies certain types of Secrets used by Argo CD. See the [Declarative Setup docs](../operator-manual/declarative-setup.md) for details. | diff --git a/docs/user-guide/app_deletion.md b/docs/user-guide/app_deletion.md index a1eaedf41cd04..65a17e7eb53ff 100644 --- a/docs/user-guide/app_deletion.md +++ b/docs/user-guide/app_deletion.md @@ -54,7 +54,7 @@ When deleting an Application with this finalizer, the Argo CD application contro Adding the finalizer enables cascading deletes when implementing [the App of Apps pattern](../operator-manual/cluster-bootstrapping.md#cascading-deletion). The default propagation policy for cascading deletion is [foreground cascading deletion](https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion). -Argo CD performs [background cascading deletion](https://kubernetes.io/docs/concepts/architecture/garbage-collection/#background-deletion) when `resources-finalizer.argocd.argoproj.io/background` is set. +ArgoCD performs [background cascading deletion](https://kubernetes.io/docs/concepts/architecture/garbage-collection/#background-deletion) when `resources-finalizer.argocd.argoproj.io/background` is set. When you invoke `argocd app delete` with `--cascade`, the finalizer is added automatically. You can set the propagation policy with `--propagation-policy `. diff --git a/docs/user-guide/build-environment.md b/docs/user-guide/build-environment.md index 8e2448f4f9e7f..56f6e6b436463 100644 --- a/docs/user-guide/build-environment.md +++ b/docs/user-guide/build-environment.md @@ -3,11 +3,10 @@ [Custom tools](../operator-manual/config-management-plugins.md), [Helm](helm.md), [Jsonnet](jsonnet.md), and [Kustomize](kustomize.md) support the following build env vars: | Variable | Description | -|-------------------------------------|-------------------------------------------------------------------------| +| ----------------------------------- | ----------------------------------------------------------------------- | | `ARGOCD_APP_NAME` | The name of the application. | | `ARGOCD_APP_NAMESPACE` | The destination namespace of the application. | | `ARGOCD_APP_REVISION` | The resolved revision, e.g. `f913b6cbf58aa5ae5ca1f8a2b149477aebcbd9d8`. | -| `ARGOCD_APP_REVISION_SHORT` | The resolved short revision, e.g. `f913b6c`. | | `ARGOCD_APP_SOURCE_PATH` | The path of the app within the source repo. | | `ARGOCD_APP_SOURCE_REPO_URL` | The source repo URL. | | `ARGOCD_APP_SOURCE_TARGET_REVISION` | The target revision from the spec, e.g. `master`. | diff --git a/docs/user-guide/commands/argocd_account_update-password.md b/docs/user-guide/commands/argocd_account_update-password.md index 9e0f4e8f95928..e386e7b69f20a 100644 --- a/docs/user-guide/commands/argocd_account_update-password.md +++ b/docs/user-guide/commands/argocd_account_update-password.md @@ -29,10 +29,10 @@ argocd account update-password [flags] ### Options ``` - --account string An account name that should be updated. Defaults to current user account - --current-password string Password of the currently logged on user + --account string an account name that should be updated. Defaults to current user account + --current-password string password of the currently logged on user -h, --help help for update-password - --new-password string New password you want to update to + --new-password string new password you want to update to ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_app_sync.md b/docs/user-guide/commands/argocd_app_sync.md index 716b7b81096d8..798fcecdd8a03 100644 --- a/docs/user-guide/commands/argocd_app_sync.md +++ b/docs/user-guide/commands/argocd_app_sync.md @@ -36,7 +36,6 @@ argocd app sync [APPNAME... | -l selector | --project project-name] [flags] ### Options ``` - --apply-out-of-sync-only Sync only out-of-sync resources --assumeYes Assume yes as answer for all user queries or prompts --async Do not wait for application to sync before continuing --dry-run Preview apply without affecting cluster diff --git a/docs/user-guide/commands/argocd_cert_add-tls.md b/docs/user-guide/commands/argocd_cert_add-tls.md index f81838538d598..0500e19c071dd 100644 --- a/docs/user-guide/commands/argocd_cert_add-tls.md +++ b/docs/user-guide/commands/argocd_cert_add-tls.md @@ -9,7 +9,7 @@ argocd cert add-tls SERVERNAME [flags] ### Options ``` - --from string Read TLS certificate data from file (default is to read from stdin) + --from string read TLS certificate data from file (default is to read from stdin) -h, --help help for add-tls --upsert Replace existing TLS certificate if certificate is different in input ``` diff --git a/docs/user-guide/commands/argocd_cert_list.md b/docs/user-guide/commands/argocd_cert_list.md index b2dc1c04491df..8aed9cc7ab61f 100644 --- a/docs/user-guide/commands/argocd_cert_list.md +++ b/docs/user-guide/commands/argocd_cert_list.md @@ -9,11 +9,11 @@ argocd cert list [flags] ### Options ``` - --cert-type string Only list certificates of given type, valid: 'ssh','https' + --cert-type string only list certificates of given type, valid: 'ssh','https' -h, --help help for list - --hostname-pattern string Only list certificates for hosts matching given glob-pattern + --hostname-pattern string only list certificates for hosts matching given glob-pattern -o, --output string Output format. One of: json|yaml|wide (default "wide") - --sort string Set display sort order for output format wide. One of: hostname|type + --sort string set display sort order for output format wide. One of: hostname|type ``` ### Options inherited from parent commands diff --git a/docs/user-guide/environment-variables.md b/docs/user-guide/environment-variables.md index 461195d9ce855..ceea5798e83a3 100644 --- a/docs/user-guide/environment-variables.md +++ b/docs/user-guide/environment-variables.md @@ -4,6 +4,6 @@ The following environment variables can be used with `argocd` CLI: | Environment Variable | Description | | --- | --- | -| `ARGOCD_SERVER` | the address of the Argo CD server without `https://` prefix
      (instead of specifying `--server` for every command)
      eg. `ARGOCD_SERVER=argocd.mycompany.com` if served through an ingress with DNS | -| `ARGOCD_AUTH_TOKEN` | the Argo CD `apiKey` for your Argo CD user to be able to authenticate | +| `ARGOCD_SERVER` | the address of the ArgoCD server without `https://` prefix
      (instead of specifying `--server` for every command)
      eg. `ARGOCD_SERVER=argocd.mycompany.com` if served through an ingress with DNS | +| `ARGOCD_AUTH_TOKEN` | the ArgoCD `apiKey` for your ArgoCD user to be able to authenticate | | `ARGOCD_OPTS` | command-line options to pass to `argocd` CLI
      eg. `ARGOCD_OPTS="--grpc-web"` | diff --git a/docs/user-guide/external-url.md b/docs/user-guide/external-url.md index 792b8465b233b..173a8724c5fea 100644 --- a/docs/user-guide/external-url.md +++ b/docs/user-guide/external-url.md @@ -1,6 +1,6 @@ # Add external URL -You can add additional external links to Argo CD dashboard. For example +You can add additional external links to ArgoCD dashboard. For example links monitoring pages or documentation instead of just ingress hosts or other apps. ArgoCD generates a clickable links to external pages for a resource based on per resource annotation. diff --git a/docs/user-guide/extra_info.md b/docs/user-guide/extra_info.md index 298b457a81bd4..0a27e497ec46d 100644 --- a/docs/user-guide/extra_info.md +++ b/docs/user-guide/extra_info.md @@ -1,6 +1,6 @@ # Add extra Application info -You can add additional information to an Application on your Argo CD dashboard. +You can add additional information to an Application on your ArgoCD dashboard. If you wish to add clickable links, see [Add external URL](https://argo-cd.readthedocs.io/en/stable/user-guide/external-url/). This is done by providing the 'info' field a key-value in your Application manifest. @@ -21,7 +21,7 @@ info: ``` ![External link](../assets/extra_info-1.png) -The additional information will be visible on the Argo CD Application details page. +The additional information will be visible on the ArgoCD Application details page. ![External link](../assets/extra_info.png) diff --git a/docs/user-guide/helm.md b/docs/user-guide/helm.md index b4681a169b181..5c8b8c020adf5 100644 --- a/docs/user-guide/helm.md +++ b/docs/user-guide/helm.md @@ -122,7 +122,7 @@ source: ## Helm Release Name -By default, the Helm release name is equal to the Application name to which it belongs. Sometimes, especially on a centralised Argo CD, +By default, the Helm release name is equal to the Application name to which it belongs. Sometimes, especially on a centralised ArgoCD, you may want to override that name, and it is possible with the `release-name` flag on the cli: ```bash @@ -138,7 +138,7 @@ source: ``` !!! warning "Important notice on overriding the release name" - Please note that overriding the Helm release name might cause problems when the chart you are deploying is using the `app.kubernetes.io/instance` label. Argo CD injects this label with the value of the Application name for tracking purposes. So when overriding the release name, the Application name will stop being equal to the release name. Because Argo CD will overwrite the label with the Application name it might cause some selectors on the resources to stop working. In order to avoid this we can configure Argo CD to use another label for tracking in the [ArgoCD configmap argocd-cm.yaml](../operator-manual/argocd-cm.yaml) - check the lines describing `application.instanceLabelKey`. + Please note that overriding the Helm release name might cause problems when the chart you are deploying is using the `app.kubernetes.io/instance` label. ArgoCD injects this label with the value of the Application name for tracking purposes. So when overriding the release name, the Application name will stop being equal to the release name. Because ArgoCD will overwrite the label with the Application name it might cause some selectors on the resources to stop working. In order to avoid this we can configure ArgoCD to use another label for tracking in the [ArgoCD configmap argocd-cm.yaml](../operator-manual/argocd-cm.yaml) - check the lines describing `application.instanceLabelKey`. ## Helm Hooks diff --git a/docs/user-guide/jsonnet.md b/docs/user-guide/jsonnet.md index 194daa06c2591..699cd45335b61 100644 --- a/docs/user-guide/jsonnet.md +++ b/docs/user-guide/jsonnet.md @@ -1,6 +1,6 @@ # Jsonnet -Any file matching `*.jsonnet` in a directory app is treated as a Jsonnet file. Argo CD evaluates the Jsonnet and is able to parse a generated object or array. +Any file matching `*.jsonnet` in a directory app is treated as a Jsonnet file. ArgoCD evaluates the Jsonnet and is able to parse a generated object or array. ## Build Environment diff --git a/docs/user-guide/private-repositories.md b/docs/user-guide/private-repositories.md index 790e3eca91ec2..28fe8608f2676 100644 --- a/docs/user-guide/private-repositories.md +++ b/docs/user-guide/private-repositories.md @@ -3,7 +3,7 @@ !!!note Some Git hosters - notably GitLab and possibly on-premise GitLab instances as well - require you to specify the `.git` suffix in the repository URL, otherwise they will send a HTTP 301 redirect to the - repository URL suffixed with `.git`. Argo CD will **not** follow these redirects, so you have to + repository URL suffixed with `.git`. ArgoCD will **not** follow these redirects, so you have to adapt your repository URL to be suffixed with `.git`. ## Credentials @@ -52,7 +52,7 @@ Then, connect the repository using any non-empty string as username and the acce ### TLS Client Certificates for HTTPS repositories -If your repository server requires you to use TLS client certificates for authentication, you can configure Argo CD repositories to make use of them. For this purpose, `--tls-client-cert-path` and `--tls-client-cert-key-path` switches to the `argocd repo add` command can be used to specify the files on your local system containing client certificate and the corresponding key, respectively: +If your repository server requires you to use TLS client certificates for authentication, you can configure ArgoCD repositories to make use of them. For this purpose, `--tls-client-cert-path` and `--tls-client-cert-key-path` switches to the `argocd repo add` command can be used to specify the files on your local system containing client certificate and the corresponding key, respectively: ``` argocd repo add https://repo.example.com/repo.git --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key @@ -63,7 +63,7 @@ Of course, you can also use this in combination with the `--username` and `--pas Your TLS client certificate and corresponding key can also be configured using the UI, see instructions for adding Git repos using HTTPS. !!! note - Your client certificate and key data must be in PEM format, other formats (such as PKCS12) are not understood. Also make sure that your certificate's key is not password protected, otherwise it cannot be used by Argo CD. + Your client certificate and key data must be in PEM format, other formats (such as PKCS12) are not understood. Also make sure that your certificate's key is not password protected, otherwise it cannot be used by ArgoCD. !!! note When pasting TLS client certificate and key in the text areas in the web UI, make sure they contain no unintended line breaks or additional characters. @@ -169,7 +169,7 @@ To set up a credential template using the Web UI, simply fill in all relevant cr To manage credential templates using the CLI, use the `repocreds` sub-command, for example `argocd repocreds add https://github.com/argoproj --username youruser --password yourpass` would setup a credential template for the URL prefix `https://github.com/argoproj` using the specified username/password combination. Similar to the `repo` sub-command, you can also list and remove repository credentials using the `argocd repocreds list` and `argocd repocreds rm` commands, respectively. -In order for Argo CD to use a credential template for any given repository, the following conditions must be met: +In order for ArgoCD to use a credential template for any given repository, the following conditions must be met: * The repository must either not be configured at all, or if configured, must not contain any credential information * The URL configured for a credential template (e.g. `https://github.com/argoproj`) must match as prefix for the repository URL (e.g. `https://github.com/argoproj/argocd-example-apps`). @@ -204,7 +204,7 @@ FATA[0000] rpc error: code = Unknown desc = authentication required ## Self-signed & Untrusted TLS Certificates -If you are connecting a repository on a HTTPS server using a self-signed certificate, or a certificate signed by a custom Certificate Authority (CA) which are not known to Argo CD, the repository will not be added due to security reasons. This is indicated by an error message such as `x509: certificate signed by unknown authority`. +If you are connecting a repository on a HTTPS server using a self-signed certificate, or a certificate signed by a custom Certificate Authority (CA) which are not known to ArgoCD, the repository will not be added due to security reasons. This is indicated by an error message such as `x509: certificate signed by unknown authority`. 1. You can let ArgoCD connect the repository in an insecure way, without verifying the server's certificate at all. This can be accomplished by using the `--insecure-skip-server-verification` flag when adding the repository with the `argocd` CLI utility. However, this should be done only for non-production setups, as it imposes a serious security issue through possible man-in-the-middle attacks. @@ -279,7 +279,7 @@ It is possible to add and remove TLS certificates using the ArgoCD web UI: ### Managing TLS certificates using declarative configuration -You can also manage TLS certificates in a declarative, self-managed ArgoCD setup. All TLS certificates are stored in the ConfigMap object `argocd-tls-cert-cm`. +You can also manage TLS certificates in a declarative, self-managed ArgoCD setup. All TLS certificates are stored in the ConfigMap object `argocd-tls-certs-cm`. Please refer to the [Operator Manual](../../operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca) for more information. ## Unknown SSH Hosts diff --git a/docs/user-guide/projects.md b/docs/user-guide/projects.md index 0ed79ede623d5..666534975a854 100644 --- a/docs/user-guide/projects.md +++ b/docs/user-guide/projects.md @@ -271,15 +271,15 @@ projectName: `proj-global-test` should be replaced with your own global project ## Project scoped Repositories and Clusters -Normally, an Argo CD admin creates a project and decides in advance which clusters and Git repositories +Normally, an ArgoCD admin creates a project and decides in advance which clusters and Git repositories it defines. However, this creates a problem in scenarios where a developer wants to add a repository or cluster -after the initial creation of the project. This forces the developer to contact their Argo CD admin again to update the project definition. +after the initial creation of the project. This forces the developer to contact their ArgoCD admin again to update the project definition. It is possible to offer a self-service process for developers so that they can add a repository and/or cluster in a project on their own even after the initial creation of the project. -For this purpose Argo CD supports project-scoped repositories and clusters. +For this purpose ArgoCD supports project-scoped repositories and clusters. -To begin the process, Argo CD admins must configure RBAC security to allow this self-service behavior. +To begin the process, ArgoCD admins must configure RBAC security to allow this self-service behavior. For example, to allow users to add project scoped repositories and admin would have to add the following RBAC rules: diff --git a/docs/user-guide/resource_hooks.md b/docs/user-guide/resource_hooks.md index d705f8d21423d..9f8f98e033a20 100644 --- a/docs/user-guide/resource_hooks.md +++ b/docs/user-guide/resource_hooks.md @@ -69,7 +69,7 @@ The following policies define when the hook will be deleted. | `HookFailed` | The hook resource is deleted after the hook failed. | | `BeforeHookCreation` | Any existing hook resource is deleted before the new one is created (since v1.3). It is meant to be used with `/metadata/name`. | -Note that if no deletion policy is specified, Argo CD will automatically assume `BeforeHookCreation` rules. +Note that if no deletion policy is specified, ArgoCD will automatically assume `BeforeHookCreation` rules. ### Sync Status with Jobs/Workflows with Time to Live (ttl) diff --git a/docs/user-guide/resource_tracking.md b/docs/user-guide/resource_tracking.md index cdc23552c3b37..cb69ef143d7a2 100644 --- a/docs/user-guide/resource_tracking.md +++ b/docs/user-guide/resource_tracking.md @@ -55,17 +55,12 @@ To actually select your preferred tracking method edit the `resourceTrackingMeth ```yaml apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-cm - labels: - app.kubernetes.io/name: argocd-cm - app.kubernetes.io/part-of: argocd data: application.resourceTrackingMethod: annotation +kind: ConfigMap ``` Possible values are `label`, `annotation+label` and `annotation` as described in the previous section. Note that once you change the value you need to sync your applications again (or wait for the sync mechanism to kick-in) in order to apply your changes. -You can revert to a previous choice, by changing again the configmap. +You can revert to a previous choice, by changing again the configmap. \ No newline at end of file diff --git a/docs/user-guide/sync-options.md b/docs/user-guide/sync-options.md index 9afe031ba7469..688e1800bf406 100644 --- a/docs/user-guide/sync-options.md +++ b/docs/user-guide/sync-options.md @@ -316,10 +316,10 @@ spec: - CreateNamespace=true ``` -In order for Argo CD to manage the labels and annotations on the namespace, `CreateNamespace=true` needs to be set as a +In order for ArgoCD to manage the labels and annotations on the namespace, `CreateNamespace=true` needs to be set as a sync option, otherwise nothing will happen. If the namespace doesn't already exist, or if it already exists and doesn't already have labels and/or annotations set on it, you're good to go. Using `managedNamespaceMetadata` will also set the -resource tracking label (or annotation) on the namespace, so you can easily track which namespaces are managed by Argo CD. +resource tracking label (or annotation) on the namespace, so you can easily track which namespaces are managed by ArgoCD. In the case you do not have any custom annotations or labels but would nonetheless want to have resource tracking set on your namespace, that can be done by setting `managedNamespaceMetadata` with an empty `labels` and/or `annotations` map, @@ -339,7 +339,7 @@ spec: - CreateNamespace=true ``` -In the case where Argo CD is "adopting" an existing namespace which already has metadata set on it, we rely on using +In the case where ArgoCD is "adopting" an existing namespace which already has metadata set on it, we rely on using Server Side Apply in order not to lose metadata which has already been set. The main implication here is that it takes a few extra steps to get rid of an already preexisting field. @@ -355,7 +355,7 @@ metadata: abc: "123" ``` -If we want to manage the `foobar` namespace with Argo CD and to then also remove the `foo: bar` annotation, in +If we want to manage the `foobar` namespace with ArgoCD and to then also remove the `foo: bar` annotation, in `managedNamespaceMetadata` we'd need to first rename the `foo` value: ```yaml @@ -385,7 +385,7 @@ spec: - CreateNamespace=true ``` -Another thing to keep mind of is that if you have a k8s manifest for the same namespace in your Argo CD application, that +Another thing to keep mind of is that if you have a k8s manifest for the same namespace in your ArgoCD application, that will take precedence and *overwrite whatever values that have been set in `managedNamespaceMetadata`*. In other words, if you have an application that sets `managedNamespaceMetadata` diff --git a/go.mod b/go.mod index 047c62851a5c4..de020933a0659 100644 --- a/go.mod +++ b/go.mod @@ -9,30 +9,29 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/Masterminds/sprig/v3 v3.2.3 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d - github.com/alicebob/miniredis/v2 v2.30.4 - github.com/antonmedv/expr v1.12.7 - github.com/argoproj/gitops-engine v0.7.1-0.20230809134534-ed7c77a9290b + github.com/alicebob/miniredis/v2 v2.30.3 + github.com/antonmedv/expr v1.12.5 + github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 - github.com/aws/aws-sdk-go v1.44.317 + github.com/aws/aws-sdk-go v1.44.289 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 - github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 - github.com/casbin/casbin/v2 v2.73.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 + github.com/casbin/casbin/v2 v2.71.1 github.com/coreos/go-oidc/v3 v3.6.0 github.com/cyphar/filepath-securejoin v0.2.3 github.com/dustin/go-humanize v1.0.1 github.com/evanphx/json-patch v5.6.0+incompatible github.com/fsnotify/fsnotify v1.6.0 github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e - github.com/go-git/go-git/v5 v5.8.1 + github.com/go-git/go-git/v5 v5.7.0 github.com/go-logr/logr v1.2.4 github.com/go-openapi/loads v0.21.2 github.com/go-openapi/runtime v0.26.0 - github.com/go-playground/webhooks/v6 v6.2.1-0.20230808162451-10570b0a59e8 github.com/go-redis/cache/v9 v9.0.0 github.com/gobwas/glob v0.2.3 - github.com/gogits/go-gogs-client v0.0.0-20200905025246-8bb8a50cb355 + github.com/gogits/go-gogs-client v0.0.0-20190616193657-5a05380e4bc2 github.com/gogo/protobuf v1.3.2 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/golang/protobuf v1.5.3 @@ -54,7 +53,7 @@ require ( github.com/itchyny/gojq v0.12.13 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 - github.com/ktrysmt/go-bitbucket v0.9.63 + github.com/ktrysmt/go-bitbucket v0.9.60 github.com/mattn/go-isatty v0.0.19 github.com/mattn/go-zglob v0.0.4 github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 @@ -72,20 +71,21 @@ require ( github.com/stretchr/testify v1.8.4 github.com/valyala/fasttemplate v1.2.2 github.com/whilp/git-urls v1.0.0 - github.com/xanzy/go-gitlab v0.89.0 + github.com/xanzy/go-gitlab v0.86.0 github.com/yuin/gopher-lua v1.1.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 go.opentelemetry.io/otel v1.16.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.16.0 go.opentelemetry.io/otel/sdk v1.16.0 - golang.org/x/crypto v0.12.0 + golang.org/x/crypto v0.10.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 - golang.org/x/oauth2 v0.11.0 + golang.org/x/oauth2 v0.9.0 golang.org/x/sync v0.3.0 - golang.org/x/term v0.11.0 - google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc - google.golang.org/grpc v1.56.2 + golang.org/x/term v0.9.0 + google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 + google.golang.org/grpc v1.56.1 google.golang.org/protobuf v1.31.0 + gopkg.in/go-playground/webhooks.v5 v5.17.0 gopkg.in/square/go-jose.v2 v2.6.0 gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.24.2 @@ -99,14 +99,13 @@ require ( k8s.io/kubectl v0.24.2 k8s.io/utils v0.0.0-20220706174534-f6158b442e7c layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 - oras.land/oras-go/v2 v2.2.1 + oras.land/oras-go/v2 v2.2.0 sigs.k8s.io/controller-runtime v0.11.0 - sigs.k8s.io/structured-merge-diff/v4 v4.3.0 + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 sigs.k8s.io/yaml v1.3.0 ) require ( - dario.cat/mergo v1.0.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect @@ -114,18 +113,13 @@ require ( github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect - github.com/tidwall/gjson v1.14.4 // indirect - github.com/tidwall/match v1.1.1 // indirect - github.com/tidwall/pretty v1.2.0 // indirect - google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect gopkg.in/retry.v1 v1.0.3 // indirect k8s.io/klog v1.0.0 // indirect nhooyr.io/websocket v1.8.7 // indirect ) require ( - cloud.google.com/go/compute v1.20.1 // indirect + cloud.google.com/go/compute v1.19.1 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect @@ -136,9 +130,9 @@ require ( github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Microsoft/go-winio v0.6.1 // indirect + github.com/Microsoft/go-winio v0.5.2 // indirect github.com/PagerDuty/go-pagerduty v1.6.0 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect @@ -179,13 +173,13 @@ require ( github.com/google/btree v1.1.2 // indirect github.com/google/gnostic v0.6.9 // indirect github.com/google/go-github/v41 v41.0.0 // indirect - github.com/google/go-github/v53 v53.2.0 // indirect + github.com/google/go-github/v53 v53.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/gosimple/unidecode v1.0.1 // indirect github.com/gregdel/pushover v1.1.0 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-version v1.2.1 // indirect github.com/huandu/xstrings v1.3.3 // indirect @@ -215,7 +209,7 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc4 // indirect + github.com/opencontainers/image-spec v1.1.0-rc.3 // indirect github.com/opsgenie/opsgenie-go-sdk-v2 v1.0.5 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect @@ -230,7 +224,7 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect - github.com/skeema/knownhosts v1.2.0 // indirect + github.com/skeema/knownhosts v1.1.1 // indirect github.com/slack-go/slack v0.12.1 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/stretchr/objx v0.5.0 // indirect @@ -247,12 +241,12 @@ require ( go.opentelemetry.io/otel/trace v1.16.0 // indirect go.opentelemetry.io/proto/otlp v0.19.0 // indirect go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect - golang.org/x/mod v0.9.0 // indirect - golang.org/x/net v0.14.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/text v0.12.0 // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/net v0.11.0 // indirect + golang.org/x/sys v0.9.0 // indirect + golang.org/x/text v0.10.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.7.0 // indirect + golang.org/x/tools v0.6.0 // indirect gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect gomodules.xyz/notify v0.1.1 // indirect diff --git a/go.sum b/go.sum index 51920d6b56f41..328d3354c64a6 100644 --- a/go.sum +++ b/go.sum @@ -5,7 +5,6 @@ cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= @@ -18,596 +17,37 @@ cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOY cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= -cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= -cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= -cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw1U= -cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= -cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= -cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU= -cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= -cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= -cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= -cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= -cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= -cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= -cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= -cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= -cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= -cloud.google.com/go/accesscontextmanager v1.4.0/go.mod h1:/Kjh7BBu/Gh83sv+K60vN9QE5NJcd80sU33vIe2IFPE= -cloud.google.com/go/accesscontextmanager v1.6.0/go.mod h1:8XCvZWfYw3K/ji0iVnp+6pu7huxoQTLmxAbVjbloTtM= -cloud.google.com/go/accesscontextmanager v1.7.0/go.mod h1:CEGLewx8dwa33aDAZQujl7Dx+uYhS0eay198wB/VumQ= -cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= -cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY= -cloud.google.com/go/aiplatform v1.27.0/go.mod h1:Bvxqtl40l0WImSb04d0hXFU7gDOiq9jQmorivIiWcKg= -cloud.google.com/go/aiplatform v1.35.0/go.mod h1:7MFT/vCaOyZT/4IIFfxH4ErVg/4ku6lKv3w0+tFTgXQ= -cloud.google.com/go/aiplatform v1.36.1/go.mod h1:WTm12vJRPARNvJ+v6P52RDHCNe4AhvjcIZ/9/RRHy/k= -cloud.google.com/go/aiplatform v1.37.0/go.mod h1:IU2Cv29Lv9oCn/9LkFiiuKfwrRTq+QQMbW+hPCxJGZw= -cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI= -cloud.google.com/go/analytics v0.12.0/go.mod h1:gkfj9h6XRf9+TS4bmuhPEShsh3hH8PAZzm/41OOhQd4= -cloud.google.com/go/analytics v0.17.0/go.mod h1:WXFa3WSym4IZ+JiKmavYdJwGG/CvpqiqczmL59bTD9M= -cloud.google.com/go/analytics v0.18.0/go.mod h1:ZkeHGQlcIPkw0R/GW+boWHhCOR43xz9RN/jn7WcqfIE= -cloud.google.com/go/analytics v0.19.0/go.mod h1:k8liqf5/HCnOUkbawNtrWWc+UAzyDlW89doe8TtoDsE= -cloud.google.com/go/apigateway v1.3.0/go.mod h1:89Z8Bhpmxu6AmUxuVRg/ECRGReEdiP3vQtk4Z1J9rJk= -cloud.google.com/go/apigateway v1.4.0/go.mod h1:pHVY9MKGaH9PQ3pJ4YLzoj6U5FUDeDFBllIz7WmzJoc= -cloud.google.com/go/apigateway v1.5.0/go.mod h1:GpnZR3Q4rR7LVu5951qfXPJCHquZt02jf7xQx7kpqN8= -cloud.google.com/go/apigeeconnect v1.3.0/go.mod h1:G/AwXFAKo0gIXkPTVfZDd2qA1TxBXJ3MgMRBQkIi9jc= -cloud.google.com/go/apigeeconnect v1.4.0/go.mod h1:kV4NwOKqjvt2JYR0AoIWo2QGfoRtn/pkS3QlHp0Ni04= -cloud.google.com/go/apigeeconnect v1.5.0/go.mod h1:KFaCqvBRU6idyhSNyn3vlHXc8VMDJdRmwDF6JyFRqZ8= -cloud.google.com/go/apigeeregistry v0.4.0/go.mod h1:EUG4PGcsZvxOXAdyEghIdXwAEi/4MEaoqLMLDMIwKXY= -cloud.google.com/go/apigeeregistry v0.5.0/go.mod h1:YR5+s0BVNZfVOUkMa5pAR2xGd0A473vA5M7j247o1wM= -cloud.google.com/go/apigeeregistry v0.6.0/go.mod h1:BFNzW7yQVLZ3yj0TKcwzb8n25CFBri51GVGOEUcgQsc= -cloud.google.com/go/apikeys v0.4.0/go.mod h1:XATS/yqZbaBK0HOssf+ALHp8jAlNHUgyfprvNcBIszU= -cloud.google.com/go/apikeys v0.5.0/go.mod h1:5aQfwY4D+ewMMWScd3hm2en3hCj+BROlyrt3ytS7KLI= -cloud.google.com/go/apikeys v0.6.0/go.mod h1:kbpXu5upyiAlGkKrJgQl8A0rKNNJ7dQ377pdroRSSi8= -cloud.google.com/go/appengine v1.4.0/go.mod h1:CS2NhuBuDXM9f+qscZ6V86m1MIIqPj3WC/UoEuR1Sno= -cloud.google.com/go/appengine v1.5.0/go.mod h1:TfasSozdkFI0zeoxW3PTBLiNqRmzraodCWatWI9Dmak= -cloud.google.com/go/appengine v1.6.0/go.mod h1:hg6i0J/BD2cKmDJbaFSYHFyZkgBEfQrDg/X0V5fJn84= -cloud.google.com/go/appengine v1.7.0/go.mod h1:eZqpbHFCqRGa2aCdope7eC0SWLV1j0neb/QnMJVWx6A= -cloud.google.com/go/appengine v1.7.1/go.mod h1:IHLToyb/3fKutRysUlFO0BPt5j7RiQ45nrzEJmKTo6E= -cloud.google.com/go/area120 v0.5.0/go.mod h1:DE/n4mp+iqVyvxHN41Vf1CR602GiHQjFPusMFW6bGR4= -cloud.google.com/go/area120 v0.6.0/go.mod h1:39yFJqWVgm0UZqWTOdqkLhjoC7uFfgXRC8g/ZegeAh0= -cloud.google.com/go/area120 v0.7.0/go.mod h1:a3+8EUD1SX5RUcCs3MY5YasiO1z6yLiNLRiFrykbynY= -cloud.google.com/go/area120 v0.7.1/go.mod h1:j84i4E1RboTWjKtZVWXPqvK5VHQFJRF2c1Nm69pWm9k= -cloud.google.com/go/artifactregistry v1.6.0/go.mod h1:IYt0oBPSAGYj/kprzsBjZ/4LnG/zOcHyFHjWPCi6SAQ= -cloud.google.com/go/artifactregistry v1.7.0/go.mod h1:mqTOFOnGZx8EtSqK/ZWcsm/4U8B77rbcLP6ruDU2Ixk= -cloud.google.com/go/artifactregistry v1.8.0/go.mod h1:w3GQXkJX8hiKN0v+at4b0qotwijQbYUqF2GWkZzAhC0= -cloud.google.com/go/artifactregistry v1.9.0/go.mod h1:2K2RqvA2CYvAeARHRkLDhMDJ3OXy26h3XW+3/Jh2uYc= -cloud.google.com/go/artifactregistry v1.11.1/go.mod h1:lLYghw+Itq9SONbCa1YWBoWs1nOucMH0pwXN1rOBZFI= -cloud.google.com/go/artifactregistry v1.11.2/go.mod h1:nLZns771ZGAwVLzTX/7Al6R9ehma4WUEhZGWV6CeQNQ= -cloud.google.com/go/artifactregistry v1.12.0/go.mod h1:o6P3MIvtzTOnmvGagO9v/rOjjA0HmhJ+/6KAXrmYDCI= -cloud.google.com/go/artifactregistry v1.13.0/go.mod h1:uy/LNfoOIivepGhooAUpL1i30Hgee3Cu0l4VTWHUC08= -cloud.google.com/go/asset v1.5.0/go.mod h1:5mfs8UvcM5wHhqtSv8J1CtxxaQq3AdBxxQi2jGW/K4o= -cloud.google.com/go/asset v1.7.0/go.mod h1:YbENsRK4+xTiL+Ofoj5Ckf+O17kJtgp3Y3nn4uzZz5s= -cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjbytpUaW0= -cloud.google.com/go/asset v1.9.0/go.mod h1:83MOE6jEJBMqFKadM9NLRcs80Gdw76qGuHn8m3h8oHQ= -cloud.google.com/go/asset v1.10.0/go.mod h1:pLz7uokL80qKhzKr4xXGvBQXnzHn5evJAEAtZiIb0wY= -cloud.google.com/go/asset v1.11.1/go.mod h1:fSwLhbRvC9p9CXQHJ3BgFeQNM4c9x10lqlrdEUYXlJo= -cloud.google.com/go/asset v1.12.0/go.mod h1:h9/sFOa4eDIyKmH6QMpm4eUK3pDojWnUhTgJlk762Hg= -cloud.google.com/go/asset v1.13.0/go.mod h1:WQAMyYek/b7NBpYq/K4KJWcRqzoalEsxz/t/dTk4THw= -cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= -cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= -cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= -cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo= -cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0= -cloud.google.com/go/assuredworkloads v1.10.0/go.mod h1:kwdUQuXcedVdsIaKgKTp9t0UJkE5+PAVNhdQm4ZVq2E= -cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= -cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= -cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8= -cloud.google.com/go/automl v1.8.0/go.mod h1:xWx7G/aPEe/NP+qzYXktoBSDfjO+vnKMGgsApGJJquM= -cloud.google.com/go/automl v1.12.0/go.mod h1:tWDcHDp86aMIuHmyvjuKeeHEGq76lD7ZqfGLN6B0NuU= -cloud.google.com/go/baremetalsolution v0.3.0/go.mod h1:XOrocE+pvK1xFfleEnShBlNAXf+j5blPPxrhjKgnIFc= -cloud.google.com/go/baremetalsolution v0.4.0/go.mod h1:BymplhAadOO/eBa7KewQ0Ppg4A4Wplbn+PsFKRLo0uI= -cloud.google.com/go/baremetalsolution v0.5.0/go.mod h1:dXGxEkmR9BMwxhzBhV0AioD0ULBmuLZI8CdwalUxuss= -cloud.google.com/go/batch v0.3.0/go.mod h1:TR18ZoAekj1GuirsUsR1ZTKN3FC/4UDnScjT8NXImFE= -cloud.google.com/go/batch v0.4.0/go.mod h1:WZkHnP43R/QCGQsZ+0JyG4i79ranE2u8xvjq/9+STPE= -cloud.google.com/go/batch v0.7.0/go.mod h1:vLZN95s6teRUqRQ4s3RLDsH8PvboqBK+rn1oevL159g= -cloud.google.com/go/beyondcorp v0.2.0/go.mod h1:TB7Bd+EEtcw9PCPQhCJtJGjk/7TC6ckmnSFS+xwTfm4= -cloud.google.com/go/beyondcorp v0.3.0/go.mod h1:E5U5lcrcXMsCuoDNyGrpyTm/hn7ne941Jz2vmksAxW8= -cloud.google.com/go/beyondcorp v0.4.0/go.mod h1:3ApA0mbhHx6YImmuubf5pyW8srKnCEPON32/5hj+RmM= -cloud.google.com/go/beyondcorp v0.5.0/go.mod h1:uFqj9X+dSfrheVp7ssLTaRHd2EHqSL4QZmH4e8WXGGU= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= -cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= -cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= -cloud.google.com/go/bigquery v1.47.0/go.mod h1:sA9XOgy0A8vQK9+MWhEQTY6Tix87M/ZurWFIxmF9I/E= -cloud.google.com/go/bigquery v1.48.0/go.mod h1:QAwSz+ipNgfL5jxiaK7weyOhzdoAy1zFm0Nf1fysJac= -cloud.google.com/go/bigquery v1.49.0/go.mod h1:Sv8hMmTFFYBlt/ftw2uN6dFdQPzBlREY9yBh7Oy7/4Q= -cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= -cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= -cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= -cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= -cloud.google.com/go/billing v1.7.0/go.mod h1:q457N3Hbj9lYwwRbnlD7vUpyjq6u5U1RAOArInEiD5Y= -cloud.google.com/go/billing v1.12.0/go.mod h1:yKrZio/eu+okO/2McZEbch17O5CB5NpZhhXG6Z766ss= -cloud.google.com/go/billing v1.13.0/go.mod h1:7kB2W9Xf98hP9Sr12KfECgfGclsH3CQR0R08tnRlRbc= -cloud.google.com/go/binaryauthorization v1.1.0/go.mod h1:xwnoWu3Y84jbuHa0zd526MJYmtnVXn0syOjaJgy4+dM= -cloud.google.com/go/binaryauthorization v1.2.0/go.mod h1:86WKkJHtRcv5ViNABtYMhhNWRrD1Vpi//uKEy7aYEfI= -cloud.google.com/go/binaryauthorization v1.3.0/go.mod h1:lRZbKgjDIIQvzYQS1p99A7/U1JqvqeZg0wiI5tp6tg0= -cloud.google.com/go/binaryauthorization v1.4.0/go.mod h1:tsSPQrBd77VLplV70GUhBf/Zm3FsKmgSqgm4UmiDItk= -cloud.google.com/go/binaryauthorization v1.5.0/go.mod h1:OSe4OU1nN/VswXKRBmciKpo9LulY41gch5c68htf3/Q= -cloud.google.com/go/certificatemanager v1.3.0/go.mod h1:n6twGDvcUBFu9uBgt4eYvvf3sQ6My8jADcOVwHmzadg= -cloud.google.com/go/certificatemanager v1.4.0/go.mod h1:vowpercVFyqs8ABSmrdV+GiFf2H/ch3KyudYQEMM590= -cloud.google.com/go/certificatemanager v1.6.0/go.mod h1:3Hh64rCKjRAX8dXgRAyOcY5vQ/fE1sh8o+Mdd6KPgY8= -cloud.google.com/go/channel v1.8.0/go.mod h1:W5SwCXDJsq/rg3tn3oG0LOxpAo6IMxNa09ngphpSlnk= -cloud.google.com/go/channel v1.9.0/go.mod h1:jcu05W0my9Vx4mt3/rEHpfxc9eKi9XwsdDL8yBMbKUk= -cloud.google.com/go/channel v1.11.0/go.mod h1:IdtI0uWGqhEeatSB62VOoJ8FSUhJ9/+iGkJVqp74CGE= -cloud.google.com/go/channel v1.12.0/go.mod h1:VkxCGKASi4Cq7TbXxlaBezonAYpp1GCnKMY6tnMQnLU= -cloud.google.com/go/cloudbuild v1.3.0/go.mod h1:WequR4ULxlqvMsjDEEEFnOG5ZSRSgWOywXYDb1vPE6U= -cloud.google.com/go/cloudbuild v1.4.0/go.mod h1:5Qwa40LHiOXmz3386FrjrYM93rM/hdRr7b53sySrTqA= -cloud.google.com/go/cloudbuild v1.6.0/go.mod h1:UIbc/w9QCbH12xX+ezUsgblrWv+Cv4Tw83GiSMHOn9M= -cloud.google.com/go/cloudbuild v1.7.0/go.mod h1:zb5tWh2XI6lR9zQmsm1VRA+7OCuve5d8S+zJUul8KTg= -cloud.google.com/go/cloudbuild v1.9.0/go.mod h1:qK1d7s4QlO0VwfYn5YuClDGg2hfmLZEb4wQGAbIgL1s= -cloud.google.com/go/clouddms v1.3.0/go.mod h1:oK6XsCDdW4Ib3jCCBugx+gVjevp2TMXFtgxvPSee3OM= -cloud.google.com/go/clouddms v1.4.0/go.mod h1:Eh7sUGCC+aKry14O1NRljhjyrr0NFC0G2cjwX0cByRk= -cloud.google.com/go/clouddms v1.5.0/go.mod h1:QSxQnhikCLUw13iAbffF2CZxAER3xDGNHjsTAkQJcQA= -cloud.google.com/go/cloudtasks v1.5.0/go.mod h1:fD92REy1x5woxkKEkLdvavGnPJGEn8Uic9nWuLzqCpY= -cloud.google.com/go/cloudtasks v1.6.0/go.mod h1:C6Io+sxuke9/KNRkbQpihnW93SWDU3uXt92nu85HkYI= -cloud.google.com/go/cloudtasks v1.7.0/go.mod h1:ImsfdYWwlWNJbdgPIIGJWC+gemEGTBK/SunNQQNCAb4= -cloud.google.com/go/cloudtasks v1.8.0/go.mod h1:gQXUIwCSOI4yPVK7DgTVFiiP0ZW/eQkydWzwVMdHxrI= -cloud.google.com/go/cloudtasks v1.9.0/go.mod h1:w+EyLsVkLWHcOaqNEyvcKAsWp9p29dL6uL9Nst1cI7Y= -cloud.google.com/go/cloudtasks v1.10.0/go.mod h1:NDSoTLkZ3+vExFEWu2UJV1arUyzVDAiZtdWcsUyNwBs= -cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= -cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= -cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= -cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= -cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= -cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= -cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU= -cloud.google.com/go/compute v1.12.0/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= -cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= -cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARyZtRXDJ8GE= -cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= -cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= -cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= -cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= -cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI= -cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg= -cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= -cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= +cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY= +cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY= -cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck= -cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w= -cloud.google.com/go/container v1.6.0/go.mod h1:Xazp7GjJSeUYo688S+6J5V+n/t+G5sKBTFkKNudGRxg= -cloud.google.com/go/container v1.7.0/go.mod h1:Dp5AHtmothHGX3DwwIHPgq45Y8KmNsgN3amoYfxVkLo= -cloud.google.com/go/container v1.13.1/go.mod h1:6wgbMPeQRw9rSnKBCAJXnds3Pzj03C4JHamr8asWKy4= -cloud.google.com/go/container v1.14.0/go.mod h1:3AoJMPhHfLDxLvrlVWaK57IXzaPnLaZq63WX59aQBfM= -cloud.google.com/go/container v1.15.0/go.mod h1:ft+9S0WGjAyjDggg5S06DXj+fHJICWg8L7isCQe9pQA= -cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= -cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= -cloud.google.com/go/containeranalysis v0.7.0/go.mod h1:9aUL+/vZ55P2CXfuZjS4UjQ9AgXoSw8Ts6lemfmxBxI= -cloud.google.com/go/containeranalysis v0.9.0/go.mod h1:orbOANbwk5Ejoom+s+DUCTTJ7IBdBQJDcSylAx/on9s= -cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= -cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs= -cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc= -cloud.google.com/go/datacatalog v1.7.0/go.mod h1:9mEl4AuDYWw81UGc41HonIHH7/sn52H0/tc8f8ZbZIE= -cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOXxZoKYF5wdISM= -cloud.google.com/go/datacatalog v1.8.1/go.mod h1:RJ58z4rMp3gvETA465Vg+ag8BGgBdnRPEMMSTr5Uv+M= -cloud.google.com/go/datacatalog v1.12.0/go.mod h1:CWae8rFkfp6LzLumKOnmVh4+Zle4A3NXLzVJ1d1mRm0= -cloud.google.com/go/datacatalog v1.13.0/go.mod h1:E4Rj9a5ZtAxcQJlEBTLgMTphfP11/lNaAshpoBgemX8= -cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= -cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= -cloud.google.com/go/dataflow v0.8.0/go.mod h1:Rcf5YgTKPtQyYz8bLYhFoIV/vP39eL7fWNcSOyFfLJE= -cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo= -cloud.google.com/go/dataform v0.4.0/go.mod h1:fwV6Y4Ty2yIFL89huYlEkwUPtS7YZinZbzzj5S9FzCE= -cloud.google.com/go/dataform v0.5.0/go.mod h1:GFUYRe8IBa2hcomWplodVmUx/iTL0FrsauObOM3Ipr0= -cloud.google.com/go/dataform v0.6.0/go.mod h1:QPflImQy33e29VuapFdf19oPbE4aYTJxr31OAPV+ulA= -cloud.google.com/go/dataform v0.7.0/go.mod h1:7NulqnVozfHvWUBpMDfKMUESr+85aJsC/2O0o3jWPDE= -cloud.google.com/go/datafusion v1.4.0/go.mod h1:1Zb6VN+W6ALo85cXnM1IKiPw+yQMKMhB9TsTSRDo/38= -cloud.google.com/go/datafusion v1.5.0/go.mod h1:Kz+l1FGHB0J+4XF2fud96WMmRiq/wj8N9u007vyXZ2w= -cloud.google.com/go/datafusion v1.6.0/go.mod h1:WBsMF8F1RhSXvVM8rCV3AeyWVxcC2xY6vith3iw3S+8= -cloud.google.com/go/datalabeling v0.5.0/go.mod h1:TGcJ0G2NzcsXSE/97yWjIZO0bXj0KbVlINXMG9ud42I= -cloud.google.com/go/datalabeling v0.6.0/go.mod h1:WqdISuk/+WIGeMkpw/1q7bK/tFEZxsrFJOJdY2bXvTQ= -cloud.google.com/go/datalabeling v0.7.0/go.mod h1:WPQb1y08RJbmpM3ww0CSUAGweL0SxByuW2E+FU+wXcM= -cloud.google.com/go/dataplex v1.3.0/go.mod h1:hQuRtDg+fCiFgC8j0zV222HvzFQdRd+SVX8gdmFcZzA= -cloud.google.com/go/dataplex v1.4.0/go.mod h1:X51GfLXEMVJ6UN47ESVqvlsRplbLhcsAt0kZCCKsU0A= -cloud.google.com/go/dataplex v1.5.2/go.mod h1:cVMgQHsmfRoI5KFYq4JtIBEUbYwc3c7tXmIDhRmNNVQ= -cloud.google.com/go/dataplex v1.6.0/go.mod h1:bMsomC/aEJOSpHXdFKFGQ1b0TDPIeL28nJObeO1ppRs= -cloud.google.com/go/dataproc v1.7.0/go.mod h1:CKAlMjII9H90RXaMpSxQ8EU6dQx6iAYNPcYPOkSbi8s= -cloud.google.com/go/dataproc v1.8.0/go.mod h1:5OW+zNAH0pMpw14JVrPONsxMQYMBqJuzORhIBfBn9uI= -cloud.google.com/go/dataproc v1.12.0/go.mod h1:zrF3aX0uV3ikkMz6z4uBbIKyhRITnxvr4i3IjKsKrw4= -cloud.google.com/go/dataqna v0.5.0/go.mod h1:90Hyk596ft3zUQ8NkFfvICSIfHFh1Bc7C4cK3vbhkeo= -cloud.google.com/go/dataqna v0.6.0/go.mod h1:1lqNpM7rqNLVgWBJyk5NF6Uen2PHym0jtVJonplVsDA= -cloud.google.com/go/dataqna v0.7.0/go.mod h1:Lx9OcIIeqCrw1a6KdO3/5KMP1wAmTc0slZWwP12Qq3c= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/datastore v1.10.0/go.mod h1:PC5UzAmDEkAmkfaknstTYbNpgE49HAgW2J1gcgUfmdM= -cloud.google.com/go/datastore v1.11.0/go.mod h1:TvGxBIHCS50u8jzG+AW/ppf87v1of8nwzFNgEZU1D3c= -cloud.google.com/go/datastream v1.2.0/go.mod h1:i/uTP8/fZwgATHS/XFu0TcNUhuA0twZxxQ3EyCUQMwo= -cloud.google.com/go/datastream v1.3.0/go.mod h1:cqlOX8xlyYF/uxhiKn6Hbv6WjwPPuI9W2M9SAXwaLLQ= -cloud.google.com/go/datastream v1.4.0/go.mod h1:h9dpzScPhDTs5noEMQVWP8Wx8AFBRyS0s8KWPx/9r0g= -cloud.google.com/go/datastream v1.5.0/go.mod h1:6TZMMNPwjUqZHBKPQ1wwXpb0d5VDVPl2/XoS5yi88q4= -cloud.google.com/go/datastream v1.6.0/go.mod h1:6LQSuswqLa7S4rPAOZFVjHIG3wJIjZcZrw8JDEDJuIs= -cloud.google.com/go/datastream v1.7.0/go.mod h1:uxVRMm2elUSPuh65IbZpzJNMbuzkcvu5CjMqVIUHrww= -cloud.google.com/go/deploy v1.4.0/go.mod h1:5Xghikd4VrmMLNaF6FiRFDlHb59VM59YoDQnOUdsH/c= -cloud.google.com/go/deploy v1.5.0/go.mod h1:ffgdD0B89tToyW/U/D2eL0jN2+IEV/3EMuXHA0l4r+s= -cloud.google.com/go/deploy v1.6.0/go.mod h1:f9PTHehG/DjCom3QH0cntOVRm93uGBDt2vKzAPwpXQI= -cloud.google.com/go/deploy v1.8.0/go.mod h1:z3myEJnA/2wnB4sgjqdMfgxCA0EqC3RBTNcVPs93mtQ= -cloud.google.com/go/dialogflow v1.15.0/go.mod h1:HbHDWs33WOGJgn6rfzBW1Kv807BE3O1+xGbn59zZWI4= -cloud.google.com/go/dialogflow v1.16.1/go.mod h1:po6LlzGfK+smoSmTBnbkIZY2w8ffjz/RcGSS+sh1el0= -cloud.google.com/go/dialogflow v1.17.0/go.mod h1:YNP09C/kXA1aZdBgC/VtXX74G/TKn7XVCcVumTflA+8= -cloud.google.com/go/dialogflow v1.18.0/go.mod h1:trO7Zu5YdyEuR+BhSNOqJezyFQ3aUzz0njv7sMx/iek= -cloud.google.com/go/dialogflow v1.19.0/go.mod h1:JVmlG1TwykZDtxtTXujec4tQ+D8SBFMoosgy+6Gn0s0= -cloud.google.com/go/dialogflow v1.29.0/go.mod h1:b+2bzMe+k1s9V+F2jbJwpHPzrnIyHihAdRFMtn2WXuM= -cloud.google.com/go/dialogflow v1.31.0/go.mod h1:cuoUccuL1Z+HADhyIA7dci3N5zUssgpBJmCzI6fNRB4= -cloud.google.com/go/dialogflow v1.32.0/go.mod h1:jG9TRJl8CKrDhMEcvfcfFkkpp8ZhgPz3sBGmAUYJ2qE= -cloud.google.com/go/dlp v1.6.0/go.mod h1:9eyB2xIhpU0sVwUixfBubDoRwP+GjeUoxxeueZmqvmM= -cloud.google.com/go/dlp v1.7.0/go.mod h1:68ak9vCiMBjbasxeVD17hVPxDEck+ExiHavX8kiHG+Q= -cloud.google.com/go/dlp v1.9.0/go.mod h1:qdgmqgTyReTz5/YNSSuueR8pl7hO0o9bQ39ZhtgkWp4= -cloud.google.com/go/documentai v1.7.0/go.mod h1:lJvftZB5NRiFSX4moiye1SMxHx0Bc3x1+p9e/RfXYiU= -cloud.google.com/go/documentai v1.8.0/go.mod h1:xGHNEB7CtsnySCNrCFdCyyMz44RhFEEX2Q7UD0c5IhU= -cloud.google.com/go/documentai v1.9.0/go.mod h1:FS5485S8R00U10GhgBC0aNGrJxBP8ZVpEeJ7PQDZd6k= -cloud.google.com/go/documentai v1.10.0/go.mod h1:vod47hKQIPeCfN2QS/jULIvQTugbmdc0ZvxxfQY1bg4= -cloud.google.com/go/documentai v1.16.0/go.mod h1:o0o0DLTEZ+YnJZ+J4wNfTxmDVyrkzFvttBXXtYRMHkM= -cloud.google.com/go/documentai v1.18.0/go.mod h1:F6CK6iUH8J81FehpskRmhLq/3VlwQvb7TvwOceQ2tbs= -cloud.google.com/go/domains v0.6.0/go.mod h1:T9Rz3GasrpYk6mEGHh4rymIhjlnIuB4ofT1wTxDeT4Y= -cloud.google.com/go/domains v0.7.0/go.mod h1:PtZeqS1xjnXuRPKE/88Iru/LdfoRyEHYA9nFQf4UKpg= -cloud.google.com/go/domains v0.8.0/go.mod h1:M9i3MMDzGFXsydri9/vW+EWz9sWb4I6WyHqdlAk0idE= -cloud.google.com/go/edgecontainer v0.1.0/go.mod h1:WgkZ9tp10bFxqO8BLPqv2LlfmQF1X8lZqwW4r1BTajk= -cloud.google.com/go/edgecontainer v0.2.0/go.mod h1:RTmLijy+lGpQ7BXuTDa4C4ssxyXT34NIuHIgKuP4s5w= -cloud.google.com/go/edgecontainer v0.3.0/go.mod h1:FLDpP4nykgwwIfcLt6zInhprzw0lEi2P1fjO6Ie0qbc= -cloud.google.com/go/edgecontainer v1.0.0/go.mod h1:cttArqZpBB2q58W/upSG++ooo6EsblxDIolxa3jSjbY= -cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= -cloud.google.com/go/essentialcontacts v1.3.0/go.mod h1:r+OnHa5jfj90qIfZDO/VztSFqbQan7HV75p8sA+mdGI= -cloud.google.com/go/essentialcontacts v1.4.0/go.mod h1:8tRldvHYsmnBCHdFpvU+GL75oWiBKl80BiqlFh9tp+8= -cloud.google.com/go/essentialcontacts v1.5.0/go.mod h1:ay29Z4zODTuwliK7SnX8E86aUF2CTzdNtvv42niCX0M= -cloud.google.com/go/eventarc v1.7.0/go.mod h1:6ctpF3zTnaQCxUjHUdcfgcA1A2T309+omHZth7gDfmc= -cloud.google.com/go/eventarc v1.8.0/go.mod h1:imbzxkyAU4ubfsaKYdQg04WS1NvncblHEup4kvF+4gw= -cloud.google.com/go/eventarc v1.10.0/go.mod h1:u3R35tmZ9HvswGRBnF48IlYgYeBcPUCjkr4BTdem2Kw= -cloud.google.com/go/eventarc v1.11.0/go.mod h1:PyUjsUKPWoRBCHeOxZd/lbOOjahV41icXyUY5kSTvVY= -cloud.google.com/go/filestore v1.3.0/go.mod h1:+qbvHGvXU1HaKX2nD0WEPo92TP/8AQuCVEBXNY9z0+w= -cloud.google.com/go/filestore v1.4.0/go.mod h1:PaG5oDfo9r224f8OYXURtAsY+Fbyq/bLYoINEK8XQAI= -cloud.google.com/go/filestore v1.5.0/go.mod h1:FqBXDWBp4YLHqRnVGveOkHDf8svj9r5+mUDLupOWEDs= -cloud.google.com/go/filestore v1.6.0/go.mod h1:di5unNuss/qfZTw2U9nhFqo8/ZDSc466dre85Kydllg= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE= -cloud.google.com/go/functions v1.6.0/go.mod h1:3H1UA3qiIPRWD7PeZKLvHZ9SaQhR26XIJcC0A5GbvAk= -cloud.google.com/go/functions v1.7.0/go.mod