upgrade to latest dependencies (#1751)

bumping knative.dev/eventing 0fe923c...0fe923c: bumping knative.dev/serving 6e597fa...d108ba9: > d108ba9 Allow setting seccompProfile to enable using restricted security profile (# 13401) > 388128b Run queue proxy with restricted profile (# 13376) Signed-off-by: Knative Automation <automation@knative.team> Signed-off-by: Knative Automation <automation@knative.team>
2022-10-18 19:57:11 +01:00 · 2022-10-18 19:57:11 +01:00 · 288cf1f495
parent 16f26ba1e4
commit 288cf1f495
4 changed files with 13 additions and 8 deletions
--- a/go.mod
+++ b/go.mod
@ -20,11 +20,11 @@ require (
 	k8s.io/cli-runtime v0.25.2
 	k8s.io/client-go v0.25.2
 	k8s.io/code-generator v0.25.2
-	knative.dev/eventing v0.34.1-0.20221018032010-0fe923cd8a5b
+	knative.dev/eventing v0.35.0
 	knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a
 	knative.dev/networking v0.0.0-20221012062251-58f3e6239b4f
 	knative.dev/pkg v0.0.0-20221011175852-714b7630a836
-	knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73
+	knative.dev/serving v0.34.1-0.20221018131616-d108ba9b28c0
 	sigs.k8s.io/yaml v1.3.0
 )

--- a/go.sum
+++ b/go.sum
@ -1089,16 +1089,16 @@ k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkI
 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
 k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-knative.dev/eventing v0.34.1-0.20221018032010-0fe923cd8a5b h1:fgr/yRUg7nHSP0GM4eVO9eRDNV129SrSL3NfPojL6KE=
-knative.dev/eventing v0.34.1-0.20221018032010-0fe923cd8a5b/go.mod h1:MEqB5frQ5jQ2/A+WHpDU2VNLXum+4o7TiMhTdCvji9w=
+knative.dev/eventing v0.35.0 h1:0sn4Fc0OajdEf4s+0SucwzAIGvO3LZA/BZHsSwfjHes=
+knative.dev/eventing v0.35.0/go.mod h1:MEqB5frQ5jQ2/A+WHpDU2VNLXum+4o7TiMhTdCvji9w=
 knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a h1:yfq1OMrkyYkxDeM0pmAOeN4YF16R/WG0C+VvLBeq4uc=
 knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
 knative.dev/networking v0.0.0-20221012062251-58f3e6239b4f h1:e/08+ofUjGjSYV2Usvb22IbkX4MjoiywbRtnXUK3FQY=
 knative.dev/networking v0.0.0-20221012062251-58f3e6239b4f/go.mod h1:GciicKYf4aWE138pT2ZKkZ/E10rd0Kt4ziX52A/HnVY=
 knative.dev/pkg v0.0.0-20221011175852-714b7630a836 h1:0N7Zo/O+xeUUebJPm9keBaGclrUoEbljr3J1MsqtaIM=
 knative.dev/pkg v0.0.0-20221011175852-714b7630a836/go.mod h1:DMTRDJ5WRxf/DrlOPzohzfhSuJggscLZ8EavOq9O/x8=
-knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73 h1:8Z/YcMlmtXaIoB1Z7eG2Ek/WzN+742byNCHY7ygrVMI=
-knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73/go.mod h1:eKvzlUmOFunHbVqkP5kmrNKSsjpo9TrYjWk/TK/4eGA=
+knative.dev/serving v0.34.1-0.20221018131616-d108ba9b28c0 h1:vLJuyV7sOMlUHnxbs+OOJr6MI5xEBwvWOPHm7AGzpAs=
+knative.dev/serving v0.34.1-0.20221018131616-d108ba9b28c0/go.mod h1:eKvzlUmOFunHbVqkP5kmrNKSsjpo9TrYjWk/TK/4eGA=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
--- a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
+++ b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
@ -600,12 +600,14 @@ func PodSecurityContextMask(ctx context.Context, in *corev1.PodSecurityContext)
 	out.RunAsNonRoot = in.RunAsNonRoot
 	out.FSGroup = in.FSGroup
 	out.SupplementalGroups = in.SupplementalGroups
+	out.SeccompProfile = in.SeccompProfile

 	// Disallowed
 	// This list is unnecessary, but added here for clarity
 	out.SELinuxOptions = nil
 	out.WindowsOptions = nil
 	out.Sysctls = nil
+	out.FSGroupChangePolicy = nil

 	return out
 }
@ -631,6 +633,9 @@ func SecurityContextMask(ctx context.Context, in *corev1.SecurityContext) *corev
 	// AllowPrivilegeEscalation when unset can behave the same way as true
 	// We do want the ability for folks to set this value to false
 	out.AllowPrivilegeEscalation = in.AllowPrivilegeEscalation
+	// SeccompProfile defaults to "unconstrained", but the safe values are
+	// "RuntimeDefault" or "Localhost" (with localhost path set)
+	out.SeccompProfile = in.SeccompProfile

 	// Disallowed
 	// This list is unnecessary, but added here for clarity
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -917,7 +917,7 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/eventing v0.34.1-0.20221018032010-0fe923cd8a5b
+# knative.dev/eventing v0.35.0
 ## explicit; go 1.18
 knative.dev/eventing/pkg/apis/config
 knative.dev/eventing/pkg/apis/duck
@ -1013,7 +1013,7 @@ knative.dev/pkg/tracing/config
 knative.dev/pkg/tracing/propagation
 knative.dev/pkg/tracing/propagation/tracecontextb3
 knative.dev/pkg/tracker
-# knative.dev/serving v0.34.1-0.20221017223110-6e597fa7fd73
+# knative.dev/serving v0.34.1-0.20221018131616-d108ba9b28c0
 ## explicit; go 1.18
 knative.dev/serving/pkg/apis/autoscaling
 knative.dev/serving/pkg/apis/autoscaling/v1alpha1