From 9cf272a2257c7c3826e06c20458b15ceb3352807 Mon Sep 17 00:00:00 2001
From: Matthias Wessendorf <mwessend@redhat.com>
Date: Tue, 25 Jun 2024 17:03:06 +0200
Subject: [PATCH 1/8] Event Type API: updated test name to avoid confusion
 (#8030)

:broom: Updated test name and adding explicit expectation of nil reference for changed defaulting

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>
---
 pkg/apis/eventing/v1beta2/eventtype_defaults_test.go | 9 +++++----
 pkg/apis/eventing/v1beta3/eventtype_defaults_test.go | 3 ++-
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/pkg/apis/eventing/v1beta2/eventtype_defaults_test.go b/pkg/apis/eventing/v1beta2/eventtype_defaults_test.go
index 5909350f688..1337884b095 100644
--- a/pkg/apis/eventing/v1beta2/eventtype_defaults_test.go
+++ b/pkg/apis/eventing/v1beta2/eventtype_defaults_test.go
@@ -40,7 +40,7 @@ func TestEventTypeDefaults(t *testing.T) {
 				Spec: EventTypeSpec{},
 			},
 		},
-		"broker empty": {
+		"default broker reference": {
 			initial: EventType{
 				Spec: EventTypeSpec{
 					Type:   "test-type",
@@ -76,9 +76,10 @@ func TestEventTypeDefaults(t *testing.T) {
 			},
 			expected: EventType{
 				Spec: EventTypeSpec{
-					Type:   "test-type",
-					Source: testSource,
-					Schema: testSchema,
+					Reference: nil,
+					Type:      "test-type",
+					Source:    testSource,
+					Schema:    testSchema,
 				},
 			},
 		},
diff --git a/pkg/apis/eventing/v1beta3/eventtype_defaults_test.go b/pkg/apis/eventing/v1beta3/eventtype_defaults_test.go
index 29f6c8adb34..4f4d41aaa79 100644
--- a/pkg/apis/eventing/v1beta3/eventtype_defaults_test.go
+++ b/pkg/apis/eventing/v1beta3/eventtype_defaults_test.go
@@ -40,7 +40,7 @@ func TestEventTypeDefaults(t *testing.T) {
 				Spec: EventTypeSpec{},
 			},
 		},
-		"broker empty": {
+		"default broker reference": {
 			initial: EventType{
 				Spec: EventTypeSpec{
 					Reference: &duckv1.KReference{
@@ -115,6 +115,7 @@ func TestEventTypeDefaults(t *testing.T) {
 			},
 			expected: EventType{
 				Spec: EventTypeSpec{
+					Reference: nil,
 					Attributes: []EventAttributeDefinition{
 						{
 							Value:    "test-type",

From 0f71292d9887001caef68ce9fdd886596d4df276 Mon Sep 17 00:00:00 2001
From: Knative Automation <automation@knative.team>
Date: Tue, 25 Jun 2024 12:38:58 -0400
Subject: [PATCH 2/8] [main] Upgrade to latest dependencies (#8029)

upgrade to latest dependencies

bumping knative.dev/pkg fc0720b...8535fcc:
  > 8535fcc gofumpt the repo (# 3067)

Signed-off-by: Knative Automation <automation@knative.team>
---
 go.mod                                        |  2 +-
 go.sum                                        |  4 +--
 vendor/knative.dev/pkg/apis/condition_set.go  |  3 +--
 vendor/knative.dev/pkg/apis/convert.go        |  2 --
 .../pkg/apis/duck/v1/addressable_types.go     |  6 ++---
 .../pkg/apis/duck/v1/kresource_type.go        |  2 +-
 .../pkg/apis/duck/v1/source_types.go          |  2 +-
 .../pkg/apis/duck/v1beta1/destination.go      |  1 +
 .../pkg/apis/duck/v1beta1/source_types.go     |  2 +-
 .../pkg/apis/duck/v1beta1/status_types.go     |  2 +-
 vendor/knative.dev/pkg/apis/duck/verify.go    |  6 +++--
 .../pkg/apis/testing/roundtrip/roundtrip.go   |  2 --
 vendor/knative.dev/pkg/configmap/example.go   |  6 ++---
 .../pkg/configmap/hash-gen/main.go            |  2 +-
 vendor/knative.dev/pkg/configmap/store.go     |  4 +--
 .../knative.dev/pkg/controller/controller.go  | 14 +++++------
 .../pkg/controller/stats_reporter.go          |  1 -
 .../pkg/environment/client_config.go          |  1 -
 .../pkg/injection/sharedmain/main.go          |  5 ++--
 .../knative.dev/pkg/leaderelection/context.go |  3 ++-
 vendor/knative.dev/pkg/logging/config.go      |  3 ++-
 vendor/knative.dev/pkg/metrics/config.go      |  8 +++---
 vendor/knative.dev/pkg/metrics/exporter.go    |  3 +--
 vendor/knative.dev/pkg/metrics/metrics.go     |  4 +--
 .../pkg/metrics/metricstest/metricstest.go    |  1 -
 .../metrics/metricstest/resource_metrics.go   |  3 ++-
 .../pkg/metrics/prometheus_exporter.go        |  2 +-
 .../knative.dev/pkg/metrics/resource_view.go  | 25 ++++++++++++-------
 vendor/knative.dev/pkg/network/h2c.go         |  2 +-
 vendor/knative.dev/pkg/profiling/server.go    |  2 +-
 .../pkg/reconciler/testing/table.go           |  3 ++-
 vendor/knative.dev/pkg/test/clients.go        |  3 ++-
 vendor/knative.dev/pkg/test/e2e_flags.go      | 10 +++-----
 vendor/knative.dev/pkg/test/helpers/dir.go    |  2 +-
 vendor/knative.dev/pkg/test/request.go        | 11 ++++----
 vendor/knative.dev/pkg/test/spoof/spoof.go    | 13 ++++++----
 .../knative.dev/pkg/test/upgrade/functions.go |  3 ++-
 .../pkg/test/upgrade/shell/executor.go        |  2 +-
 vendor/knative.dev/pkg/tracker/interface.go   |  1 -
 vendor/knative.dev/pkg/webhook/admission.go   |  2 +-
 .../pkg/webhook/certificates/certificates.go  |  6 +++--
 .../pkg/webhook/certificates/controller.go    |  1 -
 .../webhook/certificates/resources/certs.go   |  4 +--
 .../pkg/webhook/configmaps/configmaps.go      | 10 +++++---
 .../pkg/webhook/configmaps/controller.go      |  1 -
 vendor/knative.dev/pkg/webhook/conversion.go  |  2 +-
 vendor/knative.dev/pkg/webhook/helper.go      |  8 +++---
 vendor/knative.dev/pkg/webhook/json/decode.go |  2 +-
 .../pkg/webhook/psbinding/controller.go       |  1 -
 .../pkg/webhook/psbinding/psbinding.go        | 17 ++++++++-----
 .../pkg/webhook/psbinding/reconciler.go       |  7 +++---
 .../conversion/controller.go                  |  1 -
 .../conversion/conversion.go                  |  1 -
 .../conversion/reconciler.go                  |  8 +++---
 .../defaulting/controller.go                  |  1 -
 .../defaulting/defaulting.go                  | 10 +++++---
 .../validation/controller.go                  |  2 --
 .../validation/reconcile_config.go            | 10 +++++---
 .../validation/validation_admit.go            |  4 +--
 .../knative.dev/pkg/webhook/stats_reporter.go |  6 +++--
 vendor/knative.dev/pkg/webhook/webhook.go     |  5 ++--
 vendor/modules.txt                            |  2 +-
 62 files changed, 144 insertions(+), 138 deletions(-)

diff --git a/go.mod b/go.mod
index cb120e2b7d9..bacba25645b 100644
--- a/go.mod
+++ b/go.mod
@@ -45,7 +45,7 @@ require (
 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e
 	knative.dev/hack v0.0.0-20240607132042-09143140a254
 	knative.dev/hack/schema v0.0.0-20240607132042-09143140a254
-	knative.dev/pkg v0.0.0-20240621201938-fc0720b7a660
+	knative.dev/pkg v0.0.0-20240625072707-8535fcc248ae
 	knative.dev/reconciler-test v0.0.0-20240618170853-5bf0b86114f8
 	sigs.k8s.io/yaml v1.4.0
 )
diff --git a/go.sum b/go.sum
index 1ecc68ca0a6..84bda4c9d2b 100644
--- a/go.sum
+++ b/go.sum
@@ -842,8 +842,8 @@ knative.dev/hack v0.0.0-20240607132042-09143140a254 h1:1YFnu3U6dWZg0oxm6GU8kEdA9
 knative.dev/hack v0.0.0-20240607132042-09143140a254/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/hack/schema v0.0.0-20240607132042-09143140a254 h1:b9hFHGtxx0Kpm4EEjSD72lL0jms91To3OEVBTbqfOYI=
 knative.dev/hack/schema v0.0.0-20240607132042-09143140a254/go.mod h1:3pWwBLnTZSM9psSgCAvhKOHIPTzqfEMlWRpDu6IYhK0=
-knative.dev/pkg v0.0.0-20240621201938-fc0720b7a660 h1:SYPUGNPA/egS+u6oa6q1kN3Ec+z+we/hPrWie7qhLUg=
-knative.dev/pkg v0.0.0-20240621201938-fc0720b7a660/go.mod h1:Wikg4u73T6vk9TctrxZt60VXzqmGEQIx0iKfk1+9o4c=
+knative.dev/pkg v0.0.0-20240625072707-8535fcc248ae h1:unXplcQLqwO+QtSepyRI2zy4ZD/tciPro9Y4uVG6n6g=
+knative.dev/pkg v0.0.0-20240625072707-8535fcc248ae/go.mod h1:Wikg4u73T6vk9TctrxZt60VXzqmGEQIx0iKfk1+9o4c=
 knative.dev/reconciler-test v0.0.0-20240618170853-5bf0b86114f8 h1:A+rsitEiTX3GudM51g7zUMza+Ripj+boncmlJ2jZp50=
 knative.dev/reconciler-test v0.0.0-20240618170853-5bf0b86114f8/go.mod h1:2uUx3U6kdIzgJgMGgrGmdDdcFrFiex/DjuI2gM7Tte8=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/vendor/knative.dev/pkg/apis/condition_set.go b/vendor/knative.dev/pkg/apis/condition_set.go
index 1b110475ffd..9ad14902e78 100644
--- a/vendor/knative.dev/pkg/apis/condition_set.go
+++ b/vendor/knative.dev/pkg/apis/condition_set.go
@@ -17,12 +17,11 @@ limitations under the License.
 package apis
 
 import (
+	"fmt"
 	"reflect"
 	"sort"
 	"time"
 
-	"fmt"
-
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
diff --git a/vendor/knative.dev/pkg/apis/convert.go b/vendor/knative.dev/pkg/apis/convert.go
index d6a28a0727f..72e9b676184 100644
--- a/vendor/knative.dev/pkg/apis/convert.go
+++ b/vendor/knative.dev/pkg/apis/convert.go
@@ -24,7 +24,6 @@ func ConvertToViaProxy(
 	ctx context.Context,
 	source, proxy, sink Convertible,
 ) error {
-
 	if err := source.ConvertTo(ctx, proxy); err != nil {
 		return err
 	}
@@ -38,7 +37,6 @@ func ConvertFromViaProxy(
 	ctx context.Context,
 	source, proxy, sink Convertible,
 ) error {
-
 	if err := proxy.ConvertFrom(ctx, source); err != nil {
 		return err
 	}
diff --git a/vendor/knative.dev/pkg/apis/duck/v1/addressable_types.go b/vendor/knative.dev/pkg/apis/duck/v1/addressable_types.go
index a855c38571c..3877683c301 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1/addressable_types.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/addressable_types.go
@@ -54,10 +54,8 @@ type Addressable struct {
 	Audience *string `json:"audience,omitempty"`
 }
 
-var (
-	// Addressable is a Convertible type.
-	_ apis.Convertible = (*Addressable)(nil)
-)
+// Addressable is a Convertible type.
+var _ apis.Convertible = (*Addressable)(nil)
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
diff --git a/vendor/knative.dev/pkg/apis/duck/v1/kresource_type.go b/vendor/knative.dev/pkg/apis/duck/v1/kresource_type.go
index 1f6ee8264e0..9229ba93069 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1/kresource_type.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/kresource_type.go
@@ -68,7 +68,7 @@ func (t *KResource) Populate() {
 		// Populate ALL fields
 		Type:               "Birthday",
 		Status:             corev1.ConditionTrue,
-		LastTransitionTime: apis.VolatileTime{Inner: metav1.NewTime(time.Date(1984, 02, 28, 18, 52, 00, 00, time.UTC))},
+		LastTransitionTime: apis.VolatileTime{Inner: metav1.NewTime(time.Date(1984, 2, 28, 18, 52, 0, 0, time.UTC))},
 		Reason:             "Celebrate",
 		Message:            "n3wScott, find your party hat :tada:",
 	}}
diff --git a/vendor/knative.dev/pkg/apis/duck/v1/source_types.go b/vendor/knative.dev/pkg/apis/duck/v1/source_types.go
index 95b7d1417d1..284ab318dd5 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1/source_types.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/source_types.go
@@ -158,7 +158,7 @@ func (s *Source) Populate() {
 		// Populate ALL fields
 		Type:               SourceConditionSinkProvided,
 		Status:             corev1.ConditionTrue,
-		LastTransitionTime: apis.VolatileTime{Inner: metav1.NewTime(time.Date(1984, 02, 28, 18, 52, 00, 00, time.UTC))},
+		LastTransitionTime: apis.VolatileTime{Inner: metav1.NewTime(time.Date(1984, 2, 28, 18, 52, 0, 0, time.UTC))},
 	}}
 	s.Status.SinkURI = &apis.URL{
 		Scheme:   "https",
diff --git a/vendor/knative.dev/pkg/apis/duck/v1beta1/destination.go b/vendor/knative.dev/pkg/apis/duck/v1beta1/destination.go
index ba83f1d4eef..41c7702df16 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1beta1/destination.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1beta1/destination.go
@@ -167,6 +167,7 @@ func validateDestinationRef(ref corev1.ObjectReference) *apis.FieldError {
 
 	return errs
 }
+
 func validateCACerts(CACert *string) *apis.FieldError {
 	// Check the object.
 	var errs *apis.FieldError
diff --git a/vendor/knative.dev/pkg/apis/duck/v1beta1/source_types.go b/vendor/knative.dev/pkg/apis/duck/v1beta1/source_types.go
index 60a502041aa..e1056cf8281 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1beta1/source_types.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1beta1/source_types.go
@@ -129,7 +129,7 @@ func (s *Source) Populate() {
 		// Populate ALL fields
 		Type:               SourceConditionSinkProvided,
 		Status:             corev1.ConditionTrue,
-		LastTransitionTime: apis.VolatileTime{Inner: metav1.NewTime(time.Date(1984, 02, 28, 18, 52, 00, 00, time.UTC))},
+		LastTransitionTime: apis.VolatileTime{Inner: metav1.NewTime(time.Date(1984, 2, 28, 18, 52, 0, 0, time.UTC))},
 	}}
 	s.Status.SinkURI = &apis.URL{
 		Scheme:   "https",
diff --git a/vendor/knative.dev/pkg/apis/duck/v1beta1/status_types.go b/vendor/knative.dev/pkg/apis/duck/v1beta1/status_types.go
index e1ae875eb45..30f4354ac42 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1beta1/status_types.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1beta1/status_types.go
@@ -129,7 +129,7 @@ func (t *KResource) Populate() {
 		// Populate ALL fields
 		Type:               "Birthday",
 		Status:             corev1.ConditionTrue,
-		LastTransitionTime: apis.VolatileTime{Inner: metav1.NewTime(time.Date(1984, 02, 28, 18, 52, 00, 00, time.UTC))},
+		LastTransitionTime: apis.VolatileTime{Inner: metav1.NewTime(time.Date(1984, 2, 28, 18, 52, 0, 0, time.UTC))},
 		Reason:             "Celebrate",
 		Message:            "n3wScott, find your party hat :tada:",
 	}}
diff --git a/vendor/knative.dev/pkg/apis/duck/verify.go b/vendor/knative.dev/pkg/apis/duck/verify.go
index 48675f93a47..4e33e65972b 100644
--- a/vendor/knative.dev/pkg/apis/duck/verify.go
+++ b/vendor/knative.dev/pkg/apis/duck/verify.go
@@ -24,8 +24,10 @@ import (
 	"knative.dev/pkg/kmp"
 )
 
-type Implementable = ducktypes.Implementable
-type Populatable = ducktypes.Populatable
+type (
+	Implementable = ducktypes.Implementable
+	Populatable   = ducktypes.Populatable
+)
 
 // VerifyType verifies that a particular concrete resource properly implements
 // the provided Implementable duck type.  It is expected that under the resource
diff --git a/vendor/knative.dev/pkg/apis/testing/roundtrip/roundtrip.go b/vendor/knative.dev/pkg/apis/testing/roundtrip/roundtrip.go
index afb4bee4939..bdf33349f10 100644
--- a/vendor/knative.dev/pkg/apis/testing/roundtrip/roundtrip.go
+++ b/vendor/knative.dev/pkg/apis/testing/roundtrip/roundtrip.go
@@ -203,7 +203,6 @@ func objForGVK(t *testing.T,
 	gvk schema.GroupVersionKind,
 	scheme *runtime.Scheme,
 ) convertibleObject {
-
 	t.Helper()
 
 	obj, err := scheme.New(gvk)
@@ -235,7 +234,6 @@ func hubInstanceForGK(t *testing.T,
 	hubs *runtime.Scheme,
 	gk schema.GroupKind,
 ) (apis.Convertible, schema.GroupVersionKind) {
-
 	t.Helper()
 
 	for hubGVK := range hubs.AllKnownTypes() {
diff --git a/vendor/knative.dev/pkg/configmap/example.go b/vendor/knative.dev/pkg/configmap/example.go
index f14a6e6ff59..82aaf939801 100644
--- a/vendor/knative.dev/pkg/configmap/example.go
+++ b/vendor/knative.dev/pkg/configmap/example.go
@@ -31,10 +31,8 @@ const (
 	ExampleChecksumAnnotation = "knative.dev/example-checksum"
 )
 