h1:+d+QBcWM+RsrgZfV9xo6KfA1GlzJfxcfZcRPEhDDfzg= -cloud.google.com/go/functions v1.8.0/go.mod h1:RTZ4/HsQjIqIYP9a9YPbU+QFoQsAlYgrwOXJWHn1POY= -cloud.google.com/go/functions v1.9.0/go.mod h1:Y+Dz8yGguzO3PpIjhLTbnqV1CWmgQ5UwtlpzoyquQ08= -cloud.google.com/go/functions v1.10.0/go.mod h1:0D3hEOe3DbEvCXtYOZHQZmD+SzYsi1YbI7dGvHfldXw= -cloud.google.com/go/functions v1.12.0/go.mod h1:AXWGrF3e2C/5ehvwYo/GH6O5s09tOPksiKhz+hH8WkA= -cloud.google.com/go/functions v1.13.0/go.mod h1:EU4O007sQm6Ef/PwRsI8N2umygGqPBS/IZQKBQBcJ3c= -cloud.google.com/go/gaming v1.5.0/go.mod h1:ol7rGcxP/qHTRQE/RO4bxkXq+Fix0j6D4LFPzYTIrDM= -cloud.google.com/go/gaming v1.6.0/go.mod h1:YMU1GEvA39Qt3zWGyAVA9bpYz/yAhTvaQ1t2sK4KPUA= -cloud.google.com/go/gaming v1.7.0/go.mod h1:LrB8U7MHdGgFG851iHAfqUdLcKBdQ55hzXy9xBJz0+w= -cloud.google.com/go/gaming v1.8.0/go.mod h1:xAqjS8b7jAVW0KFYeRUxngo9My3f33kFmua++Pi+ggM= -cloud.google.com/go/gaming v1.9.0/go.mod h1:Fc7kEmCObylSWLO334NcO+O9QMDyz+TKC4v1D7X+Bc0= -cloud.google.com/go/gkebackup v0.2.0/go.mod h1:XKvv/4LfG829/B8B7xRkk8zRrOEbKtEam6yNfuQNH60= -cloud.google.com/go/gkebackup v0.3.0/go.mod h1:n/E671i1aOQvUxT541aTkCwExO/bTer2HDlj4TsBRAo= -cloud.google.com/go/gkebackup v0.4.0/go.mod h1:byAyBGUwYGEEww7xsbnUTBHIYcOPy/PgUWUtOeRm9Vg= -cloud.google.com/go/gkeconnect v0.5.0/go.mod h1:c5lsNAg5EwAy7fkqX/+goqFsU1Da/jQFqArp+wGNr/o= -cloud.google.com/go/gkeconnect v0.6.0/go.mod h1:Mln67KyU/sHJEBY8kFZ0xTeyPtzbq9StAVvEULYK16A= -cloud.google.com/go/gkeconnect v0.7.0/go.mod h1:SNfmVqPkaEi3bF/B3CNZOAYPYdg7sU+obZ+QTky2Myw= -cloud.google.com/go/gkehub v0.9.0/go.mod h1:WYHN6WG8w9bXU0hqNxt8rm5uxnk8IH+lPY9J2TV7BK0= -cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y977wO+hBH0= -cloud.google.com/go/gkehub v0.11.0/go.mod h1:JOWHlmN+GHyIbuWQPl47/C2RFhnFKH38jH9Ascu3n0E= -cloud.google.com/go/gkehub v0.12.0/go.mod h1:djiIwwzTTBrF5NaXCGv3mf7klpEMcST17VBTVVDcuaw= -cloud.google.com/go/gkemulticloud v0.3.0/go.mod h1:7orzy7O0S+5kq95e4Hpn7RysVA7dPs8W/GgfUtsPbrA= -cloud.google.com/go/gkemulticloud v0.4.0/go.mod h1:E9gxVBnseLWCk24ch+P9+B2CoDFJZTyIgLKSalC7tuI= -cloud.google.com/go/gkemulticloud v0.5.0/go.mod h1:W0JDkiyi3Tqh0TJr//y19wyb1yf8llHVto2Htf2Ja3Y= -cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= -cloud.google.com/go/gsuiteaddons v1.3.0/go.mod h1:EUNK/J1lZEZO8yPtykKxLXI6JSVN2rg9bN8SXOa0bgM= -cloud.google.com/go/gsuiteaddons v1.4.0/go.mod h1:rZK5I8hht7u7HxFQcFei0+AtfS9uSushomRlg+3ua1o= -cloud.google.com/go/gsuiteaddons v1.5.0/go.mod h1:TFCClYLd64Eaa12sFVmUyG62tk4mdIsI7pAnSXRkcFo= -cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= -cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= -cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= -cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHDMFMc= -cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= -cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= -cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= -cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= -cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= -cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= -cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= -cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= -cloud.google.com/go/iap v1.7.0/go.mod h1:beqQx56T9O1G1yNPph+spKpNibDlYIiIixiqsQXxLIo= -cloud.google.com/go/iap v1.7.1/go.mod h1:WapEwPc7ZxGt2jFGB/C/bm+hP0Y6NXzOYGjpPnmMS74= -cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= -cloud.google.com/go/ids v1.2.0/go.mod h1:5WXvp4n25S0rA/mQWAg1YEEBBq6/s+7ml1RDCW1IrcY= -cloud.google.com/go/ids v1.3.0/go.mod h1:JBdTYwANikFKaDP6LtW5JAi4gubs57SVNQjemdt6xV4= -cloud.google.com/go/iot v1.3.0/go.mod h1:r7RGh2B61+B8oz0AGE+J72AhA0G7tdXItODWsaA2oLs= -cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0iV+g= -cloud.google.com/go/iot v1.5.0/go.mod h1:mpz5259PDl3XJthEmh9+ap0affn/MqNSP4My77Qql9o= -cloud.google.com/go/iot v1.6.0/go.mod h1:IqdAsmE2cTYYNO1Fvjfzo9po179rAtJeVGUvkLN3rLE= -cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= -cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= -cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= -cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= -cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= -cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= -cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= -cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= -cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= -cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= -cloud.google.com/go/language v1.8.0/go.mod h1:qYPVHf7SPoNNiCL2Dr0FfEFNil1qi3pQEyygwpgVKB8= -cloud.google.com/go/language v1.9.0/go.mod h1:Ns15WooPM5Ad/5no/0n81yUetis74g3zrbeJBE+ptUY= -cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= -cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= -cloud.google.com/go/lifesciences v0.8.0/go.mod h1:lFxiEOMqII6XggGbOnKiyZ7IBwoIqA84ClvoezaA/bo= -cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= -cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M= -cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= -cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= -cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= -cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= -cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= -cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA= -cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= -cloud.google.com/go/maps v0.6.0/go.mod h1:o6DAMMfb+aINHz/p/jbcY+mYeXBoZoxTfdSQ8VAJaCw= -cloud.google.com/go/maps v0.7.0/go.mod h1:3GnvVl3cqeSvgMcpRlQidXsPYuDGQ8naBis7MVzpXsY= -cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= -cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= -cloud.google.com/go/mediatranslation v0.7.0/go.mod h1:LCnB/gZr90ONOIQLgSXagp8XUW1ODs2UmUMvcgMfI2I= -cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= -cloud.google.com/go/memcache v1.5.0/go.mod h1:dk3fCK7dVo0cUU2c36jKb4VqKPS22BTkf81Xq617aWM= -cloud.google.com/go/memcache v1.6.0/go.mod h1:XS5xB0eQZdHtTuTF9Hf8eJkKtR3pVRCcvJwtm68T3rA= -cloud.google.com/go/memcache v1.7.0/go.mod h1:ywMKfjWhNtkQTxrWxCkCFkoPjLHPW6A7WOTVI8xy3LY= -cloud.google.com/go/memcache v1.9.0/go.mod h1:8oEyzXCu+zo9RzlEaEjHl4KkgjlNDaXbCQeQWlzNFJM= -cloud.google.com/go/metastore v1.5.0/go.mod h1:2ZNrDcQwghfdtCwJ33nM0+GrBGlVuh8rakL3vdPY3XY= -cloud.google.com/go/metastore v1.6.0/go.mod h1:6cyQTls8CWXzk45G55x57DVQ9gWg7RiH65+YgPsNh9s= -cloud.google.com/go/metastore v1.7.0/go.mod h1:s45D0B4IlsINu87/AsWiEVYbLaIMeUSoxlKKDqBGFS8= -cloud.google.com/go/metastore v1.8.0/go.mod h1:zHiMc4ZUpBiM7twCIFQmJ9JMEkDSyZS9U12uf7wHqSI= -cloud.google.com/go/metastore v1.10.0/go.mod h1:fPEnH3g4JJAk+gMRnrAnoqyv2lpUCqJPWOodSaf45Eo= -cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhIsnmlA53dvEk= -cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= -cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w= -cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw= -cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= -cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= -cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= -cloud.google.com/go/networkconnectivity v1.7.0/go.mod h1:RMuSbkdbPwNMQjB5HBWD5MpTBnNm39iAVpC3TmsExt8= -cloud.google.com/go/networkconnectivity v1.10.0/go.mod h1:UP4O4sWXJG13AqrTdQCD9TnLGEbtNRqjuaaA7bNjF5E= -cloud.google.com/go/networkconnectivity v1.11.0/go.mod h1:iWmDD4QF16VCDLXUqvyspJjIEtBR/4zq5hwnY2X3scM= -cloud.google.com/go/networkmanagement v1.4.0/go.mod h1:Q9mdLLRn60AsOrPc8rs8iNV6OHXaGcDdsIQe1ohekq8= -cloud.google.com/go/networkmanagement v1.5.0/go.mod h1:ZnOeZ/evzUdUsnvRt792H0uYEnHQEMaz+REhhzJRcf4= -cloud.google.com/go/networkmanagement v1.6.0/go.mod h1:5pKPqyXjB/sgtvB5xqOemumoQNB7y95Q7S+4rjSOPYY= -cloud.google.com/go/networksecurity v0.5.0/go.mod h1:xS6fOCoqpVC5zx15Z/MqkfDwH4+m/61A3ODiDV1xmiQ= -cloud.google.com/go/networksecurity v0.6.0/go.mod h1:Q5fjhTr9WMI5mbpRYEbiexTzROf7ZbDzvzCrNl14nyU= -cloud.google.com/go/networksecurity v0.7.0/go.mod h1:mAnzoxx/8TBSyXEeESMy9OOYwo1v+gZ5eMRnsT5bC8k= -cloud.google.com/go/networksecurity v0.8.0/go.mod h1:B78DkqsxFG5zRSVuwYFRZ9Xz8IcQ5iECsNrPn74hKHU= -cloud.google.com/go/notebooks v1.2.0/go.mod h1:9+wtppMfVPUeJ8fIWPOq1UnATHISkGXGqTkxeieQ6UY= -cloud.google.com/go/notebooks v1.3.0/go.mod h1:bFR5lj07DtCPC7YAAJ//vHskFBxA5JzYlH68kXVdk34= -cloud.google.com/go/notebooks v1.4.0/go.mod h1:4QPMngcwmgb6uw7Po99B2xv5ufVoIQ7nOGDyL4P8AgA= -cloud.google.com/go/notebooks v1.5.0/go.mod h1:q8mwhnP9aR8Hpfnrc5iN5IBhrXUy8S2vuYs+kBJ/gu0= -cloud.google.com/go/notebooks v1.7.0/go.mod h1:PVlaDGfJgj1fl1S3dUwhFMXFgfYGhYQt2164xOMONmE= -cloud.google.com/go/notebooks v1.8.0/go.mod h1:Lq6dYKOYOWUCTvw5t2q1gp1lAp0zxAxRycayS0iJcqQ= -cloud.google.com/go/optimization v1.1.0/go.mod h1:5po+wfvX5AQlPznyVEZjGJTMr4+CAkJf2XSTQOOl9l4= -cloud.google.com/go/optimization v1.2.0/go.mod h1:Lr7SOHdRDENsh+WXVmQhQTrzdu9ybg0NecjHidBq6xs= -cloud.google.com/go/optimization v1.3.1/go.mod h1:IvUSefKiwd1a5p0RgHDbWCIbDFgKuEdB+fPPuP0IDLI= -cloud.google.com/go/orchestration v1.3.0/go.mod h1:Sj5tq/JpWiB//X/q3Ngwdl5K7B7Y0KZ7bfv0wL6fqVA= -cloud.google.com/go/orchestration v1.4.0/go.mod h1:6W5NLFWs2TlniBphAViZEVhrXRSMgUGDfW7vrWKvsBk= -cloud.google.com/go/orchestration v1.6.0/go.mod h1:M62Bevp7pkxStDfFfTuCOaXgaaqRAga1yKyoMtEoWPQ= -cloud.google.com/go/orgpolicy v1.4.0/go.mod h1:xrSLIV4RePWmP9P3tBl8S93lTmlAxjm06NSm2UTmKvE= -cloud.google.com/go/orgpolicy v1.5.0/go.mod h1:hZEc5q3wzwXJaKrsx5+Ewg0u1LxJ51nNFlext7Tanwc= -cloud.google.com/go/orgpolicy v1.10.0/go.mod h1:w1fo8b7rRqlXlIJbVhOMPrwVljyuW5mqssvBtU18ONc= -cloud.google.com/go/osconfig v1.7.0/go.mod h1:oVHeCeZELfJP7XLxcBGTMBvRO+1nQ5tFG9VQTmYS2Fs= -cloud.google.com/go/osconfig v1.8.0/go.mod h1:EQqZLu5w5XA7eKizepumcvWx+m8mJUhEwiPqWiZeEdg= -cloud.google.com/go/osconfig v1.9.0/go.mod h1:Yx+IeIZJ3bdWmzbQU4fxNl8xsZ4amB+dygAwFPlvnNo= -cloud.google.com/go/osconfig v1.10.0/go.mod h1:uMhCzqC5I8zfD9zDEAfvgVhDS8oIjySWh+l4WK6GnWw= -cloud.google.com/go/osconfig v1.11.0/go.mod h1:aDICxrur2ogRd9zY5ytBLV89KEgT2MKB2L/n6x1ooPw= -cloud.google.com/go/oslogin v1.4.0/go.mod h1:YdgMXWRaElXz/lDk1Na6Fh5orF7gvmJ0FGLIs9LId4E= -cloud.google.com/go/oslogin v1.5.0/go.mod h1:D260Qj11W2qx/HVF29zBg+0fd6YCSjSqLUkY/qEenQU= -cloud.google.com/go/oslogin v1.6.0/go.mod h1:zOJ1O3+dTU8WPlGEkFSh7qeHPPSoxrcMbbK1Nm2iX70= -cloud.google.com/go/oslogin v1.7.0/go.mod h1:e04SN0xO1UNJ1M5GP0vzVBFicIe4O53FOfcixIqTyXo= -cloud.google.com/go/oslogin v1.9.0/go.mod h1:HNavntnH8nzrn8JCTT5fj18FuJLFJc4NaZJtBnQtKFs= -cloud.google.com/go/phishingprotection v0.5.0/go.mod h1:Y3HZknsK9bc9dMi+oE8Bim0lczMU6hrX0UpADuMefr0= -cloud.google.com/go/phishingprotection v0.6.0/go.mod h1:9Y3LBLgy0kDTcYET8ZH3bq/7qni15yVUoAxiFxnlSUA= -cloud.google.com/go/phishingprotection v0.7.0/go.mod h1:8qJI4QKHoda/sb/7/YmMQ2omRLSLYSu9bU0EKCNI+Lk= -cloud.google.com/go/policytroubleshooter v1.3.0/go.mod h1:qy0+VwANja+kKrjlQuOzmlvscn4RNsAc0e15GGqfMxg= -cloud.google.com/go/policytroubleshooter v1.4.0/go.mod h1:DZT4BcRw3QoO8ota9xw/LKtPa8lKeCByYeKTIf/vxdE= -cloud.google.com/go/policytroubleshooter v1.5.0/go.mod h1:Rz1WfV+1oIpPdN2VvvuboLVRsB1Hclg3CKQ53j9l8vw= -cloud.google.com/go/policytroubleshooter v1.6.0/go.mod h1:zYqaPTsmfvpjm5ULxAyD/lINQxJ0DDsnWOP/GZ7xzBc= -cloud.google.com/go/privatecatalog v0.5.0/go.mod h1:XgosMUvvPyxDjAVNDYxJ7wBW8//hLDDYmnsNcMGq1K0= -cloud.google.com/go/privatecatalog v0.6.0/go.mod h1:i/fbkZR0hLN29eEWiiwue8Pb+GforiEIBnV9yrRUOKI= -cloud.google.com/go/privatecatalog v0.7.0/go.mod h1:2s5ssIFO69F5csTXcwBP7NPFTZvps26xGzvQ2PQaBYg= -cloud.google.com/go/privatecatalog v0.8.0/go.mod h1:nQ6pfaegeDAq/Q5lrfCQzQLhubPiZhSaNhIgfJlnIXs= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcdcPRnFIRI= -cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= -cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8= -cloud.google.com/go/pubsub v1.30.0/go.mod h1:qWi1OPS0B+b5L+Sg6Gmc9zD1Y+HaM0MdUr7LsupY1P4= -cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= -cloud.google.com/go/pubsublite v1.6.0/go.mod h1:1eFCS0U11xlOuMFV/0iBqw3zP12kddMeCbj/F3FSj9k= -cloud.google.com/go/pubsublite v1.7.0/go.mod h1:8hVMwRXfDfvGm3fahVbtDbiLePT3gpoiJYJY+vxWxVM= -cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= -cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= -cloud.google.com/go/recaptchaenterprise/v2 v2.2.0/go.mod h1:/Zu5jisWGeERrd5HnlS3EUGb/D335f9k51B/FVil0jk= -cloud.google.com/go/recaptchaenterprise/v2 v2.3.0/go.mod h1:O9LwGCjrhGHBQET5CA7dd5NwwNQUErSgEDit1DLNTdo= -cloud.google.com/go/recaptchaenterprise/v2 v2.4.0/go.mod h1:Am3LHfOuBstrLrNCBrlI5sbwx9LBg3te2N6hGvHn2mE= -cloud.google.com/go/recaptchaenterprise/v2 v2.5.0/go.mod h1:O8LzcHXN3rz0j+LBC91jrwI3R+1ZSZEWrfL7XHgNo9U= -cloud.google.com/go/recaptchaenterprise/v2 v2.6.0/go.mod h1:RPauz9jeLtB3JVzg6nCbe12qNoaa8pXc4d/YukAmcnA= -cloud.google.com/go/recaptchaenterprise/v2 v2.7.0/go.mod h1:19wVj/fs5RtYtynAPJdDTb69oW0vNHYDBTbB4NvMD9c= -cloud.google.com/go/recommendationengine v0.5.0/go.mod h1:E5756pJcVFeVgaQv3WNpImkFP8a+RptV6dDLGPILjvg= -cloud.google.com/go/recommendationengine v0.6.0/go.mod h1:08mq2umu9oIqc7tDy8sx+MNJdLG0fUi3vaSVbztHgJ4= -cloud.google.com/go/recommendationengine v0.7.0/go.mod h1:1reUcE3GIu6MeBz/h5xZJqNLuuVjNg1lmWMPyjatzac= -cloud.google.com/go/recommender v1.5.0/go.mod h1:jdoeiBIVrJe9gQjwd759ecLJbxCDED4A6p+mqoqDvTg= -cloud.google.com/go/recommender v1.6.0/go.mod h1:+yETpm25mcoiECKh9DEScGzIRyDKpZ0cEhWGo+8bo+c= -cloud.google.com/go/recommender v1.7.0/go.mod h1:XLHs/W+T8olwlGOgfQenXBTbIseGclClff6lhFVe9Bs= -cloud.google.com/go/recommender v1.8.0/go.mod h1:PkjXrTT05BFKwxaUxQmtIlrtj0kph108r02ZZQ5FE70= -cloud.google.com/go/recommender v1.9.0/go.mod h1:PnSsnZY7q+VL1uax2JWkt/UegHssxjUVVCrX52CuEmQ= -cloud.google.com/go/redis v1.7.0/go.mod h1:V3x5Jq1jzUcg+UNsRvdmsfuFnit1cfe3Z/PGyq/lm4Y= -cloud.google.com/go/redis v1.8.0/go.mod h1:Fm2szCDavWzBk2cDKxrkmWBqoCiL1+Ctwq7EyqBCA/A= -cloud.google.com/go/redis v1.9.0/go.mod h1:HMYQuajvb2D0LvMgZmLDZW8V5aOC/WxstZHiy4g8OiA= -cloud.google.com/go/redis v1.10.0/go.mod h1:ThJf3mMBQtW18JzGgh41/Wld6vnDDc/F/F35UolRZPM= -cloud.google.com/go/redis v1.11.0/go.mod h1:/X6eicana+BWcUda5PpwZC48o37SiFVTFSs0fWAJ7uQ= -cloud.google.com/go/resourcemanager v1.3.0/go.mod h1:bAtrTjZQFJkiWTPDb1WBjzvc6/kifjj4QBYuKCCoqKA= -cloud.google.com/go/resourcemanager v1.4.0/go.mod h1:MwxuzkumyTX7/a3n37gmsT3py7LIXwrShilPh3P1tR0= -cloud.google.com/go/resourcemanager v1.5.0/go.mod h1:eQoXNAiAvCf5PXxWxXjhKQoTMaUSNrEfg+6qdf/wots= -cloud.google.com/go/resourcemanager v1.6.0/go.mod h1:YcpXGRs8fDzcUl1Xw8uOVmI8JEadvhRIkoXXUNVYcVo= -cloud.google.com/go/resourcemanager v1.7.0/go.mod h1:HlD3m6+bwhzj9XCouqmeiGuni95NTrExfhoSrkC/3EI= -cloud.google.com/go/resourcesettings v1.3.0/go.mod h1:lzew8VfESA5DQ8gdlHwMrqZs1S9V87v3oCnKCWoOuQU= -cloud.google.com/go/resourcesettings v1.4.0/go.mod h1:ldiH9IJpcrlC3VSuCGvjR5of/ezRrOxFtpJoJo5SmXg= -cloud.google.com/go/resourcesettings v1.5.0/go.mod h1:+xJF7QSG6undsQDfsCJyqWXyBwUoJLhetkRMDRnIoXA= -cloud.google.com/go/retail v1.8.0/go.mod h1:QblKS8waDmNUhghY2TI9O3JLlFk8jybHeV4BF19FrE4= -cloud.google.com/go/retail v1.9.0/go.mod h1:g6jb6mKuCS1QKnH/dpu7isX253absFl6iE92nHwlBUY= -cloud.google.com/go/retail v1.10.0/go.mod h1:2gDk9HsL4HMS4oZwz6daui2/jmKvqShXKQuB2RZ+cCc= -cloud.google.com/go/retail v1.11.0/go.mod h1:MBLk1NaWPmh6iVFSz9MeKG/Psyd7TAgm6y/9L2B4x9Y= -cloud.google.com/go/retail v1.12.0/go.mod h1:UMkelN/0Z8XvKymXFbD4EhFJlYKRx1FGhQkVPU5kF14= -cloud.google.com/go/run v0.2.0/go.mod h1:CNtKsTA1sDcnqqIFR3Pb5Tq0usWxJJvsWOCPldRU3Do= -cloud.google.com/go/run v0.3.0/go.mod h1:TuyY1+taHxTjrD0ZFk2iAR+xyOXEA0ztb7U3UNA0zBo= -cloud.google.com/go/run v0.8.0/go.mod h1:VniEnuBwqjigv0A7ONfQUaEItaiCRVujlMqerPPiktM= -cloud.google.com/go/run v0.9.0/go.mod h1:Wwu+/vvg8Y+JUApMwEDfVfhetv30hCG4ZwDR/IXl2Qg= -cloud.google.com/go/scheduler v1.4.0/go.mod h1:drcJBmxF3aqZJRhmkHQ9b3uSSpQoltBPGPxGAWROx6s= -cloud.google.com/go/scheduler v1.5.0/go.mod h1:ri073ym49NW3AfT6DZi21vLZrG07GXr5p3H1KxN5QlI= -cloud.google.com/go/scheduler v1.6.0/go.mod h1:SgeKVM7MIwPn3BqtcBntpLyrIJftQISRrYB5ZtT+KOk= -cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJegEWKxRsn44= -cloud.google.com/go/scheduler v1.8.0/go.mod h1:TCET+Y5Gp1YgHT8py4nlg2Sew8nUHMqcpousDgXJVQc= -cloud.google.com/go/scheduler v1.9.0/go.mod h1:yexg5t+KSmqu+njTIh3b7oYPheFtBWGcbVUYF1GGMIc= -cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= -cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4= -cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4= -cloud.google.com/go/secretmanager v1.10.0/go.mod h1:MfnrdvKMPNra9aZtQFvBcvRU54hbPD8/HayQdlUgJpU= -cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= -cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= -cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= -cloud.google.com/go/security v1.9.0/go.mod h1:6Ta1bO8LXI89nZnmnsZGp9lVoVWXqsVbIq/t9dzI+2Q= -cloud.google.com/go/security v1.10.0/go.mod h1:QtOMZByJVlibUT2h9afNDWRZ1G96gVywH8T5GUSb9IA= -cloud.google.com/go/security v1.12.0/go.mod h1:rV6EhrpbNHrrxqlvW0BWAIawFWq3X90SduMJdFwtLB8= -cloud.google.com/go/security v1.13.0/go.mod h1:Q1Nvxl1PAgmeW0y3HTt54JYIvUdtcpYKVfIB8AOMZ+0= -cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU= -cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc= -cloud.google.com/go/securitycenter v1.15.0/go.mod h1:PeKJ0t8MoFmmXLXWm41JidyzI3PJjd8sXWaVqg43WWk= -cloud.google.com/go/securitycenter v1.16.0/go.mod h1:Q9GMaLQFUD+5ZTabrbujNWLtSLZIZF7SAR0wWECrjdk= -cloud.google.com/go/securitycenter v1.18.1/go.mod h1:0/25gAzCM/9OL9vVx4ChPeM/+DlfGQJDwBy/UC8AKK0= -cloud.google.com/go/securitycenter v1.19.0/go.mod h1:LVLmSg8ZkkyaNy4u7HCIshAngSQ8EcIRREP3xBnyfag= -cloud.google.com/go/servicecontrol v1.4.0/go.mod h1:o0hUSJ1TXJAmi/7fLJAedOovnujSEvjKCAFNXPQ1RaU= -cloud.google.com/go/servicecontrol v1.5.0/go.mod h1:qM0CnXHhyqKVuiZnGKrIurvVImCs8gmqWsDoqe9sU1s= -cloud.google.com/go/servicecontrol v1.10.0/go.mod h1:pQvyvSRh7YzUF2efw7H87V92mxU8FnFDawMClGCNuAA= -cloud.google.com/go/servicecontrol v1.11.0/go.mod h1:kFmTzYzTUIuZs0ycVqRHNaNhgR+UMUpw9n02l/pY+mc= -cloud.google.com/go/servicecontrol v1.11.1/go.mod h1:aSnNNlwEFBY+PWGQ2DoM0JJ/QUXqV5/ZD9DOLB7SnUk= -cloud.google.com/go/servicedirectory v1.4.0/go.mod h1:gH1MUaZCgtP7qQiI+F+A+OpeKF/HQWgtAddhTbhL2bs= -cloud.google.com/go/servicedirectory v1.5.0/go.mod h1:QMKFL0NUySbpZJ1UZs3oFAmdvVxhhxB6eJ/Vlp73dfg= -cloud.google.com/go/servicedirectory v1.6.0/go.mod h1:pUlbnWsLH9c13yGkxCmfumWEPjsRs1RlmJ4pqiNjVL4= -cloud.google.com/go/servicedirectory v1.7.0/go.mod h1:5p/U5oyvgYGYejufvxhgwjL8UVXjkuw7q5XcG10wx1U= -cloud.google.com/go/servicedirectory v1.8.0/go.mod h1:srXodfhY1GFIPvltunswqXpVxFPpZjf8nkKQT7XcXaY= -cloud.google.com/go/servicedirectory v1.9.0/go.mod h1:29je5JjiygNYlmsGz8k6o+OZ8vd4f//bQLtvzkPPT/s= -cloud.google.com/go/servicemanagement v1.4.0/go.mod h1:d8t8MDbezI7Z2R1O/wu8oTggo3BI2GKYbdG4y/SJTco= -cloud.google.com/go/servicemanagement v1.5.0/go.mod h1:XGaCRe57kfqu4+lRxaFEAuqmjzF0r+gWHjWqKqBvKFo= -cloud.google.com/go/servicemanagement v1.6.0/go.mod h1:aWns7EeeCOtGEX4OvZUWCCJONRZeFKiptqKf1D0l/Jc= -cloud.google.com/go/servicemanagement v1.8.0/go.mod h1:MSS2TDlIEQD/fzsSGfCdJItQveu9NXnUniTrq/L8LK4= -cloud.google.com/go/serviceusage v1.3.0/go.mod h1:Hya1cozXM4SeSKTAgGXgj97GlqUvF5JaoXacR1JTP/E= -cloud.google.com/go/serviceusage v1.4.0/go.mod h1:SB4yxXSaYVuUBYUml6qklyONXNLt83U0Rb+CXyhjEeU= -cloud.google.com/go/serviceusage v1.5.0/go.mod h1:w8U1JvqUqwJNPEOTQjrMHkw3IaIFLoLsPLvsE3xueec= -cloud.google.com/go/serviceusage v1.6.0/go.mod h1:R5wwQcbOWsyuOfbP9tGdAnCAc6B9DRwPG1xtWMDeuPA= -cloud.google.com/go/shell v1.3.0/go.mod h1:VZ9HmRjZBsjLGXusm7K5Q5lzzByZmJHf1d0IWHEN5X4= -cloud.google.com/go/shell v1.4.0/go.mod h1:HDxPzZf3GkDdhExzD/gs8Grqk+dmYcEjGShZgYa9URw= -cloud.google.com/go/shell v1.6.0/go.mod h1:oHO8QACS90luWgxP3N9iZVuEiSF84zNyLytb+qE2f9A= -cloud.google.com/go/spanner v1.41.0/go.mod h1:MLYDBJR/dY4Wt7ZaMIQ7rXOTLjYrmxLE/5ve9vFfWos= -cloud.google.com/go/spanner v1.44.0/go.mod h1:G8XIgYdOK+Fbcpbs7p2fiprDw4CaZX63whnSMLVBxjk= -cloud.google.com/go/spanner v1.45.0/go.mod h1:FIws5LowYz8YAE1J8fOS7DJup8ff7xJeetWEo5REA2M= -cloud.google.com/go/speech v1.6.0/go.mod h1:79tcr4FHCimOp56lwC01xnt/WPJZc4v3gzyT7FoBkCM= -cloud.google.com/go/speech v1.7.0/go.mod h1:KptqL+BAQIhMsj1kOP2la5DSEEerPDuOP/2mmkhHhZQ= -cloud.google.com/go/speech v1.8.0/go.mod h1:9bYIl1/tjsAnMgKGHKmBZzXKEkGgtU+MpdDPTE9f7y0= -cloud.google.com/go/speech v1.9.0/go.mod h1:xQ0jTcmnRFFM2RfX/U+rk6FQNUF6DQlydUSyoooSpco= -cloud.google.com/go/speech v1.14.1/go.mod h1:gEosVRPJ9waG7zqqnsHpYTOoAS4KouMRLDFMekpJ0J0= -cloud.google.com/go/speech v1.15.0/go.mod h1:y6oH7GhqCaZANH7+Oe0BhgIogsNInLlz542tg3VqeYI= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= -cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= -cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= -cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= -cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y= -cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4= -cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= -cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= -cloud.google.com/go/storagetransfer v1.7.0/go.mod h1:8Giuj1QNb1kfLAiWM1bN6dHzfdlDAVC9rv9abHot2W4= -cloud.google.com/go/storagetransfer v1.8.0/go.mod h1:JpegsHHU1eXg7lMHkvf+KE5XDJ7EQu0GwNJbbVGanEw= -cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= -cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g= -cloud.google.com/go/talent v1.3.0/go.mod h1:CmcxwJ/PKfRgd1pBjQgU6W3YBwiewmUzQYH5HHmSCmM= -cloud.google.com/go/talent v1.4.0/go.mod h1:ezFtAgVuRf8jRsvyE6EwmbTK5LKciD4KVnHuDEFmOOA= -cloud.google.com/go/talent v1.5.0/go.mod h1:G+ODMj9bsasAEJkQSzO2uHQWXHHXUomArjWQQYkqK6c= -cloud.google.com/go/texttospeech v1.4.0/go.mod h1:FX8HQHA6sEpJ7rCMSfXuzBcysDAuWusNNNvN9FELDd8= -cloud.google.com/go/texttospeech v1.5.0/go.mod h1:oKPLhR4n4ZdQqWKURdwxMy0uiTS1xU161C8W57Wkea4= -cloud.google.com/go/texttospeech v1.6.0/go.mod h1:YmwmFT8pj1aBblQOI3TfKmwibnsfvhIBzPXcW4EBovc= -cloud.google.com/go/tpu v1.3.0/go.mod h1:aJIManG0o20tfDQlRIej44FcwGGl/cD0oiRyMKG19IQ= -cloud.google.com/go/tpu v1.4.0/go.mod h1:mjZaX8p0VBgllCzF6wcU2ovUXN9TONFLd7iz227X2Xg= -cloud.google.com/go/tpu v1.5.0/go.mod h1:8zVo1rYDFuW2l4yZVY0R0fb/v44xLh3llq7RuV61fPM= -cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg6N0G28= -cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y= -cloud.google.com/go/trace v1.8.0/go.mod h1:zH7vcsbAhklH8hWFig58HvxcxyQbaIqMarMg9hn5ECA= -cloud.google.com/go/trace v1.9.0/go.mod h1:lOQqpE5IaWY0Ixg7/r2SjixMuc6lfTFeO4QGM4dQWOk= -cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs= -cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg= -cloud.google.com/go/translate v1.5.0/go.mod h1:29YDSYveqqpA1CQFD7NQuP49xymq17RXNaUDdc0mNu0= -cloud.google.com/go/translate v1.6.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= -cloud.google.com/go/translate v1.7.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= -cloud.google.com/go/video v1.8.0/go.mod h1:sTzKFc0bUSByE8Yoh8X0mn8bMymItVGPfTuUBUyRgxk= -cloud.google.com/go/video v1.9.0/go.mod h1:0RhNKFRF5v92f8dQt0yhaHrEuH95m068JYOvLZYnJSw= -cloud.google.com/go/video v1.12.0/go.mod h1:MLQew95eTuaNDEGriQdcYn0dTwf9oWiA4uYebxM5kdg= -cloud.google.com/go/video v1.13.0/go.mod h1:ulzkYlYgCp15N2AokzKjy7MQ9ejuynOJdf1tR5lGthk= -cloud.google.com/go/video v1.14.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= -cloud.google.com/go/video v1.15.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= -cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU= -cloud.google.com/go/videointelligence v1.7.0/go.mod h1:k8pI/1wAhjznARtVT9U1llUaFNPh7muw8QyOUpavru4= -cloud.google.com/go/videointelligence v1.8.0/go.mod h1:dIcCn4gVDdS7yte/w+koiXn5dWVplOZkE+xwG9FgK+M= -cloud.google.com/go/videointelligence v1.9.0/go.mod h1:29lVRMPDYHikk3v8EdPSaL8Ku+eMzDljjuvRs105XoU= -cloud.google.com/go/videointelligence v1.10.0/go.mod h1:LHZngX1liVtUhZvi2uNS0VQuOzNi2TkY1OakiuoUOjU= -cloud.google.com/go/vision v1.2.0/go.mod h1:SmNwgObm5DpFBme2xpyOyasvBc1aPdjvMk2bBk0tKD0= -cloud.google.com/go/vision/v2 v2.2.0/go.mod h1:uCdV4PpN1S0jyCyq8sIM42v2Y6zOLkZs+4R9LrGYwFo= -cloud.google.com/go/vision/v2 v2.3.0/go.mod h1:UO61abBx9QRMFkNBbf1D8B1LXdS2cGiiCRx0vSpZoUo= -cloud.google.com/go/vision/v2 v2.4.0/go.mod h1:VtI579ll9RpVTrdKdkMzckdnwMyX2JILb+MhPqRbPsY= -cloud.google.com/go/vision/v2 v2.5.0/go.mod h1:MmaezXOOE+IWa+cS7OhRRLK2cNv1ZL98zhqFFZaaH2E= -cloud.google.com/go/vision/v2 v2.6.0/go.mod h1:158Hes0MvOS9Z/bDMSFpjwsUrZ5fPrdwuyyvKSGAGMY= -cloud.google.com/go/vision/v2 v2.7.0/go.mod h1:H89VysHy21avemp6xcf9b9JvZHVehWbET0uT/bcuY/0= -cloud.google.com/go/vmmigration v1.2.0/go.mod h1:IRf0o7myyWFSmVR1ItrBSFLFD/rJkfDCUTO4vLlJvsE= -cloud.google.com/go/vmmigration v1.3.0/go.mod h1:oGJ6ZgGPQOFdjHuocGcLqX4lc98YQ7Ygq8YQwHh9A7g= -cloud.google.com/go/vmmigration v1.5.0/go.mod h1:E4YQ8q7/4W9gobHjQg4JJSgXXSgY21nA5r8swQV+Xxc= -cloud.google.com/go/vmmigration v1.6.0/go.mod h1:bopQ/g4z+8qXzichC7GW1w2MjbErL54rk3/C843CjfY= -cloud.google.com/go/vmwareengine v0.1.0/go.mod h1:RsdNEf/8UDvKllXhMz5J40XxDrNJNN4sagiox+OI208= -cloud.google.com/go/vmwareengine v0.2.2/go.mod h1:sKdctNJxb3KLZkE/6Oui94iw/xs9PRNC2wnNLXsHvH8= -cloud.google.com/go/vmwareengine v0.3.0/go.mod h1:wvoyMvNWdIzxMYSpH/R7y2h5h3WFkx6d+1TIsP39WGY= -cloud.google.com/go/vpcaccess v1.4.0/go.mod h1:aQHVbTWDYUR1EbTApSVvMq1EnT57ppDmQzZ3imqIk4w= -cloud.google.com/go/vpcaccess v1.5.0/go.mod h1:drmg4HLk9NkZpGfCmZ3Tz0Bwnm2+DKqViEpeEpOq0m8= -cloud.google.com/go/vpcaccess v1.6.0/go.mod h1:wX2ILaNhe7TlVa4vC5xce1bCnqE3AeH27RV31lnmZes= -cloud.google.com/go/webrisk v1.4.0/go.mod h1:Hn8X6Zr+ziE2aNd8SliSDWpEnSS1u4R9+xXZmFiHmGE= -cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuWDEEsqMTg= -cloud.google.com/go/webrisk v1.6.0/go.mod h1:65sW9V9rOosnc9ZY7A7jsy1zoHS5W9IAXv6dGqhMQMc= -cloud.google.com/go/webrisk v1.7.0/go.mod h1:mVMHgEYH0r337nmt1JyLthzMr6YxwN1aAIEc2fTcq7A= -cloud.google.com/go/webrisk v1.8.0/go.mod h1:oJPDuamzHXgUc+b8SiHRcVInZQuybnvEW72PqTc7sSg= -cloud.google.com/go/websecurityscanner v1.3.0/go.mod h1:uImdKm2wyeXQevQJXeh8Uun/Ym1VqworNDlBXQevGMo= -cloud.google.com/go/websecurityscanner v1.4.0/go.mod h1:ebit/Fp0a+FWu5j4JOmJEV8S8CzdTkAS77oDsiSqYWQ= -cloud.google.com/go/websecurityscanner v1.5.0/go.mod h1:Y6xdCPy81yi0SQnDY1xdNTNpfY1oAgXUlcfN3B3eSng= -cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0= -cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= -cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= -cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= -cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M= code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA= -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= -dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= dmitri.shuralyov.com/gpu/mtl v0.0.0-20201218220906-28db891af037/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= -git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/Azure/azure-sdk-for-go v55.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 h1:tz19qLF65vuu2ibfTqGVJxG/zZAI27NEIIbvAOQwYbw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= @@ -647,7 +87,6 @@ github.com/GoogleCloudPlatform/k8s-cloud-provider v1.16.1-0.20210702024009-ea616 github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA= github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo= github.com/Jeffail/gabs v1.4.0/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc= -github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible h1:1G1pk05UrOh0NlF1oeaaix1x8XzrfjIDK47TY0Zehcw= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd h1:sjQovDkwrZp8u+gxLtPgKGjk5hCxuy2hrRejBTA9xFU= @@ -661,9 +100,8 @@ github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.4.15/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.8.22/go.mod h1:91uVCVzvX2QD16sMCenoxxXo6L1wJnLMX2PSufFMtF0= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= @@ -671,8 +109,8 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE github.com/PagerDuty/go-pagerduty v1.6.0 h1:am81SzvG5Pw+s3JZ5yEy6kGvsXXklTNRrGr3d8WKpsU= github.com/PagerDuty/go-pagerduty v1.6.0/go.mod h1:7eaBLzsDpK7VUvU0SJ5mohczQkoWrrr5CjDaw5gh1as= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= -github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs= -github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 h1:ZK3C5DtzV2nVAQTx5S5jQvMeDqWtD1By5mOoyY/xJek= +github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 h1:prBTRx78AQnXzivNT9Crhu564W/zPPr3ibSlpT9xKcE= @@ -685,10 +123,7 @@ github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/ github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= -github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY= -github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= -github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGWcpt8ov532z81sp/kMMUG485J2InIOyADM= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -696,22 +131,18 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= -github.com/alicebob/miniredis/v2 v2.30.4 h1:8S4/o1/KoUArAGbGwPxcwf0krlzceva2XVOSchFS7Eo= -github.com/alicebob/miniredis/v2 v2.30.4/go.mod h1:b25qWj4fCEsBeAAR2mlb0ufImGC6uH3VlUfb/HS5zKg= -github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/alicebob/miniredis/v2 v2.30.3 h1:hrqDB4cHFSHQf4gO3xu6YKQg8PqJpNjLYsQAFYHstqw= +github.com/alicebob/miniredis/v2 v2.30.3/go.mod h1:b25qWj4fCEsBeAAR2mlb0ufImGC6uH3VlUfb/HS5zKg= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= -github.com/antonmedv/expr v1.12.7 h1:jfV/l/+dHWAadLwAtESXNxXdfbK9bE4+FNMHYCMntwk= -github.com/antonmedv/expr v1.12.7/go.mod h1:FPC8iWArxls7axbVLsW+kpg1mz29A1b2M6jt+hZfDkU= -github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0= -github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= +github.com/antonmedv/expr v1.12.5 h1:Fq4okale9swwL3OeLLs9WD9H6GbgBLJyN/NUHRv+n0E= +github.com/antonmedv/expr v1.12.5/go.mod h1:FPC8iWArxls7axbVLsW+kpg1mz29A1b2M6jt+hZfDkU= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= -github.com/argoproj/gitops-engine v0.7.1-0.20230809134534-ed7c77a9290b h1:0Nttg/giUaT52BticAPRmbEMZWBDxisy+hltb1TglVM= -github.com/argoproj/gitops-engine v0.7.1-0.20230809134534-ed7c77a9290b/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= +github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695 h1:w8OPbqHyhWxLyC4LZgs5JBUe7AOkJpNZqFa92yy7Kmc= +github.com/argoproj/gitops-engine v0.7.1-0.20230607163028-425d65e07695/go.mod h1:WpA/B7tgwfz+sdNE3LqrTrb7ArEY1FOPI2pAGI0hfPc= github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520 h1:ZCpg1Zk78E8QxMI52w6ZIddxkBHv27YWmfWQdxxWUkw= github.com/argoproj/notifications-engine v0.4.1-0.20230620204159-3446d4ae8520/go.mod h1:sbhf4EjAUGAqRdHIzifDIiWsjlsTfmytVJJCCiUdyVA= github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 h1:qsHwwOJ21K2Ao0xPju1sNuqphyMnMYkyB3ZLoLtxWpo= @@ -732,9 +163,8 @@ github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.35.24/go.mod h1:tlPOdRjfxPBpNIwqDj61rmsnA85v9jc0Ps9+muhnW+k= github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0= github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.317 h1:+8XWrLmGMwPPXSRSLPzhgcGnzJ2mYkgkrcB9C/GnSOU= -github.com/aws/aws-sdk-go v1.44.317/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= @@ -753,10 +183,8 @@ github.com/bmatcuk/doublestar/v4 v4.6.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTS github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= -github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= -github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= -github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 h1:IRY7Xy588KylkoycsUhFpW7cdGpy5Y5BPsz4IfuJtGk= -github.com/bradleyfalzon/ghinstallation/v2 v2.6.0/go.mod h1:oQ3etOwN3TRH4EwgW5/7MxSVMGlMlzG/O8TU7eYdoSk= +github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 h1:yaYcGQ7yEIGbsJfW/9z7v1sLiZg/5rSNNXwmMct5XaE= +github.com/bradleyfalzon/ghinstallation/v2 v2.5.0/go.mod h1:amcvPQMrRkWNdueWOjPytGL25xQGzox7425qMgzo+Vo= github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao= github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= @@ -764,16 +192,14 @@ github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/casbin/casbin/v2 v2.73.0 h1:Qgy70fd90wXrDvSLBAFrDBNYv34lCqppK24vF0OHv/M= -github.com/casbin/casbin/v2 v2.73.0/go.mod h1:mzGx0hYW9/ksOSpw3wNjk3NRAroq5VMFYUQ6G43iGPk= +github.com/casbin/casbin/v2 v2.71.1 h1:LRHyqM0S1LzM/K59PmfUIN0ZJfLgcOjL4OhOQI/FNXU= +github.com/casbin/casbin/v2 v2.71.1/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= @@ -800,15 +226,10 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= @@ -902,13 +323,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= -github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= -github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= -github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= -github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8= github.com/euank/go-kmsg-parser v2.0.0+incompatible/go.mod h1:MhmAMZ8V4CYH4ybgdRwPr2TU5ThnS43puaKEMpja1uw= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= @@ -930,7 +345,6 @@ github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= @@ -959,18 +373,13 @@ github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= -github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= -github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= -github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= -github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= -github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= -github.com/go-git/go-git/v5 v5.8.1 h1:Zo79E4p7TRk0xoRgMq0RShiTHGKcKI4+DI6BfJc/Q+A= -github.com/go-git/go-git/v5 v5.8.1/go.mod h1:FHFuoD6yGz5OSKEBK+aWN9Oah0q54Jxl0abmj6GnqAo= +github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE= +github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -980,8 +389,6 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= -github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= @@ -1037,8 +444,6 @@ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+ github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= github.com/go-ozzo/ozzo-validation v3.5.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU= -github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= -github.com/go-pdf/fpdf v0.6.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q= @@ -1048,8 +453,6 @@ github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD87 github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/validator/v10 v10.2.0 h1:KgJ0snyC2R9VXYN2rneOtQcw5aHQB1Vv0sFl1UcHBOY= github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= -github.com/go-playground/webhooks/v6 v6.2.1-0.20230808162451-10570b0a59e8 h1:QDFjrpOZagU8KEpSCF0WvBKOGq2GYuVZ4ZDg/gelrEE= -github.com/go-playground/webhooks/v6 v6.2.1-0.20230808162451-10570b0a59e8/go.mod h1:GCocmfMtpJdkEOM1uG9p2nXzg1kY5X/LtvQgtPHUaaA= github.com/go-redis/cache/v9 v9.0.0 h1:0thdtFo0xJi0/WXbRVu8B066z8OvVymXTJGaXrVWnN0= github.com/go-redis/cache/v9 v9.0.0/go.mod h1:cMwi1N8ASBOufbIvk7cdXe2PbPjK/WMRL95FFHWsSgI= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= @@ -1091,13 +494,12 @@ github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2 h1:CoAavW/wd/kulfZmSIBt6p24n4j7tHgNVCjsfHVNUbo= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= -github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= -github.com/gogits/go-gogs-client v0.0.0-20200905025246-8bb8a50cb355 h1:HTVNOdTWO/gHYeFnr/HwpYwY6tgMcYd+Rgf1XrHnORY= -github.com/gogits/go-gogs-client v0.0.0-20200905025246-8bb8a50cb355/go.mod h1:cY2AIrMgHm6oOHmR7jY+9TtjzSjQ3iG7tURJG3Y6XH0= +github.com/gogits/go-gogs-client v0.0.0-20190616193657-5a05380e4bc2 h1:BbwX8wsMRDZRdNYxAna+4ls3wvMKJyn4PT6Zk1CPxP4= +github.com/gogits/go-gogs-client v0.0.0-20190616193657-5a05380e4bc2/go.mod h1:cY2AIrMgHm6oOHmR7jY+9TtjzSjQ3iG7tURJG3Y6XH0= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -1138,8 +540,6 @@ github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -1149,7 +549,6 @@ github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl76 github.com/google/cadvisor v0.44.1/go.mod h1:GQ9KQfz0iNHQk3D6ftzJWK4TXabfIgM10Oy3FkR+Gzg= github.com/google/cel-go v0.10.1/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= -github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= @@ -1174,8 +573,8 @@ github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTL github.com/google/go-github/v35 v35.3.0/go.mod h1:yWB7uCcVWaUbUP74Aq3whuMySRMatyRmq5U9FTNlbio= github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg= github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg= -github.com/google/go-github/v53 v53.2.0 h1:wvz3FyF53v4BK+AsnvCmeNhf8AkTaeh2SoYu/XUvTtI= -github.com/google/go-github/v53 v53.2.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= +github.com/google/go-github/v53 v53.0.0 h1:T1RyHbSnpHYnoF0ZYKiIPSgPtuJ8G6vgc0MKodXsQDQ= +github.com/google/go-github/v53 v53.0.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= github.com/google/go-jsonnet v0.20.0 h1:WG4TTSARuV7bSm4PMB4ohjxe33IHT5WVTrJSU33uT4g= github.com/google/go-jsonnet v0.20.0/go.mod h1:VbgWF9JX7ztlv770x/TolZNGGFfiHEVx9G6ca2eUmeA= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= @@ -1188,8 +587,6 @@ github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -1199,17 +596,10 @@ github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= -github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= -github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -1217,28 +607,9 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= -github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= -github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= -github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= -github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= -github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= -github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= -github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= -github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= -github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= -github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= -github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= -github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= -github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= -github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw= -github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= -github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= -github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4 h1:4EZlYQIiyecYJlUbVkFXCXHz1QPhVXcHnQKAzBTPfQo= github.com/gopackage/ddp v0.0.0-20170117053602-652027933df4/go.mod h1:lEO7XoHJ/xNRBCxrn4h/CEB67h0kW1B0t4ooP2yrjUA= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= @@ -1277,9 +648,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92Bcuy github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 h1:lLT7ZLSzGLI08vc9cpd+tYmNWjdKDqyr/2L+f6U12Fk= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= @@ -1320,7 +690,6 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= -github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= @@ -1369,7 +738,6 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= github.com/k0kubun/pp v3.0.1+incompatible/go.mod h1:GWse8YhT0p8pT4ir3ZgBbfZild3tgzSScAn6HmfYukg= @@ -1384,15 +752,12 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -1409,8 +774,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/ktrysmt/go-bitbucket v0.9.63 h1:Dfcl+h0FV2yRDWjyFkI1OnyzmkHn7zy9ljT0kgrkbX8= -github.com/ktrysmt/go-bitbucket v0.9.63/go.mod h1:QvxNfWkVjw8mPuvfGOgWHuv51P5yZKFqXdPh0JeG8B8= +github.com/ktrysmt/go-bitbucket v0.9.60 h1:dw9e4COfaKjQfOxmhaEzvS+PM6ET5KKFodr/OU1DyzE= +github.com/ktrysmt/go-bitbucket v0.9.60/go.mod h1:kwdc/BFWtw1YuiJFLpY8gf7ZIRWXY3oZ+3X4i/H5SX4= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= @@ -1425,9 +790,6 @@ github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z github.com/lpabon/godbc v0.1.1/go.mod h1:Jo9QV0cf3U6jZABgiJ2skINAXb9j8m51r07g4KI92ZA= github.com/lusis/go-slackbot v0.0.0-20180109053408-401027ccfef5/go.mod h1:c2mYKRyMb1BPkO5St0c/ps62L4S0W2NAkaTXj9qEI+0= github.com/lusis/slack-test v0.0.0-20190426140909-c40012f20018/go.mod h1:sFlOUpQL1YcjhFVXhg1CG8ZASEs/Mf1oVb6H75JL/zg= -github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= -github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= -github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -1452,7 +814,6 @@ github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNx github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= @@ -1461,7 +822,6 @@ github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-zglob v0.0.4 h1:LQi2iOm0/fGgu80AioIJ/1j9w9Oh+9DZ39J4VAGzHQM= github.com/mattn/go-zglob v0.0.4/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= @@ -1472,8 +832,6 @@ github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHS github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/mindprince/gonvml v0.0.0-20190828220739-9ebdce4bb989/go.mod h1:2eu9pRWp8mo84xCg6KswZ+USQHjwgRhNp06sozOdsTY= -github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= -github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= github.com/minio/minio-go/v7 v7.0.58/go.mod h1:NUDy4A4oXPq1l2yK6LTSvCEzAMeIcoz9lcj5dbzSrRE= github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= @@ -1586,8 +944,8 @@ github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWEr github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0= -github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/opencontainers/image-spec v1.1.0-rc.3 h1:GT9Xon8YrLxz6N7sErbN81V8J4lOQKGUZQmI3ioviqU= +github.com/opencontainers/image-spec v1.1.0-rc.3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runc v1.1.1/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= @@ -1615,25 +973,19 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= -github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= -github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= -github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= @@ -1688,7 +1040,6 @@ github.com/redis/go-redis/v9 v9.0.0-rc.4/go.mod h1:Vo3EsyWnicKnSKCA7HhgnvnyA74wO github.com/redis/go-redis/v9 v9.0.5 h1:CuQcn5HIEeK7BgElubPP8CGtE0KakrnbBSTLjathl5o= github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk= github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= -github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -1700,9 +1051,8 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= -github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.0 h1:P2KMzcFwrPoSjkF1WLRPsp3UMLyql8L4v9hQpVeK5so= github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= @@ -1714,8 +1064,6 @@ github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNl github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= -github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= @@ -1735,8 +1083,8 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM= -github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= +github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE= +github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c h1:fyKiXKO1/I/B6Y2U8T7WdQGWzwehOuGIrljPtt7YTTI= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= github.com/slack-go/slack v0.12.1 h1:X97b9g2hnITDtNsNe5GkGx6O2/Sz/uC20ejRZN6QxOw= @@ -1754,9 +1102,7 @@ github.com/sony/sonyflake v1.0.0/go.mod h1:Jv3cfhf/UFtolOTTRd3q4Nl6ENqM+KfyZ5Pse github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= -github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= @@ -1803,13 +1149,8 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= -github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM= -github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= -github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= -github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= -github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= @@ -1838,8 +1179,8 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU= github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE= -github.com/xanzy/go-gitlab v0.89.0 h1:yJuy1Pw+to/NqHzVIiopt/VApoHvGDB5SEGuRs3EJpI= -github.com/xanzy/go-gitlab v0.89.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.86.0 h1:jR8V9cK9jXRQDb46KOB20NCF3ksY09luaG0IfXE6p7w= +github.com/xanzy/go-gitlab v0.86.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= @@ -1865,8 +1206,6 @@ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/gopher-lua v1.1.0 h1:BojcDhfyDWgU2f2TOzYK/g5p2gxMrku8oupLDqlnSqE= github.com/yuin/gopher-lua v1.1.0/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= -github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= -github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= @@ -1895,7 +1234,6 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 h1:ZOLJc06r4CB42laIXg/7udr0pbZyuAihN10A/XuiQRY= @@ -1924,7 +1262,6 @@ go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16g go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs= go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= @@ -1964,23 +1301,18 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1990,7 +1322,6 @@ golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxT golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= @@ -1999,22 +1330,11 @@ golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EH golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= golang.org/x/exp v0.0.0-20210220032938-85be41e4509f/go.mod h1:I6l2HNBLBZEcrOoCpyKLdY2lHoRZ8lI4x60KMCQDft4= -golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -golang.org/x/image v0.0.0-20220302094943-723b81ca9867/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -2041,15 +1361,12 @@ golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hM golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= -golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= -golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2104,36 +1421,22 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= -golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2148,27 +1451,10 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= -golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= -golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= -golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= -golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= -golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= -golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= +golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs= +golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2181,12 +1467,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2260,8 +1542,6 @@ golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2270,52 +1550,30 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210608053332-aa57babbf139/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220406155245-289d7a0edf71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2323,12 +1581,9 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2337,12 +1592,9 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2352,25 +1604,20 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -2398,7 +1645,6 @@ golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -2436,37 +1682,26 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201124115921-2c860bdd6e78/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= -golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= -golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= -golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= -golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 h1:juzzlx91nWAOsHuOVfXZPMXHtJEKouZvY9bBbwlOeYs= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45/go.mod h1:41y72mzHT7+jFNgyBpJRrZWuZJcLmLrTpq6iGgOFJMQ= gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= @@ -2477,14 +1712,9 @@ gomodules.xyz/version v0.1.0/go.mod h1:Y8xuV02mL/45psyPKG3NCVOwvAOy6T5Kx0l3rCjKS gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= gonum.org/v1/gonum v0.6.2/go.mod h1:9mxDZsDKxgMAuccQkewq682L+0eCu4dCN2yonUJTCLU= -gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= -gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= -gonum.org/v1/gonum v0.11.0/go.mod h1:fSG4YDCxxUZQJ7rKsQrj0gMOg00Il0Z96/qMA4bVQhA= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= -gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= -gonum.org/v1/plot v0.10.1/go.mod h1:VZW5OlhkL1mysU9vaqNHnsy86inf6Ot+jB3r+BczCEo= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= @@ -2509,46 +1739,6 @@ google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBz google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= -google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= -google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= -google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= -google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= -google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= -google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= -google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= -google.golang.org/api v0.77.