[main] Upgrade to latest dependencies (#6860)

Cron -knative-prow-robot /cc knative/eventing-writers /assign knative/eventing-writers Produced by: knative-sandbox/knobots/actions/update-deps Signed-off-by: Knative Automation <automation@knative.team>
2023-04-17 01:21:54 -04:00 · 2023-04-17 01:21:54 -04:00 · d7fe38f04b
parent a5b4810a24
commit d7fe38f04b
8 changed files with 45 additions and 18 deletions
--- a/go.mod
+++ b/go.mod
@ -44,10 +44,10 @@ require (
 	k8s.io/apiserver v0.25.4
 	k8s.io/client-go v0.25.4
 	k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2
-	knative.dev/hack v0.0.0-20230410142639-359d58534ae2
-	knative.dev/hack/schema v0.0.0-20230410142639-359d58534ae2
-	knative.dev/pkg v0.0.0-20230410174046-15cf17d95395
-	knative.dev/reconciler-test v0.0.0-20230406171220-089a08c99e58
+	knative.dev/hack v0.0.0-20230412013450-4b3f2300c1ad
+	knative.dev/hack/schema v0.0.0-20230412013450-4b3f2300c1ad
+	knative.dev/pkg v0.0.0-20230414154551-53f04b373cc9
+	knative.dev/reconciler-test v0.0.0-20230413132853-06956b6259d6
 	sigs.k8s.io/yaml v1.3.0
 )

--- a/go.sum
+++ b/go.sum
@ -1043,14 +1043,14 @@ k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkI
 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
 k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2 h1:GfD9OzL11kvZN5iArC6oTS7RTj7oJOIfnislxYlqTj8=
 k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/hack v0.0.0-20230410142639-359d58534ae2 h1:d93HFlQO+xMbBqNYb50cGTc/o3C1BPgff0F6mx4Gog4=
-knative.dev/hack v0.0.0-20230410142639-359d58534ae2/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
-knative.dev/hack/schema v0.0.0-20230410142639-359d58534ae2 h1:vs2Irud8XNYpD3oiPw79hmVlGZ4UjecrJF1mroyQ/BQ=
-knative.dev/hack/schema v0.0.0-20230410142639-359d58534ae2/go.mod h1:GeIb+PLd5mllawcpHEGF5J5fYTQrvgEO5liao8lUKUs=
-knative.dev/pkg v0.0.0-20230410174046-15cf17d95395 h1:KfGHpYfw89mjQiJ3TZJYMndhAWHkXAHQj3QnLcGQaDw=
-knative.dev/pkg v0.0.0-20230410174046-15cf17d95395/go.mod h1:EQk8+qkZ8fMtrDYOOb9e9xMQG29N+L54iXBCfNXRm90=
-knative.dev/reconciler-test v0.0.0-20230406171220-089a08c99e58 h1:177/xCM7uscmp5TFyAuUayEej212AEZczCs8b5XRhj8=
-knative.dev/reconciler-test v0.0.0-20230406171220-089a08c99e58/go.mod h1:dHRIj3Mpj8Eyn7+uml6h2J8Z0T23IXBDhjpMeyo2+zA=
+knative.dev/hack v0.0.0-20230412013450-4b3f2300c1ad h1:+5MpC265m9pjmJl+popG9XO9G1l+Rq1py9ldqBHwA68=
+knative.dev/hack v0.0.0-20230412013450-4b3f2300c1ad/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
+knative.dev/hack/schema v0.0.0-20230412013450-4b3f2300c1ad h1:JIdK1dE/ye8coo+dGv/v1Jtvt8rvDeoiaXmOSfTC4PE=
+knative.dev/hack/schema v0.0.0-20230412013450-4b3f2300c1ad/go.mod h1:GeIb+PLd5mllawcpHEGF5J5fYTQrvgEO5liao8lUKUs=
+knative.dev/pkg v0.0.0-20230414154551-53f04b373cc9 h1:ZozlfXh+jwr+KE/C60thPDOdAVQ3MNRfdsFHbajHIRk=
+knative.dev/pkg v0.0.0-20230414154551-53f04b373cc9/go.mod h1:Xa/jM3LpUnfQabS0kKR9sMTaDn4absCVvwkdNlwRwHc=
+knative.dev/reconciler-test v0.0.0-20230413132853-06956b6259d6 h1:zUBZkr9kTSzYBasHZw2WnMcBJy5COZS5Xau9ThmByFo=
+knative.dev/reconciler-test v0.0.0-20230413132853-06956b6259d6/go.mod h1:JwK7KUivj9TX7gJ6SAFfNxhmAfYc45kyASeRT8OG+pM=
 pgregory.net/rapid v0.3.3 h1:jCjBsY4ln4Atz78QoBWxUEvAHaFyNDQg9+WU62aCn1U=
 pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
--- a/vendor/k8s.io/code-generator/generate-groups.sh
+++ b/vendor/k8s.io/code-generator/generate-groups.sh
--- a/vendor/knative.dev/pkg/hack/generate-knative.sh
+++ b/vendor/knative.dev/pkg/hack/generate-knative.sh
--- a/vendor/knative.dev/pkg/metrics/opencensus_exporter.go
+++ b/vendor/knative.dev/pkg/metrics/opencensus_exporter.go
@ -99,7 +99,7 @@ func getCredentials(component string, secret *corev1.Secret, logger *zap.Sugared
 		return nil
 	}
 	return credentials.NewTLS(&tls.Config{
-		MinVersion: tls.VersionTLS12,
+		MinVersion: tls.VersionTLS13,
 		GetClientCertificate: func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
 			cert, err := tls.X509KeyPair(secret.Data["client-cert.pem"], secret.Data["client-key.pem"])
 			if err != nil {
--- a/vendor/knative.dev/pkg/webhook/env.go
+++ b/vendor/knative.dev/pkg/webhook/env.go
@ -17,6 +17,7 @@ limitations under the License.
 package webhook