-var (
-	// Allows for normalizing by collapsing newlines.
-	sequentialNewlines = regexp.MustCompile("(?:\r?\n)+")
-)
+// Allows for normalizing by collapsing newlines.
+var sequentialNewlines = regexp.MustCompile("(?:\r?\n)+")
 
 // Checksum generates a checksum for the example value to be compared against
 // a respective annotation.
diff --git a/vendor/knative.dev/pkg/configmap/hash-gen/main.go b/vendor/knative.dev/pkg/configmap/hash-gen/main.go
index a2b154d92dd..6703677aefc 100644
--- a/vendor/knative.dev/pkg/configmap/hash-gen/main.go
+++ b/vendor/knative.dev/pkg/configmap/hash-gen/main.go
@@ -49,7 +49,7 @@ func processFile(fileName string) error {
 	}
 
 	//nolint:gosec // This is not security critical so open permissions are fine.
-	if err := os.WriteFile(fileName, out, 0644); err != nil {
+	if err := os.WriteFile(fileName, out, 0o644); err != nil {
 		return fmt.Errorf("failed to write file: %w", err)
 	}
 	return nil
diff --git a/vendor/knative.dev/pkg/configmap/store.go b/vendor/knative.dev/pkg/configmap/store.go
index 375a474c26f..e2658021900 100644
--- a/vendor/knative.dev/pkg/configmap/store.go
+++ b/vendor/knative.dev/pkg/configmap/store.go
@@ -81,8 +81,8 @@ func NewUntypedStore(
 	name string,
 	logger Logger,
 	constructors Constructors,
-	onAfterStore ...func(name string, value interface{})) *UntypedStore {
-
+	onAfterStore ...func(name string, value interface{}),
+) *UntypedStore {
 	store := &UntypedStore{
 		name:         name,
 		logger:       logger,
diff --git a/vendor/knative.dev/pkg/controller/controller.go b/vendor/knative.dev/pkg/controller/controller.go
index 9fdb0a9d586..bc7c4be495a 100644
--- a/vendor/knative.dev/pkg/controller/controller.go
+++ b/vendor/knative.dev/pkg/controller/controller.go
@@ -54,14 +54,12 @@ const (
 	DefaultResyncPeriod = 10 * time.Hour
 )
 
-var (
-	// DefaultThreadsPerController is the number of threads to use
-	// when processing the controller's workqueue.  Controller binaries
-	// may adjust this process-wide default.  For finer control, invoke
-	// Run on the controller directly.
-	// TODO rename the const to Concurrency and deprecated this
-	DefaultThreadsPerController = 2
-)
+// DefaultThreadsPerController is the number of threads to use
+// when processing the controller's workqueue.  Controller binaries
+// may adjust this process-wide default.  For finer control, invoke
+// Run on the controller directly.
+// TODO rename the const to Concurrency and deprecated this
+var DefaultThreadsPerController = 2
 
 // Reconciler is the interface that controller implementations are expected
 // to implement, so that the shared controller.Impl can drive work through it.
diff --git a/vendor/knative.dev/pkg/controller/stats_reporter.go b/vendor/knative.dev/pkg/controller/stats_reporter.go
index 6735285db47..99386f91b29 100644
--- a/vendor/knative.dev/pkg/controller/stats_reporter.go
+++ b/vendor/knative.dev/pkg/controller/stats_reporter.go
@@ -194,7 +194,6 @@ func (r *reporter) ReportReconcile(duration time.Duration, success string, key t
 		tag.Insert(successTagKey, success),
 		tag.Insert(NamespaceTagKey, key.Namespace),
 	)
-
 	if err != nil {
 		return err
 	}
diff --git a/vendor/knative.dev/pkg/environment/client_config.go b/vendor/knative.dev/pkg/environment/client_config.go
index aef33927ef7..9f1883d2362 100644
--- a/vendor/knative.dev/pkg/environment/client_config.go
+++ b/vendor/knative.dev/pkg/environment/client_config.go
@@ -86,7 +86,6 @@ func (c *ClientConfig) GetRESTConfig() (*rest.Config, error) {
 		loadingRules,
 		overrides,
 	).ClientConfig()
-
 	if err != nil {
 		return nil, fmt.Errorf("failed to create client config: %w", err)
 	}
diff --git a/vendor/knative.dev/pkg/injection/sharedmain/main.go b/vendor/knative.dev/pkg/injection/sharedmain/main.go
index 348599f0966..86bb1e3409a 100644
--- a/vendor/knative.dev/pkg/injection/sharedmain/main.go
+++ b/vendor/knative.dev/pkg/injection/sharedmain/main.go
@@ -151,7 +151,6 @@ var (
 // In addition to the MainWithConfig flow, it defines a `disabled-controllers` flag that allows disabling controllers
 // by name.
 func MainNamed(ctx context.Context, component string, ctors ...injection.NamedControllerConstructor) {
-
 	disabledControllers := flag.String("disable-controllers", "", "Comma-separated list of disabled controllers.")
 
 	// HACK: This parses flags, so the above should be set once this runs.
@@ -456,8 +455,8 @@ func SecretFetcher(ctx context.Context) metrics.SecretFetcher {
 // of the webhooks created from the given constructors.
 func ControllersAndWebhooksFromCtors(ctx context.Context,
 	cmw *cminformer.InformedWatcher,
-	ctors ...injection.ControllerConstructor) ([]*controller.Impl, []interface{}) {
-
+	ctors ...injection.ControllerConstructor,
+) ([]*controller.Impl, []interface{}) {
 	// Check whether the context has been infused with a leader elector builder.
 	// If it has, then every reconciler we plan to start MUST implement LeaderAware.
 	leEnabled := leaderelection.HasLeaderElection(ctx)
diff --git a/vendor/knative.dev/pkg/leaderelection/context.go b/vendor/knative.dev/pkg/leaderelection/context.go
index b0122b84a0b..4cd6830639c 100644
--- a/vendor/knative.dev/pkg/leaderelection/context.go
+++ b/vendor/knative.dev/pkg/leaderelection/context.go
@@ -117,7 +117,8 @@ type standardBuilder struct {
 }
 
 func (b *standardBuilder) buildElector(ctx context.Context, la reconciler.LeaderAware,
-	queueName string, enq func(reconciler.Bucket, types.NamespacedName)) (Elector, error) {
+	queueName string, enq func(reconciler.Bucket, types.NamespacedName),
+) (Elector, error) {
 	logger := logging.FromContext(ctx)
 
 	id := b.lec.Identity
diff --git a/vendor/knative.dev/pkg/logging/config.go b/vendor/knative.dev/pkg/logging/config.go
index a95dfe8fa55..1898ac34f92 100644
--- a/vendor/knative.dev/pkg/logging/config.go
+++ b/vendor/knative.dev/pkg/logging/config.go
@@ -197,7 +197,8 @@ func levelFromString(level string) (*zapcore.Level, error) {
 // UpdateLevelFromConfigMap returns a helper func that can be used to update the logging level
 // when a config map is updated
 func UpdateLevelFromConfigMap(logger *zap.SugaredLogger, atomicLevel zap.AtomicLevel,
-	levelKey string) func(configMap *corev1.ConfigMap) {
+	levelKey string,
+) func(configMap *corev1.ConfigMap) {
 	return func(configMap *corev1.ConfigMap) {
 		config, err := NewConfigFromConfigMap(configMap)
 		if err != nil {
diff --git a/vendor/knative.dev/pkg/metrics/config.go b/vendor/knative.dev/pkg/metrics/config.go
index ce5e7f875f1..9ed17ef6786 100644
--- a/vendor/knative.dev/pkg/metrics/config.go
+++ b/vendor/knative.dev/pkg/metrics/config.go
@@ -58,11 +58,9 @@ const (
 	prometheusHostEnvName            = "METRICS_PROMETHEUS_HOST"
 )
 
-var (
-	// TestOverrideBundleCount is a variable for testing to reduce the size (number of metrics) buffered before
-	// OpenCensus will send a bundled metric report. Only applies if non-zero.
-	TestOverrideBundleCount = 0
-)
+// TestOverrideBundleCount is a variable for testing to reduce the size (number of metrics) buffered before
+// OpenCensus will send a bundled metric report. Only applies if non-zero.
+var TestOverrideBundleCount = 0
 
 // Metrics backend "enum".
 const (
diff --git a/vendor/knative.dev/pkg/metrics/exporter.go b/vendor/knative.dev/pkg/metrics/exporter.go
index a4c83734885..95e0f5b2f3c 100644
--- a/vendor/knative.dev/pkg/metrics/exporter.go
+++ b/vendor/knative.dev/pkg/metrics/exporter.go
@@ -271,8 +271,7 @@ func flushGivenExporter(e view.Exporter) bool {
 	return false
 }
 
-type noneExporter struct {
-}
+type noneExporter struct{}
 
 // NoneExporter implements view.Exporter in the nil case.
 func (*noneExporter) ExportView(*view.Data) {
diff --git a/vendor/knative.dev/pkg/metrics/metrics.go b/vendor/knative.dev/pkg/metrics/metrics.go
index b65f470cce8..a0c64343b64 100644
--- a/vendor/knative.dev/pkg/metrics/metrics.go
+++ b/vendor/knative.dev/pkg/metrics/metrics.go
@@ -125,9 +125,7 @@ type resultMetric struct {
 	measure *stats.Int64Measure
 }
 
-var (
-	_ metrics.ResultMetric = (*resultMetric)(nil)
-)
+var _ metrics.ResultMetric = (*resultMetric)(nil)
 
 // Increment implements ResultMetric
 func (m resultMetric) Increment(ctx context.Context, code, method, host string) {
diff --git a/vendor/knative.dev/pkg/metrics/metricstest/metricstest.go b/vendor/knative.dev/pkg/metrics/metricstest/metricstest.go
index 3d054a1830f..106c864522c 100644
--- a/vendor/knative.dev/pkg/metrics/metricstest/metricstest.go
+++ b/vendor/knative.dev/pkg/metrics/metricstest/metricstest.go
@@ -119,7 +119,6 @@ func CheckDistributionCount(t ti, name string, wantTags map[string]string, expec
 	} else if s.Count != expectedCount {
 		t.Error("reporter count wrong", "metric", name, "got", s.Count, "want", expectedCount)
 	}
-
 }
 
 // GetLastValueData returns the last value for the given metric, verifying tags.
diff --git a/vendor/knative.dev/pkg/metrics/metricstest/resource_metrics.go b/vendor/knative.dev/pkg/metrics/metricstest/resource_metrics.go
index 10e2e4c94ae..619d536846c 100644
--- a/vendor/knative.dev/pkg/metrics/metricstest/resource_metrics.go
+++ b/vendor/knative.dev/pkg/metrics/metricstest/resource_metrics.go
@@ -168,7 +168,8 @@ func DistributionCountOnlyMetric(name string, count int64, tags map[string]strin
 		Values: []Value{{
 			Distribution:                &metricdata.Distribution{Count: count},
 			Tags:                        tags,
-			VerifyDistributionCountOnly: true}},
+			VerifyDistributionCountOnly: true,
+		}},
 	}
 }
 
diff --git a/vendor/knative.dev/pkg/metrics/prometheus_exporter.go b/vendor/knative.dev/pkg/metrics/prometheus_exporter.go
index 5f11c12e8de..cb5238476f3 100644
--- a/vendor/knative.dev/pkg/metrics/prometheus_exporter.go
+++ b/vendor/knative.dev/pkg/metrics/prometheus_exporter.go
@@ -86,7 +86,7 @@ func startNewPromSrv(e *prom.Exporter, host string, port int) *http.Server {
 	curPromSrv = &http.Server{
 		Addr:              host + ":" + strconv.Itoa(port),
 		Handler:           sm,
-		ReadHeaderTimeout: time.Minute, //https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
+		ReadHeaderTimeout: time.Minute, // https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
 	}
 	return curPromSrv
 }
diff --git a/vendor/knative.dev/pkg/metrics/resource_view.go b/vendor/knative.dev/pkg/metrics/resource_view.go
index 69e4ab435de..930b389319c 100644
--- a/vendor/knative.dev/pkg/metrics/resource_view.go
+++ b/vendor/knative.dev/pkg/metrics/resource_view.go
@@ -48,15 +48,17 @@ type meterExporter struct {
 // for each observed Resource. This is needed because OpenCensus support for
 // Resources is a bit tacked-on rather than being a first-class component like
 // Tags are.
-type ResourceExporterFactory func(*resource.Resource) (view.Exporter, error)
-type meters struct {
-	meters         map[string]*meterExporter
-	factory        ResourceExporterFactory
-	lock           sync.Mutex
-	clock          clock.WithTicker
-	ticker         clock.Ticker
-	tickerStopChan chan struct{}
-}
+type (
+	ResourceExporterFactory func(*resource.Resource) (view.Exporter, error)
+	meters                  struct {
+		meters         map[string]*meterExporter
+		factory        ResourceExporterFactory
+		lock           sync.Mutex
+		clock          clock.WithTicker
+		ticker         clock.Ticker
+		tickerStopChan chan struct{}
+	}
+)
 
 // Lock regime: lock allMeters before resourceViews. The critical path is in
 // optionForResource, which must lock allMeters, but only needs to lock
@@ -421,15 +423,19 @@ func (*defaultMeterImpl) Find(name string) *view.View {
 func (*defaultMeterImpl) Register(views ...*view.View) error {
 	return view.Register(views...)
 }
+
 func (*defaultMeterImpl) Unregister(views ...*view.View) {
 	view.Unregister(views...)
 }
+
 func (*defaultMeterImpl) SetReportingPeriod(t time.Duration) {
 	view.SetReportingPeriod(t)
 }
+
 func (*defaultMeterImpl) RegisterExporter(e view.Exporter) {
 	view.RegisterExporter(e)
 }
+
 func (*defaultMeterImpl) UnregisterExporter(e view.Exporter) {
 	view.UnregisterExporter(e)
 }
@@ -438,6 +444,7 @@ func (*defaultMeterImpl) Stop()  {}
 func (*defaultMeterImpl) RetrieveData(viewName string) ([]*view.Row, error) {
 	return view.RetrieveData(viewName)
 }
+
 func (*defaultMeterImpl) SetResource(*resource.Resource) {
 }
 
diff --git a/vendor/knative.dev/pkg/network/h2c.go b/vendor/knative.dev/pkg/network/h2c.go
index e1671233dcb..d0608be7221 100644
--- a/vendor/knative.dev/pkg/network/h2c.go
+++ b/vendor/knative.dev/pkg/network/h2c.go
@@ -32,7 +32,7 @@ func NewServer(addr string, h http.Handler) *http.Server {
 	h1s := &http.Server{
 		Addr:              addr,
 		Handler:           h2c.NewHandler(h, &http2.Server{}),
-		ReadHeaderTimeout: time.Minute, //https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
+		ReadHeaderTimeout: time.Minute, // https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
 	}
 
 	return h1s
diff --git a/vendor/knative.dev/pkg/profiling/server.go b/vendor/knative.dev/pkg/profiling/server.go
index f362f36fa4d..9eceef51cbd 100644
--- a/vendor/knative.dev/pkg/profiling/server.go
+++ b/vendor/knative.dev/pkg/profiling/server.go
@@ -117,6 +117,6 @@ func NewServer(handler http.Handler) *http.Server {
 	return &http.Server{
 		Addr:              ":" + port,
 		Handler:           handler,
-		ReadHeaderTimeout: time.Minute, //https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
+		ReadHeaderTimeout: time.Minute, // https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
 	}
 }
diff --git a/vendor/knative.dev/pkg/reconciler/testing/table.go b/vendor/knative.dev/pkg/reconciler/testing/table.go
index d36c49b89ab..18a83a2bb52 100644
--- a/vendor/knative.dev/pkg/reconciler/testing/table.go
+++ b/vendor/knative.dev/pkg/reconciler/testing/table.go
@@ -363,7 +363,8 @@ func (r *TableRow) Test(t *testing.T, factory Factory) {
 
 func filterUpdatesWithSubresource(
 	subresource string,
-	actions []clientgotesting.UpdateAction) (result []clientgotesting.UpdateAction) {
+	actions []clientgotesting.UpdateAction,
+) (result []clientgotesting.UpdateAction) {
 	for _, action := range actions {
 		if action.GetSubresource() == subresource {
 			result = append(result, action)
diff --git a/vendor/knative.dev/pkg/test/clients.go b/vendor/knative.dev/pkg/test/clients.go
index 88530c36b70..44234100bcb 100644
--- a/vendor/knative.dev/pkg/test/clients.go
+++ b/vendor/knative.dev/pkg/test/clients.go
@@ -34,7 +34,8 @@ import (
 
 // NewSpoofingClient returns a spoofing client to make requests
 func NewSpoofingClient(ctx context.Context, client kubernetes.Interface, logf logging.FormatLogger,
-	domain string, resolvable bool, opts ...spoof.TransportOption) (*spoof.SpoofingClient, error) {
+	domain string, resolvable bool, opts ...spoof.TransportOption,
+) (*spoof.SpoofingClient, error) {
 	return spoof.New(ctx, client, logf, domain, resolvable, Flags.IngressEndpoint,
 		Flags.SpoofRequestInterval, Flags.SpoofRequestTimeout, opts...)
 }
diff --git a/vendor/knative.dev/pkg/test/e2e_flags.go b/vendor/knative.dev/pkg/test/e2e_flags.go
index ef9b5519e70..3860dff9426 100644
--- a/vendor/knative.dev/pkg/test/e2e_flags.go
+++ b/vendor/knative.dev/pkg/test/e2e_flags.go
@@ -29,12 +29,10 @@ import (
 	"knative.dev/pkg/test/logging"
 )
 
-var (
-	// Flags holds the command line flags or defaults for settings in the user's environment.
-	// See EnvironmentFlags for a list of supported fields.
-	// Deprecated: use test/flags.Flags()
-	Flags = initializeFlags()
-)
+// Flags holds the command line flags or defaults for settings in the user's environment.
+// See EnvironmentFlags for a list of supported fields.
+// Deprecated: use test/flags.Flags()
+var Flags = initializeFlags()
 