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= -google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= -google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= -google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= -google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6FO2g= -google.golang.org/api v0.90.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= -google.golang.org/api v0.93.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= -google.golang.org/api v0.95.0/go.mod h1:eADj+UBuxkh5zlrSntJghuNeg8HwQ1w5lTKkuqaETEI= -google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= -google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= -google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= -google.golang.org/api v0.99.0/go.mod h1:1YOf74vkVndF7pG6hIHuINsM7eWwpVTAfNMNiL91A08= -google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= -google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7TweWwGo= -google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= -google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= -google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= -google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= -google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= -google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= -google.golang.org/api v0.118.0/go.mod h1:76TtD3vkgmZ66zZzp72bUUklpmQmKlhh6sYtIjYK+5E= -google.golang.org/api v0.122.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= -google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4= -google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2598,121 +1788,19 @@ google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= -google.golang.org/genproto v0.0.0-20220329172620-7be39ac1afc7/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220722212130-b98a9ff5e252/go.mod h1:GkXuJDJ6aQ7lnJcRF+SJVgFdQhypqgl3LB1C9vabdRE= -google.golang.org/genproto v0.0.0-20220801145646-83ce21fca29f/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= -google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= -google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= -google.golang.org/genproto v0.0.0-20220822174746-9e6da59bd2fc/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= -google.golang.org/genproto v0.0.0-20220829144015-23454907ede3/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= -google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= -google.golang.org/genproto v0.0.0-20220913154956-18f8339a66a5/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= -google.golang.org/genproto v0.0.0-20220914142337-ca0e39ece12f/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= -google.golang.org/genproto v0.0.0-20220915135415-7fd63a7952de/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= -google.golang.org/genproto v0.0.0-20220916172020-2692e8806bfa/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= -google.golang.org/genproto v0.0.0-20220919141832-68c03719ef51/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= -google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar2npT/g4vkk7O0WYS1sHOHbdujxbEp7CJWbw= -google.golang.org/genproto v0.0.0-20220926165614-551eb538f295/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= -google.golang.org/genproto v0.0.0-20220926220553-6981cbe3cfce/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= -google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e/go.mod h1:3526vdqwhZAwq4wsRUaVG555sVgsNmIjRtO7t/JH29U= -google.golang.org/genproto v0.0.0-20221014173430-6e2ab493f96b/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= -google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= -google.golang.org/genproto v0.0.0-20221024153911-1573dae28c9c/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= -google.golang.org/genproto v0.0.0-20221024183307-1bc688fe9f3e/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= -google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo= -google.golang.org/genproto v0.0.0-20221109142239-94d6d90a7d66/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221117204609-8f9c96812029/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221201164419-0e50fba7f41c/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221201204527-e3fa12d562f3/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= -google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd/go.mod h1:cTsE614GARnxrLsqKREzmNYJACSWWpAWdNMwnD7c2BE= -google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230112194545-e10362b5ecf9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230123190316-2c411cf9d197/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230125152338-dcaf20b6aeaa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230127162408-596548ed4efa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230216225411-c8e22ba71e44/go.mod h1:8B0gmkoRebU8ukX6HP+4wrVQUY1+6PkQ44BSyIlflHA= -google.golang.org/genproto v0.0.0-20230222225845-10f96fb3dbec/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= -google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= -google.golang.org/genproto v0.0.0-20230303212802-e74f57abe488/go.mod h1:TvhZT5f700eVlTNwND1xoEZQeWTB2RY/65kplwl/bFA= -google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= -google.golang.org/genproto v0.0.0-20230320184635-7606e756e683/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= -google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= -google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= -google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= -google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY= -google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao= -google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= -google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= -google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM= -google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -2739,30 +1827,11 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= -google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= -google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= -google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= -google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= -google.golang.org/grpc v1.56.2 h1:fVRFRnXvU+x6C4IlHZewvJOVHoOv1TUuQyoRsYnB4bI= -google.golang.org/grpc v1.56.2/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= +google.golang.org/grpc v1.56.1 h1:z0dNfjIl0VpaZ9iSVjA6daGatAYwPGstTjt5vkRMFkQ= +google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= @@ -2772,9 +1841,6 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= @@ -2793,6 +1859,8 @@ gopkg.in/gcfg.v1 v1.2.0/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= +gopkg.in/go-playground/webhooks.v5 v5.17.0 h1:truBced5ZmkiNKK47cM8bMe86wUSjNks7SFMuNKwzlc= +gopkg.in/go-playground/webhooks.v5 v5.17.0/go.mod h1:LZbya/qLVdbqDR1aKrGuWV6qbia2zCYSR5dpom2SInQ= gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df h1:n7WqCuqOuCbNr617RXOY0AWRXxgwEyPp2z+p0+hgMuE= gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= @@ -2826,7 +1894,6 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= k8s.io/api v0.24.2 h1:g518dPU/L7VRLxWfcadQn2OnsiGWVOadTLpdnqgY2OI= k8s.io/api v0.24.2/go.mod h1:AHqbSkTm6YrQ0ObxjO3Pmp/ubFF/KuM7jU+3khoBsOg= k8s.io/apiextensions-apiserver v0.24.2 h1:/4NEQHKlEz1MlaK/wHT5KMKC9UKYz6NZz6JE6ov4G6k= @@ -2891,50 +1958,16 @@ k8s.io/utils v0.0.0-20220706174534-f6158b442e7c h1:hFZO68mv/0xe8+V0gRT9BAq3/31cK k8s.io/utils v0.0.0-20220706174534-f6158b442e7c/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 h1:RZkKxMR3jbQxdCEcglq3j7wY3PRJIopAwBlx1RE71X0= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427/go.mod h1:ivKkcY8Zxw5ba0jldhZCYYQfGdb2K6u9tbYK1AwMIBc= -lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= -lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= -modernc.org/cc/v3 v3.36.0/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= -modernc.org/cc/v3 v3.36.2/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= -modernc.org/cc/v3 v3.36.3/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= -modernc.org/ccgo/v3 v3.0.0-20220428102840-41399a37e894/go.mod h1:eI31LL8EwEBKPpNpA4bU1/i+sKOwOrQy8D87zWUcRZc= -modernc.org/ccgo/v3 v3.0.0-20220430103911-bc99d88307be/go.mod h1:bwdAnOoaIt8Ax9YdWGjxWsdkPcZyRPHqrOvJxaKAKGw= -modernc.org/ccgo/v3 v3.16.4/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= -modernc.org/ccgo/v3 v3.16.6/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= -modernc.org/ccgo/v3 v3.16.8/go.mod h1:zNjwkizS+fIFDrDjIAgBSCLkWbJuHF+ar3QRn+Z9aws= -modernc.org/ccgo/v3 v3.16.9/go.mod h1:zNMzC9A9xeNUepy6KuZBbugn3c0Mc9TeiJO4lgvkJDo= -modernc.org/ccorpus v1.11.6/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ= modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= -modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM= -modernc.org/libc v0.0.0-20220428101251-2d5f3daf273b/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= -modernc.org/libc v1.16.0/go.mod h1:N4LD6DBE9cf+Dzf9buBlzVJndKr/iJHG97vGLHYnb5A= -modernc.org/libc v1.16.1/go.mod h1:JjJE0eu4yeK7tab2n4S1w8tlWd9MxXLRzheaRnAKymU= -modernc.org/libc v1.16.17/go.mod h1:hYIV5VZczAmGZAnG15Vdngn5HSF5cSkbvfz2B7GRuVU= -modernc.org/libc v1.16.19/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= -modernc.org/libc v1.17.0/go.mod h1:XsgLldpP4aWlPlsjqKRdHPqCxCjISdHfM/yeWC5GyW0= -modernc.org/libc v1.17.1/go.mod h1:FZ23b+8LjxZs7XtFMbSzL/EhPxNbfZbErxEHc7cbD9s= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= -modernc.org/mathutil v1.2.2/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= -modernc.org/mathutil v1.4.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= -modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= -modernc.org/memory v1.1.1/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= -modernc.org/memory v1.2.0/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= -modernc.org/memory v1.2.1/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU= -modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= -modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= -modernc.org/sqlite v1.18.1/go.mod h1:6ho+Gow7oX5V+OiOQ6Tr4xeqbx13UZ6t+Fw9IRUG4d4= modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= -modernc.org/strutil v1.1.1/go.mod h1:DE+MQQ/hjKBZS2zNInV5hhcipt5rLPWkmpbGeW5mmdw= -modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw= -modernc.org/tcl v1.13.1/go.mod h1:XOLfOwzhkljL4itZkK6T72ckMgvj0BDsnKNdZVUOecw= -modernc.org/token v1.0.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= -modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8= nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g= nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= -oras.land/oras-go/v2 v2.2.1 h1:3VJTYqy5KfelEF9c2jo1MLSpr+TM3mX8K42wzZcd6qE= -oras.land/oras-go/v2 v2.2.1/go.mod h1:GeAwLuC4G/JpNwkd+bSZ6SkDMGaaYglt6YK2WvZP7uQ= +oras.land/oras-go/v2 v2.2.0 h1:E1fqITD56Eg5neZbxBtAdZVgDHD6wBabJo6xESTcQyo= +oras.land/oras-go/v2 v2.2.0/go.mod h1:pXjn0+KfarspMHHNR3A56j3tgvr+mxArHuI8qVn59v8= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= @@ -2955,8 +1988,8 @@ sigs.k8s.io/kustomize/kyaml v0.13.7 h1:/EZ/nPaLUzeJKF/BuJ4QCuMVJWiEVoI8iftOHY3g3 sigs.k8s.io/kustomize/kyaml v0.13.7/go.mod h1:6K+IUOuir3Y7nucPRAjw9yth04KSWBnP5pqUTGwj/qU= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= diff --git a/hack/generate-proto.sh b/hack/generate-proto.sh index 1df4655d485dc..fcfe4e4f0e4d0 100755 --- a/hack/generate-proto.sh +++ b/hack/generate-proto.sh @@ -118,10 +118,7 @@ EOF del(.definitions.v1alpha1OptionalArray) | .definitions.v1alpha1ApplicationSourcePluginParameter.properties.map = {"description":"Map is the value of a map type parameter.","type":"object","additionalProperties":{"type":"string"}} | del(.definitions.v1alpha1OptionalMap) - ' "${COMBINED_SWAGGER}" | \ - jq '.definitions.v1Time.type = "string" | .definitions.v1Time.format = "date-time" | del(.definitions.v1Time.properties)' | \ - jq '.definitions.v1alpha1ResourceNode.allOf = [{"$ref": "#/definitions/v1alpha1ResourceRef"}] | del(.definitions.v1alpha1ResourceNode.properties.resourceRef) ' \ - > "${SWAGGER_OUT}" + ' "${COMBINED_SWAGGER}" > "${SWAGGER_OUT}" /bin/rm "${PRIMARY_SWAGGER}" "${COMBINED_SWAGGER}" } diff --git a/hack/installers/install-lint-tools.sh b/hack/installers/install-lint-tools.sh index b4f68e464b15b..4ca5eb651966f 100755 --- a/hack/installers/install-lint-tools.sh +++ b/hack/installers/install-lint-tools.sh @@ -1,4 +1,4 @@ #!/bin/bash set -eux -o pipefail -GO111MODULE=on go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.0 +GO111MODULE=on go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.0 diff --git a/manifests/base/dex/argocd-dex-server-service.yaml b/manifests/base/dex/argocd-dex-server-service.yaml index cffbf006ae624..7aeabca1e674e 100644 --- a/manifests/base/dex/argocd-dex-server-service.yaml +++ b/manifests/base/dex/argocd-dex-server-service.yaml @@ -9,7 +9,6 @@ metadata: spec: ports: - name: http - appProtocol: TCP protocol: TCP port: 5556 targetPort: 5556 diff --git a/manifests/base/kustomization.yaml b/manifests/base/kustomization.yaml index e80274cddc620..29a0b0225e962 100644 --- a/manifests/base/kustomization.yaml +++ b/manifests/base/kustomization.yaml @@ -5,7 +5,7 @@ kind: Kustomization images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.8.1 resources: - ./application-controller - ./dex diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 642e1de181142..00579b63c30a3 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -787,8 +787,7 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name. This must be set if Server is - not set. + cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace for the @@ -796,9 +795,8 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name is not - set. + description: Server specifies the URL of the target cluster and + must be set to the Kubernetes control plane API type: string type: object ignoreDifferences: @@ -3796,8 +3794,7 @@ spec: properties: name: description: Name is an alternate way of specifying the - target cluster by its symbolic name. This must be set - if Server is not set. + target cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace @@ -3806,9 +3803,8 @@ spec: not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name - is not set. + description: Server specifies the URL of the target cluster + and must be set to the Kubernetes control plane API type: string type: object ignoreDifferences: @@ -10044,8 +10040,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: @@ -14525,8 +14519,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: @@ -16935,8 +16927,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: @@ -18165,8 +18155,7 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name. This must be set if Server is - not set. + cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace for the @@ -18174,9 +18163,8 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name is - not set. + description: Server specifies the URL of the target cluster + and must be set to the Kubernetes control plane API type: string type: object type: array @@ -18892,7 +18880,7 @@ spec: key: applicationsetcontroller.allowed.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -19180,7 +19168,7 @@ spec: value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -19232,7 +19220,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -19451,7 +19439,7 @@ spec: key: controller.kubectl.parallelism.limit name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: argocd-application-controller ports: diff --git a/manifests/core-install/kustomization.yaml b/manifests/core-install/kustomization.yaml index 07a82b3707700..2082c1e833bcb 100644 --- a/manifests/core-install/kustomization.yaml +++ b/manifests/core-install/kustomization.yaml @@ -12,4 +12,4 @@ resources: images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.8.1 diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index 1248bd37b421b..fc6282dd321bd 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -786,8 +786,7 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name. This must be set if Server is - not set. + cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace for the @@ -795,9 +794,8 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name is not - set. + description: Server specifies the URL of the target cluster and + must be set to the Kubernetes control plane API type: string type: object ignoreDifferences: @@ -3795,8 +3793,7 @@ spec: properties: name: description: Name is an alternate way of specifying the - target cluster by its symbolic name. This must be set - if Server is not set. + target cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace @@ -3805,9 +3802,8 @@ spec: not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name - is not set. + description: Server specifies the URL of the target cluster + and must be set to the Kubernetes control plane API type: string type: object ignoreDifferences: diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index f068d36996d12..72d23d94a46b8 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -5553,8 +5553,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: @@ -10034,8 +10032,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: @@ -12444,8 +12440,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: diff --git a/manifests/crds/appproject-crd.yaml b/manifests/crds/appproject-crd.yaml index 989b3004892f6..335decfc564df 100644 --- a/manifests/crds/appproject-crd.yaml +++ b/manifests/crds/appproject-crd.yaml @@ -88,8 +88,7 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name. This must be set if Server is - not set. + cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace for the @@ -97,9 +96,8 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name is - not set. + description: Server specifies the URL of the target cluster + and must be set to the Kubernetes control plane API type: string type: object type: array diff --git a/manifests/ha/base/kustomization.yaml b/manifests/ha/base/kustomization.yaml index ae40b96e8657e..169035fe5179d 100644 --- a/manifests/ha/base/kustomization.yaml +++ b/manifests/ha/base/kustomization.yaml @@ -12,7 +12,7 @@ patches: images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.8.1 resources: - ../../base/application-controller - ../../base/applicationset-controller diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 7716ec7e68bc9..97348e1cac364 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -787,8 +787,7 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name. This must be set if Server is - not set. + cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace for the @@ -796,9 +795,8 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name is not - set. + description: Server specifies the URL of the target cluster and + must be set to the Kubernetes control plane API type: string type: object ignoreDifferences: @@ -3796,8 +3794,7 @@ spec: properties: name: description: Name is an alternate way of specifying the - target cluster by its symbolic name. This must be set - if Server is not set. + target cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace @@ -3806,9 +3803,8 @@ spec: not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name - is not set. + description: Server specifies the URL of the target cluster + and must be set to the Kubernetes control plane API type: string type: object ignoreDifferences: @@ -10044,8 +10040,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: @@ -14525,8 +14519,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: @@ -16935,8 +16927,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: @@ -18165,8 +18155,7 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name. This must be set if Server is - not set. + cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace for the @@ -18174,9 +18163,8 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name is - not set. + description: Server specifies the URL of the target cluster + and must be set to the Kubernetes control plane API type: string type: object type: array @@ -19769,8 +19757,7 @@ metadata: name: argocd-dex-server spec: ports: - - appProtocol: TCP - name: http + - name: http port: 5556 protocol: TCP targetPort: 5556 @@ -20130,7 +20117,7 @@ spec: key: applicationsetcontroller.allowed.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -20253,7 +20240,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: copyutil securityContext: @@ -20323,7 +20310,7 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -20637,7 +20624,7 @@ spec: value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -20689,7 +20676,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -20978,7 +20965,7 @@ spec: key: server.enable.proxy.extension name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -21224,7 +21211,7 @@ spec: key: controller.kubectl.parallelism.limit name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: argocd-application-controller ports: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index 03e2dd32f2395..fb43891a9bcfa 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1275,8 +1275,7 @@ metadata: name: argocd-dex-server spec: ports: - - appProtocol: TCP - name: http + - name: http port: 5556 protocol: TCP targetPort: 5556 @@ -1636,7 +1635,7 @@ spec: key: applicationsetcontroller.allowed.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -1759,7 +1758,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: copyutil securityContext: @@ -1829,7 +1828,7 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -2143,7 +2142,7 @@ spec: value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -2195,7 +2194,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -2484,7 +2483,7 @@ spec: key: server.enable.proxy.extension name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -2730,7 +2729,7 @@ spec: key: controller.kubectl.parallelism.limit name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: argocd-application-controller ports: diff --git a/manifests/install.yaml b/manifests/install.yaml index 370b3f22b35c8..aed608f761ff7 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -787,8 +787,7 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name. This must be set if Server is - not set. + cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace for the @@ -796,9 +795,8 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name is not - set. + description: Server specifies the URL of the target cluster and + must be set to the Kubernetes control plane API type: string type: object ignoreDifferences: @@ -3796,8 +3794,7 @@ spec: properties: name: description: Name is an alternate way of specifying the - target cluster by its symbolic name. This must be set - if Server is not set. + target cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace @@ -3806,9 +3803,8 @@ spec: not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name - is not set. + description: Server specifies the URL of the target cluster + and must be set to the Kubernetes control plane API type: string type: object ignoreDifferences: @@ -10044,8 +10040,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: @@ -14525,8 +14519,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: @@ -16935,8 +16927,6 @@ spec: type: string group: type: string - includeSharedProjects: - type: boolean includeSubgroups: type: boolean insecure: @@ -18165,8 +18155,7 @@ spec: properties: name: description: Name is an alternate way of specifying the target - cluster by its symbolic name. This must be set if Server is - not set. + cluster by its symbolic name type: string namespace: description: Namespace specifies the target namespace for the @@ -18174,9 +18163,8 @@ spec: namespace-scoped resources that have not set a value for .metadata.namespace type: string server: - description: Server specifies the URL of the target cluster's - Kubernetes control plane API. This must be set if Name is - not set. + description: Server specifies the URL of the target cluster + and must be set to the Kubernetes control plane API type: string type: object type: array @@ -18973,8 +18961,7 @@ metadata: name: argocd-dex-server spec: ports: - - appProtocol: TCP - name: http + - name: http port: 5556 protocol: TCP targetPort: 5556 @@ -19231,7 +19218,7 @@ spec: key: applicationsetcontroller.allowed.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -19354,7 +19341,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: copyutil securityContext: @@ -19424,7 +19411,7 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -19694,7 +19681,7 @@ spec: value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -19746,7 +19733,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -20033,7 +20020,7 @@ spec: key: server.enable.proxy.extension name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -20279,7 +20266,7 @@ spec: key: controller.kubectl.parallelism.limit name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: argocd-application-controller ports: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index ac244c7ccfe1d..1a190316dc77b 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -479,8 +479,7 @@ metadata: name: argocd-dex-server spec: ports: - - appProtocol: TCP - name: http + - name: http port: 5556 protocol: TCP targetPort: 5556 @@ -737,7 +736,7 @@ spec: key: applicationsetcontroller.allowed.scm.providers name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -860,7 +859,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: copyutil securityContext: @@ -930,7 +929,7 @@ spec: key: notificationscontroller.log.level name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -1200,7 +1199,7 @@ spec: value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -1252,7 +1251,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -1539,7 +1538,7 @@ spec: key: server.enable.proxy.extension name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -1785,7 +1784,7 @@ spec: key: controller.kubectl.parallelism.limit name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.8.1 imagePullPolicy: Always name: argocd-application-controller ports: diff --git a/mkdocs.yml b/mkdocs.yml index 835a33e4d5446..74cfd89556512 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -177,6 +177,7 @@ nav: - user-guide/external-url.md - user-guide/extra_info.md - Notification subscriptions: user-guide/subscriptions.md + - user-guide/annotations-and-labels.md - Command Reference: user-guide/commands/argocd.md - Application Specification Reference: user-guide/application-specification.md - Developer Guide: diff --git a/notifications_catalog/install.yaml b/notifications_catalog/install.yaml index e601615bac73f..d399dcf7a3fbd 100644 --- a/notifications_catalog/install.yaml +++ b/notifications_catalog/install.yaml @@ -513,13 +513,12 @@ data: - description: Application syncing has failed send: - app-sync-failed - when: app.status.operationState != nil and app.status.operationState.phase in ['Error', - 'Failed'] + when: app.status.operationState.phase in ['Error', 'Failed'] trigger.on-sync-running: | - description: Application is being synced send: - app-sync-running - when: app.status.operationState != nil and app.status.operationState.phase in ['Running'] + when: app.status.operationState.phase in ['Running'] trigger.on-sync-status-unknown: | - description: Application status is 'Unknown' send: @@ -529,7 +528,7 @@ data: - description: Application syncing has succeeded send: - app-sync-succeeded - when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] + when: app.status.operationState.phase in ['Succeeded'] kind: ConfigMap metadata: creationTimestamp: null diff --git a/notifications_catalog/triggers/on-sync-failed.yaml b/notifications_catalog/triggers/on-sync-failed.yaml index b19afc561b0d5..888a007f39247 100644 --- a/notifications_catalog/triggers/on-sync-failed.yaml +++ b/notifications_catalog/triggers/on-sync-failed.yaml @@ -1,3 +1,3 @@ -- when: app.status.operationState != nil and app.status.operationState.phase in ['Error', 'Failed'] +- when: app.status.operationState.phase in ['Error', 'Failed'] description: Application syncing has failed send: [app-sync-failed] diff --git a/notifications_catalog/triggers/on-sync-running.yaml b/notifications_catalog/triggers/on-sync-running.yaml index 8ed62c9bf9fe5..005d06177051e 100644 --- a/notifications_catalog/triggers/on-sync-running.yaml +++ b/notifications_catalog/triggers/on-sync-running.yaml @@ -1,3 +1,3 @@ -- when: app.status.operationState != nil and app.status.operationState.phase in ['Running'] +- when: app.status.operationState.phase in ['Running'] description: Application is being synced send: [app-sync-running] diff --git a/notifications_catalog/triggers/on-sync-succeeded.yaml b/notifications_catalog/triggers/on-sync-succeeded.yaml index c3eb0e1aead70..9e1c9fef5af3b 100644 --- a/notifications_catalog/triggers/on-sync-succeeded.yaml +++ b/notifications_catalog/triggers/on-sync-succeeded.yaml @@ -1,3 +1,3 @@ -- when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded'] +- when: app.status.operationState.phase in ['Succeeded'] description: Application syncing has succeeded send: [app-sync-succeeded] diff --git a/pkg/apiclient/apiclient.go b/pkg/apiclient/apiclient.go index 0563357c7624f..40be01fc71f7f 100644 --- a/pkg/apiclient/apiclient.go +++ b/pkg/apiclient/apiclient.go @@ -22,7 +22,6 @@ import ( grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry" "github.com/hashicorp/go-retryablehttp" log "github.com/sirupsen/logrus" - "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" "golang.org/x/oauth2" "google.golang.org/grpc" "google.golang.org/grpc/codes" @@ -46,6 +45,7 @@ import ( settingspkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/settings" versionpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/version" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/env" grpc_util "github.com/argoproj/argo-cd/v2/util/grpc" @@ -103,7 +103,7 @@ type Client interface { NewProjectClientOrDie() (io.Closer, projectpkg.ProjectServiceClient) NewAccountClient() (io.Closer, accountpkg.AccountServiceClient, error) NewAccountClientOrDie() (io.Closer, accountpkg.AccountServiceClient) - WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *v1alpha1.ApplicationWatchEvent + WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *argoappv1.ApplicationWatchEvent } // ClientOptions hold address, security, and other settings for the API client. @@ -519,8 +519,8 @@ func (c *client) newConn() (*grpc.ClientConn, io.Closer, error) { dialOpts = append(dialOpts, grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(MaxGRPCMessageSize), grpc.MaxCallSendMsgSize(MaxGRPCMessageSize))) dialOpts = append(dialOpts, grpc.WithStreamInterceptor(grpc_retry.StreamClientInterceptor(retryOpts...))) dialOpts = append(dialOpts, grpc.WithUnaryInterceptor(grpc_middleware.ChainUnaryClient(grpc_retry.UnaryClientInterceptor(retryOpts...)))) - dialOpts = append(dialOpts, grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor())) - dialOpts = append(dialOpts, grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor())) + dialOpts = append(dialOpts, grpc.WithUnaryInterceptor(grpc_util.OTELUnaryClientInterceptor())) + dialOpts = append(dialOpts, grpc.WithStreamInterceptor(grpc_util.OTELStreamClientInterceptor())) ctx := context.Background() @@ -801,8 +801,8 @@ func (c *client) NewAccountClientOrDie() (io.Closer, accountpkg.AccountServiceCl // WatchApplicationWithRetry returns a channel of watch events for an application, retrying the // watch upon errors. Closes the returned channel when the context is cancelled. -func (c *client) WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *v1alpha1.ApplicationWatchEvent { - appEventsCh := make(chan *v1alpha1.ApplicationWatchEvent) +func (c *client) WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *argoappv1.ApplicationWatchEvent { + appEventsCh := make(chan *argoappv1.ApplicationWatchEvent) cancelled := false appName, appNs := argo.ParseFromQualifiedName(appName, "") go func() { diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index 137e40bdca973..19edd05646209 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -441,12 +441,6 @@ type SCMProviderGeneratorGitlab struct { AllBranches bool `json:"allBranches,omitempty" protobuf:"varint,5,opt,name=allBranches"` // Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false Insecure bool `json:"insecure,omitempty" protobuf:"varint,6,opt,name=insecure"` - // When recursing through subgroups, also include shared Projects (true) or scan only the subgroups under same path (false). Defaults to "true" - IncludeSharedProjects *bool `json:"includeSharedProjects,omitempty" protobuf:"varint,7,opt,name=includeSharedProjects"` -} - -func (s *SCMProviderGeneratorGitlab) WillIncludeSharedProjects() bool { - return s.IncludeSharedProjects == nil || *s.IncludeSharedProjects } // SCMProviderGeneratorBitbucket defines connection info specific to Bitbucket Cloud (API version 2). diff --git a/pkg/apis/application/v1alpha1/applicationset_types_test.go b/pkg/apis/application/v1alpha1/applicationset_types_test.go index 1f9dc64b1fdb3..62ff3aac4e95d 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types_test.go +++ b/pkg/apis/application/v1alpha1/applicationset_types_test.go @@ -6,7 +6,6 @@ import ( "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/pointer" ) func testAppSetCond(t ApplicationSetConditionType, msg string, lastTransitionTime *metav1.Time, status ApplicationSetConditionStatus, reason string) ApplicationSetCondition { @@ -168,14 +167,3 @@ func assertAppSetConditions(t *testing.T, expected []ApplicationSetCondition, ac assert.Equal(t, expected[i].Message, actual[i].Message) } } - -func TestSCMProviderGeneratorGitlab_WillIncludeSharedProjects(t *testing.T) { - settings := SCMProviderGeneratorGitlab{} - assert.True(t, settings.WillIncludeSharedProjects()) - - settings.IncludeSharedProjects = pointer.BoolPtr(false) - assert.False(t, settings.WillIncludeSharedProjects()) - - settings.IncludeSharedProjects = pointer.BoolPtr(true) - assert.True(t, settings.WillIncludeSharedProjects()) -} diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 2a07743f75ac3..8a788c206b4f9 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -4300,672 +4300,671 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 10639 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x7d, 0x70, 0x1c, 0xc9, - 0x75, 0x18, 0xae, 0xd9, 0x0f, 0x60, 0xf7, 0x01, 0xfc, 0x40, 0x93, 0xbc, 0x03, 0xa9, 0xbb, 0x03, - 0x3d, 0x57, 0x3e, 0x9f, 0x7e, 0xba, 0x03, 0x7c, 0xd4, 0x9d, 0x7e, 0x17, 0x9f, 0x2d, 0x19, 0x0b, - 0x90, 0x20, 0x48, 0x80, 0xc0, 0x35, 0x40, 0x52, 0x3a, 0xf9, 0x74, 0x1a, 0xcc, 0x36, 0x16, 0x43, - 0xcc, 0xce, 0xec, 0xcd, 0xcc, 0x82, 0xc0, 0x59, 0x92, 0x25, 0xcb, 0x1f, 0x4a, 0xf4, 0x19, 0x29, - 0x29, 0xcb, 0x49, 0xe4, 0xc8, 0x96, 0x93, 0x8a, 0x2b, 0x51, 0xc5, 0x49, 0xfe, 0x88, 0x13, 0x27, - 0xe5, 0xb2, 0x9d, 0x3f, 0x94, 0x52, 0x52, 0x76, 0xa5, 0x5c, 0x96, 0x93, 0xd8, 0x88, 0x84, 0x54, - 0x2a, 0xa9, 0x54, 0xc5, 0x55, 0x4e, 0xf2, 0x47, 0xc2, 0xa4, 0x2a, 0xa9, 0xfe, 0xee, 0x99, 0x9d, - 0x25, 0x16, 0xc0, 0x80, 0xa4, 0x94, 0xfb, 0x6f, 0xb7, 0xdf, 0x9b, 0xf7, 0x7a, 0x7a, 0xba, 0x5f, - 0xbf, 0xf7, 0xfa, 0xbd, 0xd7, 0xb0, 0xd0, 0xf2, 0x92, 0x8d, 0xee, 0xda, 0xa4, 0x1b, 0xb6, 0xa7, - 0x9c, 0xa8, 0x15, 0x76, 0xa2, 0xf0, 0x0e, 0xfb, 0xf1, 0xbc, 0xdb, 0x9c, 0xda, 0xba, 0x34, 0xd5, - 0xd9, 0x6c, 0x4d, 0x39, 0x1d, 0x2f, 0x9e, 0x72, 0x3a, 0x1d, 0xdf, 0x73, 0x9d, 0xc4, 0x0b, 0x83, - 0xa9, 0xad, 0x17, 0x1c, 0xbf, 0xb3, 0xe1, 0xbc, 0x30, 0xd5, 0x22, 0x01, 0x89, 0x9c, 0x84, 0x34, - 0x27, 0x3b, 0x51, 0x98, 0x84, 0xe8, 0x47, 0x35, 0xb5, 0x49, 0x49, 0x8d, 0xfd, 0x78, 0xc3, 0x6d, - 0x4e, 0x6e, 0x5d, 0x9a, 0xec, 0x6c, 0xb6, 0x26, 0x29, 0xb5, 0x49, 0x83, 0xda, 0xa4, 0xa4, 0x76, - 0xe1, 0x79, 0xa3, 0x2f, 0xad, 0xb0, 0x15, 0x4e, 0x31, 0xa2, 0x6b, 0xdd, 0x75, 0xf6, 0x8f, 0xfd, - 0x61, 0xbf, 0x38, 0xb3, 0x0b, 0xf6, 0xe6, 0xcb, 0xf1, 0xa4, 0x17, 0xd2, 0xee, 0x4d, 0xb9, 0x61, - 0x44, 0xa6, 0xb6, 0x7a, 0x3a, 0x74, 0xe1, 0xaa, 0xc6, 0x21, 0xdb, 0x09, 0x09, 0x62, 0x2f, 0x0c, - 0xe2, 0xe7, 0x69, 0x17, 0x48, 0xb4, 0x45, 0x22, 0xf3, 0xf5, 0x0c, 0x84, 0x3c, 0x4a, 0x2f, 0x6a, - 0x4a, 0x6d, 0xc7, 0xdd, 0xf0, 0x02, 0x12, 0xed, 0xe8, 0xc7, 0xdb, 0x24, 0x71, 0xf2, 0x9e, 0x9a, - 0xea, 0xf7, 0x54, 0xd4, 0x0d, 0x12, 0xaf, 0x4d, 0x7a, 0x1e, 0x78, 0xef, 0x7e, 0x0f, 0xc4, 0xee, - 0x06, 0x69, 0x3b, 0x3d, 0xcf, 0xbd, 0xa7, 0xdf, 0x73, 0xdd, 0xc4, 0xf3, 0xa7, 0xbc, 0x20, 0x89, - 0x93, 0x28, 0xfb, 0x90, 0xfd, 0x26, 0x9c, 0x98, 0xbe, 0xbd, 0x32, 0xdd, 0x4d, 0x36, 0x66, 0xc2, - 0x60, 0xdd, 0x6b, 0xa1, 0x97, 0x60, 0xc4, 0xf5, 0xbb, 0x71, 0x42, 0xa2, 0x1b, 0x4e, 0x9b, 0x8c, - 0x5b, 0x17, 0xad, 0x67, 0xeb, 0x8d, 0x33, 0xdf, 0xdc, 0x9d, 0x78, 0xc7, 0xde, 0xee, 0xc4, 0xc8, - 0x8c, 0x06, 0x61, 0x13, 0x0f, 0xbd, 0x0b, 0x86, 0xa3, 0xd0, 0x27, 0xd3, 0xf8, 0xc6, 0x78, 0x89, - 0x3d, 0x72, 0x4a, 0x3c, 0x32, 0x8c, 0x79, 0x33, 0x96, 0x70, 0xfb, 0x0f, 0x4b, 0x00, 0xd3, 0x9d, - 0xce, 0x72, 0x14, 0xde, 0x21, 0x6e, 0x82, 0x3e, 0x02, 0x35, 0x3a, 0x74, 0x4d, 0x27, 0x71, 0x18, - 0xb7, 0x91, 0x4b, 0x3f, 0x3c, 0xc9, 0xdf, 0x64, 0xd2, 0x7c, 0x13, 0x3d, 0x71, 0x28, 0xf6, 0xe4, - 0xd6, 0x0b, 0x93, 0x4b, 0x6b, 0xf4, 0xf9, 0x45, 0x92, 0x38, 0x0d, 0x24, 0x98, 0x81, 0x6e, 0xc3, - 0x8a, 0x2a, 0x0a, 0xa0, 0x12, 0x77, 0x88, 0xcb, 0x3a, 0x36, 0x72, 0x69, 0x61, 0xf2, 0x28, 0x33, - 0x74, 0x52, 0xf7, 0x7c, 0xa5, 0x43, 0xdc, 0xc6, 0xa8, 0xe0, 0x5c, 0xa1, 0xff, 0x30, 0xe3, 0x83, - 0xb6, 0x60, 0x28, 0x4e, 0x9c, 0xa4, 0x1b, 0x8f, 0x97, 0x19, 0xc7, 0x1b, 0x85, 0x71, 0x64, 0x54, - 0x1b, 0x27, 0x05, 0xcf, 0x21, 0xfe, 0x1f, 0x0b, 0x6e, 0xf6, 0x9f, 0x58, 0x70, 0x52, 0x23, 0x2f, - 0x78, 0x71, 0x82, 0x7e, 0xa2, 0x67, 0x70, 0x27, 0x07, 0x1b, 0x5c, 0xfa, 0x34, 0x1b, 0xda, 0xd3, - 0x82, 0x59, 0x4d, 0xb6, 0x18, 0x03, 0xdb, 0x86, 0xaa, 0x97, 0x90, 0x76, 0x3c, 0x5e, 0xba, 0x58, - 0x7e, 0x76, 0xe4, 0xd2, 0xd5, 0xa2, 0xde, 0xb3, 0x71, 0x42, 0x30, 0xad, 0xce, 0x53, 0xf2, 0x98, - 0x73, 0xb1, 0x7f, 0x6d, 0xd4, 0x7c, 0x3f, 0x3a, 0xe0, 0xe8, 0x05, 0x18, 0x89, 0xc3, 0x6e, 0xe4, - 0x12, 0x4c, 0x3a, 0x61, 0x3c, 0x6e, 0x5d, 0x2c, 0xd3, 0xa9, 0x47, 0x67, 0xea, 0x8a, 0x6e, 0xc6, - 0x26, 0x0e, 0xfa, 0xbc, 0x05, 0xa3, 0x4d, 0x12, 0x27, 0x5e, 0xc0, 0xf8, 0xcb, 0xce, 0xaf, 0x1e, - 0xb9, 0xf3, 0xb2, 0x71, 0x56, 0x13, 0x6f, 0x9c, 0x15, 0x2f, 0x32, 0x6a, 0x34, 0xc6, 0x38, 0xc5, - 0x9f, 0xae, 0xb8, 0x26, 0x89, 0xdd, 0xc8, 0xeb, 0xd0, 0xff, 0x6c, 0xce, 0x18, 0x2b, 0x6e, 0x56, - 0x83, 0xb0, 0x89, 0x87, 0x02, 0xa8, 0xd2, 0x15, 0x15, 0x8f, 0x57, 0x58, 0xff, 0xe7, 0x8f, 0xd6, - 0x7f, 0x31, 0xa8, 0x74, 0xb1, 0xea, 0xd1, 0xa7, 0xff, 0x62, 0xcc, 0xd9, 0xa0, 0xcf, 0x59, 0x30, - 0x2e, 0x56, 0x3c, 0x26, 0x7c, 0x40, 0x6f, 0x6f, 0x78, 0x09, 0xf1, 0xbd, 0x38, 0x19, 0xaf, 0xb2, - 0x3e, 0x4c, 0x0d, 0x36, 0xb7, 0xe6, 0xa2, 0xb0, 0xdb, 0xb9, 0xee, 0x05, 0xcd, 0xc6, 0x45, 0xc1, - 0x69, 0x7c, 0xa6, 0x0f, 0x61, 0xdc, 0x97, 0x25, 0xfa, 0xb2, 0x05, 0x17, 0x02, 0xa7, 0x4d, 0xe2, - 0x8e, 0x43, 0x3f, 0x2d, 0x07, 0x37, 0x7c, 0xc7, 0xdd, 0x64, 0x3d, 0x1a, 0x3a, 0x5c, 0x8f, 0x6c, - 0xd1, 0xa3, 0x0b, 0x37, 0xfa, 0x92, 0xc6, 0xf7, 0x61, 0x8b, 0xbe, 0x6e, 0xc1, 0x58, 0x18, 0x75, - 0x36, 0x9c, 0x80, 0x34, 0x25, 0x34, 0x1e, 0x1f, 0x66, 0x4b, 0xef, 0xc3, 0x47, 0xfb, 0x44, 0x4b, - 0x59, 0xb2, 0x8b, 0x61, 0xe0, 0x25, 0x61, 0xb4, 0x42, 0x92, 0xc4, 0x0b, 0x5a, 0x71, 0xe3, 0xdc, - 0xde, 0xee, 0xc4, 0x58, 0x0f, 0x16, 0xee, 0xed, 0x0f, 0xfa, 0x49, 0x18, 0x89, 0x77, 0x02, 0xf7, - 0xb6, 0x17, 0x34, 0xc3, 0xbb, 0xf1, 0x78, 0xad, 0x88, 0xe5, 0xbb, 0xa2, 0x08, 0x8a, 0x05, 0xa8, - 0x19, 0x60, 0x93, 0x5b, 0xfe, 0x87, 0xd3, 0x53, 0xa9, 0x5e, 0xf4, 0x87, 0xd3, 0x93, 0xe9, 0x3e, - 0x6c, 0xd1, 0xcf, 0x5b, 0x70, 0x22, 0xf6, 0x5a, 0x81, 0x93, 0x74, 0x23, 0x72, 0x9d, 0xec, 0xc4, - 0xe3, 0xc0, 0x3a, 0x72, 0xed, 0x88, 0xa3, 0x62, 0x90, 0x6c, 0x9c, 0x13, 0x7d, 0x3c, 0x61, 0xb6, - 0xc6, 0x38, 0xcd, 0x37, 0x6f, 0xa1, 0xe9, 0x69, 0x3d, 0x52, 0xec, 0x42, 0xd3, 0x93, 0xba, 0x2f, - 0x4b, 0xf4, 0xe3, 0x70, 0x9a, 0x37, 0xa9, 0x91, 0x8d, 0xc7, 0x47, 0x99, 0xa0, 0x3d, 0xbb, 0xb7, - 0x3b, 0x71, 0x7a, 0x25, 0x03, 0xc3, 0x3d, 0xd8, 0xe8, 0x4d, 0x98, 0xe8, 0x90, 0xa8, 0xed, 0x25, - 0x4b, 0x81, 0xbf, 0x23, 0xc5, 0xb7, 0x1b, 0x76, 0x48, 0x53, 0x74, 0x27, 0x1e, 0x3f, 0x71, 0xd1, - 0x7a, 0xb6, 0xd6, 0xf8, 0x21, 0xd1, 0xcd, 0x89, 0xe5, 0xfb, 0xa3, 0xe3, 0xfd, 0xe8, 0xd9, 0xff, - 0xbc, 0x04, 0xa7, 0xb3, 0x1b, 0x27, 0xfa, 0x9b, 0x16, 0x9c, 0xba, 0x73, 0x37, 0x59, 0x0d, 0x37, - 0x49, 0x10, 0x37, 0x76, 0xa8, 0x78, 0x63, 0x5b, 0xc6, 0xc8, 0x25, 0xb7, 0xd8, 0x2d, 0x7a, 0xf2, - 0x5a, 0x9a, 0xcb, 0xe5, 0x20, 0x89, 0x76, 0x1a, 0x8f, 0x8b, 0xb7, 0x3b, 0x75, 0xed, 0xf6, 0xaa, - 0x09, 0xc5, 0xd9, 0x4e, 0x5d, 0xf8, 0x8c, 0x05, 0x67, 0xf3, 0x48, 0xa0, 0xd3, 0x50, 0xde, 0x24, - 0x3b, 0x5c, 0x2b, 0xc3, 0xf4, 0x27, 0x7a, 0x1d, 0xaa, 0x5b, 0x8e, 0xdf, 0x25, 0x42, 0xbb, 0x99, - 0x3b, 0xda, 0x8b, 0xa8, 0x9e, 0x61, 0x4e, 0xf5, 0x47, 0x4a, 0x2f, 0x5b, 0xf6, 0xef, 0x95, 0x61, - 0xc4, 0xd8, 0xdf, 0x1e, 0x80, 0xc6, 0x16, 0xa6, 0x34, 0xb6, 0xc5, 0xc2, 0xb6, 0xe6, 0xbe, 0x2a, - 0xdb, 0xdd, 0x8c, 0xca, 0xb6, 0x54, 0x1c, 0xcb, 0xfb, 0xea, 0x6c, 0x28, 0x81, 0x7a, 0xd8, 0xa1, - 0x1a, 0x39, 0xdd, 0xfa, 0x2b, 0x45, 0x7c, 0xc2, 0x25, 0x49, 0xae, 0x71, 0x62, 0x6f, 0x77, 0xa2, - 0xae, 0xfe, 0x62, 0xcd, 0xc8, 0xfe, 0xb6, 0x05, 0x67, 0x8d, 0x3e, 0xce, 0x84, 0x41, 0xd3, 0x63, - 0x9f, 0xf6, 0x22, 0x54, 0x92, 0x9d, 0x8e, 0x54, 0xfb, 0xd5, 0x48, 0xad, 0xee, 0x74, 0x08, 0x66, - 0x10, 0xaa, 0xe8, 0xb7, 0x49, 0x1c, 0x3b, 0x2d, 0x92, 0x55, 0xf4, 0x17, 0x79, 0x33, 0x96, 0x70, - 0x14, 0x01, 0xf2, 0x9d, 0x38, 0x59, 0x8d, 0x9c, 0x20, 0x66, 0xe4, 0x57, 0xbd, 0x36, 0x11, 0x03, - 0xfc, 0xff, 0x0d, 0x36, 0x63, 0xe8, 0x13, 0x8d, 0xc7, 0xf6, 0x76, 0x27, 0xd0, 0x42, 0x0f, 0x25, - 0x9c, 0x43, 0xdd, 0xfe, 0xb2, 0x05, 0x8f, 0xe5, 0xeb, 0x62, 0xe8, 0x19, 0x18, 0xe2, 0x26, 0x9f, - 0x78, 0x3b, 0xfd, 0x49, 0x58, 0x2b, 0x16, 0x50, 0x34, 0x05, 0x75, 0xb5, 0x4f, 0x88, 0x77, 0x1c, - 0x13, 0xa8, 0x75, 0xbd, 0xb9, 0x68, 0x1c, 0x3a, 0x68, 0xf4, 0x8f, 0xd0, 0xdc, 0xd4, 0xa0, 0x31, - 0x23, 0x89, 0x41, 0xec, 0x7f, 0x67, 0xc1, 0x29, 0xa3, 0x57, 0x0f, 0x40, 0x35, 0x0f, 0xd2, 0xaa, - 0xf9, 0x7c, 0x61, 0xf3, 0xb9, 0x8f, 0x6e, 0xfe, 0x39, 0x0b, 0x2e, 0x18, 0x58, 0x8b, 0x4e, 0xe2, - 0x6e, 0x5c, 0xde, 0xee, 0x44, 0x24, 0xa6, 0xe6, 0x34, 0x7a, 0xd2, 0x90, 0x5b, 0x8d, 0x11, 0x41, - 0xa1, 0x7c, 0x9d, 0xec, 0x70, 0x21, 0xf6, 0x1c, 0xd4, 0xf8, 0xe4, 0x0c, 0x23, 0x31, 0xe2, 0xea, - 0xdd, 0x96, 0x44, 0x3b, 0x56, 0x18, 0xc8, 0x86, 0x21, 0x26, 0x9c, 0xe8, 0x62, 0xa5, 0xdb, 0x10, - 0xd0, 0x8f, 0x78, 0x8b, 0xb5, 0x60, 0x01, 0xb1, 0x97, 0x52, 0xdd, 0x59, 0x8e, 0x08, 0xfb, 0xb8, - 0xcd, 0x2b, 0x1e, 0xf1, 0x9b, 0x31, 0x35, 0x1b, 0x9c, 0x20, 0x08, 0x13, 0x61, 0x01, 0x18, 0x66, - 0xc3, 0xb4, 0x6e, 0xc6, 0x26, 0x8e, 0xbd, 0x57, 0x62, 0xc6, 0x87, 0x5a, 0xd6, 0xe4, 0x41, 0x58, - 0xae, 0x51, 0x4a, 0x0e, 0x2e, 0x17, 0x27, 0x94, 0x48, 0x7f, 0xeb, 0xf5, 0xad, 0x8c, 0x28, 0xc4, - 0x85, 0x72, 0xbd, 0xbf, 0x05, 0xfb, 0xdb, 0x25, 0x98, 0x48, 0x3f, 0xd0, 0x23, 0x49, 0xa9, 0xb9, - 0x64, 0x30, 0xca, 0x3a, 0x28, 0x0c, 0x7c, 0x6c, 0xe2, 0xf5, 0x11, 0x46, 0xa5, 0xe3, 0x14, 0x46, - 0xa6, 0xac, 0x2c, 0xef, 0x23, 0x2b, 0x9f, 0x51, 0xa3, 0x5e, 0xc9, 0x08, 0xa7, 0xf4, 0x7e, 0x71, - 0x11, 0x2a, 0x71, 0x42, 0x3a, 0xe3, 0xd5, 0xb4, 0xac, 0x59, 0x49, 0x48, 0x07, 0x33, 0x88, 0xfd, - 0x9f, 0x4b, 0xf0, 0x78, 0x7a, 0x0c, 0xb5, 0x78, 0x7f, 0x7f, 0x4a, 0xbc, 0xbf, 0xdb, 0x14, 0xef, - 0xf7, 0x76, 0x27, 0xde, 0xd9, 0xe7, 0xb1, 0xef, 0x19, 0xe9, 0x8f, 0xe6, 0x32, 0xa3, 0x38, 0x95, - 0x1e, 0xc5, 0x7b, 0xbb, 0x13, 0x4f, 0xf6, 0x79, 0xc7, 0xcc, 0x30, 0x3f, 0x03, 0x43, 0x11, 0x71, - 0xe2, 0x30, 0x10, 0x03, 0xad, 0x3e, 0x07, 0x66, 0xad, 0x58, 0x40, 0xed, 0x7f, 0x55, 0xcf, 0x0e, - 0xf6, 0x1c, 0x77, 0xb0, 0x85, 0x11, 0xf2, 0xa0, 0xc2, 0x54, 0x76, 0x2e, 0x1a, 0xae, 0x1f, 0x6d, - 0x19, 0x51, 0x11, 0xaf, 0x48, 0x37, 0x6a, 0xf4, 0xab, 0xd1, 0x26, 0xcc, 0x58, 0xa0, 0x6d, 0xa8, - 0xb9, 0x52, 0x93, 0x2e, 0x15, 0xe1, 0x73, 0x12, 0x7a, 0xb4, 0xe6, 0x38, 0x4a, 0x65, 0xb1, 0x52, - 0xbf, 0x15, 0x37, 0x44, 0xa0, 0xdc, 0xf2, 0x12, 0xf1, 0x59, 0x8f, 0x68, 0x2b, 0xcd, 0x79, 0xc6, - 0x2b, 0x0e, 0xd3, 0x0d, 0x62, 0xce, 0x4b, 0x30, 0xa5, 0x8f, 0x7e, 0xd6, 0x82, 0x91, 0xd8, 0x6d, - 0x2f, 0x47, 0xe1, 0x96, 0xd7, 0x24, 0x91, 0xd0, 0x94, 0x8e, 0x28, 0x9a, 0x56, 0x66, 0x16, 0x25, - 0x41, 0xcd, 0x97, 0xdb, 0xae, 0x1a, 0x82, 0x4d, 0xbe, 0xd4, 0x82, 0x78, 0x5c, 0xbc, 0xfb, 0x2c, - 0x71, 0x3d, 0xba, 0xb7, 0x49, 0x83, 0x89, 0xcd, 0x94, 0x23, 0x6b, 0x8e, 0xb3, 0x5d, 0x77, 0x93, - 0xae, 0x37, 0xdd, 0xa1, 0x77, 0xee, 0xed, 0x4e, 0x3c, 0x3e, 0x93, 0xcf, 0x13, 0xf7, 0xeb, 0x0c, - 0x1b, 0xb0, 0x4e, 0xd7, 0xf7, 0x31, 0x79, 0xb3, 0x4b, 0x98, 0x3b, 0xa4, 0x80, 0x01, 0x5b, 0xd6, - 0x04, 0x33, 0x03, 0x66, 0x40, 0xb0, 0xc9, 0x17, 0xbd, 0x09, 0x43, 0x6d, 0x27, 0x89, 0xbc, 0x6d, - 0xe1, 0x03, 0x39, 0xa2, 0x2e, 0xbf, 0xc8, 0x68, 0x69, 0xe6, 0x6c, 0xeb, 0xe7, 0x8d, 0x58, 0x30, - 0x42, 0x6d, 0xa8, 0xb6, 0x49, 0xd4, 0x22, 0xe3, 0xb5, 0x22, 0xfc, 0xbd, 0x8b, 0x94, 0x94, 0x66, - 0x58, 0xa7, 0x9a, 0x0f, 0x6b, 0xc3, 0x9c, 0x0b, 0x7a, 0x1d, 0x6a, 0x31, 0xf1, 0x89, 0x4b, 0x75, - 0x97, 0x3a, 0xe3, 0xf8, 0x9e, 0x01, 0xf5, 0x38, 0x67, 0x8d, 0xf8, 0x2b, 0xe2, 0x51, 0xbe, 0xc0, - 0xe4, 0x3f, 0xac, 0x48, 0xd2, 0x01, 0xec, 0xf8, 0xdd, 0x96, 0x17, 0x8c, 0x43, 0x11, 0x03, 0xb8, - 0xcc, 0x68, 0x65, 0x06, 0x90, 0x37, 0x62, 0xc1, 0xc8, 0xfe, 0x0f, 0x16, 0xa0, 0xb4, 0x50, 0x7b, - 0x00, 0x0a, 0xeb, 0x9b, 0x69, 0x85, 0x75, 0xa1, 0x48, 0xad, 0xa3, 0x8f, 0xce, 0xfa, 0x9b, 0x75, - 0xc8, 0x6c, 0x07, 0x37, 0x48, 0x9c, 0x90, 0xe6, 0xdb, 0x22, 0xfc, 0x6d, 0x11, 0xfe, 0xb6, 0x08, - 0x57, 0x22, 0x7c, 0x2d, 0x23, 0xc2, 0xdf, 0x67, 0xac, 0x7a, 0x7d, 0x60, 0xfa, 0x86, 0x3a, 0x51, - 0x35, 0x7b, 0x60, 0x20, 0x50, 0x49, 0x70, 0x6d, 0x65, 0xe9, 0x46, 0xae, 0xcc, 0x7e, 0x23, 0x2d, - 0xb3, 0x8f, 0xca, 0xe2, 0xff, 0x05, 0x29, 0xfd, 0x57, 0x4b, 0x70, 0x3e, 0x2d, 0xbd, 0x70, 0xe8, - 0xfb, 0x61, 0x37, 0xa1, 0xb6, 0x00, 0xfa, 0x25, 0x0b, 0x4e, 0xb7, 0xd3, 0x46, 0x78, 0x2c, 0x7c, - 0x9d, 0x1f, 0x28, 0x4c, 0xb4, 0x66, 0xac, 0xfc, 0xc6, 0xb8, 0x10, 0xb3, 0xa7, 0x33, 0x80, 0x18, - 0xf7, 0xf4, 0x05, 0xbd, 0x0e, 0xf5, 0xb6, 0xb3, 0x7d, 0xb3, 0xd3, 0x74, 0x12, 0x69, 0x86, 0xf5, - 0xb7, 0x9e, 0xbb, 0x89, 0xe7, 0x4f, 0xf2, 0x13, 0xec, 0xc9, 0xf9, 0x20, 0x59, 0x8a, 0x56, 0x92, - 0xc8, 0x0b, 0x5a, 0xdc, 0xc3, 0xb5, 0x28, 0xc9, 0x60, 0x4d, 0xd1, 0xfe, 0xaa, 0x95, 0x95, 0xed, - 0x6a, 0x74, 0x22, 0x27, 0x21, 0xad, 0x1d, 0xf4, 0x51, 0xa8, 0x52, 0x7b, 0x49, 0x8e, 0xca, 0xed, - 0x22, 0x37, 0x1c, 0xe3, 0x4b, 0xe8, 0xbd, 0x87, 0xfe, 0x8b, 0x31, 0x67, 0x6a, 0x7f, 0x79, 0x38, - 0xbb, 0xc7, 0xb2, 0xf3, 0xcc, 0x4b, 0x00, 0xad, 0x70, 0x95, 0xb4, 0x3b, 0x3e, 0x1d, 0x16, 0x8b, - 0x39, 0xc5, 0x95, 0x8b, 0x60, 0x4e, 0x41, 0xb0, 0x81, 0x85, 0xfe, 0xbc, 0x05, 0xd0, 0x92, 0x53, - 0x45, 0xee, 0x9f, 0x37, 0x8b, 0x7c, 0x1d, 0x3d, 0x11, 0x75, 0x5f, 0x14, 0x43, 0x6c, 0x30, 0x47, - 0x3f, 0x6d, 0x41, 0x2d, 0x91, 0xdd, 0xe7, 0x3b, 0xca, 0x6a, 0x91, 0x3d, 0x91, 0x2f, 0xad, 0x55, - 0x09, 0x35, 0x24, 0x8a, 0x2f, 0xfa, 0x39, 0x0b, 0x20, 0xde, 0x09, 0xdc, 0xe5, 0xd0, 0xf7, 0xdc, - 0x1d, 0xb1, 0xd1, 0xdc, 0x2a, 0xd4, 0x8d, 0xa1, 0xa8, 0x37, 0x4e, 0xd2, 0xd1, 0xd0, 0xff, 0xb1, - 0xc1, 0x19, 0x7d, 0x1c, 0x6a, 0xb1, 0x98, 0x6e, 0x62, 0x6b, 0x59, 0x2d, 0xd6, 0x99, 0xc2, 0x69, - 0x0b, 0xa9, 0x24, 0xfe, 0x61, 0xc5, 0x13, 0xfd, 0x82, 0x05, 0xa7, 0x3a, 0x69, 0xd7, 0x97, 0xd8, - 0x45, 0x8a, 0x93, 0x01, 0x19, 0xd7, 0x5a, 0xe3, 0xcc, 0xde, 0xee, 0xc4, 0xa9, 0x4c, 0x23, 0xce, - 0xf6, 0x02, 0xcd, 0xc0, 0x98, 0x9e, 0xc1, 0x4b, 0x1d, 0xee, 0x86, 0x1b, 0x66, 0x6e, 0x38, 0x76, - 0x8a, 0x39, 0x97, 0x05, 0xe2, 0x5e, 0x7c, 0xb4, 0x0c, 0x67, 0x69, 0xef, 0x76, 0xb8, 0xd6, 0x26, - 0xa5, 0x72, 0xcc, 0xf6, 0x90, 0x5a, 0xe3, 0x09, 0x31, 0x43, 0x98, 0xa3, 0x3b, 0x8b, 0x83, 0x73, - 0x9f, 0xb4, 0xbf, 0x55, 0x4a, 0xf9, 0xc5, 0x95, 0xc3, 0x8a, 0xad, 0x31, 0x57, 0xfa, 0x0a, 0xa4, - 0xc8, 0x28, 0x74, 0x8d, 0x29, 0x4f, 0x84, 0x5e, 0x63, 0xaa, 0x29, 0xc6, 0x06, 0x73, 0xaa, 0xc0, - 0x8c, 0x39, 0x59, 0xb7, 0x98, 0x58, 0xf6, 0xaf, 0x17, 0xd9, 0xa5, 0xde, 0x53, 0x8c, 0xf3, 0xa2, - 0x6b, 0x63, 0x3d, 0x20, 0xdc, 0xdb, 0x25, 0xfb, 0x5b, 0x69, 0x5f, 0xbc, 0x31, 0x63, 0x07, 0x38, - 0x67, 0xf8, 0xbc, 0x05, 0x23, 0x51, 0xe8, 0xfb, 0x5e, 0xd0, 0xa2, 0xab, 0x4b, 0x6c, 0x11, 0x1f, - 0x3a, 0x16, 0x29, 0x2d, 0x96, 0x11, 0x53, 0x83, 0xb0, 0xe6, 0x89, 0xcd, 0x0e, 0xd8, 0x7f, 0x62, - 0xc1, 0x78, 0x3f, 0x29, 0x80, 0x08, 0xbc, 0x53, 0x4e, 0x71, 0x75, 0xca, 0xbe, 0x14, 0xcc, 0x12, - 0x9f, 0x28, 0x27, 0x65, 0xad, 0xf1, 0xb4, 0x78, 0xcd, 0x77, 0x2e, 0xf7, 0x47, 0xc5, 0xf7, 0xa3, - 0x83, 0x5e, 0x83, 0xd3, 0xc6, 0x7b, 0xc5, 0x6a, 0x60, 0xea, 0x8d, 0x49, 0xba, 0xed, 0x4e, 0x67, - 0x60, 0xf7, 0x76, 0x27, 0x1e, 0xcb, 0xb6, 0x09, 0x31, 0xd5, 0x43, 0xc7, 0xfe, 0xd5, 0x52, 0xf6, - 0x6b, 0xa9, 0x1d, 0xe6, 0x2b, 0x56, 0x8f, 0xe9, 0xf7, 0x81, 0xe3, 0x90, 