 import (
+	"crypto/tls"
 	"fmt"
 	"os"
 	"strconv"
@ -29,6 +30,8 @@ const (
 	webhookNameEnvKey = "WEBHOOK_NAME"

 	secretNameEnvKey = "WEBHOOK_SECRET_NAME" //nolint:gosec // This is not a hardcoded credential
+
+	tlsMinVersionEnvKey = "WEBHOOK_TLS_MIN_VERSION"
 )

 // PortFromEnv returns the webhook port set by portEnvKey, or default port if env var is not set.
@ -66,3 +69,16 @@ func SecretNameFromEnv(defaultSecretName string) string {
 	}
 	return secret
 }
+
+func TLSMinVersionFromEnv(defaultTLSMinVersion uint16) uint16 {
+	switch tlsMinVersion := os.Getenv(tlsMinVersionEnvKey); tlsMinVersion {
+	case "1.2":
+		return tls.VersionTLS12
+	case "1.3":
+		return tls.VersionTLS13
+	case "":
+		return defaultTLSMinVersion
+	default:
+		panic(fmt.Sprintf("the environment variable %q has to be either '1.2' or '1.3'", tlsMinVersionEnvKey))
+	}
+}
--- a/vendor/knative.dev/pkg/webhook/webhook.go
+++ b/vendor/knative.dev/pkg/webhook/webhook.go
@ -40,6 +40,10 @@ import (

 // Options contains the configuration for the webhook
 type Options struct {
+	// TLSMinVersion contains the minimum TLS version that is acceptable to communicate with the API server.
+	// TLS 1.3 is the minimum version if not specified otherwise.
+	TLSMinVersion uint16
+
 	// ServiceName is the service name of the webhook.
 	ServiceName string

@ -119,6 +123,13 @@ func New(
 		opts.StatsReporter = reporter
 	}

+	defaultTLSMinVersion := uint16(tls.VersionTLS13)
+	if opts.TLSMinVersion == 0 {
+		opts.TLSMinVersion = TLSMinVersionFromEnv(defaultTLSMinVersion)
+	} else if opts.TLSMinVersion != tls.VersionTLS12 && opts.TLSMinVersion != tls.VersionTLS13 {
+		return nil, fmt.Errorf("unsupported TLS version: %d", opts.TLSMinVersion)
+	}
+
 	syncCtx, cancel := context.WithCancel(context.Background())

 	webhook = &Webhook{
@ -136,7 +147,7 @@ func New(
 		secretInformer := kubeinformerfactory.Get(ctx).Core().V1().Secrets()

 		webhook.tlsConfig = &tls.Config{
-			MinVersion: tls.VersionTLS12,
+			MinVersion: opts.TLSMinVersion,

 			// If we return (nil, error) the client sees - 'tls: internal error"
 			// If we return (nil, nil) the client sees - 'tls: no certificates configured'
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -1232,17 +1232,17 @@ k8s.io/utils/net
 k8s.io/utils/pointer
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/hack v0.0.0-20230410142639-359d58534ae2
+# knative.dev/hack v0.0.0-20230412013450-4b3f2300c1ad
 ## explicit; go 1.18
 knative.dev/hack
 knative.dev/hack/shell
-# knative.dev/hack/schema v0.0.0-20230410142639-359d58534ae2
+# knative.dev/hack/schema v0.0.0-20230412013450-4b3f2300c1ad
 ## explicit; go 1.18
 knative.dev/hack/schema/commands
 knative.dev/hack/schema/docs
 knative.dev/hack/schema/registry
 knative.dev/hack/schema/schema
-# knative.dev/pkg v0.0.0-20230410174046-15cf17d95395
+# knative.dev/pkg v0.0.0-20230414154551-53f04b373cc9
 ## explicit; go 1.18
 knative.dev/pkg/apiextensions/storageversion
 knative.dev/pkg/apiextensions/storageversion/cmd/migrate
@ -1377,7 +1377,7 @@ knative.dev/pkg/webhook/resourcesemantics
 knative.dev/pkg/webhook/resourcesemantics/conversion
 knative.dev/pkg/webhook/resourcesemantics/defaulting
 knative.dev/pkg/webhook/resourcesemantics/validation
-# knative.dev/reconciler-test v0.0.0-20230406171220-089a08c99e58
+# knative.dev/reconciler-test v0.0.0-20230413132853-06956b6259d6
 ## explicit; go 1.18
 knative.dev/reconciler-test/cmd/eventshub
 knative.dev/reconciler-test/pkg/environment