 // EnvironmentFlags define the flags that are needed to run the e2e tests.
 // Deprecated: use test/flags.Flags() or injection.Flags()
diff --git a/vendor/knative.dev/pkg/test/helpers/dir.go b/vendor/knative.dev/pkg/test/helpers/dir.go
index e6df61121d8..e5085f009ba 100644
--- a/vendor/knative.dev/pkg/test/helpers/dir.go
+++ b/vendor/knative.dev/pkg/test/helpers/dir.go
@@ -23,7 +23,7 @@ import (
 	"strings"
 )
 
-const allUsersFullPermission = 0777
+const allUsersFullPermission = 0o777
 
 // CreateDir creates dir if does not exist.
 // The created dir will have the permission bits as 0777, which means everyone can read/write/execute it.
diff --git a/vendor/knative.dev/pkg/test/request.go b/vendor/knative.dev/pkg/test/request.go
index a22542e29bd..46c7d6857f5 100644
--- a/vendor/knative.dev/pkg/test/request.go
+++ b/vendor/knative.dev/pkg/test/request.go
@@ -83,7 +83,8 @@ func WaitForEndpointState(
 	inState spoof.ResponseChecker,
 	desc string,
 	resolvable bool,
-	opts ...interface{}) (*spoof.Response, error) {
+	opts ...interface{},
+) (*spoof.Response, error) {
 	return WaitForEndpointStateWithTimeout(ctx, kubeClient, logf, url, inState,
 		desc, resolvable, Flags.SpoofRequestTimeout, opts...)
 }
@@ -103,8 +104,8 @@ func WaitForEndpointStateWithTimeout(
 	desc string,
 	resolvable bool,
 	timeout time.Duration,
-	opts ...interface{}) (*spoof.Response, error) {
-
+	opts ...interface{},
+) (*spoof.Response, error) {
 	client, rOpts, err := makeSpoofClient(ctx, kubeClient, logf, url, resolvable, timeout, opts...)
 	if err != nil {
 		return nil, err
@@ -119,8 +120,8 @@ func makeSpoofClient(
 	url *url.URL,
 	resolvable bool,
 	timeout time.Duration,
-	opts ...interface{}) (*spoof.SpoofingClient, []spoof.RequestOption, error) {
-
+	opts ...interface{},
+) (*spoof.SpoofingClient, []spoof.RequestOption, error) {
 	var tOpts []spoof.TransportOption
 	var rOpts []spoof.RequestOption
 
diff --git a/vendor/knative.dev/pkg/test/spoof/spoof.go b/vendor/knative.dev/pkg/test/spoof/spoof.go
index 716e5d83dbd..ac1c23e7dc2 100644
--- a/vendor/knative.dev/pkg/test/spoof/spoof.go
+++ b/vendor/knative.dev/pkg/test/spoof/spoof.go
@@ -100,7 +100,8 @@ func New(
 	resolvable bool,
 	endpointOverride string,
 	requestInterval, requestTimeout time.Duration,
-	opts ...TransportOption) (*SpoofingClient, error) {
+	opts ...TransportOption,
+) (*SpoofingClient, error) {
 	endpoint, mapper, err := ResolveEndpoint(ctx, kubeClientset, domain, resolvable, endpointOverride)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get the cluster endpoint: %w", err)
@@ -288,8 +289,8 @@ func (sc *SpoofingClient) WaitForEndpointState(
 	url *url.URL,
 	inState ResponseChecker,
 	desc string,
-	opts ...RequestOption) (*Response, error) {
-
+	opts ...RequestOption,
+) (*Response, error) {
 	return sc.endpointState(
 		ctx,
 		url,
@@ -307,7 +308,8 @@ func (sc *SpoofingClient) endpointState(
 	desc string,
 	f func(*http.Request, ResponseChecker) (*Response, error),
 	logName string,
-	opts ...RequestOption) (*Response, error) {
+	opts ...RequestOption,
+) (*Response, error) {
 	defer logging.GetEmitableSpan(ctx, logName+"/"+desc).End()
 
 	if url.Scheme == "" || url.Host == "" {
@@ -348,7 +350,8 @@ func (sc *SpoofingClient) CheckEndpointState(
 	url *url.URL,
 	inState ResponseChecker,
 	desc string,
-	opts ...RequestOption) (*Response, error) {
+	opts ...RequestOption,
+) (*Response, error) {
 	return sc.endpointState(
 		ctx,
 		url,
diff --git a/vendor/knative.dev/pkg/test/upgrade/functions.go b/vendor/knative.dev/pkg/test/upgrade/functions.go
index fe4965d8099..e988c5bf817 100644
--- a/vendor/knative.dev/pkg/test/upgrade/functions.go
+++ b/vendor/knative.dev/pkg/test/upgrade/functions.go
@@ -77,7 +77,8 @@ func NewBackgroundVerification(name string, setup func(c Context), verify func(c
 // NewBackgroundOperation creates a new background operation or test that can be
 // notified to stop its operation.
 func NewBackgroundOperation(name string, setup func(c Context),
-	handler func(bc BackgroundContext)) BackgroundOperation {
+	handler func(bc BackgroundContext),
+) BackgroundOperation {
 	return &simpleBackgroundOperation{
 		name:    name,
 		setup:   setup,
diff --git a/vendor/knative.dev/pkg/test/upgrade/shell/executor.go b/vendor/knative.dev/pkg/test/upgrade/shell/executor.go
index 020f0d3eddf..866b8141499 100644
--- a/vendor/knative.dev/pkg/test/upgrade/shell/executor.go
+++ b/vendor/knative.dev/pkg/test/upgrade/shell/executor.go
@@ -28,7 +28,7 @@ import (
 const (
 	defaultLabelOut = "[OUT]"
 	defaultLabelErr = "[ERR]"
-	executeMode     = 0700
+	executeMode     = 0o700
 )
 
 // NewExecutor creates a new executor.
diff --git a/vendor/knative.dev/pkg/tracker/interface.go b/vendor/knative.dev/pkg/tracker/interface.go
index 5e580b34cf9..58bc941d8e4 100644
--- a/vendor/knative.dev/pkg/tracker/interface.go
+++ b/vendor/knative.dev/pkg/tracker/interface.go
@@ -177,5 +177,4 @@ func (ref *Reference) Validate(ctx context.Context) *apis.FieldError {
 	}
 
 	return errs
-
 }
diff --git a/vendor/knative.dev/pkg/webhook/admission.go b/vendor/knative.dev/pkg/webhook/admission.go
index db131b902bf..9e14eae89b2 100644
--- a/vendor/knative.dev/pkg/webhook/admission.go
+++ b/vendor/knative.dev/pkg/webhook/admission.go
@@ -88,7 +88,7 @@ func admissionHandler(rootLogger *zap.SugaredLogger, stats StatsReporter, c Admi
 			<-synced
 		}
 
-		var ttStart = time.Now()
+		ttStart := time.Now()
 		logger := rootLogger
 		logger.Infof("Webhook ServeHTTP request=%#v", r)
 
diff --git a/vendor/knative.dev/pkg/webhook/certificates/certificates.go b/vendor/knative.dev/pkg/webhook/certificates/certificates.go
index 5239279e526..21c6bdec6a9 100644
--- a/vendor/knative.dev/pkg/webhook/certificates/certificates.go
+++ b/vendor/knative.dev/pkg/webhook/certificates/certificates.go
@@ -48,8 +48,10 @@ type reconciler struct {
 	serviceName  string
 }
 
-var _ controller.Reconciler = (*reconciler)(nil)
-var _ pkgreconciler.LeaderAware = (*reconciler)(nil)
+var (
+	_ controller.Reconciler     = (*reconciler)(nil)
+	_ pkgreconciler.LeaderAware = (*reconciler)(nil)
+)
 
 // Reconcile implements controller.Reconciler
 func (r *reconciler) Reconcile(ctx context.Context, key string) error {
diff --git a/vendor/knative.dev/pkg/webhook/certificates/controller.go b/vendor/knative.dev/pkg/webhook/certificates/controller.go
index 1932e28c25a..b076bd6612c 100644
--- a/vendor/knative.dev/pkg/webhook/certificates/controller.go
+++ b/vendor/knative.dev/pkg/webhook/certificates/controller.go
@@ -41,7 +41,6 @@ func NewController(
 	ctx context.Context,
 	cmw configmap.Watcher,
 ) *controller.Impl {
-
 	client := kubeclient.Get(ctx)
 	secretInformer := secretinformer.Get(ctx)
 	options := webhook.GetOptions(ctx)
diff --git a/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go b/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go
index 811eb569c27..cb56c8cef9c 100644
--- a/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go
+++ b/vendor/knative.dev/pkg/webhook/certificates/resources/certs.go
@@ -98,8 +98,8 @@ func createServerCertTemplate(name, namespace string, notAfter time.Time) (*x509
 
 // Actually sign the cert and return things in a form that we can use later on
 func createCert(template, parent *x509.Certificate, pub, parentPriv interface{}) (
-	cert *x509.Certificate, certPEM []byte, err error) {
-
+	cert *x509.Certificate, certPEM []byte, err error,
+) {
 	certDER, err := x509.CreateCertificate(rand.Reader, template, parent, pub, parentPriv)
 	if err != nil {
 		return
diff --git a/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go b/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go
index 5a4c4d88887..d7d37b8ec4d 100644
--- a/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go
+++ b/vendor/knative.dev/pkg/webhook/configmaps/configmaps.go
@@ -61,10 +61,12 @@ type reconciler struct {
 	secretName string
 }
 
-var _ controller.Reconciler = (*reconciler)(nil)
-var _ pkgreconciler.LeaderAware = (*reconciler)(nil)
-var _ webhook.AdmissionController = (*reconciler)(nil)
-var _ webhook.StatelessAdmissionController = (*reconciler)(nil)
+var (
+	_ controller.Reconciler                = (*reconciler)(nil)
+	_ pkgreconciler.LeaderAware            = (*reconciler)(nil)
+	_ webhook.AdmissionController          = (*reconciler)(nil)
+	_ webhook.StatelessAdmissionController = (*reconciler)(nil)
+)
 
 // Reconcile implements controller.Reconciler
 func (ac *reconciler) Reconcile(ctx context.Context, key string) error {
diff --git a/vendor/knative.dev/pkg/webhook/configmaps/controller.go b/vendor/knative.dev/pkg/webhook/configmaps/controller.go
index c2d71eb0397..9c2aae49524 100644
--- a/vendor/knative.dev/pkg/webhook/configmaps/controller.go
+++ b/vendor/knative.dev/pkg/webhook/configmaps/controller.go
@@ -41,7 +41,6 @@ func NewAdmissionController(
 	name, path string,
 	constructors configmap.Constructors,
 ) *controller.Impl {
-
 	client := kubeclient.Get(ctx)
 	vwhInformer := vwhinformer.Get(ctx)
 	secretInformer := secretinformer.Get(ctx)
diff --git a/vendor/knative.dev/pkg/webhook/conversion.go b/vendor/knative.dev/pkg/webhook/conversion.go
index 2e876c14f5d..fa3c76a7026 100644
--- a/vendor/knative.dev/pkg/webhook/conversion.go
+++ b/vendor/knative.dev/pkg/webhook/conversion.go
@@ -40,7 +40,7 @@ type ConversionController interface {
 
 func conversionHandler(rootLogger *zap.SugaredLogger, stats StatsReporter, c ConversionController) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		var ttStart = time.Now()
+		ttStart := time.Now()
 		logger := rootLogger
 		logger.Infof("Webhook ServeHTTP request=%#v", r)
 
diff --git a/vendor/knative.dev/pkg/webhook/helper.go b/vendor/knative.dev/pkg/webhook/helper.go
index a3647ac742a..a9ff91fe257 100644
--- a/vendor/knative.dev/pkg/webhook/helper.go
+++ b/vendor/knative.dev/pkg/webhook/helper.go
@@ -29,8 +29,8 @@ import (
 // adds all knative-keys not yet there.
 func EnsureLabelSelectorExpressions(
 	current *metav1.LabelSelector,
-	want *metav1.LabelSelector) *metav1.LabelSelector {
-
+	want *metav1.LabelSelector,
+) *metav1.LabelSelector {
 	if current == nil {
 		return want
 	}
@@ -56,8 +56,8 @@ func EnsureLabelSelectorExpressions(
 
 func ensureLabelSelectorRequirements(
 	current []metav1.LabelSelectorRequirement,
-	want []metav1.LabelSelectorRequirement) []metav1.LabelSelectorRequirement {
-
+	want []metav1.LabelSelectorRequirement,
+) []metav1.LabelSelectorRequirement {
 	nonKnative := make([]metav1.LabelSelectorRequirement, 0, len(current))
 	for _, r := range current {
 		if !strings.Contains(r.Key, "knative.dev") {
diff --git a/vendor/knative.dev/pkg/webhook/json/decode.go b/vendor/knative.dev/pkg/webhook/json/decode.go
index b62caec612c..c8e57079074 100644
--- a/vendor/knative.dev/pkg/webhook/json/decode.go
+++ b/vendor/knative.dev/pkg/webhook/json/decode.go
@@ -32,7 +32,7 @@ var (
 	// Unmarshal is an alias for json.Unmarshal
 	Unmarshal = json.Unmarshal
 
-	//Marshal is an alias for json.Marshal
+	// Marshal is an alias for json.Marshal
 	Marshal = json.Marshal
 )
 
diff --git a/vendor/knative.dev/pkg/webhook/psbinding/controller.go b/vendor/knative.dev/pkg/webhook/psbinding/controller.go
index bceffcb4f7b..f799847214d 100644
--- a/vendor/knative.dev/pkg/webhook/psbinding/controller.go
+++ b/vendor/knative.dev/pkg/webhook/psbinding/controller.go
@@ -78,7 +78,6 @@ func NewAdmissionController(
 	withContext BindableContext,
 	reconcilerOptions ...ReconcilerOption,
 ) *controller.Impl {
-
 	// Extract the assorted things from our context.
 	client := kubeclient.Get(ctx)
 	mwhInformer := mwhinformer.Get(ctx)
diff --git a/vendor/knative.dev/pkg/webhook/psbinding/psbinding.go b/vendor/knative.dev/pkg/webhook/psbinding/psbinding.go
index ee1d66a822b..2236cadc64f 100644
--- a/vendor/knative.dev/pkg/webhook/psbinding/psbinding.go
+++ b/vendor/knative.dev/pkg/webhook/psbinding/psbinding.go
@@ -118,9 +118,11 @@ type Reconciler struct {
 	index index
 }
 
-var _ controller.Reconciler = (*Reconciler)(nil)
-var _ pkgreconciler.LeaderAware = (*Reconciler)(nil)
-var _ webhook.AdmissionController = (*Reconciler)(nil)
+var (
+	_ controller.Reconciler       = (*Reconciler)(nil)
+	_ pkgreconciler.LeaderAware   = (*Reconciler)(nil)
+	_ webhook.AdmissionController = (*Reconciler)(nil)
+)
 
 // We need to specifically exclude our deployment(s) from consideration, but this provides a way
 // of excluding other things as well.
@@ -186,7 +188,8 @@ func (ac *Reconciler) Admit(ctx context.Context, request *admissionv1.AdmissionR
 		Group:     request.Kind.Group,
 		Kind:      request.Kind.Kind,
 		Namespace: request.Namespace,
-		Name:      orig.Name},
+		Name:      orig.Name,
+	},
 		labels.Set(orig.Labels))
 	if len(fbs) == 0 {
 		// This doesn't apply!
@@ -269,7 +272,8 @@ func (ac *Reconciler) reconcileMutatingWebhook(ctx context.Context, caCert []byt
 				Group:     gk.Group,
 				Kind:      gk.Kind,
 				Namespace: ref.Namespace,
-				Name:      ref.Name},
+				Name:      ref.Name,
+			},
 				fb)
 		} else {
 			selector, err := metav1.LabelSelectorAsSelector(ref.Selector)
@@ -279,7 +283,8 @@ func (ac *Reconciler) reconcileMutatingWebhook(ctx context.Context, caCert []byt
 			ib.associateSelection(inexactKey{
 				Group:     gk.Group,
 				Kind:      gk.Kind,
-				Namespace: ref.Namespace},
+				Namespace: ref.Namespace,
+			},
 				selector, fb)
 		}
 	}
diff --git a/vendor/knative.dev/pkg/webhook/psbinding/reconciler.go b/vendor/knative.dev/pkg/webhook/psbinding/reconciler.go
index 3d156fdca2c..233af0d389d 100644
--- a/vendor/knative.dev/pkg/webhook/psbinding/reconciler.go
+++ b/vendor/knative.dev/pkg/webhook/psbinding/reconciler.go
@@ -102,8 +102,10 @@ type BaseReconciler struct {
 }
 
 // Check that our Reconciler implements controller.Reconciler
-var _ controller.Reconciler = (*BaseReconciler)(nil)
-var _ pkgreconciler.LeaderAware = (*BaseReconciler)(nil)
+var (
+	_ controller.Reconciler     = (*BaseReconciler)(nil)
+	_ pkgreconciler.LeaderAware = (*BaseReconciler)(nil)
+)
 
 // Reconcile implements controller.Reconciler
 func (r *BaseReconciler) Reconcile(ctx context.Context, key string) error {
@@ -275,7 +277,6 @@ func (r *BaseReconciler) RemoveFinalizer(ctx context.Context, fb kmeta.Accessor)
 }
 
 func (r *BaseReconciler) labelNamespace(ctx context.Context, subject tracker.Reference) error {
-
 	namespaceObject, err := r.NamespaceLister.Get(subject.Namespace)
 	if apierrs.IsNotFound(err) {
 		logging.FromContext(ctx).Info("Error getting namespace (not found): ", err)
diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/controller.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/controller.go
index 45e2eef4e66..8f200d3c23f 100644
--- a/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/controller.go
+++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/controller.go
@@ -89,7 +89,6 @@ func NewConversionController(
 	kinds map[schema.GroupKind]GroupKindConversion,
 	withContext func(context.Context) context.Context,
 ) *controller.Impl {
-
 	opts := []OptionFunc{
 		WithPath(path),
 		WithWrapContext(withContext),
diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/conversion.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/conversion.go
index d8dcde744c3..29830a87510 100644
--- a/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/conversion.go
+++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/conversion.go
@@ -39,7 +39,6 @@ func (r *reconciler) Convert(
 	ctx context.Context,
 	req *apixv1.ConversionRequest,
 ) *apixv1.ConversionResponse {
-
 	if r.withContext != nil {
 		ctx = r.withContext(ctx)
 	}
diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/reconciler.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/reconciler.go
index 103e6a5ebad..f23b055872c 100644
--- a/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/reconciler.go
+++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/conversion/reconciler.go
@@ -51,9 +51,11 @@ type reconciler struct {
 	client       apixclient.Interface
 }
 