0xea, 0xcc, 0x48, 0x54, - 0x07, 0xf9, 0xfd, 0x71, 0x1e, 0xe2, 0x49, 0xa1, 0xfd, 0x2f, 0x2a, 0x70, 0x9f, 0x9e, 0xa9, 0xb3, - 0x20, 0xab, 0xdf, 0x59, 0xd0, 0xc1, 0x8f, 0x97, 0x3e, 0x6b, 0xc1, 0x90, 0x4f, 0xb5, 0x50, 0x7e, - 0xde, 0x31, 0x72, 0xa9, 0x79, 0x5c, 0x63, 0xcf, 0x95, 0xdd, 0x98, 0x9f, 0x56, 0x2b, 0x97, 0x27, - 0x6f, 0xc4, 0xa2, 0x0f, 0xe8, 0x6b, 0x56, 0xfa, 0xf0, 0x84, 0x87, 0x1f, 0x79, 0xc7, 0xd6, 0x27, - 0xe3, 0x44, 0x86, 0x77, 0x4c, 0xfb, 0xfa, 0xfb, 0x9c, 0xd5, 0xa0, 0x49, 0x80, 0x75, 0x2f, 0x70, - 0x7c, 0xef, 0x2d, 0x6a, 0x4d, 0x57, 0xd9, 0xb6, 0xc2, 0xf6, 0xe9, 0x2b, 0xaa, 0x15, 0x1b, 0x18, - 0x17, 0xfe, 0x1c, 0x8c, 0x18, 0x6f, 0x9e, 0x73, 0xc8, 0x7e, 0xd6, 0x3c, 0x64, 0xaf, 0x1b, 0x67, - 0xe3, 0x17, 0xde, 0x07, 0xa7, 0xb3, 0x1d, 0x3c, 0xc8, 0xf3, 0xf6, 0xff, 0x18, 0xce, 0x9e, 0x78, - 0xac, 0x92, 0xa8, 0x4d, 0xbb, 0xf6, 0xb6, 0x17, 0xe2, 0x6d, 0x2f, 0xc4, 0xdb, 0x5e, 0x08, 0xd3, - 0x91, 0x2c, 0x2c, 0xec, 0xe1, 0x07, 0x64, 0x61, 0xa7, 0x7c, 0x06, 0xb5, 0xc2, 0x7d, 0x06, 0xf6, - 0x5e, 0x15, 0x52, 0x7a, 0x14, 0x1f, 0xef, 0x77, 0xc1, 0x70, 0x44, 0x3a, 0xe1, 0x4d, 0xbc, 0x20, - 0xf6, 0x10, 0x1d, 0x48, 0xcd, 0x9b, 0xb1, 0x84, 0xd3, 0xbd, 0xa6, 0xe3, 0x24, 0x1b, 0x62, 0x13, - 0x51, 0x7b, 0xcd, 0xb2, 0x93, 0x6c, 0x60, 0x06, 0x41, 0xef, 0x83, 0x93, 0x89, 0x13, 0xb5, 0x48, - 0x82, 0xc9, 0x16, 0xfb, 0xac, 0xe2, 0x5c, 0xec, 0x31, 0x81, 0x7b, 0x72, 0x35, 0x05, 0xc5, 0x19, - 0x6c, 0xf4, 0x26, 0x54, 0x36, 0x88, 0xdf, 0x16, 0x43, 0xbe, 0x52, 0x9c, 0x8c, 0x67, 0xef, 0x7a, - 0x95, 0xf8, 0x6d, 0x2e, 0x81, 0xe8, 0x2f, 0xcc, 0x58, 0xd1, 0xf9, 0x56, 0xdf, 0xec, 0xc6, 0x49, - 0xd8, 0xf6, 0xde, 0x92, 0xee, 0xa0, 0x0f, 0x14, 0xcc, 0xf8, 0xba, 0xa4, 0xcf, 0x1d, 0x08, 0xea, - 0x2f, 0xd6, 0x9c, 0x59, 0x3f, 0x9a, 0x5e, 0xc4, 0x3e, 0xd5, 0x8e, 0xf0, 0xea, 0x14, 0xdd, 0x8f, - 0x59, 0x49, 0x9f, 0xf7, 0x43, 0xfd, 0xc5, 0x9a, 0x33, 0xda, 0x51, 0xf3, 0x7e, 0x84, 0xf5, 0xe1, - 0x66, 0xc1, 0x7d, 0xe0, 0x73, 0x3e, 0x77, 0xfe, 0x3f, 0x0d, 0x55, 0x77, 0xc3, 0x89, 0x92, 0xf1, - 0x51, 0x36, 0x69, 0x94, 0x23, 0x63, 0x86, 0x36, 0x62, 0x0e, 0x43, 0x4f, 0x42, 0x39, 0x22, 0xeb, - 0x2c, 0x7e, 0xcf, 0x88, 0xec, 0xc0, 0x64, 0x1d, 0xd3, 0x76, 0xfb, 0x97, 0x4b, 0x69, 0x75, 0x29, - 0xfd, 0xde, 0x7c, 0xb6, 0xbb, 0xdd, 0x28, 0x96, 0xce, 0x0e, 0x63, 0xb6, 0xb3, 0x66, 0x2c, 0xe1, - 0xe8, 0x93, 0x16, 0x0c, 0xdf, 0x89, 0xc3, 0x20, 0x20, 0x89, 0xd8, 0x9a, 0x6e, 0x15, 0x3c, 0x14, - 0xd7, 0x38, 0x75, 0xdd, 0x07, 0xd1, 0x80, 0x25, 0x5f, 0xda, 0x5d, 0xb2, 0xed, 0xfa, 0xdd, 0x66, - 0xcf, 0x81, 0xfe, 0x65, 0xde, 0x8c, 0x25, 0x9c, 0xa2, 0x7a, 0x01, 0x47, 0xad, 0xa4, 0x51, 0xe7, - 0x03, 0x81, 0x2a, 0xe0, 0xf6, 0x5f, 0x1e, 0x82, 0x73, 0xb9, 0x8b, 0x83, 0x2a, 0x32, 0x4c, 0x55, - 0xb8, 0xe2, 0xf9, 0x44, 0x86, 0xa9, 0x30, 0x45, 0xe6, 0x96, 0x6a, 0xc5, 0x06, 0x06, 0xfa, 0x29, - 0x80, 0x8e, 0x13, 0x39, 0x6d, 0x22, 0x36, 0xf0, 0xf2, 0xd1, 0xf5, 0x05, 0xda, 0x8f, 0x65, 0x49, - 0x53, 0xdb, 0xa6, 0xaa, 0x29, 0xc6, 0x06, 0x4b, 0xf4, 0x12, 0x8c, 0x44, 0xc4, 0x27, 0x4e, 0xcc, - 0xc2, 0x3f, 0xb3, 0xb1, 0xec, 0x58, 0x83, 0xb0, 0x89, 0x87, 0x9e, 0x51, 0x11, 0x3d, 0x99, 0xe8, - 0x87, 0x74, 0x54, 0x0f, 0xfa, 0x82, 0x05, 0x27, 0xd7, 0x3d, 0x9f, 0x68, 0xee, 0x22, 0xf2, 0x7c, - 0xe9, 0xe8, 0x2f, 0x79, 0xc5, 0xa4, 0xab, 0x25, 0x64, 0xaa, 0x39, 0xc6, 0x19, 0xf6, 0xf4, 0x33, - 0x6f, 0x91, 0x88, 0x89, 0xd6, 0xa1, 0xf4, 0x67, 0xbe, 0xc5, 0x9b, 0xb1, 0x84, 0xa3, 0x69, 0x38, - 0xd5, 0x71, 0xe2, 0x78, 0x26, 0x22, 0x4d, 0x12, 0x24, 0x9e, 0xe3, 0xf3, 0xb8, 0xf0, 0x9a, 0x8e, - 0x0b, 0x5d, 0x4e, 0x83, 0x71, 0x16, 0x1f, 0x7d, 0x10, 0x1e, 0xf7, 0x5a, 0x41, 0x18, 0x91, 0x45, - 0x2f, 0x8e, 0xbd, 0xa0, 0xa5, 0xa7, 0x81, 0x70, 0x7a, 0x4c, 0x08, 0x52, 0x8f, 0xcf, 0xe7, 0xa3, - 0xe1, 0x7e, 0xcf, 0xa3, 0xe7, 0xa0, 0x16, 0x6f, 0x7a, 0x9d, 0x99, 0xa8, 0x19, 0x33, 0x07, 0x79, - 0x4d, 0xbb, 0xd8, 0x56, 0x44, 0x3b, 0x56, 0x18, 0xc8, 0x85, 0x51, 0xfe, 0x49, 0x78, 0xd8, 0x92, - 0x90, 0x8f, 0xcf, 0xf7, 0xdd, 0x1e, 0x45, 0xea, 0xd2, 0x24, 0x76, 0xee, 0x5e, 0x96, 0xee, 0xfa, - 0xc6, 0xe9, 0xbd, 0xdd, 0x89, 0xd1, 0x5b, 0x06, 0x19, 0x9c, 0x22, 0x6a, 0xff, 0x62, 0x29, 0x6d, - 0x71, 0x9b, 0x8b, 0x14, 0xc5, 0x74, 0x29, 0x26, 0xb7, 0x9c, 0x48, 0x7a, 0x63, 0x8e, 0x18, 0xbe, - 0x2e, 0xe8, 0xde, 0x72, 0x22, 0x73, 0x51, 0x33, 0x06, 0x58, 0x72, 0x42, 0x77, 0xa0, 0x92, 0xf8, - 0x4e, 0x41, 0xf9, 0x2e, 0x06, 0x47, 0xed, 0x00, 0x59, 0x98, 0x8e, 0x31, 0xe3, 0x81, 0x9e, 0xa0, - 0x5a, 0xff, 0x9a, 0x8c, 0x71, 0x13, 0x8a, 0xfa, 0x5a, 0x8c, 0x59, 0xab, 0xfd, 0x7f, 0x6a, 0x39, - 0x72, 0x55, 0x6d, 0x64, 0xe8, 0x12, 0x00, 0x35, 0x20, 0x97, 0x23, 0xb2, 0xee, 0x6d, 0x0b, 0x45, - 0x42, 0xad, 0xdd, 0x1b, 0x0a, 0x82, 0x0d, 0x2c, 0xf9, 0xcc, 0x4a, 0x77, 0x9d, 0x3e, 0x53, 0xea, - 0x7d, 0x86, 0x43, 0xb0, 0x81, 0x85, 0x5e, 0x84, 0x21, 0xaf, 0xed, 0xb4, 0x54, 0x28, 0xde, 0x13, - 0x74, 0xd1, 0xce, 0xb3, 0x96, 0x7b, 0xbb, 0x13, 0x27, 0x55, 0x87, 0x58, 0x13, 0x16, 0xb8, 0xe8, - 0x57, 0x2d, 0x18, 0x75, 0xc3, 0x76, 0x3b, 0x0c, 0xb8, 0xd9, 0x25, 0x6c, 0xc8, 0x3b, 0xc7, 0xb5, - 0xcd, 0x4f, 0xce, 0x18, 0xcc, 0xb8, 0x11, 0xa9, 0x12, 0x73, 0x4c, 0x10, 0x4e, 0xf5, 0xca, 0x5c, - 0xdb, 0xd5, 0x7d, 0xd6, 0xf6, 0x6f, 0x58, 0x30, 0xc6, 0x9f, 0x35, 0xac, 0x41, 0x91, 0x83, 0x12, - 0x1e, 0xf3, 0x6b, 0xf5, 0x18, 0xc8, 0xca, 0x4b, 0xd7, 0x03, 0xc7, 0xbd, 0x9d, 0x44, 0x73, 0x30, - 0xb6, 0x1e, 0x46, 0x2e, 0x31, 0x07, 0x42, 0x08, 0x26, 0x45, 0xe8, 0x4a, 0x16, 0x01, 0xf7, 0x3e, - 0x83, 0x6e, 0xc1, 0x63, 0x46, 0xa3, 0x39, 0x0e, 0x5c, 0x36, 0x3d, 0x25, 0xa8, 0x3d, 0x76, 0x25, - 0x17, 0x0b, 0xf7, 0x79, 0x3a, 0xed, 0x30, 0xa9, 0x0f, 0xe0, 0x30, 0x79, 0x03, 0xce, 0xbb, 0xbd, - 0x23, 0xb3, 0x15, 0x77, 0xd7, 0x62, 0x2e, 0xa9, 0x6a, 0x8d, 0x1f, 0x10, 0x04, 0xce, 0xcf, 0xf4, - 0x43, 0xc4, 0xfd, 0x69, 0xa0, 0x8f, 0x42, 0x2d, 0x22, 0xec, 0xab, 0xc4, 0x22, 0x21, 0xe3, 0x88, - 0x56, 0xb2, 0xd6, 0x40, 0x39, 0x59, 0x2d, 0x7b, 0x45, 0x43, 0x8c, 0x15, 0xc7, 0x0b, 0xef, 0x87, - 0xb1, 0x9e, 0xf9, 0x7c, 0x20, 0x9f, 0xc5, 0x2c, 0x3c, 0x96, 0x3f, 0x73, 0x0e, 0xe4, 0xb9, 0xf8, - 0x07, 0x99, 0x38, 0x43, 0x43, 0x9b, 0x1c, 0xc0, 0x0b, 0xe6, 0x40, 0x99, 0x04, 0x5b, 0x42, 0x90, - 0x5e, 0x39, 0xda, 0xe8, 0x5d, 0x0e, 0xb6, 0xf8, 0xc4, 0x67, 0xa6, 0xfe, 0xe5, 0x60, 0x0b, 0x53, - 0xda, 0xe8, 0x4b, 0x56, 0x4a, 0x1b, 0xe2, 0xbe, 0xb3, 0x0f, 0x1f, 0x8b, 0xfa, 0x3c, 0xb0, 0x82, - 0x64, 0xff, 0xcb, 0x12, 0x5c, 0xdc, 0x8f, 0xc8, 0x00, 0xc3, 0xf7, 0x34, 0x0c, 0xc5, 0xec, 0x08, - 0x54, 0x48, 0xa6, 0x11, 0x2a, 0x95, 0xf8, 0xa1, 0xe8, 0x1b, 0x58, 0x80, 0x90, 0x0f, 0xe5, 0xb6, - 0xd3, 0x11, 0x2e, 0x95, 0xf9, 0xa3, 0x66, 0x15, 0xd0, 0xff, 0x8e, 0xbf, 0xe8, 0x74, 0xb8, 0xa1, - 0x6e, 0x34, 0x60, 0xca, 0x06, 0x25, 0x50, 0x75, 0xa2, 0xc8, 0x91, 0xe7, 0x6d, 0xd7, 0x8b, 0xe1, - 0x37, 0x4d, 0x49, 0x36, 0xc6, 0xf6, 0x76, 0x27, 0x4e, 0xa4, 0x9a, 0x30, 0x67, 0x66, 0x7f, 0x76, - 0x38, 0x15, 0x59, 0xcf, 0x0e, 0x51, 0x63, 0x18, 0x12, 0x9e, 0x14, 0xab, 0xe8, 0x64, 0x0e, 0x9e, - 0x1a, 0xc5, 0x8c, 0x25, 0x91, 0x60, 0x2a, 0x58, 0xa1, 0xcf, 0x58, 0x2c, 0x8d, 0x53, 0x66, 0x1b, - 0x08, 0x13, 0xe5, 0x78, 0xb2, 0x4a, 0xcd, 0xe4, 0x50, 0xd9, 0x88, 0x4d, 0xee, 0x74, 0xeb, 0xea, - 0xf0, 0x84, 0xa4, 0xac, 0xa1, 0x22, 0x13, 0x3d, 0x25, 0x1c, 0x6d, 0xe7, 0x1c, 0x96, 0x16, 0x90, - 0x0a, 0x38, 0xc0, 0xf1, 0xe8, 0xd7, 0x2c, 0x18, 0xe3, 0xea, 0xe8, 0xac, 0xb7, 0xbe, 0x4e, 0x22, - 0x12, 0xb8, 0x44, 0x2a, 0xf4, 0x47, 0x3c, 0x8e, 0x97, 0xee, 0xab, 0xf9, 0x2c, 0x79, 0xbd, 0xa7, - 0xf5, 0x80, 0x70, 0x6f, 0x67, 0x50, 0x13, 0x2a, 0x5e, 0xb0, 0x1e, 0x8a, 0x9d, 0xbc, 0x71, 0xb4, - 0x4e, 0xcd, 0x07, 0xeb, 0xa1, 0x5e, 0xcd, 0xf4, 0x1f, 0x66, 0xd4, 0xd1, 0x02, 0x9c, 0x8d, 0x84, - 0xcb, 0xe5, 0xaa, 0x17, 0x53, 0xc3, 0x78, 0xc1, 0x6b, 0x7b, 0x09, 0xdb, 0x85, 0xcb, 0x8d, 0xf1, - 0xbd, 0xdd, 0x89, 0xb3, 0x38, 0x07, 0x8e, 0x73, 0x9f, 0x42, 0x6f, 0xc1, 0xb0, 0xcc, 0x3b, 0xad, - 0x15, 0x61, 0x1c, 0xf5, 0xce, 0x7f, 0x35, 0x99, 0x56, 0x44, 0x8a, 0xa9, 0x64, 0x68, 0x7f, 0x61, - 0x04, 0x7a, 0xcf, 0x06, 0xd1, 0xc7, 0xa0, 0x1e, 0xa9, 0x5c, 0x58, 0xab, 0x88, 0xf8, 0x3e, 0xf9, - 0x7d, 0xc5, 0xb9, 0xa4, 0xd2, 0x07, 0x74, 0xd6, 0xab, 0xe6, 0x48, 0xb5, 0xf6, 0x58, 0x1f, 0x21, - 0x16, 0x30, 0xb7, 0x05, 0x57, 0x7d, 0x3c, 0xb4, 0x13, 0xb8, 0x98, 0xf1, 0x40, 0x11, 0x0c, 0x6d, - 0x10, 0xc7, 0x4f, 0x36, 0x8a, 0xf1, 0x64, 0x5f, 0x65, 0xb4, 0xb2, 0x59, 0x13, 0xbc, 0x15, 0x0b, - 0x4e, 0x68, 0x1b, 0x86, 0x37, 0xf8, 0x04, 0x10, 0x8a, 0xf4, 0xe2, 0x51, 0x07, 0x37, 0x35, 0xab, - 0xf4, 0xe7, 0x16, 0x0d, 0x58, 0xb2, 0x63, 0x91, 0x16, 0xc6, 0xb1, 0x38, 0x5f, 0xba, 0xc5, 0x25, - 0x8c, 0x0c, 0x7e, 0x26, 0xfe, 0x11, 0x18, 0x8d, 0x88, 0x1b, 0x06, 0xae, 0xe7, 0x93, 0xe6, 0xb4, - 0xf4, 0x52, 0x1f, 0x24, 0xcd, 0x80, 0x19, 0xa3, 0xd8, 0xa0, 0x81, 0x53, 0x14, 0xd1, 0xa7, 0x2d, - 0x38, 0xa9, 0x12, 0xe8, 0xe8, 0x07, 0x21, 0xc2, 0x2b, 0xba, 0x50, 0x50, 0xba, 0x1e, 0xa3, 0xd9, - 0x40, 0x7b, 0xbb, 0x13, 0x27, 0xd3, 0x6d, 0x38, 0xc3, 0x17, 0xbd, 0x06, 0x10, 0xae, 0xf1, 0x70, - 0x8a, 0xe9, 0x44, 0xb8, 0x48, 0x0f, 0xf2, 0xaa, 0x27, 0x79, 0xbe, 0x91, 0xa4, 0x80, 0x0d, 0x6a, - 0xe8, 0x3a, 0x00, 0x5f, 0x36, 0xab, 0x3b, 0x1d, 0xa9, 0x6d, 0xcb, 0x3c, 0x11, 0x58, 0x51, 0x90, - 0x7b, 0xbb, 0x13, 0xbd, 0x2e, 0x2b, 0x76, 0x7a, 0x6f, 0x3c, 0x8e, 0x7e, 0x12, 0x86, 0xe3, 0x6e, - 0xbb, 0xed, 0x28, 0x07, 0x6a, 0x81, 0x19, 0x4c, 0x9c, 0xae, 0x21, 0x8a, 0x78, 0x03, 0x96, 0x1c, - 0xd1, 0x1d, 0x2a, 0x54, 0x63, 0xe1, 0x4b, 0x63, 0xab, 0x88, 0xeb, 0x04, 0x23, 0xec, 0x9d, 0xde, - 0x2b, 0xa3, 0x43, 0x70, 0x0e, 0xce, 0xbd, 0xdd, 0x89, 0xc7, 0xd2, 0xed, 0x0b, 0xa1, 0xc8, 0x29, - 0xca, 0xa5, 0x89, 0xae, 0xc9, 0x32, 0x14, 0xf4, 0xb5, 0x65, 0x76, 0xf4, 0xb3, 0xba, 0x0c, 0x05, - 0x6b, 0xee, 0x3f, 0x66, 0xe6, 0xc3, 0x68, 0x11, 0xce, 0xb8, 0x61, 0x90, 0x44, 0xa1, 0xef, 0xf3, - 0xda, 0x2a, 0xdc, 0xf0, 0xe1, 0x0e, 0xd6, 0x77, 0x8a, 0x6e, 0x9f, 0x99, 0xe9, 0x45, 0xc1, 0x79, - 0xcf, 0xd9, 0x41, 0x3a, 0xce, 0x4c, 0x0c, 0xce, 0x8b, 0x30, 0x4a, 0xb6, 0x13, 0x12, 0x05, 0x8e, - 0x7f, 0x13, 0x2f, 0x48, 0xd7, 0x22, 0x5b, 0x03, 0x97, 0x8d, 0x76, 0x9c, 0xc2, 0x42, 0xb6, 0xb2, - 0xf6, 0x4b, 0x3a, 0xf1, 0x8e, 0x5b, 0xfb, 0xd2, 0xb6, 0xb7, 0xff, 0x67, 0x29, 0xa5, 0x90, 0xad, - 0x46, 0x84, 0xa0, 0x10, 0xaa, 0x41, 0xd8, 0x54, 0xb2, 0xff, 0x5a, 0x31, 0xb2, 0xff, 0x46, 0xd8, - 0x34, 0x6a, 0x55, 0xd0, 0x7f, 0x31, 0xe6, 0x7c, 0x58, 0x32, 0xbf, 0xac, 0x7a, 0xc0, 0x00, 0xc2, - 0xd0, 0x28, 0x92, 0xb3, 0x4a, 0xe6, 0x5f, 0x32, 0x19, 0xe1, 0x34, 0x5f, 0xb4, 0x09, 0xd5, 0x8d, - 0x30, 0x4e, 0xa4, 0xf9, 0x71, 0x44, 0x4b, 0xe7, 0x6a, 0x18, 0x27, 0x4c, 0x8b, 0x50, 0xaf, 0x4d, - 0x5b, 0x62, 0xcc, 0x79, 0xd8, 0xff, 0xd1, 0x4a, 0x39, 0x92, 0x6f, 0xb3, 0x98, 0xcb, 0x2d, 0x12, - 0xd0, 0x65, 0x6d, 0xc6, 0xdb, 0xfc, 0xff, 0x99, 0xc4, 0xaf, 0x1f, 0xea, 0x57, 0x39, 0xe8, 0x2e, - 0xa5, 0x30, 0xc9, 0x48, 0x18, 0xa1, 0x39, 0x9f, 0xb0, 0xd2, 0x29, 0x78, 0xa5, 0x22, 0x0c, 0x0c, - 0x33, 0xc5, 0x74, 0xdf, 0x6c, 0x3e, 0xfb, 0x4b, 0x16, 0x0c, 0x37, 0x1c, 0x77, 0x33, 0x5c, 0x5f, - 0x47, 0xcf, 0x41, 0xad, 0xd9, 0x8d, 0xcc, 0x6c, 0x40, 0x65, 0x3d, 0xcf, 0x8a, 0x76, 0xac, 0x30, - 0xe8, 0x1c, 0x5e, 0x77, 0x5c, 0x99, 0x68, 0x5a, 0xe6, 0x73, 0xf8, 0x0a, 0x6b, 0xc1, 0x02, 0x82, - 0x5e, 0x82, 0x91, 0xb6, 0xb3, 0x2d, 0x1f, 0xce, 0x7a, 0xb1, 0x17, 0x35, 0x08, 0x9b, 0x78, 0xf6, - 0x3f, 0xb3, 0x60, 0xbc, 0xe1, 0xc4, 0x9e, 0x3b, 0xdd, 0x4d, 0x36, 0x1a, 0x5e, 0xb2, 0xd6, 0x75, - 0x37, 0x49, 0xc2, 0xb3, 0x8b, 0x69, 0x2f, 0xbb, 0x31, 0x5d, 0x4a, 0xca, 0xae, 0x53, 0xbd, 0xbc, - 0x29, 0xda, 0xb1, 0xc2, 0x40, 0x6f, 0xc1, 0x48, 0xc7, 0x89, 0xe3, 0xbb, 0x61, 0xd4, 0xc4, 0x64, - 0xbd, 0x98, 0xdc, 0xfe, 0x15, 0xe2, 0x46, 0x24, 0xc1, 0x64, 0x5d, 0x9c, 0xb4, 0x6a, 0xfa, 0xd8, - 0x64, 0x66, 0x7f, 0xde, 0x82, 0xf3, 0x0d, 0xe2, 0x44, 0x24, 0x62, 0xa5, 0x00, 0xd4, 0x8b, 0xcc, - 0xf8, 0x61, 0xb7, 0x89, 0xde, 0x84, 0x5a, 0x42, 0x9b, 0x69, 0xb7, 0xac, 0x62, 0xbb, 0xc5, 0x0e, - 0x4a, 0x57, 0x05, 0x71, 0xac, 0xd8, 0xd8, 0x7f, 0xc5, 0x82, 0x51, 0x76, 0xe6, 0x34, 0x4b, 0x12, - 0xc7, 0xf3, 0x7b, 0x2a, 0xe6, 0x58, 0x03, 0x56, 0xcc, 0xb9, 0x08, 0x95, 0x8d, 0xb0, 0x4d, 0xb2, - 0xe7, 0xa5, 0x57, 0x43, 0x6a, 0x56, 0x53, 0x08, 0x7a, 0x81, 0x7e, 0x78, 0x2f, 0x48, 0x1c, 0xba, - 0x04, 0xa4, 0x4f, 0xf3, 0x14, 0xff, 0xe8, 0xaa, 0x19, 0x9b, 0x38, 0xf6, 0x6f, 0xd7, 0x61, 0x58, - 0x1c, 0xaa, 0x0f, 0x9c, 0x61, 0x2e, 0xed, 0xfb, 0x52, 0x5f, 0xfb, 0x3e, 0x86, 0x21, 0x97, 0xd5, - 0xe3, 0x12, 0x6a, 0xe4, 0xf5, 0x42, 0xa2, 0x30, 0x78, 0x89, 0x2f, 0xdd, 0x2d, 0xfe, 0x1f, 0x0b, - 0x56, 0xe8, 0x8b, 0x16, 0x9c, 0x72, 0xc3, 0x20, 0x20, 0xae, 0xd6, 0x71, 0x2a, 0x45, 0x1c, 0xb6, - 0xcf, 0xa4, 0x89, 0xea, 0x03, 0x8f, 0x0c, 0x00, 0x67, 0xd9, 0xa3, 0x57, 0xe0, 0x04, 0x1f, 0xb3, - 0x5b, 0x29, 0x47, 0xac, 0x2e, 0xa4, 0x62, 0x02, 0x71, 0x1a, 0x17, 0x4d, 0x72, 0x87, 0xb6, 0x28, - 0x59, 0x32, 0xa4, 0x4f, 0xcf, 0x8c, 0x62, 0x25, 0x06, 0x06, 0x8a, 0x00, 0x45, 0x64, 0x3d, 0x22, - 0xf1, 0x86, 0x08, 0x3a, 0x60, 0xfa, 0xd5, 0xf0, 0xe1, 0x32, 0x56, 0x71, 0x0f, 0x25, 0x9c, 0x43, - 0x1d, 0x6d, 0x0a, 0x03, 0xb3, 0x56, 0x84, 0x0c, 0x15, 0x9f, 0xb9, 0xaf, 0x9d, 0x39, 0x01, 0xd5, - 0x78, 0xc3, 0x89, 0x9a, 0x4c, 0xaf, 0x2b, 0xf3, 0x2c, 0x89, 0x15, 0xda, 0x80, 0x79, 0x3b, 0x9a, - 0x85, 0xd3, 0x99, 0x32, 0x30, 0xb1, 0x70, 0x98, 0xaa, 0xd0, 0xfe, 0x4c, 0x01, 0x99, 0x18, 0xf7, - 0x3c, 0x61, 0x3a, 0x1f, 0x46, 0xf6, 0x71, 0x3e, 0xec, 0xa8, 0xd0, 0xb6, 0x51, 0xb6, 0x3f, 0xbe, - 0x5a, 0xc8, 0x00, 0x0c, 0x14, 0xc7, 0xf6, 0xb9, 0x4c, 0x1c, 0xdb, 0x09, 0xd6, 0x81, 0x5b, 0xc5, - 0x74, 0xe0, 0xe0, 0x41, 0x6b, 0x0f, 0x33, 0x08, 0xed, 0xbf, 0x5b, 0x20, 0xbf, 0xeb, 0x8c, 0xe3, - 0x6e, 0x10, 0x3a, 0x65, 0xd0, 0xfb, 0xe0, 0xa4, 0x32, 0xa1, 0x67, 0xc2, 0x6e, 0xc0, 0xe3, 0xcf, - 0xca, 0xfa, 0x64, 0x14, 0xa7, 0xa0, 0x38, 0x83, 0x8d, 0xa6, 0xa0, 0x4e, 0xc7, 0x89, 0x3f, 0xca, - 0xf7, 0x5a, 0x65, 0xa6, 0x4f, 0x2f, 0xcf, 0x8b, 0xa7, 0x34, 0x0e, 0x0a, 0x61, 0xcc, 0x77, 0xe2, - 0x84, 0xf5, 0x80, 0x5a, 0xd4, 0x87, 0xcc, 0x17, 0x67, 0xf1, 0xe3, 0x0b, 0x59, 0x42, 0xb8, 0x97, - 0xb6, 0xfd, 0xed, 0x0a, 0x9c, 0x48, 0x49, 0xc6, 0x03, 0x6e, 0xd2, 0xcf, 0x41, 0x4d, 0xee, 0x9b, - 0xd9, 0xaa, 0x15, 0x6a, 0x73, 0x55, 0x18, 0x74, 0xd3, 0x5a, 0xd3, 0xbb, 0x6a, 0x56, 0xa9, 0x30, - 0x36, 0x5c, 0x6c, 0xe2, 0x31, 0xa1, 0x9c, 0xf8, 0xf1, 0x8c, 0xef, 0x91, 0x20, 0xe1, 0xdd, 0x2c, - 0x46, 0x28, 0xaf, 0x2e, 0xac, 0x98, 0x44, 0xb5, 0x50, 0xce, 0x00, 0x70, 0x96, 0x3d, 0xfa, 0x19, - 0x0b, 0x4e, 0x38, 0x77, 0x63, 0x5d, 0x34, 0x52, 0x44, 0xac, 0x1d, 0x71, 0x93, 0x4a, 0xd5, 0xa1, - 0xe4, 0x2e, 0xdf, 0x54, 0x13, 0x4e, 0x33, 0x45, 0x5f, 0xb1, 0x00, 0x91, 0x6d, 0xe2, 0xca, 0x98, - 0x3a, 0xd1, 0x97, 0xa1, 0x22, 0x2c, 0xcd, 0xcb, 0x3d, 0x74, 0xb9, 0x54, 0xef, 0x6d, 0xc7, 0x39, - 0x7d, 0xb0, 0xff, 0x71, 0x59, 0x2d, 0x28, 0x1d, 0xc6, 0xe9, 0x18, 0xe1, 0x64, 0xd6, 0xe1, 0xc3, - 0xc9, 0xf4, 0xb1, 0x7c, 0x6f, 0x1a, 0x5a, 0x2a, 0xfd, 0xa6, 0xf4, 0x90, 0xd2, 0x6f, 0x7e, 0xda, - 0x4a, 0xd5, 0x67, 0x19, 0xb9, 0xf4, 0x5a, 0xb1, 0x21, 0xa4, 0x93, 0x3c, 0x64, 0x20, 0x23, 0xdd, - 0xd3, 0x91, 0x22, 0x54, 0x9a, 0x1a, 0x68, 0x07, 0x92, 0x86, 0xff, 0xa6, 0x0c, 0x23, 0xc6, 0x4e, - 0x9a, 0xab, 0x16, 0x59, 0x8f, 0x98, 0x5a, 0x54, 0x3a, 0x80, 0x5a, 0xf4, 0x53, 0x50, 0x77, 0xa5, - 0x94, 0x2f, 0xa6, 0x42, 0x69, 0x76, 0xef, 0xd0, 0x82, 0x5e, 0x35, 0x61, 0xcd, 0x13, 0xcd, 0xa5, - 0xf2, 0x57, 0xc4, 0x0e, 0x51, 0x61, 0x3b, 0x44, 0x5e, 0x82, 0x89, 0xd8, 0x29, 0x7a, 0x9f, 0x61, - 0x65, 0x7c, 0x3a, 0x9e, 0x78, 0x2f, 0x19, 0xe8, 0xcd, 0xcb, 0xf8, 0x2c, 0xcf, 0xcb, 0x66, 0x6c, - 0xe2, 0xd8, 0xdf, 0xb6, 0xd4, 0xc7, 0x7d, 0x00, 0x49, 0xed, 0x77, 0xd2, 0x49, 0xed, 0x97, 0x0b, - 0x19, 0xe6, 0x3e, 0xd9, 0xec, 0x37, 0x60, 0x78, 0x26, 0x6c, 0xb7, 0x9d, 0xa0, 0x89, 0x7e, 0x10, - 0x86, 0x5d, 0xfe, 0x53, 0x38, 0x76, 0xd8, 0xf1, 0xa0, 0x80, 0x62, 0x09, 0x43, 0x4f, 0x40, 0xc5, - 0x89, 0x5a, 0xd2, 0x99, 0xc3, 0x22, 0x4c, 0xa6, 0xa3, 0x56, 0x8c, 0x59, 0xab, 0xfd, 0xf7, 0x2b, - 0x00, 0x33, 0x61, 0xbb, 0xe3, 0x44, 0xa4, 0xb9, 0x1a, 0xb2, 0x0a, 0x69, 0xc7, 0x7a, 0xa8, 0xa6, - 0x8d, 0xa5, 0x47, 0xf9, 0x60, 0xcd, 0x38, 0x5c, 0x29, 0x3f, 0xe0, 0xc3, 0x95, 0x3e, 0xe7, 0x65, - 0x95, 0x47, 0xe8, 0xbc, 0xcc, 0xfe, 0xac, 0x05, 0x88, 0x4e, 0x9a, 0x30, 0x20, 0x41, 0xa2, 0x0f, - 0xb4, 0xa7, 0xa0, 0xee, 0xca, 0x56, 0xa1, 0x58, 0x69, 0x11, 0x21, 0x01, 0x58, 0xe3, 0x0c, 0x60, - 0x21, 0x3f, 0x2d, 0xe5, 0x77, 0x39, 0x1d, 0x9c, 0xca, 0xa4, 0xbe, 0x10, 0xe7, 0xf6, 0xef, 0x94, - 0xe0, 0x31, 0xbe, 0x25, 0x2f, 0x3a, 0x81, 0xd3, 0x22, 0x6d, 0xda, 0xab, 0x41, 0x43, 0x14, 0x5c, - 0x6a, 0x9a, 0x79, 0x32, 0xd8, 0xf4, 0xa8, 0x6b, 0x97, 0xaf, 0x39, 0xbe, 0xca, 0xe6, 0x03, 0x2f, - 0xc1, 0x8c, 0x38, 0x8a, 0xa1, 0x26, 0x4b, 0x72, 0x0b, 0x59, 0x5c, 0x10, 0x23, 0x25, 0x96, 0xc4, - 0xbe, 0x49, 0xb0, 0x62, 0x44, 0x15, 0x57, 0x3f, 0x74, 0x37, 0x31, 0xe9, 0x84, 0x4c, 0xee, 0x1a, - 0xb1, 0x7e, 0x0b, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0x77, 0x2c, 0xc8, 0xee, 0x48, 0x46, 0xb9, 0x2a, - 0xeb, 0xbe, 0xe5, 0xaa, 0x0e, 0x50, 0x2f, 0xea, 0x27, 0x60, 0xc4, 0x49, 0xa8, 0x12, 0xc1, 0xcd, - 0xee, 0xf2, 0xe1, 0x8e, 0x35, 0x16, 0xc3, 0xa6, 0xb7, 0xee, 0x31, 0x73, 0xdb, 0x24, 0x67, 0xff, - 0xd7, 0x0a, 0x8c, 0xf5, 0xa4, 0x44, 0xa0, 0x97, 0x61, 0xd4, 0x15, 0xd3, 0xa3, 0x23, 0x1d, 0x5a, - 0x75, 0x33, 0x36, 0x4c, 0xc3, 0x70, 0x0a, 0x73, 0x80, 0x09, 0x3a, 0x0f, 0x67, 0x22, 0x6a, 0xe8, - 0x77, 0xc9, 0xf4, 0x7a, 0x42, 0xa2, 0x15, 0xe2, 0x86, 0x41, 0x93, 0x17, 0x55, 0x2b, 0x37, 0x1e, - 0xdf, 0xdb, 0x9d, 0x38, 0x83, 0x7b, 0xc1, 0x38, 0xef, 0x19, 0xd4, 0x81, 0x13, 0xbe, 0xa9, 0x03, - 0x0a, 0x03, 0xe0, 0x50, 0xea, 0xa3, 0xd2, 0x11, 0x52, 0xcd, 0x38, 0xcd, 0x20, 0xad, 0x48, 0x56, - 0x1f, 0x92, 0x22, 0xf9, 0x29, 0xad, 0x48, 0xf2, 0xf3, 0xf7, 0x0f, 0x15, 0x9c, 0x12, 0x73, 0xdc, - 0x9a, 0xe4, 0xab, 0x50, 0x93, 0xb1, 0x49, 0x03, 0xc5, 0xf4, 0x98, 0x74, 0xfa, 0x48, 0xb4, 0x7b, - 0x25, 0xc8, 0x31, 0x42, 0xe8, 0x3a, 0xd3, 0x3b, 0x7e, 0x6a, 0x9d, 0x1d, 0x6c, 0xd7, 0x47, 0xdb, - 0x3c, 0x2e, 0x8b, 0xef, 0x6d, 0x1f, 0x2c, 0xda, 0x88, 0xd2, 0xa1, 0x5a, 0x2a, 0x53, 0x40, 0x85, - 0x6b, 0x5d, 0x02, 0xd0, 0x8a, 0x9a, 0x88, 0x03, 0x57, 0xc7, 0xbe, 0x5a, 0x9f, 0xc3, 0x06, 0x16, - 0xb5, 0xa9, 0xbd, 0x20, 0x4e, 0x1c, 0xdf, 0xbf, 0xea, 0x05, 0x89, 0x70, 0x0e, 0xaa, 0x4d, 0x7c, - 0x5e, 0x83, 0xb0, 0x89, 0x77, 0xe1, 0xbd, 0xc6, 0x77, 0x39, 0xc8, 0xf7, 0xdc, 0x80, 0xf3, 0x73, - 0x5e, 0xa2, 0xb2, 0x17, 0xd4, 0x3c, 0xa2, 0x7a, 0x98, 0xca, 0xc6, 0xb1, 0xfa, 0x66, 0xe3, 0x18, - 0xd9, 0x03, 0xa5, 0x74, 0xb2, 0x43, 0x36, 0x7b, 0xc0, 0x7e, 0x19, 0xce, 0xce, 0x79, 0xc9, 0x15, - 0xcf, 0x27, 0x07, 0x64, 0x62, 0xff, 0xd6, 0x10, 0x8c, 0x9a, 0xf9, 0x6f, 0x07, 0x49, 0x28, 0xfa, - 0x3c, 0x55, 0xb5, 0xc4, 0xdb, 0x79, 0xea, 0xd0, 0xec, 0xf6, 0x91, 0x93, 0xf1, 0xf2, 0x47, 0xcc, - 0xd0, 0xb6, 0x34, 0x4f, 0x6c, 0x76, 0x00, 0xdd, 0x85, 0xea, 0x3a, 0x8b, 0x6e, 0x2f, 0x17, 0x11, - 0x59, 0x90, 0x37, 0xa2, 0x7a, 0x99, 0xf1, 0xf8, 0x78, 0xce, 0x8f, 0xee, 0x90, 0x51, 0x3a, 0x65, - 0xca, 0x88, 0xc8, 0x14, 0xc9, 0x52, 0x0a, 0xa3, 0x9f, 0xa8, 0xaf, 0x1e, 0x42, 0xd4, 0xa7, 0x04, - 0xef, 0xd0, 0x43, 0x12, 0xbc, 0x2c, 0x53, 0x21, 0xd9, 0x60, 0xfa, 0x9b, 0x08, 0x21, 0x1f, 0x66, - 0x83, 0x60, 0x64, 0x2a, 0xa4, 0xc0, 0x38, 0x8b, 0x8f, 0x3e, 0xae, 0x44, 0x77, 0xad, 0x08, 0xbf, - 0xaa, 0x39, 0xa3, 0x8f, 0x5b, 0x6a, 0x7f, 0xb6, 0x04, 0x27, 0xe7, 0x82, 0xee, 0xf2, 0xdc, 0x72, - 0x77, 0xcd, 0xf7, 0xdc, 0xeb, 0x64, 0x87, 0x8a, 0xe6, 0x4d, 0xb2, 0x33, 0x3f, 0x2b, 0x56, 0x90, - 0x9a, 0x33, 0xd7, 0x69, 0x23, 0xe6, 0x30, 0x2a, 0x8c, 0xd6, 0xbd, 0xa0, 0x45, 0xa2, 0x4e, 0xe4, - 0x09, 0x97, 0xa7, 0x21, 0x8c, 0xae, 0x68, 0x10, 0x36, 0xf1, 0x28, 0xed, 0xf0, 0x6e, 0x40, 0xa2, - 0xac, 0x22, 0xbb, 0x44, 0x1b, 0x31, 0x87, 0x51, 0xa4, 0x24, 0xea, 0xc6, 0x89, 0x98, 0x8c, 0x0a, - 0x69, 0x95, 0x36, 0x62, 0x0e, 0xa3, 0x2b, 0x3d, 0xee, 0xae, 0xb1, 0xc0, 0x8d, 0x4c, 0xbc, 0xfa, - 0x0a, 0x6f, 0xc6, 0x12, 0x4e, 0x51, 0x37, 0xc9, 0xce, 0x2c, 0xb5, 0x7a, 0x33, 0x69, 0x2b, 0xd7, - 0x79, 0x33, 0x96, 0x70, 0x56, 0x0d, 0x2e, 0x3d, 0x1c, 0xdf, 0x73, 0xd5, 0xe0, 0xd2, 0xdd, 0xef, - 0x63, 0x3f, 0xff, 0x8a, 0x05, 0xa3, 0x66, 0xb8, 0x15, 0x6a, 0x65, 0x74, 0xdc, 0xa5, 0x9e, 0x62, - 0xa2, 0x3f, 0x96, 0x77, 0x73, 0x52, 0xcb, 0x4b, 0xc2, 0x4e, 0xfc, 0x3c, 0x09, 0x5a, 0x5e, 0x40, - 0xd8, 0x29, 0x3a, 0x0f, 0xd3, 0x4a, 0xc5, 0x72, 0xcd, 0x84, 0x4d, 0x72, 0x08, 0x25, 0xd9, 0xbe, - 0x0d, 0x63, 0x3d, 0xb9, 0x4a, 0x03, 0xa8, 0x16, 0xfb, 0x66, 0x8a, 0xda, 0x18, 0x46, 0x28, 0x61, - 0x59, 0x5a, 0x65, 0x06, 0xc6, 0xf8, 0x42, 0xa2, 0x9c, 0x56, 0xdc, 0x0d, 0xd2, 0x56, 0xf9, 0x67, - 0xcc, 0xbf, 0x7e, 0x2b, 0x0b, 0xc4, 0xbd, 0xf8, 0xf6, 0xe7, 0x2c, 0x38, 0x91, 0x4a, 0x1f, 0x2b, - 0x48, 0x09, 0x62, 0x2b, 0x2d, 0x64, 0xd1, 0x7f, 0x2c, 0x04, 0xba, 0xcc, 0x36, 0x53, 0xbd, 0xd2, - 0x34, 0x08, 0x9b, 0x78, 0xf6, 0x97, 0x4a, 0x50, 0x93, 0x11, 0x14, 0x03, 0x74, 0xe5, 0x33, 0x16, - 0x9c, 0x50, 0x67, 0x1a, 0xcc, 0x59, 0x56, 0x2a, 0x22, 0xd6, 0x9f, 0xf6, 0x40, 0x99, 0xdb, 0xc1, - 0x7a, 0xa8, 0x35, 0x72, 0x6c, 0x32, 0xc3, 0x69, 0xde, 0xe8, 0x16, 0x40, 0xbc, 0x13, 0x27, 0xa4, - 0x6d, 0xb8, 0xed, 0x6c, 0x63, 0xc5, 0x4d, 0xba, 0x61, 0x44, 0xe8, 0xfa, 0xba, 0x11, 0x36, 0xc9, - 0x8a, 0xc2, 0xd4, 0x2a, 0x94, 0x6e, 0xc3, 0x06, 0x25, 0xfb, 0xef, 0x96, 0xe0, 0x74, 0xb6, 0x4b, - 0xe8, 0x43, 0x30, 0x2a, 0xb9, 0x1b, 0xb7, 0x40, 0xc9, 0xb0, 0x91, 0x51, 0x6c, 0xc0, 0xee, 0xed, - 0x4e, 0x4c, 0xf4, 0xde, 0xc2, 0x35, 0x69, 0xa2, 0xe0, 0x14, 0x31, 0x7e, 0xb0, 0x24, 0x4e, 0x40, - 0x1b, 0x3b, 0xd3, 0x9d, 0x8e, 0x38, 0x1d, 0x32, 0x0e, 0x96, 0x4c, 0x28, 0xce, 0x60, 0xa3, 0x65, - 0x38, 0x6b, 0xb4, 0xdc, 0x20, 0x5e, 0x6b, 0x63, 0x2d, 0x8c, 0xa4, 0x65, 0xf5, 0x84, 0x0e, 0xec, - 0xea, 0xc5, 0xc1, 0xb9, 0x4f, 0xd2, 0xdd, 0xde, 0x75, 0x3a, 0x8e, 0xeb, 0x25, 0x3b, 0xc2, 0x0f, - 0xa9, 0x64, 0xd3, 0x8c, 0x68, 0xc7, 0x0a, 0xc3, 0x5e, 0x84, 0xca, 0x80, 0x33, 0x68, 0x20, 0x8d, - 0xfe, 0x55, 0xa8, 0x51, 0x72, 0x52, 0xbd, 0x2b, 0x82, 0x64, 0x08, 0x35, 0x79, 0x91, 0x03, 0xb2, - 0xa1, 0xec, 0x39, 0xf2, 0xec, 0x4e, 0xbd, 0xd6, 0x7c, 0x1c, 0x77, 0x99, 0x91, 0x4c, 0x81, 0xe8, - 0x69, 0x28, 0x93, 0xed, 0x4e, 0xf6, 0x90, 0xee, 0xf2, 0x76, 0xc7, 0x8b, 0x48, 0x4c, 0x91, 0xc8, - 0x76, 0x07, 0x5d, 0x80, 0x92, 0xd7, 0x14, 0x9b, 0x14, 0x08, 0x9c, 0xd2, 0xfc, 0x2c, 0x2e, 0x79, - 0x4d, 0x7b, 0x1b, 0xea, 0xea, 0xe6, 0x08, 0xb4, 0x29, 0x65, 0xb7, 0x55, 0x44, 0xc8, 0x93, 0xa4, - 0xdb, 0x47, 0x6a, 0x77, 0x01, 0x74, 0x1e, 0x5d, 0x51, 0xf2, 0xe5, 0x22, 0x54, 0xdc, 0x50, 0xe4, - 0xf8, 0xd6, 0x34, 0x19, 0x26, 0xb4, 0x19, 0xc4, 0xbe, 0x0d, 0x27, 0xaf, 0x07, 0xe1, 0x5d, 0x56, - 0x1a, 0x9b, 0x95, 0xb4, 0xa2, 0x84, 0xd7, 0xe9, 0x8f, 0xac, 0x8a, 0xc0, 0xa0, 0x98, 0xc3, 0x54, - 0xd9, 0xa3, 0x52, 0xbf, 0xb2, 0x47, 0xf6, 0x27, 0x2c, 0x38, 0xad, 0xb2, 0x81, 0xa4, 0x34, 0x7e, - 0x19, 0x46, 0xd7, 0xba, 0x9e, 0xdf, 0x94, 0x85, 0xb2, 0x32, 0x6e, 0x8a, 0x86, 0x01, 0xc3, 0x29, - 0x4c, 0x6a, 0x54, 0xad, 0x79, 0x81, 0x13, 0xed, 0x2c, 0x6b, 0xf1, 0xaf, 0x24, 0x42, 0x43, 0x41, - 0xb0, 0x81, 0x65, 0x7f, 0xc6, 0xec, 0x82, 0xc8, 0x3f, 0x1a, 0x60, 0x64, 0x6f, 0x42, 0xd5, 0x55, - 0x67, 0xbd, 0x87, 0x2a, 0xe6, 0xa7, 0xf2, 0xcb, 0x99, 0xbf, 0x9f, 0x53, 0xb3, 0xff, 0x49, 0x09, - 0x4e, 0xa4, 0x6a, 0x96, 0x20, 0x1f, 0x6a, 0xc4, 0x67, 0xae, 0x3c, 0x39, 0xc5, 0x8e, 0x5a, 0x2e, - 0x52, 0x2d, 0x8b, 0xcb, 0x82, 0x2e, 0x56, 0x1c, 0x1e, 0x8d, 0x23, 0xb5, 0x97, 0x61, 0x54, 0x76, - 0xe8, 0x83, 0x4e, 0xdb, 0x17, 0xab, 0x50, 0x4d, 0x80, 0xcb, 0x06, 0x0c, 0xa7, 0x30, 0xed, 0xdf, - 0x2d, 0xc3, 0x38, 0xf7, 0x7d, 0x36, 0x55, 0xd4, 0xcb, 0xa2, 0xd4, 0xb2, 0xfe, 0x82, 0xae, 0x2c, - 0xc4, 0x07, 0x72, 0xed, 0xa8, 0xd5, 0x99, 0xf3, 0x19, 0x0d, 0x14, 0x8f, 0xf1, 0x4b, 0x99, 0x78, - 0x0c, 0xbe, 0xd9, 0xb6, 0x8e, 0xa9, 0x47, 0xdf, 0x5b, 0x01, 0x1a, 0x7f, 0xab, 0x04, 0xa7, 0x32, - 0xa5, 0xaf, 0xd1, 0x17, 0xd2, 0x65, 0x1f, 0xad, 0x22, 0x3c, 0x64, 0xf7, 0xad, 0x86, 0x7c, 0xb0, - 0xe2, 0x8f, 0x0f, 0x69, 0xa9, 0xd8, 0x7f, 0x50, 0x82, 0x93, 0xe9, 0x9a, 0xdd, 0x8f, 0xe0, 0x48, - 0xbd, 0x1b, 0xea, 0xac, 0x2c, 0x2d, 0xbb, 0x67, 0x8c, 0x3b, 0xe2, 0x78, 0x29, 0x53, 0xd9, 0x88, - 0x35, 0xfc, 0x91, 0xa8, 0xa9, 0x69, 0xff, 0x6d, 0x0b, 0xce, 0xf1, 0xb7, 0xcc, 0xce, 0xc3, 0xbf, - 0x98, 0x37, 0xba, 0xaf, 0x17, 0xdb, 0xc1, 0x4c, 0x45, 0xac, 0xfd, 0xc6, 0x97, 0xdd, 0x6f, 0x24, - 0x7a, 0x9b, 0x9e, 0x0a, 0x8f, 0x60, 0x67, 0x0f, 0x34, 0x19, 0xec, 0x3f, 0x28, 0x83, 0xbe, 0xd2, - 0x09, 0x79, 0x22, 0xb3, 0xa9, 0x90, 0xca, 0x60, 0x2b, 0x3b, 0x81, 0xab, 0x2f, 0x8f, 0xaa, 0x65, - 0x12, 0x9b, 0x7e, 0xde, 0x82, 0x11, 0x2f, 0xf0, 0x12, 0xcf, 0x61, 0xca, 0x73, 0x31, 0x57, 0xd2, - 0x28, 0x76, 0xf3, 0x9c, 0x72, 0x18, 0x99, 0xde, 0x5b, 0xc5, 0x0c, 0x9b, 0x9c, 0xd1, 0x47, 0x44, - 0xc8, 0x64, 0xb9, 0xb0, 0x9c, 0xbc, 0x5a, 0x26, 0x4e, 0xb2, 0x03, 0xd5, 0x88, 0x24, 0x51, 0x41, - 0xa9, 0xac, 0x98, 0x92, 0x52, 0x45, 0x26, 0xf5, 0xe5, 0x9a, 0xb4, 0x19, 0x73, 0x46, 0x76, 0x0c, - 0xa8, 0x77, 0x2c, 0x0e, 0x18, 0x8e, 0x36, 0x05, 0x75, 0xa7, 0x9b, 0x84, 0x6d, 0x3a, 0x4c, 0xc2, - 0xc1, 0xac, 0x03, 0xee, 0x24, 0x00, 0x6b, 0x1c, 0xfb, 0x0b, 0x55, 0xc8, 0xa4, 0x1a, 0xa1, 0x6d, - 0xf3, 0x3a, 0x32, 0xab, 0xd8, 0xeb, 0xc8, 0x54, 0x67, 0xf2, 0xae, 0x24, 0x43, 0x2d, 0xa8, 0x76, - 0x36, 0x9c, 0x58, 0xea, 0xc6, 0xaf, 0xca, 0x61, 0x5a, 0xa6, 0x8d, 0xf7, 0x76, 0x27, 0x7e, 0x7c, - 0x30, 0x5f, 0x0b, 0x9d, 0xab, 0x53, 0x3c, 0x73, 0x5f, 0xb3, 0x66, 0x34, 0x30, 0xa7, 0x7f, 0x90, - 0x4b, 0x79, 0x3e, 0x29, 0x0a, 0x09, 0x63, 0x12, 0x77, 0xfd, 0x44, 0xcc, 0x86, 0x57, 0x0b, 0x5c, - 0x65, 0x9c, 0xb0, 0x4e, 0x92, 0xe5, 0xff, 0xb1, 0xc1, 0x14, 0x7d, 0x08, 0xea, 0x71, 0xe2, 0x44, - 0xc9, 0x21, 0xd3, 0xda, 0xd4, 0xa0, 0xaf, 0x48, 0x22, 0x58, 0xd3, 0x43, 0xaf, 0xb1, 0x42, 0x89, - 0x5e, 0xbc, 0x71, 0xc8, 0x48, 0x67, 0x59, 0x54, 0x51, 0x50, 0xc0, 0x06, 0x35, 0x6a, 0x7a, 0xb0, - 0xb9, 0xcd, 0xc3, 0x7b, 0x6a, 0xcc, 0xb6, 0x54, 0xa2, 0x10, 0x2b, 0x08, 0x36, 0xb0, 0xec, 0x1f, - 0x86, 0x74, 0x96, 0x37, 0x9a, 0x90, 0x49, 0xe5, 0xdc, 0xf7, 0xc4, 0x22, 0x96, 0x53, 0xf9, 0xdf, - 0xbf, 0x61, 0x81, 0x99, 0x8a, 0x8e, 0xde, 0xe4, 0x39, 0xef, 0x56, 0x11, 0xe7, 0x05, 0x06, 0xdd, - 0xc9, 0x45, 0xa7, 0x93, 0x39, 0xb8, 0x92, 0x89, 0xef, 0x17, 0xde, 0x0b, 0x35, 0x09, 0x3d, 0x90, - 0x52, 0xf7, 0x71, 0x38, 0x93, 0xbd, 0xac, 0x55, 0xf8, 0x9a, 0x5b, 0x51, 0xd8, 0xed, 0x64, 0x0d, - 0x49, 0x76, 0x99, 0x27, 0xe6, 0x30, 0x6a, 0x8e, 0x6d, 0x7a, 0x41, 0x33, 0x6b, 0x48, 0x5e, 0xf7, - 0x82, 0x26, 0x66, 0x90, 0x01, 0x2e, 0xa5, 0xfb, 0x4d, 0x0b, 0x2e, 0xee, 0x77, 0xa7, 0x2c, 0x7a, - 0x02, 0x2a, 0x77, 0x9d, 0x48, 0x56, 0xb0, 0x65, 0x82, 0xf2, 0xb6, 0x13, 0x05, 0x98, 0xb5, 0xa2, - 0x1d, 0x18, 0xe2, 0x31, 0x20, 0x42, 0x5b, 0x7f, 0xb5, 0xd8, 0x1b, 0x6e, 0xaf, 0x13, 0xc3, 0x5c, - 0xe0, 0xf1, 0x27, 0x58, 0x30, 0xb4, 0xbf, 0x63, 0x01, 0x5a, 0xda, 0x22, 0x51, 0xe4, 0x35, 0x8d, - 0xa8, 0x15, 0xf4, 0x22, 0x8c, 0xde, 0x59, 0x59, 0xba, 0xb1, 0x1c, 0x7a, 0x01, 0xab, 0xfa, 0x60, - 0x24, 0xb6, 0x5d, 0x33, 0xda, 0x71, 0x0a, 0x0b, 0xcd, 0xc0, 0xd8, 0x9d, 0x37, 0xa9, 0xf1, 0x6b, - 0x56, 0xcb, 0x2f, 0x69, 0x77, 0xe7, 0xb5, 0x57, 0x33, 0x40, 0xdc, 0x8b, 0x8f, 0x96, 0xe0, 0x5c, - 0x9b, 0x9b, 0x1b, 0xbc, 0xc8, 0x35, 0xb7, 0x3d, 0x54, 0x1a, 0xc9, 0xf9, 0xbd, 0xdd, 0x89, 0x73, - 0x8b, 0x79, 0x08, 0x38, 0xff, 0x39, 0xfb, 0xbd, 0x80, 0x78, 0xb0, 0xca, 0x4c, 0x5e, 0xe4, 0x41, - 0x5f, 0x4b, 0xdc, 0xfe, 0x6a, 0x15, 0x4e, 0x65, 0xea, 0x1b, 0x52, 0x53, 0xaf, 0x37, 0xd4, 0xe1, - 0xc8, 0xfb, 0x77, 0x6f, 0xf7, 0x06, 0x0a, 0x9e, 0x08, 0xa0, 0xea, 0x05, 0x9d, 0x6e, 0x52, 0x4c, - 0xe6, 0x18, 0xef, 0xc4, 0x3c, 0x25, 0x68, 0x38, 0x89, 0xe8, 0x5f, 0xcc, 0xd9, 0x14, 0x19, 0x8a, - 0x91, 0x52, 0xc6, 0x2b, 0x0f, 0xc9, 0x1d, 0xf0, 0x49, 0x1d, 0x18, 0x51, 0x2d, 0xe2, 0xa0, 0x3e, - 0x33, 0x59, 0x8e, 0xfb, 0x80, 0xed, 0xd7, 0x4b, 0x30, 0x62, 0x7c, 0x34, 0xf4, 0xcb, 0xe9, 0x42, - 0x2d, 0x56, 0x71, 0xaf, 0xc4, 0xe8, 0x4f, 0xea, 0x52, 0x2c, 0xfc, 0x95, 0x9e, 0xe9, 0xad, 0xd1, - 0x72, 0x6f, 0x77, 0xe2, 0x74, 0xa6, 0x0a, 0x4b, 0xaa, 0x6e, 0xcb, 0x85, 0x8f, 0xc1, 0xa9, 0x0c, - 0x99, 0x9c, 0x57, 0x5e, 0x4d, 0xdf, 0xc5, 0x7b, 0x44, 0xb7, 0x94, 0x39, 0x64, 0xdf, 0xa0, 0x43, - 0xa6, 0xaf, 0x68, 0x1f, 0xc0, 0x1d, 0x97, 0xc9, 0x91, 0x2b, 0x0d, 0x98, 0x23, 0xf7, 0x2c, 0xd4, - 0x3a, 0xa1, 0xef, 0xb9, 0x9e, 0x2a, 0xe9, 0xc5, 0xb2, 0xf2, 0x96, 0x45, 0x1b, 0x56, 0x50, 0x74, - 0x17, 0xea, 0xea, 0xda, 0x62, 0x11, 0x84, 0x58, 0x94, 0xab, 0x57, 0x29, 0x2d, 0xfa, 0x3a, 0x62, - 0xcd, 0x0b, 0xd9, 0x30, 0xc4, 0x36, 0x41, 0x19, 0xf0, 0xcb, 0x32, 0x38, 0xd9, 0xee, 0x18, 0x63, - 0x01, 0xb1, 0xbf, 0x5e, 0x87, 0xb3, 0x79, 0x45, 0x66, 0xd1, 0x47, 0x61, 0x88, 0xf7, 0xb1, 0x98, - 0x3a, 0xe6, 0x79, 0x3c, 0xe6, 0x18, 0x41, 0xd1, 0x2d, 0xf6, 0x1b, 0x0b, 0x9e, 0x82, 0xbb, 0xef, - 0xac, 0x89, 0x19, 0x72, 0x3c, 0xdc, 0x17, 0x1c, 0xcd, 0x7d, 0xc1, 0xe1, 0xdc, 0x7d, 0x67, 0x0d, - 0x6d, 0x43, 0xb5, 0xe5, 0x25, 0xc4, 0x11, 0x4e, 0x84, 0xdb, 0xc7, 0xc2, 0x9c, 0x38, 0x5c, 0x4b, - 0x63, 0x3f, 0x31, 0x67, 0x88, 0xbe, 0x66, 0xc1, 0xa9, 0xb5, 0x74, 0x42, 0xac, 0x10, 0x9e, 0xce, - 0x31, 0x14, 0x12, 0x4e, 0x33, 0xe2, 0x37, 0x52, 0x64, 0x1a, 0x71, 0xb6, 0x3b, 0xe8, 0x53, 0x16, - 0x0c, 0xaf, 0x7b, 0xbe, 0x51, 0x53, 0xf2, 0x18, 0x3e, 0xce, 0x15, 0xc6, 0x40, 0x5b, 0x1c, 0xfc, - 0x7f, 0x8c, 0x25, 0xe7, 0x7e, 0x3b, 0xd5, 0xd0, 0x51, 0x77, 0xaa, 0xe1, 0x87, 0xb4, 0x53, 0x7d, - 0xda, 0x82, 0xba, 0x1a, 0x69, 0x91, 0xe4, 0xf8, 0xa1, 0x63, 0xfc, 0xe4, 0xdc, 0x73, 0xa2, 0xfe, - 0x62, 0xcd, 0x1c, 0x7d, 0xd1, 0x82, 0x11, 0xe7, 0xad, 0x6e, 0x44, 0x9a, 0x64, 0x2b, 0xec, 0xc4, - 0xe2, 0x16, 0xa8, 0xd7, 0x8b, 0xef, 0xcc, 0x34, 0x65, 0x32, 0x4b, 0xb6, 0x96, 0x3a, 0xb1, 0x48, - 0x46, 0xd0, 0x0d, 0xd8, 0xec, 0x82, 0xbd, 0x5b, 0x82, 0x89, 0x7d, 0x28, 0xa0, 0x97, 0x61, 0x34, - 0x8c, 0x5a, 0x4e, 0xe0, 0xbd, 0x65, 0x66, 0xb8, 0x2b, 0x2d, 0x6b, 0xc9, 0x80, 0xe1, 0x14, 0xa6, - 0x99, 0x86, 0x59, 0xda, 0x27, 0x0d, 0xf3, 0x22, 0x54, 0x22, 0xd2, 0x09, 0xb3, 0xc6, 0x02, 0x0b, - 0x04, 0x66, 0x10, 0xf4, 0x24, 0x94, 0x9d, 0x8e, 0x27, 0xc2, 0x4f, 0x94, 0x0d, 0x34, 0xbd, 0x3c, - 0x8f, 0x69, 0x7b, 0x2a, 0x2b, 0xbc, 0xfa, 0x40, 0xb2, 0xc2, 0xe9, 0x36, 0x20, 0xce, 0x2e, 0x86, - 0xf4, 0x36, 0x90, 0x3e, 0x53, 0xb0, 0xbf, 0x52, 0x86, 0x27, 0xef, 0x3b, 0x5f, 0x74, 0xf4, 0x8d, - 0x75, 0x9f, 0xe8, 0x1b, 0x39, 0x3c, 0xa5, 0xfd, 0x86, 0xa7, 0xdc, 0x67, 0x78, 0x3e, 0x45, 0x97, - 0x81, 0xac, 0x0c, 0x50, 0xcc, 0x85, 0x44, 0xfd, 0x0a, 0x0d, 0x88, 0x15, 0x20, 0xa1, 0x58, 0xf3, - 0xa5, 0x36, 0x40, 0x2a, 0x05, 0xb1, 0x5a, 0xc4, 0x36, 0xd0, 0xb7, 0x52, 0x00, 0x9f, 0xfb, 0xfd, - 0xf2, 0x1a, 0xed, 0x5f, 0x28, 0xc1, 0xd3, 0x03, 0x48, 0x6f, 0x73, 0x16, 0x5b, 0x03, 0xce, 0xe2, - 0xef, 0xed, 0xcf, 0x64, 0xff, 0x25, 0x0b, 0x2e, 0xf4, 0xdf, 0x3c, 0xd0, 0x0b, 0x30, 0xb2, 0x16, - 0x39, 0x81, 0xbb, 0xc1, 0x2e, 0x59, 0x93, 0x83, 0xc2, 0xc6, 0x5a, 0x37, 0x63, 0x13, 0x87, 0x9a, - 0xb7, 0xbc, 0xb0, 0xbb, 0x81, 0x21, 0x53, 0xc6, 0xa8, 0x79, 0xbb, 0x9a, 0x05, 0xe2, 0x5e, 0x7c, - 0xfb, 0xcf, 0x4a, 0xf9, 0xdd, 0xe2, 0x4a, 0xc6, 0x41, 0xbe, 0x93, 0xf8, 0x0a, 0xa5, 0x01, 0x64, - 0x49, 0xf9, 0x41, 0xcb, 0x92, 0x4a, 0x3f, 0x59, 0x82, 0x66, 0xe1, 0xb4, 0x71, 0x1f, 0x01, 0x4f, - 0x03, 0xe4, 0x61, 0x76, 0x2a, 0x37, 0x7e, 0x39, 0x03, 0xc7, 0x3d, 0x4f, 0xa0, 0xe7, 0xa0, 0xe6, - 0x05, 0x31, 0x71, 0xbb, 0x11, 0x0f, 0xef, 0x34, 0x52, 0x2f, 0xe6, 0x45, 0x3b, 0x56, 0x18, 0xf6, - 0xaf, 0x94, 0xe0, 0x7c, 0x5f, 0x3d, 0xeb, 0x01, 0xc9, 0x2e, 0xf3, 0x73, 0x54, 0x1e, 0xcc, 0xe7, - 0x30, 0x07, 0xa9, 0xba, 0xef, 0x20, 0xfd, 0x61, 0xff, 0x89, 0x49, 0x75, 0xee, 0xef, 0xdb, 0x51, - 0x7a, 0x05, 0x4e, 0x38, 0x9d, 0x0e, 0xc7, 0x63, 0x51, 0x5a, 0x99, 0xda, 0x18, 0xd3, 0x26, 0x10, - 0xa7, 0x71, 0x07, 0xda, 0x3d, 0xff, 0xd8, 0x82, 0x3a, 0x26, 0xeb, 0x5c, 0x3a, 0xa0, 0x3b, 0x62, - 0x88, 0xac, 0x22, 0xaa, 0xe8, 0xd1, 0x81, 0x8d, 0x3d, 0x56, 0x5d, 0x2e, 0x6f, 0xb0, 0x7b, 0xef, - 0xad, 0x28, 0x1d, 0xe8, 0xde, 0x0a, 0x75, 0x73, 0x41, 0xb9, 0xff, 0xcd, 0x05, 0xf6, 0x37, 0x86, - 0xe9, 0xeb, 0x75, 0xc2, 0x99, 0x88, 0x34, 0x63, 0xfa, 0x7d, 0xbb, 0x91, 0x2f, 0x26, 0x89, 0xfa, - 0xbe, 0x37, 0xf1, 0x02, 0xa6, 0xed, 0xa9, 0xa3, 0x98, 0xd2, 0x81, 0x2a, 0x03, 0x94, 0xf7, 0xad, - 0x0c, 0xf0, 0x0a, 0x9c, 0x88, 0xe3, 0x8d, 0xe5, 0xc8, 0xdb, 0x72, 0x12, 0x72, 0x9d, 0xec, 0x08, - 0x2d, 0x4b, 0x67, 0xf3, 0xae, 0x5c, 0xd5, 0x40, 0x9c, 0xc6, 0x45, 0x73, 0x30, 0xa6, 0xf3, 0xf3, - 0x49, 0x94, 0xb0, 0x98, 0x5e, 0x3e, 0x13, 0x54, 0xea, 0x9e, 0xce, 0xe8, 0x17, 0x08, 0xb8, 0xf7, - 0x19, 0x2a, 0xdf, 0x52, 0x8d, 0xb4, 0x23, 0x43, 0x69, 0xf9, 0x96, 0xa2, 0x43, 0xfb, 0xd2, 0xf3, - 0x04, 0x5a, 0x84, 0x33, 0x7c, 0x62, 0x4c, 0x77, 0x3a, 0xc6, 0x1b, 0x0d, 0xa7, 0xab, 0x97, 0xcd, - 0xf5, 0xa2, 0xe0, 0xbc, 0xe7, 0xd0, 0x4b, 0x30, 0xa2, 0x9a, 0xe7, 0x67, 0xc5, 0x29, 0x82, 0xf2, - 0x62, 0x28, 0x32, 0xf3, 0x4d, 0x6c, 0xe2, 0xa1, 0x0f, 0xc2, 0xe3, 0xfa, 0x2f, 0x4f, 0xfc, 0xe0, - 0x47, 0x6b, 0xb3, 0xa2, 0xf4, 0x89, 0xaa, 0x93, 0x3f, 0x97, 0x8b, 0xd6, 0xc4, 0xfd, 0x9e, 0x47, - 0x6b, 0x70, 0x41, 0x81, 0x2e, 0x07, 0x09, 0x8b, 0xe2, 0x8e, 0x49, 0xc3, 0x89, 0xc9, 0xcd, 0xc8, - 0x67, 0xc5, 0x52, 0xea, 0xfa, 0x0a, 0xb3, 0x39, 0x2f, 0xb9, 0x9a, 0x87, 0x89, 0x17, 0xf0, 0x7d, - 0xa8, 0xa0, 0x29, 0xa8, 0x93, 0xc0, 0x59, 0xf3, 0xc9, 0xd2, 0xcc, 0x3c, 0x2b, 0xa1, 0x62, 0x9c, - 0xe4, 0x5d, 0x96, 0x00, 0xac, 0x71, 0x54, 0x5c, 0xd9, 0x68, 0xdf, 0xeb, 0xf4, 0x96, 0xe1, 0x6c, - 0xcb, 0xed, 0x50, 0xdd, 0xc3, 0x73, 0xc9, 0xb4, 0xcb, 0x62, 0xab, 0xe8, 0x87, 0xe1, 0x65, 0xe5, - 0x54, 0xd0, 0xe4, 0xdc, 0xcc, 0x72, 0x0f, 0x0e, 0xce, 0x7d, 0x92, 0xae, 0xb1, 0x4e, 0x14, 0x6e, - 0xef, 0x8c, 0x9f, 0x49, 0xaf, 0xb1, 0x65, 0xda, 0x88, 0x39, 0x0c, 0x5d, 0x03, 0xc4, 0x22, 0x70, - 0xaf, 0x26, 0x49, 0x47, 0x29, 0x3b, 0xe3, 0x67, 0xd9, 0x2b, 0x5d, 0x10, 0x4f, 0xa0, 0x2b, 0x3d, - 0x18, 0x38, 0xe7, 0x29, 0xfb, 0xdf, 0x5a, 0x70, 0x42, 0xad, 0xd7, 0x07, 0x10, 0x83, 0xee, 0xa7, - 0x63, 0xd0, 0xe7, 0x8e, 0x2e, 0xf1, 0x58, 0xcf, 0xfb, 0x04, 0x32, 0xfe, 0xec, 0x08, 0x80, 0x96, - 0x8a, 0x6a, 0x43, 0xb2, 0xfa, 0x6e, 0x48, 0x8f, 0xac, 0x44, 0xca, 0xab, 0x97, 0x50, 0x7d, 0xb8, - 0xf5, 0x12, 0x56, 0xe0, 0x9c, 0x54, 0x17, 0xf8, 0x59, 0xd1, 0xd5, 0x30, 0x56, 0x02, 0xae, 0xd6, - 0x78, 0x52, 0x10, 0x3a, 0x37, 0x9f, 0x87, 0x84, 0xf3, 0x9f, 0x4d, 0x69, 0x29, 0xc3, 0xfb, 0x69, - 0x29, 0x7a, 0x4d, 0x2f, 0xac, 0xcb, 0x82, 0xf8, 0x99, 0x35, 0xbd, 0x70, 0x65, 0x05, 0x6b, 0x9c, - 0x7c, 0xc1, 0x5e, 0x2f, 0x48, 0xb0, 0xc3, 0x81, 0x05, 0xbb, 0x14, 0x31, 0x23, 0x7d, 0x45, 0x8c, - 0xf4, 0x49, 0x8f, 0xf6, 0xf5, 0x49, 0xbf, 0x0f, 0x4e, 0x7a, 0xc1, 0x06, 0x89, 0xbc, 0x84, 0x34, - 0xd9, 0x5a, 0x60, 0xe2, 0xa7, 0xa6, 0xb7, 0xf5, 0xf9, 0x14, 0x14, 0x67, 0xb0, 0xd3, 0x72, 0xf1, - 0xe4, 0x00, 0x72, 0xb1, 0xcf, 0x6e, 0x74, 0xaa, 0x98, 0xdd, 0xe8, 0xf4, 0xd1, 0x77, 0xa3, 0xb1, - 0x63, 0xdd, 0x8d, 0x50, 0x21, 0xbb, 0xd1, 0x40, 0x82, 0xde, 0x30, 0xff, 0xce, 0xee, 0x63, 0xfe, - 0xf5, 0xdb, 0x8a, 0xce, 0x1d, 0x7a, 0x2b, 0xca, 0xdf, 0x65, 0x1e, 0x3b, 0xd4, 0x2e, 0xf3, 0xe9, - 0x12, 0x9c, 0xd3, 0x72, 0x98, 0xce, 0x7e, 0x6f, 0x9d, 0x4a, 0x22, 0x76, 0xa7, 0x0a, 0x3f, 0xb7, - 0x31, 0x52, 0x22, 0x74, 0x76, 0x85, 0x82, 0x60, 0x03, 0x8b, 0x65, 0x16, 0x90, 0x88, 0x15, 0xcf, - 0xcc, 0x0a, 0xe9, 0x19, 0xd1, 0x8e, 0x15, 0x06, 0x9d, 0x5f, 0xf4, 0xb7, 0xc8, 0xd6, 0xca, 0x96, - 0x88, 0x9a, 0xd1, 0x20, 0x6c, 0xe2, 0xa1, 0x67, 0x39, 0x13, 0x26, 0x20, 0xa8, 0xa0, 0x1e, 0x15, - 0x97, 0x2c, 0x4a, 0x99, 0xa0, 0xa0, 0xb2, 0x3b, 0x2c, 0x85, 0xa4, 0xda, 0xdb, 0x1d, 0x16, 0x02, - 0xa5, 0x30, 0xec, 0xff, 0x66, 0xc1, 0xf9, 0xdc, 0xa1, 0x78, 0x00, 0x9b, 0xef, 0x76, 0x7a, 0xf3, - 0x5d, 0x29, 0xca, 0xdc, 0x30, 0xde, 0xa2, 0xcf, 0x46, 0xfc, 0xaf, 0x2d, 0x38, 0xa9, 0xf1, 0x1f, - 0xc0, 0xab, 0x7a, 0xe9, 0x57, 0x2d, 0xce, 0xb2, 0xaa, 0xf7, 0xbc, 0xdb, 0xef, 0x96, 0x40, 0x95, - 0x6d, 0x9b, 0x76, 0x65, 0x51, 0xcc, 0x7d, 0x4e, 0x12, 0x77, 0x60, 0x88, 0x1d, 0x84, 0xc6, 0xc5, - 0x04, 0x79, 0xa4, 0xf9, 0xb3, 0x43, 0x55, 0x7d, 0xc8, 0xcc, 0xfe, 0xc6, 0x58, 0x30, 0x64, 0xa5, - 0x5d, 0xbd, 0x98, 0x4a, 0xf3, 0xa6, 0x48, 0xc6, 0xd0, 0xa5, 0x5d, 0x45, 0x3b, 0x56, 0x18, 0x74, - 0x7b, 0xf0, 0xdc, 0x30, 0x98, 0xf1, 0x9d, 0x58, 0x5e, 0x24, 0xa6, 0xb6, 0x87, 0x79, 0x09, 0xc0, - 0x1a, 0x87, 0x9d, 0x91, 0x7a, 0x71, 0xc7, 0x77, 0x76, 0x0c, 0xfb, 0xd9, 0xc8, 0x4a, 0x56, 0x20, - 0x6c, 0xe2, 0xd9, 0x6d, 0x18, 0x4f, 0xbf, 0xc4, 0x2c, 0x59, 0x67, 0x01, 0x8a, 0x03, 0x0d, 0xe7, - 0x14, 0xd4, 0x1d, 0xf6, 0xd4, 0x42, 0xd7, 0xc9, 0xde, 0xff, 0x3b, 0x2d, 0x01, 0x58, 0xe3, 0xd8, - 0xbf, 0x66, 0xc1, 0x99, 0x9c, 0x41, 0x2b, 0x30, 0xd9, 0x25, 0xd1, 0xd2, 0x26, 0x6f, 0x63, 0x7f, - 0x17, 0x0c, 0x37, 0xc9, 0xba, 0x23, 0x43, 0xe0, 0x0c, 0xd9, 0x3e, 0xcb, 0x9b, 0xb1, 0x84, 0xdb, - 0xff, 0xc5, 0x82, 0x53, 0xe9, 0xbe, 0xc6, 0x54, 0x3a, 0xf3, 0x97, 0x99, 0xf5, 0x62, 0x37, 0xdc, - 0x22, 0xd1, 0x0e, 0x7d, 0x73, 0xde, 0x6b, 0x25, 0x9d, 0xa7, 0x7b, 0x30, 0x70, 0xce, 0x53, 0xac, - 0x68, 0x63, 0x53, 0x8d, 0xb6, 0x9c, 0x91, 0xb7, 0x8a, 0x9c, 0x91, 0xfa, 0x63, 0x9a, 0xc7, 0xe5, - 0x8a, 0x25, 0x36, 0xf9, 0xdb, 0xdf, 0xa9, 0x80, 0xca, 0x86, 0x63, 0xf1, 0x47, 0x05, 0x45, 0x6f, - 0xa5, 0xee, 0x3c, 0x2a, 0x0f, 0x70, 0xe7, 0x91, 0x9c, 0x0c, 0x95, 0xfb, 0x05, 0x04, 0x70, 0x2f, - 0x89, 0xe9, 0xba, 0x54, 0x6f, 0xb8, 0xaa, 0x41, 0xd8, 0xc4, 0xa3, 0x3d, 0xf1, 0xbd, 0x2d, 0xc2, - 0x1f, 0x1a, 0x4a, 0xf7, 0x64, 0x41, 0x02, 0xb0, 0xc6, 0xa1, 0x3d, 0x69, 0x7a, 0xeb, 0xeb, 0xc2, - 0xe4, 0x57, 0x3d, 0xa1, 0xa3, 0x83, 0x19, 0x84, 0xd7, 0xe1, 0x0d, 0x37, 0x85, 0x16, 0x6c, 0xd4, - 0xe1, 0x0d, 0x37, 0x31, 0x83, 0x50, 0xbd, 0x2d, 0x08, 0xa3, 0x36, 0xbb, 0x9f, 0xb9, 0xa9, 0xb8, - 0x08, 0xed, 0x57, 0xe9, 0x6d, 0x37, 0x7a, 0x51, 0x70, 0xde, 0x73, 0x74, 0x06, 0x76, 0x22, 0xd2, - 0xf4, 0xdc, 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xdc, 0x83, 0x81, 0x73, 0x9e, 0x42, 0xd3, 0x70, - 0x4a, 0x66, 0x33, 0xca, 0x5a, 0x15, 0x23, 0xe9, 0xdc, 0x78, 0x9c, 0x06, 0xe3, 0x2c, 0x3e, 0x95, - 0x6a, 0x6d, 0x51, 0xa6, 0x86, 0x29, 0xcb, 0x86, 0x54, 0x93, 0xe5, 0x6b, 0xb0, 0xc2, 0xb0, 0x3f, - 0x59, 0xa6, 0xbb, 0x70, 0x9f, 0xf2, 0x4c, 0x0f, 0x2c, 0x5a, 0x30, 0x3d, 0x23, 0x2b, 0x03, 0xcc, - 0xc8, 0x17, 0x61, 0xf4, 0x4e, 0x1c, 0x06, 0x2a, 0x12, 0xaf, 0xda, 0x37, 0x12, 0xcf, 0xc0, 0xca, - 0x8f, 0xc4, 0x1b, 0x2a, 0x2a, 0x12, 0x6f, 0xf8, 0x90, 0x91, 0x78, 0xdf, 0xaa, 0x82, 0xba, 0x10, - 0xe0, 0x06, 0x49, 0xee, 0x86, 0xd1, 0xa6, 0x17, 0xb4, 0x58, 0x16, 0xe8, 0xd7, 0x2c, 0x18, 0xe5, - 0xeb, 0x65, 0xc1, 0xcc, 0xa4, 0x5a, 0x2f, 0xa8, 0xd2, 0x7c, 0x8a, 0xd9, 0xe4, 0xaa, 0xc1, 0x28, - 0x73, 0x8f, 0x9d, 0x09, 0xc2, 0xa9, 0x1e, 0xa1, 0x8f, 0x01, 0x48, 0xff, 0xe8, 0xba, 0x14, 0x99, - 0xf3, 0xc5, 0xf4, 0x0f, 0x93, 0x75, 0xad, 0x03, 0xaf, 0x2a, 0x26, 0xd8, 0x60, 0x88, 0x3e, 0x9d, - 0xbd, 0xbf, 0xfe, 0x23, 0xc7, 0x32, 0x36, 0x83, 0xe4, 0x98, 0x61, 0x18, 0xf6, 0x82, 0x16, 0x9d, - 0x27, 0x22, 0x62, 0xe9, 0x87, 0xf2, 0x32, 0xa8, 0x17, 0x42, 0xa7, 0xd9, 0x70, 0x7c, 0x27, 0x70, - 0x49, 0x34, 0xcf, 0xd1, 0xcd, 0xdb, 0x5b, 0x59, 0x03, 0x96, 0x84, 0x7a, 0xae, 0x52, 0xa8, 0x0e, - 0x72, 0x95, 0xc2, 0x85, 0xf7, 0xc3, 0x58, 0xcf, 0xc7, 0x3c, 0x50, 0x4a, 0xd9, 0xe1, 0xb3, 0xd1, - 0xec, 0x7f, 0x3a, 0xa4, 0x37, 0xad, 0x1b, 0x61, 0x93, 0x17, 0xf4, 0x8f, 0xf4, 0x17, 0x15, 0x3a, - 0x6e, 0x81, 0x53, 0xc4, 0xb8, 0x01, 0x56, 0x35, 0x62, 0x93, 0x25, 0x9d, 0xa3, 0x1d, 0x27, 0x22, - 0xc1, 0x71, 0xcf, 0xd1, 0x65, 0xc5, 0x04, 0x1b, 0x0c, 0xd1, 0x46, 0x2a, 0xa7, 0xe4, 0xca, 0xd1, - 0x73, 0x4a, 0x58, 0x6d, 0x99, 0xbc, 0x1a, 0xdc, 0x5f, 0xb4, 0xe0, 0x64, 0x90, 0x9a, 0xb9, 0xc5, - 0x84, 0x91, 0xe6, 0xaf, 0x0a, 0x7e, 0x9f, 0x4c, 0xba, 0x0d, 0x67, 0xf8, 0xe7, 0x6d, 0x69, 0xd5, - 0x03, 0x6e, 0x69, 0xfa, 0x66, 0x90, 0xa1, 0x7e, 0x37, 0x83, 0xa0, 0x40, 0x5d, 0x8d, 0x34, 0x5c, - 0xf8, 0xd5, 0x48, 0x90, 0x73, 0x2d, 0xd2, 0x6d, 0xa8, 0xbb, 0x11, 0x71, 0x92, 0x43, 0xde, 0x92, - 0xc3, 0x0e, 0xe8, 0x67, 0x24, 0x01, 0xac, 0x69, 0xd9, 0xff, 0xab, 0x02, 0xa7, 0xe5, 0x88, 0xc8, - 0x10, 0x74, 0xba, 0x3f, 0x72, 0xbe, 0x5a, 0xb9, 0x55, 0xfb, 0xe3, 0x55, 0x09, 0xc0, 0x1a, 0x87, - 0xea, 0x63, 0xdd, 0x98, 0x2c, 0x75, 0x48, 0xb0, 0xe0, 0xad, 0xc5, 0xe2, 0x9c, 0x53, 0x2d, 0x94, - 0x9b, 0x1a, 0x84, 0x4d, 0x3c, 0xaa, 0x8c, 0x73, 0xbd, 0x38, 0xce, 0xa6, 0xaf, 0x08, 0x7d, 0x1b, - 0x4b, 0x38, 0xfa, 0xc5, 0xdc, 0x7a, 0x91, 0xc5, 0x24, 0x6e, 0xf5, 0x44, 0xde, 0x1f, 0xf0, 0x62, - 0xb5, 0xbf, 0x61, 0xc1, 0x39, 0xde, 0x2a, 0x47, 0xf2, 0x66, 0xa7, 0xe9, 0x24, 0x24, 0x2e, 0xa6, - 0x7e, 0x73, 0x4e, 0xff, 0xb4, 0x93, 0x37, 0x8f, 0x2d, 0xce, 0xef, 0x0d, 0xfa, 0x82, 0x05, 0xa7, - 0x36, 0x53, 0x99, 0xfe, 0x72, 0xeb, 0x38, 0x62, 0x4d, 0x9a, 0x74, 0xf9, 0x00, 0xbd, 0xd4, 0xd2, - 0xed, 0x31, 0xce, 0x72, 0xb7, 0xff, 0xcc, 0x02, 0x53, 0x8c, 0x0e, 0xa6, 0x01, 0x1a, 0x57, 0xd9, - 0x96, 0xf6, 0xb9, 0xca, 0x56, 0x2a, 0x8b, 0xe5, 0xc1, 0x8c, 0x93, 0xca, 0x01, 0x8c, 0x93, 0x6a, - 0x5f, 0xed, 0xf2, 0x49, 0x28, 0x77, 0xbd, 0xa6, 0xb0, 0x2f, 0xf4, 0xe9, 0xeb, 0xfc, 0x2c, 0xa6, - 0xed, 0xf6, 0x3f, 0xaa, 0x6a, 0xbf, 0x85, 0xc8, 0x8b, 0xfa, 0xbe, 0x78, 0xed, 0x75, 0x55, 0x62, - 0x88, 0xbf, 0xf9, 0x8d, 0x9e, 0x12, 0x43, 0x3f, 0x7a, 0xf0, 0xb4, 0x37, 0x3e, 0x40, 0xfd, 0x2a, - 0x0c, 0x0d, 0xef, 0x93, 0xf3, 0x76, 0x07, 0x6a, 0xd4, 0x04, 0x63, 0x0e, 0xc8, 0x5a, 0xaa, 0x53, - 0xb5, 0xab, 0xa2, 0xfd, 0xde, 0xee, 0xc4, 0x8f, 0x1c, 0xbc, 0x5b, 0xf2, 0x69, 0xac, 0xe8, 0xa3, - 0x18, 0xea, 0xf4, 0x37, 0x4b, 0xcf, 0x13, 0xc6, 0xdd, 0x4d, 0x25, 0x33, 0x25, 0xa0, 0x90, 0xdc, - 0x3f, 0xcd, 0x07, 0x05, 0x50, 0x67, 0x77, 0x50, 0x32, 0xa6, 0xdc, 0x06, 0x5c, 0x56, 0x49, 0x72, - 0x12, 0x70, 0x6f, 0x77, 0xe2, 0x95, 0x83, 0x33, 0x55, 0x8f, 0x63, 0xcd, 0xc2, 0xfe, 0x52, 0x45, - 0xcf, 0x5d, 0x51, 0x59, 0xea, 0xfb, 0x62, 0xee, 0xbe, 0x9c, 0x99, 0xbb, 0x17, 0x7b, 0xe6, 0xee, - 0x49, 0x7d, 0x57, 0x62, 0x6a, 0x36, 0x3e, 0x68, 0x45, 0x60, 0x7f, 0x7f, 0x03, 0xd3, 0x80, 0xde, - 0xec, 0x7a, 0x11, 0x89, 0x97, 0xa3, 0x6e, 0xe0, 0x05, 0x2d, 0x71, 0x07, 0xbe, 0xa1, 0x01, 0xa5, - 0xc0, 0x38, 0x8b, 0xcf, 0xee, 0xcf, 0xdf, 0x09, 0xdc, 0xdb, 0xce, 0x16, 0x9f, 0x55, 0x46, 0xb1, - 0x9d, 0x15, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0x0d, 0x76, 0x96, 0x6d, 0xe4, 0x05, 0xd3, 0x39, 0xe1, - 0xb3, 0x4b, 0x3f, 0x79, 0xa5, 0x1e, 0x35, 0x27, 0xf8, 0x4d, 0x9f, 0x1c, 0x86, 0xee, 0xc2, 0xf0, - 0x1a, 0xbf, 0xf5, 0xaa, 0x98, 0xaa, 0xc4, 0xe2, 0x0a, 0x2d, 0x76, 0xb7, 0x81, 0xbc, 0x4f, 0xeb, - 0x9e, 0xfe, 0x89, 0x25, 0x37, 0xfb, 0x9b, 0x15, 0x38, 0x95, 0xb9, 0x16, 0x32, 0x55, 0x23, 0xb1, - 0xb4, 0x6f, 0x8d, 0xc4, 0x0f, 0x03, 0x34, 0x49, 0xc7, 0x0f, 0x77, 0x98, 0x3a, 0x56, 0x39, 0xb0, - 0x3a, 0xa6, 0x34, 0xf8, 0x59, 0x45, 0x05, 0x1b, 0x14, 0x45, 0x79, 0x22, 0x5e, 0x72, 0x31, 0x53, - 0x9e, 0xc8, 0xa8, 0x5d, 0x3e, 0xf4, 0x60, 0x6b, 0x97, 0x7b, 0x70, 0x8a, 0x77, 0x51, 0x65, 0xdf, - 0x1e, 0x22, 0xc9, 0x96, 0xe5, 0x2f, 0xcc, 0xa6, 0xc9, 0xe0, 0x2c, 0xdd, 0x87, 0x79, 0xeb, 0x2b, - 0x7a, 0x37, 0xd4, 0xe5, 0x77, 0x8e, 0xc7, 0xeb, 0xba, 0x82, 0x81, 0x9c, 0x06, 0xec, 0x36, 0x56, - 0xf1, 0xd3, 0xfe, 0x7c, 0x89, 0x6a, 0xcf, 0xfc, 0x9f, 0xaa, 0x44, 0xf3, 0x0c, 0x0c, 0x39, 0xdd, - 0x64, 0x23, 0xec, 0xb9, 0x39, 0x6b, 0x9a, 0xb5, 0x62, 0x01, 0x45, 0x0b, 0x50, 0x69, 0xea, 0xea, - 0x22, 0x07, 0x19, 0x45, 0xed, 0x88, 0x74, 0x12, 0x82, 0x19, 0x15, 0xf4, 0x04, 0x54, 0x12, 0xa7, - 0x25, 0x13, 0x9d, 0x58, 0x72, 0xeb, 0xaa, 0xd3, 0x8a, 0x31, 0x6b, 0x35, 0x37, 0xcd, 0xca, 0x3e, - 0x9b, 0xe6, 0x2b, 0x70, 0x22, 0xf6, 0x5a, 0x81, 0x93, 0x74, 0x23, 0x62, 0x1c, 0xae, 0xe9, 0x78, - 0x09, 0x13, 0x88, 0xd3, 0xb8, 0xf6, 0x6f, 0x8d, 0xc2, 0xd9, 0x95, 0x99, 0x45, 0x59, 0x29, 0xf7, - 0xd8, 0x72, 0x95, 0xf2, 0x78, 0x3c, 0xb8, 0x5c, 0xa5, 0x3e, 0xdc, 0x7d, 0x23, 0x57, 0xc9, 0x37, - 0x72, 0x95, 0xd2, 0x89, 0x23, 0xe5, 0x22, 0x12, 0x47, 0xf2, 0x7a, 0x30, 0x48, 0xe2, 0xc8, 0xb1, - 0x25, 0x2f, 0xdd, 0xb7, 0x43, 0x07, 0x4a, 0x5e, 0x52, 0x99, 0x5d, 0x85, 0x84, 0xf4, 0xf7, 0xf9, - 0x54, 0xb9, 0x99, 0x5d, 0x2a, 0xab, 0x86, 0xa7, 0xab, 0x08, 0x01, 0xfb, 0x7a, 0xf1, 0x1d, 0x18, - 0x20, 0xab, 0x46, 0x64, 0xcc, 0x98, 0x99, 0x5c, 0xc3, 0x45, 0x64, 0x72, 0xe5, 0x75, 0x67, 0xdf, - 0x4c, 0xae, 0x57, 0xe0, 0x84, 0xeb, 0x87, 0x01, 0x59, 0x8e, 0xc2, 0x24, 0x74, 0x43, 0x5f, 0x28, - 0xd3, 0x4a, 0x24, 0xcc, 0x98, 0x40, 0x9c, 0xc6, 0xed, 0x97, 0x06, 0x56, 0x3f, 0x6a, 0x1a, 0x18, - 0x3c, 0xa4, 0x34, 0xb0, 0x9f, 0xd3, 0x09, 0xcb, 0x23, 0xec, 0x8b, 0x7c, 0xb8, 0xf8, 0x2f, 0x32, - 0x48, 0xd6, 0x32, 0xfa, 0x0a, 0xbf, 0xba, 0x8a, 0xaa, 0xa3, 0x33, 0x61, 0x9b, 0xaa, 0x5b, 0xa3, - 0x6c, 0x48, 0xde, 0x38, 0x86, 0x09, 0x7b, 0x7b, 0x45, 0xb3, 0x51, 0xd7, 0x59, 0xe9, 0x26, 0x9c, - 0xee, 0xc8, 0x51, 0x12, 0xaa, 0xbf, 0x5a, 0x82, 0x1f, 0xd8, 0xb7, 0x0b, 0xe8, 0x2e, 0x40, 0xe2, - 0xb4, 0xc4, 0x44, 0x15, 0xc7, 0x14, 0x47, 0x0c, 0x6a, 0x5c, 0x95, 0xf4, 0x78, 0x25, 0x10, 0xf5, - 0x97, 0x1d, 0x00, 0xc8, 0xdf, 0x2c, 0x96, 0x31, 0xf4, 0x7b, 0xaa, 0x1e, 0xe2, 0xd0, 0x27, 0x98, - 0x41, 0xe8, 0xf6, 0x1f, 0x91, 0x96, 0xbe, 0x6b, 0x55, 0x7d, 0x3e, 0xcc, 0x5a, 0xb1, 0x80, 0xa2, - 0x97, 0x60, 0xc4, 0xf1, 0x7d, 0x9e, 0x95, 0x42, 0x62, 0x71, 0x77, 0x85, 0xae, 0xdc, 0xa6, 0x41, - 0xd8, 0xc4, 0xb3, 0xff, 0xb4, 0x04, 0x13, 0xfb, 0xc8, 0x94, 0x9e, 0x3c, 0xbb, 0xea, 0xc0, 0x79, - 0x76, 0x22, 0x33, 0x60, 0xa8, 0x4f, 0x66, 0xc0, 0x4b, 0x30, 0x92, 0x10, 0xa7, 0x2d, 0xc2, 0xa0, - 0x84, 0xfd, 0xad, 0xcf, 0x5d, 0x35, 0x08, 0x9b, 0x78, 0x54, 0x8a, 0x9d, 0x74, 0x5c, 0x97, 0xc4, - 0xb1, 0x0c, 0xfd, 0x17, 0x3e, 0xcc, 0xc2, 0xf2, 0x0a, 0x98, 0x6b, 0x78, 0x3a, 0xc5, 0x02, 0x67, - 0x58, 0x66, 0x07, 0xbc, 0x3e, 0xe0, 0x80, 0x7f, 0xbd, 0x04, 0x4f, 0xde, 0x77, 0x77, 0x1b, 0x38, - 0x2b, 0xa3, 0x1b, 0x93, 0x28, 0x3b, 0x71, 0x6e, 0xc6, 0x24, 0xc2, 0x0c, 0xc2, 0x47, 0xa9, 0xd3, - 0x31, 0xee, 0xb2, 0x2d, 0x3a, 0x65, 0x88, 0x8f, 0x52, 0x8a, 0x05, 0xce, 0xb0, 0x3c, 0xec, 0xb4, - 0xfc, 0x3b, 0x25, 0x78, 0x7a, 0x00, 0x1d, 0xa0, 0xc0, 0xd4, 0xaa, 0x74, 0x82, 0x5b, 0xf9, 0x21, - 0xe5, 0x21, 0x1e, 0x72, 0xb8, 0xbe, 0x51, 0x82, 0x0b, 0xfd, 0xb7, 0x62, 0xf4, 0x63, 0xd4, 0x86, - 0x97, 0xb1, 0x4f, 0x66, 0x6e, 0xdc, 0x19, 0x6e, 0xbf, 0xa7, 0x40, 0x38, 0x8b, 0x8b, 0x26, 0x01, - 0x3a, 0x4e, 0xb2, 0x11, 0x5f, 0xde, 0xf6, 0xe2, 0x44, 0xd4, 0x7e, 0x39, 0xc9, 0x4f, 0x8c, 0x64, - 0x2b, 0x36, 0x30, 0x28, 0x3b, 0xf6, 0x6f, 0x36, 0xbc, 0x11, 0x26, 0xfc, 0x21, 0x6e, 0x46, 0x9c, - 0x91, 0xf5, 0xf1, 0x0d, 0x10, 0xce, 0xe2, 0x52, 0x76, 0xec, 0x4c, 0x92, 0x77, 0x94, 0xdb, 0x17, - 0x8c, 0xdd, 0x82, 0x6a, 0xc5, 0x06, 0x46, 0x36, 0xeb, 0xaf, 0xba, 0x7f, 0xd6, 0x9f, 0xfd, 0x0f, - 0x4b, 0x70, 0xbe, 0xaf, 0x2a, 0x37, 0xd8, 0x02, 0x7c, 0xf4, 0x32, 0xf5, 0x0e, 0x37, 0x77, 0x0e, - 0x98, 0x51, 0xf6, 0xc7, 0x7d, 0x66, 0x9a, 0xc8, 0x28, 0x3b, 0x7c, 0x4a, 0xf6, 0xa3, 0x37, 0x9e, - 0x3d, 0x49, 0x64, 0x95, 0x03, 0x24, 0x91, 0x65, 0x3e, 0x46, 0x75, 0xc0, 0x85, 0xfc, 0x7b, 0xe5, - 0xbe, 0xc3, 0x4b, 0x4d, 0xbf, 0x81, 0xbc, 0xa3, 0xb3, 0x70, 0xda, 0x0b, 0xd8, 0x5d, 0x29, 0x2b, - 0xdd, 0x35, 0x51, 0x0e, 0xa4, 0x94, 0xbe, 0xa9, 0x78, 0x3e, 0x03, 0xc7, 0x3d, 0x4f, 0x3c, 0x82, - 0x49, 0x7d, 0x87, 0x1b, 0xd2, 0x83, 0xa5, 0x95, 0xa2, 0x25, 0x38, 0x27, 0x87, 0x62, 0xc3, 0x89, - 0x48, 0x53, 0x6c, 0x23, 0xb1, 0x48, 0x63, 0x38, 0xcf, 0x53, 0x21, 0x72, 0x10, 0x70, 0xfe, 0x73, - 0xf6, 0x87, 0xa1, 0xae, 0x5e, 0x8d, 0xc7, 0x49, 0xab, 0xf9, 0xd4, 0x13, 0x27, 0xad, 0x26, 0x93, - 0x81, 0x45, 0x3f, 0x04, 0xd5, 0x76, 0x33, 0x0b, 0xe3, 0x3a, 0xd9, 0x61, 0xaa, 0xaf, 0xfd, 0x1e, - 0x18, 0x55, 0x2e, 0x94, 0x41, 0xef, 0xe3, 0xb0, 0xbf, 0x34, 0x04, 0x27, 0x52, 0xd5, 0xf6, 0x52, - 0x1e, 0x4b, 0x6b, 0x5f, 0x8f, 0x25, 0x8b, 0x7b, 0xef, 0x06, 0xf2, 0xb2, 0x1e, 0x23, 0xee, 0xbd, - 0x1b, 0x10, 0xcc, 0x61, 0x54, 0x73, 0x6d, 0x46, 0x3b, 0xb8, 0x1b, 0x88, 0xf8, 0x54, 0xa5, 0xb9, - 0xce, 0xb2, 0x56, 0x2c, 0xa0, 0xe8, 0x13, 0x16, 0x8c, 0xc6, 0xcc, 0x1d, 0xce, 0xfd, 0xbd, 0x62, - 0x3e, 0x5d, 0x3b, 0x7a, 0x31, 0x41, 0x55, 0x59, 0x92, 0x85, 0x9c, 0x98, 0x2d, 0x38, 0xc5, 0x11, - 0xfd, 0x8c, 0x05, 0x75, 0x75, 0xa7, 0x80, 0xb8, 0x51, 0x6b, 0xa5, 0xd8, 0x62, 0x86, 0xdc, 0x51, - 0xa8, 0x4e, 0x16, 0xf4, 0x25, 0xe1, 0x9a, 0x31, 0x8a, 0x95, 0x33, 0x76, 0xf8, 0x78, 0x9c, 0xb1, - 0x90, 0xe3, 0x88, 0x7d, 0x37, 0xd4, 0xdb, 0x4e, 0xe0, 0xad, 0x93, 0x38, 0xe1, 0xfe, 0x51, 0x59, - 0x63, 0x55, 0x36, 0x62, 0x0d, 0xa7, 0x7b, 0x6d, 0xcc, 0x5e, 0x2c, 0x31, 0x1c, 0x9a, 0x6c, 0xaf, - 0x5d, 0xd1, 0xcd, 0xd8, 0xc4, 0x31, 0xbd, 0xaf, 0xf0, 0x50, 0xbd, 0xaf, 0x23, 0xfb, 0x78, 0x5f, - 0xff, 0x9e, 0x05, 0xe7, 0x72, 0xbf, 0xda, 0xa3, 0x1b, 0x49, 0x68, 0x7f, 0xb9, 0x0a, 0x67, 0x72, - 0xca, 0x66, 0xa2, 0x1d, 0x73, 0x3e, 0x5b, 0x45, 0x1c, 0xca, 0xa7, 0xcf, 0x98, 0xe5, 0x30, 0xe6, - 0x4c, 0xe2, 0x83, 0x9d, 0x7d, 0xe8, 0xf3, 0x87, 0xf2, 0x83, 0x3d, 0x7f, 0x30, 0xa6, 0x65, 0xe5, - 0xa1, 0x4e, 0xcb, 0xea, 0xfd, 0xa7, 0x25, 0xfa, 0x75, 0x0b, 0xc6, 0xdb, 0x7d, 0x6a, 0xb5, 0x0b, - 0x9f, 0xe2, 0xad, 0xe3, 0xa9, 0x04, 0xdf, 0x78, 0x62, 0x6f, 0x77, 0xa2, 0x6f, 0x89, 0x7c, 0xdc, - 0xb7, 0x57, 0xf6, 0x77, 0xca, 0xc0, 0x6a, 0xb6, 0xb2, 0xd2, 0x68, 0x3b, 0xe8, 0xe3, 0x66, 0xf5, - 0x5d, 0xab, 0xa8, 0x4a, 0xb1, 0x9c, 0xb8, 0xaa, 0xde, 0xcb, 0x47, 0x30, 0xaf, 0x98, 0x6f, 0x56, - 0x68, 0x95, 0x06, 0x10, 0x5a, 0xbe, 0x2c, 0x73, 0x5c, 0x2e, 0xbe, 0xcc, 0x71, 0x3d, 0x5b, 0xe2, - 0xf8, 0xfe, 0x9f, 0xb8, 0xf2, 0x48, 0x7e, 0xe2, 0xbf, 0x66, 0x71, 0xc1, 0x93, 0xf9, 0x0a, 0x5a, - 0x33, 0xb0, 0xee, 0xa3, 0x19, 0x3c, 0xc7, 0xae, 0x7b, 0x5f, 0xbf, 0x4a, 0x1c, 0x5f, 0x68, 0x10, - 0xe6, 0xcd, 0xed, 0xac, 0x1d, 0x2b, 0x0c, 0x76, 0xfb, 0xa1, 0xef, 0x87, 0x77, 0x2f, 0xb7, 0x3b, - 0xc9, 0x8e, 0xd0, 0x25, 0xf4, 0xed, 0x87, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0xaf, 0x97, 0xf8, 0x0c, - 0x14, 0x51, 0x05, 0x2f, 0x67, 0xee, 0xab, 0x1a, 0xfc, 0x40, 0xfe, 0xa3, 0x00, 0xae, 0xba, 0xe9, - 0x59, 0x1c, 0xf7, 0x5c, 0x3d, 0xf2, 0x35, 0xb4, 0x82, 0x9e, 0x7e, 0x0d, 0xdd, 0x86, 0x0d, 0x7e, - 0x29, 0x59, 0x5a, 0xde, 0x57, 0x96, 0xa6, 0xc4, 0x4a, 0x65, 0x9f, 0xdd, 0xee, 0x4f, 0x2d, 0x48, - 0x69, 0x44, 0xa8, 0x03, 0x55, 0xda, 0xdd, 0x9d, 0x62, 0x2e, 0xb1, 0x36, 0x49, 0x53, 0xd1, 0x28, - 0xa6, 0x3d, 0xfb, 0x89, 0x39, 0x23, 0xe4, 0x8b, 0xe0, 0x83, 0x52, 0x11, 0x17, 0xad, 0x9b, 0x0c, - 0xaf, 0x86, 0xe1, 0x26, 0x3f, 