mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-15 20:20:22 +00:00
Code Activity

fix: critical docker vulnerability in release 1.11 (#10762)

Browse source 
* fix: critical docker vulnerability in release 1.11

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: update scaffolding version

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: notary tests

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
This commit is contained in:
Vishal Choudhary 2024-08-01 15:42:39 +05:30 committed by GitHub
parent 0a51e10130
commit 4816b7cad8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 10 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
.github/workflows/conformance.yaml vendored
View file

@ -513,10 +513,6 @@ jobs:
- standard - standard
- custom-sigstore - custom-sigstore
k8s-version: k8s-version:
- name: v1.25
version: v1.25.x
- name: v1.26
version: v1.26.x
- name: v1.27 - name: v1.27
version: v1.27.x version: v1.27.x
- name: v1.28 - name: v1.28
@ -534,11 +530,11 @@ jobs:
with: with:
build-cache-key: run-conformance build-cache-key: run-conformance
- name: Create kind cluster and setup Sigstore Scaffolding - name: Create kind cluster and setup Sigstore Scaffolding
uses: sigstore/scaffolding/actions/setup@d120ad89e1f5c9d4a0bbd92959c6874be2a2131d uses: sigstore/scaffolding/actions/setup@634364a897dff805b1a26ab18abaefe379616785
with: with:
version: 'v0.6.8' version: main
k8s-version: ${{ matrix.k8s-version.version }} k8s-version: ${{ matrix.k8s-version.version }}
knative-version: '1.10.0' knative-version: "1.10.0"
- name: Create TUF values config map - name: Create TUF values config map
run: | run: |
kubectl create namespace kyverno kubectl create namespace kyverno
@ -740,4 +736,4 @@ jobs:
- check-tests - check-tests
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- run: echo "Required jobs success!" - run: echo "Required jobs success!"

2
go.mod
View file

@ -187,7 +187,7 @@ require (
github.com/djherbis/times v1.5.0 // indirect github.com/djherbis/times v1.5.0 // indirect
github.com/docker/cli v24.0.7+incompatible // indirect github.com/docker/cli v24.0.7+incompatible // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect
github.com/docker/docker v24.0.7+incompatible // indirect github.com/docker/docker v26.1.4+incompatible // indirect
github.com/docker/docker-credential-helpers v0.8.1 // indirect github.com/docker/docker-credential-helpers v0.8.1 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect github.com/dustin/go-humanize v1.0.1 // indirect
github.com/ebitengine/purego v0.6.0-alpha // indirect github.com/ebitengine/purego v0.6.0-alpha // indirect

4
go.sum
View file

@ -436,8 +436,8 @@ github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1x
github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM= github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU=
github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo= github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=
github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=

2
pkg/notary/notary_test.go
View file

@ -35,7 +35,7 @@ uOKpF5rWAruB5PCIrquamOejpXV9aQA/K2JQDuc0mcKz
) )
func TestExtractStatements(t *testing.T) { func TestExtractStatements(t *testing.T) {
imageRef := "jimnotarytest.azurecr.io/jim/net-monitor:v1" imageRef := "ghcr.io/kyverno/test-verify-image:signed"
ref, err := name.ParseReference(imageRef) ref, err := name.ParseReference(imageRef)
assert.NilError(t, err) assert.NilError(t, err)
repoDesc, err := remote.Head(ref) repoDesc, err := remote.Head(ref)

5
pkg/notary/repository_test.go
View file

@ -12,7 +12,7 @@ import (
) )
var ( var (
imageRef = "jimnotarytest.azurecr.io/jim/net-monitor:v1" imageRef = "ghcr.io/kyverno/test-verify-image:signed"
ctx = context.Background() ctx = context.Background()
) )
@ -29,7 +29,7 @@ func TestResolve(t *testing.T) {
desc, err := repositoryClient.Resolve(ctx, repoDesc.Digest.String()) desc, err := repositoryClient.Resolve(ctx, repoDesc.Digest.String())
assert.NilError(t, err) assert.NilError(t, err)
assert.Equal(t, desc.Digest.String(), "sha256:ba7000206594c2d72c3ab550453004c0dc50961157e5ebd2fb8ea1890099d02d") assert.Equal(t, desc.Digest.String(), "sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105")
assert.Equal(t, desc.MediaType, "application/vnd.docker.distribution.manifest.v2+json") assert.Equal(t, desc.MediaType, "application/vnd.docker.distribution.manifest.v2+json")
} }
@ -78,7 +78,6 @@ func TestFetchSignatureBlob(t *testing.T) {
_, desc, err := repositoryClient.FetchSignatureBlob(ctx, v1ToOciSpecDescriptor(d)) _, desc, err := repositoryClient.FetchSignatureBlob(ctx, v1ToOciSpecDescriptor(d))
assert.NilError(t, err) assert.NilError(t, err)
assert.Equal(t, desc.MediaType, "application/jose+json") assert.Equal(t, desc.MediaType, "application/jose+json")
assert.Equal(t, desc.Digest.String(), "sha256:746134b09f89451497668c598857d87ca660bb3d0b888832235c460d8d2697f3")
} }
} }
} }