-var _ webhook.ConversionController = (*reconciler)(nil)
-var _ controller.Reconciler = (*reconciler)(nil)
-var _ pkgreconciler.LeaderAware = (*reconciler)(nil)
+var (
+	_ webhook.ConversionController = (*reconciler)(nil)
+	_ controller.Reconciler        = (*reconciler)(nil)
+	_ pkgreconciler.LeaderAware    = (*reconciler)(nil)
+)
 
 // Path implements webhook.ConversionController
 func (r *reconciler) Path() string {
diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go
index ba50005d79a..c7f9bb139e8 100644
--- a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go
+++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/controller.go
@@ -45,7 +45,6 @@ func NewAdmissionController(
 	disallowUnknownFields bool,
 	callbacks ...map[schema.GroupVersionKind]Callback,
 ) *controller.Impl {
-
 	// This not ideal, we are using a variadic argument to effectively make callbacks optional
 	// This allows this addition to be non-breaking to consumers of /pkg
 	// TODO: once all sub-repos have adopted this, we might move this back to a traditional param.
diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/defaulting.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/defaulting.go
index 90f9ec8c96c..4140ec71922 100644
--- a/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/defaulting.go
+++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/defaulting/defaulting.go
@@ -104,10 +104,12 @@ func NewCallback(function func(context.Context, *unstructured.Unstructured) erro
 	return Callback{function: function, supportedVerbs: m}
 }
 
-var _ controller.Reconciler = (*reconciler)(nil)
-var _ pkgreconciler.LeaderAware = (*reconciler)(nil)
-var _ webhook.AdmissionController = (*reconciler)(nil)
-var _ webhook.StatelessAdmissionController = (*reconciler)(nil)
+var (
+	_ controller.Reconciler                = (*reconciler)(nil)
+	_ pkgreconciler.LeaderAware            = (*reconciler)(nil)
+	_ webhook.AdmissionController          = (*reconciler)(nil)
+	_ webhook.StatelessAdmissionController = (*reconciler)(nil)
+)
 
 // Reconcile implements controller.Reconciler
 func (ac *reconciler) Reconcile(ctx context.Context, key string) error {
diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go
index eee6105b45b..f24b36792a8 100644
--- a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go
+++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/controller.go
@@ -45,7 +45,6 @@ func NewAdmissionControllerWithConfig(
 	disallowUnknownFields bool,
 	callbacks map[schema.GroupVersionKind]Callback,
 ) *controller.Impl {
-
 	opts := []OptionFunc{
 		WithPath(path),
 		WithTypes(handlers),
@@ -122,7 +121,6 @@ func newController(ctx context.Context, name string, optsFunc ...OptionFunc) *co
 	})
 
 	return c
-
 }
 
 // NewAdmissionController constructs a reconciler
diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/reconcile_config.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/reconcile_config.go
index dfc36199103..afbc45c051b 100644
--- a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/reconcile_config.go
+++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/reconcile_config.go
@@ -64,10 +64,12 @@ type reconciler struct {
 	secretName            string
 }
 
-var _ controller.Reconciler = (*reconciler)(nil)
-var _ pkgreconciler.LeaderAware = (*reconciler)(nil)
-var _ webhook.AdmissionController = (*reconciler)(nil)
-var _ webhook.StatelessAdmissionController = (*reconciler)(nil)
+var (
+	_ controller.Reconciler                = (*reconciler)(nil)
+	_ pkgreconciler.LeaderAware            = (*reconciler)(nil)
+	_ webhook.AdmissionController          = (*reconciler)(nil)
+	_ webhook.StatelessAdmissionController = (*reconciler)(nil)
+)
 
 // Path implements AdmissionController
 func (ac *reconciler) Path() string {
diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/validation_admit.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/validation_admit.go
index e601890afcc..ed5b8349207 100644
--- a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/validation_admit.go
+++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/validation_admit.go
@@ -106,8 +106,8 @@ func (ac *reconciler) Admit(ctx context.Context, request *admissionv1.AdmissionR
 func (ac *reconciler) decodeRequestAndPrepareContext(
 	ctx context.Context,
 	req *admissionv1.AdmissionRequest,
-	gvk schema.GroupVersionKind) (context.Context, resourcesemantics.GenericCRD, error) {
-
+	gvk schema.GroupVersionKind,
+) (context.Context, resourcesemantics.GenericCRD, error) {
 	logger := logging.FromContext(ctx)
 	handler, ok := ac.handlers[gvk]
 	if !ok {
diff --git a/vendor/knative.dev/pkg/webhook/stats_reporter.go b/vendor/knative.dev/pkg/webhook/stats_reporter.go
index 3f05d4a91c7..bc62820b987 100644
--- a/vendor/knative.dev/pkg/webhook/stats_reporter.go
+++ b/vendor/knative.dev/pkg/webhook/stats_reporter.go
@@ -66,8 +66,10 @@ var (
 	resultCodeKey        = tag.MustNewKey("result_code")
 )
 
-type admissionToValue func(*admissionv1.AdmissionRequest, *admissionv1.AdmissionResponse) string
-type conversionToValue func(*apixv1.ConversionRequest, *apixv1.ConversionResponse) string
+type (
+	admissionToValue  func(*admissionv1.AdmissionRequest, *admissionv1.AdmissionResponse) string
+	conversionToValue func(*apixv1.ConversionRequest, *apixv1.ConversionResponse) string
+)
 
 var (
 	allAdmissionTags = map[tag.Key]admissionToValue{
diff --git a/vendor/knative.dev/pkg/webhook/webhook.go b/vendor/knative.dev/pkg/webhook/webhook.go
index d8842df35ae..e91262db2c1 100644
--- a/vendor/knative.dev/pkg/webhook/webhook.go
+++ b/vendor/knative.dev/pkg/webhook/webhook.go
@@ -132,7 +132,6 @@ func New(
 	ctx context.Context,
 	controllers []interface{},
 ) (webhook *Webhook, err error) {
-
 	// ServeMux.Handle panics on duplicate paths
 	defer func() {
 		if r := recover(); r != nil {
@@ -270,11 +269,11 @@ func (wh *Webhook) Run(stop <-chan struct{}) error {
 		Handler:           drainer,
 		Addr:              fmt.Sprint(":", wh.Options.Port),
 		TLSConfig:         wh.tlsConfig,
-		ReadHeaderTimeout: time.Minute, //https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
+		ReadHeaderTimeout: time.Minute, // https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
 		TLSNextProto:      nextProto,
 	}
 
-	var serve = server.ListenAndServe
+	serve := server.ListenAndServe
 
 	if server.TLSConfig != nil && wh.testListener != nil {
 		serve = func() error {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 99935bbd977..e558e1326c5 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1058,7 +1058,7 @@ knative.dev/hack/schema/commands
 knative.dev/hack/schema/docs
 knative.dev/hack/schema/registry
 knative.dev/hack/schema/schema
-# knative.dev/pkg v0.0.0-20240621201938-fc0720b7a660
+# knative.dev/pkg v0.0.0-20240625072707-8535fcc248ae
 ## explicit; go 1.22
 knative.dev/pkg/apiextensions/storageversion
 knative.dev/pkg/apiextensions/storageversion/cmd/migrate

From 922edf285258ddb63769b88bc31c08f20b2235d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christoph=20St=C3=A4bler?= <cstabler@redhat.com>
Date: Wed, 26 Jun 2024 13:34:28 +0200
Subject: [PATCH 3/8] Remove unneeded replaces in go.mod (#8033)

---
 go.mod             | 5 -----
 vendor/modules.txt | 2 --
 2 files changed, 7 deletions(-)

diff --git a/go.mod b/go.mod
index bacba25645b..42bc77eab08 100644
--- a/go.mod
+++ b/go.mod
@@ -121,8 +121,3 @@ require (
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )
-
-replace (
-	github.com/dgrijalva/jwt-go => github.com/form3tech-oss/jwt-go v0.0.0-20210511163231-5b2d2b5f6c34
-	github.com/miekg/dns v1.0.14 => github.com/miekg/dns v1.1.25
-)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index e558e1326c5..d9867624908 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1252,5 +1252,3 @@ sigs.k8s.io/structured-merge-diff/v4/value
 ## explicit; go 1.12
 sigs.k8s.io/yaml
 sigs.k8s.io/yaml/goyaml.v2
-# github.com/dgrijalva/jwt-go => github.com/form3tech-oss/jwt-go v0.0.0-20210511163231-5b2d2b5f6c34
-# github.com/miekg/dns v1.0.14 => github.com/miekg/dns v1.1.25

From e36a2cf3e19426b702b01cb203a4458595264c51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christoph=20St=C3=A4bler?= <cstabler@redhat.com>
Date: Wed, 26 Jun 2024 16:42:47 +0200
Subject: [PATCH 4/8] Use `knative/actions/setup-go` to be in sync with other
 projects (#8044)

Use knative/actions/setup-go to be in sync with other projects
---
 .github/workflows/kind-e2e.yaml           | 4 +---
 .github/workflows/knative-downstream.yaml | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/kind-e2e.yaml b/.github/workflows/kind-e2e.yaml
index ceca537041b..26129223850 100644
--- a/.github/workflows/kind-e2e.yaml
+++ b/.github/workflows/kind-e2e.yaml
@@ -59,9 +59,7 @@ jobs:
 
     steps:
     - name: Set up Go
-      uses: actions/setup-go@v2
-      with:
-        go-version: 1.21.x
+      uses: knative/actions/setup-go@main
 
     # Install the latest release of ko
     - name: Install ko
diff --git a/.github/workflows/knative-downstream.yaml b/.github/workflows/knative-downstream.yaml
index 7895b357037..de9897c5f17 100644
--- a/.github/workflows/knative-downstream.yaml
+++ b/.github/workflows/knative-downstream.yaml
@@ -44,9 +44,7 @@ jobs:
       GOPATH: ${{ github.workspace }}
     steps:
     - name: Set up Go
-      uses: actions/setup-go@v2
-      with:
-        go-version: 1.21.x
+      uses: knative/actions/setup-go@main
     - name: Install Dependencies
       run: |
         go install github.com/google/go-licenses@latest

From c5ac18af7eb67cdadc6abe90fe6901b8dd386794 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christoph=20St=C3=A4bler?= <cstabler@redhat.com>
Date: Wed, 26 Jun 2024 17:52:28 +0200
Subject: [PATCH 5/8] Update Github actions automatically (#7942)

---
 .github/.dependabot.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .github/.dependabot.yaml

diff --git a/.github/.dependabot.yaml b/.github/.dependabot.yaml
new file mode 100644
index 00000000000..453228e1c2e
--- /dev/null
+++ b/.github/.dependabot.yaml
@@ -0,0 +1,8 @@
+# Set update schedule for GitHub Actions
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"

From a6ac8111e82f1f8b6a5c9e52acb8ec59782394e3 Mon Sep 17 00:00:00 2001
From: Knative Automation <automation@knative.team>
Date: Thu, 27 Jun 2024 02:01:50 -0400
Subject: [PATCH 6/8] [main] Upgrade to latest dependencies (#8032)

upgrade to latest dependencies

bumping knative.dev/pkg 8535fcc...3f6a546:
  > 3f6a546 Fix rand source in name (# 3070)
  > ee1db86 Update linter config and address lint warnings/failures (# 3068)
  > 26bc7b4 Register AuthenticatableType in schema (# 3069)

Signed-off-by: Knative Automation <automation@knative.team>
---
 go.mod                                        |  2 +-
 go.sum                                        |  4 ++--
 vendor/knative.dev/pkg/apis/condition_set.go  |  3 ++-
 vendor/knative.dev/pkg/apis/deprecated.go     |  2 +-
 .../pkg/apis/duck/v1/destination.go           |  4 ++--
 .../pkg/apis/duck/v1/knative_reference.go     |  1 -
 .../knative.dev/pkg/apis/duck/v1/register.go  |  2 ++
 .../pkg/apis/duck/v1/status_types.go          |  1 -
 .../pkg/apis/duck/v1beta1/destination.go      |  4 ++--
 vendor/knative.dev/pkg/apis/kind2resource.go  |  5 ++--
 .../pkg/apis/testing/roundtrip/roundtrip.go   |  2 +-
 .../codegen/cmd/injection-gen/args/args.go    |  8 +++----
 .../cmd/injection-gen/generators/packages.go  |  8 +------
 vendor/knative.dev/pkg/configmap/filter.go    |  8 +++----
 .../pkg/configmap/informer/synced_callback.go |  4 ++--
 .../knative.dev/pkg/controller/controller.go  | 15 ++++--------
 vendor/knative.dev/pkg/hack/format-code.sh    | 23 +++++++++++++++++++
 vendor/knative.dev/pkg/injection/informers.go |  2 +-
 vendor/knative.dev/pkg/kmeta/names.go         |  3 ++-
 .../pkg/leaderelection/chaosduck/main.go      |  1 -
 .../knative.dev/pkg/leaderelection/context.go |  7 ++----
 .../pkg/metrics/opencensus_exporter.go        |  4 +++-
 .../pkg/metrics/prometheus_exporter.go        |  1 -
 .../knative.dev/pkg/metrics/resource_view.go  |  2 +-
 .../knative.dev/pkg/reconciler/configstore.go |  2 +-
 vendor/knative.dev/pkg/reconciler/events.go   |  2 +-
 .../pkg/reconciler/testing/context.go         |  2 +-
 .../pkg/reconciler/testing/table.go           |  4 +++-
 vendor/knative.dev/pkg/test/helpers/name.go   | 12 ++++++++--
 .../knative.dev/pkg/test/ingress/ingress.go   |  5 ++--
 .../knative.dev/pkg/test/logging/logging.go   |  2 ++
 .../pkg/test/logstream/v2/stream.go           |  1 -
 .../knative.dev/pkg/tracing/config/tracing.go |  6 ++---
 vendor/knative.dev/pkg/webhook/json/decode.go |  3 ++-
 .../pkg/webhook/psbinding/reconciler.go       |  3 +--
 .../validation/validation_admit.go            |  3 ++-
 vendor/knative.dev/pkg/webhook/webhook.go     |  1 +
 vendor/modules.txt                            |  2 +-
 38 files changed, 94 insertions(+), 70 deletions(-)
 create mode 100644 vendor/knative.dev/pkg/hack/format-code.sh

diff --git a/go.mod b/go.mod
index 42bc77eab08..55a5c979746 100644
--- a/go.mod
+++ b/go.mod
@@ -45,7 +45,7 @@ require (
 	k8s.io/utils v0.0.0-20240102154912-e7106e64919e
 	knative.dev/hack v0.0.0-20240607132042-09143140a254
 	knative.dev/hack/schema v0.0.0-20240607132042-09143140a254
-	knative.dev/pkg v0.0.0-20240625072707-8535fcc248ae
+	knative.dev/pkg v0.0.0-20240626134149-3f6a546ac3a4
 	knative.dev/reconciler-test v0.0.0-20240618170853-5bf0b86114f8
 	sigs.k8s.io/yaml v1.4.0
 )
diff --git a/go.sum b/go.sum
index 84bda4c9d2b..5046b4dbd16 100644
--- a/go.sum
+++ b/go.sum
@@ -842,8 +842,8 @@ knative.dev/hack v0.0.0-20240607132042-09143140a254 h1:1YFnu3U6dWZg0oxm6GU8kEdA9
 knative.dev/hack v0.0.0-20240607132042-09143140a254/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/hack/schema v0.0.0-20240607132042-09143140a254 h1:b9hFHGtxx0Kpm4EEjSD72lL0jms91To3OEVBTbqfOYI=
 knative.dev/hack/schema v0.0.0-20240607132042-09143140a254/go.mod h1:3pWwBLnTZSM9psSgCAvhKOHIPTzqfEMlWRpDu6IYhK0=
-knative.dev/pkg v0.0.0-20240625072707-8535fcc248ae h1:unXplcQLqwO+QtSepyRI2zy4ZD/tciPro9Y4uVG6n6g=
-knative.dev/pkg v0.0.0-20240625072707-8535fcc248ae/go.mod h1:Wikg4u73T6vk9TctrxZt60VXzqmGEQIx0iKfk1+9o4c=
+knative.dev/pkg v0.0.0-20240626134149-3f6a546ac3a4 h1:slPKf3UKdBFZlz+hFy+KXzTgY9yOePLzRuEhKzgc5a4=
+knative.dev/pkg v0.0.0-20240626134149-3f6a546ac3a4/go.mod h1:Wikg4u73T6vk9TctrxZt60VXzqmGEQIx0iKfk1+9o4c=
 knative.dev/reconciler-test v0.0.0-20240618170853-5bf0b86114f8 h1:A+rsitEiTX3GudM51g7zUMza+Ripj+boncmlJ2jZp50=
 knative.dev/reconciler-test v0.0.0-20240618170853-5bf0b86114f8/go.mod h1:2uUx3U6kdIzgJgMGgrGmdDdcFrFiex/DjuI2gM7Tte8=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/vendor/knative.dev/pkg/apis/condition_set.go b/vendor/knative.dev/pkg/apis/condition_set.go
index 9ad14902e78..940d1b3ab32 100644
--- a/vendor/knative.dev/pkg/apis/condition_set.go
+++ b/vendor/knative.dev/pkg/apis/condition_set.go
@@ -17,6 +17,7 @@ limitations under the License.
 package apis
 
 import (
+	"errors"
 	"fmt"
 	"reflect"
 	"sort"
@@ -233,7 +234,7 @@ func (r conditionsImpl) ClearCondition(t ConditionType) error {
 	}
 	// Terminal conditions are not handled as they can't be nil
 	if r.isTerminal(t) {
-		return fmt.Errorf("clearing terminal conditions not implemented")
+		return errors.New("clearing terminal conditions not implemented")
 	}
 	cond := r.GetCondition(t)
 	if cond == nil {
diff --git a/vendor/knative.dev/pkg/apis/deprecated.go b/vendor/knative.dev/pkg/apis/deprecated.go
index 8f07e71b31b..b5dfde2fbb4 100644
--- a/vendor/knative.dev/pkg/apis/deprecated.go
+++ b/vendor/knative.dev/pkg/apis/deprecated.go
@@ -94,7 +94,7 @@ func getPrefixedNamedFieldValues(prefix string, obj interface{}) (map[string]ref
 		return fields, inlined
 	}
 