0xb3, 0xd4, 0x81, 0x0c, 0xf6, 0xcb, 0x30, 0xd6, 0xd3, 0x29, 0x76, - 0x35, 0x4d, 0x28, 0x6f, 0xee, 0x36, 0xa6, 0x2b, 0xcb, 0x88, 0xc4, 0x1c, 0x66, 0x7f, 0xc3, 0x82, - 0xd3, 0x59, 0xf2, 0xe8, 0x2b, 0x16, 0x8c, 0xc5, 0x59, 0x7a, 0xc7, 0x35, 0x76, 0x2a, 0x80, 0xb0, - 0x07, 0x84, 0x7b, 0x3b, 0x61, 0xff, 0x6f, 0x31, 0xf9, 0x6f, 0x7b, 0x41, 0x33, 0xbc, 0xab, 0x14, - 0x13, 0xab, 0xaf, 0x62, 0x42, 0xd7, 0xa3, 0xbb, 0x41, 0x9a, 0x5d, 0xbf, 0x27, 0x15, 0x73, 0x45, - 0xb4, 0x63, 0x85, 0xc1, 0x32, 0xcf, 0xba, 0xa2, 0x0e, 0x7a, 0x66, 0x52, 0xce, 0x8a, 0x76, 0xac, - 0x30, 0xd0, 0x8b, 0x30, 0x6a, 0xde, 0x4e, 0x2f, 0xe6, 0x25, 0x53, 0xc8, 0xcd, 0x8b, 0xec, 0x71, - 0x0a, 0x0b, 0x4d, 0x02, 0x28, 0x25, 0x47, 0x6e, 0x91, 0xcc, 0x07, 0xa4, 0x24, 0x51, 0x8c, 0x0d, - 0x0c, 0x96, 0xe7, 0xc9, 0xaf, 0x80, 0x97, 0x61, 0xb6, 0x3c, 0xcf, 0x53, 0xb4, 0x61, 0x05, 0xa5, - 0xd2, 0xa4, 0xed, 0x04, 0x5d, 0xc7, 0xa7, 0x23, 0x24, 0xac, 0x3a, 0xb5, 0x0c, 0x17, 0x15, 0x04, - 0x1b, 0x58, 0xf4, 0x8d, 0x13, 0xaf, 0x4d, 0x5e, 0x0b, 0x03, 0x19, 0xf8, 0xa5, 0x4f, 0x74, 0x44, - 0x3b, 0x56, 0x18, 0xf6, 0x7f, 0xb2, 0xe0, 0x94, 0xce, 0x1a, 0xe7, 0x97, 0xd0, 0x9a, 0x46, 0xa8, - 0xb5, 0xaf, 0x11, 0x9a, 0x4e, 0xa7, 0x2d, 0x0d, 0x94, 0x4e, 0x6b, 0x66, 0xba, 0x96, 0xef, 0x9b, - 0xe9, 0xfa, 0x83, 0xfa, 0x82, 0x43, 0x9e, 0x12, 0x3b, 0x92, 0x77, 0xb9, 0x21, 0xb2, 0x61, 0xc8, - 0x75, 0x54, 0xc9, 0x94, 0x51, 0x6e, 0x3b, 0xcc, 0x4c, 0x33, 0x24, 0x01, 0xb1, 0x97, 0xa0, 0xae, - 0x0e, 0x36, 0xa4, 0xa1, 0x6a, 0xe5, 0x1b, 0xaa, 0x03, 0x65, 0xdc, 0x35, 0xd6, 0xbe, 0xf9, 0xdd, - 0xa7, 0xde, 0xf1, 0xfb, 0xdf, 0x7d, 0xea, 0x1d, 0x7f, 0xf4, 0xdd, 0xa7, 0xde, 0xf1, 0x89, 0xbd, - 0xa7, 0xac, 0x6f, 0xee, 0x3d, 0x65, 0xfd, 0xfe, 0xde, 0x53, 0xd6, 0x1f, 0xed, 0x3d, 0x65, 0x7d, - 0x67, 0xef, 0x29, 0xeb, 0x8b, 0xff, 0xfe, 0xa9, 0x77, 0xbc, 0x96, 0x1b, 0xf9, 0x47, 0x7f, 0x3c, - 0xef, 0x36, 0xa7, 0xb6, 0x2e, 0xb1, 0xe0, 0x33, 0xba, 0xbc, 0xa6, 0x8c, 0x39, 0x35, 0x25, 0x97, - 0xd7, 0xff, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x22, 0xdf, 0x41, 0x72, 0xd5, 0xd9, 0x00, 0x00, + // 10611 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x25, 0xd9, + 0x75, 0x90, 0xfb, 0x7d, 0x48, 0xef, 0x1d, 0x69, 0x3e, 0x74, 0x67, 0x66, 0x57, 0x3b, 0xde, 0x5d, + 0x4d, 0x7a, 0x2b, 0xeb, 0x35, 0xde, 0x95, 0xb2, 0xe3, 0x5d, 0xb3, 0x64, 0x13, 0x3b, 0x7a, 0xd2, + 0x8c, 0x46, 0x33, 0xd2, 0x48, 0x7b, 0xa5, 0x99, 0xb1, 0xd7, 0x59, 0xaf, 0x5b, 0xfd, 0xae, 0x9e, + 0x7a, 0xd4, 0xaf, 0xbb, 0xb7, 0xbb, 0x9f, 0x46, 0xda, 0xd8, 0x8e, 0x1d, 0xe7, 0xc3, 0xe0, 0x4f, + 0x6c, 0xa8, 0x38, 0x80, 0x83, 0x13, 0x07, 0x8a, 0x14, 0x6c, 0x11, 0xe0, 0x07, 0x81, 0x40, 0xa5, + 0x92, 0xf0, 0xc3, 0x94, 0xa1, 0x48, 0x51, 0xa9, 0x38, 0x40, 0x22, 0x6c, 0x51, 0x14, 0x14, 0x55, + 0xa4, 0x2a, 0xc0, 0x0f, 0x18, 0x28, 0xa0, 0xee, 0xf7, 0xed, 0x7e, 0xef, 0x8d, 0x9e, 0xa4, 0xd6, + 0xcc, 0xd8, 0xd9, 0x7f, 0xef, 0xdd, 0x73, 0xfa, 0x9c, 0xd3, 0xb7, 0xef, 0x3d, 0xf7, 0xdc, 0x73, + 0xcf, 0x39, 0x17, 0x16, 0x5a, 0x5e, 0xba, 0xd1, 0x59, 0x9b, 0x74, 0xc3, 0xf6, 0x94, 0x13, 0xb7, + 0xc2, 0x28, 0x0e, 0x6f, 0xb3, 0x1f, 0xcf, 0xb9, 0xcd, 0xa9, 0xad, 0x8b, 0x53, 0xd1, 0x66, 0x6b, + 0xca, 0x89, 0xbc, 0x64, 0xca, 0x89, 0x22, 0xdf, 0x73, 0x9d, 0xd4, 0x0b, 0x83, 0xa9, 0xad, 0xe7, + 0x1d, 0x3f, 0xda, 0x70, 0x9e, 0x9f, 0x6a, 0x91, 0x80, 0xc4, 0x4e, 0x4a, 0x9a, 0x93, 0x51, 0x1c, + 0xa6, 0x21, 0xfa, 0x11, 0x4d, 0x6d, 0x52, 0x52, 0x63, 0x3f, 0x5e, 0x77, 0x9b, 0x93, 0x5b, 0x17, + 0x27, 0xa3, 0xcd, 0xd6, 0x24, 0xa5, 0x36, 0x69, 0x50, 0x9b, 0x94, 0xd4, 0xce, 0x3f, 0x67, 0xc8, + 0xd2, 0x0a, 0x5b, 0xe1, 0x14, 0x23, 0xba, 0xd6, 0x59, 0x67, 0xff, 0xd8, 0x1f, 0xf6, 0x8b, 0x33, + 0x3b, 0x6f, 0x6f, 0xbe, 0x94, 0x4c, 0x7a, 0x21, 0x15, 0x6f, 0xca, 0x0d, 0x63, 0x32, 0xb5, 0xd5, + 0x25, 0xd0, 0xf9, 0x2b, 0x1a, 0x87, 0x6c, 0xa7, 0x24, 0x48, 0xbc, 0x30, 0x48, 0x9e, 0xa3, 0x22, + 0x90, 0x78, 0x8b, 0xc4, 0xe6, 0xeb, 0x19, 0x08, 0xbd, 0x28, 0xbd, 0xa0, 0x29, 0xb5, 0x1d, 0x77, + 0xc3, 0x0b, 0x48, 0xbc, 0xa3, 0x1f, 0x6f, 0x93, 0xd4, 0xe9, 0xf5, 0xd4, 0x54, 0xbf, 0xa7, 0xe2, + 0x4e, 0x90, 0x7a, 0x6d, 0xd2, 0xf5, 0xc0, 0xfb, 0xf6, 0x7b, 0x20, 0x71, 0x37, 0x48, 0xdb, 0xe9, + 0x7a, 0xee, 0xbd, 0xfd, 0x9e, 0xeb, 0xa4, 0x9e, 0x3f, 0xe5, 0x05, 0x69, 0x92, 0xc6, 0xf9, 0x87, + 0xec, 0x37, 0xe0, 0xc4, 0xf4, 0xad, 0x95, 0xe9, 0x4e, 0xba, 0x31, 0x13, 0x06, 0xeb, 0x5e, 0x0b, + 0xbd, 0x08, 0x23, 0xae, 0xdf, 0x49, 0x52, 0x12, 0x5f, 0x77, 0xda, 0x64, 0xdc, 0xba, 0x60, 0x3d, + 0x53, 0x6f, 0x9c, 0xf9, 0xe6, 0xee, 0xc4, 0x3b, 0xf6, 0x76, 0x27, 0x46, 0x66, 0x34, 0x08, 0x9b, + 0x78, 0xe8, 0xdd, 0x30, 0x1c, 0x87, 0x3e, 0x99, 0xc6, 0xd7, 0xc7, 0x4b, 0xec, 0x91, 0x53, 0xe2, + 0x91, 0x61, 0xcc, 0x9b, 0xb1, 0x84, 0xdb, 0xbf, 0x5f, 0x02, 0x98, 0x8e, 0xa2, 0xe5, 0x38, 0xbc, + 0x4d, 0xdc, 0x14, 0x7d, 0x14, 0x6a, 0xb4, 0xeb, 0x9a, 0x4e, 0xea, 0x30, 0x6e, 0x23, 0x17, 0x7f, + 0x68, 0x92, 0xbf, 0xc9, 0xa4, 0xf9, 0x26, 0x7a, 0xe0, 0x50, 0xec, 0xc9, 0xad, 0xe7, 0x27, 0x97, + 0xd6, 0xe8, 0xf3, 0x8b, 0x24, 0x75, 0x1a, 0x48, 0x30, 0x03, 0xdd, 0x86, 0x15, 0x55, 0x14, 0x40, + 0x25, 0x89, 0x88, 0xcb, 0x04, 0x1b, 0xb9, 0xb8, 0x30, 0x79, 0x94, 0x11, 0x3a, 0xa9, 0x25, 0x5f, + 0x89, 0x88, 0xdb, 0x18, 0x15, 0x9c, 0x2b, 0xf4, 0x1f, 0x66, 0x7c, 0xd0, 0x16, 0x0c, 0x25, 0xa9, + 0x93, 0x76, 0x92, 0xf1, 0x32, 0xe3, 0x78, 0xbd, 0x30, 0x8e, 0x8c, 0x6a, 0xe3, 0xa4, 0xe0, 0x39, + 0xc4, 0xff, 0x63, 0xc1, 0xcd, 0xfe, 0x23, 0x0b, 0x4e, 0x6a, 0xe4, 0x05, 0x2f, 0x49, 0xd1, 0x8f, + 0x77, 0x75, 0xee, 0xe4, 0x60, 0x9d, 0x4b, 0x9f, 0x66, 0x5d, 0x7b, 0x5a, 0x30, 0xab, 0xc9, 0x16, + 0xa3, 0x63, 0xdb, 0x50, 0xf5, 0x52, 0xd2, 0x4e, 0xc6, 0x4b, 0x17, 0xca, 0xcf, 0x8c, 0x5c, 0xbc, + 0x52, 0xd4, 0x7b, 0x36, 0x4e, 0x08, 0xa6, 0xd5, 0x79, 0x4a, 0x1e, 0x73, 0x2e, 0xf6, 0xaf, 0x8e, + 0x9a, 0xef, 0x47, 0x3b, 0x1c, 0x3d, 0x0f, 0x23, 0x49, 0xd8, 0x89, 0x5d, 0x82, 0x49, 0x14, 0x26, + 0xe3, 0xd6, 0x85, 0x32, 0x1d, 0x7a, 0x74, 0xa4, 0xae, 0xe8, 0x66, 0x6c, 0xe2, 0xa0, 0x2f, 0x58, + 0x30, 0xda, 0x24, 0x49, 0xea, 0x05, 0x8c, 0xbf, 0x14, 0x7e, 0xf5, 0xc8, 0xc2, 0xcb, 0xc6, 0x59, + 0x4d, 0xbc, 0x71, 0x56, 0xbc, 0xc8, 0xa8, 0xd1, 0x98, 0xe0, 0x0c, 0x7f, 0x3a, 0xe3, 0x9a, 0x24, + 0x71, 0x63, 0x2f, 0xa2, 0xff, 0xd9, 0x98, 0x31, 0x66, 0xdc, 0xac, 0x06, 0x61, 0x13, 0x0f, 0x05, + 0x50, 0xa5, 0x33, 0x2a, 0x19, 0xaf, 0x30, 0xf9, 0xe7, 0x8f, 0x26, 0xbf, 0xe8, 0x54, 0x3a, 0x59, + 0x75, 0xef, 0xd3, 0x7f, 0x09, 0xe6, 0x6c, 0xd0, 0xe7, 0x2d, 0x18, 0x17, 0x33, 0x1e, 0x13, 0xde, + 0xa1, 0xb7, 0x36, 0xbc, 0x94, 0xf8, 0x5e, 0x92, 0x8e, 0x57, 0x99, 0x0c, 0x53, 0x83, 0x8d, 0xad, + 0xb9, 0x38, 0xec, 0x44, 0xd7, 0xbc, 0xa0, 0xd9, 0xb8, 0x20, 0x38, 0x8d, 0xcf, 0xf4, 0x21, 0x8c, + 0xfb, 0xb2, 0x44, 0x5f, 0xb1, 0xe0, 0x7c, 0xe0, 0xb4, 0x49, 0x12, 0x39, 0xf4, 0xd3, 0x72, 0x70, + 0xc3, 0x77, 0xdc, 0x4d, 0x26, 0xd1, 0xd0, 0xe1, 0x24, 0xb2, 0x85, 0x44, 0xe7, 0xaf, 0xf7, 0x25, + 0x8d, 0xef, 0xc1, 0x16, 0x7d, 0xc3, 0x82, 0xb1, 0x30, 0x8e, 0x36, 0x9c, 0x80, 0x34, 0x25, 0x34, + 0x19, 0x1f, 0x66, 0x53, 0xef, 0x23, 0x47, 0xfb, 0x44, 0x4b, 0x79, 0xb2, 0x8b, 0x61, 0xe0, 0xa5, + 0x61, 0xbc, 0x42, 0xd2, 0xd4, 0x0b, 0x5a, 0x49, 0xe3, 0xdc, 0xde, 0xee, 0xc4, 0x58, 0x17, 0x16, + 0xee, 0x96, 0x07, 0xfd, 0x04, 0x8c, 0x24, 0x3b, 0x81, 0x7b, 0xcb, 0x0b, 0x9a, 0xe1, 0x9d, 0x64, + 0xbc, 0x56, 0xc4, 0xf4, 0x5d, 0x51, 0x04, 0xc5, 0x04, 0xd4, 0x0c, 0xb0, 0xc9, 0xad, 0xf7, 0x87, + 0xd3, 0x43, 0xa9, 0x5e, 0xf4, 0x87, 0xd3, 0x83, 0xe9, 0x1e, 0x6c, 0xd1, 0xcf, 0x59, 0x70, 0x22, + 0xf1, 0x5a, 0x81, 0x93, 0x76, 0x62, 0x72, 0x8d, 0xec, 0x24, 0xe3, 0xc0, 0x04, 0xb9, 0x7a, 0xc4, + 0x5e, 0x31, 0x48, 0x36, 0xce, 0x09, 0x19, 0x4f, 0x98, 0xad, 0x09, 0xce, 0xf2, 0xed, 0x35, 0xd1, + 0xf4, 0xb0, 0x1e, 0x29, 0x76, 0xa2, 0xe9, 0x41, 0xdd, 0x97, 0x25, 0xfa, 0x31, 0x38, 0xcd, 0x9b, + 0x54, 0xcf, 0x26, 0xe3, 0xa3, 0x4c, 0xd1, 0x9e, 0xdd, 0xdb, 0x9d, 0x38, 0xbd, 0x92, 0x83, 0xe1, + 0x2e, 0x6c, 0xf4, 0x06, 0x4c, 0x44, 0x24, 0x6e, 0x7b, 0xe9, 0x52, 0xe0, 0xef, 0x48, 0xf5, 0xed, + 0x86, 0x11, 0x69, 0x0a, 0x71, 0x92, 0xf1, 0x13, 0x17, 0xac, 0x67, 0x6a, 0x8d, 0x77, 0x09, 0x31, + 0x27, 0x96, 0xef, 0x8d, 0x8e, 0xf7, 0xa3, 0x67, 0xff, 0xf3, 0x12, 0x9c, 0xce, 0x2f, 0x9c, 0xe8, + 0x6f, 0x5a, 0x70, 0xea, 0xf6, 0x9d, 0x74, 0x35, 0xdc, 0x24, 0x41, 0xd2, 0xd8, 0xa1, 0xea, 0x8d, + 0x2d, 0x19, 0x23, 0x17, 0xdd, 0x62, 0x97, 0xe8, 0xc9, 0xab, 0x59, 0x2e, 0x97, 0x82, 0x34, 0xde, + 0x69, 0x3c, 0x2a, 0xde, 0xee, 0xd4, 0xd5, 0x5b, 0xab, 0x26, 0x14, 0xe7, 0x85, 0x3a, 0xff, 0x59, + 0x0b, 0xce, 0xf6, 0x22, 0x81, 0x4e, 0x43, 0x79, 0x93, 0xec, 0x70, 0xab, 0x0c, 0xd3, 0x9f, 0xe8, + 0x35, 0xa8, 0x6e, 0x39, 0x7e, 0x87, 0x08, 0xeb, 0x66, 0xee, 0x68, 0x2f, 0xa2, 0x24, 0xc3, 0x9c, + 0xea, 0x0f, 0x97, 0x5e, 0xb2, 0xec, 0x7f, 0x55, 0x86, 0x11, 0x63, 0x7d, 0xbb, 0x0f, 0x16, 0x5b, + 0x98, 0xb1, 0xd8, 0x16, 0x0b, 0x5b, 0x9a, 0xfb, 0x9a, 0x6c, 0x77, 0x72, 0x26, 0xdb, 0x52, 0x71, + 0x2c, 0xef, 0x69, 0xb3, 0xa1, 0x14, 0xea, 0x61, 0x44, 0x2d, 0x72, 0xba, 0xf4, 0x57, 0x8a, 0xf8, + 0x84, 0x4b, 0x92, 0x5c, 0xe3, 0xc4, 0xde, 0xee, 0x44, 0x5d, 0xfd, 0xc5, 0x9a, 0x91, 0xfd, 0x6d, + 0x0b, 0xce, 0x1a, 0x32, 0xce, 0x84, 0x41, 0xd3, 0x63, 0x9f, 0xf6, 0x02, 0x54, 0xd2, 0x9d, 0x48, + 0x9a, 0xfd, 0xaa, 0xa7, 0x56, 0x77, 0x22, 0x82, 0x19, 0x84, 0x1a, 0xfa, 0x6d, 0x92, 0x24, 0x4e, + 0x8b, 0xe4, 0x0d, 0xfd, 0x45, 0xde, 0x8c, 0x25, 0x1c, 0xc5, 0x80, 0x7c, 0x27, 0x49, 0x57, 0x63, + 0x27, 0x48, 0x18, 0xf9, 0x55, 0xaf, 0x4d, 0x44, 0x07, 0xff, 0x99, 0xc1, 0x46, 0x0c, 0x7d, 0xa2, + 0xf1, 0xc8, 0xde, 0xee, 0x04, 0x5a, 0xe8, 0xa2, 0x84, 0x7b, 0x50, 0xb7, 0xbf, 0x62, 0xc1, 0x23, + 0xbd, 0x6d, 0x31, 0xf4, 0x34, 0x0c, 0xf1, 0x2d, 0x9f, 0x78, 0x3b, 0xfd, 0x49, 0x58, 0x2b, 0x16, + 0x50, 0x34, 0x05, 0x75, 0xb5, 0x4e, 0x88, 0x77, 0x1c, 0x13, 0xa8, 0x75, 0xbd, 0xb8, 0x68, 0x1c, + 0xda, 0x69, 0xf4, 0x8f, 0xb0, 0xdc, 0x54, 0xa7, 0xb1, 0x4d, 0x12, 0x83, 0xd8, 0xff, 0xde, 0x82, + 0x53, 0x86, 0x54, 0xf7, 0xc1, 0x34, 0x0f, 0xb2, 0xa6, 0xf9, 0x7c, 0x61, 0xe3, 0xb9, 0x8f, 0x6d, + 0xfe, 0x79, 0x0b, 0xce, 0x1b, 0x58, 0x8b, 0x4e, 0xea, 0x6e, 0x5c, 0xda, 0x8e, 0x62, 0x92, 0xd0, + 0xed, 0x34, 0x7a, 0xc2, 0xd0, 0x5b, 0x8d, 0x11, 0x41, 0xa1, 0x7c, 0x8d, 0xec, 0x70, 0x25, 0xf6, + 0x2c, 0xd4, 0xf8, 0xe0, 0x0c, 0x63, 0xd1, 0xe3, 0xea, 0xdd, 0x96, 0x44, 0x3b, 0x56, 0x18, 0xc8, + 0x86, 0x21, 0xa6, 0x9c, 0xe8, 0x64, 0xa5, 0xcb, 0x10, 0xd0, 0x8f, 0x78, 0x93, 0xb5, 0x60, 0x01, + 0xb1, 0x97, 0x32, 0xe2, 0x2c, 0xc7, 0x84, 0x7d, 0xdc, 0xe6, 0x65, 0x8f, 0xf8, 0xcd, 0x84, 0x6e, + 0x1b, 0x9c, 0x20, 0x08, 0x53, 0xb1, 0x03, 0x30, 0xb6, 0x0d, 0xd3, 0xba, 0x19, 0x9b, 0x38, 0xf6, + 0x5e, 0x89, 0x6d, 0x3e, 0xd4, 0xb4, 0x26, 0xf7, 0x63, 0xe7, 0x1a, 0x67, 0xf4, 0xe0, 0x72, 0x71, + 0x4a, 0x89, 0xf4, 0xdf, 0xbd, 0xbe, 0x99, 0x53, 0x85, 0xb8, 0x50, 0xae, 0xf7, 0xde, 0xc1, 0xfe, + 0x56, 0x09, 0x26, 0xb2, 0x0f, 0x74, 0x69, 0x52, 0xba, 0x5d, 0x32, 0x18, 0xe5, 0x1d, 0x14, 0x06, + 0x3e, 0x36, 0xf1, 0xfa, 0x28, 0xa3, 0xd2, 0x71, 0x2a, 0x23, 0x53, 0x57, 0x96, 0xf7, 0xd1, 0x95, + 0x4f, 0xab, 0x5e, 0xaf, 0xe4, 0x94, 0x53, 0x76, 0xbd, 0xb8, 0x00, 0x95, 0x24, 0x25, 0xd1, 0x78, + 0x35, 0xab, 0x6b, 0x56, 0x52, 0x12, 0x61, 0x06, 0xb1, 0xff, 0x4b, 0x09, 0x1e, 0xcd, 0xf6, 0xa1, + 0x56, 0xef, 0x1f, 0xc8, 0xa8, 0xf7, 0xf7, 0x98, 0xea, 0xfd, 0xee, 0xee, 0xc4, 0x3b, 0xfb, 0x3c, + 0xf6, 0x3d, 0xa3, 0xfd, 0xd1, 0x5c, 0xae, 0x17, 0xa7, 0xb2, 0xbd, 0x78, 0x77, 0x77, 0xe2, 0x89, + 0x3e, 0xef, 0x98, 0xeb, 0xe6, 0xa7, 0x61, 0x28, 0x26, 0x4e, 0x12, 0x06, 0xa2, 0xa3, 0xd5, 0xe7, + 0xc0, 0xac, 0x15, 0x0b, 0xa8, 0xfd, 0xaf, 0xeb, 0xf9, 0xce, 0x9e, 0xe3, 0x0e, 0xb6, 0x30, 0x46, + 0x1e, 0x54, 0x98, 0xc9, 0xce, 0x55, 0xc3, 0xb5, 0xa3, 0x4d, 0x23, 0xaa, 0xe2, 0x15, 0xe9, 0x46, + 0x8d, 0x7e, 0x35, 0xda, 0x84, 0x19, 0x0b, 0xb4, 0x0d, 0x35, 0x57, 0x5a, 0xd2, 0xa5, 0x22, 0x7c, + 0x4e, 0xc2, 0x8e, 0xd6, 0x1c, 0x47, 0xa9, 0x2e, 0x56, 0xe6, 0xb7, 0xe2, 0x86, 0x08, 0x94, 0x5b, + 0x5e, 0x2a, 0x3e, 0xeb, 0x11, 0xf7, 0x4a, 0x73, 0x9e, 0xf1, 0x8a, 0xc3, 0x74, 0x81, 0x98, 0xf3, + 0x52, 0x4c, 0xe9, 0xa3, 0x9f, 0xb1, 0x60, 0x24, 0x71, 0xdb, 0xcb, 0x71, 0xb8, 0xe5, 0x35, 0x49, + 0x2c, 0x2c, 0xa5, 0x23, 0xaa, 0xa6, 0x95, 0x99, 0x45, 0x49, 0x50, 0xf3, 0xe5, 0x7b, 0x57, 0x0d, + 0xc1, 0x26, 0x5f, 0xba, 0x83, 0x78, 0x54, 0xbc, 0xfb, 0x2c, 0x71, 0x3d, 0xba, 0xb6, 0xc9, 0x0d, + 0x13, 0x1b, 0x29, 0x47, 0xb6, 0x1c, 0x67, 0x3b, 0xee, 0x26, 0x9d, 0x6f, 0x5a, 0xa0, 0x77, 0xee, + 0xed, 0x4e, 0x3c, 0x3a, 0xd3, 0x9b, 0x27, 0xee, 0x27, 0x0c, 0xeb, 0xb0, 0xa8, 0xe3, 0xfb, 0x98, + 0xbc, 0xd1, 0x21, 0xcc, 0x1d, 0x52, 0x40, 0x87, 0x2d, 0x6b, 0x82, 0xb9, 0x0e, 0x33, 0x20, 0xd8, + 0xe4, 0x8b, 0xde, 0x80, 0xa1, 0xb6, 0x93, 0xc6, 0xde, 0xb6, 0xf0, 0x81, 0x1c, 0xd1, 0x96, 0x5f, + 0x64, 0xb4, 0x34, 0x73, 0xb6, 0xf4, 0xf3, 0x46, 0x2c, 0x18, 0xa1, 0x36, 0x54, 0xdb, 0x24, 0x6e, + 0x91, 0xf1, 0x5a, 0x11, 0xfe, 0xde, 0x45, 0x4a, 0x4a, 0x33, 0xac, 0x53, 0xcb, 0x87, 0xb5, 0x61, + 0xce, 0x05, 0xbd, 0x06, 0xb5, 0x84, 0xf8, 0xc4, 0xa5, 0xb6, 0x4b, 0x9d, 0x71, 0x7c, 0xef, 0x80, + 0x76, 0x9c, 0xb3, 0x46, 0xfc, 0x15, 0xf1, 0x28, 0x9f, 0x60, 0xf2, 0x1f, 0x56, 0x24, 0x69, 0x07, + 0x46, 0x7e, 0xa7, 0xe5, 0x05, 0xe3, 0x50, 0x44, 0x07, 0x2e, 0x33, 0x5a, 0xb9, 0x0e, 0xe4, 0x8d, + 0x58, 0x30, 0xb2, 0xff, 0xa3, 0x05, 0x28, 0xab, 0xd4, 0xee, 0x83, 0xc1, 0xfa, 0x46, 0xd6, 0x60, + 0x5d, 0x28, 0xd2, 0xea, 0xe8, 0x63, 0xb3, 0xfe, 0x46, 0x1d, 0x72, 0xcb, 0xc1, 0x75, 0x92, 0xa4, + 0xa4, 0xf9, 0xb6, 0x0a, 0x7f, 0x5b, 0x85, 0xbf, 0xad, 0xc2, 0x95, 0x0a, 0x5f, 0xcb, 0xa9, 0xf0, + 0xf7, 0x1b, 0xb3, 0x5e, 0x1f, 0x98, 0xbe, 0xae, 0x4e, 0x54, 0x4d, 0x09, 0x0c, 0x04, 0xaa, 0x09, + 0xae, 0xae, 0x2c, 0x5d, 0xef, 0xa9, 0xb3, 0x5f, 0xcf, 0xea, 0xec, 0xa3, 0xb2, 0xf8, 0xd3, 0xa0, + 0xa5, 0xff, 0x6a, 0x09, 0x1e, 0xcb, 0x6a, 0x2f, 0x1c, 0xfa, 0x7e, 0xd8, 0x49, 0xe9, 0x5e, 0x00, + 0xfd, 0xa2, 0x05, 0xa7, 0xdb, 0xd9, 0x4d, 0x78, 0x22, 0x7c, 0x9d, 0x1f, 0x2c, 0x4c, 0xb5, 0xe6, + 0x76, 0xf9, 0x8d, 0x71, 0xa1, 0x66, 0x4f, 0xe7, 0x00, 0x09, 0xee, 0x92, 0x05, 0xbd, 0x06, 0xf5, + 0xb6, 0xb3, 0x7d, 0x23, 0x6a, 0x3a, 0xa9, 0xdc, 0x86, 0xf5, 0xdf, 0x3d, 0x77, 0x52, 0xcf, 0x9f, + 0xe4, 0x27, 0xd8, 0x93, 0xf3, 0x41, 0xba, 0x14, 0xaf, 0xa4, 0xb1, 0x17, 0xb4, 0xb8, 0x87, 0x6b, + 0x51, 0x92, 0xc1, 0x9a, 0xa2, 0xfd, 0x35, 0x2b, 0xaf, 0xdb, 0x55, 0xef, 0xc4, 0x4e, 0x4a, 0x5a, + 0x3b, 0xe8, 0x63, 0x50, 0xa5, 0xfb, 0x25, 0xd9, 0x2b, 0xb7, 0x8a, 0x5c, 0x70, 0x8c, 0x2f, 0xa1, + 0xd7, 0x1e, 0xfa, 0x2f, 0xc1, 0x9c, 0xa9, 0xfd, 0x95, 0xe1, 0xfc, 0x1a, 0xcb, 0xce, 0x33, 0x2f, + 0x02, 0xb4, 0xc2, 0x55, 0xd2, 0x8e, 0x7c, 0xda, 0x2d, 0x16, 0x73, 0x8a, 0x2b, 0x17, 0xc1, 0x9c, + 0x82, 0x60, 0x03, 0x0b, 0xfd, 0x79, 0x0b, 0xa0, 0x25, 0x87, 0x8a, 0x5c, 0x3f, 0x6f, 0x14, 0xf9, + 0x3a, 0x7a, 0x20, 0x6a, 0x59, 0x14, 0x43, 0x6c, 0x30, 0x47, 0x3f, 0x65, 0x41, 0x2d, 0x95, 0xe2, + 0xf3, 0x15, 0x65, 0xb5, 0x48, 0x49, 0xe4, 0x4b, 0x6b, 0x53, 0x42, 0x75, 0x89, 0xe2, 0x8b, 0x7e, + 0xd6, 0x02, 0x48, 0x76, 0x02, 0x77, 0x39, 0xf4, 0x3d, 0x77, 0x47, 0x2c, 0x34, 0x37, 0x0b, 0x75, + 0x63, 0x28, 0xea, 0x8d, 0x93, 0xb4, 0x37, 0xf4, 0x7f, 0x6c, 0x70, 0x46, 0x9f, 0x80, 0x5a, 0x22, + 0x86, 0x9b, 0x58, 0x5a, 0x56, 0x8b, 0x75, 0xa6, 0x70, 0xda, 0x42, 0x2b, 0x89, 0x7f, 0x58, 0xf1, + 0x44, 0x3f, 0x6f, 0xc1, 0xa9, 0x28, 0xeb, 0xfa, 0x12, 0xab, 0x48, 0x71, 0x3a, 0x20, 0xe7, 0x5a, + 0x6b, 0x9c, 0xd9, 0xdb, 0x9d, 0x38, 0x95, 0x6b, 0xc4, 0x79, 0x29, 0xd0, 0x0c, 0x8c, 0xe9, 0x11, + 0xbc, 0x14, 0x71, 0x37, 0xdc, 0x30, 0x73, 0xc3, 0xb1, 0x53, 0xcc, 0xb9, 0x3c, 0x10, 0x77, 0xe3, + 0xa3, 0x65, 0x38, 0x4b, 0xa5, 0xdb, 0xe1, 0x56, 0x9b, 0xd4, 0xca, 0x09, 0x5b, 0x43, 0x6a, 0x8d, + 0xc7, 0xc5, 0x08, 0x61, 0x8e, 0xee, 0x3c, 0x0e, 0xee, 0xf9, 0xa4, 0xfd, 0xad, 0x52, 0xc6, 0x2f, + 0xae, 0x1c, 0x56, 0x6c, 0x8e, 0xb9, 0xd2, 0x57, 0x20, 0x55, 0x46, 0xa1, 0x73, 0x4c, 0x79, 0x22, + 0xf4, 0x1c, 0x53, 0x4d, 0x09, 0x36, 0x98, 0x53, 0x03, 0x66, 0xcc, 0xc9, 0xbb, 0xc5, 0xc4, 0xb4, + 0x7f, 0xad, 0x48, 0x91, 0xba, 0x4f, 0x31, 0x1e, 0x13, 0xa2, 0x8d, 0x75, 0x81, 0x70, 0xb7, 0x48, + 0xf6, 0xb7, 0xb2, 0xbe, 0x78, 0x63, 0xc4, 0x0e, 0x70, 0xce, 0xf0, 0x05, 0x0b, 0x46, 0xe2, 0xd0, + 0xf7, 0xbd, 0xa0, 0x45, 0x67, 0x97, 0x58, 0x22, 0x3e, 0x7c, 0x2c, 0x5a, 0x5a, 0x4c, 0x23, 0x66, + 0x06, 0x61, 0xcd, 0x13, 0x9b, 0x02, 0xd8, 0x7f, 0x64, 0xc1, 0x78, 0x3f, 0x2d, 0x80, 0x08, 0xbc, + 0x53, 0x0e, 0x71, 0x75, 0xca, 0xbe, 0x14, 0xcc, 0x12, 0x9f, 0x28, 0x27, 0x65, 0xad, 0xf1, 0x94, + 0x78, 0xcd, 0x77, 0x2e, 0xf7, 0x47, 0xc5, 0xf7, 0xa2, 0x83, 0x5e, 0x85, 0xd3, 0xc6, 0x7b, 0x25, + 0xaa, 0x63, 0xea, 0x8d, 0x49, 0xba, 0xec, 0x4e, 0xe7, 0x60, 0x77, 0x77, 0x27, 0x1e, 0xc9, 0xb7, + 0x09, 0x35, 0xd5, 0x45, 0xc7, 0xfe, 0x95, 0x52, 0xfe, 0x6b, 0xa9, 0x15, 0xe6, 0xab, 0x56, 0xd7, + 0xd6, 0xef, 0x83, 0xc7, 0xa1, 0xd5, 0xd9, 0x26, 0x51, 0x1d, 0xe4, 0xf7, 0xc7, 0x79, 0x80, 0x27, + 0x85, 0xf6, 0xbf, 0xa8, 0xc0, 0x3d, 0x24, 0x53, 0x67, 0x41, 0x56, 0xbf, 0xb3, 0xa0, 0x83, 0x1f, + 0x2f, 0x7d, 0xce, 0x82, 0x21, 0x9f, 0x5a, 0xa1, 0xfc, 0xbc, 0x63, 0xe4, 0x62, 0xf3, 0xb8, 0xfa, + 0x9e, 0x1b, 0xbb, 0x09, 0x3f, 0xad, 0x56, 0x2e, 0x4f, 0xde, 0x88, 0x85, 0x0c, 0xe8, 0xeb, 0x56, + 0xf6, 0xf0, 0x84, 0x87, 0x1f, 0x79, 0xc7, 0x26, 0x93, 0x71, 0x22, 0xc3, 0x05, 0xd3, 0xbe, 0xfe, + 0x3e, 0x67, 0x35, 0x68, 0x12, 0x60, 0xdd, 0x0b, 0x1c, 0xdf, 0x7b, 0x93, 0xee, 0xa6, 0xab, 0x6c, + 0x59, 0x61, 0xeb, 0xf4, 0x65, 0xd5, 0x8a, 0x0d, 0x8c, 0xf3, 0x7f, 0x0e, 0x46, 0x8c, 0x37, 0xef, + 0x71, 0xc8, 0x7e, 0xd6, 0x3c, 0x64, 0xaf, 0x1b, 0x67, 0xe3, 0xe7, 0xdf, 0x0f, 0xa7, 0xf3, 0x02, + 0x1e, 0xe4, 0x79, 0xfb, 0x7f, 0x0e, 0xe7, 0x4f, 0x3c, 0x56, 0x49, 0xdc, 0xa6, 0xa2, 0xbd, 0xed, + 0x85, 0x78, 0xdb, 0x0b, 0xf1, 0xb6, 0x17, 0xc2, 0x74, 0x24, 0x8b, 0x1d, 0xf6, 0xf0, 0x7d, 0xda, + 0x61, 0x67, 0x7c, 0x06, 0xb5, 0xc2, 0x7d, 0x06, 0xf6, 0x5e, 0x15, 0x32, 0x76, 0x14, 0xef, 0xef, + 0x77, 0xc3, 0x70, 0x4c, 0xa2, 0xf0, 0x06, 0x5e, 0x10, 0x6b, 0x88, 0x0e, 0xa4, 0xe6, 0xcd, 0x58, + 0xc2, 0xe9, 0x5a, 0x13, 0x39, 0xe9, 0x86, 0x58, 0x44, 0xd4, 0x5a, 0xb3, 0xec, 0xa4, 0x1b, 0x98, + 0x41, 0xd0, 0xfb, 0xe1, 0x64, 0xea, 0xc4, 0x2d, 0x92, 0x62, 0xb2, 0xc5, 0x3e, 0xab, 0x38, 0x17, + 0x7b, 0x44, 0xe0, 0x9e, 0x5c, 0xcd, 0x40, 0x71, 0x0e, 0x1b, 0xbd, 0x01, 0x95, 0x0d, 0xe2, 0xb7, + 0x45, 0x97, 0xaf, 0x14, 0xa7, 0xe3, 0xd9, 0xbb, 0x5e, 0x21, 0x7e, 0x9b, 0x6b, 0x20, 0xfa, 0x0b, + 0x33, 0x56, 0x74, 0xbc, 0xd5, 0x37, 0x3b, 0x49, 0x1a, 0xb6, 0xbd, 0x37, 0xa5, 0x3b, 0xe8, 0x83, + 0x05, 0x33, 0xbe, 0x26, 0xe9, 0x73, 0x07, 0x82, 0xfa, 0x8b, 0x35, 0x67, 0x26, 0x47, 0xd3, 0x8b, + 0xd9, 0xa7, 0xda, 0x11, 0x5e, 0x9d, 0xa2, 0xe5, 0x98, 0x95, 0xf4, 0xb9, 0x1c, 0xea, 0x2f, 0xd6, + 0x9c, 0xd1, 0x8e, 0x1a, 0xf7, 0x23, 0x4c, 0x86, 0x1b, 0x05, 0xcb, 0xc0, 0xc7, 0x7c, 0xcf, 0xf1, + 0xff, 0x14, 0x54, 0xdd, 0x0d, 0x27, 0x4e, 0xc7, 0x47, 0xd9, 0xa0, 0x51, 0x8e, 0x8c, 0x19, 0xda, + 0x88, 0x39, 0x0c, 0x3d, 0x01, 0xe5, 0x98, 0xac, 0xb3, 0xf8, 0x3d, 0x23, 0xb2, 0x03, 0x93, 0x75, + 0x4c, 0xdb, 0xed, 0x5f, 0x2a, 0x65, 0xcd, 0xa5, 0xec, 0x7b, 0xf3, 0xd1, 0xee, 0x76, 0xe2, 0x44, + 0x3a, 0x3b, 0x8c, 0xd1, 0xce, 0x9a, 0xb1, 0x84, 0xa3, 0x4f, 0x59, 0x30, 0x7c, 0x3b, 0x09, 0x83, + 0x80, 0xa4, 0x62, 0x69, 0xba, 0x59, 0x70, 0x57, 0x5c, 0xe5, 0xd4, 0xb5, 0x0c, 0xa2, 0x01, 0x4b, + 0xbe, 0x54, 0x5c, 0xb2, 0xed, 0xfa, 0x9d, 0x66, 0xd7, 0x81, 0xfe, 0x25, 0xde, 0x8c, 0x25, 0x9c, + 0xa2, 0x7a, 0x01, 0x47, 0xad, 0x64, 0x51, 0xe7, 0x03, 0x81, 0x2a, 0xe0, 0xf6, 0x5f, 0x1e, 0x82, + 0x73, 0x3d, 0x27, 0x07, 0x35, 0x64, 0x98, 0xa9, 0x70, 0xd9, 0xf3, 0x89, 0x0c, 0x53, 0x61, 0x86, + 0xcc, 0x4d, 0xd5, 0x8a, 0x0d, 0x0c, 0xf4, 0x93, 0x00, 0x91, 0x13, 0x3b, 0x6d, 0x22, 0x16, 0xf0, + 0xf2, 0xd1, 0xed, 0x05, 0x2a, 0xc7, 0xb2, 0xa4, 0xa9, 0xf7, 0xa6, 0xaa, 0x29, 0xc1, 0x06, 0x4b, + 0xf4, 0x22, 0x8c, 0xc4, 0xc4, 0x27, 0x4e, 0xc2, 0xc2, 0x3f, 0xf3, 0xb1, 0xec, 0x58, 0x83, 0xb0, + 0x89, 0x87, 0x9e, 0x56, 0x11, 0x3d, 0xb9, 0xe8, 0x87, 0x6c, 0x54, 0x0f, 0xfa, 0xa2, 0x05, 0x27, + 0xd7, 0x3d, 0x9f, 0x68, 0xee, 0x22, 0xf2, 0x7c, 0xe9, 0xe8, 0x2f, 0x79, 0xd9, 0xa4, 0xab, 0x35, + 0x64, 0xa6, 0x39, 0xc1, 0x39, 0xf6, 0xf4, 0x33, 0x6f, 0x91, 0x98, 0xa9, 0xd6, 0xa1, 0xec, 0x67, + 0xbe, 0xc9, 0x9b, 0xb1, 0x84, 0xa3, 0x69, 0x38, 0x15, 0x39, 0x49, 0x32, 0x13, 0x93, 0x26, 0x09, + 0x52, 0xcf, 0xf1, 0x79, 0x5c, 0x78, 0x4d, 0xc7, 0x85, 0x2e, 0x67, 0xc1, 0x38, 0x8f, 0x8f, 0x3e, + 0x04, 0x8f, 0x7a, 0xad, 0x20, 0x8c, 0xc9, 0xa2, 0x97, 0x24, 0x5e, 0xd0, 0xd2, 0xc3, 0x40, 0x38, + 0x3d, 0x26, 0x04, 0xa9, 0x47, 0xe7, 0x7b, 0xa3, 0xe1, 0x7e, 0xcf, 0xa3, 0x67, 0xa1, 0x96, 0x6c, + 0x7a, 0xd1, 0x4c, 0xdc, 0x4c, 0x98, 0x83, 0xbc, 0xa6, 0x5d, 0x6c, 0x2b, 0xa2, 0x1d, 0x2b, 0x0c, + 0xe4, 0xc2, 0x28, 0xff, 0x24, 0x3c, 0x6c, 0x49, 0xe8, 0xc7, 0xe7, 0xfa, 0x2e, 0x8f, 0x22, 0x75, + 0x69, 0x12, 0x3b, 0x77, 0x2e, 0x49, 0x77, 0x7d, 0xe3, 0xf4, 0xde, 0xee, 0xc4, 0xe8, 0x4d, 0x83, + 0x0c, 0xce, 0x10, 0xb5, 0x7f, 0xa1, 0x94, 0xdd, 0x71, 0x9b, 0x93, 0x14, 0x25, 0x74, 0x2a, 0xa6, + 0x37, 0x9d, 0x58, 0x7a, 0x63, 0x8e, 0x18, 0xbe, 0x2e, 0xe8, 0xde, 0x74, 0x62, 0x73, 0x52, 0x33, + 0x06, 0x58, 0x72, 0x42, 0xb7, 0xa1, 0x92, 0xfa, 0x4e, 0x41, 0xf9, 0x2e, 0x06, 0x47, 0xed, 0x00, + 0x59, 0x98, 0x4e, 0x30, 0xe3, 0x81, 0x1e, 0xa7, 0x56, 0xff, 0x9a, 0x8c, 0x71, 0x13, 0x86, 0xfa, + 0x5a, 0x82, 0x59, 0xab, 0xfd, 0xff, 0x6a, 0x3d, 0xf4, 0xaa, 0x5a, 0xc8, 0xd0, 0x45, 0x00, 0xba, + 0x81, 0x5c, 0x8e, 0xc9, 0xba, 0xb7, 0x2d, 0x0c, 0x09, 0x35, 0x77, 0xaf, 0x2b, 0x08, 0x36, 0xb0, + 0xe4, 0x33, 0x2b, 0x9d, 0x75, 0xfa, 0x4c, 0xa9, 0xfb, 0x19, 0x0e, 0xc1, 0x06, 0x16, 0x7a, 0x01, + 0x86, 0xbc, 0xb6, 0xd3, 0x52, 0xa1, 0x78, 0x8f, 0xd3, 0x49, 0x3b, 0xcf, 0x5a, 0xee, 0xee, 0x4e, + 0x9c, 0x54, 0x02, 0xb1, 0x26, 0x2c, 0x70, 0xd1, 0xaf, 0x58, 0x30, 0xea, 0x86, 0xed, 0x76, 0x18, + 0xf0, 0x6d, 0x97, 0xd8, 0x43, 0xde, 0x3e, 0xae, 0x65, 0x7e, 0x72, 0xc6, 0x60, 0xc6, 0x37, 0x91, + 0x2a, 0x31, 0xc7, 0x04, 0xe1, 0x8c, 0x54, 0xe6, 0xdc, 0xae, 0xee, 0x33, 0xb7, 0x7f, 0xdd, 0x82, + 0x31, 0xfe, 0xac, 0xb1, 0x1b, 0x14, 0x39, 0x28, 0xe1, 0x31, 0xbf, 0x56, 0xd7, 0x06, 0x59, 0x79, + 0xe9, 0xba, 0xe0, 0xb8, 0x5b, 0x48, 0x34, 0x07, 0x63, 0xeb, 0x61, 0xec, 0x12, 0xb3, 0x23, 0x84, + 0x62, 0x52, 0x84, 0x2e, 0xe7, 0x11, 0x70, 0xf7, 0x33, 0xe8, 0x26, 0x3c, 0x62, 0x34, 0x9a, 0xfd, + 0xc0, 0x75, 0xd3, 0x93, 0x82, 0xda, 0x23, 0x97, 0x7b, 0x62, 0xe1, 0x3e, 0x4f, 0x67, 0x1d, 0x26, + 0xf5, 0x01, 0x1c, 0x26, 0xaf, 0xc3, 0x63, 0x6e, 0x77, 0xcf, 0x6c, 0x25, 0x9d, 0xb5, 0x84, 0x6b, + 0xaa, 0x5a, 0xe3, 0x07, 0x04, 0x81, 0xc7, 0x66, 0xfa, 0x21, 0xe2, 0xfe, 0x34, 0xd0, 0xc7, 0xa0, + 0x16, 0x13, 0xf6, 0x55, 0x12, 0x91, 0x90, 0x71, 0xc4, 0x5d, 0xb2, 0xb6, 0x40, 0x39, 0x59, 0xad, + 0x7b, 0x45, 0x43, 0x82, 0x15, 0xc7, 0xf3, 0x1f, 0x80, 0xb1, 0xae, 0xf1, 0x7c, 0x20, 0x9f, 0xc5, + 0x2c, 0x3c, 0xd2, 0x7b, 0xe4, 0x1c, 0xc8, 0x73, 0xf1, 0x0f, 0x72, 0x71, 0x86, 0x86, 0x35, 0x39, + 0x80, 0x17, 0xcc, 0x81, 0x32, 0x09, 0xb6, 0x84, 0x22, 0xbd, 0x7c, 0xb4, 0xde, 0xbb, 0x14, 0x6c, + 0xf1, 0x81, 0xcf, 0xb6, 0xfa, 0x97, 0x82, 0x2d, 0x4c, 0x69, 0xa3, 0x2f, 0x5b, 0x19, 0x6b, 0x88, + 0xfb, 0xce, 0x3e, 0x72, 0x2c, 0xe6, 0xf3, 0xc0, 0x06, 0x92, 0xfd, 0x2f, 0x4b, 0x70, 0x61, 0x3f, + 0x22, 0x03, 0x74, 0xdf, 0x53, 0x30, 0x94, 0xb0, 0x23, 0x50, 0xa1, 0x99, 0x46, 0xa8, 0x56, 0xe2, + 0x87, 0xa2, 0xaf, 0x63, 0x01, 0x42, 0x3e, 0x94, 0xdb, 0x4e, 0x24, 0x5c, 0x2a, 0xf3, 0x47, 0xcd, + 0x2a, 0xa0, 0xff, 0x1d, 0x7f, 0xd1, 0x89, 0xf8, 0x46, 0xdd, 0x68, 0xc0, 0x94, 0x0d, 0x4a, 0xa1, + 0xea, 0xc4, 0xb1, 0x23, 0xcf, 0xdb, 0xae, 0x15, 0xc3, 0x6f, 0x9a, 0x92, 0x6c, 0x8c, 0xed, 0xed, + 0x4e, 0x9c, 0xc8, 0x34, 0x61, 0xce, 0xcc, 0xfe, 0xdc, 0x70, 0x26, 0xb2, 0x9e, 0x1d, 0xa2, 0x26, + 0x30, 0x24, 0x3c, 0x29, 0x56, 0xd1, 0xc9, 0x1c, 0x3c, 0x35, 0x8a, 0x6d, 0x96, 0x44, 0x82, 0xa9, + 0x60, 0x85, 0x3e, 0x6b, 0xb1, 0x34, 0x4e, 0x99, 0x6d, 0x20, 0xb6, 0x28, 0xc7, 0x93, 0x55, 0x6a, + 0x26, 0x87, 0xca, 0x46, 0x6c, 0x72, 0xa7, 0x4b, 0x57, 0xc4, 0x13, 0x92, 0xf2, 0x1b, 0x15, 0x99, + 0xe8, 0x29, 0xe1, 0x68, 0xbb, 0xc7, 0x61, 0x69, 0x01, 0xa9, 0x80, 0x03, 0x1c, 0x8f, 0x7e, 0xdd, + 0x82, 0x31, 0x6e, 0x8e, 0xce, 0x7a, 0xeb, 0xeb, 0x24, 0x26, 0x81, 0x4b, 0xa4, 0x41, 0x7f, 0xc4, + 0xe3, 0x78, 0xe9, 0xbe, 0x9a, 0xcf, 0x93, 0xd7, 0x6b, 0x5a, 0x17, 0x08, 0x77, 0x0b, 0x83, 0x9a, + 0x50, 0xf1, 0x82, 0xf5, 0x50, 0xac, 0xe4, 0x8d, 0xa3, 0x09, 0x35, 0x1f, 0xac, 0x87, 0x7a, 0x36, + 0xd3, 0x7f, 0x98, 0x51, 0x47, 0x0b, 0x70, 0x36, 0x16, 0x2e, 0x97, 0x2b, 0x5e, 0x42, 0x37, 0xc6, + 0x0b, 0x5e, 0xdb, 0x4b, 0xd9, 0x2a, 0x5c, 0x6e, 0x8c, 0xef, 0xed, 0x4e, 0x9c, 0xc5, 0x3d, 0xe0, + 0xb8, 0xe7, 0x53, 0xe8, 0x4d, 0x18, 0x96, 0x79, 0xa7, 0xb5, 0x22, 0x36, 0x47, 0xdd, 0xe3, 0x5f, + 0x0d, 0xa6, 0x15, 0x91, 0x62, 0x2a, 0x19, 0xda, 0x5f, 0x1c, 0x81, 0xee, 0xb3, 0x41, 0xf4, 0x71, + 0xa8, 0xc7, 0x2a, 0x17, 0xd6, 0x2a, 0x22, 0xbe, 0x4f, 0x7e, 0x5f, 0x71, 0x2e, 0xa9, 0xec, 0x01, + 0x9d, 0xf5, 0xaa, 0x39, 0x52, 0xab, 0x3d, 0xd1, 0x47, 0x88, 0x05, 0x8c, 0x6d, 0xc1, 0x55, 0x1f, + 0x0f, 0xed, 0x04, 0x2e, 0x66, 0x3c, 0x50, 0x0c, 0x43, 0x1b, 0xc4, 0xf1, 0xd3, 0x8d, 0x62, 0x3c, + 0xd9, 0x57, 0x18, 0xad, 0x7c, 0xd6, 0x04, 0x6f, 0xc5, 0x82, 0x13, 0xda, 0x86, 0xe1, 0x0d, 0x3e, + 0x00, 0x84, 0x21, 0xbd, 0x78, 0xd4, 0xce, 0xcd, 0x8c, 0x2a, 0xfd, 0xb9, 0x45, 0x03, 0x96, 0xec, + 0x58, 0xa4, 0x85, 0x71, 0x2c, 0xce, 0xa7, 0x6e, 0x71, 0x09, 0x23, 0x83, 0x9f, 0x89, 0x7f, 0x14, + 0x46, 0x63, 0xe2, 0x86, 0x81, 0xeb, 0xf9, 0xa4, 0x39, 0x2d, 0xbd, 0xd4, 0x07, 0x49, 0x33, 0x60, + 0x9b, 0x51, 0x6c, 0xd0, 0xc0, 0x19, 0x8a, 0xe8, 0x33, 0x16, 0x9c, 0x54, 0x09, 0x74, 0xf4, 0x83, + 0x10, 0xe1, 0x15, 0x5d, 0x28, 0x28, 0x5d, 0x8f, 0xd1, 0x6c, 0xa0, 0xbd, 0xdd, 0x89, 0x93, 0xd9, + 0x36, 0x9c, 0xe3, 0x8b, 0x5e, 0x05, 0x08, 0xd7, 0x78, 0x38, 0xc5, 0x74, 0x2a, 0x5c, 0xa4, 0x07, + 0x79, 0xd5, 0x93, 0x3c, 0xdf, 0x48, 0x52, 0xc0, 0x06, 0x35, 0x74, 0x0d, 0x80, 0x4f, 0x9b, 0xd5, + 0x9d, 0x48, 0x5a, 0xdb, 0x32, 0x4f, 0x04, 0x56, 0x14, 0xe4, 0xee, 0xee, 0x44, 0xb7, 0xcb, 0x8a, + 0x9d, 0xde, 0x1b, 0x8f, 0xa3, 0x9f, 0x80, 0xe1, 0xa4, 0xd3, 0x6e, 0x3b, 0xca, 0x81, 0x5a, 0x60, + 0x06, 0x13, 0xa7, 0x6b, 0xa8, 0x22, 0xde, 0x80, 0x25, 0x47, 0x74, 0x9b, 0x2a, 0xd5, 0x44, 0xf8, + 0xd2, 0xd8, 0x2c, 0xe2, 0x36, 0xc1, 0x08, 0x7b, 0xa7, 0xf7, 0xc9, 0xe8, 0x10, 0xdc, 0x03, 0xe7, + 0xee, 0xee, 0xc4, 0x23, 0xd9, 0xf6, 0x85, 0x50, 0xe4, 0x14, 0xf5, 0xa4, 0x89, 0xae, 0xca, 0x32, + 0x14, 0xf4, 0xb5, 0x65, 0x76, 0xf4, 0x33, 0xba, 0x0c, 0x05, 0x6b, 0xee, 0xdf, 0x67, 0xe6, 0xc3, + 0x68, 0x11, 0xce, 0xb8, 0x61, 0x90, 0xc6, 0xa1, 0xef, 0xf3, 0xda, 0x2a, 0x7c, 0xe3, 0xc3, 0x1d, + 0xac, 0xef, 0x14, 0x62, 0x9f, 0x99, 0xe9, 0x46, 0xc1, 0xbd, 0x9e, 0xb3, 0x83, 0x6c, 0x9c, 0x99, + 0xe8, 0x9c, 0x17, 0x60, 0x94, 0x6c, 0xa7, 0x24, 0x0e, 0x1c, 0xff, 0x06, 0x5e, 0x90, 0xae, 0x45, + 0x36, 0x07, 0x2e, 0x19, 0xed, 0x38, 0x83, 0x85, 0x6c, 0xb5, 0xdb, 0x2f, 0xe9, 0xc4, 0x3b, 0xbe, + 0xdb, 0x97, 0x7b, 0x7b, 0xfb, 0x7f, 0x95, 0x32, 0x06, 0xd9, 0x6a, 0x4c, 0x08, 0x0a, 0xa1, 0x1a, + 0x84, 0x4d, 0xa5, 0xfb, 0xaf, 0x16, 0xa3, 0xfb, 0xaf, 0x87, 0x4d, 0xa3, 0x56, 0x05, 0xfd, 0x97, + 0x60, 0xce, 0x87, 0x25, 0xf3, 0xcb, 0xaa, 0x07, 0x0c, 0x20, 0x36, 0x1a, 0x45, 0x72, 0x56, 0xc9, + 0xfc, 0x4b, 0x26, 0x23, 0x9c, 0xe5, 0x8b, 0x36, 0xa1, 0xba, 0x11, 0x26, 0xa9, 0xdc, 0x7e, 0x1c, + 0x71, 0xa7, 0x73, 0x25, 0x4c, 0x52, 0x66, 0x45, 0xa8, 0xd7, 0xa6, 0x2d, 0x09, 0xe6, 0x3c, 0xec, + 0xff, 0x64, 0x65, 0x1c, 0xc9, 0xb7, 0x58, 0xcc, 0xe5, 0x16, 0x09, 0xe8, 0xb4, 0x36, 0xe3, 0x6d, + 0xfe, 0x6c, 0x2e, 0xf1, 0xeb, 0x5d, 0xfd, 0x2a, 0x07, 0xdd, 0xa1, 0x14, 0x26, 0x19, 0x09, 0x23, + 0x34, 0xe7, 0x93, 0x56, 0x36, 0x05, 0xaf, 0x54, 0xc4, 0x06, 0xc3, 0x4c, 0x31, 0xdd, 0x37, 0x9b, + 0xcf, 0xfe, 0xb2, 0x05, 0xc3, 0x0d, 0xc7, 0xdd, 0x0c, 0xd7, 0xd7, 0xd1, 0xb3, 0x50, 0x6b, 0x76, + 0x62, 0x33, 0x1b, 0x50, 0xed, 0x9e, 0x67, 0x45, 0x3b, 0x56, 0x18, 0x74, 0x0c, 0xaf, 0x3b, 0xae, + 0x4c, 0x34, 0x2d, 0xf3, 0x31, 0x7c, 0x99, 0xb5, 0x60, 0x01, 0x41, 0x2f, 0xc2, 0x48, 0xdb, 0xd9, + 0x96, 0x0f, 0xe7, 0xbd, 0xd8, 0x8b, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x9f, 0x59, 0x30, 0xde, 0x70, + 0x12, 0xcf, 0x9d, 0xee, 0xa4, 0x1b, 0x0d, 0x2f, 0x5d, 0xeb, 0xb8, 0x9b, 0x24, 0xe5, 0xd9, 0xc5, + 0x54, 0xca, 0x4e, 0x42, 0xa7, 0x92, 0xda, 0xd7, 0x29, 0x29, 0x6f, 0x88, 0x76, 0xac, 0x30, 0xd0, + 0x9b, 0x30, 0x12, 0x39, 0x49, 0x72, 0x27, 0x8c, 0x9b, 0x98, 0xac, 0x17, 0x93, 0xdb, 0xbf, 0x42, + 0xdc, 0x98, 0xa4, 0x98, 0xac, 0x8b, 0x93, 0x56, 0x4d, 0x1f, 0x9b, 0xcc, 0xec, 0x2f, 0x58, 0xf0, + 0x58, 0x83, 0x38, 0x31, 0x89, 0x59, 0x29, 0x00, 0xf5, 0x22, 0x33, 0x7e, 0xd8, 0x69, 0xa2, 0x37, + 0xa0, 0x96, 0xd2, 0x66, 0x2a, 0x96, 0x55, 0xac, 0x58, 0xec, 0xa0, 0x74, 0x55, 0x10, 0xc7, 0x8a, + 0x8d, 0xfd, 0x57, 0x2c, 0x18, 0x65, 0x67, 0x4e, 0xb3, 0x24, 0x75, 0x3c, 0xbf, 0xab, 0x62, 0x8e, + 0x35, 0x60, 0xc5, 0x9c, 0x0b, 0x50, 0xd9, 0x08, 0xdb, 0x24, 0x7f, 0x5e, 0x7a, 0x25, 0xa4, 0xdb, + 0x6a, 0x0a, 0x41, 0xcf, 0xd3, 0x0f, 0xef, 0x05, 0xa9, 0x43, 0xa7, 0x80, 0xf4, 0x69, 0x9e, 0xe2, + 0x1f, 0x5d, 0x35, 0x63, 0x13, 0xc7, 0xfe, 0xad, 0x3a, 0x0c, 0x8b, 0x43, 0xf5, 0x81, 0x33, 0xcc, + 0xe5, 0xfe, 0xbe, 0xd4, 0x77, 0x7f, 0x9f, 0xc0, 0x90, 0xcb, 0xea, 0x71, 0x09, 0x33, 0xf2, 0x5a, + 0x21, 0x51, 0x18, 0xbc, 0xc4, 0x97, 0x16, 0x8b, 0xff, 0xc7, 0x82, 0x15, 0xfa, 0x92, 0x05, 0xa7, + 0xdc, 0x30, 0x08, 0x88, 0xab, 0x6d, 0x9c, 0x4a, 0x11, 0x87, 0xed, 0x33, 0x59, 0xa2, 0xfa, 0xc0, + 0x23, 0x07, 0xc0, 0x79, 0xf6, 0xe8, 0x65, 0x38, 0xc1, 0xfb, 0xec, 0x66, 0xc6, 0x11, 0xab, 0x0b, + 0xa9, 0x98, 0x40, 0x9c, 0xc5, 0x45, 0x93, 0xdc, 0xa1, 0x2d, 0x4a, 0x96, 0x0c, 0xe9, 0xd3, 0x33, + 0xa3, 0x58, 0x89, 0x81, 0x81, 0x62, 0x40, 0x31, 0x59, 0x8f, 0x49, 0xb2, 0x21, 0x82, 0x0e, 0x98, + 0x7d, 0x35, 0x7c, 0xb8, 0x8c, 0x55, 0xdc, 0x45, 0x09, 0xf7, 0xa0, 0x8e, 0x36, 0xc5, 0x06, 0xb3, + 0x56, 0x84, 0x0e, 0x15, 0x9f, 0xb9, 0xef, 0x3e, 0x73, 0x02, 0xaa, 0xc9, 0x86, 0x13, 0x37, 0x99, + 0x5d, 0x57, 0xe6, 0x59, 0x12, 0x2b, 0xb4, 0x01, 0xf3, 0x76, 0x34, 0x0b, 0xa7, 0x73, 0x65, 0x60, + 0x12, 0xe1, 0x30, 0x55, 0xa1, 0xfd, 0xb9, 0x02, 0x32, 0x09, 0xee, 0x7a, 0xc2, 0x74, 0x3e, 0x8c, + 0xec, 0xe3, 0x7c, 0xd8, 0x51, 0xa1, 0x6d, 0xa3, 0x6c, 0x7d, 0x7c, 0xa5, 0x90, 0x0e, 0x18, 0x28, + 0x8e, 0xed, 0xf3, 0xb9, 0x38, 0xb6, 0x13, 0x4c, 0x80, 0x9b, 0xc5, 0x08, 0x70, 0xf0, 0xa0, 0xb5, + 0x07, 0x19, 0x84, 0xf6, 0x3f, 0x2c, 0x90, 0xdf, 0x75, 0xc6, 0x71, 0x37, 0x08, 0x1d, 0x32, 0xe8, + 0xfd, 0x70, 0x52, 0x6d, 0xa1, 0x67, 0xc2, 0x4e, 0xc0, 0xe3, 0xcf, 0xca, 0xfa, 0x64, 0x14, 0x67, + 0xa0, 0x38, 0x87, 0x8d, 0xa6, 0xa0, 0x4e, 0xfb, 0x89, 0x3f, 0xca, 0xd7, 0x5a, 0xb5, 0x4d, 0x9f, + 0x5e, 0x9e, 0x17, 0x4f, 0x69, 0x1c, 0x14, 0xc2, 0x98, 0xef, 0x24, 0x29, 0x93, 0x80, 0xee, 0xa8, + 0x0f, 0x99, 0x2f, 0xce, 0xe2, 0xc7, 0x17, 0xf2, 0x84, 0x70, 0x37, 0x6d, 0xfb, 0xdb, 0x15, 0x38, + 0x91, 0xd1, 0x8c, 0x07, 0x5c, 0xa4, 0x9f, 0x85, 0x9a, 0x5c, 0x37, 0xf3, 0x55, 0x2b, 0xd4, 0xe2, + 0xaa, 0x30, 0xe8, 0xa2, 0xb5, 0xa6, 0x57, 0xd5, 0xbc, 0x51, 0x61, 0x2c, 0xb8, 0xd8, 0xc4, 0x63, + 0x4a, 0x39, 0xf5, 0x93, 0x19, 0xdf, 0x23, 0x41, 0xca, 0xc5, 0x2c, 0x46, 0x29, 0xaf, 0x2e, 0xac, + 0x98, 0x44, 0xb5, 0x52, 0xce, 0x01, 0x70, 0x9e, 0x3d, 0xfa, 0x69, 0x0b, 0x4e, 0x38, 0x77, 0x12, + 0x5d, 0x34, 0x52, 0x44, 0xac, 0x1d, 0x71, 0x91, 0xca, 0xd4, 0xa1, 0xe4, 0x2e, 0xdf, 0x4c, 0x13, + 0xce, 0x32, 0x45, 0x5f, 0xb5, 0x00, 0x91, 0x6d, 0xe2, 0xca, 0x98, 0x3a, 0x21, 0xcb, 0x50, 0x11, + 0x3b, 0xcd, 0x4b, 0x5d, 0x74, 0xb9, 0x56, 0xef, 0x6e, 0xc7, 0x3d, 0x64, 0xb0, 0xff, 0x71, 0x59, + 0x4d, 0x28, 0x1d, 0xc6, 0xe9, 0x18, 0xe1, 0x64, 0xd6, 0xe1, 0xc3, 0xc9, 0xf4, 0xb1, 0x7c, 0x77, + 0x1a, 0x5a, 0x26, 0xfd, 0xa6, 0xf4, 0x80, 0xd2, 0x6f, 0x7e, 0xca, 0xca, 0xd4, 0x67, 0x19, 0xb9, + 0xf8, 0x6a, 0xb1, 0x21, 0xa4, 0x93, 0x3c, 0x64, 0x20, 0xa7, 0xdd, 0xb3, 0x91, 0x22, 0x54, 0x9b, + 0x1a, 0x68, 0x07, 0xd2, 0x86, 0xff, 0xb6, 0x0c, 0x23, 0xc6, 0x4a, 0xda, 0xd3, 0x2c, 0xb2, 0x1e, + 0x32, 0xb3, 0xa8, 0x74, 0x00, 0xb3, 0xe8, 0x27, 0xa1, 0xee, 0x4a, 0x2d, 0x5f, 0x4c, 0x85, 0xd2, + 0xfc, 0xda, 0xa1, 0x15, 0xbd, 0x6a, 0xc2, 0x9a, 0x27, 0x9a, 0xcb, 0xe4, 0xaf, 0x88, 0x15, 0xa2, + 0xc2, 0x56, 0x88, 0x5e, 0x09, 0x26, 0x62, 0xa5, 0xe8, 0x7e, 0x86, 0x95, 0xf1, 0x89, 0x3c, 0xf1, + 0x5e, 0x32, 0xd0, 0x9b, 0x97, 0xf1, 0x59, 0x9e, 0x97, 0xcd, 0xd8, 0xc4, 0xb1, 0xbf, 0x6d, 0xa9, + 0x8f, 0x7b, 0x1f, 0x92, 0xda, 0x6f, 0x67, 0x93, 0xda, 0x2f, 0x15, 0xd2, 0xcd, 0x7d, 0xb2, 0xd9, + 0xaf, 0xc3, 0xf0, 0x4c, 0xd8, 0x6e, 0x3b, 0x41, 0x13, 0xfd, 0x20, 0x0c, 0xbb, 0xfc, 0xa7, 0x70, + 0xec, 0xb0, 0xe3, 0x41, 0x01, 0xc5, 0x12, 0x86, 0x1e, 0x87, 0x8a, 0x13, 0xb7, 0xa4, 0x33, 0x87, + 0x45, 0x98, 0x4c, 0xc7, 0xad, 0x04, 0xb3, 0x56, 0xfb, 0xef, 0x57, 0x00, 0x66, 0xc2, 0x76, 0xe4, + 0xc4, 0xa4, 0xb9, 0x1a, 0xb2, 0x0a, 0x69, 0xc7, 0x7a, 0xa8, 0xa6, 0x37, 0x4b, 0x0f, 0xf3, 0xc1, + 0x9a, 0x71, 0xb8, 0x52, 0xbe, 0xcf, 0x87, 0x2b, 0x7d, 0xce, 0xcb, 0x2a, 0x0f, 0xd1, 0x79, 0x99, + 0xfd, 0x39, 0x0b, 0x10, 0x1d, 0x34, 0x61, 0x40, 0x82, 0x54, 0x1f, 0x68, 0x4f, 0x41, 0xdd, 0x95, + 0xad, 0xc2, 0xb0, 0xd2, 0x2a, 0x42, 0x02, 0xb0, 0xc6, 0x19, 0x60, 0x87, 0xfc, 0x94, 0xd4, 0xdf, + 0xe5, 0x6c, 0x70, 0x2a, 0xd3, 0xfa, 0x42, 0x9d, 0xdb, 0xbf, 0x5d, 0x82, 0x47, 0xf8, 0x92, 0xbc, + 0xe8, 0x04, 0x4e, 0x8b, 0xb4, 0xa9, 0x54, 0x83, 0x86, 0x28, 0xb8, 0x74, 0x6b, 0xe6, 0xc9, 0x60, + 0xd3, 0xa3, 0xce, 0x5d, 0x3e, 0xe7, 0xf8, 0x2c, 0x9b, 0x0f, 0xbc, 0x14, 0x33, 0xe2, 0x28, 0x81, + 0x9a, 0x2c, 0xc9, 0x2d, 0x74, 0x71, 0x41, 0x8c, 0x94, 0x5a, 0x12, 0xeb, 0x26, 0xc1, 0x8a, 0x11, + 0x35, 0x5c, 0xfd, 0xd0, 0xdd, 0xc4, 0x24, 0x0a, 0x99, 0xde, 0x35, 0x62, 0xfd, 0x16, 0x44, 0x3b, + 0x56, 0x18, 0xf6, 0x6f, 0x5b, 0x90, 0x5f, 0x91, 0x8c, 0x72, 0x55, 0xd6, 0x3d, 0xcb, 0x55, 0x1d, + 0xa0, 0x5e, 0xd4, 0x8f, 0xc3, 0x88, 0x93, 0x52, 0x23, 0x82, 0x6f, 0xbb, 0xcb, 0x87, 0x3b, 0xd6, + 0x58, 0x0c, 0x9b, 0xde, 0xba, 0xc7, 0xb6, 0xdb, 0x26, 0x39, 0xfb, 0xbf, 0x55, 0x60, 0xac, 0x2b, + 0x25, 0x02, 0xbd, 0x04, 0xa3, 0xae, 0x18, 0x1e, 0x91, 0x74, 0x68, 0xd5, 0xcd, 0xd8, 0x30, 0x0d, + 0xc3, 0x19, 0xcc, 0x01, 0x06, 0xe8, 0x3c, 0x9c, 0x89, 0xe9, 0x46, 0xbf, 0x43, 0xa6, 0xd7, 0x53, + 0x12, 0xaf, 0x10, 0x37, 0x0c, 0x9a, 0xbc, 0xa8, 0x5a, 0xb9, 0xf1, 0xe8, 0xde, 0xee, 0xc4, 0x19, + 0xdc, 0x0d, 0xc6, 0xbd, 0x9e, 0x41, 0x11, 0x9c, 0xf0, 0x4d, 0x1b, 0x50, 0x6c, 0x00, 0x0e, 0x65, + 0x3e, 0x2a, 0x1b, 0x21, 0xd3, 0x8c, 0xb3, 0x0c, 0xb2, 0x86, 0x64, 0xf5, 0x01, 0x19, 0x92, 0x9f, + 0xd6, 0x86, 0x24, 0x3f, 0x7f, 0xff, 0x70, 0xc1, 0x29, 0x31, 0xc7, 0x6d, 0x49, 0xbe, 0x02, 0x35, + 0x19, 0x9b, 0x34, 0x50, 0x4c, 0x8f, 0x49, 0xa7, 0x8f, 0x46, 0xbb, 0x5b, 0x82, 0x1e, 0x9b, 0x10, + 0x3a, 0xcf, 0xf4, 0x8a, 0x9f, 0x99, 0x67, 0x07, 0x5b, 0xf5, 0xd1, 0x36, 0x8f, 0xcb, 0xe2, 0x6b, + 0xdb, 0x87, 0x8a, 0xde, 0x44, 0xe9, 0x50, 0x2d, 0x95, 0x29, 0xa0, 0xc2, 0xb5, 0x2e, 0x02, 0x68, + 0x43, 0x4d, 0xc4, 0x81, 0xab, 0x63, 0x5f, 0x6d, 0xcf, 0x61, 0x03, 0x8b, 0xee, 0xa9, 0xbd, 0x20, + 0x49, 0x1d, 0xdf, 0xbf, 0xe2, 0x05, 0xa9, 0x70, 0x0e, 0xaa, 0x45, 0x7c, 0x5e, 0x83, 0xb0, 0x89, + 0x77, 0xfe, 0x7d, 0xc6, 0x77, 0x39, 0xc8, 0xf7, 0xdc, 0x80, 0xc7, 0xe6, 0xbc, 0x54, 0x65, 0x2f, + 0xa8, 0x71, 0x44, 0xed, 0x30, 0x95, 0x8d, 0x63, 0xf5, 0xcd, 0xc6, 0x31, 0xb2, 0x07, 0x4a, 0xd9, + 0x64, 0x87, 0x7c, 0xf6, 0x80, 0xfd, 0x12, 0x9c, 0x9d, 0xf3, 0xd2, 0xcb, 0x9e, 0x4f, 0x0e, 0xc8, + 0xc4, 0xfe, 0xcd, 0x21, 0x18, 0x35, 0xf3, 0xdf, 0x0e, 0x92, 0x50, 0xf4, 0x05, 0x6a, 0x6a, 0x89, + 0xb7, 0xf3, 0xd4, 0xa1, 0xd9, 0xad, 0x23, 0x27, 0xe3, 0xf5, 0xee, 0x31, 0xc3, 0xda, 0xd2, 0x3c, + 0xb1, 0x29, 0x00, 0xba, 0x03, 0xd5, 0x75, 0x16, 0xdd, 0x5e, 0x2e, 0x22, 0xb2, 0xa0, 0x57, 0x8f, + 0xea, 0x69, 0xc6, 0xe3, 0xe3, 0x39, 0x3f, 0xba, 0x42, 0xc6, 0xd9, 0x94, 0x29, 0x23, 0x22, 0x53, + 0x24, 0x4b, 0x29, 0x8c, 0x7e, 0xaa, 0xbe, 0x7a, 0x08, 0x55, 0x9f, 0x51, 0xbc, 0x43, 0x0f, 0x48, + 0xf1, 0xb2, 0x4c, 0x85, 0x74, 0x83, 0xd9, 0x6f, 0x22, 0x84, 0x7c, 0x98, 0x75, 0x82, 0x91, 0xa9, + 0x90, 0x01, 0xe3, 0x3c, 0x3e, 0xfa, 0x84, 0x52, 0xdd, 0xb5, 0x22, 0xfc, 0xaa, 0xe6, 0x88, 0x3e, + 0x6e, 0xad, 0xfd, 0xb9, 0x12, 0x9c, 0x9c, 0x0b, 0x3a, 0xcb, 0x73, 0xcb, 0x9d, 0x35, 0xdf, 0x73, + 0xaf, 0x91, 0x1d, 0xaa, 0x9a, 0x37, 0xc9, 0xce, 0xfc, 0xac, 0x98, 0x41, 0x6a, 0xcc, 0x5c, 0xa3, + 0x8d, 0x98, 0xc3, 0xa8, 0x32, 0x5a, 0xf7, 0x82, 0x16, 0x89, 0xa3, 0xd8, 0x13, 0x2e, 0x4f, 0x43, + 0x19, 0x5d, 0xd6, 0x20, 0x6c, 0xe2, 0x51, 0xda, 0xe1, 0x9d, 0x80, 0xc4, 0x79, 0x43, 0x76, 0x89, + 0x36, 0x62, 0x0e, 0xa3, 0x48, 0x69, 0xdc, 0x49, 0x52, 0x31, 0x18, 0x15, 0xd2, 0x2a, 0x6d, 0xc4, + 0x1c, 0x46, 0x67, 0x7a, 0xd2, 0x59, 0x63, 0x81, 0x1b, 0xb9, 0x78, 0xf5, 0x15, 0xde, 0x8c, 0x25, + 0x9c, 0xa2, 0x6e, 0x92, 0x9d, 0x59, 0xba, 0xeb, 0xcd, 0xa5, 0xad, 0x5c, 0xe3, 0xcd, 0x58, 0xc2, + 0x59, 0x35, 0xb8, 0x6c, 0x77, 0x7c, 0xcf, 0x55, 0x83, 0xcb, 0x8a, 0xdf, 0x67, 0xff, 0xfc, 0xcb, + 0x16, 0x8c, 0x9a, 0xe1, 0x56, 0xa8, 0x95, 0xb3, 0x71, 0x97, 0xba, 0x8a, 0x89, 0xfe, 0x68, 0xaf, + 0x9b, 0x93, 0x5a, 0x5e, 0x1a, 0x46, 0xc9, 0x73, 0x24, 0x68, 0x79, 0x01, 0x61, 0xa7, 0xe8, 0x3c, + 0x4c, 0x2b, 0x13, 0xcb, 0x35, 0x13, 0x36, 0xc9, 0x21, 0x8c, 0x64, 0xfb, 0x16, 0x8c, 0x75, 0xe5, + 0x2a, 0x0d, 0x60, 0x5a, 0xec, 0x9b, 0x29, 0x6a, 0x63, 0x18, 0xa1, 0x84, 0x65, 0x69, 0x95, 0x19, + 0x18, 0xe3, 0x13, 0x89, 0x72, 0x5a, 0x71, 0x37, 0x48, 0x5b, 0xe5, 0x9f, 0x31, 0xff, 0xfa, 0xcd, + 0x3c, 0x10, 0x77, 0xe3, 0xdb, 0x9f, 0xb7, 0xe0, 0x44, 0x26, 0x7d, 0xac, 0x20, 0x23, 0x88, 0xcd, + 0xb4, 0x90, 0x45, 0xff, 0xb1, 0x10, 0xe8, 0x32, 0x5b, 0x4c, 0xf5, 0x4c, 0xd3, 0x20, 0x6c, 0xe2, + 0xd9, 0x5f, 0x2e, 0x41, 0x4d, 0x46, 0x50, 0x0c, 0x20, 0xca, 0x67, 0x2d, 0x38, 0xa1, 0xce, 0x34, + 0x98, 0xb3, 0xac, 0x54, 0x44, 0xac, 0x3f, 0x95, 0x40, 0x6d, 0xb7, 0x83, 0xf5, 0x50, 0x5b, 0xe4, + 0xd8, 0x64, 0x86, 0xb3, 0xbc, 0xd1, 0x4d, 0x80, 0x64, 0x27, 0x49, 0x49, 0xdb, 0x70, 0xdb, 0xd9, + 0xc6, 0x8c, 0x9b, 0x74, 0xc3, 0x98, 0xd0, 0xf9, 0x75, 0x3d, 0x6c, 0x92, 0x15, 0x85, 0xa9, 0x4d, + 0x28, 0xdd, 0x86, 0x0d, 0x4a, 0xf6, 0xdf, 0x2d, 0xc1, 0xe9, 0xbc, 0x48, 0xe8, 0xc3, 0x30, 0x2a, + 0xb9, 0x1b, 0xb7, 0x40, 0xc9, 0xb0, 0x91, 0x51, 0x6c, 0xc0, 0xee, 0xee, 0x4e, 0x4c, 0x74, 0xdf, + 0xc2, 0x35, 0x69, 0xa2, 0xe0, 0x0c, 0x31, 0x7e, 0xb0, 0x24, 0x4e, 0x40, 0x1b, 0x3b, 0xd3, 0x51, + 0x24, 0x4e, 0x87, 0x8c, 0x83, 0x25, 0x13, 0x8a, 0x73, 0xd8, 0x68, 0x19, 0xce, 0x1a, 0x2d, 0xd7, + 0x89, 0xd7, 0xda, 0x58, 0x0b, 0x63, 0xb9, 0xb3, 0x7a, 0x5c, 0x07, 0x76, 0x75, 0xe3, 0xe0, 0x9e, + 0x4f, 0xd2, 0xd5, 0xde, 0x75, 0x22, 0xc7, 0xf5, 0xd2, 0x1d, 0xe1, 0x87, 0x54, 0xba, 0x69, 0x46, + 0xb4, 0x63, 0x85, 0x61, 0x2f, 0x42, 0x65, 0xc0, 0x11, 0x34, 0x90, 0x45, 0xff, 0x0a, 0xd4, 0x28, + 0x39, 0x69, 0xde, 0x15, 0x41, 0x32, 0x84, 0x9a, 0xbc, 0xc8, 0x01, 0xd9, 0x50, 0xf6, 0x1c, 0x79, + 0x76, 0xa7, 0x5e, 0x6b, 0x3e, 0x49, 0x3a, 0x6c, 0x93, 0x4c, 0x81, 0xe8, 0x29, 0x28, 0x93, 0xed, + 0x28, 0x7f, 0x48, 0x77, 0x69, 0x3b, 0xf2, 0x62, 0x92, 0x50, 0x24, 0xb2, 0x1d, 0xa1, 0xf3, 0x50, + 0xf2, 0x9a, 0x62, 0x91, 0x02, 0x81, 0x53, 0x9a, 0x9f, 0xc5, 0x25, 0xaf, 0x69, 0x6f, 0x43, 0x5d, + 0xdd, 0x1c, 0x81, 0x36, 0xa5, 0xee, 0xb6, 0x8a, 0x08, 0x79, 0x92, 0x74, 0xfb, 0x68, 0xed, 0x0e, + 0x80, 0xce, 0xa3, 0x2b, 0x4a, 0xbf, 0x5c, 0x80, 0x8a, 0x1b, 0x8a, 0x1c, 0xdf, 0x9a, 0x26, 0xc3, + 0x94, 0x36, 0x83, 0xd8, 0xb7, 0xe0, 0xe4, 0xb5, 0x20, 0xbc, 0xc3, 0x4a, 0x63, 0xb3, 0x92, 0x56, + 0x94, 0xf0, 0x3a, 0xfd, 0x91, 0x37, 0x11, 0x18, 0x14, 0x73, 0x98, 0x2a, 0x7b, 0x54, 0xea, 0x57, + 0xf6, 0xc8, 0xfe, 0xa4, 0x05, 0xa7, 0x55, 0x36, 0x90, 0xd4, 0xc6, 0x2f, 0xc1, 0xe8, 0x5a, 0xc7, + 0xf3, 0x9b, 0xb2, 0x50, 0x56, 0xce, 0x4d, 0xd1, 0x30, 0x60, 0x38, 0x83, 0x49, 0x37, 0x55, 0x6b, + 0x5e, 0xe0, 0xc4, 0x3b, 0xcb, 0x5a, 0xfd, 0x2b, 0x8d, 0xd0, 0x50, 0x10, 0x6c, 0x60, 0xd9, 0x9f, + 0x35, 0x45, 0x10, 0xf9, 0x47, 0x03, 0xf4, 0xec, 0x0d, 0xa8, 0xba, 0xea, 0xac, 0xf7, 0x50, 0xc5, + 0xfc, 0x54, 0x7e, 0x39, 0xf3, 0xf7, 0x73, 0x6a, 0xf6, 0x3f, 0x29, 0xc1, 0x89, 0x4c, 0xcd, 0x12, + 0xe4, 0x43, 0x8d, 0xf8, 0xcc, 0x95, 0x27, 0x87, 0xd8, 0x51, 0xcb, 0x45, 0xaa, 0x69, 0x71, 0x49, + 0xd0, 0xc5, 0x8a, 0xc3, 0xc3, 0x71, 0xa4, 0xf6, 0x12, 0x8c, 0x4a, 0x81, 0x3e, 0xe4, 0xb4, 0x7d, + 0x31, 0x0b, 0xd5, 0x00, 0xb8, 0x64, 0xc0, 0x70, 0x06, 0xd3, 0xfe, 0x9d, 0x32, 0x8c, 0x73, 0xdf, + 0x67, 0x53, 0x45, 0xbd, 0x2c, 0x4a, 0x2b, 0xeb, 0x2f, 0xe8, 0xca, 0x42, 0xbc, 0x23, 0xd7, 0x8e, + 0x5a, 0x9d, 0xb9, 0x37, 0xa3, 0x81, 0xe2, 0x31, 0x7e, 0x31, 0x17, 0x8f, 0xc1, 0x17, 0xdb, 0xd6, + 0x31, 0x49, 0xf4, 0xbd, 0x15, 0xa0, 0xf1, 0xb7, 0x4a, 0x70, 0x2a, 0x57, 0xfa, 0x1a, 0x7d, 0x31, + 0x5b, 0xf6, 0xd1, 0x2a, 0xc2, 0x43, 0x76, 0xcf, 0x6a, 0xc8, 0x07, 0x2b, 0xfe, 0xf8, 0x80, 0xa6, + 0x8a, 0xfd, 0x7b, 0x25, 0x38, 0x99, 0xad, 0xd9, 0xfd, 0x10, 0xf6, 0xd4, 0x7b, 0xa0, 0xce, 0xca, + 0xd2, 0xb2, 0x7b, 0xc6, 0xb8, 0x23, 0x8e, 0x97, 0x32, 0x95, 0x8d, 0x58, 0xc3, 0x1f, 0x8a, 0x9a, + 0x9a, 0xf6, 0xdf, 0xb6, 0xe0, 0x1c, 0x7f, 0xcb, 0xfc, 0x38, 0xfc, 0x8b, 0xbd, 0x7a, 0xf7, 0xb5, + 0x62, 0x05, 0xcc, 0x55, 0xc4, 0xda, 0xaf, 0x7f, 0xd9, 0xfd, 0x46, 0x42, 0xda, 0xec, 0x50, 0x78, + 0x08, 0x85, 0x3d, 0xd0, 0x60, 0xb0, 0x7f, 0xaf, 0x0c, 0xfa, 0x4a, 0x27, 0xe4, 0x89, 0xcc, 0xa6, + 0x42, 0x2a, 0x83, 0xad, 0xec, 0x04, 0xae, 0xbe, 0x3c, 0xaa, 0x96, 0x4b, 0x6c, 0xfa, 0x39, 0x0b, + 0x46, 0xbc, 0xc0, 0x4b, 0x3d, 0x87, 0x19, 0xcf, 0xc5, 0x5c, 0x49, 0xa3, 0xd8, 0xcd, 0x73, 0xca, + 0x61, 0x6c, 0x7a, 0x6f, 0x15, 0x33, 0x6c, 0x72, 0x46, 0x1f, 0x15, 0x21, 0x93, 0xe5, 0xc2, 0x72, + 0xf2, 0x6a, 0xb9, 0x38, 0xc9, 0x08, 0xaa, 0x31, 0x49, 0xe3, 0x82, 0x52, 0x59, 0x31, 0x25, 0xa5, + 0x8a, 0x4c, 0xea, 0xcb, 0x35, 0x69, 0x33, 0xe6, 0x8c, 0xec, 0x04, 0x50, 0x77, 0x5f, 0x1c, 0x30, + 0x1c, 0x6d, 0x0a, 0xea, 0x4e, 0x27, 0x0d, 0xdb, 0xb4, 0x9b, 0x84, 0x83, 0x59, 0x07, 0xdc, 0x49, + 0x00, 0xd6, 0x38, 0xf6, 0x17, 0xab, 0x90, 0x4b, 0x35, 0x42, 0xdb, 0xe6, 0x75, 0x64, 0x56, 0xb1, + 0xd7, 0x91, 0x29, 0x61, 0x7a, 0x5d, 0x49, 0x86, 0x5a, 0x50, 0x8d, 0x36, 0x9c, 0x44, 0xda, 0xc6, + 0xaf, 0xc8, 0x6e, 0x5a, 0xa6, 0x8d, 0x77, 0x77, 0x27, 0x7e, 0x6c, 0x30, 0x5f, 0x0b, 0x1d, 0xab, + 0x53, 0x3c, 0x73, 0x5f, 0xb3, 0x66, 0x34, 0x30, 0xa7, 0x7f, 0x90, 0x4b, 0x79, 0x3e, 0x25, 0x0a, + 0x09, 0x63, 0x92, 0x74, 0xfc, 0x54, 0x8c, 0x86, 0x57, 0x0a, 0x9c, 0x65, 0x9c, 0xb0, 0x4e, 0x92, + 0xe5, 0xff, 0xb1, 0xc1, 0x14, 0x7d, 0x18, 0xea, 0x49, 0xea, 0xc4, 0xe9, 0x21, 0xd3, 0xda, 0x54, + 0xa7, 0xaf, 0x48, 0x22, 0x58, 0xd3, 0x43, 0xaf, 0xb2, 0x42, 0x89, 0x5e, 0xb2, 0x71, 0xc8, 0x48, + 0x67, 0x59, 0x54, 0x51, 0x50, 0xc0, 0x06, 0x35, 0xba, 0xf5, 0x60, 0x63, 0x9b, 0x87, 0xf7, 0xd4, + 0xd8, 0xde, 0x52, 0xa9, 0x42, 0xac, 0x20, 0xd8, 0xc0, 0xb2, 0x7f, 0x08, 0xb2, 0x59, 0xde, 0x68, + 0x42, 0x26, 0x95, 0x73, 0xdf, 0x13, 0x8b, 0x58, 0xce, 0xe4, 0x7f, 0xff, 0xba, 0x05, 0x66, 0x2a, + 0x3a, 0x7a, 0x83, 0xe7, 0xbc, 0x5b, 0x45, 0x9c, 0x17, 0x18, 0x74, 0x27, 0x17, 0x9d, 0x28, 0x77, + 0x70, 0x25, 0x13, 0xdf, 0xcf, 0xbf, 0x0f, 0x6a, 0x12, 0x7a, 0x20, 0xa3, 0xee, 0x13, 0x70, 0x26, + 0x7f, 0x59, 0xab, 0xf0, 0x35, 0xb7, 0xe2, 0xb0, 0x13, 0xe5, 0x37, 0x92, 0xec, 0x32, 0x4f, 0xcc, + 0x61, 0x74, 0x3b, 0xb6, 0xe9, 0x05, 0xcd, 0xfc, 0x46, 0xf2, 0x9a, 0x17, 0x34, 0x31, 0x83, 0x0c, + 0x70, 0x29, 0xdd, 0x6f, 0x58, 0x70, 0x61, 0xbf, 0x3b, 0x65, 0xd1, 0xe3, 0x50, 0xb9, 0xe3, 0xc4, + 0xb2, 0x82, 0x2d, 0x53, 0x94, 0xb7, 0x9c, 0x38, 0xc0, 0xac, 0x15, 0xed, 0xc0, 0x10, 0x8f, 0x01, + 0x11, 0xd6, 0xfa, 0x2b, 0xc5, 0xde, 0x70, 0x7b, 0x8d, 0x18, 0xdb, 0x05, 0x1e, 0x7f, 0x82, 0x05, + 0x43, 0xfb, 0x3b, 0x16, 0xa0, 0xa5, 0x2d, 0x12, 0xc7, 0x5e, 0xd3, 0x88, 0x5a, 0x41, 0x2f, 0xc0, + 0xe8, 0xed, 0x95, 0xa5, 0xeb, 0xcb, 0xa1, 0x17, 0xb0, 0xaa, 0x0f, 0x46, 0x62, 0xdb, 0x55, 0xa3, + 0x1d, 0x67, 0xb0, 0xd0, 0x0c, 0x8c, 0xdd, 0x7e, 0x83, 0x6e, 0x7e, 0xcd, 0x6a, 0xf9, 0x25, 0xed, + 0xee, 0xbc, 0xfa, 0x4a, 0x0e, 0x88, 0xbb, 0xf1, 0xd1, 0x12, 0x9c, 0x6b, 0xf3, 0xed, 0x06, 0x2f, + 0x72, 0xcd, 0xf7, 0x1e, 0x2a, 0x8d, 0xe4, 0xb1, 0xbd, 0xdd, 0x89, 0x73, 0x8b, 0xbd, 0x10, 0x70, + 0xef, 0xe7, 0xec, 0xf7, 0x01, 0xe2, 0xc1, 0x2a, 0x33, 0xbd, 0x22, 0x0f, 0xfa, 0xee, 0xc4, 0xed, + 0xaf, 0x55, 0xe1, 0x54, 0xae, 0xbe, 0x21, 0xdd, 0xea, 0x75, 0x87, 0x3a, 0x1c, 0x79, 0xfd, 0xee, + 0x16, 0x6f, 0xa0, 0xe0, 0x89, 0x00, 0xaa, 0x5e, 0x10, 0x75, 0xd2, 0x62, 0x32, 0xc7, 0xb8, 0x10, + 0xf3, 0x94, 0xa0, 0xe1, 0x24, 0xa2, 0x7f, 0x31, 0x67, 0x53, 0x64, 0x28, 0x46, 0xc6, 0x18, 0xaf, + 0x3c, 0x20, 0x77, 0xc0, 0xa7, 0x74, 0x60, 0x44, 0xb5, 0x88, 0x83, 0xfa, 0xdc, 0x60, 0x39, 0xee, + 0x03, 0xb6, 0x5f, 0x2b, 0xc1, 0x88, 0xf1, 0xd1, 0xd0, 0x2f, 0x65, 0x0b, 0xb5, 0x58, 0xc5, 0xbd, + 0x12, 0xa3, 0x3f, 0xa9, 0x4b, 0xb1, 0xf0, 0x57, 0x7a, 0xba, 0xbb, 0x46, 0xcb, 0xdd, 0xdd, 0x89, + 0xd3, 0xb9, 0x2a, 0x2c, 0x99, 0xba, 0x2d, 0xe7, 0x3f, 0x0e, 0xa7, 0x72, 0x64, 0x7a, 0xbc, 0xf2, + 0x6a, 0xf6, 0x2e, 0xde, 0x23, 0xba, 0xa5, 0xcc, 0x2e, 0x7b, 0x8b, 0x76, 0x99, 0xbe, 0xa2, 0x7d, + 0x00, 0x77, 0x5c, 0x2e, 0x47, 0xae, 0x34, 0x60, 0x8e, 0xdc, 0x33, 0x50, 0x8b, 0x42, 0xdf, 0x73, + 0x3d, 0x55, 0xd2, 0x8b, 0x65, 0xe5, 0x2d, 0x8b, 0x36, 0xac, 0xa0, 0xe8, 0x0e, 0xd4, 0xd5, 0xb5, + 0xc5, 0x22, 0x08, 0xb1, 0x28, 0x57, 0xaf, 0x32, 0x5a, 0xf4, 0x75, 0xc4, 0x9a, 0x17, 0xb2, 0x61, + 0x88, 0x2d, 0x82, 0x32, 0xe0, 0x97, 0x65, 0x70, 0xb2, 0xd5, 0x31, 0xc1, 0x02, 0x62, 0x7f, 0xa3, + 0x0e, 0x67, 0x7b, 0x15, 0x99, 0x45, 0x1f, 0x83, 0x21, 0x2e, 0x63, 0x31, 0x75, 0xcc, 0x7b, 0xf1, + 0x98, 0x63, 0x04, 0x85, 0x58, 0xec, 0x37, 0x16, 0x3c, 0x05, 0x77, 0xdf, 0x59, 0x13, 0x23, 0xe4, + 0x78, 0xb8, 0x2f, 0x38, 0x9a, 0xfb, 0x82, 0xc3, 0xb9, 0xfb, 0xce, 0x1a, 0xda, 0x86, 0x6a, 0xcb, + 0x4b, 0x89, 0x23, 0x9c, 0x08, 0xb7, 0x8e, 0x85, 0x39, 0x71, 0xb8, 0x95, 0xc6, 0x7e, 0x62, 0xce, + 0x10, 0x7d, 0xdd, 0x82, 0x53, 0x6b, 0xd9, 0x84, 0x58, 0xa1, 0x3c, 0x9d, 0x63, 0x28, 0x24, 0x9c, + 0x65, 0xc4, 0x6f, 0xa4, 0xc8, 0x35, 0xe2, 0xbc, 0x38, 0xe8, 0xd3, 0x16, 0x0c, 0xaf, 0x7b, 0xbe, + 0x51, 0x53, 0xf2, 0x18, 0x3e, 0xce, 0x65, 0xc6, 0x40, 0xef, 0x38, 0xf8, 0xff, 0x04, 0x4b, 0xce, + 0xfd, 0x56, 0xaa, 0xa1, 0xa3, 0xae, 0x54, 0xc3, 0x0f, 0x68, 0xa5, 0xfa, 0x8c, 0x05, 0x75, 0xd5, + 0xd3, 0x22, 0xc9, 0xf1, 0xc3, 0xc7, 0xf8, 0xc9, 0xb9, 0xe7, 0x44, 0xfd, 0xc5, 0x9a, 0x39, 0xfa, + 0x92, 0x05, 0x23, 0xce, 0x9b, 0x9d, 0x98, 0x34, 0xc9, 0x56, 0x18, 0x25, 0xe2, 0x16, 0xa8, 0xd7, + 0x8a, 0x17, 0x66, 0x9a, 0x32, 0x99, 0x25, 0x5b, 0x4b, 0x51, 0x22, 0x92, 0x11, 0x74, 0x03, 0x36, + 0x45, 0xb0, 0x77, 0x4b, 0x30, 0xb1, 0x0f, 0x05, 0xf4, 0x12, 0x8c, 0x86, 0x71, 0xcb, 0x09, 0xbc, + 0x37, 0xcd, 0x0c, 0x77, 0x65, 0x65, 0x2d, 0x19, 0x30, 0x9c, 0xc1, 0x34, 0xd3, 0x30, 0x4b, 0xfb, + 0xa4, 0x61, 0x5e, 0x80, 0x4a, 0x4c, 0xa2, 0x30, 0xbf, 0x59, 0x60, 0x81, 0xc0, 0x0c, 0x82, 0x9e, + 0x80, 0xb2, 0x13, 0x79, 0x22, 0xfc, 0x44, 0xed, 0x81, 0xa6, 0x97, 0xe7, 0x31, 0x6d, 0xcf, 0x64, + 0x85, 0x57, 0xef, 0x4b, 0x56, 0x38, 0x5d, 0x06, 0xc4, 0xd9, 0xc5, 0x90, 0x5e, 0x06, 0xb2, 0x67, + 0x0a, 0xf6, 0x57, 0xcb, 0xf0, 0xc4, 0x3d, 0xc7, 0x8b, 0x8e, 0xbe, 0xb1, 0xee, 0x11, 0x7d, 0x23, + 0xbb, 0xa7, 0xb4, 0x5f, 0xf7, 0x94, 0xfb, 0x74, 0xcf, 0xa7, 0xe9, 0x34, 0x90, 0x95, 0x01, 0x8a, + 0xb9, 0x90, 0xa8, 0x5f, 0xa1, 0x01, 0x31, 0x03, 0x24, 0x14, 0x6b, 0xbe, 0x74, 0x0f, 0x90, 0x49, + 0x41, 0xac, 0x16, 0xb1, 0x0c, 0xf4, 0xad, 0x14, 0xc0, 0xc7, 0x7e, 0xbf, 0xbc, 0x46, 0xfb, 0xe7, + 0x4b, 0xf0, 0xd4, 0x00, 0xda, 0xdb, 0x1c, 0xc5, 0xd6, 0x80, 0xa3, 0xf8, 0x7b, 0xfb, 0x33, 0xd9, + 0x7f, 0xc9, 0x82, 0xf3, 0xfd, 0x17, 0x0f, 0xf4, 0x3c, 0x8c, 0xac, 0xc5, 0x4e, 0xe0, 0x6e, 0xb0, + 0x4b, 0xd6, 0x64, 0xa7, 0xb0, 0xbe, 0xd6, 0xcd, 0xd8, 0xc4, 0xa1, 0xdb, 0x5b, 0x5e, 0xd8, 0xdd, + 0xc0, 0x90, 0x29, 0x63, 0x74, 0x7b, 0xbb, 0x9a, 0x07, 0xe2, 0x6e, 0x7c, 0xfb, 0x4f, 0x4a, 0xbd, + 0xc5, 0xe2, 0x46, 0xc6, 0x41, 0xbe, 0x93, 0xf8, 0x0a, 0xa5, 0x01, 0x74, 0x49, 0xf9, 0x7e, 0xeb, + 0x92, 0x4a, 0x3f, 0x5d, 0x82, 0x66, 0xe1, 0xb4, 0x71, 0x1f, 0x01, 0x4f, 0x03, 0xe4, 0x61, 0x76, + 0x2a, 0x37, 0x7e, 0x39, 0x07, 0xc7, 0x5d, 0x4f, 0xa0, 0x67, 0xa1, 0xe6, 0x05, 0x09, 0x71, 0x3b, + 0x31, 0x0f, 0xef, 0x34, 0x52, 0x2f, 0xe6, 0x45, 0x3b, 0x56, 0x18, 0xf6, 0x2f, 0x97, 0xe0, 0xb1, + 0xbe, 0x76, 0xd6, 0x7d, 0xd2, 0x5d, 0xe6, 0xe7, 0xa8, 0xdc, 0x9f, 0xcf, 0x61, 0x76, 0x52, 0x75, + 0xdf, 0x4e, 0xfa, 0xfd, 0xfe, 0x03, 0x93, 0xda, 0xdc, 0xdf, 0xb7, 0xbd, 0xf4, 0x32, 0x9c, 0x70, + 0xa2, 0x88, 0xe3, 0xb1, 0x28, 0xad, 0x5c, 0x6d, 0x8c, 0x69, 0x13, 0x88, 0xb3, 0xb8, 0x03, 0xad, + 0x9e, 0x7f, 0x68, 0x41, 0x1d, 0x93, 0x75, 0xae, 0x1d, 0xd0, 0x6d, 0xd1, 0x45, 0x56, 0x11, 0x55, + 0xf4, 0x68, 0xc7, 0x26, 0x1e, 0xab, 0x2e, 0xd7, 0xab, 0xb3, 0xbb, 0xef, 0xad, 0x28, 0x1d, 0xe8, + 0xde, 0x0a, 0x75, 0x73, 0x41, 0xb9, 0xff, 0xcd, 0x05, 0xf6, 0x5b, 0xc3, 0xf4, 0xf5, 0xa2, 0x70, + 0x26, 0x26, 0xcd, 0x84, 0x7e, 0xdf, 0x4e, 0xec, 0x8b, 0x41, 0xa2, 0xbe, 0xef, 0x0d, 0xbc, 0x80, + 0x69, 0x7b, 0xe6, 0x28, 0xa6, 0x74, 0xa0, 0xca, 0x00, 0xe5, 0x7d, 0x2b, 0x03, 0xbc, 0x0c, 0x27, + 0x92, 0x64, 0x63, 0x39, 0xf6, 0xb6, 0x9c, 0x94, 0x5c, 0x23, 0x3b, 0xc2, 0xca, 0xd2, 0xd9, 0xbc, + 0x2b, 0x57, 0x34, 0x10, 0x67, 0x71, 0xd1, 0x1c, 0x8c, 0xe9, 0xfc, 0x7c, 0x12, 0xa7, 0x2c, 0xa6, + 0x97, 0x8f, 0x04, 0x95, 0xba, 0xa7, 0x33, 0xfa, 0x05, 0x02, 0xee, 0x7e, 0x86, 0xea, 0xb7, 0x4c, + 0x23, 0x15, 0x64, 0x28, 0xab, 0xdf, 0x32, 0x74, 0xa8, 0x2c, 0x5d, 0x4f, 0xa0, 0x45, 0x38, 0xc3, + 0x07, 0xc6, 0x74, 0x14, 0x19, 0x6f, 0x34, 0x9c, 0xad, 0x5e, 0x36, 0xd7, 0x8d, 0x82, 0x7b, 0x3d, + 0x87, 0x5e, 0x84, 0x11, 0xd5, 0x3c, 0x3f, 0x2b, 0x4e, 0x11, 0x94, 0x17, 0x43, 0x91, 0x99, 0x6f, + 0x62, 0x13, 0x0f, 0x7d, 0x08, 0x1e, 0xd5, 0x7f, 0x79, 0xe2, 0x07, 0x3f, 0x5a, 0x9b, 0x15, 0xa5, + 0x4f, 0x54, 0x9d, 0xfc, 0xb9, 0x9e, 0x68, 0x4d, 0xdc, 0xef, 0x79, 0xb4, 0x06, 0xe7, 0x15, 0xe8, + 0x52, 0x90, 0xb2, 0x28, 0xee, 0x84, 0x34, 0x9c, 0x84, 0xdc, 0x88, 0x7d, 0x56, 0x2c, 0xa5, 0xae, + 0xaf, 0x30, 0x9b, 0xf3, 0xd2, 0x2b, 0xbd, 0x30, 0xf1, 0x02, 0xbe, 0x07, 0x15, 0x34, 0x05, 0x75, + 0x12, 0x38, 0x6b, 0x3e, 0x59, 0x9a, 0x99, 0x67, 0x25, 0x54, 0x8c, 0x93, 0xbc, 0x4b, 0x12, 0x80, + 0x35, 0x8e, 0x8a, 0x2b, 0x1b, 0xed, 0x7b, 0x9d, 0xde, 0x32, 0x9c, 0x6d, 0xb9, 0x11, 0xb5, 0x3d, + 0x3c, 0x97, 0x4c, 0xbb, 0x2c, 0xb6, 0x8a, 0x7e, 0x18, 0x5e, 0x56, 0x4e, 0x05, 0x4d, 0xce, 0xcd, + 0x2c, 0x77, 0xe1, 0xe0, 0x9e, 0x4f, 0xd2, 0x39, 0x16, 0xc5, 0xe1, 0xf6, 0xce, 0xf8, 0x99, 0xec, + 0x1c, 0x5b, 0xa6, 0x8d, 0x98, 0xc3, 0xd0, 0x55, 0x40, 0x2c, 0x02, 0xf7, 0x4a, 0x9a, 0x46, 0xca, + 0xd8, 0x19, 0x3f, 0xcb, 0x5e, 0xe9, 0xbc, 0x78, 0x02, 0x5d, 0xee, 0xc2, 0xc0, 0x3d, 0x9e, 0xb2, + 0xff, 0x9d, 0x05, 0x27, 0xd4, 0x7c, 0xbd, 0x0f, 0x31, 0xe8, 0x7e, 0x36, 0x06, 0x7d, 0xee, 0xe8, + 0x1a, 0x8f, 0x49, 0xde, 0x27, 0x90, 0xf1, 0x67, 0x46, 0x00, 0xb4, 0x56, 0x54, 0x0b, 0x92, 0xd5, + 0x77, 0x41, 0x7a, 0x68, 0x35, 0x52, 0xaf, 0x7a, 0x09, 0xd5, 0x07, 0x5b, 0x2f, 0x61, 0x05, 0xce, + 0x49, 0x73, 0x81, 0x9f, 0x15, 0x5d, 0x09, 0x13, 0xa5, 0xe0, 0x6a, 0x8d, 0x27, 0x04, 0xa1, 0x73, + 0xf3, 0xbd, 0x90, 0x70, 0xef, 0x67, 0x33, 0x56, 0xca, 0xf0, 0x7e, 0x56, 0x8a, 0x9e, 0xd3, 0x0b, + 0xeb, 0xb2, 0x20, 0x7e, 0x6e, 0x4e, 0x2f, 0x5c, 0x5e, 0xc1, 0x1a, 0xa7, 0xb7, 0x62, 0xaf, 0x17, + 0xa4, 0xd8, 0xe1, 0xc0, 0x8a, 0x5d, 0xaa, 0x98, 0x91, 0xbe, 0x2a, 0x46, 0xfa, 0xa4, 0x47, 0xfb, + 0xfa, 0xa4, 0xdf, 0x0f, 0x27, 0xbd, 0x60, 0x83, 0xc4, 0x5e, 0x4a, 0x9a, 0x6c, 0x2e, 0x30, 0xf5, + 0x53, 0xd3, 0xcb, 0xfa, 0x7c, 0x06, 0x8a, 0x73, 0xd8, 0x59, 0xbd, 0x78, 0x72, 0x00, 0xbd, 0xd8, + 0x67, 0x35, 0x3a, 0x55, 0xcc, 0x6a, 0x74, 0xfa, 0xe8, 0xab, 0xd1, 0xd8, 0xb1, 0xae, 0x46, 0xa8, + 0x90, 0xd5, 0x68, 0x20, 0x45, 0x6f, 0x6c, 0xff, 0xce, 0xee, 0xb3, 0xfd, 0xeb, 0xb7, 0x14, 0x9d, + 0x3b, 0xf4, 0x52, 0xd4, 0x7b, 0x95, 0x79, 0xe4, 0x50, 0xab, 0xcc, 0x67, 0x4a, 0x70, 0x4e, 0xeb, + 0x61, 0x3a, 0xfa, 0xbd, 0x75, 0xaa, 0x89, 0xd8, 0x9d, 0x2a, 0xfc, 0xdc, 0xc6, 0x48, 0x89, 0xd0, + 0xd9, 0x15, 0x0a, 0x82, 0x0d, 0x2c, 0x96, 0x59, 0x40, 0x62, 0x56, 0x3c, 0x33, 0xaf, 0xa4, 0x67, + 0x44, 0x3b, 0x56, 0x18, 0x74, 0x7c, 0xd1, 0xdf, 0x22, 0x5b, 0x2b, 0x5f, 0x22, 0x6a, 0x46, 0x83, + 0xb0, 0x89, 0x87, 0x9e, 0xe1, 0x4c, 0x98, 0x82, 0xa0, 0x8a, 0x7a, 0x54, 0x5c, 0xb2, 0x28, 0x75, + 0x82, 0x82, 0x4a, 0x71, 0x58, 0x0a, 0x49, 0xb5, 0x5b, 0x1c, 0x16, 0x02, 0xa5, 0x30, 0xec, 0xff, + 0x6e, 0xc1, 0x63, 0x3d, 0xbb, 0xe2, 0x3e, 0x2c, 0xbe, 0xdb, 0xd9, 0xc5, 0x77, 0xa5, 0xa8, 0xed, + 0x86, 0xf1, 0x16, 0x7d, 0x16, 0xe2, 0x7f, 0x63, 0xc1, 0x49, 0x8d, 0x7f, 0x1f, 0x5e, 0xd5, 0xcb, + 0xbe, 0x6a, 0x71, 0x3b, 0xab, 0x7a, 0xd7, 0xbb, 0xfd, 0x4e, 0x09, 0x54, 0xd9, 0xb6, 0x69, 0x57, + 0x16, 0xc5, 0xdc, 0xe7, 0x24, 0x71, 0x07, 0x86, 0xd8, 0x41, 0x68, 0x52, 0x4c, 0x90, 0x47, 0x96, + 0x3f, 0x3b, 0x54, 0xd5, 0x87, 0xcc, 0xec, 0x6f, 0x82, 0x05, 0x43, 0x56, 0xda, 0xd5, 0x4b, 0xa8, + 0x36, 0x6f, 0x8a, 0x64, 0x0c, 0x5d, 0xda, 0x55, 0xb4, 0x63, 0x85, 0x41, 0x97, 0x07, 0xcf, 0x0d, + 0x83, 0x19, 0xdf, 0x49, 0xe4, 0x45, 0x62, 0x6a, 0x79, 0x98, 0x97, 0x00, 0xac, 0x71, 0xd8, 0x19, + 0xa9, 0x97, 0x44, 0xbe, 0xb3, 0x63, 0xec, 0x9f, 0x8d, 0xac, 0x64, 0x05, 0xc2, 0x26, 0x9e, 0xdd, + 0x86, 0xf1, 0xec, 0x4b, 0xcc, 0x92, 0x75, 0x16, 0xa0, 0x38, 0x50, 0x77, 0x4e, 0x41, 0xdd, 0x61, + 0x4f, 0x2d, 0x74, 0x9c, 0xfc, 0xfd, 0xbf, 0xd3, 0x12, 0x80, 0x35, 0x8e, 0xfd, 0xab, 0x16, 0x9c, + 0xe9, 0xd1, 0x69, 0x05, 0x26, 0xbb, 0xa4, 0x5a, 0xdb, 0xf4, 0x5a, 0xd8, 0xdf, 0x0d, 0xc3, 0x4d, + 0xb2, 0xee, 0xc8, 0x10, 0x38, 0x43, 0xb7, 0xcf, 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0x7f, 0xb5, 0xe0, + 0x54, 0x56, 0xd6, 0x84, 0x6a, 0x67, 0xfe, 0x32, 0xb3, 0x5e, 0xe2, 0x86, 0x5b, 0x24, 0xde, 0xa1, + 0x6f, 0xce, 0xa5, 0x56, 0xda, 0x79, 0xba, 0x0b, 0x03, 0xf7, 0x78, 0x8a, 0x15, 0x6d, 0x6c, 0xaa, + 0xde, 0x96, 0x23, 0xf2, 0x66, 0x91, 0x23, 0x52, 0x7f, 0x4c, 0xf3, 0xb8, 0x5c, 0xb1, 0xc4, 0x26, + 0x7f, 0xfb, 0x3b, 0x15, 0x50, 0xd9, 0x70, 0x2c, 0xfe, 0xa8, 0xa0, 0xe8, 0xad, 0xcc, 0x9d, 0x47, + 0xe5, 0x01, 0xee, 0x3c, 0x92, 0x83, 0xa1, 0x72, 0xaf, 0x80, 0x00, 0xee, 0x25, 0x31, 0x5d, 0x97, + 0xea, 0x0d, 0x57, 0x35, 0x08, 0x9b, 0x78, 0x54, 0x12, 0xdf, 0xdb, 0x22, 0xfc, 0xa1, 0xa1, 0xac, + 0x24, 0x0b, 0x12, 0x80, 0x35, 0x0e, 0x95, 0xa4, 0xe9, 0xad, 0xaf, 0x8b, 0x2d, 0xbf, 0x92, 0x84, + 0xf6, 0x0e, 0x66, 0x10, 0x5e, 0x87, 0x37, 0xdc, 0x14, 0x56, 0xb0, 0x51, 0x87, 0x37, 0xdc, 0xc4, + 0x0c, 0x42, 0xed, 0xb6, 0x20, 0x8c, 0xdb, 0xec, 0x7e, 0xe6, 0xa6, 0xe2, 0x22, 0xac, 0x5f, 0x65, + 0xb7, 0x5d, 0xef, 0x46, 0xc1, 0xbd, 0x9e, 0xa3, 0x23, 0x30, 0x8a, 0x49, 0xd3, 0x73, 0x53, 0x93, + 0x1a, 0x64, 0x47, 0xe0, 0x72, 0x17, 0x06, 0xee, 0xf1, 0x14, 0x9a, 0x86, 0x53, 0x32, 0x9b, 0x51, + 0xd6, 0xaa, 0x18, 0xc9, 0xe6, 0xc6, 0xe3, 0x2c, 0x18, 0xe7, 0xf1, 0xa9, 0x56, 0x6b, 0x8b, 0x32, + 0x35, 0xcc, 0x58, 0x36, 0xb4, 0x9a, 0x2c, 0x5f, 0x83, 0x15, 0x86, 0xfd, 0xa9, 0x32, 0x5d, 0x85, + 0xfb, 0x94, 0x67, 0xba, 0x6f, 0xd1, 0x82, 0xd9, 0x11, 0x59, 0x19, 0x60, 0x44, 0xbe, 0x00, 0xa3, + 0xb7, 0x93, 0x30, 0x50, 0x91, 0x78, 0xd5, 0xbe, 0x91, 0x78, 0x06, 0x56, 0xef, 0x48, 0xbc, 0xa1, + 0xa2, 0x22, 0xf1, 0x86, 0x0f, 0x19, 0x89, 0xf7, 0xad, 0x2a, 0xa8, 0x0b, 0x01, 0xae, 0x93, 0xf4, + 0x4e, 0x18, 0x6f, 0x7a, 0x41, 0x8b, 0x65, 0x81, 0x7e, 0xdd, 0x82, 0x51, 0x3e, 0x5f, 0x16, 0xcc, + 0x4c, 0xaa, 0xf5, 0x82, 0x2a, 0xcd, 0x67, 0x98, 0x4d, 0xae, 0x1a, 0x8c, 0x72, 0xf7, 0xd8, 0x99, + 0x20, 0x9c, 0x91, 0x08, 0x7d, 0x1c, 0x40, 0xfa, 0x47, 0xd7, 0xa5, 0xca, 0x9c, 0x2f, 0x46, 0x3e, + 0x4c, 0xd6, 0xb5, 0x0d, 0xbc, 0xaa, 0x98, 0x60, 0x83, 0x21, 0xfa, 0x4c, 0xfe, 0xfe, 0xfa, 0x8f, + 0x1e, 0x4b, 0xdf, 0x0c, 0x92, 0x63, 0x86, 0x61, 0xd8, 0x0b, 0x5a, 0x74, 0x9c, 0x88, 0x88, 0xa5, + 0x77, 0xf5, 0xca, 0xa0, 0x5e, 0x08, 0x9d, 0x66, 0xc3, 0xf1, 0x9d, 0xc0, 0x25, 0xf1, 0x3c, 0x47, + 0x37, 0x6f, 0x6f, 0x65, 0x0d, 0x58, 0x12, 0xea, 0xba, 0x4a, 0xa1, 0x3a, 0xc8, 0x55, 0x0a, 0xe7, + 0x3f, 0x00, 0x63, 0x5d, 0x1f, 0xf3, 0x40, 0x29, 0x65, 0x87, 0xcf, 0x46, 0xb3, 0xff, 0xe9, 0x90, + 0x5e, 0xb4, 0xae, 0x87, 0x4d, 0x5e, 0xd0, 0x3f, 0xd6, 0x5f, 0x54, 0xd8, 0xb8, 0x05, 0x0e, 0x11, + 0xe3, 0x06, 0x58, 0xd5, 0x88, 0x4d, 0x96, 0x74, 0x8c, 0x46, 0x4e, 0x4c, 0x82, 0xe3, 0x1e, 0xa3, + 0xcb, 0x8a, 0x09, 0x36, 0x18, 0xa2, 0x8d, 0x4c, 0x4e, 0xc9, 0xe5, 0xa3, 0xe7, 0x94, 0xb0, 0xda, + 0x32, 0xbd, 0x6a, 0x70, 0x7f, 0xc9, 0x82, 0x93, 0x41, 0x66, 0xe4, 0x16, 0x13, 0x46, 0xda, 0x7b, + 0x56, 0xf0, 0xfb, 0x64, 0xb2, 0x6d, 0x38, 0xc7, 0xbf, 0xd7, 0x92, 0x56, 0x3d, 0xe0, 0x92, 0xa6, + 0x6f, 0x06, 0x19, 0xea, 0x77, 0x33, 0x08, 0x0a, 0xd4, 0xd5, 0x48, 0xc3, 0x85, 0x5f, 0x8d, 0x04, + 0x3d, 0xae, 0x45, 0xba, 0x05, 0x75, 0x37, 0x26, 0x4e, 0x7a, 0xc8, 0x5b, 0x72, 0xd8, 0x01, 0xfd, + 0x8c, 0x24, 0x80, 0x35, 0x2d, 0xfb, 0x7f, 0x57, 0xe0, 0xb4, 0xec, 0x11, 0x19, 0x82, 0x4e, 0xd7, + 0x47, 0xce, 0x57, 0x1b, 0xb7, 0x6a, 0x7d, 0xbc, 0x22, 0x01, 0x58, 0xe3, 0x50, 0x7b, 0xac, 0x93, + 0x90, 0xa5, 0x88, 0x04, 0x0b, 0xde, 0x5a, 0x22, 0xce, 0x39, 0xd5, 0x44, 0xb9, 0xa1, 0x41, 0xd8, + 0xc4, 0xa3, 0xc6, 0x38, 0xb7, 0x8b, 0x93, 0x7c, 0xfa, 0x8a, 0xb0, 0xb7, 0xb1, 0x84, 0xa3, 0x5f, + 0xe8, 0x59, 0x2f, 0xb2, 0x98, 0xc4, 0xad, 0xae, 0xc8, 0xfb, 0x03, 0x5e, 0xac, 0xf6, 0x37, 0x2c, + 0x38, 0xc7, 0x5b, 0x65, 0x4f, 0xde, 0x88, 0x9a, 0x4e, 0x4a, 0x92, 0x62, 0xea, 0x37, 0xf7, 0x90, + 0x4f, 0x3b, 0x79, 0x7b, 0xb1, 0xc5, 0xbd, 0xa5, 0x41, 0x5f, 0xb4, 0xe0, 0xd4, 0x66, 0x26, 0xd3, + 0x5f, 0x2e, 0x1d, 0x47, 0xac, 0x49, 0x93, 0x2d, 0x1f, 0xa0, 0xa7, 0x5a, 0xb6, 0x3d, 0xc1, 0x79, + 0xee, 0xf6, 0x9f, 0x58, 0x60, 0xaa, 0xd1, 0xc1, 0x2c, 0x40, 0xe3, 0x2a, 0xdb, 0xd2, 0x3e, 0x57, + 0xd9, 0x4a, 0x63, 0xb1, 0x3c, 0xd8, 0xe6, 0xa4, 0x72, 0x80, 0xcd, 0x49, 0xb5, 0xaf, 0x75, 0xf9, + 0x04, 0x94, 0x3b, 0x5e, 0x53, 0xec, 0x2f, 0xf4, 0xe9, 0xeb, 0xfc, 0x2c, 0xa6, 0xed, 0xf6, 0x3f, + 0xaa, 0x6a, 0xbf, 0x85, 0xc8, 0x8b, 0xfa, 0xbe, 0x78, 0xed, 0x75, 0x55, 0x62, 0x88, 0xbf, 0xf9, + 0xf5, 0xae, 0x12, 0x43, 0x3f, 0x72, 0xf0, 0xb4, 0x37, 0xde, 0x41, 0xfd, 0x2a, 0x0c, 0x0d, 0xef, + 0x93, 0xf3, 0x76, 0x1b, 0x6a, 0x74, 0x0b, 0xc6, 0x1c, 0x90, 0xb5, 0x8c, 0x50, 0xb5, 0x2b, 0xa2, + 0xfd, 0xee, 0xee, 0xc4, 0x0f, 0x1f, 0x5c, 0x2c, 0xf9, 0x34, 0x56, 0xf4, 0x51, 0x02, 0x75, 0xfa, + 0x9b, 0xa5, 0xe7, 0x89, 0xcd, 0xdd, 0x0d, 0xa5, 0x33, 0x25, 0xa0, 0x90, 0xdc, 0x3f, 0xcd, 0x07, + 0x05, 0x50, 0x67, 0x77, 0x50, 0x32, 0xa6, 0x7c, 0x0f, 0xb8, 0xac, 0x92, 0xe4, 0x24, 0xe0, 0xee, + 0xee, 0xc4, 0xcb, 0x07, 0x67, 0xaa, 0x1e, 0xc7, 0x9a, 0x85, 0xfd, 0xe5, 0x8a, 0x1e, 0xbb, 0xa2, + 0xb2, 0xd4, 0xf7, 0xc5, 0xd8, 0x7d, 0x29, 0x37, 0x76, 0x2f, 0x74, 0x8d, 0xdd, 0x93, 0xfa, 0xae, + 0xc4, 0xcc, 0x68, 0xbc, 0xdf, 0x86, 0xc0, 0xfe, 0xfe, 0x06, 0x66, 0x01, 0xbd, 0xd1, 0xf1, 0x62, + 0x92, 0x2c, 0xc7, 0x9d, 0xc0, 0x0b, 0x5a, 0xe2, 0x0e, 0x7c, 0xc3, 0x02, 0xca, 0x80, 0x71, 0x1e, + 0x9f, 0xdd, 0x9f, 0xbf, 0x13, 0xb8, 0xb7, 0x9c, 0x2d, 0x3e, 0xaa, 0x8c, 0x62, 0x3b, 0x2b, 0xa2, + 0x1d, 0x2b, 0x0c, 0xfb, 0x2d, 0x76, 0x96, 0x6d, 0xe4, 0x05, 0xd3, 0x31, 0xe1, 0xb3, 0x4b, 0x3f, + 0x79, 0xa5, 0x1e, 0x35, 0x26, 0xf8, 0x4d, 0x9f, 0x1c, 0x86, 0xee, 0xc0, 0xf0, 0x1a, 0xbf, 0xf5, + 0xaa, 0x98, 0xaa, 0xc4, 0xe2, 0x0a, 0x2d, 0x76, 0xb7, 0x81, 0xbc, 0x4f, 0xeb, 0xae, 0xfe, 0x89, + 0x25, 0x37, 0xfb, 0x9b, 0x15, 0x38, 0x95, 0xbb, 0x16, 0x32, 0x53, 0x23, 0xb1, 0xb4, 0x6f, 0x8d, + 0xc4, 0x8f, 0x00, 0x34, 0x49, 0xe4, 0x87, 0x3b, 0xcc, 0x1c, 0xab, 0x1c, 0xd8, 0x1c, 0x53, 0x16, + 0xfc, 0xac, 0xa2, 0x82, 0x0d, 0x8a, 0xa2, 0x3c, 0x11, 0x2f, 0xb9, 0x98, 0x2b, 0x4f, 0x64, 0xd4, + 0x2e, 0x1f, 0xba, 0xbf, 0xb5, 0xcb, 0x3d, 0x38, 0xc5, 0x45, 0x54, 0xd9, 0xb7, 0x87, 0x48, 0xb2, + 0x65, 0xf9, 0x0b, 0xb3, 0x59, 0x32, 0x38, 0x4f, 0xf7, 0x41, 0xde, 0xfa, 0x8a, 0xde, 0x03, 0x75, + 0xf9, 0x9d, 0x93, 0xf1, 0xba, 0xae, 0x60, 0x20, 0x87, 0x01, 0xbb, 0x8d, 0x55, 0xfc, 0xb4, 0xbf, + 0x50, 0xa2, 0xd6, 0x33, 0xff, 0xa7, 0x2a, 0xd1, 0x3c, 0x0d, 0x43, 0x4e, 0x27, 0xdd, 0x08, 0xbb, + 0x6e, 0xce, 0x9a, 0x66, 0xad, 0x58, 0x40, 0xd1, 0x02, 0x54, 0x9a, 0xba, 0xba, 0xc8, 0x41, 0x7a, + 0x51, 0x3b, 0x22, 0x9d, 0x94, 0x60, 0x46, 0x05, 0x3d, 0x0e, 0x95, 0xd4, 0x69, 0xc9, 0x44, 0x27, + 0x96, 0xdc, 0xba, 0xea, 0xb4, 0x12, 0xcc, 0x5a, 0xcd, 0x45, 0xb3, 0xb2, 0xcf, 0xa2, 0xf9, 0x32, + 0x9c, 0x48, 0xbc, 0x56, 0xe0, 0xa4, 0x9d, 0x98, 0x18, 0x87, 0x6b, 0x3a, 0x5e, 0xc2, 0x04, 0xe2, + 0x2c, 0xae, 0xfd, 0x9b, 0xa3, 0x70, 0x76, 0x65, 0x66, 0x51, 0x56, 0xca, 0x3d, 0xb6, 0x5c, 0xa5, + 0x5e, 0x3c, 0xee, 0x5f, 0xae, 0x52, 0x1f, 0xee, 0xbe, 0x91, 0xab, 0xe4, 0x1b, 0xb9, 0x4a, 0xd9, + 0xc4, 0x91, 0x72, 0x11, 0x89, 0x23, 0xbd, 0x24, 0x18, 0x24, 0x71, 0xe4, 0xd8, 0x92, 0x97, 0xee, + 0x29, 0xd0, 0x81, 0x92, 0x97, 0x54, 0x66, 0x57, 0x21, 0x21, 0xfd, 0x7d, 0x3e, 0x55, 0xcf, 0xcc, + 0x2e, 0x95, 0x55, 0xc3, 0xd3, 0x55, 0x84, 0x82, 0x7d, 0xad, 0x78, 0x01, 0x06, 0xc8, 0xaa, 0x11, + 0x19, 0x33, 0x66, 0x26, 0xd7, 0x70, 0x11, 0x99, 0x5c, 0xbd, 0xc4, 0xd9, 0x37, 0x93, 0xeb, 0x65, + 0x38, 0xe1, 0xfa, 0x61, 0x40, 0x96, 0xe3, 0x30, 0x0d, 0xdd, 0xd0, 0x17, 0xc6, 0xb4, 0x52, 0x09, + 0x33, 0x26, 0x10, 0x67, 0x71, 0xfb, 0xa5, 0x81, 0xd5, 0x8f, 0x9a, 0x06, 0x06, 0x0f, 0x28, 0x0d, + 0xec, 0x67, 0x75, 0xc2, 0xf2, 0x08, 0xfb, 0x22, 0x1f, 0x29, 0xfe, 0x8b, 0x0c, 0x92, 0xb5, 0x8c, + 0xbe, 0xca, 0xaf, 0xae, 0xa2, 0xe6, 0xe8, 0x4c, 0xd8, 0xa6, 0xe6, 0xd6, 0x28, 0xeb, 0x92, 0xd7, + 0x8f, 0x61, 0xc0, 0xde, 0x5a, 0xd1, 0x6c, 0xd4, 0x75, 0x56, 0xba, 0x09, 0x67, 0x05, 0x39, 0x4a, + 0x42, 0xf5, 0xd7, 0x4a, 0xf0, 0x03, 0xfb, 0x8a, 0x80, 0xee, 0x00, 0xa4, 0x4e, 0x4b, 0x0c, 0x54, + 0x71, 0x4c, 0x71, 0xc4, 0xa0, 0xc6, 0x55, 0x49, 0x8f, 0x57, 0x02, 0x51, 0x7f, 0xd9, 0x01, 0x80, + 0xfc, 0xcd, 0x62, 0x19, 0x43, 0xbf, 0xab, 0xea, 0x21, 0x0e, 0x7d, 0x82, 0x19, 0x84, 0x2e, 0xff, + 0x31, 0x69, 0xe9, 0xbb, 0x56, 0xd5, 0xe7, 0xc3, 0xac, 0x15, 0x0b, 0x28, 0x7a, 0x11, 0x46, 0x1c, + 0xdf, 0xe7, 0x59, 0x29, 0x24, 0x11, 0x77, 0x57, 0xe8, 0xca, 0x6d, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, + 0x8f, 0x4b, 0x30, 0xb1, 0x8f, 0x4e, 0xe9, 0xca, 0xb3, 0xab, 0x0e, 0x9c, 0x67, 0x27, 0x32, 0x03, + 0x86, 0xfa, 0x64, 0x06, 0xbc, 0x08, 0x23, 0x29, 0x71, 0xda, 0x22, 0x0c, 0x4a, 0xec, 0xbf, 0xf5, + 0xb9, 0xab, 0x06, 0x61, 0x13, 0x8f, 0x6a, 0xb1, 0x93, 0x8e, 0xeb, 0x92, 0x24, 0x91, 0xa1, 0xff, + 0xc2, 0x87, 0x59, 0x58, 0x5e, 0x01, 0x73, 0x0d, 0x4f, 0x67, 0x58, 0xe0, 0x1c, 0xcb, 0x7c, 0x87, + 0xd7, 0x07, 0xec, 0xf0, 0x6f, 0x94, 0xe0, 0x89, 0x7b, 0xae, 0x6e, 0x03, 0x67, 0x65, 0x74, 0x12, + 0x12, 0xe7, 0x07, 0xce, 0x8d, 0x84, 0xc4, 0x98, 0x41, 0x78, 0x2f, 0x45, 0x91, 0x71, 0x97, 0x6d, + 0xd1, 0x29, 0x43, 0xbc, 0x97, 0x32, 0x2c, 0x70, 0x8e, 0xe5, 0x61, 0x87, 0xe5, 0xdf, 0x29, 0xc1, + 0x53, 0x03, 0xd8, 0x00, 0x05, 0xa6, 0x56, 0x65, 0x13, 0xdc, 0xca, 0x0f, 0x28, 0x0f, 0xf1, 0x90, + 0xdd, 0xf5, 0x56, 0x09, 0xce, 0xf7, 0x5f, 0x8a, 0xd1, 0x8f, 0xd2, 0x3d, 0xbc, 0x8c, 0x7d, 0x32, + 0x73, 0xe3, 0xce, 0xf0, 0xfd, 0x7b, 0x06, 0x84, 0xf3, 0xb8, 0x68, 0x12, 0x20, 0x72, 0xd2, 0x8d, + 0xe4, 0xd2, 0xb6, 0x97, 0xa4, 0xa2, 0xf6, 0xcb, 0x49, 0x7e, 0x62, 0x24, 0x5b, 0xb1, 0x81, 0x41, + 0xd9, 0xb1, 0x7f, 0xb3, 0xe1, 0xf5, 0x30, 0xe5, 0x0f, 0xf1, 0x6d, 0xc4, 0x19, 0x59, 0x1f, 0xdf, + 0x00, 0xe1, 0x3c, 0x2e, 0x65, 0xc7, 0xce, 0x24, 0xb9, 0xa0, 0x7c, 0x7f, 0xc1, 0xd8, 0x2d, 0xa8, + 0x56, 0x6c, 0x60, 0xe4, 0xb3, 0xfe, 0xaa, 0xfb, 0x67, 0xfd, 0xd9, 0xff, 0xb0, 0x04, 0x8f, 0xf5, + 0x35, 0xe5, 0x06, 0x9b, 0x80, 0x0f, 0x5f, 0xa6, 0xde, 0xe1, 0xc6, 0xce, 0x01, 0x33, 0xca, 0xfe, + 0xb0, 0xcf, 0x48, 0x13, 0x19, 0x65, 0x87, 0x4f, 0xc9, 0x7e, 0xf8, 0xfa, 0xb3, 0x2b, 0x89, 0xac, + 0x72, 0x80, 0x24, 0xb2, 0xdc, 0xc7, 0xa8, 0x0e, 0x38, 0x91, 0xff, 0x6f, 0xff, 0xee, 0xa5, 0x5b, + 0xbf, 0x81, 0xbc, 0xa3, 0xb3, 0x70, 0xda, 0x0b, 0xd8, 0x5d, 0x29, 0x2b, 0x9d, 0x35, 0x51, 0x0e, + 0xa4, 0x94, 0xbd, 0xa9, 0x78, 0x3e, 0x07, 0xc7, 0x5d, 0x4f, 0x3c, 0x84, 0x49, 0x7d, 0x87, 0xeb, + 0xd2, 0x03, 0xa6, 0x95, 0x7e, 0x04, 0xea, 0x4a, 0x12, 0x1e, 0xd6, 0xac, 0x3e, 0x7f, 0x57, 0x58, + 0xb3, 0xfa, 0xf6, 0x06, 0x16, 0xed, 0x37, 0x6a, 0x9c, 0xe6, 0xc6, 0xf1, 0x35, 0xb2, 0xc3, 0x2c, + 0x55, 0xfb, 0xbd, 0x30, 0xaa, 0x3c, 0x1e, 0x83, 0x5e, 0x9f, 0x61, 0x7f, 0x79, 0x08, 0x4e, 0x64, + 0x8a, 0xe3, 0x65, 0x1c, 0x8c, 0xd6, 0xbe, 0x0e, 0x46, 0x16, 0xa6, 0xde, 0x09, 0xe4, 0xdd, 0x3a, + 0x46, 0x98, 0x7a, 0x27, 0x20, 0x98, 0xc3, 0xa8, 0xa1, 0xd9, 0x8c, 0x77, 0x70, 0x27, 0x10, 0xe1, + 0xa4, 0xca, 0xd0, 0x9c, 0x65, 0xad, 0x58, 0x40, 0xd1, 0x27, 0x2d, 0x18, 0x4d, 0x98, 0xf7, 0x9a, + 0xbb, 0x67, 0xc5, 0xe7, 0xbf, 0x7a, 0xf4, 0xda, 0x7f, 0xaa, 0x10, 0x24, 0x8b, 0x10, 0x31, 0x5b, + 0x70, 0x86, 0x23, 0xfa, 0x69, 0x0b, 0xea, 0xea, 0x0a, 0x00, 0x71, 0x01, 0xd6, 0x4a, 0xb1, 0xb5, + 0x07, 0xb9, 0x5f, 0x4f, 0x1d, 0x04, 0xe8, 0x3b, 0xbd, 0x35, 0x63, 0x94, 0x28, 0xdf, 0xe9, 0xf0, + 0xf1, 0xf8, 0x4e, 0xa1, 0x87, 0xdf, 0xf4, 0x3d, 0x50, 0x6f, 0x3b, 0x81, 0xb7, 0x4e, 0x92, 0x94, + 0xbb, 0x33, 0x65, 0x49, 0x54, 0xd9, 0x88, 0x35, 0x9c, 0x2e, 0x8d, 0x09, 0x7b, 0xb1, 0xd4, 0xf0, + 0x3f, 0xb2, 0xa5, 0x71, 0x45, 0x37, 0x63, 0x13, 0xc7, 0x74, 0x96, 0xc2, 0x03, 0x75, 0x96, 0x8e, + 0xec, 0xe3, 0x2c, 0xfd, 0x7b, 0x16, 0x9c, 0xeb, 0xf9, 0xd5, 0x1e, 0xde, 0xc0, 0x3f, 0xfb, 0x2b, + 0x55, 0x38, 0xd3, 0xa3, 0xca, 0x25, 0xda, 0x31, 0xc7, 0xb3, 0x55, 0xc4, 0x19, 0x7a, 0xf6, 0x48, + 0x58, 0x76, 0x63, 0x8f, 0x41, 0x7c, 0xb0, 0xa3, 0x0a, 0x7d, 0x5c, 0x50, 0xbe, 0xbf, 0xc7, 0x05, + 0xc6, 0xb0, 0xac, 0x3c, 0xd0, 0x61, 0x59, 0xbd, 0xf7, 0xb0, 0x44, 0xbf, 0x66, 0xc1, 0x78, 0xbb, + 0x4f, 0x69, 0x75, 0xe1, 0x02, 0xbc, 0x79, 0x3c, 0x85, 0xdb, 0x1b, 0x8f, 0xef, 0xed, 0x4e, 0xf4, + 0xad, 0x68, 0x8f, 0xfb, 0x4a, 0x65, 0x7f, 0xa7, 0x0c, 0xac, 0xc4, 0x2a, 0xab, 0x64, 0xb6, 0x83, + 0x3e, 0x61, 0x16, 0xcb, 0xb5, 0x8a, 0x2a, 0xec, 0xca, 0x89, 0xab, 0x62, 0xbb, 0xbc, 0x07, 0x7b, + 0xd5, 0xde, 0xcd, 0x2b, 0xad, 0xd2, 0x00, 0x4a, 0xcb, 0x97, 0x55, 0x89, 0xcb, 0xc5, 0x57, 0x25, + 0xae, 0xe7, 0x2b, 0x12, 0xdf, 0xfb, 0x13, 0x57, 0x1e, 0xca, 0x4f, 0xfc, 0xd7, 0x2c, 0xae, 0x78, + 0x72, 0x5f, 0x41, 0x5b, 0x06, 0xd6, 0x3d, 0x2c, 0x83, 0x67, 0xd9, 0xed, 0xec, 0xeb, 0x57, 0x88, + 0xe3, 0x0b, 0x0b, 0xc2, 0xbc, 0x68, 0x9d, 0xb5, 0x63, 0x85, 0xc1, 0x2e, 0x2b, 0xf4, 0xfd, 0xf0, + 0xce, 0xa5, 0x76, 0x94, 0xee, 0x08, 0x5b, 0x42, 0x5f, 0x56, 0xa8, 0x20, 0xd8, 0xc0, 0xb2, 0xff, + 0x7a, 0x89, 0x8f, 0x40, 0x11, 0x04, 0xf0, 0x52, 0xee, 0x7a, 0xa9, 0xc1, 0xcf, 0xcf, 0x3f, 0x06, + 0xe0, 0xaa, 0x8b, 0x99, 0xc5, 0xe9, 0xcc, 0x95, 0x23, 0xdf, 0x1a, 0x2b, 0xe8, 0xe9, 0xd7, 0xd0, + 0x6d, 0xd8, 0xe0, 0x97, 0xd1, 0xa5, 0xe5, 0x7d, 0x75, 0x69, 0x46, 0xad, 0x54, 0xf6, 0x59, 0xed, + 0xfe, 0xd8, 0x82, 0x8c, 0x45, 0x84, 0x22, 0xa8, 0x52, 0x71, 0x77, 0x8a, 0xb9, 0x73, 0xda, 0x24, + 0x4d, 0x55, 0xa3, 0x18, 0xf6, 0xec, 0x27, 0xe6, 0x8c, 0x90, 0x2f, 0x62, 0x05, 0x4a, 0x45, 0xdc, + 0x8b, 0x6e, 0x32, 0xbc, 0x12, 0x86, 0x9b, 0xfc, 0x88, 0x51, 0xc7, 0x1d, 0xd8, 0x2f, 0xc1, 0x58, + 0x97, 0x50, 0xec, 0x26, 0x99, 0x50, 0x5e, 0xb4, 0x6d, 0x0c, 0x57, 0x96, 0xc0, 0x88, 0x39, 0xcc, + 0x7e, 0xcb, 0x82, 0xd3, 0x79, 0xf2, 0xe8, 0xab, 0x16, 0x8c, 0x25, 0x79, 0x7a, 0xc7, 0xd5, 0x77, + 0x2a, 0xde, 0xaf, 0x0b, 0x84, 0xbb, 0x85, 0xb0, 0xff, 0x8f, 0x18, 0xfc, 0xb7, 0xbc, 0xa0, 0x19, + 0xde, 0x51, 0x86, 0x89, 0xd5, 0xd7, 0x30, 0xa1, 0xf3, 0xd1, 0xdd, 0x20, 0xcd, 0x8e, 0xdf, 0x95, + 0x39, 0xb9, 0x22, 0xda, 0xb1, 0xc2, 0x60, 0x89, 0x62, 0x1d, 0x51, 0xb6, 0x3c, 0x37, 0x28, 0x67, + 0x45, 0x3b, 0x56, 0x18, 0xe8, 0x05, 0x18, 0x35, 0x2f, 0x93, 0x17, 0xe3, 0x92, 0x19, 0xe4, 0xe6, + 0xbd, 0xf3, 0x38, 0x83, 0x85, 0x26, 0x01, 0x94, 0x91, 0x23, 0x97, 0x48, 0xe6, 0xb2, 0x51, 0x9a, + 0x28, 0xc1, 0x06, 0x06, 0x4b, 0xcb, 0xe4, 0x37, 0xb6, 0xcb, 0xa8, 0x58, 0x9e, 0x96, 0x29, 0xda, + 0xb0, 0x82, 0x52, 0x6d, 0xd2, 0x76, 0x82, 0x8e, 0xe3, 0xd3, 0x1e, 0x12, 0xb9, 0xe4, 0x6a, 0x1a, + 0x2e, 0x2a, 0x08, 0x36, 0xb0, 0xe8, 0x1b, 0xa7, 0x5e, 0x9b, 0xbc, 0x1a, 0x06, 0x32, 0x4e, 0x4b, + 0x1f, 0xc0, 0x88, 0x76, 0xac, 0x30, 0xec, 0xff, 0x6c, 0xc1, 0x29, 0x9d, 0xe4, 0xcd, 0xef, 0x8c, + 0x35, 0xf7, 0x8c, 0xd6, 0xbe, 0xf9, 0xeb, 0xd9, 0xec, 0xd7, 0xd2, 0x40, 0xd9, 0xaf, 0x66, 0x62, + 0x6a, 0xf9, 0x9e, 0x89, 0xa9, 0x3f, 0xa8, 0xef, 0x23, 0xe4, 0x19, 0xac, 0x23, 0xbd, 0xee, 0x22, + 0x44, 0x36, 0x0c, 0xb9, 0x8e, 0xaa, 0x70, 0x32, 0xca, 0xf7, 0x0e, 0x33, 0xd3, 0x0c, 0x49, 0x40, + 0xec, 0x25, 0xa8, 0xab, 0x73, 0x08, 0xb9, 0x51, 0xb5, 0x7a, 0x6f, 0x54, 0x07, 0x4a, 0x90, 0x6b, + 0xac, 0x7d, 0xf3, 0xbb, 0x4f, 0xbe, 0xe3, 0x77, 0xbf, 0xfb, 0xe4, 0x3b, 0xfe, 0xe0, 0xbb, 0x4f, + 0xbe, 0xe3, 0x93, 0x7b, 0x4f, 0x5a, 0xdf, 0xdc, 0x7b, 0xd2, 0xfa, 0xdd, 0xbd, 0x27, 0xad, 0x3f, + 0xd8, 0x7b, 0xd2, 0xfa, 0xce, 0xde, 0x93, 0xd6, 0x97, 0xfe, 0xc3, 0x93, 0xef, 0x78, 0xb5, 0x67, + 0xa0, 0x1e, 0xfd, 0xf1, 0x9c, 0xdb, 0x9c, 0xda, 0xba, 0xc8, 0x62, 0xc5, 0xe8, 0xf4, 0x9a, 0x32, + 0xc6, 0xd4, 0x94, 0x9c, 0x5e, 0xff, 0x3f, 0x00, 0x00, 0xff, 0xff, 0xc3, 0xee, 0x24, 0x07, 0x84, + 0xd9, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -13037,16 +13036,6 @@ func (m *SCMProviderGeneratorGitlab) MarshalToSizedBuffer(dAtA []byte) (int, err _ = i var l int _ = l - if m.IncludeSharedProjects != nil { - i-- - if *m.IncludeSharedProjects { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x38 - } i-- if m.Insecure { dAtA[i] = 1 @@ -16884,9 +16873,6 @@ func (m *SCMProviderGeneratorGitlab) Size() (n int) { } n += 2 n += 2 - if m.IncludeSharedProjects != nil { - n += 2 - } return n } @@ -19458,7 +19444,6 @@ func (this *SCMProviderGeneratorGitlab) String() string { `TokenRef:` + strings.Replace(this.TokenRef.String(), "SecretRef", "SecretRef", 1) + `,`, `AllBranches:` + fmt.Sprintf("%v", this.AllBranches) + `,`, `Insecure:` + fmt.Sprintf("%v", this.Insecure) + `,`, - `IncludeSharedProjects:` + valueToStringGenerated(this.IncludeSharedProjects) + `,`, `}`, }, "") return s @@ -46354,27 +46339,6 @@ func (m *SCMProviderGeneratorGitlab) Unmarshal(dAtA []byte) error { } } m.Insecure = bool(v != 0) - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field IncludeSharedProjects", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - b := bool(v != 0) - m.IncludeSharedProjects = &b default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index 7291baf390a11..ee76a7585f99c 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -130,14 +130,14 @@ message ApplicationCondition { // ApplicationDestination holds information about the application's destination message ApplicationDestination { - // Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set. + // Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API optional string server = 1; // Namespace specifies the target namespace for the application's resources. // The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace optional string namespace = 2; - // Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set. + // Name is an alternate way of specifying the target cluster by its symbolic name optional string name = 3; } @@ -2032,9 +2032,6 @@ message SCMProviderGeneratorGitlab { // Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false optional bool insecure = 6; - - // When recursing through subgroups, also include shared Projects (true) or scan only the subgroups under same path (false). Defaults to "true" - optional bool includeSharedProjects = 7; } // Utility struct for a reference to a secret key. diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index 9acb42e4e732c..3caf488c4b5e5 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -595,7 +595,7 @@ func schema_pkg_apis_application_v1alpha1_ApplicationDestination(ref common.Refe Properties: map[string]spec.Schema{ "server": { SchemaProps: spec.SchemaProps{ - Description: "Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.", + Description: "Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API", Type: []string{"string"}, Format: "", }, @@ -609,7 +609,7 @@ func schema_pkg_apis_application_v1alpha1_ApplicationDestination(ref common.Refe }, "name": { SchemaProps: spec.SchemaProps{ - Description: "Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.", + Description: "Name is an alternate way of specifying the target cluster by its symbolic name", Type: []string{"string"}, Format: "", }, @@ -6949,13 +6949,6 @@ func schema_pkg_apis_application_v1alpha1_SCMProviderGeneratorGitlab(ref common. Format: "", }, }, - "includeSharedProjects": { - SchemaProps: spec.SchemaProps{ - Description: "When recursing through subgroups, also include shared Projects (true) or scan only the subgroups under same path (false). Defaults to \"true\"", - Type: []string{"boolean"}, - Format: "", - }, - }, }, Required: []string{"group"}, }, diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index 4bf07fc2317da..2eb5166c7d1ea 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -860,12 +860,12 @@ func (c *ApplicationSourcePlugin) RemoveEnvEntry(key string) error { // ApplicationDestination holds information about the application's destination type ApplicationDestination struct { - // Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set. + // Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API Server string `json:"server,omitempty" protobuf:"bytes,1,opt,name=server"` // Namespace specifies the target namespace for the application's resources. // The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"` - // Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set. + // Name is an alternate way of specifying the target cluster by its symbolic name Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"` // nolint:govet @@ -2862,12 +2862,7 @@ func (c *Cluster) RawRestConfig() *rest.Config { if exists { config, err = clientcmd.BuildConfigFromFlags("", conf) } else { - var homeDir string - homeDir, err = os.UserHomeDir() - if err != nil { - homeDir = "" - } - config, err = clientcmd.BuildConfigFromFlags("", filepath.Join(homeDir, ".kube", "config")) + config, err = clientcmd.BuildConfigFromFlags("", filepath.Join(os.Getenv("HOME"), ".kube", "config")) } } else if c.Server == KubernetesInternalAPIServerAddr && c.Config.Username == "" && c.Config.Password == "" && c.Config.BearerToken == "" { config, err = rest.InClusterConfig() diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index fdabb9b009571..aa629529a25e9 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -3156,7 +3156,7 @@ func TestGetCAPath(t *testing.T) { if err != nil { panic(err) } - t.Setenv(argocdcommon.EnvVarTLSDataPath, temppath) + os.Setenv(argocdcommon.EnvVarTLSDataPath, temppath) validcert := []string{ "https://foo.example.com", "oci://foo.example.com", diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index 79b97e330ad09..8d10b219f0be0 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -3799,11 +3799,6 @@ func (in *SCMProviderGeneratorGitlab) DeepCopyInto(out *SCMProviderGeneratorGitl *out = new(SecretRef) **out = **in } - if in.IncludeSharedProjects != nil { - in, out := &in.IncludeSharedProjects, &out.IncludeSharedProjects - *out = new(bool) - **out = **in - } return } diff --git a/reposerver/apiclient/clientset.go b/reposerver/apiclient/clientset.go index 4a42235b7049c..417dc758ef5bd 100644 --- a/reposerver/apiclient/clientset.go +++ b/reposerver/apiclient/clientset.go @@ -9,7 +9,6 @@ import ( grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry" log "github.com/sirupsen/logrus" - "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" "google.golang.org/grpc" "google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials/insecure" @@ -67,8 +66,8 @@ func NewConnection(address string, timeoutSeconds int, tlsConfig *TLSConfigurati grpc.WithStreamInterceptor(grpc_retry.StreamClientInterceptor(retryOpts...)), grpc.WithUnaryInterceptor(grpc_middleware.ChainUnaryClient(unaryInterceptors...)), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(MaxGRPCMessageSize), grpc.MaxCallSendMsgSize(MaxGRPCMessageSize)), - grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor()), - grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor()), + grpc.WithUnaryInterceptor(argogrpc.OTELUnaryClientInterceptor()), + grpc.WithStreamInterceptor(argogrpc.OTELStreamClientInterceptor()), } tlsC := &tls.Config{} diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 4c05248b87e16..3dcacedd00933 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -46,21 +46,17 @@ type ManifestRequest struct { KubeVersion string `protobuf:"bytes,14,opt,name=kubeVersion,proto3" json:"kubeVersion,omitempty"` ApiVersions []string `protobuf:"bytes,15,rep,name=apiVersions,proto3" json:"apiVersions,omitempty"` // Request to verify the signature when generating the manifests (only for Git repositories) - VerifySignature bool `protobuf:"varint,16,opt,name=verifySignature,proto3" json:"verifySignature,omitempty"` - HelmRepoCreds []*v1alpha1.RepoCreds `protobuf:"bytes,17,rep,name=helmRepoCreds,proto3" json:"helmRepoCreds,omitempty"` - NoRevisionCache bool `protobuf:"varint,18,opt,name=noRevisionCache,proto3" json:"noRevisionCache,omitempty"` - TrackingMethod string `protobuf:"bytes,19,opt,name=trackingMethod,proto3" json:"trackingMethod,omitempty"` - EnabledSourceTypes map[string]bool `protobuf:"bytes,20,rep,name=enabledSourceTypes,proto3" json:"enabledSourceTypes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` - HelmOptions *v1alpha1.HelmOptions `protobuf:"bytes,21,opt,name=helmOptions,proto3" json:"helmOptions,omitempty"` - HasMultipleSources bool `protobuf:"varint,22,opt,name=hasMultipleSources,proto3" json:"hasMultipleSources,omitempty"` - RefSources map[string]*v1alpha1.RefTarget `protobuf:"bytes,23,rep,name=refSources,proto3" json:"refSources,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // This is used to surface "source not permitted" errors for Helm repositories - ProjectSourceRepos []string `protobuf:"bytes,24,rep,name=projectSourceRepos,proto3" json:"projectSourceRepos,omitempty"` - // This is used to surface "source not permitted" errors for Helm repositories - ProjectName string `protobuf:"bytes,25,opt,name=projectName,proto3" json:"projectName,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + VerifySignature bool `protobuf:"varint,16,opt,name=verifySignature,proto3" json:"verifySignature,omitempty"` + HelmRepoCreds []*v1alpha1.RepoCreds `protobuf:"bytes,17,rep,name=helmRepoCreds,proto3" json:"helmRepoCreds,omitempty"` + NoRevisionCache bool `protobuf:"varint,18,opt,name=noRevisionCache,proto3" json:"noRevisionCache,omitempty"` + TrackingMethod string `protobuf:"bytes,19,opt,name=trackingMethod,proto3" json:"trackingMethod,omitempty"` + EnabledSourceTypes map[string]bool `protobuf:"bytes,20,rep,name=enabledSourceTypes,proto3" json:"enabledSourceTypes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` + HelmOptions *v1alpha1.HelmOptions `protobuf:"bytes,21,opt,name=helmOptions,proto3" json:"helmOptions,omitempty"` + HasMultipleSources bool `protobuf:"varint,22,opt,name=hasMultipleSources,proto3" json:"hasMultipleSources,omitempty"` + RefSources map[string]*v1alpha1.RefTarget `protobuf:"bytes,23,rep,name=refSources,proto3" json:"refSources,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *ManifestRequest) Reset() { *m = ManifestRequest{} } @@ -236,20 +232,6 @@ func (m *ManifestRequest) GetRefSources() map[string]*v1alpha1.RefTarget { return nil } -func (m *ManifestRequest) GetProjectSourceRepos() []string { - if m != nil { - return m.ProjectSourceRepos - } - return nil -} - -func (m *ManifestRequest) GetProjectName() string { - if m != nil { - return m.ProjectName - } - return "" -} - type ManifestRequestWithFiles struct { // Types that are valid to be assigned to Part: // *ManifestRequestWithFiles_Request @@ -2189,140 +2171,138 @@ func init() { } var fileDescriptor_dd8723cfcc820480 = []byte{ - // 2114 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5a, 0x5b, 0x6f, 0x1b, 0xc7, - 0x15, 0xe6, 0x92, 0xba, 0x90, 0x47, 0xb2, 0x44, 0x8d, 0x75, 0x59, 0x31, 0x8e, 0xa0, 0x6c, 0x6b, - 0x43, 0xb5, 0x13, 0x12, 0x92, 0x91, 0xb8, 0x70, 0xd2, 0x14, 0x8a, 0x62, 0x4b, 0x8e, 0x2d, 0x5b, - 0x5d, 0xbb, 0x2d, 0xd2, 0xba, 0x2d, 0x86, 0xcb, 0x21, 0xb9, 0xe1, 0x5e, 0xc6, 0xbb, 0xb3, 0x0a, - 0x64, 0xa0, 0x0f, 0x45, 0x8b, 0x02, 0xfd, 0x03, 0x7d, 0xe8, 0xff, 0x28, 0xfa, 0x54, 0xf4, 0xa9, - 0x97, 0xc7, 0xa0, 0x7f, 0xa0, 0x85, 0x1f, 0xfb, 0x2b, 0x8a, 0xb9, 0xec, 0x95, 0x2b, 0xd9, 0x29, - 0x65, 0x19, 0xcd, 0x8b, 0xbd, 0x73, 0xe6, 0xcc, 0x39, 0x67, 0xce, 0x9c, 0xcb, 0x37, 0x43, 0xc1, - 0xb5, 0x80, 0x50, 0x3f, 0x24, 0xc1, 0x31, 0x09, 0x3a, 0xe2, 0xd3, 0x66, 0x7e, 0x70, 0x92, 0xf9, - 0x6c, 0xd3, 0xc0, 0x67, 0x3e, 0x82, 0x94, 0xd2, 0x7a, 0x30, 0xb0, 0xd9, 0x30, 0xea, 0xb6, 0x2d, - 0xdf, 0xed, 0xe0, 0x60, 0xe0, 0xd3, 0xc0, 0xff, 0x42, 0x7c, 0xbc, 0x67, 0xf5, 0x3a, 0xc7, 0x3b, - 0x1d, 0x3a, 0x1a, 0x74, 0x30, 0xb5, 0xc3, 0x0e, 0xa6, 0xd4, 0xb1, 0x2d, 0xcc, 0x6c, 0xdf, 0xeb, - 0x1c, 0x6f, 0x63, 0x87, 0x0e, 0xf1, 0x76, 0x67, 0x40, 0x3c, 0x12, 0x60, 0x46, 0x7a, 0x52, 0x72, - 0xeb, 0xad, 0x81, 0xef, 0x0f, 0x1c, 0xd2, 0x11, 0xa3, 0x6e, 0xd4, 0xef, 0x10, 0x97, 0x32, 0xa5, - 0xd6, 0xf8, 0xcf, 0x3c, 0x2c, 0x1e, 0x62, 0xcf, 0xee, 0x93, 0x90, 0x99, 0xe4, 0x59, 0x44, 0x42, - 0x86, 0x9e, 0xc2, 0x14, 0x37, 0x46, 0xd7, 0x36, 0xb5, 0xad, 0xb9, 0x9d, 0x83, 0x76, 0x6a, 0x4d, - 0x3b, 0xb6, 0x46, 0x7c, 0xfc, 0xc2, 0xea, 0xb5, 0x8f, 0x77, 0xda, 0x74, 0x34, 0x68, 0x73, 0x6b, - 0xda, 0x19, 0x6b, 0xda, 0xb1, 0x35, 0x6d, 0x33, 0xd9, 0x96, 0x29, 0xa4, 0xa2, 0x16, 0xd4, 0x03, - 0x72, 0x6c, 0x87, 0xb6, 0xef, 0xe9, 0xd5, 0x4d, 0x6d, 0xab, 0x61, 0x26, 0x63, 0xa4, 0xc3, 0xac, - 0xe7, 0xef, 0x61, 0x6b, 0x48, 0xf4, 0xda, 0xa6, 0xb6, 0x55, 0x37, 0xe3, 0x21, 0xda, 0x84, 0x39, - 0x4c, 0xe9, 0x03, 0xdc, 0x25, 0xce, 0x7d, 0x72, 0xa2, 0x4f, 0x89, 0x85, 0x59, 0x12, 0x5f, 0x8b, - 0x29, 0x7d, 0x88, 0x5d, 0xa2, 0x4f, 0x8b, 0xd9, 0x78, 0x88, 0xae, 0x40, 0xc3, 0xc3, 0x2e, 0x09, - 0x29, 0xb6, 0x88, 0x5e, 0x17, 0x73, 0x29, 0x01, 0xfd, 0x12, 0x96, 0x32, 0x86, 0x3f, 0xf6, 0xa3, - 0xc0, 0x22, 0x3a, 0x88, 0xad, 0x3f, 0x9a, 0x6c, 0xeb, 0xbb, 0x45, 0xb1, 0xe6, 0xb8, 0x26, 0xf4, - 0x73, 0x98, 0x16, 0x27, 0xaf, 0xcf, 0x6d, 0xd6, 0xce, 0xd5, 0xdb, 0x52, 0x2c, 0xf2, 0x60, 0x96, - 0x3a, 0xd1, 0xc0, 0xf6, 0x42, 0x7d, 0x5e, 0x68, 0x78, 0x32, 0x99, 0x86, 0x3d, 0xdf, 0xeb, 0xdb, - 0x83, 0x43, 0xec, 0xe1, 0x01, 0x71, 0x89, 0xc7, 0x8e, 0x84, 0x70, 0x33, 0x56, 0x82, 0x9e, 0x43, - 0x73, 0x14, 0x85, 0xcc, 0x77, 0xed, 0xe7, 0xe4, 0x11, 0xe5, 0x6b, 0x43, 0xfd, 0x92, 0xf0, 0xe6, - 0xc3, 0xc9, 0x14, 0xdf, 0x2f, 0x48, 0x35, 0xc7, 0xf4, 0xf0, 0x20, 0x19, 0x45, 0x5d, 0xf2, 0x23, - 0x12, 0x88, 0xe8, 0x5a, 0x90, 0x41, 0x92, 0x21, 0xc9, 0x30, 0xb2, 0xd5, 0x28, 0xd4, 0x17, 0x37, - 0x6b, 0x32, 0x8c, 0x12, 0x12, 0xda, 0x82, 0xc5, 0x63, 0x12, 0xd8, 0xfd, 0x93, 0xc7, 0xf6, 0xc0, - 0xc3, 0x2c, 0x0a, 0x88, 0xde, 0x14, 0xa1, 0x58, 0x24, 0x23, 0x17, 0x2e, 0x0d, 0x89, 0xe3, 0x72, - 0x97, 0xef, 0x05, 0xa4, 0x17, 0xea, 0x4b, 0xc2, 0xbf, 0xfb, 0x93, 0x9f, 0xa0, 0x10, 0x67, 0xe6, - 0xa5, 0x73, 0xc3, 0x3c, 0xdf, 0x54, 0x99, 0x22, 0x73, 0x04, 0x49, 0xc3, 0x0a, 0x64, 0x74, 0x0d, - 0x16, 0x58, 0x80, 0xad, 0x91, 0xed, 0x0d, 0x0e, 0x09, 0x1b, 0xfa, 0x3d, 0xfd, 0xb2, 0xf0, 0x44, - 0x81, 0x8a, 0x2c, 0x40, 0xc4, 0xc3, 0x5d, 0x87, 0xf4, 0x64, 0x2c, 0x3e, 0x39, 0xa1, 0x24, 0xd4, - 0x97, 0xc5, 0x2e, 0x6e, 0xb6, 0x33, 0x15, 0xaa, 0x50, 0x20, 0xda, 0x77, 0xc6, 0x56, 0xdd, 0xf1, - 0x58, 0x70, 0x62, 0x96, 0x88, 0x43, 0x23, 0x98, 0xe3, 0xfb, 0x88, 0x43, 0x61, 0x45, 0x84, 0xc2, - 0xbd, 0xc9, 0x7c, 0x74, 0x90, 0x0a, 0x34, 0xb3, 0xd2, 0x51, 0x1b, 0xd0, 0x10, 0x87, 0x87, 0x91, - 0xc3, 0x6c, 0xea, 0x10, 0x69, 0x46, 0xa8, 0xaf, 0x0a, 0x37, 0x95, 0xcc, 0xa0, 0xfb, 0x00, 0x01, - 0xe9, 0xc7, 0x7c, 0x6b, 0x62, 0xe7, 0x37, 0xce, 0xda, 0xb9, 0x99, 0x70, 0xcb, 0x1d, 0x67, 0x96, - 0x73, 0xe5, 0x7c, 0x1b, 0xc4, 0x62, 0x2a, 0xdb, 0x45, 0x5a, 0xeb, 0x22, 0xc4, 0x4a, 0x66, 0x78, - 0x2c, 0x2a, 0xaa, 0x28, 0x5a, 0xeb, 0x32, 0x5a, 0x33, 0xa4, 0xd6, 0x1d, 0x58, 0x3b, 0xc5, 0xd5, - 0xa8, 0x09, 0xb5, 0x11, 0x39, 0x11, 0x25, 0xba, 0x61, 0xf2, 0x4f, 0xb4, 0x0c, 0xd3, 0xc7, 0xd8, - 0x89, 0x88, 0x28, 0xaa, 0x75, 0x53, 0x0e, 0x6e, 0x57, 0xbf, 0xab, 0xb5, 0x7e, 0xab, 0xc1, 0x62, - 0xc1, 0xf0, 0x92, 0xf5, 0x3f, 0xcb, 0xae, 0x3f, 0x87, 0x30, 0xee, 0x3f, 0xc1, 0xc1, 0x80, 0xb0, - 0x8c, 0x21, 0xc6, 0x3f, 0x35, 0xd0, 0x0b, 0x1e, 0xfd, 0xb1, 0xcd, 0x86, 0x77, 0x6d, 0x87, 0x84, - 0xe8, 0x16, 0xcc, 0x06, 0x92, 0xa6, 0x1a, 0xcf, 0x5b, 0x67, 0x1c, 0xc4, 0x41, 0xc5, 0x8c, 0xb9, - 0xd1, 0xc7, 0x50, 0x77, 0x09, 0xc3, 0x3d, 0xcc, 0xb0, 0xb2, 0x7d, 0xb3, 0x6c, 0x25, 0xd7, 0x72, - 0xa8, 0xf8, 0x0e, 0x2a, 0x66, 0xb2, 0x06, 0xbd, 0x0f, 0xd3, 0xd6, 0x30, 0xf2, 0x46, 0xa2, 0xe5, - 0xcc, 0xed, 0xbc, 0x7d, 0xda, 0xe2, 0x3d, 0xce, 0x74, 0x50, 0x31, 0x25, 0xf7, 0x27, 0x33, 0x30, - 0x45, 0x71, 0xc0, 0x8c, 0xbb, 0xb0, 0x5c, 0xa6, 0x82, 0xf7, 0x39, 0x6b, 0x48, 0xac, 0x51, 0x18, - 0xb9, 0xca, 0xcd, 0xc9, 0x18, 0x21, 0x98, 0x0a, 0xed, 0xe7, 0xd2, 0xd5, 0x35, 0x53, 0x7c, 0x1b, - 0xdf, 0x81, 0xa5, 0x31, 0x6d, 0xfc, 0x50, 0xa5, 0x6d, 0x5c, 0xc2, 0xbc, 0x52, 0x6d, 0x44, 0xb0, - 0xf2, 0x44, 0xf8, 0x22, 0x29, 0xf6, 0x17, 0xd1, 0xb9, 0x8d, 0x03, 0x58, 0x2d, 0xaa, 0x0d, 0xa9, - 0xef, 0x85, 0x84, 0x87, 0xbe, 0xa8, 0x8e, 0x36, 0xe9, 0xa5, 0xb3, 0xc2, 0x8a, 0xba, 0x59, 0x32, - 0x63, 0xfc, 0xaa, 0x0a, 0xab, 0x26, 0x09, 0x7d, 0xe7, 0x98, 0xc4, 0xa5, 0xeb, 0x62, 0xc0, 0xc7, - 0x4f, 0xa1, 0x86, 0x29, 0x55, 0x61, 0x72, 0xef, 0xdc, 0xda, 0xbb, 0xc9, 0xa5, 0xa2, 0x77, 0x61, - 0x09, 0xbb, 0x5d, 0x7b, 0x10, 0xf9, 0x51, 0x18, 0x6f, 0x4b, 0x04, 0x55, 0xc3, 0x1c, 0x9f, 0x30, - 0x2c, 0x58, 0x1b, 0x73, 0x81, 0x72, 0x67, 0x16, 0x22, 0x69, 0x05, 0x88, 0x54, 0xaa, 0xa4, 0x7a, - 0x9a, 0x92, 0xbf, 0x69, 0xd0, 0x4c, 0x53, 0x47, 0x89, 0xbf, 0x02, 0x0d, 0x57, 0xd1, 0x42, 0x5d, - 0x13, 0xf5, 0x29, 0x25, 0xe4, 0xd1, 0x52, 0xb5, 0x88, 0x96, 0x56, 0x61, 0x46, 0x82, 0x59, 0xb5, - 0x31, 0x35, 0xca, 0x99, 0x3c, 0x55, 0x30, 0x79, 0x03, 0x20, 0x4c, 0xea, 0x97, 0x3e, 0x23, 0x66, - 0x33, 0x14, 0x64, 0xc0, 0xbc, 0xec, 0xad, 0x26, 0x09, 0x23, 0x87, 0xe9, 0xb3, 0x82, 0x23, 0x47, - 0x33, 0x7c, 0x58, 0x7c, 0x60, 0xf3, 0x3d, 0xf4, 0xc3, 0x8b, 0x09, 0xf6, 0x0f, 0x60, 0x8a, 0x2b, - 0xe3, 0x1b, 0xeb, 0x06, 0xd8, 0xb3, 0x86, 0x24, 0xf6, 0x55, 0x32, 0xe6, 0x69, 0xcc, 0xf0, 0x20, - 0xd4, 0xab, 0x82, 0x2e, 0xbe, 0x8d, 0x3f, 0x55, 0xa5, 0xa5, 0xbb, 0x94, 0x86, 0x6f, 0x1e, 0x50, - 0x97, 0xb7, 0xf8, 0xda, 0x78, 0x8b, 0x2f, 0x98, 0xfc, 0x75, 0x5a, 0xfc, 0x39, 0xb5, 0x29, 0x23, - 0x82, 0xd9, 0x5d, 0x4a, 0xb9, 0x21, 0x68, 0x1b, 0xa6, 0x30, 0xa5, 0xd2, 0xe1, 0x85, 0x8a, 0xac, - 0x58, 0xf8, 0xff, 0xca, 0x24, 0xc1, 0xda, 0xba, 0x05, 0x8d, 0x84, 0xf4, 0x32, 0xb5, 0x8d, 0xac, - 0xda, 0x4d, 0x00, 0x89, 0x61, 0xef, 0x79, 0x7d, 0x9f, 0x1f, 0x29, 0x0f, 0x76, 0xb5, 0x54, 0x7c, - 0x1b, 0xb7, 0x63, 0x0e, 0x61, 0xdb, 0xbb, 0x30, 0x6d, 0x33, 0xe2, 0xc6, 0xc6, 0xad, 0x66, 0x8d, - 0x4b, 0x05, 0x99, 0x92, 0xc9, 0xf8, 0x7b, 0x1d, 0xd6, 0xf9, 0x89, 0x3d, 0x16, 0x69, 0xb2, 0x4b, - 0xe9, 0xa7, 0x84, 0x61, 0xdb, 0x09, 0x7f, 0x10, 0x91, 0xe0, 0xe4, 0x35, 0x07, 0xc6, 0x00, 0x66, - 0x64, 0x96, 0xa9, 0x7a, 0x77, 0xee, 0xd7, 0x19, 0x25, 0x3e, 0xbd, 0xc3, 0xd4, 0x5e, 0xcf, 0x1d, - 0xa6, 0xec, 0x4e, 0x31, 0x75, 0x41, 0x77, 0x8a, 0xd3, 0xaf, 0x95, 0x99, 0xcb, 0xea, 0x4c, 0xfe, - 0xb2, 0x5a, 0x02, 0xd5, 0x67, 0x5f, 0x15, 0xaa, 0xd7, 0x4b, 0xa1, 0xba, 0x5b, 0x9a, 0xc7, 0x0d, - 0xe1, 0xee, 0xef, 0x65, 0x23, 0xf0, 0xd4, 0x58, 0x9b, 0x04, 0xb4, 0xc3, 0x6b, 0x05, 0xed, 0x3f, - 0xcc, 0x81, 0x70, 0x79, 0x0d, 0x7e, 0xff, 0xd5, 0xf6, 0x74, 0x06, 0x1c, 0xff, 0xc6, 0x81, 0xe7, - 0xdf, 0x08, 0xcc, 0x44, 0xfd, 0xd4, 0x07, 0x49, 0x43, 0xe7, 0x7d, 0x88, 0xb7, 0x56, 0x55, 0xb4, - 0xf8, 0x37, 0xba, 0x01, 0x53, 0xdc, 0xc9, 0x0a, 0xd4, 0xae, 0x65, 0xfd, 0xc9, 0x4f, 0x62, 0x97, - 0xd2, 0xc7, 0x94, 0x58, 0xa6, 0x60, 0x42, 0xb7, 0xa1, 0x91, 0x04, 0xbe, 0xca, 0xac, 0x2b, 0xd9, - 0x15, 0x49, 0x9e, 0xc4, 0xcb, 0x52, 0x76, 0xbe, 0xb6, 0x67, 0x07, 0xc4, 0x12, 0x90, 0x6f, 0x7a, - 0x7c, 0xed, 0xa7, 0xf1, 0x64, 0xb2, 0x36, 0x61, 0x47, 0xdb, 0x30, 0x23, 0xdf, 0x0d, 0x44, 0x06, - 0xcd, 0xed, 0xac, 0x8f, 0x17, 0xd3, 0x78, 0x95, 0x62, 0x34, 0xfe, 0xaa, 0xc1, 0x3b, 0x69, 0x40, - 0xc4, 0xd9, 0x14, 0xa3, 0xee, 0x37, 0xdf, 0x71, 0xaf, 0xc1, 0x82, 0x80, 0xf9, 0xe9, 0xf3, 0x81, - 0x7c, 0xc9, 0x2a, 0x50, 0x8d, 0x3f, 0x6a, 0x70, 0x75, 0x7c, 0x1f, 0x7b, 0x43, 0x1c, 0xb0, 0xe4, - 0x78, 0x2f, 0x62, 0x2f, 0x71, 0xc3, 0xab, 0xa6, 0x0d, 0x2f, 0xb7, 0xbf, 0x5a, 0x7e, 0x7f, 0xc6, - 0x5f, 0xaa, 0x30, 0x97, 0x09, 0xa0, 0xb2, 0x86, 0xc9, 0x01, 0x9f, 0x88, 0x5b, 0x71, 0xb1, 0x13, - 0x4d, 0xa1, 0x61, 0x66, 0x28, 0x68, 0x04, 0x40, 0x71, 0x80, 0x5d, 0xc2, 0x48, 0xc0, 0x2b, 0x39, - 0xcf, 0xf8, 0xfb, 0x93, 0x57, 0x97, 0xa3, 0x58, 0xa6, 0x99, 0x11, 0xcf, 0x11, 0xab, 0x50, 0x1d, - 0xaa, 0xfa, 0xad, 0x46, 0xe8, 0x4b, 0x58, 0xe8, 0xdb, 0x0e, 0x39, 0x4a, 0x0d, 0x99, 0x11, 0x86, - 0x3c, 0x9a, 0xdc, 0x90, 0xbb, 0x59, 0xb9, 0x66, 0x41, 0x8d, 0x71, 0x1d, 0x9a, 0xc5, 0x7c, 0xe2, - 0x46, 0xda, 0x2e, 0x1e, 0x24, 0xde, 0x52, 0x23, 0x03, 0x41, 0xb3, 0x98, 0x3f, 0xc6, 0xbf, 0xaa, - 0xb0, 0x92, 0x88, 0xdb, 0xf5, 0x3c, 0x3f, 0xf2, 0x2c, 0xf1, 0x14, 0x57, 0x7a, 0x16, 0xcb, 0x30, - 0xcd, 0x6c, 0xe6, 0x24, 0xc0, 0x47, 0x0c, 0x78, 0xef, 0x62, 0xbe, 0xef, 0x30, 0x9b, 0xaa, 0x03, - 0x8e, 0x87, 0xf2, 0xec, 0x9f, 0x45, 0x76, 0x40, 0x7a, 0xa2, 0x12, 0xd4, 0xcd, 0x64, 0xcc, 0xe7, - 0x38, 0xaa, 0x11, 0x30, 0x5e, 0x3a, 0x33, 0x19, 0x8b, 0xb8, 0xf7, 0x1d, 0x87, 0x58, 0xdc, 0x1d, - 0x19, 0xa0, 0x5f, 0xa0, 0x8a, 0x0b, 0x04, 0x0b, 0x6c, 0x6f, 0xa0, 0x60, 0xbe, 0x1a, 0x71, 0x3b, - 0x71, 0x10, 0xe0, 0x13, 0xbd, 0x2e, 0x1c, 0x20, 0x07, 0xe8, 0x23, 0xa8, 0xb9, 0x98, 0xaa, 0x46, - 0x77, 0x3d, 0x57, 0x1d, 0xca, 0x3c, 0xd0, 0x3e, 0xc4, 0x54, 0x76, 0x02, 0xbe, 0xac, 0xf5, 0x01, - 0xd4, 0x63, 0xc2, 0xd7, 0x82, 0x84, 0x5f, 0xc0, 0xa5, 0x5c, 0xf1, 0x41, 0x9f, 0xc3, 0x6a, 0x1a, - 0x51, 0x59, 0x85, 0x0a, 0x04, 0xbe, 0xf3, 0x52, 0xcb, 0xcc, 0x53, 0x04, 0x18, 0xcf, 0x60, 0x89, - 0x87, 0x8c, 0x48, 0xfc, 0x0b, 0xba, 0xda, 0x7c, 0x08, 0x8d, 0x44, 0x65, 0x69, 0xcc, 0xb4, 0xa0, - 0x7e, 0x1c, 0x3f, 0x91, 0xca, 0xbb, 0x4d, 0x32, 0x36, 0x76, 0x01, 0x65, 0xed, 0x55, 0x1d, 0xe8, - 0x46, 0x1e, 0x14, 0xaf, 0x14, 0xdb, 0x8d, 0x60, 0x8f, 0x31, 0xf1, 0xef, 0xaa, 0xb0, 0xb8, 0x6f, - 0x8b, 0x57, 0x8e, 0x0b, 0x2a, 0x72, 0xd7, 0xa1, 0x19, 0x46, 0x5d, 0xd7, 0xef, 0x45, 0x0e, 0x51, - 0xa0, 0x40, 0x75, 0xfa, 0x31, 0xfa, 0x59, 0xc5, 0x8f, 0x3b, 0x8b, 0x62, 0x36, 0x54, 0x37, 0x5c, - 0xf1, 0x8d, 0x3e, 0x82, 0xf5, 0x87, 0xe4, 0x4b, 0xb5, 0x9f, 0x7d, 0xc7, 0xef, 0x76, 0x6d, 0x6f, - 0x10, 0x2b, 0x99, 0x16, 0x4a, 0x4e, 0x67, 0x30, 0x7e, 0xad, 0x41, 0x33, 0xf5, 0x85, 0xf2, 0xe6, - 0x2d, 0x19, 0xf5, 0xd2, 0x97, 0x57, 0xb3, 0xbe, 0x2c, 0xb2, 0xfe, 0xef, 0x01, 0x3f, 0x9f, 0x0d, - 0xf8, 0x3f, 0x6b, 0xb0, 0xb2, 0x6f, 0xb3, 0xb8, 0xd4, 0xd8, 0xff, 0x67, 0xe7, 0x62, 0xb4, 0x61, - 0xb5, 0x68, 0xbe, 0x72, 0xe5, 0x32, 0x4c, 0xf3, 0x53, 0x8a, 0xef, 0xee, 0x72, 0xb0, 0xf3, 0x55, - 0x03, 0x96, 0xd2, 0xe6, 0xcb, 0xff, 0xb5, 0x2d, 0x82, 0x1e, 0x41, 0x73, 0x5f, 0xfd, 0x76, 0x16, - 0xbf, 0x99, 0xa0, 0xb3, 0x1e, 0x21, 0x5b, 0x57, 0xca, 0x27, 0xa5, 0x6a, 0xa3, 0x82, 0x2c, 0x58, - 0x2f, 0x0a, 0x4c, 0xdf, 0x3b, 0xbf, 0x7d, 0x86, 0xe4, 0x84, 0xeb, 0x65, 0x2a, 0xb6, 0x34, 0xf4, - 0x39, 0x2c, 0xe4, 0x5f, 0xe5, 0x50, 0xae, 0x1a, 0x95, 0x3e, 0x14, 0xb6, 0x8c, 0xb3, 0x58, 0x12, - 0xfb, 0x9f, 0x72, 0xe8, 0x9b, 0x7b, 0xa2, 0x42, 0x46, 0x1e, 0x98, 0x97, 0x3d, 0xe1, 0xb5, 0xbe, - 0x75, 0x26, 0x4f, 0x22, 0xfd, 0x43, 0xa8, 0xc7, 0x4f, 0x3a, 0x79, 0x37, 0x17, 0x1e, 0x7a, 0x5a, - 0xcd, 0xbc, 0xbc, 0x7e, 0x68, 0x54, 0xd0, 0xc7, 0x72, 0x31, 0xbf, 0xf2, 0x8f, 0x2f, 0xce, 0x3c, - 0x64, 0xb4, 0x2e, 0x97, 0x3c, 0x1e, 0x18, 0x15, 0xf4, 0x7d, 0x98, 0xe3, 0x5f, 0x47, 0xea, 0x57, - 0xab, 0xd5, 0xb6, 0xfc, 0x91, 0xb4, 0x1d, 0xff, 0x48, 0xda, 0xbe, 0xe3, 0x52, 0x76, 0xd2, 0x2a, - 0xb9, 0xdd, 0x2b, 0x01, 0x4f, 0xe1, 0xd2, 0x3e, 0x61, 0x29, 0x18, 0x47, 0x57, 0x5f, 0xe9, 0xca, - 0xd2, 0x32, 0x8a, 0x6c, 0xe3, 0x78, 0xde, 0xa8, 0xa0, 0xdf, 0x6b, 0x70, 0x79, 0x9f, 0xb0, 0x22, - 0xbc, 0x45, 0xef, 0x95, 0x2b, 0x39, 0x05, 0x06, 0xb7, 0x1e, 0x4e, 0x9a, 0xaf, 0x79, 0xb1, 0x46, - 0x05, 0xfd, 0x41, 0x83, 0xb5, 0x8c, 0x61, 0x59, 0xbc, 0x8a, 0xb6, 0xcf, 0x36, 0xae, 0x04, 0xdb, - 0xb6, 0x3e, 0x9b, 0xf0, 0xc7, 0xc8, 0x8c, 0x48, 0xa3, 0x82, 0x8e, 0xc4, 0x99, 0xa4, 0xed, 0x09, - 0xbd, 0x5d, 0xda, 0x87, 0x12, 0xed, 0x1b, 0xa7, 0x4d, 0x27, 0xe7, 0xf0, 0x19, 0xcc, 0xed, 0x13, - 0x16, 0x57, 0xdd, 0x7c, 0xa4, 0x15, 0x5a, 0x58, 0x3e, 0x55, 0x8b, 0x85, 0x5a, 0x44, 0xcc, 0x92, - 0x94, 0x95, 0xa9, 0x53, 0xf9, 0x5c, 0x2d, 0x2d, 0xc1, 0xf9, 0x88, 0x29, 0x2f, 0x73, 0x46, 0xe5, - 0x93, 0xdd, 0x7f, 0xbc, 0xd8, 0xd0, 0xbe, 0x7a, 0xb1, 0xa1, 0xfd, 0xfb, 0xc5, 0x86, 0xf6, 0x93, - 0x9b, 0x2f, 0xf9, 0x0b, 0x82, 0xcc, 0x1f, 0x25, 0x60, 0x6a, 0x5b, 0x8e, 0x4d, 0x3c, 0xd6, 0x9d, - 0x11, 0xc1, 0x7f, 0xf3, 0xbf, 0x01, 0x00, 0x00, 0xff, 0xff, 0xf8, 0x86, 0xe4, 0x0d, 0xb3, 0x20, - 0x00, 0x00, + // 2085 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x5a, 0x5b, 0x6f, 0x1b, 0xc7, + 0xf5, 0xe7, 0x92, 0xba, 0x90, 0x47, 0xb6, 0x45, 0x8d, 0x75, 0x59, 0x33, 0x8e, 0xa0, 0xec, 0xff, + 0x6f, 0x43, 0xb5, 0x13, 0x12, 0x92, 0x91, 0xb8, 0x70, 0xd2, 0x14, 0x8a, 0x62, 0x4b, 0x8e, 0x2d, + 0x5b, 0x5d, 0xbb, 0x2d, 0xd2, 0xba, 0x2d, 0x86, 0xcb, 0xe1, 0x72, 0xc2, 0xbd, 0x8c, 0x77, 0x67, + 0x15, 0xc8, 0x40, 0x1f, 0x8a, 0x16, 0x05, 0xfa, 0x05, 0x8a, 0xa2, 0xdf, 0xa3, 0xe8, 0x53, 0xd1, + 0xa7, 0x5e, 0x1e, 0x83, 0x7e, 0x81, 0x16, 0xfe, 0x24, 0xc5, 0xcc, 0xce, 0x5e, 0xb9, 0x92, 0x9d, + 0x52, 0x56, 0x50, 0xf4, 0xc5, 0xde, 0x99, 0x39, 0xb7, 0x39, 0x73, 0xe6, 0x9c, 0xdf, 0x19, 0x0a, + 0xae, 0x07, 0x84, 0xf9, 0x21, 0x09, 0x8e, 0x48, 0xd0, 0x93, 0x9f, 0x94, 0xfb, 0xc1, 0x71, 0xee, + 0xb3, 0xcb, 0x02, 0x9f, 0xfb, 0x08, 0xb2, 0x99, 0xce, 0x43, 0x9b, 0xf2, 0x51, 0xd4, 0xef, 0x5a, + 0xbe, 0xdb, 0xc3, 0x81, 0xed, 0xb3, 0xc0, 0xff, 0x42, 0x7e, 0xbc, 0x67, 0x0d, 0x7a, 0x47, 0xdb, + 0x3d, 0x36, 0xb6, 0x7b, 0x98, 0xd1, 0xb0, 0x87, 0x19, 0x73, 0xa8, 0x85, 0x39, 0xf5, 0xbd, 0xde, + 0xd1, 0x16, 0x76, 0xd8, 0x08, 0x6f, 0xf5, 0x6c, 0xe2, 0x91, 0x00, 0x73, 0x32, 0x88, 0x25, 0x77, + 0xde, 0xb2, 0x7d, 0xdf, 0x76, 0x48, 0x4f, 0x8e, 0xfa, 0xd1, 0xb0, 0x47, 0x5c, 0xc6, 0x95, 0x5a, + 0xe3, 0x77, 0x17, 0x60, 0xf1, 0x00, 0x7b, 0x74, 0x48, 0x42, 0x6e, 0x92, 0xe7, 0x11, 0x09, 0x39, + 0x7a, 0x06, 0x33, 0xc2, 0x18, 0x5d, 0xdb, 0xd0, 0x36, 0x17, 0xb6, 0xf7, 0xbb, 0x99, 0x35, 0xdd, + 0xc4, 0x1a, 0xf9, 0xf1, 0x33, 0x6b, 0xd0, 0x3d, 0xda, 0xee, 0xb2, 0xb1, 0xdd, 0x15, 0xd6, 0x74, + 0x73, 0xd6, 0x74, 0x13, 0x6b, 0xba, 0x66, 0xba, 0x2d, 0x53, 0x4a, 0x45, 0x1d, 0x68, 0x06, 0xe4, + 0x88, 0x86, 0xd4, 0xf7, 0xf4, 0xfa, 0x86, 0xb6, 0xd9, 0x32, 0xd3, 0x31, 0xd2, 0x61, 0xde, 0xf3, + 0x77, 0xb1, 0x35, 0x22, 0x7a, 0x63, 0x43, 0xdb, 0x6c, 0x9a, 0xc9, 0x10, 0x6d, 0xc0, 0x02, 0x66, + 0xec, 0x21, 0xee, 0x13, 0xe7, 0x01, 0x39, 0xd6, 0x67, 0x24, 0x63, 0x7e, 0x4a, 0xf0, 0x62, 0xc6, + 0x1e, 0x61, 0x97, 0xe8, 0xb3, 0x72, 0x35, 0x19, 0xa2, 0xab, 0xd0, 0xf2, 0xb0, 0x4b, 0x42, 0x86, + 0x2d, 0xa2, 0x37, 0xe5, 0x5a, 0x36, 0x81, 0x7e, 0x0e, 0x4b, 0x39, 0xc3, 0x9f, 0xf8, 0x51, 0x60, + 0x11, 0x1d, 0xe4, 0xd6, 0x1f, 0x4f, 0xb7, 0xf5, 0x9d, 0xb2, 0x58, 0x73, 0x52, 0x13, 0xfa, 0x29, + 0xcc, 0xca, 0x93, 0xd7, 0x17, 0x36, 0x1a, 0x67, 0xea, 0xed, 0x58, 0x2c, 0xf2, 0x60, 0x9e, 0x39, + 0x91, 0x4d, 0xbd, 0x50, 0xbf, 0x20, 0x35, 0x3c, 0x9d, 0x4e, 0xc3, 0xae, 0xef, 0x0d, 0xa9, 0x7d, + 0x80, 0x3d, 0x6c, 0x13, 0x97, 0x78, 0xfc, 0x50, 0x0a, 0x37, 0x13, 0x25, 0xe8, 0x05, 0xb4, 0xc7, + 0x51, 0xc8, 0x7d, 0x97, 0xbe, 0x20, 0x8f, 0x99, 0xe0, 0x0d, 0xf5, 0x8b, 0xd2, 0x9b, 0x8f, 0xa6, + 0x53, 0xfc, 0xa0, 0x24, 0xd5, 0x9c, 0xd0, 0x23, 0x82, 0x64, 0x1c, 0xf5, 0xc9, 0x0f, 0x48, 0x20, + 0xa3, 0xeb, 0x52, 0x1c, 0x24, 0xb9, 0xa9, 0x38, 0x8c, 0xa8, 0x1a, 0x85, 0xfa, 0xe2, 0x46, 0x23, + 0x0e, 0xa3, 0x74, 0x0a, 0x6d, 0xc2, 0xe2, 0x11, 0x09, 0xe8, 0xf0, 0xf8, 0x09, 0xb5, 0x3d, 0xcc, + 0xa3, 0x80, 0xe8, 0x6d, 0x19, 0x8a, 0xe5, 0x69, 0xe4, 0xc2, 0xc5, 0x11, 0x71, 0x5c, 0xe1, 0xf2, + 0xdd, 0x80, 0x0c, 0x42, 0x7d, 0x49, 0xfa, 0x77, 0x6f, 0xfa, 0x13, 0x94, 0xe2, 0xcc, 0xa2, 0x74, + 0x61, 0x98, 0xe7, 0x9b, 0xea, 0xa6, 0xc4, 0x77, 0x04, 0xc5, 0x86, 0x95, 0xa6, 0xd1, 0x75, 0xb8, + 0xc4, 0x03, 0x6c, 0x8d, 0xa9, 0x67, 0x1f, 0x10, 0x3e, 0xf2, 0x07, 0xfa, 0x65, 0xe9, 0x89, 0xd2, + 0x2c, 0xb2, 0x00, 0x11, 0x0f, 0xf7, 0x1d, 0x32, 0x88, 0x63, 0xf1, 0xe9, 0x31, 0x23, 0xa1, 0xbe, + 0x2c, 0x77, 0x71, 0xab, 0x9b, 0xcb, 0x50, 0xa5, 0x04, 0xd1, 0xbd, 0x3b, 0xc1, 0x75, 0xd7, 0xe3, + 0xc1, 0xb1, 0x59, 0x21, 0x0e, 0x8d, 0x61, 0x41, 0xec, 0x23, 0x09, 0x85, 0x15, 0x19, 0x0a, 0xf7, + 0xa7, 0xf3, 0xd1, 0x7e, 0x26, 0xd0, 0xcc, 0x4b, 0x47, 0x5d, 0x40, 0x23, 0x1c, 0x1e, 0x44, 0x0e, + 0xa7, 0xcc, 0x21, 0xb1, 0x19, 0xa1, 0xbe, 0x2a, 0xdd, 0x54, 0xb1, 0x82, 0x1e, 0x00, 0x04, 0x64, + 0x98, 0xd0, 0xad, 0xc9, 0x9d, 0xdf, 0x3c, 0x6d, 0xe7, 0x66, 0x4a, 0x1d, 0xef, 0x38, 0xc7, 0xde, + 0xb9, 0x0b, 0x6b, 0x27, 0x38, 0x06, 0xb5, 0xa1, 0x31, 0x26, 0xc7, 0x32, 0xa1, 0xb6, 0x4c, 0xf1, + 0x89, 0x96, 0x61, 0xf6, 0x08, 0x3b, 0x11, 0x91, 0x29, 0xb0, 0x69, 0xc6, 0x83, 0x3b, 0xf5, 0x6f, + 0x6b, 0x9d, 0x5f, 0x6b, 0xb0, 0x58, 0x52, 0x53, 0xc1, 0xff, 0x93, 0x3c, 0xff, 0x19, 0x04, 0xdd, + 0xf0, 0x29, 0x0e, 0x6c, 0xc2, 0x73, 0x86, 0x18, 0xff, 0xd0, 0x40, 0x2f, 0xed, 0xff, 0x87, 0x94, + 0x8f, 0xee, 0x51, 0x87, 0x84, 0xe8, 0x36, 0xcc, 0x07, 0xf1, 0x9c, 0x2a, 0x13, 0x6f, 0x9d, 0xe2, + 0xb6, 0xfd, 0x9a, 0x99, 0x50, 0xa3, 0x8f, 0xa1, 0xe9, 0x12, 0x8e, 0x07, 0x98, 0x63, 0x65, 0xfb, + 0x46, 0x15, 0xa7, 0xd0, 0x72, 0xa0, 0xe8, 0xf6, 0x6b, 0x66, 0xca, 0x83, 0xde, 0x87, 0x59, 0x6b, + 0x14, 0x79, 0x63, 0x59, 0x20, 0x16, 0xb6, 0xdf, 0x3e, 0x89, 0x79, 0x57, 0x10, 0xed, 0xd7, 0xcc, + 0x98, 0xfa, 0x93, 0x39, 0x98, 0x61, 0x38, 0xe0, 0xc6, 0x3d, 0x58, 0xae, 0x52, 0x21, 0xaa, 0x92, + 0x35, 0x22, 0xd6, 0x38, 0x8c, 0x5c, 0xe5, 0xe6, 0x74, 0x8c, 0x10, 0xcc, 0x84, 0xf4, 0x45, 0xec, + 0xea, 0x86, 0x29, 0xbf, 0x8d, 0x6f, 0xc1, 0xd2, 0x84, 0x36, 0x71, 0xa8, 0xb1, 0x6d, 0x42, 0xc2, + 0x05, 0xa5, 0xda, 0x88, 0x60, 0xe5, 0xa9, 0xf4, 0x45, 0x9a, 0x9a, 0xcf, 0xa3, 0xce, 0x1a, 0xfb, + 0xb0, 0x5a, 0x56, 0x1b, 0x32, 0xdf, 0x0b, 0x89, 0xb8, 0x25, 0x32, 0x97, 0x51, 0x32, 0xc8, 0x56, + 0xa5, 0x15, 0x4d, 0xb3, 0x62, 0xc5, 0xf8, 0x45, 0x1d, 0x56, 0x4d, 0x12, 0xfa, 0xce, 0x11, 0x49, + 0x12, 0xcd, 0xf9, 0x40, 0x85, 0x1f, 0x43, 0x03, 0x33, 0xa6, 0xc2, 0xe4, 0xfe, 0x99, 0x15, 0x63, + 0x53, 0x48, 0x45, 0xef, 0xc2, 0x12, 0x76, 0xfb, 0xd4, 0x8e, 0xfc, 0x28, 0x4c, 0xb6, 0x25, 0x83, + 0xaa, 0x65, 0x4e, 0x2e, 0x18, 0x16, 0xac, 0x4d, 0xb8, 0x40, 0xb9, 0x33, 0x0f, 0x68, 0xb4, 0x12, + 0xa0, 0xa9, 0x54, 0x52, 0x3f, 0x49, 0xc9, 0x5f, 0x35, 0x68, 0x67, 0x57, 0x47, 0x89, 0xbf, 0x0a, + 0x2d, 0x57, 0xcd, 0x85, 0xba, 0x26, 0x0b, 0x56, 0x36, 0x51, 0xc4, 0x36, 0xf5, 0x32, 0xb6, 0x59, + 0x85, 0xb9, 0x18, 0x7a, 0xaa, 0x8d, 0xa9, 0x51, 0xc1, 0xe4, 0x99, 0x92, 0xc9, 0xeb, 0x00, 0x61, + 0x9a, 0xbf, 0xf4, 0x39, 0xb9, 0x9a, 0x9b, 0x41, 0x06, 0x5c, 0x88, 0x2b, 0xa1, 0x49, 0xc2, 0xc8, + 0xe1, 0xfa, 0xbc, 0xa4, 0x28, 0xcc, 0x19, 0x3e, 0x2c, 0x3e, 0xa4, 0x62, 0x0f, 0xc3, 0xf0, 0x7c, + 0x82, 0xfd, 0x03, 0x98, 0x11, 0xca, 0xc4, 0xc6, 0xfa, 0x01, 0xf6, 0xac, 0x11, 0x49, 0x7c, 0x95, + 0x8e, 0xc5, 0x35, 0xe6, 0xd8, 0x0e, 0xf5, 0xba, 0x9c, 0x97, 0xdf, 0xc6, 0x1f, 0xeb, 0xb1, 0xa5, + 0x3b, 0x8c, 0x85, 0xdf, 0x3c, 0xfc, 0xad, 0x2e, 0xc8, 0x8d, 0xc9, 0x82, 0x5c, 0x32, 0xf9, 0xeb, + 0x14, 0xe4, 0x33, 0x2a, 0x53, 0x46, 0x04, 0xf3, 0x3b, 0x8c, 0x09, 0x43, 0xd0, 0x16, 0xcc, 0x60, + 0xc6, 0x62, 0x87, 0x97, 0x32, 0xb2, 0x22, 0x11, 0xff, 0x2b, 0x93, 0x24, 0x69, 0xe7, 0x36, 0xb4, + 0xd2, 0xa9, 0x57, 0xa9, 0x6d, 0xe5, 0xd5, 0x6e, 0x00, 0xc4, 0x88, 0xf3, 0xbe, 0x37, 0xf4, 0xc5, + 0x91, 0x8a, 0x60, 0x57, 0xac, 0xf2, 0xdb, 0xb8, 0x93, 0x50, 0x48, 0xdb, 0xde, 0x85, 0x59, 0xca, + 0x89, 0x9b, 0x18, 0xb7, 0x9a, 0x37, 0x2e, 0x13, 0x64, 0xc6, 0x44, 0xc6, 0xdf, 0x9a, 0x70, 0x45, + 0x9c, 0xd8, 0x13, 0x79, 0x4d, 0x76, 0x18, 