-	for i := 0; i < objValue.NumField(); i++ {
+	for i := range objValue.NumField() {
 		tf := objValue.Type().Field(i)
 		if v := objValue.Field(i); v.IsValid() {
 			jTag := tf.Tag.Get("json")
diff --git a/vendor/knative.dev/pkg/apis/duck/v1/destination.go b/vendor/knative.dev/pkg/apis/duck/v1/destination.go
index 720d4067766..34c1af94f99 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1/destination.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/destination.go
@@ -103,11 +103,11 @@ func (d *Destination) SetDefaults(ctx context.Context) {
 	}
 }
 
-func validateCACerts(CACert *string) *apis.FieldError {
+func validateCACerts(caCert *string) *apis.FieldError {
 	// Check the object.
 	var errs *apis.FieldError
 
-	block, err := pem.Decode([]byte(*CACert))
+	block, err := pem.Decode([]byte(*caCert))
 	if err != nil && block == nil {
 		errs = errs.Also(apis.ErrInvalidValue("CA Cert provided is invalid", "caCert"))
 		return errs
diff --git a/vendor/knative.dev/pkg/apis/duck/v1/knative_reference.go b/vendor/knative.dev/pkg/apis/duck/v1/knative_reference.go
index 4d03b6b97ce..2609fb1c99c 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1/knative_reference.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/knative_reference.go
@@ -102,7 +102,6 @@ func (kr *KReference) Validate(ctx context.Context) *apis.FieldError {
 					Details: fmt.Sprintf("parent namespace: %q does not match ref: %q", parentNS, kr.Namespace),
 				})
 			}
-
 		}
 	}
 	return errs
diff --git a/vendor/knative.dev/pkg/apis/duck/v1/register.go b/vendor/knative.dev/pkg/apis/duck/v1/register.go
index fb4348a0585..b7366b66044 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1/register.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/register.go
@@ -52,6 +52,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		(&KResource{}).GetListType(),
 		&AddressableType{},
 		(&AddressableType{}).GetListType(),
+		&AuthenticatableType{},
+		(&AuthenticatableType{}).GetListType(),
 		&Source{},
 		(&Source{}).GetListType(),
 		&WithPod{},
diff --git a/vendor/knative.dev/pkg/apis/duck/v1/status_types.go b/vendor/knative.dev/pkg/apis/duck/v1/status_types.go
index 15e26453466..2e8d66f93b4 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1/status_types.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1/status_types.go
@@ -97,7 +97,6 @@ func (s *Status) ConvertTo(ctx context.Context, sink *Status, predicates ...func
 
 	conditions := make(apis.Conditions, 0, len(s.Conditions))
 	for _, c := range s.Conditions {
-
 		// Copy over the "happy" condition, which is the only condition that
 		// we can reliably transfer.
 		if c.Type == apis.ConditionReady || c.Type == apis.ConditionSucceeded {
diff --git a/vendor/knative.dev/pkg/apis/duck/v1beta1/destination.go b/vendor/knative.dev/pkg/apis/duck/v1beta1/destination.go
index 41c7702df16..bc6e56ae41c 100644
--- a/vendor/knative.dev/pkg/apis/duck/v1beta1/destination.go
+++ b/vendor/knative.dev/pkg/apis/duck/v1beta1/destination.go
@@ -168,11 +168,11 @@ func validateDestinationRef(ref corev1.ObjectReference) *apis.FieldError {
 	return errs
 }
 
-func validateCACerts(CACert *string) *apis.FieldError {
+func validateCACerts(caCert *string) *apis.FieldError {
 	// Check the object.
 	var errs *apis.FieldError
 
-	block, err := pem.Decode([]byte(*CACert))
+	block, err := pem.Decode([]byte(*caCert))
 	if err != nil && block == nil {
 		errs = errs.Also(apis.ErrInvalidValue("CA Cert provided is invalid", "caCert"))
 		return errs
diff --git a/vendor/knative.dev/pkg/apis/kind2resource.go b/vendor/knative.dev/pkg/apis/kind2resource.go
index 37ffe080345..b1937086e6f 100644
--- a/vendor/knative.dev/pkg/apis/kind2resource.go
+++ b/vendor/knative.dev/pkg/apis/kind2resource.go
@@ -17,7 +17,6 @@ limitations under the License.
 package apis
 
 import (
-	"fmt"
 	"strings"
 
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -41,7 +40,7 @@ func KindToResource(gvk schema.GroupVersionKind) schema.GroupVersionResource {
 func pluralizeKind(kind string) string {
 	ret := strings.ToLower(kind)
 	if strings.HasSuffix(ret, "s") {
-		return fmt.Sprintf("%ses", ret)
+		return ret + "es"
 	}
-	return fmt.Sprintf("%ss", ret)
+	return ret + "s"
 }
diff --git a/vendor/knative.dev/pkg/apis/testing/roundtrip/roundtrip.go b/vendor/knative.dev/pkg/apis/testing/roundtrip/roundtrip.go
index bdf33349f10..54493b02e24 100644
--- a/vendor/knative.dev/pkg/apis/testing/roundtrip/roundtrip.go
+++ b/vendor/knative.dev/pkg/apis/testing/roundtrip/roundtrip.go
@@ -144,7 +144,7 @@ func ExternalTypesViaHub(t *testing.T, scheme, hubs *runtime.Scheme, fuzzerFuncs
 		}
 
 		t.Run(gvk.Group+"."+gvk.Version+"."+gvk.Kind, func(t *testing.T) {
-			for i := 0; i < *roundtrip.FuzzIters; i++ {
+			for range *roundtrip.FuzzIters {
 				roundTripViaHub(t, gvk, scheme, hubs, f)
 
 				if t.Failed() {
diff --git a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/args/args.go b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/args/args.go
index 265b4e40ae0..92595e2ffec 100644
--- a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/args/args.go
+++ b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/args/args.go
@@ -17,7 +17,7 @@ limitations under the License.
 package args
 
 import (
-	"fmt"
+	"errors"
 
 	"github.com/spf13/pflag"
 	"k8s.io/gengo/args"
@@ -59,13 +59,13 @@ func Validate(genericArgs *args.GeneratorArgs) error {
 	customArgs := genericArgs.CustomArgs.(*CustomArgs)
 
 	if len(genericArgs.OutputPackagePath) == 0 {
-		return fmt.Errorf("output package cannot be empty")
+		return errors.New("output package cannot be empty")
 	}
 	if len(customArgs.VersionedClientSetPackage) == 0 {
-		return fmt.Errorf("versioned clientset package cannot be empty")
+		return errors.New("versioned clientset package cannot be empty")
 	}
 	if len(customArgs.ExternalVersionsInformersPackage) == 0 {
-		return fmt.Errorf("external versions informers package cannot be empty")
+		return errors.New("external versions informers package cannot be empty")
 	}
 
 	return nil
diff --git a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/packages.go b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/packages.go
index f0ca43f2bf2..02f61519f08 100644
--- a/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/packages.go
+++ b/vendor/knative.dev/pkg/codegen/cmd/injection-gen/generators/packages.go
@@ -43,7 +43,7 @@ func Packages(context *generator.Context, arguments *args.GeneratorArgs) generat
 		klog.Fatalf("Wrong CustomArgs type: %T", arguments.CustomArgs)
 	}
 
-	versionPackagePath := filepath.Join(arguments.OutputPackagePath)
+	versionPackagePath := filepath.Clean(arguments.OutputPackagePath)
 
 	var packageList generator.Packages
 
@@ -389,8 +389,6 @@ func versionInformerPackages(basePackage string, groupPkgName string, gv clientg
 	vers := make([]generator.Package, 0, 2*len(typesToGenerate))
 
 	for _, t := range typesToGenerate {
-		// Fix for golang iterator bug.
-		t := t
 		packagePath := packagePath + "/" + strings.ToLower(t.Name.Name)
 		typedInformerPackage := typedInformerPackage(groupPkgName, gv, customArgs.ExternalVersionsInformersPackage)
 
@@ -501,7 +499,6 @@ func versionInformerPackages(basePackage string, groupPkgName string, gv clientg
 				return tags.NeedsInformerInjection()
 			},
 		})
-
 	}
 	return vers
 }
@@ -513,8 +510,6 @@ func reconcilerPackages(basePackage string, groupPkgName string, gv clientgentyp
 	vers := make([]generator.Package, 0, 4*len(typesToGenerate))
 
 	for _, t := range typesToGenerate {
-		// Fix for golang iterator bug.
-		t := t
 		extracted := extractCommentTags(t)
 		reconcilerClasses, hasReconcilerClass := extractReconcilerClassesTag(extracted)
 		nonNamespaced := isNonNamespaced(extracted)
@@ -677,7 +672,6 @@ func versionDuckPackages(basePackage string, groupPkgName string, gv clientgenty
 
 	for _, t := range typesToGenerate {
 		// Fix for golang iterator bug.
-		t := t
 		packagePath := filepath.Join(packagePath, strings.ToLower(t.Name.Name))
 
 		// Impl
diff --git a/vendor/knative.dev/pkg/configmap/filter.go b/vendor/knative.dev/pkg/configmap/filter.go
index ed1040e27b3..6fb332a8cff 100644
--- a/vendor/knative.dev/pkg/configmap/filter.go
+++ b/vendor/knative.dev/pkg/configmap/filter.go
@@ -17,7 +17,7 @@ limitations under the License.
 package configmap
 
 import (
-	"fmt"
+	"errors"
 	"reflect"
 
 	corev1 "k8s.io/api/core/v1"
@@ -58,17 +58,17 @@ func ValidateConstructor(constructor interface{}) error {
 	cType := reflect.TypeOf(constructor)
 
 	if cType.Kind() != reflect.Func {
-		return fmt.Errorf("config constructor must be a function")
+		return errors.New("config constructor must be a function")
 	}
 
 	if cType.NumIn() != 1 || cType.In(0) != reflect.TypeOf(&corev1.ConfigMap{}) {
-		return fmt.Errorf("config constructor must be of the type func(*k8s.io/api/core/v1/ConfigMap) (..., error)")
+		return errors.New("config constructor must be of the type func(*k8s.io/api/core/v1/ConfigMap) (..., error)")
 	}
 
 	errorType := reflect.TypeOf((*error)(nil)).Elem()
 
 	if cType.NumOut() != 2 || !cType.Out(1).Implements(errorType) {
-		return fmt.Errorf("config constructor must be of the type func(*k8s.io/api/core/v1/ConfigMap) (..., error)")
+		return errors.New("config constructor must be of the type func(*k8s.io/api/core/v1/ConfigMap) (..., error)")
 	}
 	return nil
 }
diff --git a/vendor/knative.dev/pkg/configmap/informer/synced_callback.go b/vendor/knative.dev/pkg/configmap/informer/synced_callback.go
index 0b3e2d3a9aa..80e776aa906 100644
--- a/vendor/knative.dev/pkg/configmap/informer/synced_callback.go
+++ b/vendor/knative.dev/pkg/configmap/informer/synced_callback.go
@@ -17,10 +17,10 @@ limitations under the License.
 package informer
 
 import (
+	"context"
 	"sync"
 
 	"k8s.io/apimachinery/pkg/util/sets"
-	"k8s.io/apimachinery/pkg/util/wait"
 )
 
 // namedWaitGroup is used to increment and decrement a WaitGroup by name
@@ -107,6 +107,6 @@ func (s *syncedCallback) WaitForAllKeys(stopCh <-chan struct{}) error {
 	case <-c:
 		return nil
 	case <-stopCh:
-		return wait.ErrWaitTimeout
+		return context.DeadlineExceeded
 	}
 }
diff --git a/vendor/knative.dev/pkg/controller/controller.go b/vendor/knative.dev/pkg/controller/controller.go
index bc7c4be495a..152d837d6d6 100644
--- a/vendor/knative.dev/pkg/controller/controller.go
+++ b/vendor/knative.dev/pkg/controller/controller.go
@@ -224,7 +224,7 @@ type Impl struct {
 
 // ControllerOptions encapsulates options for creating a new controller,
 // including throttling and stats behavior.
-type ControllerOptions struct { //nolint // for backcompat.
+type ControllerOptions struct {
 	WorkQueueName string
 	Logger        *zap.SugaredLogger
 	Reporter      StatsReporter
@@ -482,7 +482,7 @@ func (c *Impl) RunContext(ctx context.Context, threadiness int) error {
 
 	// Launch workers to process resources that get enqueued to our workqueue.
 	c.logger.Info("Starting controller and workers")
-	for i := 0; i < threadiness; i++ {
+	for range threadiness {
 		sg.Add(1)
 		go func() {
 			defer sg.Done()
@@ -623,7 +623,6 @@ func IsSkipKey(err error) bool {
 // Is implements the Is() interface of error. It returns whether the target
 // error can be treated as equivalent to a permanentError.
 func (skipKeyError) Is(target error) bool {
-	//nolint: errorlint // This check is actually fine.
 	_, ok := target.(skipKeyError)
 	return ok
 }
@@ -650,7 +649,6 @@ func IsPermanentError(err error) bool {
 // Is implements the Is() interface of error. It returns whether the target
 // error can be treated as equivalent to a permanentError.
 func (permanentError) Is(target error) bool {
-	//nolint: errorlint // This check is actually fine.
 	_, ok := target.(permanentError)
 	return ok
 }
@@ -710,7 +708,6 @@ func IsRequeueKey(err error) (bool, time.Duration) {
 // Is implements the Is() interface of error. It returns whether the target
 // error can be treated as equivalent to a requeueKeyError.
 func (requeueKeyError) Is(target error) bool {
-	//nolint: errorlint // This check is actually fine.
 	_, ok := target.(requeueKeyError)
 	return ok
 }
@@ -726,7 +723,6 @@ type Informer interface {
 // of them to synchronize.
 func StartInformers(stopCh <-chan struct{}, informers ...Informer) error {
 	for _, informer := range informers {
-		informer := informer
 		go informer.Run(stopCh)
 	}
 
@@ -744,7 +740,6 @@ func RunInformers(stopCh <-chan struct{}, informers ...Informer) (func(), error)
 	var wg sync.WaitGroup
 	wg.Add(len(informers))
 	for _, informer := range informers {
-		informer := informer
 		go func() {
 			defer wg.Done()
 			informer.Run(stopCh)
@@ -762,8 +757,8 @@ func RunInformers(stopCh <-chan struct{}, informers ...Informer) (func(), error)
 // WaitForCacheSyncQuick is the same as cache.WaitForCacheSync but with a much reduced
 // check-rate for the sync period.
 func WaitForCacheSyncQuick(stopCh <-chan struct{}, cacheSyncs ...cache.InformerSynced) bool {
-	err := wait.PollImmediateUntil(time.Millisecond,
-		func() (bool, error) {
+	err := wait.PollUntilContextCancel(wait.ContextForChannel(stopCh), time.Millisecond, true,
+		func(context.Context) (bool, error) {
 			for _, syncFunc := range cacheSyncs {
 				if !syncFunc() {
 					return false, nil
@@ -771,7 +766,7 @@ func WaitForCacheSyncQuick(stopCh <-chan struct{}, cacheSyncs ...cache.InformerS
 			}
 			return true, nil
 		},
-		stopCh)
+	)
 	return err == nil
 }
 
diff --git a/vendor/knative.dev/pkg/hack/format-code.sh b/vendor/knative.dev/pkg/hack/format-code.sh
new file mode 100644
index 00000000000..b9ccea8fc93
--- /dev/null
+++ b/vendor/knative.dev/pkg/hack/format-code.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+# Copyright 2024 The Knative Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+
+go run mvdan.cc/gofumpt@latest -l -w .
+
diff --git a/vendor/knative.dev/pkg/injection/informers.go b/vendor/knative.dev/pkg/injection/informers.go
index 9356f8d7f9b..2c7a283c289 100644
--- a/vendor/knative.dev/pkg/injection/informers.go
+++ b/vendor/knative.dev/pkg/injection/informers.go
@@ -14,6 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+//nolint:fatcontext
 package injection
 
 import (
@@ -93,7 +94,6 @@ func (i *impl) SetupInformers(ctx context.Context, cfg *rest.Config) (context.Co
 	for _, fii := range i.GetFilteredInformers() {
 		ctx, filteredinfs = fii(ctx)
 		informers = append(informers, filteredinfs...)
-
 	}
 	return ctx, informers
 }
diff --git a/vendor/knative.dev/pkg/kmeta/names.go b/vendor/knative.dev/pkg/kmeta/names.go
index 963b121d29f..0977544c8ca 100644
--- a/vendor/knative.dev/pkg/kmeta/names.go
+++ b/vendor/knative.dev/pkg/kmeta/names.go
@@ -18,6 +18,7 @@ package kmeta
 
 import (
 	"crypto/md5" //nolint:gosec // No strong cryptography needed.
+	"encoding/hex"
 	"fmt"
 	"regexp"
 )
@@ -53,7 +54,7 @@ func ChildName(parent, suffix string) string {
 			// Format the return string, if it's shorter than longest: pad with
 			// beginning of the suffix. This happens, for example, when parent is
 			// short, but the suffix is very long.
-			ret := parent + fmt.Sprintf("%x", h)
+			ret := parent + hex.EncodeToString(h[:])
 			if d := longest - len(ret); d > 0 {
 				ret += suffix[:d]
 			}
diff --git a/vendor/knative.dev/pkg/leaderelection/chaosduck/main.go b/vendor/knative.dev/pkg/leaderelection/chaosduck/main.go
index 3125d8e3b9d..1e9420f53be 100644
--- a/vendor/knative.dev/pkg/leaderelection/chaosduck/main.go
+++ b/vendor/knative.dev/pkg/leaderelection/chaosduck/main.go
@@ -153,7 +153,6 @@ func main() {
 				continue
 			}
 
-			name, leaders := name, leaders
 			eg.Go(func() error {
 				return quack(ctx, kc, name, leaders)
 			})
diff --git a/vendor/knative.dev/pkg/leaderelection/context.go b/vendor/knative.dev/pkg/leaderelection/context.go
index 4cd6830639c..15f9376ed9f 100644
--- a/vendor/knative.dev/pkg/leaderelection/context.go
+++ b/vendor/knative.dev/pkg/leaderelection/context.go
@@ -133,9 +133,6 @@ func (b *standardBuilder) buildElector(ctx context.Context, la reconciler.Leader
 	bkts := newStandardBuckets(queueName, b.lec)
 	electors := make([]Elector, 0, b.lec.Buckets)
 	for _, bkt := range bkts {
-		// Use a local var which won't change across the for loop since it is
-		// used in a callback asynchronously.
-		bkt := bkt
 		rl, err := resourcelock.New(knativeResourceLock,
 			system.Namespace(), // use namespace we are running in
 			bkt.Name(),
@@ -192,7 +189,7 @@ func newStandardBuckets(queueName string, cc ComponentConfig) []reconciler.Bucke
 		}
 	}
 	names := make(sets.Set[string], cc.Buckets)
-	for i := uint32(0); i < cc.Buckets; i++ {
+	for i := range cc.Buckets {
 		names.Insert(ln(i))
 	}
 
@@ -239,7 +236,7 @@ func NewStatefulSetBucketAndSet(buckets int) (reconciler.Bucket, *hash.BucketSet
 	}
 
 	names := make(sets.Set[string], buckets)
-	for i := 0; i < buckets; i++ {
+	for i := range buckets {
 		names.Insert(statefulSetPodDNS(i, ssc))
 	}
 
diff --git a/vendor/knative.dev/pkg/metrics/opencensus_exporter.go b/vendor/knative.dev/pkg/metrics/opencensus_exporter.go
index 59e33ab0995..8ea0f6e4197 100644
--- a/vendor/knative.dev/pkg/metrics/opencensus_exporter.go
+++ b/vendor/knative.dev/pkg/metrics/opencensus_exporter.go
@@ -64,7 +64,9 @@ func getFactory(defaultExporter view.Exporter, stored []ocagent.ExporterOption)
 			// Don't create duplicate exporters for the default exporter.
 			return defaultExporter, nil
 		}
-		opts := append(stored, ocagent.WithResourceDetector(
+		opts := make([]ocagent.ExporterOption, 0, len(stored)+1)
+		opts = append(opts, stored...)
+		opts = append(opts, ocagent.WithResourceDetector(
 			func(context.Context) (*resource.Resource, error) {
 				return r, nil
 			}))
diff --git a/vendor/knative.dev/pkg/metrics/prometheus_exporter.go b/vendor/knative.dev/pkg/metrics/prometheus_exporter.go
index cb5238476f3..7dfcc094d8f 100644
--- a/vendor/knative.dev/pkg/metrics/prometheus_exporter.go
+++ b/vendor/knative.dev/pkg/metrics/prometheus_exporter.go
@@ -42,7 +42,6 @@ func (emptyPromExporter) ExportView(viewData *view.Data) {
 	// a signal to enrich the internal Meters with Resource information.
 }
 
-// nolint: unparam // False positive of flagging the second result of this function unused.
 func newPrometheusExporter(config *metricsConfig, logger *zap.SugaredLogger) (view.Exporter, ResourceExporterFactory, error) {
 	e, err := prom.NewExporter(prom.Options{Namespace: config.component})
 	if err != nil {
diff --git a/vendor/knative.dev/pkg/metrics/resource_view.go b/vendor/knative.dev/pkg/metrics/resource_view.go
index 930b389319c..d4e2c599daa 100644
--- a/vendor/knative.dev/pkg/metrics/resource_view.go
+++ b/vendor/knative.dev/pkg/metrics/resource_view.go
@@ -307,7 +307,7 @@ func optionForResource(r *resource.Resource) (stats.Options, error) {
 			// If we can't create exporters but we have a Meter, return that.
 			return mE.o, nil
 		}
-		return nil, fmt.Errorf("whoops, allMeters.factory is nil")
+		return nil, errors.New("whoops, allMeters.factory is nil")
 	}
 	exporter, err := allMeters.factory(r)
 	if err != nil {
diff --git a/vendor/knative.dev/pkg/reconciler/configstore.go b/vendor/knative.dev/pkg/reconciler/configstore.go
index 6b61856d566..3cbfbbffbab 100644
--- a/vendor/knative.dev/pkg/reconciler/configstore.go
+++ b/vendor/knative.dev/pkg/reconciler/configstore.go
@@ -33,7 +33,7 @@ var _ ConfigStore = ConfigStores{}
 
 func (stores ConfigStores) ToContext(ctx context.Context) context.Context {
 	for _, s := range stores {
-		ctx = s.ToContext(ctx)
+		ctx = s.ToContext(ctx) //nolint:fatcontext
 	}
 	return ctx
 }
diff --git a/vendor/knative.dev/pkg/reconciler/events.go b/vendor/knative.dev/pkg/reconciler/events.go
index df4c366cca5..9d249bc9db5 100644
--- a/vendor/knative.dev/pkg/reconciler/events.go
+++ b/vendor/knative.dev/pkg/reconciler/events.go
@@ -62,7 +62,7 @@ func NewEvent(eventtype, reason, messageFmt string, args ...interface{}) Event {
 
 // ReconcilerEvent wraps the fields required for recorders to create a
 // kubernetes recorder Event.
-type ReconcilerEvent struct { //nolint:revive // for backcompat.
+type ReconcilerEvent struct { //nolint:errname
 	EventType string
 	Reason    string
 	Format    string
diff --git a/vendor/knative.dev/pkg/reconciler/testing/context.go b/vendor/knative.dev/pkg/reconciler/testing/context.go
index 58b3b8d29ab..eb4d45b73c8 100644
--- a/vendor/knative.dev/pkg/reconciler/testing/context.go
+++ b/vendor/knative.dev/pkg/reconciler/testing/context.go
@@ -51,7 +51,7 @@ func SetupFakeContextWithCancel(t testing.TB, fs ...func(context.Context) contex
 	ctx, c := context.WithCancel(logtesting.TestContextWithLogger(t))
 	ctx = controller.WithEventRecorder(ctx, record.NewFakeRecorder(1000))
 	for _, f := range fs {
-		ctx = f(ctx)
+		ctx = f(ctx) //nolint:fatcontext
 	}
 	ctx = injection.WithConfig(ctx, &rest.Config{})
 
diff --git a/vendor/knative.dev/pkg/reconciler/testing/table.go b/vendor/knative.dev/pkg/reconciler/testing/table.go
index 18a83a2bb52..97cc921572f 100644
--- a/vendor/knative.dev/pkg/reconciler/testing/table.go
+++ b/vendor/knative.dev/pkg/reconciler/testing/table.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"path"
 	"reflect"
+	"slices"
 	"strings"
 	"testing"
 
@@ -168,7 +169,8 @@ func (r *TableRow) Test(t *testing.T, factory Factory) {
 		t.Errorf("Error capturing actions by verb: %q", err)
 	}
 
-	effectiveOpts := append(r.CmpOpts, defaultCmpOpts...)
+	effectiveOpts := slices.Concat(r.CmpOpts, defaultCmpOpts)
+
 	// Previous state is used to diff resource expected state for update requests that were missed.
 	objPrevState := make(map[string]runtime.Object, len(r.Objects))
 	for _, o := range r.Objects {
diff --git a/vendor/knative.dev/pkg/test/helpers/name.go b/vendor/knative.dev/pkg/test/helpers/name.go
index 0ceaed59430..18a93f2518b 100644
--- a/vendor/knative.dev/pkg/test/helpers/name.go
+++ b/vendor/knative.dev/pkg/test/helpers/name.go
@@ -19,6 +19,7 @@ package helpers
 import (
 	"math/rand"
 	"strings"
+	"sync"
 	"time"
 	"unicode"
 )
@@ -32,12 +33,17 @@ const (
 	testNamePrefix  = "Test"
 )
 
+var (
+	nameRand *rand.Rand
+	nameMu   sync.Mutex
+)
+
 func init() {
 	// Properly seed the random number generator so RandomString() is actually random.
 	// Otherwise, rerunning tests will generate the same names for the test resources, causing conflicts with
 	// already existing resources.
 	seed := time.Now().UTC().UnixNano()
-	rand.Seed(seed)
+	nameRand = rand.New(rand.NewSource(seed))
 }
 
 type named interface {
@@ -73,9 +79,11 @@ func AppendRandomString(prefix string) string {
 // RandomString will generate a random string.
 func RandomString() string {
 	suffix := make([]byte, randSuffixLen)
+	nameMu.Lock()
 	for i := range suffix {
-		suffix[i] = letterBytes[rand.Intn(len(letterBytes))]
+		suffix[i] = letterBytes[nameRand.Intn(len(letterBytes))]
 	}
+	nameMu.Unlock()
 	return string(suffix)
 }
 
diff --git a/vendor/knative.dev/pkg/test/ingress/ingress.go b/vendor/knative.dev/pkg/test/ingress/ingress.go
index 8de4052c75f..1bf38b8cc5c 100644
--- a/vendor/knative.dev/pkg/test/ingress/ingress.go
+++ b/vendor/knative.dev/pkg/test/ingress/ingress.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"strconv"
 
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -59,8 +60,8 @@ func GetIngressEndpoint(ctx context.Context, kubeClientset kubernetes.Interface,
 	if endpointOverride != "" {
 		return endpointOverride, func(port string) string {
 			for _, sp := range ingress.Spec.Ports {
-				if fmt.Sprint(sp.Port) == port {
-					return fmt.Sprint(sp.NodePort)
+				if strconv.Itoa(int(sp.Port)) == port {
+					return strconv.Itoa(int(sp.NodePort))
 				}
 			}
 			return port
diff --git a/vendor/knative.dev/pkg/test/logging/logging.go b/vendor/knative.dev/pkg/test/logging/logging.go
index 74df6dfdeaa..0946077aa65 100644
--- a/vendor/knative.dev/pkg/test/logging/logging.go
+++ b/vendor/knative.dev/pkg/test/logging/logging.go
@@ -67,6 +67,8 @@ func (e *zapMetricExporter) ExportView(vd *view.Data) {
 
 // GetEmitableSpan starts and returns a trace.Span with a name that
 // is used by the ExportSpan method to emit the span.
+//
+//nolint:spancheck
 func GetEmitableSpan(ctx context.Context, metricName string) *trace.Span {
 	_, span := trace.StartSpan(ctx, emitableSpanNamePrefix+metricName)
 	return span
diff --git a/vendor/knative.dev/pkg/test/logstream/v2/stream.go b/vendor/knative.dev/pkg/test/logstream/v2/stream.go
index 1a37a54d2fa..9b5c42454db 100644
--- a/vendor/knative.dev/pkg/test/logstream/v2/stream.go
+++ b/vendor/knative.dev/pkg/test/logstream/v2/stream.go
@@ -156,7 +156,6 @@ func (s *logSource) watchPods() error {
 							s.startForPod(p)
 						}
 					}
-
 				}
 			}
 		}()
diff --git a/vendor/knative.dev/pkg/tracing/config/tracing.go b/vendor/knative.dev/pkg/tracing/config/tracing.go
index 4d1831fc1bc..633ce3d4b20 100644
--- a/vendor/knative.dev/pkg/tracing/config/tracing.go
+++ b/vendor/knative.dev/pkg/tracing/config/tracing.go
@@ -135,12 +135,12 @@ func JSONToTracingConfig(jsonCfg string) (*Config, error) {
 
 	cfg, err := NewTracingConfigFromMap(configMap)
 	if err != nil {
-		return NoopConfig(), nil
+		return NoopConfig(), nil //nolint:nilerr
 	}
 	return cfg, nil
 }
 
-func TracingConfigToJSON(cfg *Config) (string, error) { //nolint // for backcompat.
+func TracingConfigToJSON(cfg *Config) (string, error) {
 	if cfg == nil {
 		return "", nil
 	}
@@ -150,7 +150,7 @@ func TracingConfigToJSON(cfg *Config) (string, error) { //nolint // for backcomp
 	if cfg.ZipkinEndpoint != "" {
 		out[zipkinEndpointKey] = cfg.ZipkinEndpoint
 	}
-	out[debugKey] = fmt.Sprint(cfg.Debug)
+	out[debugKey] = strconv.FormatBool(cfg.Debug)
 	out[sampleRateKey] = fmt.Sprint(cfg.SampleRate)
 
 	jsonCfg, err := json.Marshal(out)
diff --git a/vendor/knative.dev/pkg/webhook/json/decode.go b/vendor/knative.dev/pkg/webhook/json/decode.go
index c8e57079074..57720e81d23 100644
--- a/vendor/knative.dev/pkg/webhook/json/decode.go
+++ b/vendor/knative.dev/pkg/webhook/json/decode.go
@@ -19,6 +19,7 @@ package json
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"io"
 )
 
@@ -95,7 +96,7 @@ func findMetadataOffsets(bites []byte) (start, end int64, err error) {
 
 	for {
 		t, err = dec.Token()
-		if err == io.EOF { //nolint
+		if errors.Is(err, io.EOF) {
 			break
 		}
 		if err != nil {
diff --git a/vendor/knative.dev/pkg/webhook/psbinding/reconciler.go b/vendor/knative.dev/pkg/webhook/psbinding/reconciler.go
index 233af0d389d..b7f1ba0c7e7 100644
--- a/vendor/knative.dev/pkg/webhook/psbinding/reconciler.go
+++ b/vendor/knative.dev/pkg/webhook/psbinding/reconciler.go
@@ -113,7 +113,7 @@ func (r *BaseReconciler) Reconcile(ctx context.Context, key string) error {
 	namespace, name, err := cache.SplitMetaNamespaceKey(key)
 	if err != nil {
 		logging.FromContext(ctx).Error("invalid resource key: ", key)
-		return nil
+		return nil //nolint:nilerr
 	}
 
 	// Only the leader should reconcile binding resources.
@@ -391,7 +391,6 @@ func (r *BaseReconciler) ReconcileSubject(ctx context.Context, fb Bindable, muta
 	// For each of the referents, apply the mutation.
 	eg := errgroup.Group{}
 	for _, ps := range referents {
-		ps := ps
 		eg.Go(func() error {
 			// Do the binding to the pod specable.
 			orig := ps.DeepCopy()
diff --git a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/validation_admit.go b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/validation_admit.go
index ed5b8349207..94093e64825 100644
--- a/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/validation_admit.go
+++ b/vendor/knative.dev/pkg/webhook/resourcesemantics/validation/validation_admit.go
@@ -160,7 +160,8 @@ func (ac *reconciler) decodeRequestAndPrepareContext(
 	return ctx, newObj, nil
 }
 
-func validate(ctx context.Context, resource resourcesemantics.GenericCRD, req *admissionv1.AdmissionRequest) (err error, warn []error) { //nolint
+//nolint:stylecheck
+func validate(ctx context.Context, resource resourcesemantics.GenericCRD, req *admissionv1.AdmissionRequest) (err error, warn []error) {
 	logger := logging.FromContext(ctx)
 
 	// Only run validation for supported create and update validation.
diff --git a/vendor/knative.dev/pkg/webhook/webhook.go b/vendor/knative.dev/pkg/webhook/webhook.go
index e91262db2c1..e05c6f041ef 100644
--- a/vendor/knative.dev/pkg/webhook/webhook.go
+++ b/vendor/knative.dev/pkg/webhook/webhook.go
@@ -176,6 +176,7 @@ func New(
 		// a new secret informer from it.
 		secretInformer := kubeinformerfactory.Get(ctx).Core().V1().Secrets()
 
+		//nolint:gosec // operator configures TLS min version (default is 1.3)
 		webhook.tlsConfig = &tls.Config{
 			MinVersion: opts.TLSMinVersion,
 
diff --git a/vendor/modules.txt b/vendor/modules.txt
index d9867624908..a0c170ce403 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1058,7 +1058,7 @@ knative.dev/hack/schema/commands
 knative.dev/hack/schema/docs
 knative.dev/hack/schema/registry
 knative.dev/hack/schema/schema
-# knative.dev/pkg v0.0.0-20240625072707-8535fcc248ae
+# knative.dev/pkg v0.0.0-20240626134149-3f6a546ac3a4
 ## explicit; go 1.22
 knative.dev/pkg/apiextensions/storageversion
 knative.dev/pkg/apiextensions/storageversion/cmd/migrate

From 6992e6fb52bcae3ba9b2e6adc54824ab4eda2fdb Mon Sep 17 00:00:00 2001
From: Pierangelo Di Pilato <pierdipi@redhat.com>
Date: Thu, 27 Jun 2024 17:08:31 +0200
Subject: [PATCH 7/8] Avoid fatal errors for unknown features flags that can be
 added in a future release (#8051)

Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
---
 pkg/apis/feature/features.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/apis/feature/features.go b/pkg/apis/feature/features.go
index 982ca8c67e0..4d6c235df15 100644
--- a/pkg/apis/feature/features.go
+++ b/pkg/apis/feature/features.go
@@ -18,6 +18,7 @@ package feature
 
 import (
 	"fmt"
+	"log"
 	"strings"
 
 	corev1 "k8s.io/api/core/v1"
@@ -186,7 +187,8 @@ func NewFlagsConfigFromMap(data map[string]string) (Flags, error) {
 		} else if strings.Contains(k, NodeSelectorLabel) {
 			flags[sanitizedKey] = Flag(v)
 		} else {
-			return flags, fmt.Errorf("cannot parse the feature flag '%s' = '%s'", k, v)
+			flags[k] = Flag(v)
+			log.Printf("Warning: unknown feature flag value %q=%q\n", k, v)
 		}
 	}
 

From beb71bea9bf8175fa73e2b68e35f722aa218b6c5 Mon Sep 17 00:00:00 2001
From: Dharmjit Singh <sdharmjit@vmware.com>
Date: Fri, 28 Jun 2024 17:02:49 +0530
Subject: [PATCH 8/8] Add EventPolicy Reconciler (#8024)