0xfb, 0x94, 0x70, 0x4c, 0x9d, 0xf0, 0x7b, 0x11, 0x09, + 0x8e, 0xdf, 0x70, 0x60, 0xd8, 0x30, 0x17, 0xdf, 0x32, 0x95, 0xef, 0xce, 0xbc, 0xf9, 0x50, 0xe2, + 0xb3, 0x8e, 0xa3, 0xf1, 0x66, 0x3a, 0x8e, 0xaa, 0x0e, 0x60, 0xe6, 0x9c, 0x3a, 0x80, 0x93, 0x9b, + 0xc0, 0x5c, 0x6b, 0x39, 0x57, 0x6c, 0x2d, 0x2b, 0x80, 0xf5, 0xfc, 0xeb, 0x02, 0xeb, 0x66, 0x25, + 0xb0, 0x76, 0x2b, 0xef, 0x71, 0x4b, 0xba, 0xfb, 0x3b, 0xf9, 0x08, 0x3c, 0x31, 0xd6, 0xa6, 0x81, + 0xd8, 0xf0, 0x46, 0x21, 0xf6, 0xf7, 0x0b, 0x90, 0x39, 0x6e, 0x5a, 0xdf, 0x7f, 0xbd, 0x3d, 0xfd, + 0x2f, 0x81, 0xe7, 0x5f, 0x49, 0xcc, 0xc4, 0xfc, 0xcc, 0x07, 0x69, 0x41, 0x17, 0x75, 0x48, 0x94, + 0x56, 0x95, 0xb4, 0xc4, 0x37, 0xba, 0x09, 0x33, 0xc2, 0xc9, 0x0a, 0xd4, 0xae, 0xe5, 0xfd, 0x29, + 0x4e, 0x62, 0x87, 0xb1, 0x27, 0x8c, 0x58, 0xa6, 0x24, 0x42, 0x77, 0xa0, 0x95, 0x06, 0xbe, 0xba, + 0x59, 0x57, 0xf3, 0x1c, 0xe9, 0x3d, 0x49, 0xd8, 0x32, 0x72, 0xc1, 0x3b, 0xa0, 0x01, 0xb1, 0x24, + 0xe4, 0x9b, 0x9d, 0xe4, 0xfd, 0x34, 0x59, 0x4c, 0x79, 0x53, 0x72, 0xb4, 0x05, 0x73, 0x71, 0x97, + 0x2f, 0x6f, 0xd0, 0xc2, 0xf6, 0x95, 0xc9, 0x64, 0x9a, 0x70, 0x29, 0x42, 0xe3, 0x2f, 0x1a, 0xbc, + 0x93, 0x05, 0x44, 0x72, 0x9b, 0x12, 0xd4, 0xfd, 0xcd, 0x57, 0xdc, 0xeb, 0x70, 0x49, 0xc2, 0xfc, + 0xac, 0xd9, 0x8f, 0xdf, 0x9d, 0x4a, 0xb3, 0xc6, 0x1f, 0x34, 0xb8, 0x36, 0xb9, 0x8f, 0xdd, 0x11, + 0x0e, 0x78, 0x7a, 0xbc, 0xe7, 0xb1, 0x97, 0xa4, 0xe0, 0xd5, 0xb3, 0x82, 0x57, 0xd8, 0x5f, 0xa3, + 0xb8, 0x3f, 0xe3, 0xcf, 0x75, 0x58, 0xc8, 0x05, 0x50, 0x55, 0xc1, 0x14, 0x80, 0x4f, 0xc6, 0xad, + 0x6c, 0xec, 0x64, 0x51, 0x68, 0x99, 0xb9, 0x19, 0x34, 0x06, 0x60, 0x38, 0xc0, 0x2e, 0xe1, 0x24, + 0x10, 0x99, 0x5c, 0xdc, 0xf8, 0x07, 0xd3, 0x67, 0x97, 0xc3, 0x44, 0xa6, 0x99, 0x13, 0x2f, 0x10, + 0xab, 0x54, 0x1d, 0xaa, 0xfc, 0xad, 0x46, 0xe8, 0x4b, 0xb8, 0x34, 0xa4, 0x0e, 0x39, 0xcc, 0x0c, + 0x99, 0x93, 0x86, 0x3c, 0x9e, 0xde, 0x90, 0x7b, 0x79, 0xb9, 0x66, 0x49, 0x8d, 0x71, 0x03, 0xda, + 0xe5, 0xfb, 0x24, 0x8c, 0xa4, 0x2e, 0xb6, 0x53, 0x6f, 0xa9, 0x91, 0x81, 0xa0, 0x5d, 0xbe, 0x3f, + 0xc6, 0x3f, 0xeb, 0xb0, 0x92, 0x8a, 0xdb, 0xf1, 0x3c, 0x3f, 0xf2, 0x2c, 0xf9, 0x70, 0x56, 0x79, + 0x16, 0xcb, 0x30, 0xcb, 0x29, 0x77, 0x52, 0xe0, 0x23, 0x07, 0xa2, 0x76, 0x71, 0xdf, 0x77, 0x38, + 0x65, 0xea, 0x80, 0x93, 0x61, 0x7c, 0xf6, 0xcf, 0x23, 0x1a, 0x90, 0x81, 0xcc, 0x04, 0x4d, 0x33, + 0x1d, 0x8b, 0x35, 0x81, 0x6a, 0x24, 0x8c, 0x8f, 0x9d, 0x99, 0x8e, 0x65, 0xdc, 0xfb, 0x8e, 0x43, + 0x2c, 0xe1, 0x8e, 0x1c, 0xd0, 0x2f, 0xcd, 0xca, 0x06, 0x82, 0x07, 0xd4, 0xb3, 0x15, 0xcc, 0x57, + 0x23, 0x61, 0x27, 0x0e, 0x02, 0x7c, 0xac, 0x37, 0xa5, 0x03, 0xe2, 0x01, 0xfa, 0x08, 0x1a, 0x2e, + 0x66, 0xaa, 0xd0, 0xdd, 0x28, 0x64, 0x87, 0x2a, 0x0f, 0x74, 0x0f, 0x30, 0x8b, 0x2b, 0x81, 0x60, + 0xeb, 0x7c, 0x00, 0xcd, 0x64, 0xe2, 0x6b, 0x41, 0xc2, 0x2f, 0xe0, 0x62, 0x21, 0xf9, 0xa0, 0xcf, + 0x61, 0x35, 0x8b, 0xa8, 0xbc, 0x42, 0x05, 0x02, 0xdf, 0x79, 0xa5, 0x65, 0xe6, 0x09, 0x02, 0x8c, + 0xe7, 0xb0, 0x24, 0x42, 0x46, 0x5e, 0xfc, 0x73, 0x6a, 0x6d, 0x3e, 0x84, 0x56, 0xaa, 0xb2, 0x32, + 0x66, 0x3a, 0xd0, 0x3c, 0x4a, 0x1e, 0x34, 0xe3, 0xde, 0x26, 0x1d, 0x1b, 0x3b, 0x80, 0xf2, 0xf6, + 0xaa, 0x0a, 0x74, 0xb3, 0x08, 0x8a, 0x57, 0xca, 0xe5, 0x46, 0x92, 0x27, 0x98, 0xf8, 0x37, 0x75, + 0x58, 0xdc, 0xa3, 0xf2, 0x95, 0xe3, 0x9c, 0x92, 0xdc, 0x0d, 0x68, 0x87, 0x51, 0xdf, 0xf5, 0x07, + 0x91, 0x43, 0x14, 0x28, 0x50, 0x95, 0x7e, 0x62, 0xfe, 0xb4, 0xe4, 0x27, 0x9c, 0xc5, 0x30, 0x1f, + 0xa9, 0x0e, 0x57, 0x7e, 0xa3, 0x8f, 0xe0, 0xca, 0x23, 0xf2, 0xa5, 0xda, 0xcf, 0x9e, 0xe3, 0xf7, + 0xfb, 0xd4, 0xb3, 0x13, 0x25, 0xb3, 0x52, 0xc9, 0xc9, 0x04, 0xc6, 0x2f, 0x35, 0x68, 0x67, 0xbe, + 0x50, 0xde, 0xbc, 0x1d, 0x47, 0x7d, 0xec, 0xcb, 0x6b, 0x79, 0x5f, 0x96, 0x49, 0xff, 0xf3, 0x80, + 0xbf, 0x90, 0x0f, 0xf8, 0x3f, 0x69, 0xb0, 0xb2, 0x47, 0x79, 0x92, 0x6a, 0xe8, 0x7f, 0xd9, 0xb9, + 0x18, 0x5d, 0x58, 0x2d, 0x9b, 0xaf, 0x5c, 0xb9, 0x0c, 0xb3, 0xe2, 0x94, 0x92, 0xde, 0x3d, 0x1e, + 0x6c, 0x7f, 0xd5, 0x82, 0xa5, 0xac, 0xf8, 0x8a, 0x7f, 0xa9, 0x45, 0xd0, 0x63, 0x68, 0xef, 0xa9, + 0x5f, 0xba, 0x92, 0x37, 0x13, 0x74, 0xda, 0x23, 0x64, 0xe7, 0x6a, 0xf5, 0x62, 0xac, 0xda, 0xa8, + 0x21, 0x0b, 0xae, 0x94, 0x05, 0x66, 0xef, 0x9d, 0xff, 0x7f, 0x8a, 0xe4, 0x94, 0xea, 0x55, 0x2a, + 0x36, 0x35, 0xf4, 0x39, 0x5c, 0x2a, 0xbe, 0xca, 0xa1, 0x42, 0x36, 0xaa, 0x7c, 0x28, 0xec, 0x18, + 0xa7, 0x91, 0xa4, 0xf6, 0x3f, 0x13, 0xd0, 0xb7, 0xf0, 0x44, 0x85, 0x8c, 0x22, 0x30, 0xaf, 0x7a, + 0xc2, 0xeb, 0xfc, 0xdf, 0xa9, 0x34, 0xa9, 0xf4, 0x0f, 0xa1, 0x99, 0x3c, 0xe9, 0x14, 0xdd, 0x5c, + 0x7a, 0xe8, 0xe9, 0xb4, 0x8b, 0xf2, 0x86, 0xa1, 0x51, 0x43, 0x1f, 0xc7, 0xcc, 0xa2, 0xe5, 0x9f, + 0x64, 0xce, 0x3d, 0x64, 0x74, 0x2e, 0x57, 0x3c, 0x1e, 0x18, 0x35, 0xf4, 0x5d, 0x58, 0x10, 0x5f, + 0x87, 0xea, 0x37, 0xa6, 0xd5, 0x6e, 0xfc, 0x93, 0x66, 0x37, 0xf9, 0x49, 0xb3, 0x7b, 0xd7, 0x65, + 0xfc, 0xb8, 0x53, 0xd1, 0xdd, 0x2b, 0x01, 0xcf, 0xe0, 0xe2, 0x1e, 0xe1, 0x19, 0x18, 0x47, 0xd7, + 0x5e, 0xab, 0x65, 0xe9, 0x18, 0x65, 0xb2, 0x49, 0x3c, 0x6f, 0xd4, 0xd0, 0x6f, 0x35, 0xb8, 0xbc, + 0x47, 0x78, 0x19, 0xde, 0xa2, 0xf7, 0xaa, 0x95, 0x9c, 0x00, 0x83, 0x3b, 0x8f, 0xa6, 0xbd, 0xaf, + 0x45, 0xb1, 0x46, 0x0d, 0xfd, 0x5e, 0x83, 0xb5, 0x9c, 0x61, 0x79, 0xbc, 0x8a, 0xb6, 0x4e, 0x37, + 0xae, 0x02, 0xdb, 0x76, 0x3e, 0x9b, 0xf2, 0xa7, 0xc3, 0x9c, 0x48, 0xa3, 0x86, 0x0e, 0xe5, 0x99, + 0x64, 0xe5, 0x09, 0xbd, 0x5d, 0x59, 0x87, 0x52, 0xed, 0xeb, 0x27, 0x2d, 0xa7, 0xe7, 0xf0, 0x19, + 0x2c, 0xec, 0x11, 0x9e, 0x64, 0xdd, 0x62, 0xa4, 0x95, 0x4a, 0x58, 0xf1, 0xaa, 0x96, 0x13, 0xb5, + 0x8c, 0x98, 0xa5, 0x58, 0x56, 0x2e, 0x4f, 0x15, 0xef, 0x6a, 0x65, 0x0a, 0x2e, 0x46, 0x4c, 0x75, + 0x9a, 0x33, 0x6a, 0x9f, 0xec, 0xfc, 0xfd, 0xe5, 0xba, 0xf6, 0xd5, 0xcb, 0x75, 0xed, 0x5f, 0x2f, + 0xd7, 0xb5, 0x1f, 0xdd, 0x7a, 0xc5, 0xef, 0xfd, 0xb9, 0x3f, 0x21, 0xc0, 0x8c, 0x5a, 0x0e, 0x25, + 0x1e, 0xef, 0xcf, 0xc9, 0xe0, 0xbf, 0xf5, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x55, 0x0b, 0x09, + 0x7b, 0x61, 0x20, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -2922,26 +2902,6 @@ func (m *ManifestRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.ProjectName) > 0 { - i -= len(m.ProjectName) - copy(dAtA[i:], m.ProjectName) - i = encodeVarintRepository(dAtA, i, uint64(len(m.ProjectName))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xca - } - if len(m.ProjectSourceRepos) > 0 { - for iNdEx := len(m.ProjectSourceRepos) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.ProjectSourceRepos[iNdEx]) - copy(dAtA[i:], m.ProjectSourceRepos[iNdEx]) - i = encodeVarintRepository(dAtA, i, uint64(len(m.ProjectSourceRepos[iNdEx]))) - i-- - dAtA[i] = 0x1 - i-- - dAtA[i] = 0xc2 - } - } if len(m.RefSources) > 0 { for k := range m.RefSources { v := m.RefSources[k] @@ -4982,16 +4942,6 @@ func (m *ManifestRequest) Size() (n int) { n += mapEntrySize + 2 + sovRepository(uint64(mapEntrySize)) } } - if len(m.ProjectSourceRepos) > 0 { - for _, s := range m.ProjectSourceRepos { - l = len(s) - n += 2 + l + sovRepository(uint64(l)) - } - } - l = len(m.ProjectName) - if l > 0 { - n += 2 + l + sovRepository(uint64(l)) - } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6586,70 +6536,6 @@ func (m *ManifestRequest) Unmarshal(dAtA []byte) error { } m.RefSources[mapkey] = mapvalue iNdEx = postIndex - case 24: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ProjectSourceRepos", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowRepository - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthRepository - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthRepository - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ProjectSourceRepos = append(m.ProjectSourceRepos, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 25: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ProjectName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowRepository - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthRepository - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthRepository - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ProjectName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/reposerver/gpgwatcher.go b/reposerver/gpgwatcher.go index 9c2c9be790813..bf2387a7e38b2 100644 --- a/reposerver/gpgwatcher.go +++ b/reposerver/gpgwatcher.go @@ -21,11 +21,7 @@ func StartGPGWatcher(sourcePath string) error { if err != nil { return err } - defer func(watcher *fsnotify.Watcher) { - if err = watcher.Close(); err != nil { - log.Errorf("Error closing watcher: %v", err) - } - }(watcher) + defer watcher.Close() done := make(chan bool) go func() { diff --git a/reposerver/repository/chart.go b/reposerver/repository/chart.go index f4bcf48fba569..819cc498c2255 100644 --- a/reposerver/repository/chart.go +++ b/reposerver/repository/chart.go @@ -9,7 +9,16 @@ import ( ) func getChartDetails(chartYAML string) (*v1alpha1.ChartDetails, error) { - var chart Chart + // see: https://helm.sh/docs/topics/charts/ for more details + var chart struct { + Description string `yaml:"description,omitempty"` + Home string `yaml:"home,omitempty"` + Maintainers []struct { + Name string `yaml:"name,omitempty"` + Email string `yaml:"email,omitempty"` + Url string `yaml:"url,omitempty"` + } `yaml:"maintainers,omitempty"` + } err := yaml.Unmarshal([]byte(chartYAML), &chart) if err != nil { return nil, fmt.Errorf("failed to unmarshal chart: %w", err) diff --git a/reposerver/repository/lock.go b/reposerver/repository/lock.go index fa8da9c3e5089..05eddf667d82a 100644 --- a/reposerver/repository/lock.go +++ b/reposerver/repository/lock.go @@ -55,7 +55,7 @@ func (r *repositoryLock) Lock(path string, revision string, allowConcurrent bool initCloser, err := init() if err != nil { state.cond.L.Unlock() - return nil, fmt.Errorf("failed to initialize repository resources: %w", err) + return nil, err } state.initCloser = initCloser state.revision = revision diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 4cead35db813b..02fb6a20d49de 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -49,6 +49,7 @@ import ( "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/reposerver/cache" + reposervercache "github.com/argoproj/argo-cd/v2/reposerver/cache" "github.com/argoproj/argo-cd/v2/reposerver/metrics" "github.com/argoproj/argo-cd/v2/util/app/discovery" argopath "github.com/argoproj/argo-cd/v2/util/app/path" @@ -84,7 +85,7 @@ type Service struct { chartPaths io.TempPaths gitRepoInitializer func(rootPath string) goio.Closer repoLock *repositoryLock - cache *cache.Cache + cache *reposervercache.Cache parallelismLimitSemaphore *semaphore.Weighted metricsServer *metrics.MetricsServer resourceTracking argo.ResourceTracking @@ -109,7 +110,7 @@ type RepoServerInitConstants struct { } // NewService returns a new instance of the Manifest service -func NewService(metricsServer *metrics.MetricsServer, cache *cache.Cache, initConstants RepoServerInitConstants, resourceTracking argo.ResourceTracking, gitCredsStore git.CredsStore, rootDir string) *Service { +func NewService(metricsServer *metrics.MetricsServer, cache *reposervercache.Cache, initConstants RepoServerInitConstants, resourceTracking argo.ResourceTracking, gitCredsStore git.CredsStore, rootDir string) *Service { var parallelismLimitSemaphore *semaphore.Weighted if initConstants.ParallelismLimit > 0 { parallelismLimitSemaphore = semaphore.NewWeighted(initConstants.ParallelismLimit) @@ -146,16 +147,16 @@ func (s *Service) Init() error { // give itself read permissions to list previously written directories err = os.Chmod(s.rootDir, 0700) } - var dirEntries []fs.DirEntry + var files []fs.DirEntry if err == nil { - dirEntries, err = os.ReadDir(s.rootDir) + files, err = os.ReadDir(s.rootDir) } if err != nil { log.Warnf("Failed to restore cloned repositories paths: %v", err) return nil } - for _, file := range dirEntries { + for _, file := range files { if !file.IsDir() { continue } @@ -172,7 +173,7 @@ func (s *Service) Init() error { return os.Chmod(s.rootDir, 0300) } -// ListRefs List a subset of the refs (currently, branches and tags) of a git repo +// List a subset of the refs (currently, branches and tags) of a git repo func (s *Service) ListRefs(ctx context.Context, q *apiclient.ListRefsRequest) (*apiclient.Refs, error) { gitClient, err := s.newClient(q.Repo) if err != nil { @@ -199,7 +200,7 @@ func (s *Service) ListRefs(ctx context.Context, q *apiclient.ListRefsRequest) (* func (s *Service) ListApps(ctx context.Context, q *apiclient.ListAppsRequest) (*apiclient.AppList, error) { gitClient, commitSHA, err := s.newClientResolveRevision(q.Repo, q.Revision) if err != nil { - return nil, fmt.Errorf("error setting up git client and resolving given revision: %w", err) + return nil, err } if apps, err := s.cache.ListApps(q.Repo.Repo, commitSHA); err == nil { log.Infof("cache hit: %s/%s", q.Repo.Repo, q.Revision) @@ -214,13 +215,13 @@ func (s *Service) ListApps(ctx context.Context, q *apiclient.ListAppsRequest) (* }) if err != nil { - return nil, fmt.Errorf("error acquiring repository lock: %w", err) + return nil, err } defer io.Close(closer) apps, err := discovery.Discover(ctx, gitClient.Root(), gitClient.Root(), q.EnabledSourceTypes, s.initConstants.CMPTarExcludedGlobs) if err != nil { - return nil, fmt.Errorf("error discovering applications: %w", err) + return nil, err } err = s.cache.SetApps(q.Repo.Repo, commitSHA, apps) if err != nil { @@ -239,7 +240,7 @@ func (s *Service) ListPlugins(ctx context.Context, _ *empty.Empty) (*apiclient.P return nil, fmt.Errorf("failed to get plugins from dir %v, error=%w", pluginSockFilePath, err) } - var plugins []*apiclient.PluginInfo + plugins := []*apiclient.PluginInfo{} for _, file := range sockFiles { if file.Type() == os.ModeSocket { plugins = append(plugins, &apiclient.PluginInfo{Name: strings.TrimSuffix(file.Name(), ".sock")}) @@ -291,7 +292,7 @@ func (s *Service) runRepoOperation( refSources map[string]*v1alpha1.RefTarget) error { if sanitizer, ok := grpc.SanitizerFromContext(ctx); ok { - // make sure a randomized path replaced with '.' in the error message + // make sure randomized path replaced with '.' in the error message sanitizer.AddRegexReplacement(getRepoSanitizerRegex(s.rootDir), "") } @@ -457,38 +458,38 @@ type gitClientGetter func(repo *v1alpha1.Repository, revision string, opts ...gi // should be updated. func resolveReferencedSources(hasMultipleSources bool, source *v1alpha1.ApplicationSourceHelm, refSources map[string]*v1alpha1.RefTarget, newClientResolveRevision gitClientGetter) (map[string]string, error) { repoRefs := make(map[string]string) - if !hasMultipleSources || source == nil { - return repoRefs, nil - } - - for _, valueFile := range source.ValueFiles { - if strings.HasPrefix(valueFile, "$") { - refVar := strings.Split(valueFile, "/")[0] + if hasMultipleSources { + if source != nil { + for _, valueFile := range source.ValueFiles { + if strings.HasPrefix(valueFile, "$") { + refVar := strings.Split(valueFile, "/")[0] + + refSourceMapping, ok := refSources[refVar] + if !ok { + if len(refSources) == 0 { + return nil, fmt.Errorf("source referenced %q, but no source has a 'ref' field defined", refVar) + } + refKeys := make([]string, 0) + for refKey := range refSources { + refKeys = append(refKeys, refKey) + } + return nil, fmt.Errorf("source referenced %q, which is not one of the available sources (%s)", refVar, strings.Join(refKeys, ", ")) + } + if refSourceMapping.Chart != "" { + return nil, fmt.Errorf("source has a 'chart' field defined, but Helm charts are not yet not supported for 'ref' sources") + } + normalizedRepoURL := git.NormalizeGitURL(refSourceMapping.Repo.Repo) + _, ok = repoRefs[normalizedRepoURL] + if !ok { + _, referencedCommitSHA, err := newClientResolveRevision(&refSourceMapping.Repo, refSourceMapping.TargetRevision) + if err != nil { + log.Errorf("Failed to get git client for repo %s: %v", refSourceMapping.Repo.Repo, err) + return nil, fmt.Errorf("failed to get git client for repo %s", refSourceMapping.Repo.Repo) + } - refSourceMapping, ok := refSources[refVar] - if !ok { - if len(refSources) == 0 { - return nil, fmt.Errorf("source referenced %q, but no source has a 'ref' field defined", refVar) - } - refKeys := make([]string, 0) - for refKey := range refSources { - refKeys = append(refKeys, refKey) - } - return nil, fmt.Errorf("source referenced %q, which is not one of the available sources (%s)", refVar, strings.Join(refKeys, ", ")) - } - if refSourceMapping.Chart != "" { - return nil, fmt.Errorf("source has a 'chart' field defined, but Helm charts are not yet not supported for 'ref' sources") - } - normalizedRepoURL := git.NormalizeGitURL(refSourceMapping.Repo.Repo) - _, ok = repoRefs[normalizedRepoURL] - if !ok { - _, referencedCommitSHA, err := newClientResolveRevision(&refSourceMapping.Repo, refSourceMapping.TargetRevision) - if err != nil { - log.Errorf("Failed to get git client for repo %s: %v", refSourceMapping.Repo.Repo, err) - return nil, fmt.Errorf("failed to get git client for repo %s", refSourceMapping.Repo.Repo) + repoRefs[normalizedRepoURL] = referencedCommitSHA + } } - - repoRefs[normalizedRepoURL] = referencedCommitSHA } } } @@ -783,11 +784,6 @@ func (s *Service) runManifestGenAsync(ctx context.Context, repoRoot, commitSHA, } } if err != nil { - logCtx := log.WithFields(log.Fields{ - "application": q.AppName, - "appNamespace": q.Namespace, - }) - // If manifest generation error caching is enabled if s.initConstants.PauseGenerationAfterFailedGenerationAttempts > 0 { cache.LogDebugManifestCacheKeyFields("getting manifests cache", "GenerateManifests error", cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, refSourceCommitSHAs) @@ -796,8 +792,8 @@ func (s *Service) runManifestGenAsync(ctx context.Context, repoRoot, commitSHA, // rather than a copy of the cache that occurred before (a potentially lengthy) manifest generation. innerRes := &cache.CachedManifestResponse{} cacheErr := s.cache.GetManifests(cacheKey, appSourceCopy, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, innerRes, refSourceCommitSHAs) - if cacheErr != nil && cacheErr != cache.ErrCacheMiss { - logCtx.Warnf("manifest cache get error %s: %v", appSourceCopy.String(), cacheErr) + if cacheErr != nil && cacheErr != reposervercache.ErrCacheMiss { + log.Warnf("manifest cache set error %s: %v", appSourceCopy.String(), cacheErr) ch.errCh <- cacheErr return } @@ -815,7 +811,7 @@ func (s *Service) runManifestGenAsync(ctx context.Context, repoRoot, commitSHA, innerRes.MostRecentError = err.Error() cacheErr = s.cache.SetManifests(cacheKey, appSourceCopy, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, innerRes, refSourceCommitSHAs) if cacheErr != nil { - logCtx.Warnf("manifest cache set error %s: %v", appSourceCopy.String(), cacheErr) + log.Warnf("manifest cache set error %s: %v", appSourceCopy.String(), cacheErr) ch.errCh <- cacheErr return } @@ -931,7 +927,7 @@ func (s *Service) getManifestCacheEntry(cacheKey string, q *apiclient.ManifestRe return true, res.ManifestResponse, nil } - if err != cache.ErrCacheMiss { + if err != reposervercache.ErrCacheMiss { log.Warnf("manifest cache error %s: %v", q.ApplicationSource.String(), err) } else { log.Infof("manifest cache miss: %s/%s", q.ApplicationSource.String(), cacheKey) @@ -943,7 +939,7 @@ func (s *Service) getManifestCacheEntry(cacheKey string, q *apiclient.ManifestRe func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoCreds []*v1alpha1.RepoCreds) ([]helm.HelmRepository, error) { dependencies, err := getHelmDependencyRepos(appPath) if err != nil { - return nil, fmt.Errorf("error retrieving helm dependency repos: %w", err) + return nil, err } reposByName := make(map[string]*v1alpha1.Repository) reposByUrl := make(map[string]*v1alpha1.Repository) @@ -1000,12 +996,12 @@ func getHelmDependencyRepos(appPath string) ([]*v1alpha1.Repository, error) { repos := make([]*v1alpha1.Repository, 0) f, err := os.ReadFile(filepath.Join(appPath, "Chart.yaml")) if err != nil { - return nil, fmt.Errorf("error reading helm chart from %s: %w", filepath.Join(appPath, "Chart.yaml"), err) + return nil, err } d := &dependencies{} if err = yaml.Unmarshal(f, d); err != nil { - return nil, fmt.Errorf("error unmarshalling the helm chart while getting helm dependency repos: %w", err) + return nil, err } for _, r := range d.Dependencies { @@ -1048,9 +1044,9 @@ func runHelmBuild(appPath string, h helm.Helm) error { manifestGenerateLock.Lock(appPath) defer manifestGenerateLock.Unlock(appPath) - // the `helm dependency build` is potentially a time-consuming 1~2 seconds, - // a marker file is used to check if command already run to avoid running it again unnecessarily - // the file is removed when repository is re-initialized (e.g. when another commit is processed) + // the `helm dependency build` is potentially time consuming 1~2 seconds + // marker file is used to check if command already run to avoid running it again unnecessary + // file is removed when repository re-initialized (e.g. when another commit is processed) markerFile := path.Join(appPath, helmDepUpMarkerFile) _, err := os.Stat(markerFile) if err == nil { @@ -1061,16 +1057,11 @@ func runHelmBuild(appPath string, h helm.Helm) error { err = h.DependencyBuild() if err != nil { - return fmt.Errorf("error building helm chart dependencies: %w", err) + return err } return os.WriteFile(markerFile, []byte("marker"), 0644) } -func isSourcePermitted(url string, repos []string) bool { - p := v1alpha1.AppProject{Spec: v1alpha1.AppProjectSpec{SourceRepos: repos}} - return p.IsSourcePermitted(v1alpha1.ApplicationSource{RepoURL: url}) -} - func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclient.ManifestRequest, isLocal bool, gitRepoPaths io.TempPaths) ([]*unstructured.Unstructured, error) { concurrencyAllowed := isConcurrencyAllowed(appPath) if !concurrencyAllowed { @@ -1107,7 +1098,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie resolvedValueFiles, err := getResolvedValueFiles(appPath, repoRoot, env, q.GetValuesFileSchemes(), appHelm.ValueFiles, q.RefSources, gitRepoPaths, appHelm.IgnoreMissingValueFiles) if err != nil { - return nil, fmt.Errorf("error resolving helm value files: %w", err) + return nil, err } templateOpts.Values = resolvedValueFiles @@ -1115,7 +1106,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie if !appHelm.ValuesIsEmpty() { rand, err := uuid.NewRandom() if err != nil { - return nil, fmt.Errorf("error generating random filename for Helm values file: %w", err) + return nil, err } p := path.Join(os.TempDir(), rand.String()) defer func() { @@ -1126,7 +1117,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie }() err = os.WriteFile(p, appHelm.ValuesYAML(), 0644) if err != nil { - return nil, fmt.Errorf("error writing helm values file: %w", err) + return nil, err } templateOpts.Values = append(templateOpts.Values, pathutil.ResolvedFilePath(p)) } @@ -1141,7 +1132,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie for _, p := range appHelm.FileParameters { resolvedPath, _, err := pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, env.Envsubst(p.Path), q.GetValuesFileSchemes()) if err != nil { - return nil, fmt.Errorf("error resolving helm value file path: %w", err) + return nil, err } templateOpts.SetFile[p.Name] = resolvedPath } @@ -1165,18 +1156,17 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie helmRepos, err := getHelmRepos(appPath, q.Repos, q.HelmRepoCreds) if err != nil { - return nil, fmt.Errorf("error getting helm repos: %w", err) + return nil, err } - h, err := helm.NewHelmApp(appPath, helmRepos, isLocal, version, proxy, passCredentials) if err != nil { - return nil, fmt.Errorf("error initializing helm app object: %w", err) + return nil, err } defer h.Dispose() err = h.Init() if err != nil { - return nil, fmt.Errorf("error initializing helm app: %w", err) + return nil, err } out, err := h.Template(templateOpts) @@ -1192,24 +1182,6 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie } if err != nil { - var reposNotPermitted []string - // We do a sanity check here to give a nicer error message in case any of the Helm repositories are not permitted by - // the AppProject which the application is a part of - for _, repo := range helmRepos { - msg := err.Error() - - chartCannotBeReached := strings.Contains(msg, "is not a valid chart repository or cannot be reached") - couldNotDownloadChart := strings.Contains(msg, "could not download") - - if (chartCannotBeReached || couldNotDownloadChart) && !isSourcePermitted(repo.Repo, q.ProjectSourceRepos) { - reposNotPermitted = append(reposNotPermitted, repo.Repo) - } - } - - if len(reposNotPermitted) > 0 { - return nil, status.Errorf(codes.PermissionDenied, "helm repos %s are not permitted in project '%s'", strings.Join(reposNotPermitted, ", "), q.ProjectName) - } - return nil, err } @@ -1242,13 +1214,13 @@ func getResolvedValueFiles( // If the $-prefixed path appears to reference another source, do env substitution _after_ resolving that source. resolvedPath, err = getResolvedRefValueFile(rawValueFile, env, allowedValueFilesSchemas, referencedSource.Repo.Repo, gitRepoPaths) if err != nil { - return nil, fmt.Errorf("error resolving value file path: %w", err) + return nil, err } } else { // This will resolve val to an absolute path (or an URL) resolvedPath, isRemote, err = pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, env.Envsubst(rawValueFile), allowedValueFilesSchemas) if err != nil { - return nil, fmt.Errorf("error resolving value file path: %w", err) + return nil, err } } @@ -1285,7 +1257,7 @@ func getResolvedRefValueFile( // Resolve the path relative to the referenced repo and block any attempt at traversal. resolvedPath, _, err := pathutil.ResolveValueFilePathOrUrl(repoPath, repoPath, env.Envsubst(substitutedPath), allowedValueFilesSchemas) if err != nil { - return "", fmt.Errorf("error resolving value file path: %w", err) + return "", err } return resolvedPath, nil } @@ -1349,7 +1321,7 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, appSourceType, err := GetAppSourceType(ctx, q.ApplicationSource, appPath, repoRoot, q.AppName, q.EnabledSourceTypes, opt.cmpTarExcludedGlobs) if err != nil { - return nil, fmt.Errorf("error getting app source type: %w", err) + return nil, err } repoURL := "" if q.Repo != nil { @@ -1418,7 +1390,7 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, if q.AppLabelKey != "" && q.AppName != "" && !kube.IsCRD(target) { err = resourceTracking.SetAppInstance(target, q.AppLabelKey, q.AppName, q.Namespace, v1alpha1.TrackingMethod(q.TrackingMethod)) if err != nil { - return nil, fmt.Errorf("failed to set app instance tracking info on manifest: %w", err) + return nil, err } } manifestStr, err := json.Marshal(target.Object) @@ -1436,15 +1408,10 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string, } func newEnv(q *apiclient.ManifestRequest, revision string) *v1alpha1.Env { - shortRevision := revision - if len(shortRevision) > 7 { - shortRevision = shortRevision[:7] - } return &v1alpha1.Env{ &v1alpha1.EnvEntry{Name: "ARGOCD_APP_NAME", Value: q.AppName}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_NAMESPACE", Value: q.Namespace}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_REVISION", Value: revision}, - &v1alpha1.EnvEntry{Name: "ARGOCD_APP_REVISION_SHORT", Value: shortRevision}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_SOURCE_REPO_URL", Value: q.Repo.Repo}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_SOURCE_PATH", Value: q.ApplicationSource.Path}, &v1alpha1.EnvEntry{Name: "ARGOCD_APP_SOURCE_TARGET_REVISION", Value: q.ApplicationSource.TargetRevision}, @@ -1529,7 +1496,7 @@ func GetAppSourceType(ctx context.Context, source *v1alpha1.ApplicationSource, a } appType, err := discovery.AppType(ctx, appPath, repoPath, enableGenerateManifests, tarExcludedGlobs) if err != nil { - return "", fmt.Errorf("error getting app source type: %v", err) + return "", err } return v1alpha1.ApplicationSourceType(appType), nil } @@ -1986,7 +1953,7 @@ func (s *Service) createGetAppDetailsCacheHandler(res *apiclient.RepoAppDetailsR return true, nil } - if err != cache.ErrCacheMiss { + if err != reposervercache.ErrCacheMiss { log.Warnf("app details cache error %s: %v", revision, q.Source) } else { log.Infof("app details cache miss: %s/%s", revision, q.Source) @@ -2058,7 +2025,7 @@ func populateHelmAppDetails(res *apiclient.RepoAppDetailsResponse, appPath strin for _, v := range fileParameters(q) { res.Helm.FileParameters = append(res.Helm.FileParameters, &v1alpha1.HelmFileParameter{ Name: v.Name, - Path: v.Path, // filepath.Join(appPath, v.Path), + Path: v.Path, //filepath.Join(appPath, v.Path), }) } return nil @@ -2071,7 +2038,7 @@ func loadFileIntoIfExists(path pathutil.ResolvedFilePath, destination *string) e if err == nil && !info.IsDir() { bytes, err := os.ReadFile(stringPath) if err != nil { - return fmt.Errorf("error reading file from %s: %w", stringPath, err) + return err } *destination = string(bytes) } @@ -2084,7 +2051,7 @@ func findHelmValueFilesInPath(path string) ([]string, error) { files, err := os.ReadDir(path) if err != nil { - return result, fmt.Errorf("error reading helm values file from %s: %w", path, err) + return result, err } for _, f := range files { @@ -2193,7 +2160,7 @@ func (s *Service) GetRevisionMetadata(ctx context.Context, q *apiclient.RepoServ return metadata, nil } } else { - if err != cache.ErrCacheMiss { + if err != reposervercache.ErrCacheMiss { log.Warnf("revision metadata cache error %s/%s: %v", q.Repo.Repo, q.Revision, err) } else { log.Infof("revision metadata cache miss: %s/%s", q.Repo.Repo, q.Revision) @@ -2213,7 +2180,7 @@ func (s *Service) GetRevisionMetadata(ctx context.Context, q *apiclient.RepoServ }) if err != nil { - return nil, fmt.Errorf("error acquiring repo lock: %w", err) + return nil, err } defer io.Close(closer) @@ -2256,7 +2223,7 @@ func (s *Service) GetRevisionChartDetails(ctx context.Context, q *apiclient.Repo log.Infof("revision chart details cache hit: %s/%s/%s", q.Repo.Repo, q.Name, q.Revision) return details, nil } else { - if err == cache.ErrCacheMiss { + if err == reposervercache.ErrCacheMiss { log.Infof("revision metadata cache miss: %s/%s/%s", q.Repo.Repo, q.Name, q.Revision) } else { log.Warnf("revision metadata cache error %s/%s/%s: %v", q.Repo.Repo, q.Name, q.Revision, err) diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index 8e4b69000f7e1..37babd739b1c1 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -32,10 +32,6 @@ message ManifestRequest { github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.HelmOptions helmOptions = 21; bool hasMultipleSources = 22; map refSources = 23; - // This is used to surface "source not permitted" errors for Helm repositories - repeated string projectSourceRepos = 24; - // This is used to surface "source not permitted" errors for Helm repositories - string projectName = 25; } message ManifestRequestWithFiles { diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 0ae2c4ba20404..0e13aa352e6d8 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -154,10 +154,8 @@ func TestGenerateYamlManifestInDir(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &src, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, } // update this value if we add/remove manifests @@ -224,8 +222,7 @@ func Test_GenerateManifests_NoOutOfBoundsAccess(t *testing.T) { mustNotContain = testCaseCopy.mustNotContain } - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}} res, err := GenerateManifests(context.Background(), repoDir, "", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) require.Error(t, err) assert.NotContains(t, err.Error(), mustNotContain) @@ -240,8 +237,7 @@ func TestGenerateManifests_MissingSymlinkDestination(t *testing.T) { err := os.Symlink("/obviously/does/not/exist", path.Join(repoDir, "test.yaml")) require.NoError(t, err) - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}} _, err = GenerateManifests(context.Background(), repoDir, "", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) require.NoError(t, err) } @@ -251,11 +247,9 @@ func TestGenerateManifests_K8SAPIResetCache(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - KubeVersion: "v1.16.0", - Repo: &argoappv1.Repository{}, - ApplicationSource: &src, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + KubeVersion: "v1.16.0", + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, } cachedFakeResponse := &apiclient.ManifestResponse{Manifests: []string{"Fake"}} @@ -279,10 +273,8 @@ func TestGenerateManifests_EmptyCache(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &src, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, } err := service.cache.SetManifests(mock.Anything, &src, q.RefSources, &q, "", "", "", "", &cache.CachedManifestResponse{ManifestResponse: nil}, nil) @@ -297,8 +289,7 @@ func TestGenerateManifests_EmptyCache(t *testing.T) { func TestHelmManifestFromChartRepo(t *testing.T) { service := newService(".") source := &argoappv1.ApplicationSource{Chart: "my-chart", TargetRevision: ">= 1.0.0"} - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true} response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -327,8 +318,7 @@ func TestHelmChartReferencingExternalValues(t *testing.T) { }, nil) refSources, err := argo.GetRefSources(context.Background(), spec, repoDB) require.NoError(t, err) - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true} response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -380,8 +370,7 @@ func TestGenerateManifestsUseExactRevision(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/recurse", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, Revision: "abc", ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, Revision: "abc"} res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -394,8 +383,7 @@ func TestRecurseManifestsInDir(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/recurse", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src} res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -450,8 +438,6 @@ func TestGenerateJsonnetManifestInDir(t *testing.T) { }, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, } res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -473,8 +459,6 @@ func TestGenerateJsonnetManifestInRootDir(t *testing.T) { }, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, } res1, err := service.GenerateManifest(context.Background(), &q) assert.Nil(t, err) @@ -494,8 +478,6 @@ func TestGenerateJsonnetLibOutside(t *testing.T) { }, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, } _, err := service.GenerateManifest(context.Background(), &q) require.Error(t, err) @@ -670,8 +652,6 @@ func TestManifestGenErrorCacheFileContentsChange(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: ".", }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) fmt.Println("-", step, "-", res != nil, err != nil, errorExpected) @@ -840,8 +820,6 @@ func TestGenerateHelmWithValues(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -877,8 +855,6 @@ func TestHelmWithMissingValueFiles(t *testing.T) { ValueFiles: []string{"values-production.yaml", missingValuesFile}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, } // Should fail since we're passing a non-existent values file, and error should indicate that @@ -904,8 +880,6 @@ func TestGenerateHelmWithEnvVars(t *testing.T) { ValueFiles: []string{"values-$ARGOCD_APP_NAME.yaml"}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -941,8 +915,6 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) @@ -954,8 +926,6 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: "./my-chart", }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) } @@ -980,11 +950,10 @@ func TestHelmManifestFromChartRepoWithValueFile(t *testing.T) { }, } request := &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: source, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + Repo: &argoappv1.Repository{}, + ApplicationSource: source, + NoCache: true, + } response, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) assert.NotNil(t, response) @@ -1023,8 +992,7 @@ func TestHelmManifestFromChartRepoWithValueFileLinks(t *testing.T) { ValueFiles: []string{"my-chart-link.yaml"}, }, } - request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true} _, err := service.GenerateManifest(context.Background(), request) assert.NoError(t, err) }) @@ -1043,9 +1011,8 @@ func TestGenerateHelmWithURL(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"https"}}, + + HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"https"}}, }) assert.NoError(t, err) } @@ -1065,8 +1032,6 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "outside repository root") @@ -1084,8 +1049,6 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) }) @@ -1102,8 +1065,6 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) }) @@ -1120,8 +1081,6 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "outside repository root") @@ -1139,8 +1098,6 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValuesObject: &runtime.RawExtension{Raw: []byte(`cluster: {slaveCount: 2}`)}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "is not allowed") @@ -1157,9 +1114,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ValueFiles: []string{"s3://my-bucket/my-chart-values.yaml"}, }, }, - HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"s3"}}, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"s3"}}, }) assert.Error(t, err) assert.Contains(t, err.Error(), "s3://my-bucket/my-chart-values.yaml: no such file or directory") @@ -1198,8 +1153,6 @@ func TestGenerateHelmWithAbsoluteFileParameter(t *testing.T) { }}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.Error(t, err) } @@ -1226,8 +1179,6 @@ func TestGenerateHelmWithFileParameter(t *testing.T) { }}, }, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) assert.NoError(t, err) assert.Contains(t, res.Manifests[6], `"replicas":2`, "ValuesObject should override Values") @@ -1238,11 +1189,9 @@ func TestGenerateNullList(t *testing.T) { t.Run("null list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/null-list"}, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/null-list"}, + NoCache: true, }) assert.Nil(t, err) assert.Equal(t, len(res1.Manifests), 1) @@ -1251,11 +1200,9 @@ func TestGenerateNullList(t *testing.T) { t.Run("empty list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/empty-list"}, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/empty-list"}, + NoCache: true, }) assert.Nil(t, err) assert.Equal(t, len(res1.Manifests), 1) @@ -1264,11 +1211,9 @@ func TestGenerateNullList(t *testing.T) { t.Run("weird list", func(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/weird-list"}, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{Path: "./testdata/weird-list"}, + NoCache: true, }) assert.Nil(t, err) assert.Len(t, res1.Manifests, 2) @@ -1291,10 +1236,8 @@ func TestIdentifyAppSourceTypeByAppDirWithKustomizations(t *testing.T) { func TestGenerateFromUTF16(t *testing.T) { q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &argoappv1.ApplicationSource{}, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &argoappv1.ApplicationSource{}, } res1, err := GenerateManifests(context.Background(), "./testdata/utf-16", "/", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) assert.Nil(t, err) @@ -1473,11 +1416,9 @@ func TestGetSignatureVerificationResult(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: &src, - VerifySignature: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: &src, + VerifySignature: true, } res, err := service.GenerateManifest(context.Background(), &q) @@ -1489,8 +1430,7 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newServiceWithSignature("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1501,8 +1441,7 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newService("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1513,8 +1452,7 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newService("../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}} + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true} res, err := service.GenerateManifest(context.Background(), &q) assert.NoError(t, err) @@ -1527,7 +1465,6 @@ func Test_newEnv(t *testing.T) { &argoappv1.EnvEntry{Name: "ARGOCD_APP_NAME", Value: "my-app-name"}, &argoappv1.EnvEntry{Name: "ARGOCD_APP_NAMESPACE", Value: "my-namespace"}, &argoappv1.EnvEntry{Name: "ARGOCD_APP_REVISION", Value: "my-revision"}, - &argoappv1.EnvEntry{Name: "ARGOCD_APP_REVISION_SHORT", Value: "my-revi"}, &argoappv1.EnvEntry{Name: "ARGOCD_APP_SOURCE_REPO_URL", Value: "https://github.com/my-org/my-repo"}, &argoappv1.EnvEntry{Name: "ARGOCD_APP_SOURCE_PATH", Value: "my-path"}, &argoappv1.EnvEntry{Name: "ARGOCD_APP_SOURCE_TARGET_REVISION", Value: "my-target-revision"}, @@ -1674,8 +1611,6 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1705,8 +1640,6 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1736,9 +1669,7 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - AppName: "testapp", - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + AppName: "testapp", }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1768,9 +1699,7 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ Path: path, }, - AppName: "testapp2", - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + AppName: "testapp2", }) require.NoError(t, err) resourceByKindName := make(map[string]*unstructured.Unstructured) @@ -1800,11 +1729,9 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { } sourceCopy := source.DeepCopy() // make a copy in case GenerateManifest mutates it. _, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, - ApplicationSource: sourceCopy, - AppName: "test", - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + Repo: &argoappv1.Repository{}, + ApplicationSource: sourceCopy, + AppName: "test", }) assert.NoError(t, err) res := &cache.CachedManifestResponse{} @@ -1838,9 +1765,7 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: regularGitTagHash, }, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + NoCache: true, }, wantError: false, service: newServiceWithCommitSHA(".", regularGitTagHash), @@ -1854,9 +1779,7 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: annotatedGitTaghash, }, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + NoCache: true, }, wantError: false, service: newServiceWithCommitSHA(".", annotatedGitTaghash), @@ -1870,9 +1793,7 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { ApplicationSource: &argoappv1.ApplicationSource{ TargetRevision: invalidGitTaghash, }, - NoCache: true, - ProjectName: "something", - ProjectSourceRepos: []string{"*"}, + NoCache: true, }, wantError: true, service: newServiceWithCommitSHA(".", invalidGitTaghash), diff --git a/reposerver/repository/types.go b/reposerver/repository/types.go deleted file mode 100644 index 3e45a5bf3a1cf..0000000000000 --- a/reposerver/repository/types.go +++ /dev/null @@ -1,14 +0,0 @@ -package repository - -// Chart see: https://helm.sh/docs/topics/charts/ for more details -type Chart struct { - Description string `yaml:"description,omitempty"` - Home string `yaml:"home,omitempty"` - Maintainers []Maintainer `yaml:"maintainers,omitempty"` -} - -type Maintainer struct { - Name string `yaml:"name,omitempty"` - Email string `yaml:"email,omitempty"` - Url string `yaml:"url,omitempty"` -} diff --git a/resource_customizations/embed.go b/resource_customizations/embed.go index 8a4d5316cd3df..251b12293efac 100644 --- a/resource_customizations/embed.go +++ b/resource_customizations/embed.go @@ -5,6 +5,5 @@ import ( ) // Embedded contains embedded resource customization -// //go:embed * var Embedded embed.FS diff --git a/resource_customizations/sparkoperator.k8s.io/SparkApplication/health.lua b/resource_customizations/sparkoperator.k8s.io/SparkApplication/health.lua index 07fbf3a4dc64d..5a504602eb83c 100644 --- a/resource_customizations/sparkoperator.k8s.io/SparkApplication/health.lua +++ b/resource_customizations/sparkoperator.k8s.io/SparkApplication/health.lua @@ -5,10 +5,10 @@ infinity = 2^1024-1 local function executor_range_api() min_executor_instances = 0 max_executor_instances = infinity - if obj.spec.dynamicAllocation.maxExecutors then + if obj.spec.dynamicAllocation.maxExecutors then max_executor_instances = obj.spec.dynamicAllocation.maxExecutors end - if obj.spec.dynamicAllocation.minExecutors then + if obj.spec.dynamicAllocation.minExecutors then min_executor_instances = obj.spec.dynamicAllocation.minExecutors end return min_executor_instances, max_executor_instances @@ -17,7 +17,7 @@ end local function maybe_executor_range_spark_conf() min_executor_instances = 0 max_executor_instances = infinity - if obj.spec.sparkConf["spark.streaming.dynamicAllocation.enabled"] ~= nil and + if obj.spec.sparkConf["spark.streaming.dynamicAllocation.enabled"] ~= nil and obj.spec.sparkConf["spark.streaming.dynamicAllocation.enabled"] == "true" then if(obj.spec.sparkConf["spark.streaming.dynamicAllocation.maxExecutors"] ~= nil) then max_executor_instances = tonumber(obj.spec.sparkConf["spark.streaming.dynamicAllocation.maxExecutors"]) @@ -26,7 +26,7 @@ local function maybe_executor_range_spark_conf() min_executor_instances = tonumber(obj.spec.sparkConf["spark.streaming.dynamicAllocation.minExecutors"]) end return min_executor_instances, max_executor_instances - elseif obj.spec.sparkConf["spark.dynamicAllocation.enabled"] ~= nil and + elseif obj.spec.sparkConf["spark.dynamicAllocation.enabled"] ~= nil and obj.spec.sparkConf["spark.dynamicAllocation.enabled"] == "true" then if(obj.spec.sparkConf["spark.dynamicAllocation.maxExecutors"] ~= nil) then max_executor_instances = tonumber(obj.spec.sparkConf["spark.dynamicAllocation.maxExecutors"]) @@ -45,19 +45,11 @@ local function maybe_executor_range() return executor_range_api() elseif obj.spec["sparkConf"] ~= nil then return maybe_executor_range_spark_conf() - else + else return nil end end -local function dynamic_executors_without_spec_config() - if obj.spec.dynamicAllocation == nil and obj.spec.executor.instances == nil then - return true - else - return false - end -end - if obj.status ~= nil then if obj.status.applicationState.state ~= nil then if obj.status.applicationState.state == "" then @@ -68,26 +60,23 @@ if obj.status ~= nil then if obj.status.applicationState.state == "RUNNING" then if obj.status.executorState ~= nil then count=0 + executor_instances = obj.spec.executor.instances for i, executorState in pairs(obj.status.executorState) do if executorState == "RUNNING" then count=count+1 end end - if obj.spec.executor.instances ~= nil and obj.spec.executor.instances == count then + if executor_instances == count then health_status.status = "Healthy" health_status.message = "SparkApplication is Running" return health_status elseif maybe_executor_range() then min_executor_instances, max_executor_instances = maybe_executor_range() - if count >= min_executor_instances and count <= max_executor_instances then + if count >= min_executor_instances and count <= max_executor_instances then health_status.status = "Healthy" health_status.message = "SparkApplication is Running" return health_status end - elseif dynamic_executors_without_spec_config() and count >= 1 then - health_status.status = "Healthy" - health_status.message = "SparkApplication is Running" - return health_status end end end diff --git a/resource_customizations/sparkoperator.k8s.io/SparkApplication/health_test.yaml b/resource_customizations/sparkoperator.k8s.io/SparkApplication/health_test.yaml index e0ad7dfdf387d..582b446eca324 100644 --- a/resource_customizations/sparkoperator.k8s.io/SparkApplication/health_test.yaml +++ b/resource_customizations/sparkoperator.k8s.io/SparkApplication/health_test.yaml @@ -23,7 +23,3 @@ tests: status: Healthy message: "SparkApplication is Running" inputPath: testdata/healthy_dynamic_alloc_operator_api.yaml -- healthStatus: - status: Healthy - message: "SparkApplication is Running" - inputPath: testdata/healthy_dynamic_alloc_without_spec_config.yaml diff --git a/resource_customizations/sparkoperator.k8s.io/SparkApplication/testdata/healthy_dynamic_alloc_without_spec_config.yaml b/resource_customizations/sparkoperator.k8s.io/SparkApplication/testdata/healthy_dynamic_alloc_without_spec_config.yaml deleted file mode 100644 index a2ab7b85b5c50..0000000000000 --- a/resource_customizations/sparkoperator.k8s.io/SparkApplication/testdata/healthy_dynamic_alloc_without_spec_config.