* add eventpolicy reconciler

Signed-off-by: Dharmjit Singh <sdharmjit@vmware.com>

* Fixed Review Comments

* fixed eventpolicy api unit test

Signed-off-by: Dharmjit Singh <sdharmjit@vmware.com>

* Fixed more review comments

Signed-off-by: Dharmjit Singh <sdharmjit@vmware.com>

* Fixed more review comments-2

Signed-off-by: Dharmjit Singh <sdharmjit@vmware.com>

* Fixed eventpolicy unittests organization/naming

Signed-off-by: Dharmjit Singh <sdharmjit@vmware.com>

---------

Signed-off-by: Dharmjit Singh <sdharmjit@vmware.com>
---
 cmd/controller/main.go                        |   2 +
 .../v1alpha1/eventpolicy_lifecycle.go         |  44 +++-
 .../v1alpha1/eventpolicy_lifecycle_test.go    | 121 ++++++++-
 pkg/reconciler/channel/channel_test.go        |   4 +-
 pkg/reconciler/eventpolicy/controller.go      |  47 ++++
 pkg/reconciler/eventpolicy/controller_test.go |  39 +++
 pkg/reconciler/eventpolicy/eventpolicy.go     |  55 ++++
 .../eventpolicy/eventpolicy_test.go           | 239 ++++++++++++++++++
 .../controller/inmemorychannel_test.go        |   4 +-
 pkg/reconciler/testing/v1/eventpolicy.go      |  77 +++++-
 .../ducks/duck/v1/authstatus/fake/fake.go     |  30 +++
 vendor/modules.txt                            |   1 +
 12 files changed, 625 insertions(+), 38 deletions(-)
 create mode 100644 pkg/reconciler/eventpolicy/controller.go
 create mode 100644 pkg/reconciler/eventpolicy/controller_test.go
 create mode 100644 pkg/reconciler/eventpolicy/eventpolicy.go
 create mode 100644 pkg/reconciler/eventpolicy/eventpolicy_test.go
 create mode 100644 vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/fake/fake.go

diff --git a/cmd/controller/main.go b/cmd/controller/main.go
index 79fd5588fed..5b01605a5da 100644
--- a/cmd/controller/main.go
+++ b/cmd/controller/main.go
@@ -34,6 +34,7 @@ import (
 	"knative.dev/eventing/pkg/apis/sinks"
 	"knative.dev/eventing/pkg/auth"
 	"knative.dev/eventing/pkg/eventingtls"
+	"knative.dev/eventing/pkg/reconciler/eventpolicy"
 	"knative.dev/eventing/pkg/reconciler/jobsink"
 
 	"knative.dev/eventing/pkg/reconciler/apiserversource"
@@ -93,6 +94,7 @@ func main() {
 
 		// Eventing
 		eventtype.NewController,
+		eventpolicy.NewController,
 
 		// Flows
 		parallel.NewController,
diff --git a/pkg/apis/eventing/v1alpha1/eventpolicy_lifecycle.go b/pkg/apis/eventing/v1alpha1/eventpolicy_lifecycle.go
index 30c8575eac9..a74431f0d78 100644
--- a/pkg/apis/eventing/v1alpha1/eventpolicy_lifecycle.go
+++ b/pkg/apis/eventing/v1alpha1/eventpolicy_lifecycle.go
@@ -1,5 +1,5 @@
 /*
-Copyright 2020 The Knative Authors
+Copyright 2024 The Knative Authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -20,10 +20,12 @@ import (
 	"knative.dev/pkg/apis"
 )
 
-var eventPolicyCondSet = apis.NewLivingConditionSet()
+var eventPolicyCondSet = apis.NewLivingConditionSet(EventPolicyConditionAuthenticationEnabled, EventPolicyConditionSubjectsResolved)
 
 const (
-	EventPolicyConditionReady = apis.ConditionReady
+	EventPolicyConditionReady                                    = apis.ConditionReady
+	EventPolicyConditionAuthenticationEnabled apis.ConditionType = "AuthenticationEnabled"
+	EventPolicyConditionSubjectsResolved      apis.ConditionType = "SubjectsResolved"
 )
 
 // GetConditionSet retrieves the condition set for this resource. Implements the KRShaped interface.
@@ -32,21 +34,41 @@ func (*EventPolicy) GetConditionSet() apis.ConditionSet {
 }
 
 // GetCondition returns the condition currently associated with the given type, or nil.
-func (et *EventPolicyStatus) GetCondition(t apis.ConditionType) *apis.Condition {
-	return eventPolicyCondSet.Manage(et).GetCondition(t)
+func (ep *EventPolicyStatus) GetCondition(t apis.ConditionType) *apis.Condition {
+	return eventPolicyCondSet.Manage(ep).GetCondition(t)
 }
 
 // IsReady returns true if the resource is ready overall.
-func (et *EventPolicyStatus) IsReady() bool {
-	return et.GetTopLevelCondition().IsTrue()
+func (ep *EventPolicyStatus) IsReady() bool {
+	return ep.GetTopLevelCondition().IsTrue()
 }
 
 // GetTopLevelCondition returns the top level Condition.
-func (et *EventPolicyStatus) GetTopLevelCondition() *apis.Condition {
-	return eventPolicyCondSet.Manage(et).GetTopLevelCondition()
+func (ep *EventPolicyStatus) GetTopLevelCondition() *apis.Condition {
+	return eventPolicyCondSet.Manage(ep).GetTopLevelCondition()
 }
 
 // InitializeConditions sets relevant unset conditions to Unknown state.
-func (et *EventPolicyStatus) InitializeConditions() {
-	eventPolicyCondSet.Manage(et).InitializeConditions()
+func (ep *EventPolicyStatus) InitializeConditions() {
+	eventPolicyCondSet.Manage(ep).InitializeConditions()
+}
+
+// MarkOIDCAuthenticationEnabled sets EventPolicyConditionAuthenticationEnabled condition to true.
+func (ep *EventPolicyStatus) MarkOIDCAuthenticationEnabled() {
+	eventPolicyCondSet.Manage(ep).MarkTrue(EventPolicyConditionAuthenticationEnabled)
+}
+
+// MarkOIDCAuthenticationDisabled sets EventPolicyConditionAuthenticationEnabled condition to false.
+func (ep *EventPolicyStatus) MarkOIDCAuthenticationDisabled(reason, messageFormat string, messageA ...interface{}) {
+	eventPolicyCondSet.Manage(ep).MarkFalse(EventPolicyConditionAuthenticationEnabled, reason, messageFormat, messageA...)
+}
+
+// MarkSubjectsResolved sets EventPolicyConditionSubjectsResolved condition to true.
+func (ep *EventPolicyStatus) MarkSubjectsResolvedSucceeded() {
+	eventPolicyCondSet.Manage(ep).MarkTrue(EventPolicyConditionSubjectsResolved)
+}
+
+// MarkSubjectsNotResolved sets EventPolicyConditionSubjectsResolved condition to false.
+func (ep *EventPolicyStatus) MarkSubjectsResolvedFailed(reason, messageFormat string, messageA ...interface{}) {
+	eventPolicyCondSet.Manage(ep).MarkFalse(EventPolicyConditionSubjectsResolved, reason, messageFormat, messageA...)
 }
diff --git a/pkg/apis/eventing/v1alpha1/eventpolicy_lifecycle_test.go b/pkg/apis/eventing/v1alpha1/eventpolicy_lifecycle_test.go
index 1f18f054a1f..620c2b595df 100644
--- a/pkg/apis/eventing/v1alpha1/eventpolicy_lifecycle_test.go
+++ b/pkg/apis/eventing/v1alpha1/eventpolicy_lifecycle_test.go
@@ -49,12 +49,12 @@ func TestEventPolicyGetConditionSet(t *testing.T) {
 func TestEventPolicyGetCondition(t *testing.T) {
 	tests := []struct {
 		name      string
-		ets       *EventPolicyStatus
+		eps       *EventPolicyStatus
 		condQuery apis.ConditionType
 		want      *apis.Condition
 	}{{
 		name: "single condition",
-		ets: &EventPolicyStatus{
+		eps: &EventPolicyStatus{
 			Status: duckv1.Status{
 				Conditions: []apis.Condition{
 					eventPolicyConditionReady,
@@ -67,7 +67,7 @@ func TestEventPolicyGetCondition(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			got := test.ets.GetCondition(test.condQuery)
+			got := test.eps.GetCondition(test.condQuery)
 			if diff := cmp.Diff(test.want, got); diff != "" {
 				t.Error("unexpected condition (-want, +got) =", diff)
 			}
@@ -78,18 +78,27 @@ func TestEventPolicyGetCondition(t *testing.T) {
 func TestEventPolicyInitializeConditions(t *testing.T) {
 	tests := []struct {
 		name string
-		ets  *EventPolicyStatus
+		eps  *EventPolicyStatus
 		want *EventPolicyStatus
 	}{
 		{
 			name: "empty",
-			ets:  &EventPolicyStatus{},
+			eps:  &EventPolicyStatus{},
 			want: &EventPolicyStatus{
 				Status: duckv1.Status{
-					Conditions: []apis.Condition{{
-						Type:   EventPolicyConditionReady,
-						Status: corev1.ConditionUnknown,
-					},
+					Conditions: []apis.Condition{
+						{
+							Type:   EventPolicyConditionAuthenticationEnabled,
+							Status: corev1.ConditionUnknown,
+						},
+						{
+							Type:   EventPolicyConditionReady,
+							Status: corev1.ConditionUnknown,
+						},
+						{
+							Type:   EventPolicyConditionSubjectsResolved,
+							Status: corev1.ConditionUnknown,
+						},
 					},
 				},
 			},
@@ -98,10 +107,100 @@ func TestEventPolicyInitializeConditions(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			test.ets.InitializeConditions()
-			if diff := cmp.Diff(test.want, test.ets, ignoreAllButTypeAndStatus); diff != "" {
+			test.eps.InitializeConditions()
+			if diff := cmp.Diff(test.want, test.eps, ignoreAllButTypeAndStatus); diff != "" {
 				t.Error("unexpected conditions (-want, +got) =", diff)
 			}
 		})
 	}
 }
+
+func TestEventPolicyReadyCondition(t *testing.T) {
+	tests := []struct {
+		name                          string
+		eps                           *EventPolicyStatus
+		markOIDCAuthenticationEnabled bool
+		markSubjectsResolvedSucceeded bool
+		wantReady                     bool
+	}{
+		{
+			name: "Initially everything is Unknown, Auth&SubjectsResolved marked as true, EP should become Ready",
+			eps: &EventPolicyStatus{
+				Status: duckv1.Status{
+					Conditions: []apis.Condition{
+						{Type: EventPolicyConditionReady, Status: corev1.ConditionUnknown},
+						{Type: EventPolicyConditionAuthenticationEnabled, Status: corev1.ConditionUnknown},
+						{Type: EventPolicyConditionSubjectsResolved, Status: corev1.ConditionUnknown},
+					},
+				},
+			},
+			markOIDCAuthenticationEnabled: true,
+			markSubjectsResolvedSucceeded: true,
+			wantReady:                     true,
+		},
+		{
+			name: "Initially everything is True, Auth&SubjectsResolved stay true, EP should stay Ready",
+			eps: &EventPolicyStatus{
+				Status: duckv1.Status{
+					Conditions: []apis.Condition{
+						{Type: EventPolicyConditionReady, Status: corev1.ConditionTrue},
+						{Type: EventPolicyConditionAuthenticationEnabled, Status: corev1.ConditionTrue},
+						{Type: EventPolicyConditionSubjectsResolved, Status: corev1.ConditionTrue},
+					},
+				},
+			},
+			markOIDCAuthenticationEnabled: true,
+			markSubjectsResolvedSucceeded: true,
+			wantReady:                     true,
+		},
+		{
+			name: "Initially everything is True, then AuthenticationEnabled marked as False, EP should become NotReady",
+			eps: &EventPolicyStatus{
+				Status: duckv1.Status{
+					Conditions: []apis.Condition{
+						{Type: EventPolicyConditionReady, Status: corev1.ConditionTrue},
+						{Type: EventPolicyConditionAuthenticationEnabled, Status: corev1.ConditionTrue},
+						{Type: EventPolicyConditionSubjectsResolved, Status: corev1.ConditionTrue},
+					},
+				},
+			},
+			markOIDCAuthenticationEnabled: false,
+			markSubjectsResolvedSucceeded: true,
+			wantReady:                     false,
+		},
+		{
+			name: "Initially everything is True, then SubjectsResolved marked as False, EP should become NotReady",
+			eps: &EventPolicyStatus{
+				Status: duckv1.Status{
+					Conditions: []apis.Condition{
+						{Type: EventPolicyConditionReady, Status: corev1.ConditionTrue},
+						{Type: EventPolicyConditionAuthenticationEnabled, Status: corev1.ConditionTrue},
+						{Type: EventPolicyConditionSubjectsResolved, Status: corev1.ConditionTrue},
+					},
+				},
+			},
+			markOIDCAuthenticationEnabled: true,
+			markSubjectsResolvedSucceeded: false,
+			wantReady:                     false,
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			if test.markOIDCAuthenticationEnabled {
+				test.eps.MarkOIDCAuthenticationEnabled()
+			} else {
+				test.eps.MarkOIDCAuthenticationDisabled("OIDCAuthenticationDisabled", "")
+			}
+			if test.markSubjectsResolvedSucceeded {
+				test.eps.MarkSubjectsResolvedSucceeded()
+			} else {
+				test.eps.MarkSubjectsResolvedFailed("SubjectsNotResolved", "")
+			}
+			ep := EventPolicy{Status: *test.eps}
+			got := ep.GetConditionSet().Manage(test.eps).IsHappy()
+			if test.wantReady != got {
+				t.Errorf("unexpected readiness: want %v, got %v", test.wantReady, got)
+			}
+		})
+	}
+}
diff --git a/pkg/reconciler/channel/channel_test.go b/pkg/reconciler/channel/channel_test.go
index 783abe359a2..c1796379bc1 100644
--- a/pkg/reconciler/channel/channel_test.go
+++ b/pkg/reconciler/channel/channel_test.go
@@ -400,7 +400,7 @@ func TestReconcile(t *testing.T) {
 				WithInMemoryChannelDLSUnknown(),
 				WithInMemoryChannelEventPoliciesReady()),
 			NewEventPolicy(unreadyEventPolicyName, testNS,
-				WithUnreadyEventPolicyCondition,
+				WithUnreadyEventPolicyCondition("", ""),
 				WithEventPolicyToRef(channelV1GVK, channelName),
 			),
 			NewEventPolicy(fmt.Sprintf("%s-%s", unreadyEventPolicyName, channelName), testNS,
@@ -453,7 +453,7 @@ func TestReconcile(t *testing.T) {
 				WithEventPolicyToRef(channelV1GVK, channelName),
 			),
 			NewEventPolicy(unreadyEventPolicyName, testNS,
-				WithUnreadyEventPolicyCondition,
+				WithUnreadyEventPolicyCondition("", ""),
 				WithEventPolicyToRef(channelV1GVK, channelName),
 			),
 			NewEventPolicy(fmt.Sprintf("%s-%s", readyEventPolicyName, channelName), testNS,
diff --git a/pkg/reconciler/eventpolicy/controller.go b/pkg/reconciler/eventpolicy/controller.go
new file mode 100644
index 00000000000..58b66b06022
--- /dev/null
+++ b/pkg/reconciler/eventpolicy/controller.go
@@ -0,0 +1,47 @@
+/*
+Copyright 2024 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package eventpolicy
+
+import (
+	"context"
+
+	eventpolicyinformer "knative.dev/eventing/pkg/client/injection/informers/eventing/v1alpha1/eventpolicy"
+	eventpolicyreconciler "knative.dev/eventing/pkg/client/injection/reconciler/eventing/v1alpha1/eventpolicy"
+	"knative.dev/pkg/configmap"
+	"knative.dev/pkg/controller"
+	"knative.dev/pkg/resolver"
+)
+
+// NewController initializes the controller and is called by the generated code
+// Registers event handlers to enqueue events
+func NewController(
+	ctx context.Context,
+	cmw configmap.Watcher,
+) *controller.Impl {
+	// Access informers
+	eventPolicyInformer := eventpolicyinformer.Get(ctx)
+
+	r := &Reconciler{}
+	impl := eventpolicyreconciler.NewImpl(ctx, r)
+
+	r.authResolver = resolver.NewAuthenticatableResolverFromTracker(ctx, impl.Tracker)
+
+	// Set up event handlers
+	eventPolicyInformer.Informer().AddEventHandler(controller.HandleAll(impl.Enqueue))
+
+	return impl
+}
diff --git a/pkg/reconciler/eventpolicy/controller_test.go b/pkg/reconciler/eventpolicy/controller_test.go
new file mode 100644
index 00000000000..2ddea353dc3
--- /dev/null
+++ b/pkg/reconciler/eventpolicy/controller_test.go
@@ -0,0 +1,39 @@
+/*
+Copyright 2024 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package eventpolicy
+
+import (
+	"testing"
+
+	"knative.dev/pkg/configmap"
+
+	. "knative.dev/pkg/reconciler/testing"
+
+	// Fake injection informers
+	_ "knative.dev/eventing/pkg/client/injection/informers/eventing/v1alpha1/eventpolicy/fake"
+	_ "knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/fake"
+)
+
+func TestNew(t *testing.T) {
+	ctx, _ := SetupFakeContext(t)
+
+	c := NewController(ctx, configmap.NewStaticWatcher())
+
+	if c == nil {
+		t.Fatal("Expected NewController to return a non-nil value")
+	}
+}
diff --git a/pkg/reconciler/eventpolicy/eventpolicy.go b/pkg/reconciler/eventpolicy/eventpolicy.go
new file mode 100644
index 00000000000..959181e1943
--- /dev/null
+++ b/pkg/reconciler/eventpolicy/eventpolicy.go
@@ -0,0 +1,55 @@
+/*
+Copyright 2024 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package eventpolicy
+
+import (
+	"context"
+	"fmt"
+
+	"knative.dev/eventing/pkg/apis/eventing/v1alpha1"
+	"knative.dev/eventing/pkg/apis/feature"
+	"knative.dev/eventing/pkg/auth"
+	pkgreconciler "knative.dev/pkg/reconciler"
+	"knative.dev/pkg/resolver"
+)
+
+type Reconciler struct {
+	authResolver *resolver.AuthenticatableResolver
+}
+
+// ReconcileKind implements Interface.ReconcileKind.
+// 1. Verify the Reference exists.
+func (r *Reconciler) ReconcileKind(ctx context.Context, ep *v1alpha1.EventPolicy) pkgreconciler.Event {
+	featureFlags := feature.FromContext(ctx)
+	if featureFlags.IsOIDCAuthentication() {
+		ep.Status.MarkOIDCAuthenticationEnabled()
+	} else {
+		ep.Status.MarkOIDCAuthenticationDisabled("OIDCAuthenticationDisabled", "")
+		return nil
+	}
+	// We reconcile the status of the EventPolicy
+	// by looking at all .spec.from[].refs have subjects
+	// and accordingly set the eventpolicy status
+	subjects, err := auth.ResolveSubjects(r.authResolver, ep)
+	if err != nil {
+		ep.Status.MarkSubjectsResolvedFailed("SubjectsNotResolved", err.Error())
+		return fmt.Errorf("failed to resolve .spec.from[].ref: %w", err)
+	}
+	ep.Status.MarkSubjectsResolvedSucceeded()
+	ep.Status.From = subjects
+	return nil
+}
diff --git a/pkg/reconciler/eventpolicy/eventpolicy_test.go b/pkg/reconciler/eventpolicy/eventpolicy_test.go
new file mode 100644
index 00000000000..dcc7ab0ec44
--- /dev/null
+++ b/pkg/reconciler/eventpolicy/eventpolicy_test.go
@@ -0,0 +1,239 @@
+/*
+Copyright 2024 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package eventpolicy
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
+	clientgotesting "k8s.io/client-go/testing"
+	"knative.dev/eventing/pkg/apis/feature"
+	sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1"
+	fakeeventingclient "knative.dev/eventing/pkg/client/injection/client/fake"
+	"knative.dev/eventing/pkg/client/injection/reconciler/eventing/v1alpha1/eventpolicy"
+	. "knative.dev/eventing/pkg/reconciler/testing/v1"
+	duckv1authstatus "knative.dev/pkg/client/injection/ducks/duck/v1/authstatus"
+	"knative.dev/pkg/configmap"
+	"knative.dev/pkg/controller"
+	logtesting "knative.dev/pkg/logging/testing"
+	. "knative.dev/pkg/reconciler/testing"
+	"knative.dev/pkg/resolver"
+	"knative.dev/pkg/tracker"
+)
+
+const (
+	testNS              = "test-namespace"
+	eventPolicyName     = "test-eventpolicy"
+	pingSourceName      = "test-pingsource"
+	apiServerSourceName = "test-apiserversource"
+	serviceAccountname  = "test-sa"
+)
+
+var (
+	pingSourceWithServiceAccount      = NewPingSource(pingSourceName, testNS, WithPingSourceOIDCServiceAccountName(serviceAccountname))
+	apiServerSourceWithServiceAccount = NewApiServerSource(apiServerSourceName, testNS, WithApiServerSourceOIDCServiceAccountName((serviceAccountname)))
+	pingSourceGVK                     = v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("PingSource"))
+	apiServerSourceGVK                = v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("APIServerSource"))
+	SubjectsNotResolvedErrorMessage   = fmt.Sprintf("could not resolve subjects from reference: could not resolve auth status: failed to get authenticatable %s/%s: failed to get object %s/%s: pingsources.sources.knative.dev \"%s\" not found", testNS, pingSourceName, testNS, pingSourceName, pingSourceName)
+	SubjectsNotResolvedEventMessage   = fmt.Sprintf("Warning InternalError failed to resolve .spec.from[].ref: could not resolve subjects from reference: could not resolve auth status: failed to get authenticatable %s/%s: failed to get object %s/%s: pingsources.sources.knative.dev \"%s\" not found", testNS, pingSourceName, testNS, pingSourceName, pingSourceName)
+)
+
+func TestReconcile(t *testing.T) {
+	table := TableTest{
+		{
+			Name: "bad workqueue key",
+			// Make sure Reconcile handles bad keys.
+			Key: "too/many/parts",
+		},
+		// test cases for authentication-oidc feature disabled
+		{
+			Name: "with oidc disabled, status set to NotReady",
+			Ctx: feature.ToContext(context.TODO(), feature.Flags{
+				feature.OIDCAuthentication: feature.Disabled,
+			}),
+			Key: testNS + "/" + eventPolicyName,
+			Objects: []runtime.Object{
+				NewEventPolicy(eventPolicyName, testNS,
+					WithInitEventPolicyConditions,
+					WithEventPolicyFrom(pingSourceGVK, pingSourceName, testNS),
+				),
+			},
+			WantStatusUpdates: []clientgotesting.UpdateActionImpl{
+				{
+					Object: NewEventPolicy(eventPolicyName, testNS,
+						WithEventPolicyFrom(pingSourceGVK, pingSourceName, testNS),
+						WithEventPolicyAuthenticationDisabledCondition,
+						WithUnreadyEventPolicyCondition("OIDCAuthenticationDisabled", ""),
+						WithEventPolicySubjectsResolvedUnknown,
+					),
+				},
+			},
+			WantErr: false,
+		},
+
+		// test cases for authentication-oidc feature enabled
+		{
+			Name: "subject not found, status set to NotReady",
+			Ctx: feature.ToContext(context.TODO(), feature.Flags{
+				feature.OIDCAuthentication: feature.Enabled,
+			}),
+			Key: testNS + "/" + eventPolicyName,
+			Objects: []runtime.Object{
+				NewEventPolicy(eventPolicyName, testNS,
+					WithInitEventPolicyConditions,
+					WithEventPolicyFrom(pingSourceGVK, pingSourceName, testNS),
+				),
+			},
+			WantStatusUpdates: []clientgotesting.UpdateActionImpl{
+				{
+					Object: NewEventPolicy(eventPolicyName, testNS,
+						WithEventPolicyFrom(pingSourceGVK, pingSourceName, testNS),
+						WithEventPolicyAuthenticationEnabledCondition,
+						WithUnreadyEventPolicyCondition("SubjectsNotResolved", SubjectsNotResolvedErrorMessage),
+						WithEventPolicySubjectsResolvedFailed("SubjectsNotResolved", SubjectsNotResolvedErrorMessage),
+					),
+				},
+			},
+			WantEvents: []string{SubjectsNotResolvedEventMessage},
+			WantErr:    true,
+		},
+		{
+			Name: "subject found for pingsource, status set to Ready",
+			Ctx: feature.ToContext(context.TODO(), feature.Flags{
+				feature.OIDCAuthentication: feature.Enabled,
+			}),
+			Key: testNS + "/" + eventPolicyName,
+			Objects: []runtime.Object{
+				pingSourceWithServiceAccount,
+				NewEventPolicy(eventPolicyName, testNS,
+					WithInitEventPolicyConditions,
+					WithEventPolicyFrom(pingSourceGVK, pingSourceName, testNS)),
+			},
+			WantStatusUpdates: []clientgotesting.UpdateActionImpl{
+				{
+					Object: NewEventPolicy(eventPolicyName, testNS,
+						WithEventPolicyFrom(pingSourceGVK, pingSourceName, testNS),
+						WithEventPolicyStatusFromSub([]string{fmt.Sprintf("system:serviceaccount:%s:%s", testNS, serviceAccountname)}),
+						WithEventPolicyAuthenticationEnabledCondition,
+						WithReadyEventPolicyCondition,
+						WithEventPolicySubjectsResolvedSucceeded,
+					),
+				},
+			},
+			WantErr: false,
+		},
+		{
+			Name: "subject found for apiserversource, status set to Ready",
+			Ctx: feature.ToContext(context.TODO(), feature.Flags{
+				feature.OIDCAuthentication: feature.Enabled,
+			}),
+			Key: testNS + "/" + eventPolicyName,
+			Objects: []runtime.Object{
+				apiServerSourceWithServiceAccount,
+				NewEventPolicy(eventPolicyName, testNS,
+					WithInitEventPolicyConditions, WithEventPolicyFrom(apiServerSourceGVK, apiServerSourceName, testNS)),
+			},
+			WantStatusUpdates: []clientgotesting.UpdateActionImpl{
+				{
+					Object: NewEventPolicy(eventPolicyName, testNS,
+						WithEventPolicyFrom(apiServerSourceGVK, apiServerSourceName, testNS),
+						WithEventPolicyStatusFromSub([]string{fmt.Sprintf("system:serviceaccount:%s:%s", testNS, serviceAccountname)}),
+						WithEventPolicyAuthenticationEnabledCondition,
+						WithReadyEventPolicyCondition,
+						WithEventPolicySubjectsResolvedSucceeded,
+					),
+				},
+			},
+			WantErr: false,
+		},
+		{
+			Name: "Multiple subjects found, status set to Ready",
+			Ctx: feature.ToContext(context.TODO(), feature.Flags{
+				feature.OIDCAuthentication: feature.Enabled,
+			}),
+			Key: testNS + "/" + eventPolicyName,
+			Objects: []runtime.Object{
+				apiServerSourceWithServiceAccount,
+				pingSourceWithServiceAccount,
+				NewEventPolicy(eventPolicyName, testNS,
+					WithInitEventPolicyConditions,
+					WithEventPolicyFrom(pingSourceGVK, pingSourceName, testNS),
+					WithEventPolicyFrom(apiServerSourceGVK, apiServerSourceName, testNS)),
+			},
+			WantStatusUpdates: []clientgotesting.UpdateActionImpl{
+				{
+					Object: NewEventPolicy(eventPolicyName, testNS,
+						WithEventPolicyFrom(pingSourceGVK, pingSourceName, testNS),
+						WithEventPolicyFrom(apiServerSourceGVK, apiServerSourceName, testNS),
+						WithEventPolicyStatusFromSub([]string{
+							fmt.Sprintf("system:serviceaccount:%s:%s", testNS, serviceAccountname),
+							fmt.Sprintf("system:serviceaccount:%s:%s", testNS, serviceAccountname),
+						}),
+						WithEventPolicyAuthenticationEnabledCondition,
+						WithReadyEventPolicyCondition,
+						WithEventPolicySubjectsResolvedSucceeded,
+					),
+				},
+			},
+			WantErr: false,
+		},
+
+		// test cases for authentication-oidc feature disabled afterwards
+		{
+			Name: "Ready status EventPolicy updated to NotReady",
+			Ctx: feature.ToContext(context.TODO(), feature.Flags{
+				feature.OIDCAuthentication: feature.Disabled,
+			}),
+			Key: testNS + "/" + eventPolicyName,
+			Objects: []runtime.Object{
+				pingSourceWithServiceAccount,
+				NewEventPolicy(eventPolicyName, testNS,
+					WithReadyEventPolicyCondition,
+					WithEventPolicyAuthenticationEnabledCondition,
+					WithEventPolicySubjectsResolvedSucceeded,
+					WithEventPolicyFrom(pingSourceGVK, pingSourceName, testNS)),
+			},
+			WantStatusUpdates: []clientgotesting.UpdateActionImpl{
+				{
+					Object: NewEventPolicy(eventPolicyName, testNS,
+						WithEventPolicyFrom(pingSourceGVK, pingSourceName, testNS),
+						WithEventPolicyAuthenticationDisabledCondition,
+						WithUnreadyEventPolicyCondition("OIDCAuthenticationDisabled", ""),
+						WithEventPolicySubjectsResolvedSucceeded,
+					),
+				},
+			},
+			WantErr: false,
+		},
+	}
+	logger := logtesting.TestLogger(t)
+	table.Test(t, MakeFactory(func(ctx context.Context, listers *Listers, cmw configmap.Watcher) controller.Reconciler {
+		ctx = duckv1authstatus.WithDuck(ctx)
+		r := &Reconciler{
+			authResolver: resolver.NewAuthenticatableResolverFromTracker(ctx, tracker.New(func(types.NamespacedName) {}, 0))}
+		return eventpolicy.NewReconciler(ctx, logger,
+			fakeeventingclient.Get(ctx), listers.GetEventPolicyLister(),
+			controller.GetEventRecorder(ctx), r)
+	},
+		false,
+		logger,
+	))
+}
diff --git a/pkg/reconciler/inmemorychannel/controller/inmemorychannel_test.go b/pkg/reconciler/inmemorychannel/controller/inmemorychannel_test.go
index f9f859444ba..79e5fa0e012 100644
--- a/pkg/reconciler/inmemorychannel/controller/inmemorychannel_test.go
+++ b/pkg/reconciler/inmemorychannel/controller/inmemorychannel_test.go
@@ -697,7 +697,7 @@ func TestAllCases(t *testing.T) {
 				),
 				makeChannelService(NewInMemoryChannel(imcName, testNS)),
 				NewEventPolicy(unreadyEventPolicyName, testNS,
-					WithUnreadyEventPolicyCondition,
+					WithUnreadyEventPolicyCondition("", ""),
 					WithEventPolicyToRef(imcV1GVK, imcName),
 				),
 			},
@@ -735,7 +735,7 @@ func TestAllCases(t *testing.T) {
 					WithEventPolicyToRef(imcV1GVK, imcName),
 				),
 				NewEventPolicy(unreadyEventPolicyName, testNS,
-					WithUnreadyEventPolicyCondition,
+					WithUnreadyEventPolicyCondition("", ""),
 					WithEventPolicyToRef(imcV1GVK, imcName),
 				),
 			},
diff --git a/pkg/reconciler/testing/v1/eventpolicy.go b/pkg/reconciler/testing/v1/eventpolicy.go
index 0d2934ac6ce..442fd397483 100644
--- a/pkg/reconciler/testing/v1/eventpolicy.go
+++ b/pkg/reconciler/testing/v1/eventpolicy.go
@@ -44,25 +44,72 @@ func NewEventPolicy(name, namespace string, o ...EventPolicyOption) *v1alpha1.Ev
 	return ep
 }
 
-func WithInitEventPolicyConditions(et *v1alpha1.EventPolicy) {
-	et.Status.InitializeConditions()
+func WithInitEventPolicyConditions(ep *v1alpha1.EventPolicy) {
+	ep.Status.InitializeConditions()
 }
 
-func WithReadyEventPolicyCondition(ep *v1alpha1.EventPolicy) {
-	ep.Status.Conditions = []apis.Condition{
-		{
-			Type:   v1alpha1.EventPolicyConditionReady,
+func WithEventPolicyAuthenticationEnabledCondition(ep *v1alpha1.EventPolicy) {
+	ep.Status.Conditions = append(ep.Status.Conditions,
+		apis.Condition{
+			Type:   v1alpha1.EventPolicyConditionAuthenticationEnabled,
 			Status: corev1.ConditionTrue,
-		},
+		})
+}
+
+func WithEventPolicyAuthenticationDisabledCondition(ep *v1alpha1.EventPolicy) {
+	ep.Status.Conditions = append(ep.Status.Conditions,
+		apis.Condition{
+			Type:   v1alpha1.EventPolicyConditionAuthenticationEnabled,
+			Status: corev1.ConditionFalse,
+			Reason: "OIDCAuthenticationDisabled",
+		})
+}
+
+func WithEventPolicySubjectsResolvedSucceeded(ep *v1alpha1.EventPolicy) {
+	ep.Status.Conditions = append(ep.Status.Conditions,
+		apis.Condition{
+			Type:   v1alpha1.EventPolicyConditionSubjectsResolved,
+			Status: corev1.ConditionTrue,
+		})
+}
+
+func WithEventPolicySubjectsResolvedFailed(reason, message string) EventPolicyOption {
+	return func(ep *v1alpha1.EventPolicy) {
+		ep.Status.Conditions = append(ep.Status.Conditions,
+			apis.Condition{
+				Type:    v1alpha1.EventPolicyConditionSubjectsResolved,
+				Status:  corev1.ConditionFalse,
+				Reason:  reason,
+				Message: message,
+			})
 	}
 }
 
-func WithUnreadyEventPolicyCondition(ep *v1alpha1.EventPolicy) {
-	ep.Status.Conditions = []apis.Condition{
-		{
+func WithEventPolicySubjectsResolvedUnknown(ep *v1alpha1.EventPolicy) {
+	ep.Status.Conditions = append(ep.Status.Conditions,
+		apis.Condition{
+			Type:   v1alpha1.EventPolicyConditionSubjectsResolved,
+			Status: corev1.ConditionUnknown,
+		})
+}
+
+func WithReadyEventPolicyCondition(ep *v1alpha1.EventPolicy) {
+	ep.Status.Conditions = append(ep.Status.Conditions,
+		apis.Condition{
 			Type:   v1alpha1.EventPolicyConditionReady,
-			Status: corev1.ConditionFalse,
-		},
+			Status: corev1.ConditionTrue,
+		})
+}
+
+func WithUnreadyEventPolicyCondition(reason, message string) EventPolicyOption {
+	return func(ep *v1alpha1.EventPolicy) {
+		ep.Status.Conditions = append(ep.Status.Conditions,
+			apis.Condition{
+				Type:    v1alpha1.EventPolicyConditionReady,
+				Status:  corev1.ConditionFalse,
+				Reason:  reason,
+				Message: message,
+			})
 	}
 }
 
@@ -102,3 +149,9 @@ func WithEventPolicyOwnerReferences(ownerRefs ...metav1.OwnerReference) EventPol
 		ep.ObjectMeta.OwnerReferences = append(ep.ObjectMeta.OwnerReferences, ownerRefs...)
 	}
 }
+
+func WithEventPolicyStatusFromSub(subs []string) EventPolicyOption {
+	return func(ep *v1alpha1.EventPolicy) {
+		ep.Status.From = append(ep.Status.From, subs...)
+	}
+}
diff --git a/vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/fake/fake.go b/vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/fake/fake.go
new file mode 100644
index 00000000000..47111b089b7
--- /dev/null
+++ b/vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/fake/fake.go
@@ -0,0 +1,30 @@
+/*
+Copyright 2022 The Knative Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by injection-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	authstatus "knative.dev/pkg/client/injection/ducks/duck/v1/authstatus"
+	injection "knative.dev/pkg/injection"
+)
+
+var Get = authstatus.Get
+
+func init() {
+	injection.Fake.RegisterDuck(authstatus.WithDuck)
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index a0c170ce403..07b2b0163a6 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1081,6 +1081,7 @@ knative.dev/pkg/client/injection/apiextensions/reconciler/apiextensions/v1/custo
 knative.dev/pkg/client/injection/ducks/duck/v1/addressable
 knative.dev/pkg/client/injection/ducks/duck/v1/addressable/fake
 knative.dev/pkg/client/injection/ducks/duck/v1/authstatus
+knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/fake
 knative.dev/pkg/client/injection/ducks/duck/v1/conditions
 knative.dev/pkg/client/injection/ducks/duck/v1/conditions/fake
 knative.dev/pkg/client/injection/ducks/duck/v1/kresource