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: sparkoperator.k8s.io/v1beta2 -kind: SparkApplication -metadata: - generation: 4 - labels: - argocd.argoproj.io/instance: spark-job - name: spark-job-app - namespace: spark-cluster - resourceVersion: "31812990" - uid: bfee52b0-74ca-4465-8005-f6643097ed64 -spec: - executor: {} -status: - applicationState: - state: RUNNING - driverInfo: - podName: ingestion-datalake-news-app-driver - webUIAddress: 172.20.207.161:4040 - webUIPort: 4040 - webUIServiceName: ingestion-datalake-news-app-ui-svc - executionAttempts: 13 - executorState: - ingestion-datalake-news-app-1591613851251-exec-1: RUNNING - ingestion-datalake-news-app-1591613851251-exec-2: RUNNING - ingestion-datalake-news-app-1591613851251-exec-4: RUNNING - ingestion-datalake-news-app-1591613851251-exec-5: RUNNING - lastSubmissionAttemptTime: "2020-06-08T10:57:32Z" - sparkApplicationId: spark-a5920b2a5aa04d22a737c60759b5bf82 - submissionAttempts: 1 - submissionID: 3e713ec8-9f6c-4e78-ac28-749797c846f0 - terminationTime: null diff --git a/server/application/application.go b/server/application/application.go index fe9697dc77056..a0323cde5bccc 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -463,11 +463,6 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan return fmt.Errorf("error getting API resources: %w", err) } - proj, err := argo.GetAppProject(a, applisters.NewAppProjectLister(s.projInformer.GetIndexer()), s.ns, s.settingsMgr, s.db, ctx) - if err != nil { - return fmt.Errorf("error getting app project: %w", err) - } - manifestInfo, err = client.GenerateManifest(ctx, &apiclient.ManifestRequest{ Repo: repo, Revision: revision, @@ -483,8 +478,6 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan HelmOptions: helmOptions, TrackingMethod: string(argoutil.GetTrackingMethod(s.settingsMgr)), EnabledSourceTypes: enableGenerateManifests, - ProjectName: proj.Name, - ProjectSourceRepos: proj.Spec.SourceRepos, }) if err != nil { return fmt.Errorf("error generating manifests: %w", err) @@ -560,12 +553,6 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get } source := a.Spec.GetSource() - - proj, err := argo.GetAppProject(a, applisters.NewAppProjectLister(s.projInformer.GetIndexer()), s.ns, s.settingsMgr, s.db, ctx) - if err != nil { - return fmt.Errorf("error getting app project: %w", err) - } - req := &apiclient.ManifestRequest{ Repo: repo, Revision: source.TargetRevision, @@ -581,8 +568,6 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get HelmOptions: helmOptions, TrackingMethod: string(argoutil.GetTrackingMethod(s.settingsMgr)), EnabledSourceTypes: enableGenerateManifests, - ProjectName: proj.Name, - ProjectSourceRepos: proj.Spec.SourceRepos, } repoStreamClient, err := client.GenerateManifestWithFiles(stream.Context()) @@ -1175,7 +1160,6 @@ func (s *Server) validateAndNormalizeApp(ctx context.Context, app *appv1.Applica } var conditions []appv1.ApplicationCondition - if validate { conditions := make([]appv1.ApplicationCondition, 0) condition, err := argo.ValidateRepo(ctx, app, s.repoClientset, s.db, s.kubectl, proj, s.settingsMgr) diff --git a/server/application/terminal.go b/server/application/terminal.go index 6424c89e97670..bea1f6ea6a110 100644 --- a/server/application/terminal.go +++ b/server/application/terminal.go @@ -6,6 +6,7 @@ import ( "net/http" "time" + util_session "github.com/argoproj/argo-cd/v2/util/session" "github.com/argoproj/gitops-engine/pkg/utils/kube" log "github.com/sirupsen/logrus" v1 "k8s.io/api/core/v1" @@ -37,11 +38,12 @@ type terminalHandler struct { allowedShells []string namespace string enabledNamespaces []string + sessionManager util_session.SessionManager } // NewHandler returns a new terminal handler. func NewHandler(appLister applisters.ApplicationLister, namespace string, enabledNamespaces []string, db db.ArgoDB, enf *rbac.Enforcer, cache *servercache.Cache, - appResourceTree AppResourceTreeFn, allowedShells []string) *terminalHandler { + appResourceTree AppResourceTreeFn, allowedShells []string, sessionManager util_session.SessionManager) *terminalHandler { return &terminalHandler{ appLister: appLister, db: db, @@ -51,6 +53,7 @@ func NewHandler(appLister applisters.ApplicationLister, namespace string, enable allowedShells: allowedShells, namespace: namespace, enabledNamespaces: enabledNamespaces, + sessionManager: sessionManager, } } @@ -222,7 +225,7 @@ func (s *terminalHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { fieldLog.Info("terminal session starting") - session, err := newTerminalSession(w, r, nil) + session, err := newTerminalSession(w, r, nil, s.sessionManager) if err != nil { http.Error(w, "Failed to start terminal session", http.StatusBadRequest) return @@ -282,6 +285,11 @@ type TerminalMessage struct { Cols uint16 `json:"cols"` } +// TerminalCommand is the struct for websocket commands,For example you need ask client to reconnect +type TerminalCommand struct { + Code int +} + // startProcess executes specified commands in the container and connects it up with the ptyHandler (a session) func startProcess(k8sClient kubernetes.Interface, cfg *rest.Config, namespace, podName, containerName string, cmd []string, ptyHandler PtyHandler) error { req := k8sClient.CoreV1().RESTClient().Post(). diff --git a/server/application/websocket.go b/server/application/websocket.go index fdac5a76c592b..faee91c4f47e4 100644 --- a/server/application/websocket.go +++ b/server/application/websocket.go @@ -3,6 +3,9 @@ package application import ( "encoding/json" "fmt" + "github.com/argoproj/argo-cd/v2/common" + httputil "github.com/argoproj/argo-cd/v2/util/http" + util_session "github.com/argoproj/argo-cd/v2/util/session" "net/http" "sync" "time" @@ -12,6 +15,11 @@ import ( "k8s.io/client-go/tools/remotecommand" ) +const ( + ReconnectCode = 1 + ReconnectMessage = "\nReconnect because the token was refreshed...\n" +) + var upgrader = func() websocket.Upgrader { upgrader := websocket.Upgrader{} upgrader.HandshakeTimeout = time.Second * 2 @@ -23,25 +31,40 @@ var upgrader = func() websocket.Upgrader { // terminalSession implements PtyHandler type terminalSession struct { - wsConn *websocket.Conn - sizeChan chan remotecommand.TerminalSize - doneChan chan struct{} - tty bool - readLock sync.Mutex - writeLock sync.Mutex + wsConn *websocket.Conn + sizeChan chan remotecommand.TerminalSize + doneChan chan struct{} + tty bool + readLock sync.Mutex + writeLock sync.Mutex + sessionManager util_session.SessionManager + token *string +} + +// getToken get auth token from web socket request +func getToken(r *http.Request) (string, error) { + cookies := r.Cookies() + return httputil.JoinCookies(common.AuthCookieName, cookies) } // newTerminalSession create terminalSession -func newTerminalSession(w http.ResponseWriter, r *http.Request, responseHeader http.Header) (*terminalSession, error) { +func newTerminalSession(w http.ResponseWriter, r *http.Request, responseHeader http.Header, sessionManager util_session.SessionManager) (*terminalSession, error) { + token, err := getToken(r) + if err != nil { + return nil, err + } + conn, err := upgrader.Upgrade(w, r, responseHeader) if err != nil { return nil, err } session := &terminalSession{ - wsConn: conn, - tty: true, - sizeChan: make(chan remotecommand.TerminalSize), - doneChan: make(chan struct{}), + wsConn: conn, + tty: true, + sizeChan: make(chan remotecommand.TerminalSize), + doneChan: make(chan struct{}), + sessionManager: sessionManager, + token: &token, } return session, nil } @@ -78,8 +101,40 @@ func (t *terminalSession) Next() *remotecommand.TerminalSize { } } +// reconnect send reconnect code to client and ask them init new ws session +func (t *terminalSession) reconnect() (int, error) { + reconnectCommand, _ := json.Marshal(TerminalCommand{ + Code: ReconnectCode, + }) + reconnectMessage, _ := json.Marshal(TerminalMessage{ + Operation: "stdout", + Data: ReconnectMessage, + }) + t.writeLock.Lock() + err := t.wsConn.WriteMessage(websocket.TextMessage, reconnectMessage) + if err != nil { + log.Errorf("write message err: %v", err) + return 0, err + } + err = t.wsConn.WriteMessage(websocket.TextMessage, reconnectCommand) + if err != nil { + log.Errorf("write message err: %v", err) + return 0, err + } + t.writeLock.Unlock() + return 0, nil +} + // Read called in a loop from remotecommand as long as the process is running func (t *terminalSession) Read(p []byte) (int, error) { + // check if token still valid + _, newToken, err := t.sessionManager.VerifyToken(*t.token) + // err in case if token is revoked, newToken in case if refresh happened + if err != nil || newToken != "" { + // need to send reconnect code in case if token was refreshed + return t.reconnect() + } + t.readLock.Lock() _, message, err := t.wsConn.ReadMessage() t.readLock.Unlock() diff --git a/server/application/websocket_test.go b/server/application/websocket_test.go new file mode 100644 index 0000000000000..30c5ffa232328 --- /dev/null +++ b/server/application/websocket_test.go @@ -0,0 +1,46 @@ +package application + +import ( + "encoding/json" + "github.com/gorilla/websocket" + "github.com/stretchr/testify/assert" + "net/http" + "net/http/httptest" + "strings" + "testing" +) + +func reconnect(w http.ResponseWriter, r *http.Request) { + var upgrader = websocket.Upgrader{} + c, err := upgrader.Upgrade(w, r, nil) + if err != nil { + return + } + + ts := terminalSession{wsConn: c} + _, _ = ts.reconnect() +} + +func TestReconnect(t *testing.T) { + + s := httptest.NewServer(http.HandlerFunc(reconnect)) + defer s.Close() + + u := "ws" + strings.TrimPrefix(s.URL, "http") + + // Connect to the server + ws, _, err := websocket.DefaultDialer.Dial(u, nil) + assert.NoError(t, err) + + defer ws.Close() + + _, p, _ := ws.ReadMessage() + + var message TerminalMessage + + err = json.Unmarshal(p, &message) + + assert.NoError(t, err) + assert.Equal(t, message.Data, ReconnectMessage) + +} diff --git a/server/badge/badge.go b/server/badge/badge.go index a87ef1d2affb1..f9ed158addd6f 100644 --- a/server/badge/badge.go +++ b/server/badge/badge.go @@ -18,12 +18,12 @@ import ( "github.com/argoproj/argo-cd/v2/util/settings" ) -// NewHandler creates handler serving to do api/badge endpoint +//NewHandler creates handler serving to do api/badge endpoint func NewHandler(appClientset versioned.Interface, settingsMrg *settings.SettingsManager, namespace string) http.Handler { return &Handler{appClientset: appClientset, namespace: namespace, settingsMgr: settingsMrg} } -// Handler used to get application in order to access health/sync +//Handler used to get application in order to access health/sync type Handler struct { namespace string appClientset versioned.Interface @@ -62,8 +62,8 @@ func replaceFirstGroupSubMatch(re *regexp.Regexp, str string, repl string) strin return result + str[lastIndex:] } -// ServeHTTP returns badge with health and sync status for application -// (or an error badge if wrong query or application name is given) +//ServeHTTP returns badge with health and sync status for application +//(or an error badge if wrong query or application name is given) func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { health := healthutil.HealthStatusUnknown status := appv1.SyncStatusCodeUnknown diff --git a/server/deeplinks/deeplinks.go b/server/deeplinks/deeplinks.go index 301d9ad0b2fb0..254d7c8a62e08 100644 --- a/server/deeplinks/deeplinks.go +++ b/server/deeplinks/deeplinks.go @@ -7,13 +7,12 @@ import ( "github.com/Masterminds/sprig/v3" "github.com/antonmedv/expr" - "github.com/argoproj/gitops-engine/pkg/utils/kube" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/utils/pointer" - "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/settings" + "github.com/argoproj/gitops-engine/pkg/utils/kube" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/utils/pointer" ) var sprigFuncMap = sprig.GenericFuncMap() // a singleton for better performance @@ -28,7 +27,6 @@ func init() { const ( ResourceDeepLinkKey = "resource" AppDeepLinkKey = "application" - AppDeepLinkShortKey = "app" ClusterDeepLinkKey = "cluster" ProjectDeepLinkKey = "project" ) @@ -69,7 +67,6 @@ func CreateDeepLinksObject(resourceObj *unstructured.Unstructured, app *unstruct } if app != nil { deeplinkObj[AppDeepLinkKey] = app.Object - deeplinkObj[AppDeepLinkShortKey] = app.Object } if cluster != nil { deeplinkObj[ClusterDeepLinkKey] = cluster.Object diff --git a/server/deeplinks/deeplinks_test.go b/server/deeplinks/deeplinks_test.go index abebe691c29c1..51693fb69a5ec 100644 --- a/server/deeplinks/deeplinks_test.go +++ b/server/deeplinks/deeplinks_test.go @@ -5,16 +5,15 @@ import ( "strings" "testing" + "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/argoproj/argo-cd/v2/util/settings" "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/utils/pointer" - - "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - "github.com/argoproj/argo-cd/v2/util/settings" ) type deepLinkTC struct { @@ -84,22 +83,6 @@ func TestDeepLinks(t *testing.T) { }}, error: []string{}, }, - { - appObj: appObj, - resourceObj: resourceObj, - projectObj: projectObj, - clusterObj: clusterObj, - inputLinks: []settings.DeepLink{{ - Title: "link", - URL: "http://example.com/{{ .app.metadata.name }}&{{ .resource.data.key }}&{{ index .project.spec.sourceRepos 0}}&{{ .cluster.name }}", - Condition: pointer.String(`app.metadata.name == "test" && project.metadata.name == "test-project"`), - }}, - outputLinks: []*application.LinkInfo{{ - Title: pointer.String("link"), - Url: pointer.String("http://example.com/test&value1&test-repo.git&test-cluster"), - }}, - error: []string{}, - }, { appObj: appObj, resourceObj: resourceObj, diff --git a/server/extension/extension.go b/server/extension/extension.go index 472d9ba3d6e16..addf679091823 100644 --- a/server/extension/extension.go +++ b/server/extension/extension.go @@ -12,17 +12,16 @@ import ( "strings" "time" - "github.com/gorilla/mux" - log "github.com/sirupsen/logrus" - "sigs.k8s.io/yaml" - - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" applisters "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" "github.com/argoproj/argo-cd/v2/server/rbacpolicy" "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/security" "github.com/argoproj/argo-cd/v2/util/settings" + "github.com/gorilla/mux" + log "github.com/sirupsen/logrus" + "sigs.k8s.io/yaml" ) const ( @@ -180,10 +179,10 @@ type Header struct { } type ClusterConfig struct { - // Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set. + // Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API Server string `json:"server"` - // Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set. + // Name is an alternate way of specifying the target cluster by its symbolic name Name string `json:"name"` } diff --git a/server/logout/logout.go b/server/logout/logout.go index e49f815931596..e2bfa81f28bfb 100644 --- a/server/logout/logout.go +++ b/server/logout/logout.go @@ -19,7 +19,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/settings" ) -// NewHandler creates handler serving to do api/logout endpoint +//NewHandler creates handler serving to do api/logout endpoint func NewHandler(appClientset versioned.Interface, settingsMrg *settings.SettingsManager, sessionMgr *session.SessionManager, rootPath, baseHRef, namespace string) *Handler { return &Handler{ appClientset: appClientset, diff --git a/server/rbacpolicy/rbacpolicy.go b/server/rbacpolicy/rbacpolicy.go index 940f5bfe70844..6d039dcdd6246 100644 --- a/server/rbacpolicy/rbacpolicy.go +++ b/server/rbacpolicy/rbacpolicy.go @@ -3,7 +3,7 @@ package rbacpolicy import ( "strings" - "github.com/golang-jwt/jwt/v4" + jwt "github.com/golang-jwt/jwt/v4" log "github.com/sirupsen/logrus" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -154,7 +154,7 @@ func (p *RBACPolicyEnforcer) EnforceClaims(claims jwt.Claims, rvals ...interface } } } - logCtx := log.WithFields(log.Fields{"claims": claims, "rval": rvals, "subject": subject, "groups": groups, "project": projName, "scopes": scopes}) + logCtx := log.WithField("claims", claims).WithField("rval", rvals) logCtx.Debug("enforce failed") return false } diff --git a/server/server.go b/server/server.go index e7e3ffb351068..9580945ffb96e 100644 --- a/server/server.go +++ b/server/server.go @@ -2,6 +2,7 @@ package server import ( "context" + netCtx "context" "crypto/tls" "errors" "fmt" @@ -62,7 +63,6 @@ import ( "github.com/argoproj/argo-cd/v2/pkg/apiclient" accountpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/account" applicationpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" - applicationsetpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/applicationset" certificatepkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/certificate" clusterpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster" @@ -103,6 +103,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/assets" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" "github.com/argoproj/argo-cd/v2/util/db" + "github.com/argoproj/argo-cd/v2/util/dex" dexutil "github.com/argoproj/argo-cd/v2/util/dex" "github.com/argoproj/argo-cd/v2/util/env" errorsutil "github.com/argoproj/argo-cd/v2/util/errors" @@ -207,7 +208,7 @@ type ArgoCDServerOpts struct { MetricsHost string Namespace string DexServerAddr string - DexTLSConfig *dexutil.DexTLSConfig + DexTLSConfig *dex.DexTLSConfig BaseHRef string RootPath string KubeClientset kubernetes.Interface @@ -435,8 +436,8 @@ func (a *ArgoCDServer) Listen() (*Listeners, error) { var dOpts []grpc.DialOption dOpts = append(dOpts, grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(apiclient.MaxGRPCMessageSize))) dOpts = append(dOpts, grpc.WithUserAgent(fmt.Sprintf("%s/%s", common.ArgoCDUserAgentName, common.GetVersion().Version))) - dOpts = append(dOpts, grpc.WithUnaryInterceptor(otelgrpc.UnaryClientInterceptor())) - dOpts = append(dOpts, grpc.WithStreamInterceptor(otelgrpc.StreamClientInterceptor())) + dOpts = append(dOpts, grpc.WithUnaryInterceptor(grpc_util.OTELUnaryClientInterceptor())) + dOpts = append(dOpts, grpc.WithStreamInterceptor(grpc_util.OTELStreamClientInterceptor())) if a.useTLS() { // The following sets up the dial Options for grpc-gateway to talk to gRPC server over TLS. // grpc-gateway is just translating HTTP/HTTPS requests as gRPC requests over localhost, @@ -610,7 +611,7 @@ func (a *ArgoCDServer) watchSettings() { prevURL := a.settings.URL prevOIDCConfig := a.settings.OIDCConfig() - prevDexCfgBytes, err := dexutil.GenerateDexConfigYAML(a.settings, a.DexTLSConfig == nil || a.DexTLSConfig.DisableTLS) + prevDexCfgBytes, err := dex.GenerateDexConfigYAML(a.settings, a.DexTLSConfig == nil || a.DexTLSConfig.DisableTLS) errorsutil.CheckError(err) prevGitHubSecret := a.settings.WebhookGitHubSecret prevGitLabSecret := a.settings.WebhookGitLabSecret @@ -625,7 +626,7 @@ func (a *ArgoCDServer) watchSettings() { for { newSettings := <-updateCh a.settings = newSettings - newDexCfgBytes, err := dexutil.GenerateDexConfigYAML(a.settings, a.DexTLSConfig == nil || a.DexTLSConfig.DisableTLS) + newDexCfgBytes, err := dex.GenerateDexConfigYAML(a.settings, a.DexTLSConfig == nil || a.DexTLSConfig.DisableTLS) errorsutil.CheckError(err) if string(newDexCfgBytes) != string(prevDexCfgBytes) { log.Infof("dex config modified. restarting") @@ -743,7 +744,7 @@ func (a *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResourceTre grpc_prometheus.StreamServerInterceptor, grpc_auth.StreamServerInterceptor(a.Authenticate), grpc_util.UserAgentStreamServerInterceptor(common.ArgoCDUserAgentName, clientConstraint), - grpc_util.PayloadStreamServerInterceptor(a.log, true, func(ctx context.Context, fullMethodName string, servingObject interface{}) bool { + grpc_util.PayloadStreamServerInterceptor(a.log, true, func(ctx netCtx.Context, fullMethodName string, servingObject interface{}) bool { return !sensitiveMethods[fullMethodName] }), grpc_util.ErrorCodeK8sStreamServerInterceptor(), @@ -757,7 +758,7 @@ func (a *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResourceTre grpc_prometheus.UnaryServerInterceptor, grpc_auth.UnaryServerInterceptor(a.Authenticate), grpc_util.UserAgentUnaryServerInterceptor(common.ArgoCDUserAgentName, clientConstraint), - grpc_util.PayloadUnaryServerInterceptor(a.log, true, func(ctx context.Context, fullMethodName string, servingObject interface{}) bool { + grpc_util.PayloadUnaryServerInterceptor(a.log, true, func(ctx netCtx.Context, fullMethodName string, servingObject interface{}) bool { return !sensitiveMethods[fullMethodName] }), grpc_util.ErrorCodeK8sUnaryServerInterceptor(), @@ -975,7 +976,7 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int, grpcWebHandl } mux.Handle("/api/", handler) - terminal := application.NewHandler(a.appLister, a.Namespace, a.ApplicationNamespaces, a.db, a.enf, a.Cache, appResourceTreeFn, a.settings.ExecShells). + terminal := application.NewHandler(a.appLister, a.Namespace, a.ApplicationNamespaces, a.db, a.enf, a.Cache, appResourceTreeFn, a.settings.ExecShells, *a.sessionMgr). WithFeatureFlagMiddleware(a.settingsMgr.GetSettings) th := util_session.WithAuthMiddleware(a.DisableAuth, a.sessionMgr, terminal) mux.Handle("/terminal", th) @@ -988,6 +989,7 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int, grpcWebHandl // will be added in mux. registerExtensions(mux, a) } + mustRegisterGWHandler(versionpkg.RegisterVersionServiceHandler, ctx, gwmux, conn) mustRegisterGWHandler(clusterpkg.RegisterClusterServiceHandler, ctx, gwmux, conn) mustRegisterGWHandler(applicationpkg.RegisterApplicationServiceHandler, ctx, gwmux, conn) diff --git a/test/container/Dockerfile b/test/container/Dockerfile index 52e98524ea86e..71e54257f0e77 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -6,9 +6,9 @@ FROM docker.io/library/redis:7.0.11@sha256:f50031a49f41e493087fb95f96fdb3523bb25 RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version -FROM docker.io/library/node:20.4.0@sha256:b3ca7d32f0c12291df6e45a914d4ee60011a3fce4a978df5e609e356a4a2cb88 as node +FROM docker.io/library/node:20.3.1@sha256:2f0b0c15f97441defa812268ee943bbfaaf666ea6cf7cac62ee3f127906b35c6 as node -FROM docker.io/library/golang:1.21.0@sha256:ec457a2fcd235259273428a24e09900c496d0c52207266f96a330062a01e3622 as golang +FROM docker.io/library/golang:1.20.6@sha256:8e5a0067e6b387263a01d06b91ef1a983f90e9638564f6e25392fd2695f7ab6c as golang FROM docker.io/library/registry:2.8@sha256:41f413c22d6156587e2a51f3e80c09808b8c70e82be149b82b5e0196a88d49b4 as registry diff --git a/test/e2e/accounts_test.go b/test/e2e/accounts_test.go index 54eba790af2c5..f794dce7a56e9 100644 --- a/test/e2e/accounts_test.go +++ b/test/e2e/accounts_test.go @@ -14,6 +14,7 @@ import ( "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless" "github.com/argoproj/argo-cd/v2/pkg/apiclient/account" "github.com/argoproj/argo-cd/v2/pkg/apiclient/session" + "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" accountFixture "github.com/argoproj/argo-cd/v2/test/e2e/fixture/account" "github.com/argoproj/argo-cd/v2/util/io" @@ -76,7 +77,7 @@ func TestCanIGetLogsAllowSwitchOn(t *testing.T) { When(). Create(). Login(). - SetPermissions([]ACL{ + SetPermissions([]fixture.ACL{ { Resource: "logs", Action: "get", diff --git a/test/e2e/deployment_test.go b/test/e2e/deployment_test.go index 20e79c2aff56c..085ecee244ba2 100644 --- a/test/e2e/deployment_test.go +++ b/test/e2e/deployment_test.go @@ -1,22 +1,12 @@ package e2e import ( - "context" - "encoding/json" "fmt" - "os" "testing" - "time" "github.com/stretchr/testify/assert" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/tools/clientcmd" - "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/util/argo" - "github.com/argoproj/argo-cd/v2/util/clusterauth" "github.com/argoproj/gitops-engine/pkg/health" . "github.com/argoproj/gitops-engine/pkg/sync/common" @@ -118,304 +108,3 @@ func TestDeploymentWithoutTrackingMode(t *testing.T) { `, ctx.AppName())) }) } - -// This test verifies that Argo CD can: -// A) Deploy to a cluster where the URL of the cluster contains a query parameter: e.g. https://(kubernetes-url):443/?context=some-val -// and -// B) Multiple users can deploy to the same K8s cluster, using above mechanism (but with different Argo CD Cluster Secrets, and different ServiceAccounts) -func TestDeployToKubernetesAPIURLWithQueryParameter(t *testing.T) { - - // We test with both a cluster-scoped, and a non-cluster scoped, Argo CD Cluster Secret. - clusterScopedParam := []bool{false, true} - for _, clusterScoped := range clusterScopedParam { - - EnsureCleanState(t) - - // Simulate two users, each with their own Argo CD cluster secret that can only deploy to their Namespace - users := []string{E2ETestPrefix + "user1", E2ETestPrefix + "user2"} - - for _, username := range users { - createNamespaceScopedUser(t, username, clusterScoped) - - GivenWithSameState(t). - Name("e2e-test-app-"+username). - Path("deployment"). - When(). - CreateWithNoNameSpace("--dest-namespace", username). - Sync(). - Then(). - Expect(OperationPhaseIs(OperationSucceeded)). - Expect(SyncStatusIs(SyncStatusCodeSynced)). - Expect(HealthIs(health.HealthStatusHealthy)) - } - - } - -} - -// This test verifies that Argo CD can: -// When multiple Argo CD cluster secrets used to deploy to the same cluster (using query parameters), that the ServiceAccount RBAC -// fully enforces user boundary. -// Our simulated user's ServiceAccounts should not be able to deploy into a namespace that is outside that SA's RBAC. -func TestArgoCDSupportsMultipleServiceAccountsWithDifferingRBACOnSameCluster(t *testing.T) { - - // We test with both a cluster-scoped, and a non-cluster scoped, Argo CD Cluster Secret. - clusterScopedParam := []bool{ /*false,*/ true} - - for _, clusterScoped := range clusterScopedParam { - - EnsureCleanState(t) - - // Simulate two users, each with their own Argo CD cluster secret that can only deploy to their Namespace - users := []string{E2ETestPrefix + "user1", E2ETestPrefix + "user2"} - - for _, username := range users { - createNamespaceScopedUser(t, username, clusterScoped) - } - - for idx, username := range users { - - // we should use user-a's serviceaccount to deploy to user-b's namespace, and vice versa - // - If everything as working as expected, this should fail. - otherUser := users[(idx+1)%len(users)] - - // e.g. Attempt to deploy to user1's namespace, with user2's cluster Secret. This should fail, as user2's cluster Secret does not have the requisite permissions. - consequences := GivenWithSameState(t). - Name("e2e-test-app-"+username). - DestName(E2ETestPrefix+"cluster-"+otherUser). - Path("deployment"). - When(). - CreateWithNoNameSpace("--dest-namespace", username).IgnoreErrors(). - Sync().Then() - - // The error message differs based on whether the Argo CD Cluster Secret is namespace-scoped or cluster-scoped, but the idea is the same: - // - Even when deploying to the same cluster using 2 separate ServiceAccounts, the RBAC of those ServiceAccounts should continue to fully enforce RBAC boundaries. - - if !clusterScoped { - consequences.Expect(Condition(ApplicationConditionComparisonError, "Namespace \""+username+"\" for Deployment \"nginx-deployment\" is not managed")) - } else { - consequences.Expect(OperationMessageContains("User \"system:serviceaccount:" + otherUser + ":" + otherUser + "-serviceaccount\" cannot create resource \"deployments\" in API group \"apps\" in the namespace \"" + username + "\"")) - } - } - - } -} - -// generateReadOnlyClusterRoleandBindingForServiceAccount creates a ClusterRole/Binding that allows a ServiceAccount in a given namespace to read all resources on a cluster. -// - This allows the ServiceAccount to be used within a cluster-scoped Argo CD Cluster Secret -func generateReadOnlyClusterRoleandBindingForServiceAccount(roleSuffix string, serviceAccountNS string) (rbacv1.ClusterRole, rbacv1.ClusterRoleBinding) { - - clusterRole := rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Name: E2ETestPrefix + "read-all-" + roleSuffix, - }, - Rules: []rbacv1.PolicyRule{{ - Verbs: []string{"get", "list", "watch"}, - Resources: []string{"*"}, - APIGroups: []string{"*"}, - }}, - } - - clusterRoleBinding := rbacv1.ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{ - Name: E2ETestPrefix + "read-all-" + roleSuffix, - }, - Subjects: []rbacv1.Subject{{ - Kind: rbacv1.ServiceAccountKind, - Namespace: serviceAccountNS, - Name: roleSuffix + "-serviceaccount", - }}, - RoleRef: rbacv1.RoleRef{ - APIGroup: "rbac.authorization.k8s.io", - Kind: "ClusterRole", - Name: clusterRole.Name, - }, - } - - return clusterRole, clusterRoleBinding -} - -// buildArgoCDClusterSecret build (but does not create) an Argo CD Cluster Secret object with the given values -func buildArgoCDClusterSecret(secretName, secretNamespace, clusterName, clusterServer, clusterConfigJSON, clusterResources, clusterNamespaces string) corev1.Secret { - res := corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: secretName, - Namespace: secretNamespace, - Labels: map[string]string{ - common.LabelKeySecretType: common.LabelValueSecretTypeCluster, - }, - }, - Data: map[string][]byte{ - "name": ([]byte)(clusterName), - "server": ([]byte)(clusterServer), - "config": ([]byte)(string(clusterConfigJSON)), - }, - } - - if clusterResources != "" { - res.Data["clusterResources"] = ([]byte)(clusterResources) - } - - if clusterNamespaces != "" { - res.Data["namespaces"] = ([]byte)(clusterNamespaces) - } - - return res -} - -// createNamespaceScopedUser -// - username = name of Namespace the simulated user is able to deploy to -// - clusterScopedSecrets = whether the Service Account is namespace-scoped or cluster-scoped. -func createNamespaceScopedUser(t *testing.T, username string, clusterScopedSecrets bool) { - - // Create a new Namespace for our simulated user - ns := corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ - Name: username, - }, - } - _, err := KubeClientset.CoreV1().Namespaces().Create(context.Background(), &ns, metav1.CreateOptions{}) - assert.Nil(t, err) - - // Create a ServiceAccount in that Namespace, which will be used for the Argo CD Cluster SEcret - serviceAccountName := username + "-serviceaccount" - err = clusterauth.CreateServiceAccount(KubeClientset, serviceAccountName, ns.Name) - assert.Nil(t, err) - - // Create a Role that allows the ServiceAccount to read/write all within the Namespace - role := rbacv1.Role{ - ObjectMeta: metav1.ObjectMeta{ - Name: E2ETestPrefix + "allow-all", - Namespace: ns.Name, - }, - Rules: []rbacv1.PolicyRule{{ - Verbs: []string{"*"}, - Resources: []string{"*"}, - APIGroups: []string{"*"}, - }}, - } - _, err = KubeClientset.RbacV1().Roles(role.Namespace).Create(context.Background(), &role, metav1.CreateOptions{}) - assert.Nil(t, err) - - // Bind the Role with the ServiceAccount in the Namespace - roleBinding := rbacv1.RoleBinding{ - ObjectMeta: metav1.ObjectMeta{ - Name: E2ETestPrefix + "allow-all-binding", - Namespace: ns.Name, - }, - Subjects: []rbacv1.Subject{{ - Kind: rbacv1.ServiceAccountKind, - Name: serviceAccountName, - Namespace: ns.Name, - }}, - RoleRef: rbacv1.RoleRef{ - APIGroup: "rbac.authorization.k8s.io", - Kind: "Role", - Name: role.Name, - }, - } - _, err = KubeClientset.RbacV1().RoleBindings(roleBinding.Namespace).Create(context.Background(), &roleBinding, metav1.CreateOptions{}) - assert.Nil(t, err) - - // Retrieve the bearer token from the ServiceAccount - token, err := clusterauth.GetServiceAccountBearerToken(KubeClientset, ns.Name, serviceAccountName, time.Second*60) - assert.Nil(t, err) - assert.NotEmpty(t, token) - - // In order to test a cluster-scoped Argo CD Cluster Secret, we may optionally grant the ServiceAccount read-all permissions at cluster scope. - if clusterScopedSecrets { - clusterRole, clusterRoleBinding := generateReadOnlyClusterRoleandBindingForServiceAccount(username, username) - - _, err := KubeClientset.RbacV1().ClusterRoles().Create(context.Background(), &clusterRole, metav1.CreateOptions{}) - assert.Nil(t, err) - - _, err = KubeClientset.RbacV1().ClusterRoleBindings().Create(context.Background(), &clusterRoleBinding, metav1.CreateOptions{}) - assert.Nil(t, err) - - } - - // Build the Argo CD Cluster Secret by using the service account token, and extracting needed values from kube config - clusterSecretConfigJSON := ClusterConfig{ - BearerToken: token, - TLSClientConfig: TLSClientConfig{ - Insecure: true, - }, - } - - jsonStringBytes, err := json.Marshal(clusterSecretConfigJSON) - assert.Nil(t, err) - - _, apiURL, err := extractKubeConfigValues() - assert.Nil(t, err) - - clusterResourcesField := "" - namespacesField := "" - - if !clusterScopedSecrets { - clusterResourcesField = "false" - namespacesField = ns.Name - } - - // We create an Argo CD cluster Secret declaratively, using the K8s client, rather than via CLI, as the CLI doesn't currently - // support Kubernetes API server URLs with query parameters. - - secret := buildArgoCDClusterSecret("test-"+username, ArgoCDNamespace, E2ETestPrefix+"cluster-"+username, apiURL+"?user="+username, - string(jsonStringBytes), clusterResourcesField, namespacesField) - - // Finally, create the Cluster secret in the Argo CD E2E namespace - _, err = KubeClientset.CoreV1().Secrets(secret.Namespace).Create(context.Background(), &secret, metav1.CreateOptions{}) - assert.Nil(t, err) -} - -// extractKubeConfigValues returns contents of the local environment's kubeconfig, using standard path resolution mechanism. -// Returns: -// - contents of kubeconfig -// - server name (within the kubeconfig) -// - error -func extractKubeConfigValues() (string, string, error) { - - loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() - - config, err := loadingRules.Load() - if err != nil { - return "", "", err - } - - context, ok := config.Contexts[config.CurrentContext] - if !ok || context == nil { - return "", "", fmt.Errorf("no context") - } - - cluster, ok := config.Clusters[context.Cluster] - if !ok || cluster == nil { - return "", "", fmt.Errorf("no cluster") - } - - var kubeConfigDefault string - - paths := loadingRules.Precedence - { - - // For all the kubeconfig paths, look for one that exists - for _, path := range paths { - _, err = os.Stat(path) - if err == nil { - // Success - kubeConfigDefault = path - break - } // Otherwise, continue. - - } - - if kubeConfigDefault == "" { - return "", "", fmt.Errorf("unable to retrieve kube config path") - } - } - - kubeConfigContents, err := os.ReadFile(kubeConfigDefault) - if err != nil { - return "", "", err - } - - return string(kubeConfigContents), cluster.Server, nil -} diff --git a/test/e2e/fixture/app/actions.go b/test/e2e/fixture/app/actions.go index f4fd167db1024..5a2ca2748885a 100644 --- a/test/e2e/fixture/app/actions.go +++ b/test/e2e/fixture/app/actions.go @@ -366,10 +366,6 @@ func (a *Actions) Sync(args ...string) *Actions { args = append(args, "--force") } - if a.context.applyOutOfSyncOnly { - args = append(args, "--apply-out-of-sync-only") - } - if a.context.replace { args = append(args, "--replace") } diff --git a/test/e2e/fixture/app/context.go b/test/e2e/fixture/app/context.go index aa961f30d15fa..d653b6a0280ca 100644 --- a/test/e2e/fixture/app/context.go +++ b/test/e2e/fixture/app/context.go @@ -38,7 +38,6 @@ type Context struct { project string revision string force bool - applyOutOfSyncOnly bool directoryRecurse bool replace bool helmPassCredentials bool @@ -342,11 +341,6 @@ func (c *Context) Force() *Context { return c } -func (c *Context) ApplyOutOfSyncOnly() *Context { - c.applyOutOfSyncOnly = true - return c -} - func (c *Context) HelmPassCredentials() *Context { c.helmPassCredentials = true return c diff --git a/test/e2e/fixture/cluster/actions.go b/test/e2e/fixture/cluster/actions.go index 0613c9a22cf15..3f047e8f9b03e 100644 --- a/test/e2e/fixture/cluster/actions.go +++ b/test/e2e/fixture/cluster/actions.go @@ -45,10 +45,10 @@ func (a *Actions) Create(args ...string) *Actions { Cluster: &v1alpha1.Cluster{ Server: a.context.server, Name: a.context.name, - Config: v1alpha1.ClusterConfig{BearerToken: a.context.bearerToken}, + Config: v1alpha1.ClusterConfig{}, ConnectionState: v1alpha1.ConnectionState{}, ServerVersion: "", - Namespaces: a.context.namespaces, + Namespaces: nil, RefreshRequestedAt: nil, Info: v1alpha1.ClusterInfo{}, Shard: nil, diff --git a/test/e2e/fixture/cluster/context.go b/test/e2e/fixture/cluster/context.go index bd0102f891d71..236be6a3a3913 100644 --- a/test/e2e/fixture/cluster/context.go +++ b/test/e2e/fixture/cluster/context.go @@ -12,13 +12,12 @@ import ( type Context struct { t *testing.T // seconds - timeout int - name string - project string - server string - upsert bool - namespaces []string - bearerToken string + timeout int + name string + project string + server string + upsert bool + namespaces []string } func Given(t *testing.T) *Context { @@ -68,11 +67,6 @@ func (c *Context) Project(project string) *Context { return c } -func (c *Context) BearerToken(bearerToken string) *Context { - c.bearerToken = bearerToken - return c -} - func (c *Context) Upsert(upsert bool) *Context { c.upsert = upsert return c diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go index d8d91f09436b0..095b3e2f116be 100644 --- a/test/e2e/fixture/fixture.go +++ b/test/e2e/fixture/fixture.go @@ -58,8 +58,6 @@ const ( // cmp plugin sock file path PluginSockFilePath = "/app/config/plugin" - - E2ETestPrefix = "e2e-test-" ) const ( @@ -668,33 +666,6 @@ func EnsureCleanState(t *testing.T, opts ...TestOption) { FailOnErr(Run("", "kubectl", "create", "ns", DeploymentNamespace())) FailOnErr(Run("", "kubectl", "label", "ns", DeploymentNamespace(), TestingLabel+"=true")) - // delete old namespaces used by E2E tests - namespaces, err := KubeClientset.CoreV1().Namespaces().List(context.Background(), v1.ListOptions{}) - CheckError(err) - for _, namespace := range namespaces.Items { - if strings.HasPrefix(namespace.Name, E2ETestPrefix) { - FailOnErr(Run("", "kubectl", "delete", "ns", namespace.Name)) - } - } - - // delete old ClusterRoles that begin with "e2e-test-" prefix (E2ETestPrefix), which were created by tests - clusterRoles, err := KubeClientset.RbacV1().ClusterRoles().List(context.Background(), v1.ListOptions{}) - CheckError(err) - for _, clusterRole := range clusterRoles.Items { - if strings.HasPrefix(clusterRole.Name, E2ETestPrefix) { - FailOnErr(Run("", "kubectl", "delete", "clusterrole", clusterRole.Name)) - } - } - - // delete old ClusterRoleBindings that begin with "e2e-test-prefix", which were created by E2E tests - clusterRoleBindings, err := KubeClientset.RbacV1().ClusterRoleBindings().List(context.Background(), v1.ListOptions{}) - CheckError(err) - for _, clusterRoleBinding := range clusterRoleBindings.Items { - if strings.HasPrefix(clusterRoleBinding.Name, E2ETestPrefix) { - FailOnErr(Run("", "kubectl", "delete", "clusterrolebinding", clusterRoleBinding.Name)) - } - } - log.WithFields(log.Fields{"duration": time.Since(start), "name": t.Name(), "id": id, "username": "admin", "password": "password"}).Info("clean state") } diff --git a/test/e2e/helm_test.go b/test/e2e/helm_test.go index 5fd774ea0c46d..2aed6a6973b8f 100644 --- a/test/e2e/helm_test.go +++ b/test/e2e/helm_test.go @@ -20,7 +20,6 @@ import ( "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" - projectFixture "github.com/argoproj/argo-cd/v2/test/e2e/fixture/project" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/repos" . "github.com/argoproj/argo-cd/v2/util/errors" "github.com/argoproj/argo-cd/v2/util/settings" @@ -401,45 +400,6 @@ func TestHelmWithMultipleDependencies(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)) } -func TestHelmDependenciesPermissionDenied(t *testing.T) { - SkipOnEnv(t, "HELM") - - projName := "argo-helm-project-denied" - projectFixture. - Given(t). - Name(projName). - Destination("*,*"). - When(). - Create(). - AddSource(RepoURL(RepoURLTypeFile)) - - expectedErr := fmt.Sprintf("helm repos localhost:5000/myrepo are not permitted in project '%s'", projName) - GivenWithSameState(t). - Project(projName). - Path("helm-oci-with-dependencies"). - CustomCACertAdded(). - HelmHTTPSCredentialsUserPassAdded(). - HelmPassCredentials(). - When(). - IgnoreErrors(). - CreateApp(). - Then(). - Expect(Error("", expectedErr)) - - expectedErr = fmt.Sprintf("helm repos https://localhost:9443/argo-e2e/testdata.git/helm-repo/local, https://localhost:9443/argo-e2e/testdata.git/helm-repo/local2 are not permitted in project '%s'", projName) - GivenWithSameState(t). - Project(projName). - Path("helm-with-multiple-dependencies-permission-denied"). - CustomCACertAdded(). - HelmHTTPSCredentialsUserPassAdded(). - HelmPassCredentials(). - When(). - IgnoreErrors(). - CreateApp(). - Then(). - Expect(Error("", expectedErr)) -} - func TestHelmWithDependenciesLegacyRepo(t *testing.T) { SkipOnEnv(t, "HELM") testHelmWithDependencies(t, "helm-with-dependencies", true) diff --git a/test/e2e/jsonnet_test.go b/test/e2e/jsonnet_test.go index cad88f34a0048..7cc50d2bccab5 100644 --- a/test/e2e/jsonnet_test.go +++ b/test/e2e/jsonnet_test.go @@ -102,7 +102,7 @@ func TestJsonnetExtVarEnv(t *testing.T) { }) } -// Jsonnet file located in nested sub directory uses import +//Jsonnet file located in nested sub directory uses import func TestJsonnetNestedDirWithImports(t *testing.T) { Given(t). Path("jsonnet-nested-dir-with-imports/apps"). diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile index d4d49adc0d746..af807e25de5d1 100644 --- a/test/e2e/multiarch-container/Dockerfile +++ b/test/e2e/multiarch-container/Dockerfile @@ -1,2 +1,2 @@ -FROM docker.io/library/busybox@sha256:2376a0c12759aa1214ba83e771ff252c7b1663216b192fbe5e0fb364e952f85c +FROM docker.io/library/busybox@sha256:6e494387c901caf429c1bf77bd92fb82b33a68c0e19f6d1aa6a3ac8d27a7049d CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null" diff --git a/test/e2e/notification_test.go b/test/e2e/notification_test.go index 363cb87454a0f..ce18f793a9afa 100644 --- a/test/e2e/notification_test.go +++ b/test/e2e/notification_test.go @@ -15,7 +15,7 @@ func TestNotificationsListServices(t *testing.T) { SetParamInNotificationConfigMap("service.webhook.test", "url: https://test.com"). Then().Services(func(services *notification.ServiceList, err error) { assert.Nil(t, err) - assert.Equal(t, []*notification.Service{{Name: pointer.String("test")}}, services.Items) + assert.Equal(t, []*notification.Service{¬ification.Service{Name: pointer.String("test")}}, services.Items) }) } @@ -25,7 +25,7 @@ func TestNotificationsListTemplates(t *testing.T) { SetParamInNotificationConfigMap("template.app-created", "email:\n subject: Application {{.app.metadata.name}} has been created.\nmessage: Application {{.app.metadata.name}} has been created.\nteams:\n title: Application {{.app.metadata.name}} has been created.\n"). Then().Templates(func(templates *notification.TemplateList, err error) { assert.Nil(t, err) - assert.Equal(t, []*notification.Template{{Name: pointer.String("app-created")}}, templates.Items) + assert.Equal(t, []*notification.Template{¬ification.Template{Name: pointer.String("app-created")}}, templates.Items) }) } @@ -35,6 +35,6 @@ func TestNotificationsListTriggers(t *testing.T) { SetParamInNotificationConfigMap("trigger.on-created", "- description: Application is created.\n oncePer: app.metadata.name\n send:\n - app-created\n when: \"true\"\n"). Then().Triggers(func(triggers *notification.TriggerList, err error) { assert.Nil(t, err) - assert.Equal(t, []*notification.Trigger{{Name: pointer.String("on-created")}}, triggers.Items) + assert.Equal(t, []*notification.Trigger{¬ification.Trigger{Name: pointer.String("on-created")}}, triggers.Items) }) } diff --git a/test/e2e/selective_sync_test.go b/test/e2e/selective_sync_test.go index 491914be55184..1738264c509fc 100644 --- a/test/e2e/selective_sync_test.go +++ b/test/e2e/selective_sync_test.go @@ -80,7 +80,7 @@ func TestSelectiveSyncWithoutNamespace(t *testing.T) { Expect(ResourceSyncStatusWithNamespaceIs("Deployment", "guestbook-ui", fixture.DeploymentNamespace(), SyncStatusCodeSynced)) } -// In selectedResource to sync, namespace is provided +//In selectedResource to sync, namespace is provided func TestSelectiveSyncWithNamespace(t *testing.T) { selectedResourceNamespace := getNewNamespace(t) defer func() { diff --git a/test/e2e/sync_options_test.go b/test/e2e/sync_options_test.go index 3eb7140787097..657c8b117705b 100644 --- a/test/e2e/sync_options_test.go +++ b/test/e2e/sync_options_test.go @@ -80,29 +80,6 @@ func TestSyncWithStatusIgnored(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)) } -func TestSyncWithApplyOutOfSyncOnly(t *testing.T) { - var ns string - Given(t). - Path(guestbookPath). - ApplyOutOfSyncOnly(). - When(). - CreateFromFile(func(app *Application) { - ns = app.Spec.Destination.Namespace - }). - Then(). - Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). - When(). - Sync(). - Then(). - When(). - PatchFile("guestbook-ui-deployment.yaml", `[{ "op": "replace", "path": "/spec/replicas", "value": 1 }]`). - Sync(). - Then(). - // Only one resource should be in sync result - Expect(ResourceResultNumbering(1)). - Expect(ResourceResultIs(ResourceResult{Group: "apps", Version: "v1", Kind: "Deployment", Namespace: ns, Name: "guestbook-ui", Message: "deployment.apps/guestbook-ui configured", SyncPhase: SyncPhaseSync, HookPhase: OperationRunning, Status: ResultCodeSynced})) -} - func TestSyncWithSkipHook(t *testing.T) { fixture.SkipOnEnv(t, "OPENSHIFT") Given(t). diff --git a/test/e2e/testdata/helm-with-multiple-dependencies-permission-denied/Chart.yaml b/test/e2e/testdata/helm-with-multiple-dependencies-permission-denied/Chart.yaml deleted file mode 100644 index 72f36221ea482..0000000000000 --- a/test/e2e/testdata/helm-with-multiple-dependencies-permission-denied/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -name: helm-with-multiple-dependencies-permission-denied -version: v1.0.0 -dependencies: - - name: helm - repository: "https://localhost:9443/argo-e2e/testdata.git/helm-repo/local" - version: v1.0.0 - - name: helm - repository: "https://localhost:9443/argo-e2e/testdata.git/helm-repo/local2" - version: v1.0.0 - alias: helm2 \ No newline at end of file diff --git a/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml b/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml index f7f144d20e123..fc1982761746c 100644 --- a/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml +++ b/test/e2e/testdata/helm-with-multiple-dependencies/Chart.yaml @@ -1,11 +1,7 @@ apiVersion: v2 -name: helm-with-multiple-dependencies +name: helm-with-dependencies version: v1.0.0 dependencies: - name: helm repository: "https://localhost:9444/argo-e2e/testdata.git/helm-repo/local" version: v1.0.0 - - name: helm - repository: "https://localhost:9444/argo-e2e/testdata.git/helm-repo/local2" - version: v1.0.0 - alias: helm2 \ No newline at end of file diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index 674c940a4a844..9851825b58264 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04 -FROM docker.io/library/golang:1.21.0@sha256:ec457a2fcd235259273428a24e09900c496d0c52207266f96a330062a01e3622 AS go +FROM docker.io/library/golang:1.20.6@sha256:8e5a0067e6b387263a01d06b91ef1a983f90e9638564f6e25392fd2695f7ab6c AS go RUN go install github.com/mattn/goreman@latest && \ go install github.com/kisielk/godepgraph@latest diff --git a/ui-test/Dockerfile b/ui-test/Dockerfile index 9dae33e7255e1..e3ed314621d5c 100644 --- a/ui-test/Dockerfile +++ b/ui-test/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/node:20.5.0@sha256:32ec50b65ac9572eda92baa6004a04dbbfc8021ea806fa62d37336183cad04e6 as node +FROM docker.io/library/node:20.3.1@sha256:2f0b0c15f97441defa812268ee943bbfaaf666ea6cf7cac62ee3f127906b35c6 AS node RUN apt-get update && apt-get install --no-install-recommends -y \ software-properties-common diff --git a/ui/.nvmrc b/ui/.nvmrc index a79492b06865b..04f4e7ab35f38 100644 --- a/ui/.nvmrc +++ b/ui/.nvmrc @@ -1 +1 @@ -v20.4.0 +v20.3.1 diff --git a/ui/embed.go b/ui/embed.go index 8f9c2774fbbca..665621a9c12fd 100644 --- a/ui/embed.go +++ b/ui/embed.go @@ -3,6 +3,5 @@ package ui import "embed" // Embedded contains embedded UI resources -// //go:embed dist/app var Embedded embed.FS diff --git a/ui/package.json b/ui/package.json index 5321920ef8e33..f5ee923577927 100644 --- a/ui/package.json +++ b/ui/package.json @@ -77,7 +77,7 @@ "@types/js-yaml": "^3.11.2", "@types/lodash-es": "^4.17.6", "@types/minimatch": "^3.0.3", - "@types/node": "20.4.0", + "@types/node": "20.3.1", "@types/prop-types": "^15.7.5", "@types/react": "^16.8.5", "@types/react-autocomplete": "^1.8.4", @@ -92,7 +92,7 @@ "add": "^2.0.6", "babel-jest": "^26.6.3", "babel-loader": "^8.0.6", - "codecov": "^3.8.3", + "codecov": "^3.7.2", "copy-webpack-plugin": "^6.1.1", "esbuild-loader": "^2.18.0", "html-webpack-plugin": "^5.5.0", diff --git a/ui/src/app/applications/components/pod-logs-viewer/fullscreen-button.tsx b/ui/src/app/applications/components/pod-logs-viewer/fullscreen-button.tsx index 30d37c96c506c..654ec669b9093 100644 --- a/ui/src/app/applications/components/pod-logs-viewer/fullscreen-button.tsx +++ b/ui/src/app/applications/components/pod-logs-viewer/fullscreen-button.tsx @@ -18,7 +18,7 @@ export const FullscreenButton = ({ `/applications/${applicationNamespace}/${applicationName}/${namespace}/${containerName}/logs?` + `podName=${podName}&group=${group}&kind=${kind}&name=${name}`; return ( !fullscreen && ( - +